inThirty

We look at Apple’s new “Nutrition Facts” and try to figure out if they are actually useful (yes, but not really). We discuss the changes with WhatsApp, and where to move to. https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/ https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/

We start off on an article done by the BBC saying that Cellebrite has broken the signal encryption. Clearly, that is an issue if true. Turns out Signal quickly responds with an emphatic no, with evidence. Here is the BBC article: https://www.bbc.com/news/technology-55412230 Here is the Signal Response: https://signal.org/blog/cellebrite-and-clickbait/ Then we talk about a new document… Continue reading Security – 257 – Signal and iPhone Guide

We discuss the solarwinds hack: https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/ https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/ https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/

We talk about Black Friday and our non shopping. Youtube-DL is back Finally we discuss Microsoft’s productivity score. A tone deaf way to monitor your work.

We promote a socially distant Thanksgiving, but explain some virtual things you do to help friends and family.

On this show we start off with updates to signal, and signal groups. Our main story is the t2 chip unfixable flaw.

What is Open Source?What benefits?What detriments?Licensing?Non-code assets?Creative Commons?

We go back to an early topic on DNS. What is DNS? How it works? What how new secure features of DNS can help you stay private.

Yes, we talked about contact tracing in the past, but we got a request from the WhatsApp group to do it again. https://www.wired.com/story/why-contact-tracing-apps-not-slowed-covid-us/ Problems we discuss: %age of people who would need to install this, and how reporting is honor based. No one app for them all. Each one is made separately. Testing woes. Tom… Continue reading Security 249 – Contact Tracing Redux

Virtual School starts up for many next week, and we have ideas on what you can do to help your kids be secure while learning.

This being the week before defcon, we discuss what we expect at the virtual defcon: Teens charged with the twitter hack: https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles-twitter-hack Garmin paid the ransomware for their user’s data: https://www.theverge.com/2020/7/27/21339910/garmin-back-online-recovery-ransomeware Defcon discord: https://discord.gg/defcon

We try to describe what happened on twitter that lead to the account takeovers: https://www.schneier.com/blog/archives/2020/07/on_the_twitter_.html Cloudflare takes the internet down: https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ VPN may have logs: https://nakedsecurity.sophos.com/2020/07/20/7-vpns-that-leaked-their-logs-the-logs-that-didnt-exist/

Show notes: These are the show notes we wrote before talking about the topic. I tried to take out the inaccuracies, but some may remain. CISC – Complete Instruction Set Computing RISC – Reduced Instruction Set Computing Instructions are the abilities of the silicone.  CISC is Intel/AMD/PowerPC RISC is ARM and their variants. Windows uses… Continue reading Security 245 – Mac on ARM

I feel like we discussed this topic before, but yes, we talk about coffee. Since security news is sparse right now, we take a sidebar on a topic that is near and dear to our heart. Zoom adds E2EE for everyone: https://blog.zoom.us/wordpress/2020/06/17/end-to-end-encryption-update/ IOT Vulnerabilities: https://www.zdnet.com/article/ripple20-vulnerabilities-will-haunt-the-iot-landscape-for-years-to-come/ Coffee links:Grinder: https://amzn.to/2Ndg3JM Aeropress: https://amzn.to/3hFJJgI FrenchPress: https://amzn.to/2UYdjUU Mr. Coffee: https://amzn.to/3dfArEX… Continue reading Security 244 – Coffee

We talk about Google's and Apple's Contact Tracing endeavors. While I'm okay with it, Tom rips it to shreds, based on the obvious privacy issues and false positives.