This Week In Nerd News - November 23, 2020

How the U.S. Military Buys Location Data from Ordinary Apps.

The trouble with free apps. The app makers must make revenue somewhere and selling data is lucrative.

A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people’s personal data to brokers, contractors, and the military.

Windows 10: Microsoft reveals Pluton security chip – ‘Expect Patch Tuesday-type updates’.

Microsoft promises Pluton will make it easier to keep system firmware up to date, for example, in cases when TPM firmware for separate security processors is required.

Firefox 83 introduces HTTPS-Only Mode.

This is an interesting development as we’re shifting more and more of our traffic in transit to be encrypted. This will have the desired impact of shifting website owners to move to https.

Security on the web matters. Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure that this information is kept secure. Whether you are writing a personal email or reading a page on a medical condition, you don’t want that information leaked to eavesdroppers on the network who have no business prying into your personal communications.

More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug.

If there’s any assurance that cybercrime will continue to grow in the foreseeable future, it is that we are not patching.

Millions of computers and servers across the globe remain unpatched for some of today’s most dangerous bugs.

New tool automates phishing attacks that bypass 2FA.

SMS-based 2FA now offers less security value than ever. Time to switch to better 2FA everywhere you can. On the other hand, if you’re in White or Allow-listing mode on adam:ONE, that’s a complimentary protection layer.

Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool.