Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 ID.me developments: ID.me CEO Admits Company Uses ‘1:Many’ Facial Recognition — www.macobserver.com/… Treasury Considers ID.Me Alternatives Over Privacy Concerns — money.usnews.com/… Related: Tax scam emails are alive and well as US tax season […]
Continue readingCategory: Security Bits
Security Bits — 23 January 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 Un-redactions in an ongoing antitrust case against Google led by the state of Texas have revealed more details on how Google abuse their position of power in the ad world — in effect, […]
Continue readingSecurity Bits — 9 January 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Log4Shell (Log4J): Log4Shell-like security hole found in popular Java SQL database engine H2 — nakedsecurity.sophos.com/… 🇺🇸 FTC threatens “legal action” over unpatched Log4j and other vulns — nakedsecurity.sophos.com/… 🇬🇧 Meta (né Facebook) have decided […]
Continue readingSecurity Bits — 22 December 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. NSO Group/Pegasus: Google’s Project Zero has released a very detailed report into how the ForcedEntry zero-click iMessage bug exploited by Pegasus worked — it’s deep deep reading, but this analysis highlights the key point […]
Continue readingSecurity Bits — 12 December 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 🇺🇬 Apple informed the US State Department that at least 9 iPhones used by their staff were infected with the NSO Group’s Pegasus malware. It’s not clear which NSO Group customer is responsible, […]
Continue readingSecurity Bits — 28 November 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Pegasus/NSO Group: Apple Lawsuit Goes After Spyware Firm NSO Group — tidbits.com/… Apple Digital IDs: Apple delays iOS 15’s driver’s license support until ‘early 2022’ — www.imore.com/… Reporting from CNBC reveals details of Apple’s […]
Continue readingSecurity Bits — 14 November 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Following on from our discussion of 2FA bypasses by tricking people into giving up their one-time-passwords, Vice did a detailed article describing one of the new 2FA-bypass-as-a-service cybercrime offerings: The Booming Underground Market for […]
Continue readingSecurity Bits — 29 October 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🎦 As I suspected last time, there was much more to the UK Ring doorbell case than simply “Ring doorbells are illegal in the UK”. Thanks to listener John for sending on this excellent […]
Continue readingSecurity Bits — 17 October 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Another example of 2FA-bypass attacks in use in the wild: How Coinbase Phishers Steal One-Time Passwords – Krebs on Security — krebsonsecurity.com/… 🇪🇺 Pegasus Project: European Parliament awards journalism prize to investigation of use […]
Continue readingSecurity Bits — 1 October 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇫🇷 Pegasus spyware found on 5 French cabinet members’ phones — www.intego.com/… Social Media Developments: Facebook pauses Instagram Kids development following widespread concerns — www.imore.com/… YouTube Is Banning Prominent Anti-Vaccine Activists and Blocking All […]
Continue reading