Why Doesn't Apple Have a Mac Bug Bounty Program?
Intego Mac Podcast
English - February 08, 2019 10:00 - 32 minutes - 14.8 MB - ★★★★★ - 56 ratingsTechnology News Tech News apple mac internet security intego Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode).
Apple Patches Group FaceTime, Shortcuts Vulnerabilities
Apple's bug bounty program, launched in 2016 (https://securosis.com/blog/thoughts-on-apples-bug-bounty-program)
Apple might pay teenager who found Group FaceTime surveillance bug (https://appleinsider.com/articles/19/02/04/apple-might-pay-teenager-who-found-group-facetime-surveillance-bug)
Apple to Remove “Do Not Track” Feature from Safari
Google Chrome to get warnings for 'lookalike URLs' (https://www.zdnet.com/article/google-chrome-to-get-warnings-for-lookalike-urls/)
Typosquatting (Wikipedia) (https://en.wikipedia.org/wiki/Typosquatting)
Josh's tweet from 2012 about AdBlock Plus
Chrome Canary (https://www.google.com/chrome/canary/)
Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest (https://9to5mac.com/2019/02/06/mac-keychain-exploit/)
Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017) (https://www.patreon.com/posts/mr-steal-yo-14556409)
Market for zero-day exploits (Wikipedia) (https://en.wikipedia.org/wiki/Market_for_zero-day_exploits)
Two-Factor Authentication Might Not Keep You Safe (https://www.nytimes.com/2019/01/27/opinion/2fa-cyberattacks-security.html)
Two-Factor Authorization Apps for iOS
Kevin Mitnick (Wikipedia) (https://en.wikipedia.org/wiki/Kevin_Mitnick)
Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode).
Apple Patches Group FaceTime, Shortcuts Vulnerabilities
Apple's bug bounty program, launched in 2016
Apple might pay teenager who found Group FaceTime surveillance bug
Apple to Remove “Do Not Track” Feature from Safari
Google Chrome to get warnings for 'lookalike URLs'
Typosquatting (Wikipedia)
Josh's tweet from 2012 about AdBlock Plus
Chrome Canary
Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest
Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017)
Market for zero-day exploits (Wikipedia)
Two-Factor Authentication Might Not Keep You Safe
Two-Factor Authorization Apps for iOS
Kevin Mitnick (Wikipedia)
Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.