It’s hard to believe, but we’ve been writing these newsletters for more than a year now! Our last newsletter had an amazing open rate (about 50%) in our last newsletter, 2-4 times the national average!
When we started this newsletter and blog our goal was to give you the best security insights out there without a hint of sales or marketing spin. No BS, just good information to help you be successful. We want to deliver this newsletter to people who really want to read it, I couldn’t be happier that you’ve joined us and continue to participate.
I have two requests for you
- If you know anybody who you think would enjoy this newsletter, please forward this email and encourage them to sign up.
- If you have topics that you would like to hear more about let us know - we want to talk about what’s most valuable to you. You can reply to this email, or find us on twitter .
Simple vulnerabilities like this can have massive safety implications for commonly targeted populations. Grindr leaked password reset tokens to the browser to allow anyone with a known email address to take over an account and view personal information.
Microsoft released an update for a vulnerability with a CVSS score of 10/10 that CISA and DHS thought was so severe that they issued an emergency directive requiring updates on Government systems by the weekend. If you haven’t patched yet, do. This is a critical issue.
Wow, the mass surveillance program that has had Snowden on the run for the last seven years has finally been ruled illegal. This is a win for privacy, but still doesn’t mean that Snowden gets to come back. It’ll be important to keep an eye on the next program the Intelligence Community rolls out. My fear is that while this was an obvious overreach, it still set a precedent. It may be replaced by another program that follows the letter of the law while still infringing on rights.
Privacy is a difficult thing to get right. Facebook has made incredible strides to create a secure platform with Secure Defaults and Good Choices , but that doesn’t mean they won’t have to address security vulnerabilities. WhatsApp, their secure messaging platform, has issued 6 CVEs so far in 2020.
For the reasons stated above and many others, I recommend Signal for secure messaging over WhatsApp. This article does a good job of summarizing why.
Another major cyberattack against a hospital system was reported in the US. In this case, a patient died after being redirected to another hospital due to a ransomware attack. You must understand cybersecurity risk, even if you aren’t in the business of cybersecurity. Every new software, hardware, or network system you install (even the security ones) can increase your risk.
This article shows, even when you try to protect your users privacy, trackers can leak information. You need to do the work to protect your users from these types of attacks. As I wrote in my You Have an Obligation to Fight for Privacy article, your user base will thank you. The tool Blacklight does a good job to inspecting a website for trackers. Check out the difference between ReThink.io , and Wired.com .
Apple’s T2 dedicated security chip which includes the Secure Enclave where the device’s keys and secrets are stored has been jailbroken. This could mean little things like being able to theme your Touch Bar, or big things like changing the way the OS boots which could allow a Linux variant to be installed or low level malware to be installed outside of the OS. Removal would be nearly impossible.
Apple and Facebook have locked horns in a privacy battle. Apple is trying to roll out measures that would make trackers and advertisers more transparent in apps on iOS. This could undermine Facebook’s entire business model. After all very few people would willingly give up their data, if given a choice. After major pushback from FaceBook, Apple has delayed the feature in iOS 14.
I remember hearing about Microsoft deploying a massive underwater data center two years ago. I love the idea of building things with a long term vision. When they sank it, I gave them 50/50 odds, that they’d complete the term, but amazingly there were fewer failures in the underwater data center than in standard data centers. Maybe it’s the oxygen free environment, maybe it’s the extra cooling, maybe it’s a reduction in human meddling, or maybe ‘Ursula’ is a better IT Admin than we thought.
If I’d had this Gameboy when I was a kid I may have never made it to college. Purchasing and replacing batteries was a major limiting factor in my Gameboy play time.