Andrew Orr joins host Kelly Guimont for Security Friday news, including updates on cookies and iOS released and some tech support help from Apple.
Security Friday
Security Friday Browser Edition – TMO Daily Observations 2021-02-26
Andrew Orr join host Kelly Guimont to discuss the latest Security Friday updates from Google and Firefox, and offer up some alternate browser options.
Security Friday: Malware, Passwords, Security Guides – TMO Daily Observations 2021-02-19
Security Friday! Andrew Orr joins host Kelly Guimont to discuss security news and tips, including some new malware for the new M1 Mac.
Security Friday: Hacking and Sign-In Reviews – TMO Daily Observations 2021-02-12
Andrew Orr joins host Kelly Guimont to discuss Security Friday news about previous news items, updates, and include a practical tip.
Security Friday: App Tracking Transparency and More – TMO Daily Observations 2021-02-05
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates, and explains Private Click Measurement and why it matters.
Security Friday: App Transparency and Dots – TMO Daily Observations 2021-01-29
Andrew Orr and Jeff Butts join host Kelly Guimont to discuss Security Friday news including iOS updates and apps, and that dot on your iPhone.
Security Friday, Google Alternatives – TMO Daily Observations 2021-01-21
Andrew Orr joins host Kelly Guimont to discuss the latest Security Friday news, and alternatives to some Google services (now including Fitbit).
Security Friday: Encryption Updates, Reviewing Permissions – TMO Daily Observations 2021-01-15
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and how January is a good time to review all those Sign In With… buttons.
Security Friday, Secret Messages – TMO Daily Observations 2021-01-08
Andrew Orr joins host Kelly Guimont to discuss Security Friday news, including what’s up with WhatsApp (sorry) and some things to know about encryption.
Security Friday, Data Protection Tips – TMO Daily Observations 2020-12-18
Andrew Orr joins host Kelly Guimont for Security Friday updates and news, as well as some tips for managing your own data.
Use This Guide to Manage Your Apple Device and Data Access
Apple has a new 20-page guide available called Device and Data Access when Personal Safety is at Risk.
Security Friday, Avoiding Credit Card Shenanigans – TMO Daily Observations 2020-12-11
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates, and offer some tips on how to avoid credit card shenanigans.
Spotify Resets User Passwords Over Data Leak
Spotify has reset an unknown number of user passwords after a bug in its system exposed private data to business partners.
In a data breach notification filed with the California attorney general’s office, the music streaming giant said the data exposed “may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify.” The company did not name the business partners, but added that Spotify “did not make this information publicly accessible.”
Fortunately, those like me who created a Spotify account using Sign In with Apple shouldn’t have too much information leaked.
Hackers Hide Credit Card Web Skimmer Inside Image Metadata
MalwareBytes reports that hackers are using a new trick to skim credit card data form websites using a skimmer hidden inside image metadata.
We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores. This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot.
A devious, clever hack.
Apple Might Block Apps That do Not Comply With New Privacy Feature
Apple could block apps from the App Store if they fail to meet comply with its new privacy requirements, Craig Federighi has warned.
Apple and Cloudflare Created a New DNS Protocol
Apple and Cloudflare have teamed up to create a new DNS protocol called Oblivious DNS-over-HTTPS, or ODoH.
Security Friday, Encrypted Services – TMO Daily Observations 2020-12-04
Andrew Orr joins host Kelly Guimont to discuss Security Friday news, including Mac and iOS exploits, and encrypted services for your data.
Security Friday on Wednesday, Black Friday Deals – TMO Daily Observations 2020-11-25
Andrew Orr joins host Kelly Guimont to discuss Security Friday news (even though it’s Wednesday) and point out some Black Friday deals.
Security Friday, Encryption Basics – TMO Daily Observations 2020-11-20
Andrew Orr join host Kelly Guimont to discuss Security Friday news, This Week in Facebook, and basic encryption for messaging and iOS files.
Security Friday and Big Sur Updates – TMO Daily Observations 2020-11-13
Today Andrew Orr joins host Kelly Guimont to discuss for Security Friday news and updates, and some Big Sur upgrade tips.
Security Friday, Now With Gift Picks – TMO Daily Observations 2020-11-06
Andrew Orr join host Kelly Guimont for Security Friday news, some ballot measures that passed, and even a security minded gift option.
Deadline is December 8 for App Store Privacy Labels
Apple announced on Thursday that developers have to get their apps ready for the new privacy labels by December 8, 2020.
Michigan Prop 2 Passes; Police Need a Warrant to Search Your Devices
Voters in Michigan overwhelmingly passed Proposition 2 which adds “electronic data and electronic communications” to the state’s search and seizure laws.
The person, houses, papers, possessions, and electronic data and electronic communications of every person shall be secure from unreasonable searches and seizures. No warrant to search any place or to seize any person or things or to access electronic data or electronic communications shall issue without describing them, nor without probable cause, supported by oath or affirmation.
Translation: Michigan police need a warrant to search your electronic devices. And as a Michigander myself I definitely voted in favor of this.
Mattel Revealed it Suffered a Data Breach on June 28
Toy company Mattel suffered ransomware attack on June 28, 2020. It revealed this in a 10-Q form filed with the Securities and Exchange Commission (SEC).
On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations.