{"id":26211,"date":"2022-06-12T16:14:31","date_gmt":"2022-06-12T23:14:31","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=26211"},"modified":"2022-06-12T16:14:31","modified_gmt":"2022-06-12T23:14:31","slug":"sb-2022-06-11","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2022\/06\/sb-2022-06-11\/","title":{"rendered":"Security Bits with Bart Busschots \u2014 12 June 2022"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; An interesting (and slightly depressing) look at the DOJ&#8217;s change in official policy around the CFAA from the security researcher&#8217;s POV: <a href=\"https:\/\/krebsonsecurity.com\/2022\/06\/what-counts-as-good-faith-security-research\/\">What Counts as \u201cGood Faith Security Research?\u201d \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>Social Media Developments\n<ul>\n<li>Instagram brings <em>Amber Alerts<\/em> to 25 countries, including the US, Canada, Australia, New Zealand, the UK, and much of Europe \u2014 <a href=\"https:\/\/www.imore.com\/instagram-adds-support-amber-alerts-help-locate-missing-kids\">www.imore.com\/\u2026<\/a>\n<ul>\n<li>Argentina, Australia, Belgium, Bulgaria, Canada, Ecuador, Greece, Guatemala, Ireland, Jamaica, Korea, Lithuania, Luxembourg, Malaysia, Malta, Mexico, the Netherlands, New Zealand, Romania, South Africa, Taiwan, Ukraine, the UK, the United Arab Emirates and the US<\/li>\n<\/ul>\n<\/li>\n<li>Instagram is making its <em>Sensitive Content Controls<\/em> available in more parts of their interface (currently only on the <em>Explore<\/em> tab) \u2014 <a href=\"https:\/\/www.imore.com\/instagrams-sensitive-content-controls-break-free-explore-tab-help-more-people\">www.imore.com\/\u2026<\/a><br \/>\n> &#8220;\u2026 the protections will soon apply to search, Reels, hashtag pages, &#8216;accounts you might follow&#8217; and suggested posts that appear in users&#8217; main feeds.&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Windows users beware, the <em>Follina<\/em> zero-day is being actively exploited, and there&#8217;s no patch yet \u2014 for now, disable the <code>ms-msdt:\/\/<\/code> url scheme \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/05\/31\/mysterious-follina-zero-day-hole-in-office-what-to-do\/\">nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li>Microsoft&#8217;s official guidance \u2014 <a href=\"https:\/\/msrc-blog.microsoft.com\/2022\/05\/30\/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability\/\">msrc-blog.microsoft.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> experimenting with other non-standard URL schemes in Windows, a security researcher found a way to use <code>search-ms:\/\/<\/code> URLs to pop up a window showing a file listing on a remote server which could be helpful as part of a social engineering attack \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/06\/02\/yet-another-zero-day-sort-of-in-windows-search-url-handling\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>The passwordless future is starting to look a lot more real:\n<ul>\n<li>Apple announced and demoed FIDO Passkeys in their WWDC keynote: <a href=\"https:\/\/www.imore.com\/apple-killed-passwords-new-passkeys-iphone-ipad-mac-apple-tv\">www.imore.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> &#x1f3a6; Apple have also published a developer session explaining their implementation of Passkeys in much more detail: <a href=\"https:\/\/developer.apple.com\/wwdc22\/10092\">developer.apple.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>1Password has joined the FIDO Alliance \u2014 <a href=\"https:\/\/blog.1password.com\/1password-is-joining-the-fido-alliance\/\">blog.1password.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Apple revealed more security improvements for their upcoming OSes than just Passkeys \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-security-and-privacy-features-in-macos-ventura-ios-16-and-ipados-16\/\">www.intego.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/apple-launches-rapid-security-response-a-new-feature-for-applying-security-updates-on-the-fly\/\">Apple Launches Rapid Security Response, A New Feature for Applying Security Updates on the Fly \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/safety-check-new-ios-16-feature-help-people-abusive-relationships\">Safety Check is a new iOS 16 feature to help people in abusive relationships \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/ios-16-will-lock-deleted-and-hidden-photos-away-behind-face-id-touch-id\">iOS 16 will lock deleted and hidden photos away behind Face ID &amp; Touch ID \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>iOS 16 will support FaceID in landscape mode \u2014 <a href=\"https:\/\/www.imore.com\/ios-16-apple-finally-fixes-face-ids-glaring-problem\">www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>Sophos have released a report breaking down the attack vectors used by attackers in 144 real-world attacks they helped investigate in 2021: <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/06\/07\/know-your-enemy-learn-how-cybercrime-adversaries-get-in\/\">Know your enemy! Learn how cybercrime adversaries get in\u2026 \u2014 nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li><strong>hint:<\/strong> <em>&#8216;patchy, patchy, patch, patch!&#8217;<\/em> &#x1f609;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<p>*A very joyful episode of the SMR Podcast about Chris Ashley&#8217;s new Ford F-150 Lightning EV <a href=\"https:\/\/smrpodcast.com\/episode-f-150-smrpodcast-episode-450\/\">Episode F-150: SMRpodcast Episode #450<\/a><\/p>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. &#x1f1fa;&#x1f1f8; An interesting (and slightly depressing) look at the DOJ&#8217;s change in official policy around the CFAA from the security researcher&#8217;s POV: What Counts as \u201cGood Faith Security Research?\u201d \u2014 krebsonsecurity.com\/\u2026 Social Media Developments [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[3509,2079,50,569,3355,2609],"class_list":["post-26211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-fido","tag-patch","tag-security","tag-security-bits","tag-stay-patched","tag-wwdc"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/26211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=26211"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/26211\/revisions"}],"predecessor-version":[{"id":26213,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/26211\/revisions\/26213"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=26211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=26211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=26211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}