{"id":30005,"date":"2023-12-10T13:51:27","date_gmt":"2023-12-10T21:51:27","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=30005"},"modified":"2023-12-10T13:52:01","modified_gmt":"2023-12-10T21:52:01","slug":"sb-2023-12-10","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2023\/12\/sb-2023-12-10\/","title":{"rendered":"Security Bits \u2014 10 December 2023"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Allison was sceptical that Google really would move to eliminate 3rd-party cookies in 2024, but they put a little wood behind the proverbial arrow this week: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-is-phasing-out-ad-personalization-for-some-adsense-products\/\">Google is phasing out ad personalization for some AdSense products \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>We now have confirmation that the 23andMe breach was as bad as we feared: <a href=\"https:\/\/techcrunch.com\/2023\/12\/04\/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users\/\">23andMe confirms hackers stole ancestry data on 6.9 million users \u2014 techcrunch.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong>  <a href=\"https:\/\/stackdiary.com\/23andme-updates-tos-to-force-binding-arbitration\/\">23andMe is updating its TOS to force binding arbitration with a limited opt-out window \u2014 stackdiary.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/23andme-updates-user-agreement-to-prevent-data-breach-lawsuits\/\">23andMe updates user agreement to prevent data breach lawsuits \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> and confirmation of my gut feeling form the start of all this that we are dealing with a company that is user hostile and <em>slimy<\/em>)<\/li>\n<\/ul>\n<\/li>\n<li>It briefly looked like there would be an actually safe and secure way for Android users to access the  iMessage network, but it very quickly fell apart, and while the company say they will restore access, it seems inevitable to me that they will loose this cat-and-mouse game:\n<ul>\n<li>A nice description of how the service worked, and why it was safe to use: <a href=\"https:\/\/arstechnica.com\/?p=1988361\">Beeper Mini for Android sends and receives iMessages, no Mac server required \u2014 arstechnica.com<\/a><\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/23\/12\/08\/android-imessage-app-beeper-mini-isnt-working-and-apple-probably-killed-it\">Android iMessage app Beeper mini isn&#8217;t working, and Apple probably killed it \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/23\/12\/10\/apple-confirms-it-blocked-beeper-mini-citing-security-risks\">Apple confirms it blocked Beeper Mini citing security risks \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Deep Dive 1 \u2014 A Raft of Un-Patched Vulnerabilities<\/h2>\n<p>The remarkable thing about the last two weeks worth of new is the sheer amount of un-patched vulnerabilities that were published (probably not a coincidence the Black Hat Europe conference was held recently).<\/p>\n<p>What all these vulnerabilities have in common is that we need to be aware that these risks now exist, and there is no patch yet, so we need to made pro-active choices to accept the risks or alter our behaviour. Thankfully, for all these vulnerabilities I think it is perfectly reasonable for regular home users to choose to accept these risks and carry on as they were, but those who work with sensitive data, in sensitive industries, or who are likely to be targeted by powerful attackers need to think much more carefully.<\/p>\n<h3>Two Bluetooth Problems<\/h3>\n<p>The first Bluetooth related problem to make the news is a collection of vulnerabilities that have been collectively named BLUFFS. These vulnerabilities can be used to break the security of Bluetooth connections by allowing an attacker to inject their device into the middle of a Bluetooth connection, i.e. classic <em>Adversary in the Middle<\/em> (AiTM) attacks (formerly poorly named <em>Man in the Middle<\/em> as if there were human males instead of devices doing the eves dropping!).<\/p>\n<p>The problems are with the Bluetooth spec itself, not with any particular implementation, so the problem affects all Bluetooth devices that support versions 4.2 to 5.4 (the latest) of the spec.<\/p>\n<p>The solution is for vendors to update their firmware\/drivers so as to stop supporting the problematic parts of the spec. That&#8217;s going to take time, and lots of devices will never get fixed.<\/p>\n<p>The saving grace here is that attackers need to be within Bluetooth range to use these attacks, so the average person&#8217;s exposure is very low.<\/p>\n<p>If you&#8217;re in any way at risk, you need to avoid sending any sensitive data across Bluetooth. Bluetooth headsets are an obvious exposure to this risk, so consider switching to a wired headset until BLUFFS has been dealt with. Another approach would be to turn off bluetooth when you&#8217;re in public.<\/p>\n<p>You can read more about BLUFFS here: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-bluffs-attack-lets-attackers-hijack-bluetooth-connections\/\">New BLUFFS attack lets attackers hijack Bluetooth connections \u2014 www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/appleinsider.com\/articles\/23\/11\/29\/new-bluetooth-flaws-could-let-an-attacker-steal-wireless-communications\">New Bluetooth flaws could let an attacker steal wireless communications \u2014 appleinsider.com\/\u2026<\/a><\/p>\n<p>Just a few days ago an entirely separate Bluetooth bug emerged, but it has no cool name, so it&#8217;s just known as <em>CVE-2023-45866<\/em>. This bug is a more traditional implementation problem rather than a problem with the spec itself, so vendors will be able to fix it, but it seems they&#8217;re not in any hurry to do so. For now, the problem exists in Android, iOS, Linux &amp; macOS.<\/p>\n<p>The bug lets an attacker bypass authentication to silently pair a malicious device with the target device and have that device be seen by the victim OS as a keyboard, allowing the attackers to literally inject code!<\/p>\n<p>ATM this even works against iPhones with Lockdown mode enabled!<\/p>\n<p>As with the other Bluetooth bug, the attacker needs to be within Bluetooth range, so the only defence for at-risk people until patches are released is to turn off Bluetooth while out and about in public places.<\/p>\n<p>Note that the keystrokes are not invisible, so just watching out for mystery characters appearing is probably enough of a defence for most!<\/p>\n<p>Read more: <a href=\"https:\/\/thehackernews.com\/2023\/12\/new-bluetooth-flaw-let-hackers-take.html\">New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices \u2014 thehackernews.com\/\u2026<\/a> &amp; <a href=\"https:\/\/appleinsider.com\/articles\/23\/12\/07\/if-youre-using-a-magic-keyboard-youve-opened-up-an-attack-vector\">If you&#8217;re using a Magic Keyboard, you&#8217;ve opened up an attack vector \u2014 appleinsider.com\/\u2026<\/a><\/p>\n<h3><em>LogoFAIL<\/em> \u2014 A flaw in Many UEFI Firmwares<\/h3>\n<p>Security researchers found that many motherboard vendors ship UEFI firmware that bundles out of date versions of image processing libraries, and that persistent malware can be loaded into these computers this a malicious logo file.<\/p>\n<p>Unfortunately the problem is wide-spread:<\/p>\n<blockquote><p>\n  &#8220;The flaws affect all major IBVs (Independent BIOS Vendors) like AMI, Insyde, and Phoenix as well as hundreds of consumer and enterprise-grade devices from vendors, including Intel, Acer, and Lenovo, making it both severe and widespread.&#8221;\n<\/p><\/blockquote>\n<p>(I&#8217;ve not see Apple listed as affected anywhere.)<\/p>\n<p>What makes these attacks extra dangerous is that cryptographic protections like <em>Secure Boot<\/em> &amp; <em>Intel Boot Guard<\/em> don&#8217;t include logo files in their integrity checks, so this malware won&#8217;t trigger any boot errors, and because the malware is in the firmware, it will survive even a nuke-and-pave reinstall of the OS.<\/p>\n<p>While vendors will patch these problems and issue driver and firmware updates, older boards are unlikely to get fixed, and very few users actually apply updates for their motherboards, so there are likely to be many vulnerable PCs for a long time.<\/p>\n<p>To trigger this bug an attacker needs to get malware to run on the targeted PC to write the malicious logo into UEFI&#8217;s storage area, so the best defence is definitely prevention \u2014 good old AV and common sense to stop any malware from running, and to stop you from being tricked into installing a Trojan are the best we can do to protect ourselves, at least for now.<\/p>\n<p>More information: <a href=\"https:\/\/thehackernews.com\/2023\/12\/logofail-uefi-vulnerabilities-expose.html\">LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks \u2014 thehackernews.com\/\u2026<\/a><\/p>\n<h3><em>SLAM<\/em> Another Speculative Execution Bug, This One Affecting Future CPUs!<\/h3>\n<p>At this stage another speculative execution bug hardly seems like news, but this one is a little special in that it exploits a very new technology that&#8217;s only just begun to be rolled out on a few AMD CPUs, and has yet to be released on Intel CPUs.<\/p>\n<p>The fix seems to be for app developers to avoid the vulnerable feature in the parts of their code that handle secure content. A lot of speculative execution fixes rely on developers\/compilers to avoid certain optimisations in sensitive parts of their code, while allowing other parts of their code to benefit from the speedups offered by speculative execution.<\/p>\n<p>For now, it&#8217;s developers and OS vendors that need to worry about this, not regular users, but it is noteworthy that there is still no end insight to this problem.<\/p>\n<p>Read more: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-slam-attack-steals-sensitive-data-from-amd-future-intel-cpus\/\">New SLAM attack steals sensitive data from AMD, future Intel CPUs \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<h3><em>5Ghoul<\/em> 5G Bugs in Qualcomm &amp; MediaTek Chips<\/h3>\n<p>A collection of bugs have been found in popular 5G chips that could allow an attacker to disconnect victims from 5G. Some of the bugs cause the 5G chips to lock up until the device is rebooted, others cause the chips to downgrade the user to 4G, which has lots of known weaknesses.<\/p>\n<p>At least for now, none of the attacks can trigger any kind of remote code execution, so this is just <em>denial of service<\/em>. As we know, attacks only get better over time, so remote code execution could become possible in future, but for now, this is most likely to be nothing more than an inconvenience.<\/p>\n<p>Read more: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-5ghoul-attack-impacts-5g-phones-with-qualcomm-mediatek-chips\/\">New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<h3><em>AutoSpill<\/em> Password Manager Bug in Android<\/h3>\n<p>All password managers that use the built-in Android APIs for password manager can be tricked into leaking passwords by malicious apps. This includes big-name password managers like 1Password and LastPass, Keepass &amp; Keeper.<\/p>\n<p>The vendors are all working on workarounds, and there is sure to be a fix in Android itself soon too, but for now, there is no fix.<\/p>\n<p>The key point is that this flaw can only be attacked by malware running on the device, so the best protection from having malware steal your password is not to install the malware on your device in the first place!<\/p>\n<p>Read more: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/autospill-attack-steals-credentials-from-android-password-managers\/\">AutoSpill attack steals credentials from Android password managers \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<h2>Deep Dive 2 \u2014 A Whole New Spying Vector<\/h2>\n<p>Thanks to a public letter from Oregon Senator Ron Wyden, we now know that the US government has been forcing Apple &amp; Google to hand over push notification data to US law enforcement, and to do so under a gag order because the program was secret.<\/p>\n<p>The metadata around push notifications can be very revealing, with one of its biggest <em>features<\/em> being its ability to link supposedly anonymous IDs on other services to an Apple ID, and hence, to a specific person.<\/p>\n<p>Apart from us now knowing this is happening, the second biggest outcome is that Apple and Google are now freed from the gag order because there is no secret to keep anymore, and both have promised to include details of these kinds of requests in future transparency reports.<\/p>\n<p>One interesting detail is that Apple and Google had differing policies around these requests \u2014 Apple just required a subpoena, which does not always need approval from a judge, but Google required a court order, which does.<\/p>\n<h3>Links:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-senator-govts-spy-on-apple-google-users-via-mobile-notifications\/\">US senator: Govts spy on Apple, Google users via mobile notifications \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/?p=1989091\">Apple admits to secretly giving governments push notification data \u2014 arstechnica.com<\/a><\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/23\/12\/06\/senators-paranoia-opens-door-for-apple-to-speak-out-on-government-censorship\">Senator&#8217;s paranoia opens door for Apple to speak out on government censorship \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/daringfireball.net\/linked\/2023\/12\/06\/apples-updated-law-enforcement-guidelines\">Apple Requires Only a Subpoena to Turn Over Push Notification Tokens to Law Enforcement; Google Requires a Court Order \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2023\/\">Google Chrome emergency update fixes 6th zero-day exploited in 2023 \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Other Chromium-based browsers like Edge &amp; Brave also vulnerable: <a href=\"https:\/\/www.intego.com\/mac-security-blog\/urgent-patch-6th-chrome-zero-day-of-2023-affects-multiple-browsers\/\">www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2023\/12\/zero-day-alert-apple-rolls-out-ios.html\">Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws \u2014 thehackernews.com\/\u2026<\/a> &amp; <a href=\"https:\/\/tidbits.com\/2023\/12\/01\/webkit-zero-day-vulnerabilities-prompt-ios-17-1-2-ipados-17-1-2-macos-14-1-2-and-safari-17-1-2\/\">WebKit Zero-Day Vulnerabilities Prompt iOS 17.1.2, iPadOS 17.1.2, macOS 14.1.2, and Safari 17.1.2 \u2014 tidbits.com\/\u2026<\/a><\/p>\n<\/li>\n<li>If you&#8217;re running OwnCloud on your NAS, be sure it&#8217;s patched: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-start-exploiting-critical-owncloud-flaw-patch-now\/\">Hackers start exploiting critical ownCloud flaw, patch now \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>If you have a Zyxel NAS, bet sure it&#8217;s patched: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zyxel-warns-of-multiple-critical-vulnerabilities-in-nas-devices\/\">Zyxel warns of multiple critical vulnerabilities in NAS devices \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>As soon as your vendor lets you patch your Android phone, do it: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/december-android-updates-fix-critical-zero-click-rce-flaw\/\">December Android updates fix critical zero-click RCE flaw \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>WordPress security specialists WordFence are warning of a new spear-phishing tactic being directed at WordPress site owners \u2013 fake emails pretending to be from <em>&#8216;The WordPress Security Team&#8217;<\/em> warning you of a supposed vulnerability in a plugin, and offering a download link to a malicious plugin which installs a backdoor to allow the hackers completely take over the site \u2014 <a href=\"https:\/\/www.wordfence.com\/blog\/2023\/12\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/\">www.wordfence.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>A wrong-headed and factually inaccurate meme spread like wild-fire on US law enforcement social media warning users of fictitious dangers in the latest iOS: <a href=\"https:\/\/www.cultofmac.com\/838538\/iphone-namedrop-security-risk\/\">NameDrop is safe and convenient \u2014 www.cultofmac.com\/\u2026<\/a> &amp; <a href=\"https:\/\/tidbits.com\/2023\/11\/28\/push-back-on-namedrop-privacy-insinuations\/\">Push Back on NameDrop Privacy Insinuations \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li>An example of the positive security and privacy benefits AI can bring: <a href=\"https:\/\/thehackernews.com\/2023\/11\/google-unveils-retvec-gmails-new.html\">Google Unveils RETVec &#8211; Gmail&#8217;s New Defense Against Spam and Malicious Emails \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>\n<p><a href=\"https:\/\/thehackernews.com\/2023\/11\/us-uk-and-global-partners-release.html\">U.S., U.K., and Global Partners Release Secure AI System Development Guidelines \u2014 thehackernews.com\/\u2026<\/a><\/p>\n<ul>\n<li><strong>Editorial by Bart:<\/strong> these are just guidelines, so nowhere near all that&#8217;s needed, but these things need to start somewhere, and this is a decent start, so I find a lot of the criticism too pessimistic.<\/li>\n<li><strong>Example Criticism:<\/strong> <a href=\"https:\/\/appleinsider.com\/articles\/23\/11\/27\/new-multi-national-ai-security-guidelines-are-toothless-and-weak\">New multi-national AI security guidelines are toothless and weak \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>A nice pair of security &amp; privacy updates from Meta:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/whatsapps-new-secret-code-feature-hides-your-locked-chats\/\">WhatsApp&#8217;s new Secret Code feature hides your locked chats \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.cultofmac.com\/839559\/facebook-messenger-gets-end-to-end-encryption-finally\/\">Facebook Messenger finally joins the end-to-end encryption club \u2014 www.cultofmac.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong> An episode of the Computer podcast from RedHat that seems very relevant to the NosillaCast audience \u2013 advice on how to keep learning: <a href=\"https:\/\/overcast.fm\/+s7aOGhgKo\">Compiler: Continuing Education \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li><strong>From Allison:<\/strong> 1984 Radio Shack commercial &#8211; a &#8220;fully portable cell phone for only $2500!&#8221; In 2023 dollars that would be $7400.  <a href=\"https:\/\/www.tiktok.com\/t\/ZT8PH7evM\/\">www.tiktok.com\/&#8230;<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em><\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Allison was sceptical that Google really would move to eliminate 3rd-party cookies in 2024, but they put a little wood behind the proverbial arrow this week: Google is phasing out ad personalization for some [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,1],"tags":[],"class_list":["post-30005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-podcasts"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=30005"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30005\/revisions"}],"predecessor-version":[{"id":30006,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30005\/revisions\/30006"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=30005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=30005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=30005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}