{"id":30482,"date":"2024-02-18T13:21:50","date_gmt":"2024-02-18T21:21:50","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=30482"},"modified":"2024-02-19T20:23:40","modified_gmt":"2024-02-20T04:23:40","slug":"sb-2024-02-18","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2024\/02\/sb-2024-02-18\/","title":{"rendered":"Security Bits \u2014 18 February 2024"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>It&#8217;s not just in Google Search Results that malicious ads are getting through ATM: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/facebook-ads-push-new-ov3r-stealer-password-stealing-malware\/\">Facebook ads push new Ov3r_Stealer password-stealing malware \u2014 www.bleepingcomputer.com\/\u2026<\/a> (The lure is different though, job ads with malicious PDF downloads, not Trojanised software installers)<\/li>\n<li>The fight against Pegasus and its ilk continues: \ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-announces-visa-ban-on-those-linked-to-commercial-spyware\/\">US announces visa ban on those linked to commercial spyware \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83c\uddea\ud83c\uddfa The European Commission have accepted Apple &amp; Microsoft&#8217;s arguments that iMessage and Bing are not Digital Markets Act <em>Gatekeepers<\/em>, so the DMA will not force iMessage interoperability \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/24\/02\/13\/eu-backs-down-wont-force-apple-to-open-imessage-to-rivals\">appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 1 \u2014 Beware the Difference Between Rates and Levels! (Not Such Good News on Ransomware After all \ud83d\ude41)<\/h2>\n<p>Last time we learned that the <strong>rate<\/strong> of ransomware payment had fallen dramatically, with ransomware negotiation firm <em>Coveware<\/em> reporting that only 29% of victims were paying ransoms, down from a whopping  85% in 2019. Since ransomware is a financially motivated cybercrime I happily opined that the end of the ransomware may be near.<\/p>\n<p>Imagine my surprise when just a few days later I read a story citing ransomware payments had reached a record high <strong>level<\/strong> of $1.1Bn in 2023 according to blockchain intelligence firm <em>Chainalysis<\/em>.<\/p>\n<p>Which story is true? Surely they can&#8217;t both be? Actually, they can, and they are!<\/p>\n<p>Intellectually I know it&#8217;s really important to always ask yourself <em>&#8220;is this number a rate or a level&#8221;<\/em>, and remember that cherry-picking one over the other could completely flip the impression the data gives.<\/p>\n<p><strong>If<\/strong> the number of companies victimised by ransomware <strong>and<\/strong> the average payout amount had remained constant, <strong>then<\/strong> a fall in the rate of payment would have meant the market was contracting and the economics were turning against the cybercriminals. But, If either of those were not constant, then the rate of payment and the overall level of the market become uncoupled.<\/p>\n<p>So, did the number of attacks remain constant? <strong>Nope!<\/strong>, it went up \ud83d\ude41<\/p>\n<p>What about the average payout amount, did it remain consistent? <strong>Nope!<\/strong>, it also went up \ud83d\ude41<\/p>\n<p>This means when you have more victims and a rising average ransom payment, then even if the percentage of victims that choose to pay falls to a record low, the total amount paid to the cybercriminals can still grow, which is exactly what happened.<\/p>\n<p>So \u2014 I retract my optimism, with a growing market, <strong>there&#8217;s absolutely no reason to expect any kind of respite from ransomware anytime soon \ud83d\ude41<\/strong><\/p>\n<p>There&#8217;s also a second statistical lesson lurking in the Chainalysis report \u2014 the graph showing the global market over time. In 2022 the market was only $0.6Bn, and in 2023 it jumped to $1.1Bn. You could factually write a shouty headline that ransomware payments <strong>doubled<\/strong> in 2023, but that would be very misleading because you always have to ask the question <em>&#8220;Are the two data points being compared normal, or are either or both unusual&#8221;<\/em>.<\/p>\n<p>Chainalysis did not shout about a doubling, because they are a reputable firm, and, because 2022 was not a normal year. For various economic and political reasons, it was a very abnormal year, so while 2023 was a new high, it was mostly just a return to the previous slowly growing trend \u2014 in 2020 the market was about 0.9Bn, in 2021 it was nearly $1Bn, then we had the odd-ball year 2022, and in 2023 it was $1.1Bn.<\/p>\n<p>So, in the grand scheme of things, this story is actually a big <em>&#8216;nothing burger&#8217;<\/em> \u2014 ransomware continues its slow growth trend, but there is a shift from more smaller ransoms to fewer larger ones, and the total number of attacks is growing faster than the market value.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>New Report: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-payments-reached-record-11-billion-in-2023\/\">Ransomware payments reached record $1.1 billion in 2023 \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Report from last time: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-payments-drop-to-record-low-as-victims-refuse-to-pay\/\">Ransomware payments drop to record low as victims refuse to pay \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>The Chainalysis Report: <a href=\"https:\/\/www.chainalysis.com\/blog\/ransomware-2024\/\">Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline \u2014 www.chainalysis.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 2 \u2014 Apple Details visionOS Privacy Protections<\/h2>\n<p>As a baseline, visionOS gives the same privacy protections as Apple&#8217;s other OSes, but because it has so many more sensors, and is so much more aware of both your surroundings and you, it adds extra protections on top of that baseline.<\/p>\n<p>Apple call out the following as additionally protected:<\/p>\n<ol>\n<li>Your surroundings<\/li>\n<li>The people around you<\/li>\n<li>Your hand gestures<\/li>\n<li>Your eye movements<\/li>\n<li>The 3D persona visionOS builds to represent you in video streams<\/li>\n<\/ol>\n<p>An interesting point to note is that Apple have split the rules into two distinct categories regular apps that sit in the shared environment, and apps that provide a fully immersive experience. No apps get access to raw sensor data, but regular apps get even less situational data than immersive apps.<\/p>\n<p>VisionOS itself has to have a real-time map of your surroundings, and it has to track what your hands and eyes are doing at all times in order to offer its magic-feeling blend of the real and the virtual, but apps can only get access to that data through APIs, and that&#8217;s where Apple asserts control and adds privacy protections.<\/p>\n<p>Firstly, there is no API offering any access to eye-tracking info. Only the OS knows what you&#8217;re looking at second to second, but it doesn&#8217;t share that info with anyone, not even Apple. What visionOS shares with apps is the same kinds of events iOS and macOS share \u2014 the &#8216;user clicked this button&#8217;, &#8216;the user dragged this slider&#8217;, and so on. Note that the OS shows you the thing you would interact with if you made a gesture, so buttons, sliders etc. highlight as you move your eyes around, but apps don&#8217;t get to know what&#8217;s highlighted unless you make a gesture and actually interact with it.<\/p>\n<p>Note that this level of privacy protection is a tradeoff \u2014 it does make some kinds of apps impossible, but it also cuts off a wide spectrum of dystopian possibilities, which seems like a wise choice!<\/p>\n<p>Similarly, even though visionOS looks for people around you, and merges them into your mixed reality as needed, that&#8217;s all done on-device, the information never leaves the device, and no API exposes that information to any app.<\/p>\n<p>Something to note is that any app that offers an immersive experience gets real-time access to your head position. Without this, these kinds of experiences would be impossible, so this is not surprising. A nice tought though is that this API is only available to immersive apps.<\/p>\n<p>Finally, visionOS provides a dedicated guest mode allowing you to safely let others use your headset.<\/p>\n<h3>Protecting your Surroundings<\/h3>\n<p>You&#8217;re likely to use your Vision Pro in very private spaces, so your surroundings could say a lot about you! The most important thing to know is that no app gets this information without your explicit consent, and only certain types of apps (immersive environments) can even ask. Even then, the OS gives a mesh representing the shape of things rather than the raw images, and the mesh only goes out to 5 meters.<\/p>\n<h3>Protecting your Hand Gestures<\/h3>\n<p>No apps get raw images of your hands, so they can&#8217;t try to profile you based on skin colour or tattoos, or jewelry. All any app gets is basic game-like wireframes describing the movement and shape of hands in terms of the positions of your joints. Even then, apps have to explicitly ask for permission to access this API, and only immersive apps can even do that.<\/p>\n<h3>Protecting Your Persona<\/h3>\n<p>The underlying model used to generate the live feed of you as your persona is built on-device, encrypted, and never leaves. Neither Apple nor any apps get access to it.<\/p>\n<p>What the OS makes available via APIs is just a video feed, basically a virtual camera, and the OS protects it like it does real cameras.<\/p>\n<p>Because people could use your persona to imitate you, the OS won&#8217;t allow it to be enabled unless you&#8217;ve authenticated yourself, ideally with Optic ID. In fact, if Optic ID is set up on the device your persona can&#8217;t be used without it verifying your identity.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/24\/02\/13\/apple-vision-pro-privacy-means-apps-cant-access-details-of-users-surroundings\">Apple Vision Pro privacy means apps can&#8217;t access details of users&#8217; surroundings \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li>Apple&#8217;s Published Document: <a href=\"https:\/\/www.apple.com\/privacy\/docs\/Apple_Vision_Pro_Privacy_Overview.pdf\">Apple visionPro Privacy Overview: www.apple.com\/\u2026<\/a> (PDF)<\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Microsoft&#8217;s Patch Tuesday has been and gone with patches for 80 vulnerabilities, 5 of which are critical, and two under active exploitation \u2014 <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/30646\">isc.sans.edu\/\u2026<\/a>, <a href=\"https:\/\/krebsonsecurity.com\/2024\/02\/fat-patch-tuesday-february-2024-edition\/\">krebsonsecurity.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-february-2024-patch-tuesday-fixes-2-zero-days-73-flaws\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> a good reminder of why it&#8217;s important to <em>&#8216;patch early &amp; patch often&#8217;<\/em>: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-used-new-windows-defender-zero-day-to-drop-darkme-malware\/\">Hackers used new Windows Defender zero-day to drop DarkMe malware \u2014 www.bleepingcomputer.com\/\u2026<\/a> (The bug is now patched)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zoom-patches-critical-privilege-elevation-flaw-in-windows-apps\/\">Zoom patches critical privilege elevation flaw in Windows apps \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>\n<p>\ud83c\uddeb\ud83c\uddf7 CNIL (France&#8217;s data regulator National Commission on Informatics and Liberty) have warned that 33M French citizens have been caught up in data breaches at two major healthcare payment providers (Viamedis and Almerys), and have instructed the companies to be sure to inform all affected users (note the future tense!) \u2013 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/data-breaches-at-viamedis-and-almerys-impact-33-million-in-france\/\">www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<ul>\n<li>The population of France is 66.7M, so this affects about <strong>half the country<\/strong>!<\/p>\n<\/li>\n<li>\n<blockquote>\n<p>&#8220;Although the exposed data does not include financial info, it is still enough to raise the risk of phishing scams, social engineering, identity theft, and insurance fraud for the exposed individuals.&#8221;\n<\/p><\/blockquote>\n<\/li>\n<li>\n<blockquote><p>\n  &#8220;&#8216;Although contact data was not affected by the breach, it is possible that the data involved in the breach could be combined with other information from previous data leaks,&#8217; warns CNIL&#8221;\n<\/p><\/blockquote>\n<\/li>\n<\/ul>\n<p>This is an excellent point that we need to bear in mind for all data breaches \u2014 there is already a lot of stuff about us all out there, a breach doesn&#8217;t have to leak everything if it leaks enough to connect jigsaw pieces that are already known to potential attackers.<\/p>\n<\/li>\n<li>\n<p>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/bank-of-america-warns-customers-of-data-breach-after-vendor-hack\/\">Bank of America warns customers of data breach after vendor hack \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<ul>\n<li>\n<blockquote><p>\n  &#8220;It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS.&#8221;\n<\/p><\/blockquote>\n<\/li>\n<li>Based on the above, it seems like individual affected users can&#8217;t have been reached out to give personal warnings, so many affected customers may be none-the-wiser \u2014 if you bank with Bank of America, best be extra vigilant!<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>If you use Facebook Marketplace take note: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/200-000-facebook-marketplace-user-records-leaked-on-hacking-forum\/\">200,000 Facebook Marketplace user records leaked on hacking forum \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Facebook ads are a popular choice for local businesses, small businesses and sole traders, so likely affect some NosiallaCastaways)<\/p>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\n<p>\ud83e\uddef<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/expressvpn-bug-has-been-leaking-some-dns-requests-for-years\/\">ExpressVPN bug has been leaking some DNS requests for years \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<ul>\n<li>Only affected users who chose a split tunnel and who have the local side of the split configured to use a DNS server they don&#8217;t trust<\/li>\n<li>Very little information of importance\/value is likely to have leaked<\/li>\n<li>Express VPN have responded very proactively, disabling the entire feature until it is fully fixed<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-tests-blocking-side-loaded-android-apps-with-risky-permissions\/\">Google tests blocking side-loaded Android apps with risky permissions \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> Google and Apple seem to be approaching the same basic philosophy from two very different sides!)<\/p>\n<\/li>\n<li>\n<p>A good reminder that even Apple&#8217;s walled garden is not entirely free of weeds: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-lastpass-password-manager-spotted-on-apples-app-store\/\">Fake LastPass password manager spotted on Apple\u2019s App Store \u2014 www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/arstechnica.com\/?p=2002178\">A password manager LastPass calls \u201cfraudulent\u201d booted from App Store \u2014 arstechnica.com<\/a><\/p>\n<ul>\n<li>Note that this does not appear to have been an attempt to steal passwords, but simply to counterfeit a famous brand to gain app sales, so run-of-the-mill copyright and trademark abuse, not phishing<\/li>\n<li>Insightful commentary from John Gruber \u2014 <a href=\"https:\/\/daringfireball.net\/linked\/2024\/02\/08\/lastpass-lasspass-scam-app\">daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 A good reminder of why there are so many scams out there: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/americans-lost-record-10-billion-to-fraud-in-2023-ftc-warns\/\">Americans lost record $10 billion to fraud in 2023, FTC warns \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Note \u2014 10x bigger market than ransomware, and, probably massively under-reported)<\/p>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fcc-orders-telecom-carriers-to-report-pii-data-breaches-within-30-days\/\">FCC orders telecom carriers to report PII data breaches within 30 days \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/appleinsider.com\/articles\/24\/02\/08\/apple-joins-meta-google-facebook-on-new-us-government-ai-safety-initiative\">Apple joins Meta, Google, Facebook on new US government AI safety initiative \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/duckduckgo-browser-gets-end-to-end-encrypted-sync-feature\/\">DuckDuckGo browser gets end-to-end encrypted sync feature \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>An example that shows some of the worst possible mistakes API developers can make: <a href=\"https:\/\/www.troyhunt.com\/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data\/\">How Spoutible\u2019s Leaky API Spurted out a Deluge of Personal Data \u2014 www.troyhunt.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>\n<p>An especially cool Astronomy Picture of the Day that really shows the physical arrangement that gives us the phases of the Moon and proves we live on a round planet in a particularly down-to-earth way \u2014 <a href=\"https:\/\/apod.nasa.gov\/apod\/ap240211.html\">apod.nasa.gov\/&#8230;<\/a><\/p>\n<\/li>\n<li>\n<p>From Allison: If you like history and science, you probably find Charles Darwin interesting. A person who goes by @OddPride on TikTok tells the story of Charles Darwin&#8217;s early life in a delightful and humorous style \u2014 <a href=\"https:\/\/www.tiktok.com\/t\/ZPR35fbNk\/\">www.tiktok.com\/&#8230;<\/a><\/p>\n<\/li>\n<li>\n<p>From John F Braun on the Mac Geek Gab 1024 episode &#8211; he recommends watching the <a href=\"https:\/\/www.youtube.com\/@ScammerPayback\">YouTube Channel Scammer Payback<\/a> to watch them explain how they attack scammers.<\/p>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. It&#8217;s not just in Google Search Results that malicious ads are getting through ATM: Facebook ads push new Ov3r_Stealer password-stealing malware \u2014 www.bleepingcomputer.com\/\u2026 (The lure is different though, job ads with malicious PDF downloads, [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[5911,4708,114,2137,50,569,5917,5910,6395],"class_list":["post-30482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-apple-vision-pro","tag-pegasus","tag-privacy","tag-ransomware","tag-security","tag-security-bits","tag-vision-pro","tag-visionos","tag-visionos-privacy"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=30482"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30482\/revisions"}],"predecessor-version":[{"id":30511,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30482\/revisions\/30511"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=30482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=30482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=30482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}