Deep Dive 1 — The Last Pass Breach Reports Since we last recorded, LastPass have released a lot of very detailed information. This is finally the level of detail I expect to see from responsible organisations. The structure and contents of the various reports are in line with industry norms at last. The best entry […]
Continue readingCategory: Security Bits
Security Bits – 19 February 2023
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Following on from the warning linked last time about the dangers of using AirTags to track pets, The Mac Observer have some recommendations for trackers that are specifically designed to safely track pets — […]
Continue readingSecurity Bits — 5 Feb 2023
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Anker admits that Eufy cameras were never encrypted — appleinsider.com/… Apple have released their support for hardware Fido tokens for iCloud 2FA — sixcolors.com/… Editorial by Bart: remember that this feature comes with a […]
Continue readingSecurity Bits — 22 January 2023 (Just Bart)
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. LastPass Update: It gets worse, we now know there were some people with just 500 rounds of PBKDF2, and even a few with one round 🙁 There was a brief false dawn when some […]
Continue readingSecurity Bits — 8 January 2023
Deep Dive 1 — Rethinking the Last Pass Breach (It’s Worse 🙁) Two weeks ago the latest details on the Last Pass breach were much fresher, and since then two things have happened: More facts have come to my attention More well-reasoned opinions have been expressed In terms of new information we have the following: […]
Continue readingSecurity Bits — 23 December 2022 🎄
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 Apple have released their opt-in new Advanced Data Protection for iCloud , but only in the US for now — appleinsider.com/… At least initially, enabling ADP could complicate the setup of new devices […]
Continue readingSecurity Bits — 11 December 2022 Deep Dives on Eufy Credibility Problems and Apple New Security Features
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The Twitter Chaos Continues: 🇪🇺 EU Commissioner Thierry Breton has warned Twitter that it needs to bring its moderation practices up to speed before the Digital Services Act (DSA) goes into effect next year […]
Continue readingSecurity Bits — 27 November 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 The long-running case against Google led by most state Attorneys General over its misleading location settings (turning off location tracking didn’t actually stop Google tracking your location!) has resulted in the largest-ever settlement […]
Continue readingSecurity Bits — 13 November 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The expected OpenSSL emergency patch was released shortly after we last recorded as expected, but it was downgraded from critical to important before release (required validly signed malicious certs to trigger, and only affected […]
Continue readingSecurity Bits — 30 October 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. It’s official: Elon musk now owns Twitter, and he’s already cleaned house and fired top executives — appleinsider.com/… Related Opinion: His letter to advertisers is surprisingly sensible — daringfireball.net/… 🇫🇷 Clearview AI image-scraping face […]
Continue reading