We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode).
Apple Patches Group FaceTime, Shortcuts Vulnerabilities
Apple's bug bounty program, launched in 2016 (https://securosis.com/blog/thoughts-on-apples-bug-bounty-program)
Apple might pay teenager who found Group FaceTime surveillance bug (https://appleinsider.com/articles/19/02/04/apple-might-pay-teenager-who-found-group-facetime-surveillance-bug)
Apple to Remove “Do Not Track” Feature from Safari
Google Chrome to get warnings for 'lookalike URLs' (https://www.zdnet.com/article/google-chrome-to-get-warnings-for-lookalike-urls/)
Typosquatting (Wikipedia) (https://en.wikipedia.org/wiki/Typosquatting)
Josh's tweet from 2012 about AdBlock Plus
Chrome Canary (https://www.google.com/chrome/canary/)
Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest (https://9to5mac.com/2019/02/06/mac-keychain-exploit/)
Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017) (https://www.patreon.com/posts/mr-steal-yo-14556409)
Market for zero-day exploits (Wikipedia) (https://en.wikipedia.org/wiki/Market_for_zero-day_exploits)
Two-Factor Authentication Might Not Keep You Safe (https://www.nytimes.com/2019/01/27/opinion/2fa-cyberattacks-security.html)
Two-Factor Authorization Apps for iOS
Kevin Mitnick (Wikipedia) (https://en.wikipedia.org/wiki/Kevin_Mitnick)
Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
