Apple Sleight of Hand

Security Dude Brian Krebs discovered the iPhone 11 sent location data even when the service was disabled. Apple said they didn't see any problems. Now Apple says the chip necessitates constant location checks.

Bulldookey.


A bug in the way unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked.

Affects "most" Linux distros, along with Android, iOS, macOS, FreeBSD, and OpenBSD.


New Mac malware hides behind a fake crypto trading platform called Union Crypto Trader.  Probably North Korean Lazarus group.


VPN is going away - check out Zero Trust


Really good piece on why the user isn't a consideration in software.
Nor is privacy. Surprise - it's Google! Not surprise: don't use Chrome or any browser based on Chrome.



Have a fun weekend. We'll be back Monday, with another slate of specially curated (the ones I came across) stories. Remember: tell your friends about ThermionicMalware. Better yet, tell people you don't like. Reproduction of this blog is prohibited without express written consent of the Backyard Underwriter Liability Lobby of Swingset Hueristics, Investigative Trade (BULLSHIT).