{"id":32995,"date":"2025-02-02T14:05:21","date_gmt":"2025-02-02T22:05:21","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=32995"},"modified":"2025-02-03T03:53:11","modified_gmt":"2025-02-03T11:53:11","slug":"sb-2025-02-02","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2025\/02\/sb-2025-02-02\/","title":{"rendered":"Security Bits \u2014 2 February 2025"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li><strong>Updated Advice from Bart:<\/strong> back in 2019 I <a href=\"https:\/\/www.podfeet.com\/blog\/which-dns-resolver-should-i-use\/\">recommended the anti-malware not-for-profit DNS provider QuadNine<\/a> (<code>9.9.9.9<\/code>) on the NosillaCast, I had been using it on my router since then, but not anymore, their service has been degrading, and it got so bad this week I switched to CloudFlare&#8217;s <code>1.1.1.1<\/code>, if you are using QuadNine and have been having slow internet unexpectedly, consider following suit!<\/li>\n<\/ul>\n<h2>Deep Dive \u2014 New Speculative Execution Attacks against Apple Silicon (SLAP &amp; FLOP)<\/h2>\n<p>_<strong>TL;DR<\/strong> for now, the real-world risks appears to be low, and there is nothing users can do at the moment. Apple are monitoring the situation, so urgent patches may be forthcoming in the future.<\/p>\n<p>Since the infamous Spectre and Meltdown vulnerabilities first brought the concept of <em>speculative execution<\/em> to our attention way back in 2017 we\u2019ve seen a parade of these kinds of CPU optimisations that can lead to inadvertent data leaks. Most of these bugs have affected Intel CPUs, but there have been some affecting AMD and Apple processors too.<\/p>\n<p>The majority of these vulnerabilities are only a real threat in shared hosting environments, where it\u2019s normal for unrelated processes to share a CPU, and where any cross-process leaks are a really big deal. This has resulted in cloud providers being forced to implement fixes and workarounds that generally result in substantial performance losses per-CPU. For home users the performance trade-offs are generally not worth it because only our stuff should be running on our devices. These bugs hence usually fall into the \u201cif you have malware on your machine \u2026\u201d category.<\/p>\n<p>But, a small subset of these bugs have required urgent patches for everyone, usually provided through OS and\/or browser updates because they could be exploited via JavaScript, so just visiting a website could leak sensitive data from your device.<\/p>\n<p>That\u2019s unfortunately the category a pair of newly detailed Apple-specific vulnerabilities fall into.<\/p>\n<p>Security researchers have now publicly disclosed a pair of speculative execution bugs affecting newer Apple Silicon chips which they\u2019ve named SLAP and FLOP because they abuse CPU features named LAP and LOP which predict future memory access calls.<\/p>\n<p>To illustrate the danger the researchers have demonstrated the flaws being used in a browser, with a malicious web page successfully extracting secret information from other open tabs in 10 minutes.<\/p>\n<p>The flaws were responsibly disclosed to Apple last summer, but as of yet there are no patches. Apple have said they are monitoring the situation, and that it has observed no real-world attacks. We can only assume that if real-world attacks emerge Apple will act.<\/p>\n<p>For now, we regular folks just need to sit and wait, knowing we may need to patch urgently sometime in the future.<\/p>\n<p>For high-risk users there is one more concrete suggested action \u2014 enable lockdown mode to massively harden the OS in general and Safari in particular (at the cost of functionality!)<\/p>\n<h3>Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/25\/01\/28\/two-apple-silicon-chip-flaws-could-make-your-private-data-vulnerable-to-theft\">Two Apple Silicon chip flaws could expose your private data to thieves \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/security\/2025\/01\/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome\/\">Apple chips can be hacked to leak secrets from Gmail, iCloud, and more \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-chips-can-leak-secrets-to-hackers-slap-and-flop-attacks-explained\/\">Apple chips can leak secrets to hackers; SLAP and FLOP attacks explained \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-18-3-and-macos-sequoia-15-3-patch-first-apple-zero-day-of-2025\/\">iOS 18.3 and macOS Sequoia 15.3 patch first Apple zero-day of 2025 \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><strong>Attention Git users:<\/strong> A nasty collection of Git bugs was first found in the GitHub Desktop app, and while most of the bugs are specific to just that one app, which has now been patched, related flaws were found in core Git which <strong>may<\/strong> affect some other clients. If your Git app offers you an update, take it! \u2014 <a href=\"https:\/\/thehackernews.com\/2025\/01\/github-desktop-vulnerability-risks.html\">thehackernews.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clone2leak-attacks-exploit-git-flaws-to-steal-credentials\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><strong>Attention QNAP NAS owers:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-fixes-six-rsync-vulnerabilities-in-hbs-nas-backup-recovery-app\/\">QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>Yet another Malvertising attack, this time targeting a very popular app within our community: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-homebrew-google-ads-target-mac-users-with-malware\/\">Fake Homebrew Google ads target Mac users with malware \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>The ad was very convincing and seemed to point to the correct <code>brew.sh<\/code> domain, but clicking that ad took users to a perfect clone of the site at <code>brewe.sh<\/code> (notice the extra <code>e<\/code>!) \u2014 this site gave users instructions for installing a malicious version of Homebrew<\/li>\n<li>Hat-tip to Allister in the <a href=\"https:\/\/podfeet.com\/slack\">Podfeet Slack<\/a> for spotting this story first<\/li>\n<li><strong>Editorial by Bart:<\/strong> in my opinion ad-based search is now so broken that&#8217;s just not safe to use anymore. I&#8217;ll do a full review on the NosillaCast later in the year, but I now recommend paying for search so as to get 100% ad-free high-quality search. My second annual <a href=\"https:\/\/kagi.com\/\">Kagi<\/a> renewal came through just this week, so I&#8217;ve been living in this world for two years, and I&#8217;m now confident saying it&#8217;s better than current Google.<\/li>\n<\/ul>\n<\/li>\n<li>Beware, attackers seem to be exploiting the fact that websites often make us do weird things to prove we&#8217;re human:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/telegram-captcha-tricks-you-into-running-malicious-powershell-scripts\/\">Telegram captcha tricks you into running malicious PowerShell scripts \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2025\/01\/beware-fake-captcha-campaign-spreads.html\">Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\udde8\ud83c\uddf3 A timely illustration of the dangers of using cloud-hosted LLMs: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/deepseek-exposes-database-with-over-1-million-chat-records\/\">DeepSeek exposes database with over 1 million chat records \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Prompts often give away a lot of information, be careful what you ask what LLM!<\/li>\n<li>Apple Intelligence is a notable exception here, unless you explicitly ask it to use ChatGPT your prompts are never shared with anyone, not even Apple!<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 US parents and students should probably contact their schools to understand whether or not this affects them, and if so, how, because the specific impact varies widely between schools: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/powerschool-starts-notifying-victims-of-massive-data-breach\/\">PowerSchool starts notifying victims of massive data breach \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>A timely reminder that the NSO Group and their infamous Pegasus spyware are just the most infamous of a while class if companies and apps: <a href=\"https:\/\/thehackernews.com\/2025\/02\/meta-confirms-zero-click-whatsapp.html\">Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>Further evidence of why we can&#8217;t trust cellular networks anymore: <a href=\"https:\/\/thehackernews.com\/2025\/01\/ransacked-over-100-security-flaws-found.html\">RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>\ud83c\udde8\ud83c\uddf3 The most eye-opening example of the dangers of trusting devices made in adversarial nations I&#8217;ve seen in some time: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/backdoor-found-in-two-healthcare-patient-monitors-linked-to-ip-in-china\/\">Backdoor found in two healthcare patient monitors, linked to IP in China \u2014 www.bleepingcomputer.com\/\u2026<\/a> (US hospitals being asked to disconnect these devices from their networks)<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 The US TikTok ban came into effect on the 19th of January (one day before President Trump&#8217;s Inauguration) \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/heres-why-you-still-cannot-download-tiktok-from-app-store\/\">www.macobserver.com\/\u2026<\/a>\n<ul>\n<li>On the day, TikTok&#8217;s service went offline in the US because their US cloud providers Akami &amp; Oracle obeyed the new law. Apple &amp; Google also removed the app from their app stores.<\/li>\n<li>On his first day in office, President Trump issued an executive order instructing the Department of Justice (DOJ) not to prosecute anyone for breaking the law for the first 75 days.<\/li>\n<li>The law remained in effect and in place \u2014 Executive Orders can&#8217;t override duly passed and signed laws (Congress can revoke them, and courts can rule them un-constitutional)<\/li>\n<li>Akami &amp; Oracle chose to accept this no-prosecution promise, so service resumed in the US<\/li>\n<li>Apple &amp; Google chose to continue to obey the law, keeping the app out of their stores<\/li>\n<li><strong>Legal Analysis:<\/strong> <a href=\"https:\/\/www.lawfaremedia.org\/article\/trump%27s-tiktok-executive-order-and-the-limits-of-executive-non-enforcement\">Trump&#8217;s TikTok Executive Order and the Limits of Executive Non-Enforcement \u2014 www.lawfaremedia.org\/\u2026<\/a><\/li>\n<li>Non-prosection promises have no legal standing<\/li>\n<li>Normal Statute of Limitations applies \u2014 any administration in the next 5 years could choose to prosecute Akami &amp; Oracle<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 The start of the second Trump Presidency has had some notable detrimental effects on cybersecurity \ud83d\ude41\n<ul>\n<li>A good overview of everything that happened in the new administration&#8217;s first week: <a href=\"https:\/\/krebsonsecurity.com\/2025\/01\/a-tumultuous-week-for-federal-cybersecurity-efforts\/\">A Tumultuous Week for Federal Cybersecurity Efforts \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2025\/01\/president-trump-pardons-silk-road.html\">President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison \u2014 thehackernews.com\/\u2026<\/a> (this news was swamped in all the other pardon news)<\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2025\/01\/trump-terminates-dhs-advisory-committee.html\">Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 Some good news from the EFF: <a href=\"https:\/\/www.eff.org\/deeplinks\/2025\/01\/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional\">VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional \u2014 www.eff.org\/\u2026<\/a><\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/paypal-to-pay-2-million-settlement-over-2022-data-breach\/\">PayPal to pay $2 million settlement over 2022 data breach \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>An interesting detail is the reason for the settlement \u2014 not the fact that there was a breach, but that PayPal had failed to implement adequate security practices and adequate staff cybersecurity training (they have made improvements since)<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddea\ud83c\uddfa \ud83c\udde8\ud83c\uddf3 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china\/\">GDPR complaints filed against TikTok, Temu for sending user data to China \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Some nice security enhancements\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-android-identity-check-locks-settings-outside-trusted-locations\/\">New Android Identity Check locks settings outside trusted locations \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-launches-customizable-web-store-for-enterprise-extensions\/\">Google launches customizable Web Store for Enterprise extensions \u2014 www.bleepingcomputer.com\/\u2026<\/a> (a powerful new tool for enterprise customers)<\/li>\n<li><strong>Related:<\/strong> another illustration of the dangers browser plugins pose, and the renewed focus they are getting from attackers and researchers alike: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-syncjacking-attack-hijacks-devices-using-chrome-extensions\/\">New Syncjacking attack hijacks devices using Chrome extensions \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/bitwarden-makes-it-harder-to-hack-password-vaults-without-mfa\/\">Bitwarden makes it harder to hack password vaults without MFA \u2014 www.bleepingcomputer.com\/\u2026<\/a> (email validation loop on each login without MFA)<\/li>\n<li>Two nice uses of AI by Microsoft:<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-tests-edge-scareware-blocker-to-block-tech-support-scams\/\">Microsoft tests Edge Scareware Blocker to block tech support scams \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-teams-phishing-attack-alerts-coming-to-everyone-next-month\/\">Microsoft Teams phishing attack alerts coming to everyone next month \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>A nice reminder that in a cat-and-mouse game the cat scores a lot of wins too: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-blocked-236-million-risky-android-apps-from-play-store-in-2024\/\">Google blocked 2.36 million risky Android apps from Play Store in 2024 \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>A good reminder that playing around with hacking tools is dangerous: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-infects-18-000-script-kiddies-with-fake-malware-builder\/\">Hacker infects 18,000 &#8220;script kiddies&#8221; with fake malware builder \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tips, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li>\ud83c\udfa7 Excellent advice from Ken Ray: <a href=\"https:\/\/overcast.fm\/+AAHLr7DMYsM\">Checklist 408 &#8211; Family Passwords and Smishing, Revisited \u2014 overcast.fm\/\u2026<\/a>\n<ul>\n<li><strong>Editorial by Bart:<\/strong> I whole-heartedly agree it&#8217;s time for family passwords again, the deep-fake threat is no longer hypothetical, it&#8217;s very real now, with many victims each day<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong> \ud83c\udfa7 A fascinating look at a researcher&#8217;s work on sabotaging AI&#8217;s that hoover up artists work without permission: <a href=\"https:\/\/overcast.fm\/+AAWaLGKfusc\">Freakonomics Radio 619: How to Poison the A.I. Machine \u2014 overcast.fm\/\u2026<\/a> (I remain convinced this is fair use, but I empathise with all sides, recommending because it&#8217;s an interesting conversation, not because I have a strong opinion one-way-or-the-other)<\/li>\n<li><strong>From Allison:<\/strong> \ud83d\udcca Some truly excellent data visualisation work: <a href=\"https:\/\/www.abc.net.au\/news\/2025-01-28\/almost-one-in-ten-people-use-the-same-four-digit-pin\/103946842\">Almost one in 10 people use the same four-digit PIN \u2014 www.abc.net.au\/\u2026<\/a> (based on Have-I-Been-Pwned data, and given an enthusiastic \ud83d\udc4d by creator Troy Hunt)<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Updated Advice from Bart: back in 2019 I recommended the anti-malware not-for-profit DNS provider QuadNine (9.9.9.9) on the NosillaCast, I had been using it on my router since then, but not anymore, their service [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[6988,2064,4773,6990,6987,6989],"class_list":["post-32995","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-flop","tag-git","tag-nso","tag-qnap","tag-slap","tag-speculative-execution"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=32995"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32995\/revisions"}],"predecessor-version":[{"id":32996,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32995\/revisions\/32996"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=32995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=32995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=32995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}