Feedback & Followups
- An interim report on the EU’s investigation of the NSO Group’s Pegasus spyware reveals that the company has admitted to selling its product in at least five EU countries (the company are not sure there aren’t more, they’re still investigating) — www.macobserver.com/…
- Related: Google’s Project Zero team have released details of another Spyware product targeting Android & iOS being sold by Italian company RCS Labs which used an Enterprise Cert and social engineering to trick victims into side-loading the spyware onto their iPhones (Apple have revoked all certs used, so the spyware is now blocked) — www.imore.com/…
- Social Media News:
- Instagram are rolling out new parental controls, including time limits (US-only now, but in other countries soon, and globally by end of the year) — www.imore.com/…
- Telegram have announced the details of their paid-for premium subscription ($4.99/month for big file uploads, fast downloads, and increases on all other limits) — www.imore.com/…
❗ Action Alerts
- Patch Tuesday has been and gone – zero-days in Windows & Office, and IE is officially dead (🕺) — krebsonsecurity.com/…
Notable News
- Firefox is now enabling its Total Cookie Protection feature by default, making it probably the more private browser out-of-the-box — www.imore.com/…
- We did a deep-dive into the feature last summer — www.podfeet.com/…
- Apple previewed some nice security/privacy-related tweaks in their upcoming OS releases:
- Private Access Tokens will give websites a human-friendly alternative for CAPTCHAs for Apple users (uses the upcoming Privacy Pass IETF (Internet Engineering Task Force) standard) — www.imore.com/…
- 🎦 The WWDC session describing the feature: developer.apple.com/…
- macOS Ventura gets new USB-C and Thunderbolt accessory security feature in beta — www.imore.com/…
- The Mail app will get support for the Brand Indicators for Message Identification standard, showing brand icons next to cryptographically verified emails, making authentic messages easier to spot — www.imore.com/…
- A short description of the BIMI standard — en.wikipedia.org/…
- iOS 16 makes it incredibly easy to buy custom CloudFlare email domains — www.imore.com/…
- Private Access Tokens will give websites a human-friendly alternative for CAPTCHAs for Apple users (uses the upcoming Privacy Pass IETF (Internet Engineering Task Force) standard) — www.imore.com/…
- 🇺🇸 This week’s land-mark Roe -v- Wade Supreme Court decision has had an unexpected side-effect — a wrong-headed probe into Apple & Google’s tracking protection features (the Senators who wrote the letter don’t get that the IDFA is a privacy protection that gives users control, not an invasion of user privacy!) — arstechnica.com/…
- Excellent commentary from John Gruber clearing explaining why this is so misguided — daringfireball.net/…
Excellent Explainers
- 🎥 Sandy posted a link in Slack to René Ritchie’s video explanation of Passkeys and why they’re more secure than passwords: Passkeys vs Passwords — Explained!
Palate Cleansers
- From the Community: xkcd.com/…
Legend
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |
[…] Security Bits — 26 June 2022 […]