{"id":26278,"date":"2022-06-26T11:40:06","date_gmt":"2022-06-26T18:40:06","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=26278"},"modified":"2022-06-26T11:40:06","modified_gmt":"2022-06-26T18:40:06","slug":"security-bits-26-june-2022","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2022\/06\/security-bits-26-june-2022\/","title":{"rendered":"Security Bits \u2014 26 June 2022"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>An interim report on the EU&#8217;s investigation of the NSO Group&#8217;s Pegasus spyware reveals that the company has admitted to selling its product in at least five EU countries (the company are not sure there aren&#8217;t more, they&#8217;re still investigating) \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/nsos-pegasus-spyware-sees-use-in-five-eu-countries-interim-report-see-publication\/\">www.macobserver.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> Google&#8217;s <em>Project Zero<\/em> team have released details of another Spyware product targeting Android &amp; iOS being sold by Italian company <em>RCS Labs<\/em> which used an Enterprise Cert and social engineering to trick victims into side-loading the spyware onto their iPhones (Apple have revoked all certs used, so the spyware is now blocked) \u2014 <a href=\"https:\/\/www.imore.com\/iphone-users-targeted-italian-spyware-says-new-report\">www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Social Media News:\n<ul>\n<li>Instagram are rolling out new parental controls, including time limits (US-only now, but in other countries soon, and globally by end of the year) \u2014 <a href=\"https:\/\/www.imore.com\/teens-parents-can-now-limit-how-much-time-you-spend-instagram\">www.imore.com\/\u2026<\/a> <\/li>\n<li>Telegram have announced the details of their paid-for premium subscription ($4.99\/month for big file uploads, fast downloads, and increases on all other limits) \u2014 <a href=\"https:\/\/www.imore.com\/telegram-premium-adds-big-features-youll-pay-through-nose-it\">www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Patch Tuesday has been and gone \u2013 zero-days in Windows &amp; Office, and IE is officially dead (&#x1f57a;) \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2022\/06\/microsoft-patch-tuesday-june-2022-edition\/\">krebsonsecurity.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/06\/15\/follina-gets-fixed-but-its-not-listed-in-the-patch-tuesday-patches\/\">Follina gets fixed \u2013 but it\u2019s not listed in the Patch Tuesday patches! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Firefox is now enabling its <em>Total Cookie Protection<\/em> feature by default, making it probably the more private browser out-of-the-box \u2014 <a href=\"https:\/\/www.imore.com\/firefox-mac-just-got-even-better-new-privacy-feature\">www.imore.com\/\u2026<\/a>\n<ul>\n<li>We did a deep-dive into the feature last summer \u2014 <a href=\"https:\/\/www.podfeet.com\/blog\/2021\/03\/sb-2021-03-07\/\">www.podfeet.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Apple previewed some nice security\/privacy-related tweaks in their upcoming OS releases:\n<ul>\n<li><em>Private Access Tokens<\/em> will give websites a human-friendly alternative for CAPTCHAs for Apple users (uses the upcoming <em>Privacy Pass<\/em> IETF (Internet Engineering Task Force) standard) \u2014 <a href=\"https:\/\/www.imore.com\/ios-16-could-kill-more-passwords-handy-feature\">www.imore.com\/\u2026<\/a>\n<ul>\n<li>&#x1f3a6;  The WWDC session describing the feature: <a href=\"https:\/\/developer.apple.com\/videos\/play\/wwdc2022\/10077\/\">developer.apple.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/macos-ventura-gets-new-usb-and-thunderbolt-accessory-security-feature-beta\">macOS Ventura gets new USB-C and Thunderbolt accessory security feature in beta \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>The Mail app will get support for the <em>Brand Indicators for Message Identification<\/em> standard, showing brand icons next to cryptographically verified emails, making authentic messages easier to spot \u2014 <a href=\"https:\/\/www.imore.com\/ios-16-adds-major-new-upgrade-fight-email-scams\">www.imore.com\/\u2026<\/a>\n<ul>\n<li>A short description of the BIMI standard \u2014 <a href=\"https:\/\/en.wikipedia.org\/wiki\/Brand_Indicators_for_Message_Identification\">en.wikipedia.org\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/ios-16-makes-it-incredibly-easy-buy-custom-cloudflare-email-domains\">iOS 16 makes it incredibly easy to buy custom CloudFlare email domains \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; This week&#8217;s land-mark Roe -v- Wade Supreme Court decision has had an unexpected side-effect \u2014 a wrong-headed probe into Apple &amp; Google&#8217;s tracking protection features (the Senators who wrote the letter don&#8217;t get that the IDFA is a privacy protection that gives users control, not an invasion of user privacy!) \u2014 <a href=\"https:\/\/arstechnica.com\/?p=1862757\">arstechnica.com\/\u2026<\/a>\n<ul>\n<li>Excellent commentary from John Gruber clearing explaining why this is so misguided \u2014 <a href=\"https:\/\/daringfireball.net\/linked\/2022\/06\/24\/democrats-apple-google-idfa-ftc\">daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>&#x1f3a5; Sandy posted a link in Slack to Ren\u00e9 Ritchie&#8217;s video explanation of Passkeys and why they&#8217;re more secure than passwords: <a href=\"https:\/\/www.youtube.com\/shorts\/4R5AfpQheSo\">Passkeys vs Passwords \u2014 Explained!<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From the Community:<\/strong> <a href=\"https:\/\/xkcd.com\/2634\/\">xkcd.com\/\u2026<\/a><br \/>\n<img decoding=\"async\" src=\"https:\/\/imgs.xkcd.com\/comics\/red_line_through_https.png\" alt=\"imgs.xkcd.com\/...\" title=\"Some organization has been paying to keep this up and it hasn't been removed from search results. Seems like two votes of confidence to me\" \/><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. An interim report on the EU&#8217;s investigation of the NSO Group&#8217;s Pegasus spyware reveals that the company has admitted to selling its product in at least five EU countries (the company are not sure [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[],"class_list":["post-26278","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/26278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=26278"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/26278\/revisions"}],"predecessor-version":[{"id":26280,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/26278\/revisions\/26280"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=26278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=26278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=26278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}