Security Is Hard

It’s really easy to complain about the sadly insecure state of many of our products and services, but the fact is that doing security right is hard – even when you’re trying to get it right. Part of the problem is that there are just so many things to secure, even on a single product or service. Today we’re going to discuss several recent security issues with popular products, and why getting it right can be such a daunting task.

In today’s show: a universal decryption key for all REvil ransomware victims prior to July 13th is now available; Microsoft patched a nasty security bug in all of its Windows OS versions, but it’s still being actively exploited (hint: patch now!); it was recently argued that WhatsApp’s end-to-end encryption has a “backdoor”, but I’ll explain why that’s not true; a home security system maker refuses to patch a bug that would allow an attacker to disable your system just by knowing (or guessing) your email address; ProtonMail is forced to alter its “no IP logging” marketing in the face of a recent incident involving a French activist’s account; new Mac malware has emerged that uses poisoned search results to trick its victims; and for my tip of the week, I’ll tell you about a new fourth credit bureau where you should freeze your credit report.

Article Links

Further Info