{"id":27852,"date":"2023-02-19T13:20:28","date_gmt":"2023-02-19T21:20:28","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=27852"},"modified":"2023-02-19T13:23:18","modified_gmt":"2023-02-19T21:23:18","slug":"sb-2023-02-19","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2023\/02\/sb-2023-02-19\/","title":{"rendered":"Security Bits \u2013 19 February 2023"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Following on from the warning linked last time about the dangers of using AirTags to track pets, The Mac Observer have some recommendations for trackers that are specifically designed to safely track pets \u2014 <a href=\"https:\/\/www.macobserver.com\/tips\/round-ups\/dog-tracker-options-airtag\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>The Valentine&#8217;s Day Patch Tuesday was a big one: <a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/02\/14\/microsoft-patch-tuesday-36-rce-bugs-3-zero-days-75-cves\/\">Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/tidbits.com\/2023\/02\/13\/ios-16-3-1-ipados-16-3-1-macos-13-2-1-ventura-watchos-9-3-1-tvos-16-3-2-and-homepod-software-16-3-2-fix-bugs-and-security-vulnerabilities\/\">iOS 16.3.1, iPadOS 16.3.1, macOS 13.2.1 Ventura, watchOS 9.3.1, tvOS 16.3.2, and HomePod Software 16.3.2 Fix Bugs and Security Vulnerabilities \u2014 tidbits.com\/\u2026<\/a>\n<ul>\n<li>The patches include a fix for a critical zero-day exploit \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/02\/14\/apple-fixes-zero-day-spyware-implant-bug-patch-now\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f9ef; Contrary to some reporting, there was no iOS bug leaking location data \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/23\/02\/10\/apple-no-apps-circumvented-user-privacy-controls\">appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>If you&#8217;re running VMWare&#8217;s ESXi (perhaps on a home NAS or similar), be sure it&#8217;s patched, it&#8217;s being very actively exploited ATM \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/02\/07\/using-vmware-worried-about-esxi-ransomware-check-your-patches-now\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>OpenSSL, probably the most prolific open source implementation of the TLS protocol that puts the S in HTTPS, has received a significant patch including fixes for critical bugs. Now would be an excellent time to check that your IoT devices are all patched, and if you run your own web server, that it is too \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/02\/08\/openssl-fixes-high-severity-data-stealing-bug-patch-now\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f9ef; Reddit suffered a data breach, but the attackers never gained access to the production system, or any user data \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/02\/10\/reddit-admits-it-was-hacked-and-data-stolen-says-dont-panic\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Tile have added an anti-theft mode that intentionally makes their tracker undetectable by others, and the only protection they are adding is a need to register with the company with photo ID before it can be enabled \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/23\/02\/16\/tile-tracker-adds-new-anti-theft-measure-claims-it-helps-victims-of-stalking\">appleinsider.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> this seems wrong-headed and dangerous to be \u2014 we know tracker stalking is a problem because of how well Apple&#8217;s protection work, making a tracker designed not to be discoverable and pretending that having to register so you can be tracked when you&#8217;re caught makes no sense to me!)<\/li>\n<li>Twitter disable SMS 2FA signup for all but Twitter Blue customers, and existing non-Blue users have 30 days to migrate or their account will lose 2FA protection \u2014 <a href=\"https:\/\/blog.twitter.com\/en_us\/topics\/product\/2023\/an-update-on-two-factor-authentication-using-sms-on-twitter\">blog.twitter.com\/\u2026<\/a>\n<ul>\n<li>The motivation appears to be SMS-based fraud rather than the fact that SMS is the least secure form of 2FA (thanks to Ed Ross in the NosillaCast slack for the tip) \u2014 <a href=\"https:\/\/twitter.com\/TitterTakeover\/status\/1626781483435188226?t=CppVyFjAoZTKd7vgu_eDDQ&#038;s=09\">twitter.com\/\u2026<\/a><\/li>\n<li><strong>Related Tip:<\/strong> <a href=\"https:\/\/sixcolors.com\/post\/2023\/02\/setting-up-ioss-two-factor-authentication-for-twitter\/\">Setting up iOS\u2019s two-factor authentication for Twitter \u2014 sixcolors.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1ea;&#x1f1fa; The European Union&#8217;s Digital Services Act starts to feel real as tech companies start reporting their active user numbers to the EU. The threshold for coming under the act&#8217;s purview is 45M active European users, and we now know Apple, Google, Meta &amp; Twitter surpass that \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/23\/02\/17\/apple-will-surrender-info-on-how-many-users-it-has-to-the-eu\">appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li>Apple has used European Safer Internet Day as an opportunity to highlight its child protection features, and to launch some new resources for parents including a <em>Today at Apple<\/em> session named <em>&#8216;Your Kids and Their Devices&#8217;<\/em> \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/23\/02\/07\/apple-highlights-child-protection-for-safer-internet-day\">appleinsider.com\/\u2026<\/a>\n<ul>\n<li>Apple&#8217;s Families page \u2014 <a href=\"https:\/\/www.apple.com\/families\/\">www.apple.com\/\u2026<\/a><\/li>\n<li>Apple&#8217;s press release \u2014 <a href=\"https:\/\/www.apple.com\/uk\/newsroom\/2023\/02\/apple-spotlights-free-resources-to-protect-children-online\/\">www.apple.com\/\u2026<\/a><\/li>\n<li><strong>Related Tip:<\/strong> <a href=\"https:\/\/www.macobserver.com\/tips\/how-to\/set-up-ipad-for-child\/\">How to Set Up an iPad for a Child \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/apple-card-security\/\">Apple Shares Five Security Steps for Apple Card \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>CGP Grey explains why we don&#8217;t know how machine learning algorithms work. This video is 5 years old but it holds up. <a href=\"https:\/\/youtu.be\/R9OHn5ZF4Uo\">How AIs, like ChatGPT, Learn<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>Bart:<\/strong> &#x1f3a6; This thoughtful video doesn&#8217;t answer the deep questions raised by the current surge in AI brings (nothing can), but it&#8217;s given me a much better framework for thinking about it: <a href=\"https:\/\/youtu.be\/jPhJbKBuNnA\">I tried using AI. It scared me. \u2014 youtu.be\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Following on from the warning linked last time about the dangers of using AirTags to track pets, The Mac Observer have some recommendations for trackers that are specifically designed to safely track pets \u2014 [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[50,569],"class_list":["post-27852","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/27852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=27852"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/27852\/revisions"}],"predecessor-version":[{"id":27853,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/27852\/revisions\/27853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=27852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=27852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=27852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}