Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🧯Intel have released a fix for yet another named bug in performance-enhancing features of their CPUs. This one is named CacheOut because it involves cache evictions. The key takeaway is that like the other […]
Continue readingCategory: Security Bits
Security Bits — 26 January 2020
Feedback & Followups Following on from Apple’s introduction of support for FIDO2 in iOS 13, Google now allow you to use an iPhone as a hardware security token — nakedsecurity.sophos.com/… 🇺🇸 Following on from YouTube’s recent $170 million fine for breaching COPPA, a bi-partisan bill has been introduced in the US House of Representatives named […]
Continue readingSecurity Bits – 12 January 2020
Commentary by Allison — Bart is testing out a new format which in theory will cut the time it takes him to do Security Bits in half. This week is 4 weeks worth of security news so it’s not the best test case, but the new format is here. We welcome feedback on it as […]
Continue readingSecurity Bits – 22 December 2019
Note: This is the second of two episodes both recorded on the 15th of December 2019, but released over two weeks. Security Medium 1 — An Over-hyped VPN Weakness The internet positively hyper-ventilated when security researchers claimed to have found a bug in the TCP/IP implementation on just about every OS that could compromise just […]
Continue readingSecurity Bits – 15 December 2019
Note: This is the first of two episodes both recorded on the 15th of December 2019, but released over two weeks. 🧯Security Medium Preview 1 — VPNs Not All Hacked We’ll dig into the details in the second part of this two-parter, but for now, I just want to set everyone’s mind at ease — […]
Continue readingSecurity Bits – 1 December 2019
Followups: DNS over HTTPS: DNS-over-HTTPS is coming to Windows 10 — nakedsecurity.sophos.com/… Related: 🎧 Steve Gibson reports the Windows 10 story, and uses it as a transition into a deep-dive into some of the exceptionally cool possible improvements HTTPS + HTTP2 & HTTP3 could bring to DNS — Security Now Episode 742: Pushing “DoH” — […]
Continue readingSecurity Bits – 17 November 2019
Followup 🇺🇸 Mozilla refute the very misleading (factually incorrect) presentation American ISPs gave to congress urging them to take action against encrypted DNS (DoH) — nakedsecurity.sophos.com/… Microsoft have issued yet another warning about the patch they released a few months ago for older versions of Windows to remove the so-called BlueKeep vulnerability. Attacks have now […]
Continue readingSecurity Bits – 1 Nov 2019
Security Bits – 1 Nov 2019 Notable Security Updates Apple updates just about everything: Everything you need to know about iOS and iPadOS 13.2 — arstechnica.com/… Some users experiencing bricked HomePod after updating to iOS 13.2 [Update: pulled] — 9to5mac.com/… Related: Apple resumes human reviews of Siri audio with iPhone update — apnews.com/… Related: iOS […]
Continue readingSecurity Bits – 20 October 2019
Security Medium 1 — Apple Card is not Magic A story made a lot of news this week because it involved a physical Apple Card being skimmed. It underlines the fact that people do not understand that when they fall back to using the physical card or entering the virtual number into a website manually, […]
Continue readingSecurity Bits – 5 October 2019
Followup Bluetooth permissions on iOS A nice article explaining some of the most common legitimate reasons apps me request BlueTooth access: Here’s why so many apps are asking to use Bluetooth on iOS 13 — www.theverge.com/… CloudFlare’s Warp VPN has Finally been Released — blog.cloudflare.com/…, nakedsecurity.sophos.com/… & www.imore.com/… Note that VPNs can provide encryption and […]
Continue reading