Security News
They found this bug in the app on Google Pixel Phones that lets you take a screenshot, or a photo you've captured, and crop it, or blank out bits of it. Google Pixel phones had a serious data leakage bug - here's what to do!
![S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]](/static/build/img/news/s3-ep-126-the-price-of-fast-fashion-and-feature-creep-audio-text-small.jpg)
No audio player below? Listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
![S3 Ep125: When security hardware has security holes [Audio + Text]](/static/build/img/news/s3-ep125-when-security-hardware-has-security-holes-audio-text-small.jpg)
Ransomware bust, ransomware warning, and anti-ransomware advice. DOUG. Ransomware, more ransomware, and TPM vulnerabilities.
![S3 Ep124: When so-called security apps go rogue [Audio + Text]](/static/build/img/news/s3-ep124-when-so-called-security-apps-go-rogue-audio-text-small.jpg)
DOUG. Scambaiting, rogue 2FA apps, and we haven't heard the last of LastPass. Alright, let's stay on the subject of 2FA. We are seeing a spike in rogue 2FA apps in both app stores.
![S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]](/static/build/img/news/s3-ep123-crypto-company-compromise-kerfuffle-audio-text-small.jpg)
DOUG. Crypto company code captured, Twitter's pay-for-2FA play, and GoDaddy breached. DOUG. Well, let's bring things into the modern, and talk about GoDaddy.
![S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]](/static/build/img/news/s3-ep122-stop-calling-every-breach-sophisticated-audio-text-small.jpg)
DOUG. Patching bugs, hacking Reddit, and the early days of computing. Like in the LastPass breach and the recent GitHub breach, source code got stolen, along with a bit of other stuff.
![S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]](/static/build/img/news/s3-ep121-can-you-get-hacked-and-then-prosecuted-for-it-audio-text-small.jpg)
Exactly the same when you try and use a password you say, "I want to copy that password and use it." You have to put in a master password to get access to your passwords, but you don't have to put in the master password to get access to the configuration file to get access to the passwords.
Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.
![S3 Ep120: When dud crypto simply won’t let go [Audio + Text]](/static/build/img/news/s3-ep120-when-dud-crypto-simply-wont-let-go-audio-text-small.jpg)
This is not a breach of the GitHub systems or the GitHub infrastructure or how GitHub stores files - it's just that GitHub's code on GitHub some of the stuff that was supposed to be private got downloaded. In the end, GitHub found, I think, that there are only three stolen certificates that were actually still valid, in other words, that crooks could actually use for signing anything.
![S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]](/static/build/img/news/s3-ep119-breaches-patches-leaks-and-tweaks-audio-text-small.jpg)
DOUG. OK, we've got some tips if you are affected by this, starting with: Don't click "Helpful" links in emails or other messages. Apple patches are out - old iPhones get an old zero-day fix at last!