PSA: What Is Amazon Sidewalk and Why Should I Disable It Before June 8?

Brendan Hesse writing for Lifehacker:

On June 8, Amazon will launch a new feature called Sidewalk that creates small, public internet networks powered by Echo smart speakers and Ring home security products in your neighborhood. Yes, including yours—unless you disable the setting, which is turned on by default. That means if you don’t want your devices included in this particular tech experiment, you only have a week left to opt out.

New from Bitwarden: Send

Secure one-to-one information sharing

Bitwarden has been my password manager since 1Password went subscription a few years ago. Don’t get me wrong I love 1Password but by comparison, it’s pricey. Bitwarden is free to use with Premium features for $10 a year. The free version will do everything most people need from a password manager.

This week Bitwarden introduced a cool new feature. Send for secure one-to-one information sharing. “Bitwarden Send is a lightweight utility used to share information with another person for a limited period of time. Bitwarden users can easily transmit a file or text, and rest easy knowing the sent information is protected with end-to-end encryption, and will not live forever. Users choose an expiration date for the Send link, after which it no longer works to access the information.”

“This new feature is available on all Bitwarden clients: Web Vault, mobile, browser extensions, and CLI, meaning users will always have a secure way to share sensitive information temporarily.”

About Send | Bitwarden Help & Support

Create a Send | Bitwarden Help & Support

This isn’t something that I will use all that often but it sure is good to know that Send is there for that rare occasion that I need it.

Did the Bitwarden Safari web extension disappear on your Mac?

Bitwarden Safari extension no longer works with the Bitwarden direct download application

Today I needed to login into a website so I opened Safari and went to open the Bitwarden extension and to my surprise, it wasn’t there. WTF!

Here is whats up: “Due to changes by Apple, Safari limits Web Extension use to only those obtained through Mac App Store downloads. As of the 2021-03-11 Release, users will not be able to use a Bitwarden Safari Extension obtained through a .dmg installation from bitwarden.com/download or any other non-App Store source. ”Safari Web Extension | Bitwarden Help & Support

According to Bitwarden Support Release Notes the Safari App Extension has officially been ported to a Web Extension for use with Safari 14 . Due to changes to Safari, Web Extension use is now limited to only those obtained through Mac App Store download. Release Notes | Bitwarden Help & Support

I unistalled the download version of Bitwarden and installed the Mac App Store version and all is good. A little advance notice on this issue would have been nice.

LastPass Free is changing and users aren’t going to be happy

Here’s what you need to know

LastPass is making some changes to LastPass Free that will most likely piss-off users who rely on LastPass as their primary password manager. The big difference is that LastPass Free users will have to choose between mobile or desktop for their unlimited device access, rather than getting the system on both.

Here’s What’s Changing

We’re making changes to how Free users access LastPass across device types. LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type.

Also

In addition to this change, as of May 17th, 2021, email support will only be available for Premium and Families customers. LastPass Free users will always have access to our Support Center which has a robust library of self-help resources available 24/7 plus access to our LastPass Community, which is actively monitored by LastPass specialists. 

After March 16th, if you want to use LastPass on desktop and mobile you’ll need a Premium account. With this change, you may want to look into a different password manager. Bitwarden offers a Free account that you might want to consider.

Here are the instructions on how to export your vault from LastPass and import it to Bitwarden.

iMessage BlastDoor security

Over the past three years, security researchers and real-world attackers have found iMessage remote code execution (RCE) bugs and abused them to develop exploits that allowed them to take control over an iPhone just by sending a simple text, photo, or video to someone’s device.

As reported January 28, 2021 by ZDNet “With the release of iOS 14 last fall, Apple has added a new security system to iPhones and iPads to protect users against attacks carried out via the iMessage instant messaging client.”

“Named BlastDoor, this new iOS security feature was discovered by Samuel Groß, a security researcher with Project Zero, a Google security team tasked with finding vulnerabilities in commonly-used software.”

“Groß said the new BlastDoor service is a basic sandbox, a type of security service that executes code separately from the rest of the operating system.”

“While iOS ships with multiple sandbox mechanisms, BlastDoor is a new addition that operates only at the level of the iMessage app.”

“Its role is to take incoming messages and unpack and process their content inside a secure and isolated environment, where any malicious code hidden inside a message can’t interact or harm the underlying operating system or retrieve with user data.”

Firefox 85 adds supercookie protection. What about Safari?

In technology news today Mozilla announced that it has added built-in protection from supercookies to Firefox 85. “Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies,” Mozilla explains in a blog post. “By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next.”

With Safari being my main browser and Firefox being secondary I wondered if Safari might have the same protection from supercookie tracking? To my surprise, it does and has since 2018.

“Quietly and without fanfare Apple has rolled out a change to its Safari browser that munches one of the web’s most advanced “super cookies” into crumbs.” Apple burns the HSTS super cookie WebKit blog: Protecting Against HSTS Abuse

Mac security explained

Great show today on Mac Power Users podcast. David and Stephen go into detail explaining Mac security. I walked away from the show with a better understanding of Mac security and a better feeling about the security built into my Mac. I recommend listening to this episode if you would like a better understanding of Mac security.

Episode #570 Mac Power Users – Security Explained

From the beginning, Mac OS X was designed with security and privacy in mind, but over the years Apple has worked to make both the Mac’s software and hardware more even more so. This week, Stephen and David cover what’s what when it comes to Mac security.

Adobe Ends Flash Player Support, Recommends Uninstalling Immediately

Adobe Flash Player has always been a source of malware for Mac and PC users. Now is the time to remove it if you still have it installed. The below article also explains how to remove it.

Adobe Flash Player End of Life

Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.