After security researchers discovered a new round of malware on nearly 30,000 Macs, they set to work trying to understand its mechanisms. On MacBreak Weekly, Leo Laporte, Andy Ihnatko, Rene Ritchie, and Alex Lindsay discuss this latest bit of malware and talk about how they protect their Macs.
Brenden O’Leary of GitLabs joins This Week in Enterprise tech to discuss the proper uses of GitLab. Co-host, Curtis Franklin, asks about the responsibility of code repositories regarding malicious code that may be stored. Are code repositories responsible for malware leaks into the wild?
Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.
• Chrome to default to trying HTTPS first when not specified.
• Firefox’s “Enhanced Tracking Protection” just neutered 3rd-party cookies!
• As easy as “SolarWinds123”.
• Rockwell Automation’s CVE-2021-22681 is a CRITICAL 10 out of 10.
• VMware’s vCenter troubles.
• SpinRite update.
• Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
• CNAME Collusion.
-Apple’s Tim Cook Calls for Data Privacy.
-773M Passwords Pwned
– How to Find Out If Yours Was.
-Amazon Tries to Make Alexa Sound “Newsy.”
-Google Buys Fossil.
-74% of Facebook Users are Clueless.
-Facebook’s 10 Year Challenge.
-Atari Founder Making Alexa Board Games.
-Stop Using Windows Phone!
-Tokyo Hotel Fires Half its Robots.
Pwn2Own, the Future of Passwords.
— All the action at last week’s Pwn2Own Mobile hacking contest
— The final word on processor mis-design in the Meltdown/Spectre era
— A workable solution for unsupported Intel firmware upgrades for hostile environments
— A forthcoming Firefox breach alert feature
— The expected takeover of exposed Docker-offering servershe recently announced successor to recently ratified HTTP/2
— 184.108.40.206 errata
— The future of passwords: a thoughtful article written by Troy Hunt, the creator of the popular “Have I Been Pwned” web service We invite you to read our show notes.
Hosts: Steve Gibson, Leo Laporte
Australia vs Encryption, Google+ Bugs Hasten its Demise
— Australia’s recently passed anti-encryption legislation
— Details of a couple more mega-breaches including a bit of Marriott follow-up
— A welcome call for legislation from Microsoft — A new twist on online advertising click fraud
— The DHS is interested in deanonymizing cryptocurrencies beyond Bitcoin
— The changing landscape of TOR funding
— An entirely foreseeable disaster with a new Internet IoT-oriented protocol
— Google finds bugs in Google+ and acts responsibly — again — what that suggests for everyone else
We invite you to read our show notes.
Hosts: Steve Gibson, Leo Laporte
– Defending Bloomberg’s Chinese spy chip story Google+ killed by a breach that wasn’t a breach.
– Facebook breach that WAS a breach hits 30 million users. In related news, Facebook now sells a video chat device with a camera that can follow your every move.
– Made by Google event: what we think of the Pixel 3, Pixel Slate, and Home Hub.
– Apple’s TV content will be free for everyone who owns an Apple device.
Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event, plus some rumors of what was supposed to be there but wasn’t. Windows 10 update deletes people’s files. What we expect this Tuesday at Google’s Pixel 3 Event. Amazon raises its minimum wage to $15/hr, kills stock options and bonuses. Facebook hacked by “odorless and weightless hackers.” CA passes new laws restoring Net Neutrality and banning bots that pretend to be human. Presidential Alert hits phones nationwide.
SCOTUS Cell Phone Location Privacy This week we examine some new side-channel worries and vulnerabilities, did Mandiant “hack back” on China?, more trouble with browsers, the big Google Firebase mess, sharing a bit of my dead system resurrection, and a look at the recent Supreme Court decision addressing cellular location privacy.
Megan Morrone and Florence Ion talk to Stacey Higginbotham about tips for securing your smart home. The advantages and disadvantages of running devices on a guest network. Plus, how do you know if your devices are getting regular firmware updates.