It’s hard to believe, but we’ve been writing these newsletters for more than a year now! Our last newsletter had an amazing open rate (about 50%) in our last newsletter, 2-4 times the national average!

When we started this newsletter and blog our goal was to give you the best security insights out there without a hint of sales or marketing spin. No BS, just good information to help you be successful. We want to deliver this newsletter to people who really want to read it, I couldn’t be happier that you’ve joined us and continue to participate.

Thank you!

I have two requests for you

  1. If you know anybody who you think would enjoy this newsletter, please forward this email and encourage them to sign up.
  2. If you have topics that you would like to hear more about let us know - we want to talk about what’s most valuable to you. You can reply to this email, or find us on twitter .

Simple vulnerabilities like this can have massive safety implications for commonly targeted populations. Grindr leaked password reset tokens to the browser to allow anyone with a known email address to take over an account and view personal information.

Hacking Grindr Accounts with Copy and Paste

Microsoft released an update for a vulnerability with a CVSS score of 10/10 that CISA and DHS thought was so severe that they issued an emergency directive requiring updates on Government systems by the weekend. If you haven’t patched yet, do. This is a critical issue.

New Windows exploit lets you instantly become admin. Have you patched? | Ars Technica

Wow, the mass surveillance program that has had Snowden on the run for the last seven years has finally been ruled illegal. This is a win for privacy, but still doesn’t mean that Snowden gets to come back. It’ll be important to keep an eye on the next program the Intelligence Community rolls out. My fear is that while this was an obvious overreach, it still set a precedent. It may be replaced by another program that follows the letter of the law while still infringing on rights.

U.S. court: Mass surveillance program exposed by Snowden was illegal - Reuters

Privacy is a difficult thing to get right. Facebook has made incredible strides to create a secure platform with Secure Defaults and Good Choices , but that doesn’t mean they won’t have to address security vulnerabilities. WhatsApp, their secure messaging platform, has issued 6 CVEs so far in 2020.

WhatsApp Security Advisories

For the reasons stated above and many others, I recommend Signal for secure messaging over WhatsApp. This article does a good job of summarizing why.

Why everyone should be using Signal instead of WhatsApp | WIRED UK

Another major cyberattack against a hospital system was reported in the US. In this case, a patient died after being redirected to another hospital due to a ransomware attack. You must understand cybersecurity risk, even if you aren’t in the business of cybersecurity. Every new software, hardware, or network system you install (even the security ones) can increase your risk.

Major hospital system hit with cyberattack, potentially largest in U.S. history

This article shows, even when you try to protect your users privacy, trackers can leak information. You need to do the work to protect your users from these types of attacks. As I wrote in my You Have an Obligation to Fight for Privacy article, your user base will thank you. The tool Blacklight does a good job to inspecting a website for trackers. Check out the difference between ReThink.io , and Wired.com .

The High Privacy Cost of a “Free” Website – The Markup

Apple’s T2 dedicated security chip which includes the Secure Enclave where the device’s keys and secrets are stored has been jailbroken. This could mean little things like being able to theme your Touch Bar, or big things like changing the way the OS boots which could allow a Linux variant to be installed or low level malware to be installed outside of the OS. Removal would be nearly impossible.

Hackers jailbreak Apple’s T2 security chip powered by bridgeOS - Report Cyber Crime

Apple and Facebook have locked horns in a privacy battle. Apple is trying to roll out measures that would make trackers and advertisers more transparent in apps on iOS. This could undermine Facebook’s entire business model. After all very few people would willingly give up their data, if given a choice. After major pushback from FaceBook, Apple has delayed the feature in iOS 14.

Facebook complains about Apple’s new privacy moves - The Washington Post

Apple to delay privacy change threatening Facebook, mobile ad market - Reuters

I remember hearing about Microsoft deploying a massive underwater data center two years ago. I love the idea of building things with a long term vision. When they sank it, I gave them 50/50 odds, that they’d complete the term, but amazingly there were fewer failures in the underwater data center than in standard data centers. Maybe it’s the oxygen free environment, maybe it’s the extra cooling, maybe it’s a reduction in human meddling, or maybe ‘Ursula’ is a better IT Admin than we thought.

Microsoft’s underwater data centre resurfaces after two years - BBC News

If I’d had this Gameboy when I was a kid I may have never made it to college. Purchasing and replacing batteries was a major limiting factor in my Gameboy play time.

Battery-free Game Boy runs forever

Please subscribe to our newsletter. Each month we send out a newsletter with news summaries and links to our last few posts. Don’t miss it!