Followups We looked at WebAuthn, a new protocol for password-less authentication on the web in a Security Medium back in April. At that stage Microsoft had committed to adding support for the protocol to their Edge browser in the future, they’ve followed through, adding support to Insider (think beta) version of Windows 10. If testing […]
Continue readingCategory: Security Bits
Security Bits – Bad Times for Facebook, Data Transfer Project, Bluetooth Bugs, Malware in the Mail
Pre-amble (by Allison) — Bad Times for Facebook Facebook lost $120B in value after their July Earnings call, which is the biggest one-day stock fall in history — marketwatch.com/… One root cause is that European advertising growth in Europe “decelerated more quickly than other regions” because of GDPR. Facebook Chief Financial Officer David Wehner said, […]
Continue readingSecurity Bits – USB Protected Mode, Exactis Breach
Followups 🇪🇺 EU Copyright Directive: Italy Wikipedia shuts down in protest at EU copyright law — www.bbc.com/… Copyright Directive legislation voted down by European Parliament — nakedsecurity.sophos.com/… (This is not the end of this legislation, but it is a significant setback.) Spectre/Meltdown Another variant has been discovered, but it’s similar enough to previous ones that […]
Continue readingSecurity Bits – Mostly Good News
Followup Following on from security breaches at the 3rd-party companies all American cell phone companies were sharing real-time location data with, Verizon have announced they are ceasing all location data sharing (the other carriers have ended their relationships with some specifics companies, but not globally like this) — krebsonsecurity.com/… GDPR Fallout & Experiences: The Norwegian […]
Continue readingSecurity Bits – USB Restricted Mode, Apple’s Focus on Security in OS Announcements
Followups Telegram have now been able to update their apps on Apple’s non-Russian app stores — nakedsecurity.sophos.com/… The VPNFilter malware/botnet story continues to evolve as security researchers find more router makes and model are affected. Additions to the list include routers by Asus, D-Link, Huawei & ZTE — www.zdnet.com/…, nakedsecurity.sophos.com/… & www.imore.com/… 🇺🇸 As anticipated, […]
Continue readingSecurity Bits – VPNFilter, CallKit Removal in China, No Telegram Updates in App Store, End of Flash & Silverlight, Papua New Guinea Turns Off Facebook
Followups Spectre & Meltdown Details have been released of a new Spectre variant named Speculative Store Bypass, or SSB. The vulnerability affects AMD, ARM & Intel chips. Thankfully it can be mitigated quite easily, so it’s just a matter of applying software, OS, firmware, and microcode updates as they are released — arstechnica.com/…
Continue reading
NC #680 Keep It, Backblaze B2, Airtable, Security Bits
There won’t be a live show next week, and the NosillaCast will be out on Tuesday instead of Sunday (sorry guys). Check out the tutorial I did on Keep It for ScreenCasts Online at screencastsonline.com. We’ve got another of Steve’s videos from NAB, this time from Backblaze about their B2 cloud storage. Then I’ll tell […]
Continue readingSecurity Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb
Security Medium — The Efail Email Encryption Vulnerability The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG. Under certain circumstances, the bug allows an attacker to […]
Continue readingNC #678 StepShot Guides, Monoprice SlimRun Ethernet & HDMI Cables, Security Bits
We’ll take a look at StepShot Guides to see if it’s a worthy replacement for Clarify after all. Then we have an interview with Monoprice from NAB where we’ll have a surprisingly interesting and funny interview about SlimRun Ethernet and HDMI cables. Bart and I haven’t talked Security Bits in ages, so we have a […]
Continue readingSecurity Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy
DNS Correction On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router. It turns out it’s not possible to set system-wide DNS settings on iOS or Android. […]
Continue reading