Why Doesn't Apple Have a Mac Bug Bounty Program?
Episode 69 · February 8th, 2019 · 32 mins 23 secs
About this Episode
We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode).
- Apple Patches Group FaceTime, Shortcuts Vulnerabilities
- Apple's bug bounty program, launched in 2016
- Apple might pay teenager who found Group FaceTime surveillance bug
- Apple to Remove “Do Not Track” Feature from Safari
- Google Chrome to get warnings for 'lookalike URLs'
- Typosquatting (Wikipedia)
- Josh's tweet from 2012 about AdBlock Plus
- Chrome Canary
- Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest
- Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017)
- Market for zero-day exploits (Wikipedia)
- Two-Factor Authentication Might Not Keep You Safe
- Two-Factor Authorization Apps for iOS
- Kevin Mitnick (Wikipedia)
Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.