Followups
- The Zoom webcam/webserver issue
- We now have confirmation that the vulnerability was also present in the RingCentral and Zhumu apps — www.imore.com/…
- Apple have rolled out an additional automatic security update to address the issues with these apps — www.macobserver.com/…
- Related Opinion: John Gruber addresses the question Isn’t [Apple’s response] “nonconsensual technology” too? in a short succinct post I (Bart) completely agree with — daringfireball.net/…
- 🇺🇸 Facebook’s $5Bn settlement with the FTC
- FTC sues now-bankrupt Cambridge Analytica over ‘deceptive practices’ — thenextweb.com/…
- A nice summary of where things stand: Facebook gets its wrist slapped $5b for fumbling our data, confirms FTC — nakedsecurity.sophos.com/…
- Related Opinion: Facebook Negotiated Its Rules — www.bloomberg.com/…](https://www.bloomberg.com/opinion/articles/2019-07-23/facebook-negotiated-its-rules)
- Related Opinion: Prison Time Is the Answer to Tech’s Privacy Crisis — onezero.medium.com/… (from Allison)
Notable Security Updates
- Apple patch just about everything: macOS 10.14.6 (and Security Update 2019-004 for macOS High Sierra & Sierra), iOS 12.4, watchOS 5.3, tvOS 12.4, iTunes 12.9.6 for Windows, Safari 12.1.2 & iCloud for Windows 10.6 & 7.13) — tidbits.com/… & nakedsecurity.sophos.com/…
- Note these updates fix the AppleWatch Walkie-Talkie bug that led to Apple temporarily suspending the service recently
- Apple Releases iOS 9.3.6 and iOS 10.3.4 With GPS Bug Fix for Older iPhones and iPads — www.macrumors.com/…
- A critical Zero-day bug has been found in the Windows and Linux versions of VLC. A fix is on the way, so you should install it promptly when it comes out — www.computing.co.uk/…
Notable News
- 🇺🇸 US Attorney General William Bar renewed the attack on encryption in a speech he delivered to a cyber security conference, insisting tech firms “can and must” put backdoors in encryption — arstechnica.com/… & www.macobserver.com/…
- 🧯 Security researchers have found weaknesses in the implementation of BlueTooth’s tracking protections. The vulnerabilities make it possible, thought not easy, to use BlueTooth to track devices as they move from place to place. The vulnerabilities do not affect pairing or encryption of connections with paired devices. This is just a weakness in tracking protections, nothing more. The researchers have advice for device and OS vendors to improve their implementations to mitigate these vulnerabilities. All end-users need to do is install security updates as they become available 🙂 — nakedsecurity.sophos.com/…, thenextweb.com/… & www.imore.com/…
- Social media is abuzz with indignation at the free app FaceApp monetising the photos people share with it:
- Editorial by Bart: I can’t find any scandal here. A financially free app is financing itself by data harvesting. It is not helping itself to users photos in any kind of nefarious way. This is just another example of the same business model used by Facebook, Google, Twitter …
- FaceApp privacy panic sets internet alight — nakedsecurity.sophos.com/…
- Don’t use FaceApp if you want to keep the rights to your photos — appleinsider.com/…
- Faceapp, the viral aging app, might be investigated by the FBI — www.imore.com/…
- Security researchers find that many ‘free’ VPNs have suspicious ownerships, often tied to the Chinese government, and poor or non-existent privacy policies. (Editorial by Bart: if you’re not paying for a service and it’s not being run by a reputable charitable foundation, be suspicious! As the old cliché goes — if it looks to good to be true, it probably is!) — tidbits.com/… and also: podfeet.com/blog/2019/03/freepi/
- Yet another reason to be careful about what apps you install on your mobile devices: Your Android’s accelerometer could be used to eavesdrop on your calls — nakedsecurity.sophos.com/…
- A timely reminder that beta OSes have bugs, and you should not use them for your real work: iOS 13 Password Bug Gives Unauthenticated Access in Settings — www.macobserver.com/… & iOS 13 beta bug lets strangers access iCloud Keychain passwords — www.imore.com/…
Suggested Reading
- Notable Breaches & Privacy Violations
- Notable IoT Vulnerabilities
- ⭐️ Hacked Bluetooth hair straighteners are too hot to handle — nakedsecurity.sophos.com/…
- Editorial by Bart: yet another example why you should avoid ‘smart’ devices that give you no real advantage over their ‘dumb’ equivalents. Unless you get real value from having the thing connected to your phone or the internet, don’t!
- ⭐️ Hacked Bluetooth hair straighteners are too hot to handle — nakedsecurity.sophos.com/…
- News
- ⭐️ Tinder’s new personal security feature can protect LGBTQ+ users in hostile nations — techcrunch.com/…
- ⭐️ Lockdown launches as world’s first open source firewall for iOS — 9to5mac.com/…
- ⭐️ Google bought my friend’s face for $5 — www.zdnet.com/…
- Google And Facebook Secretly Track Your Activity On Porn Sites, Microsoft Reports — www.forbes.com/…
- Tinder Bypasses Google Play Joining Revolt Against App Store Fee — www.bloomberg.com/…
- Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack — www.macrumors.com/…
- An example of a bug-bounty program working well: Instagram bug could have allowed anyone to take over your account — nakedsecurity.sophos.com/…
- Details released of what will be in FireFox 70 when it’s released later this year:
- Details have also been released about up-coming Google Chrome releases:
- Facebook found and addressed a flaw in their messenger app for kids that allowed them to create group chats with people not approved by their parents — nakedsecurity.sophos.com/…
- 🇬🇧 Facebook rolls out anti-scam reporting tool in UK — nakedsecurity.sophos.com/…
- 🇬🇧 Stop facial recognition trials now, warns UK committee — nakedsecurity.sophos.com/…
- 🇺🇸 Ransomware attackers, US mayors say you should go jump in a lake — nakedsecurity.sophos.com/…
- 🇩🇪 Microsoft, Google and Apple clouds banned in Germany’s schools — nakedsecurity.sophos.com/…
- 🇷🇺 Russia Ponders Law Making Local Smartphone Software Mandatory — www.macobserver.com/…
- 🇷🇺 FSB hackers drop files online — nakedsecurity.sophos.com/…
- Opinion & Analysis
- ⭐️ The Great Mac Balancing Act: Catalina Security Explained — www.imore.com/…
- ⭐️ The 5G Health Hazard That Isn’t — www.nytimes.com/…
- ⭐️ Anonymised data isn’t nearly anonymous enough – here’s how we fix it — www.newscientist.com/…
- A good overview of the Superhuman privacy kerfuffle that has been making the rounds in the tech press in recent weeks (a custom Gmail front-end that embedded tracking pixels in emails to tell the sender when, where, and how often, the recipients viewed their emails) — daringfireball.net/…
- Propellor Beanie Territory
- ⭐️ The NVMe Patches To Support Linux On Newer Apple Macs Are Under Review – Phoronix — www.phoronix.com/…
- 😎 Bust the password for an air-gapped machine – with its keyboard LEDs — nakedsecurity.sophos.com/…
- 😎 Researchers hide data in music – and human ears can’t detect it — nakedsecurity.sophos.com/…
- 😎 Shapeshifting Morpheus chip aims to baffle hackers — nakedsecurity.sophos.com/…
- Mojave’s privacy consent works behind your back — eclecticlight.co/…
Palate Cleansers
- Editorial by Bart: Alan Turing is one of my personal heroes, a gay cryptographer who laid the foundations for most of modern computer science and saved the world from Nazis, what’s not to admire! That’s why this story made me very happy: Alan Turing chosen for the UK’s new £50 note – a cracking result! — nakedsecurity.sophos.com/…
- Allison interviews Jim Grime, the Enigma Project Officer at Cambridge University in a 2011 Chit Chat Across the Pond: podfeet.com
- xkcd: How Hacking Works — xkcd.com/… (via NosillaCast guest-host Allister Jenks)
- Would your mobile phone be powerful enough to get you to the moon? — theconversation.com/…
Note: When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.