{"id":35338,"date":"2026-02-01T13:50:31","date_gmt":"2026-02-01T21:50:31","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=35338"},"modified":"2026-02-01T13:53:25","modified_gmt":"2026-02-01T21:53:25","slug":"sb-2026-02-01","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2026\/02\/sb-2026-02-01\/","title":{"rendered":"Security Bits \u2014 1 February 2026"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>A timely reminder both that malicious ads remain a big problem, and that Mac users are not immune to malware: <a href=\"https:\/\/appleinsider.com\/articles\/26\/01\/28\/mac-malware-is-sneaking-into-some-sponsored-google-ads\">Mac malware is sneaking into some sponsored Google ads \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive \u2014 \ud83e\uddef Understanding the Microsoft BitLocker Key \u2018Controversy\u2019<\/h2>\n<p><em><strong>TL;DR<\/strong> \u2014 most NosillaCastaways probably want to continue to accept the BitLocker default setting and continue to have the encryption key backed up to their Microsoft Account.<\/em><\/p>\n<p>Windows supports full disk encryption using a feature named <em>BitLocker<\/em>, and it works like any other full disk encryption technology, protecting the data on the disk from being accessed by anyone who steals the computer or the drive.<\/p>\n<p>All of these systems work in a similar way \u2014 the actual bits on the disk are encrypted with a long, complex key, but since that can&#8217;t be easily written down, let alone remembered,  that key gets re-encrypted with the user&#8217;s password. This means that to unlock the drive, normally the user enters their password, which decrypts the key, which decrypts the data on the drive. If they forget their password, the data on the drive can still be recovered if there&#8217;s a backup copy of the actual encryption key. This design has the added advantage of allowing users to reset their password without needing to re-encrypt the entire drive; only the drive&#8217;s actual key needs to be re-encrypted with the new password.<\/p>\n<p>All this protects the data on the drive from both criminals and government agencies.<\/p>\n<p>However, it also means that if the user forgets their password, it\u2019s impossible for them to recover their data without a copy of the underlying key. Unless the user is OK with depending entirely on their backups, that would be catastrophic! To say that might cause some support headaches for Microsoft would be an understatement \ud83d\ude09<\/p>\n<p>So, Microsoft provide mechanisms for backing up the key when BitLocker is initialised.<\/p>\n<p>For home users, Microsoft provide two recovery options \u2014 you can export a copy of the key to a thumb drive that you then need to keep safe, or you can save the key to your Microsoft Personal account.<\/p>\n<p>Expecting typical home users to have a spare thumb drive and then to keep it safe is not realistic, so the default option offered to home users is to save the key to their Microsoft account.<\/p>\n<p>This obviously provides good protection from accidental data loss, but it comes with a trade-off \u2014 Microsoft have a copy of the key and can be compelled to hand it over to government agencies armed with an appropriate order from a judge.<\/p>\n<p>For most home users, this tradeoff makes perfect sense \u2014 their biggest risk by far is data loss!<\/p>\n<p>However, some high-risk users might prefer to manage the key themselves, or even, to choose to treat the drive as disposable, and accept the fact that if they forget their password, all data on the drive is gone. If you&#8217;re a cloud-first kind of person, this is actually a very reasonable option.<\/p>\n<h3>What Changed? Why the Fresh Headlines\/Controversy?<\/h3>\n<p>At a technological level, nothing changed!<\/p>\n<p>All that happened is that we now have a publicly disclosed example of Microsoft being issued with an appropriate disclosure order and complying with it.<\/p>\n<p>On foot of the (baseless in my opinion) internet outrage, Microsoft also shared that they comply with about 20 orders each year. Given how many Windows users there are, that&#8217;s an infinitesimally small fraction!<\/p>\n<p>Remember, without your drive or a bit-level clone of your drive, the key is useless!<\/p>\n<h3>Notes for Enterprise\/Education Users<\/h3>\n<p>If your Windows device is managed by your organisation, then the chances are high that the treatment of your BitLocker key is out of your control. Organisations can lock the setting down with an MDM (Mobile Device Management) policy.<\/p>\n<p>Assuming they setting the organisation force is to back the key up to the cloud, it won&#8217;t go into the user&#8217;s personal Microsoft account though, instead, it will go into the organisation&#8217;s Active Directory or Entra ID, which may or may not be in the cloud at all, and even if it is, Microsoft may or may not have access depending on how the organisation manages their master encryption keys.<\/p>\n<p>However, remember that <strong>on a managed device, your organisation owns the data<\/strong>! That means that your organisation is in complete control over access to all the data stored on that device. You can\u2019t assume anything you do on a managed device is hidden from your organisation, let alone from a government armed with a court order issued to <strong>either<\/strong> your organisation <strong>or<\/strong> Microsoft.<\/p>\n<h3>Notes for Mac Users<\/h3>\n<p>For the most part, the story is very similar for Mac users, just substitute FileVault for BitLocker and iCloud for Personal Microsoft Account. In fact, for users of managed devices, the situation is effectively identical \u2014 your organisation is in full control, and you can&#8217;t assume anything.<\/p>\n<p>For home users, things are a little more complicated, though, because Apple made a small but impactful change with macOS 26.<\/p>\n<p>Older versions of macOS behave almost identically to BitLocker. One subtle difference is that Apple never back up the raw encryption key, instead they back up a long and truly random recovery code that can be used to decrypt a copy of the key stored on the drive itself. But ultimately, Mac users before macOS 26 were defaulted to saving this recovery key to their iCloud Account, and they had the option to fall back to displaying the recovery code so they could write it down and store it somewhere safe.<\/p>\n<p>But that has changed a little with macOS 26. When you <strong>set up<\/strong> full disk encryption with the macOS 26 installer, the default is not to store the recovery key in your iCloud account, but in the Password app. This means you can display the code any time you like, export it to another password manager, and it syncs with your iCloud Key Chain, which is fully <strong>end-to-end encrypted<\/strong>, so Apple <strong>can&#8217;t<\/strong> access it.<\/p>\n<p>This means that for people with <strong>new Macs<\/strong> bought after macOS 26 was released, their keys are not available to Apple, even when provided with a court order. Encryption keys are configured when a drive is formatted, so unless you reformat your drive, simply upgrading to macOS 26 won&#8217;t change your encryption keys.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>A good news story explaining what happened: <a href=\"https:\/\/cyberinsider.com\/microsoft-quietly-gave-fbi-access-to-bitlocker-encryption-keys\/\">Microsoft quietly gave FBI access to BitLocker encryption keys \u2014 cyberinsider.com\/\u2026<\/a> (but not a fair headline IMO)<\/li>\n<li>\ud83c\udfa7 Steve Gibson comes to the same conclusion I do: <a href=\"https:\/\/twit.tv\/shows\/security-now\/episodes\/1062?autostart=false\">Security Now Episode 1062  [twit.tv\/\u2026](https:\/\/twit.tv\/shows\/security-now\/episodes\/1062?autostart=false)<\/a><\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/apple-warns-of-extremely-sophisticated-web-attacks-on-iphones-running-older-ios-versions\/\">Apple Warns of \u201cExtremely Sophisticated\u201d Web Attacks on iPhones Running Older iOS Versions \u2014 www.macobserver.com\/\u2026<\/a> (Be sure all your iOS devices are fully patched!)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-patches-actively-exploited-office-zero-day-vulnerability\/\">Microsoft patches actively exploited Office zero-day vulnerability \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Out-of-band patch! Affects Windows versions.)<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>Two notable data breaches not being proactively responded to by the affected companies:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/researcher-reveals-evidence-of-private-instagram-profiles-leaking-photos\/\">Researcher reveals evidence of private Instagram profiles leaking photos \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Problem seems to have been silently patched, but no idea how much damage was done, or to which users)<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/hibp-adds-alleged-under-armour-data-breach-impacting-72-million-emails\/\">HIBP adds alleged Under Armour data breach impacting 72 million emails \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\ud83e\uddefIf you&#8217;re worried about the Moltbook hype on social media, no need: <a href=\"https:\/\/www.macobserver.com\/news\/moltbook-viral-posts-where-ai-agents-are-conspiring-against-humans-are-mostly-fake\/\">https:\/\/www.macobserver.com\/news\/moltbook-viral-posts-where-ai-agents-are-conspiring-against-humans-are-mostly-fake\/ \u2014 www.macobserver.com\/\u2026<\/a> (The related MoltBot self-hosted AI agent is getting a lot of buzz. <strong>Experiment with extreme caution<\/strong>, this is agentic AI at its most dangerous, not for humanity, but for the users!)<\/li>\n<li>Let&#8217;s Encrypt have launched a new campaign named <em>Encrypt it Already,<\/em> targeting specific big-tech companies with specific demands (examples below) \u2014 <a href=\"https:\/\/www.encryptitalready.org\/\">www.encryptitalready.org\/\u2026<\/a>\n<ul>\n<li>Facebook Messenger should use end-to-end encryption for group messages<\/li>\n<li>Apple &amp; Google should deliver on their promise of interoperable end-to-end encryption of RCS<\/li>\n<li>Bluesky should launch its promised end-to-end encryption for DMs<\/li>\n<\/ul>\n<\/li>\n<li>A timely reminder of why it&#8217;s important to let your car patch itself when it asks: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-get-1-047-000-for-76-zero-days-at-pwn2own-automotive-2026\/\">Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026 \u2014 www.bleepingcomputer.com\/\u2026<\/a> (All bugs demoed now in 90-day responsible disclosure window)<\/li>\n<li>New Firehound security portal tracks data protection failures by AI apps in the various app stores \u2014 <a href=\"https:\/\/www.cultofmac.com\/news\/firehound-exposes-ai-apps-leaking-user-data\">www.cultofmac.com\/\u2026<\/a> (A timely reminder that nothing Apple and Google implement in their OSes can protect your data on the app&#8217;s own cloud infrastructure!)<\/li>\n<li>More enforcement actions by regulators on both sides of the pond:\n<ul>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ftc-bans-general-motors-from-selling-drivers-location-data-for-five-years\/\">FTC bans GM from selling drivers&#8217; location data for five years \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83c\uddea\ud83c\uddfa \ud83c\udde6\ud83c\uddf9 <a href=\"https:\/\/cyberinsider.com\/microsoft-ordered-to-halt-illegal-tracking-of-children-in-austria\/\">Microsoft ordered to halt illegal tracking of children in Austria \u2014 cyberinsider.com\/\u2026<\/a> (Similar to a case from a few months ago, again, too many cookies, and again, Microsoft HQ is in trouble for influencing Microsoft Europe too much, resulting in GDPR breaches.)<\/li>\n<\/ul>\n<\/li>\n<li>Good news for people seeking trustworthy VPNs:\n<ul>\n<li><a href=\"https:\/\/cyberinsider.com\/new-mullvad-security-audit-finds-no-critical-flaws-or-privacy-risks\/\">New Mullvad security audit finds no critical flaws or privacy risks \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<li>SurfShark passed its latest audit with no high-severity findings, and proactive action by the company in response to lower-severity findings to nip possible future issues in the bud \u2014 <a href=\"https:\/\/cyberinsider.com\/surfshark-infrastructure-audit-finds-tls-config-gap-and-redirect-flaw\/\">cyberinsider.com\/\u2026<\/a> (I don&#8217;t consider the headline a fair reflection of the content of the article, so ignore it!)<\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/cyberinsider.com\/adguard-open-sources-its-custom-vpn-protocol-trusttunnel\/\">AdGuard open-sources its custom VPN protocol \u2018TrustTunnel\u2019 \u2014 cyberinsider.com\/\u2026<\/a> (Special protocol to make VPN traffic impossible to distinguish from regular web traffic to prevent authoritarian governments or overbearing ISPs from filtering it out)<\/li>\n<\/ul>\n<\/li>\n<li>Some nice security enhancements:\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/ios-26-3-adds-limit-precise-location-for-better-carrier-privacy\/\">iOS 26.3 Adds \u201cLimit Precise Location\u201d for Better Carrier Privacy \u2014www.macobserver.com\/\u2026<\/a><\/li>\n<li>Two big caveats \u2014 will only work on iPhones with Apple&#8217;s own C-series modem chips, and on the networks of carriers who opt in to the feature<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-rolls-out-android-theft-protection-feature-updates\/\">Google rolls out Android theft protection feature updates \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-teams-to-add-brand-impersonation-warnings-to-calls\/\">Microsoft Teams to add brand impersonation warnings to calls \u2014 www.bleepingcomputer.com\/\u2026<\/a> (An interesting use of AI)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-to-disable-ntlm-by-default-in-future-windows-releases\/\">Microsoft to disable NTLM by default in future Windows releases \u2014 www.bleepingcomputer.com\/\u2026<\/a> (\ud83c\udf89 a big enhancement for small businesses and enterprises)<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/whatsapp-introduces-new-security-mode-that-shields-high-risk-users\/\">WhatsApp introduces new security mode that shields high-risk users \u2014 cyberinsider.com\/\u2026<\/a> (A kind of app-specific lockdown mode for people at high risk of being targeted)<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/1password-introduces-new-built-in-phishing-protection-to-fight-ai-scams\/\">1Password introduces new built-in phishing protection to fight AI scams \u2014 cyberinsider.com\/\u2026<\/a> (a nice little speed bump to interrupt users trying to manually paste passwords that are correctly not auto-filling because they&#8217;re not actually on the site they think they are)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>Intego started the year with some excellent overviews of important cybersecurity topics:\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/what-is-sso\/\">What Is SSO? How Single Sign-On Works and Why It Matters \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/what-is-cyber-insurance\/\">What Is Cyber Insurance? Coverage, Costs, and Real-World Examples \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/what-is-a-keylogger\/\">What Is a Keylogger? How It Works, Risks, and How to Remove It \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/boot-sector-virus\/\">Boot Sector Virus: Definition, How It Works, and How to Recover \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\udfa7 The new series of the Red Hat podcast Compiler focuses on cybersecurity, their first episode is a great overview: <a href=\"https:\/\/overcast.fm\/+ABI-u4AaUjI\">Compiler: Data Security 101 \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>\ud83c\udfa6 A fun deep-dive into how Passkeys really work on websites, showing the entire process in action on a dummy website, including all the code and the content of all the messages over and back to the server \u2014 <a href=\"https:\/\/youtube.com\/watch?v=lypcC79k-gg&#038;is=X56hDvSQrkmAzKcX\">youtube.com\/\u2026<\/a>(Via Joop in <a href=\"https:\/\/www.podfeet.com\/slack\">the NosillaCast slack<\/a>)<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Allison:<\/strong> <a href=\"https:\/\/www.bugsappleloves.com\/\">Bugs Apple Loves \u2014 www.bugsappleloves.com<\/a> (via Kantor in <a href=\"https:\/\/www.podfeet.com\/slack\">the NosillaCast slack<\/a>)<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. A timely reminder both that malicious ads remain a big problem, and that Mac users are not immune to malware: Mac malware is sneaking into some sponsored Google ads \u2014 appleinsider.com\/\u2026 Deep Dive \u2014 [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[7858,7857,2060,7859,7860,7861],"class_list":["post-35338","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-bitlocker","tag-macos-malware","tag-malware","tag-microsoft-bitlocker-key","tag-moltbook","tag-moltbot"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=35338"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35338\/revisions"}],"predecessor-version":[{"id":35340,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35338\/revisions\/35340"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=35338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=35338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=35338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}