Firefox testing ‘Site Isolation’ feature
Site Isolation browser techniques were first deployed in Chrome in mid-2018, that separates each web page and web iframes in their own operating system process. Mozilla announced it planned to develop a similar feature in February 2019. Now Firefox developers have announced that Site Isolation can be toggled on in Nightly builds of the browser. The browser has been testing the feature since September and expects to have it in the stable branch of development by mid-2021. The feature is currently being tested by extension developers to make sure it doesn’t break functionality.
Cisco patches DoS bugs in network security products
The vulnerabilities were found in Cisco’s Firepower Threat Defense software suite and in the operating system for its security devices, Adaptive Security Appliance. The most severe vulnerability impacted Cisco Firepower Chassis Manager, which offered insufficient CSRF protections, potentially opening the door for infected servers to provide client-side access. Several bugs would have allowed for attackers to trigger a denial of service, or upload arbitrary files to a specific folder, opening the door for further payload delivery. Cisco has issued patches, and says there is no evidence that the flaws had been exploited in the wild.
Proposed German legislation authorizes access to encrypted messages
The bill would give security agencies authorization to tap into messages being sent in the country, and also using so-called “spy software” to break encryption on messages already sent. The bill also provides for a special parliamentary commission that would have oversight on intercepted communications. The bill now goes to Germany’s Federal Diet for legislative approval.
Microsoft lets you bypass Windows 10 update blocks
This comes as a new Windows 10 group policy to disable safeguard holds on a PC. These holds are usually set up by Microsoft or hardware makers where there are known compatibility issues with hardware, software, or settings in a Windows update. With the new “Disable safeguards for Feature Updates” Group Policy, admins can let users bypass any holds on a device. Microsoft said that this will allow organizations to test Feature Updates on their machines, but stressed that the holds should not be bypassed for large groups until extensive testing has been done.
Thanks to our episode sponsor, AuthSafe
FBI says Iranians behind voter intimidation emails
This comes from an announcement from director of national intelligence John Ratcliffe. The emails claimed to be from the right-wing extremist group the “Proud Boys,” sent to registered Democratic voters in Florida, threatening them to switch to the Republican party. Florida is one of several US states that makes voter information public. At the announcement, FBI Director Christopher Wray said there was no way that Iranian actors could change American votes. A spokesperson for the Iranian Mission to the UN said the claims are “baseless.”
Palantir to help the US government track COVID-19 vaccines
The news comes from the Wall Street Journal, speaking to state and local health officials briefed on the effort. The data-mining company has developed a system called Tiberius and builds off of existing work the company is doing to track COVID-19 hospitalizations. The system won’t have access to personal health information, and no personally identifiable information will be input. Tiberius will “integrate a wide range of demographic, employment and public health data sets to identify the location of priority populations,” creating real time maps and analyses to help efficiently distribute vaccine doses as they become available.
The Senate votes to issue subpoenas on social media moderation policies
The subpoenas will require Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey to testify regarding the platforms’ recent policy enforcement decisions regarding a New York Post story about Hunter Biden. The motion to issue subpoenas did not list a date for testimony. This comes after Twitter blocked all links to the story initially under its Hacked Materials policy, only to revise that policy to only impact materials shared by attackers. Facebook slowed distribution of the story until it went through its fact checking team.
Edward Snowden given permanent residency in Russia
The whistleblower and former US intelligence contractor has been living in Russia since 2013. Snowden had been living with a temporary residency permit in the country, but changes to Russia’s immigration laws have now made that permit indefinite. Snowden is still wanted in the US for leaking information showing the mass NSA collection of phone records of US citizens.