Hello, welcome to the Thursday, May 11th, 2017 edition of the San Antonio Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from San Diego, California.

One of the big events last week, of course, was the Google Docs'-Oth flash fishing attack.

While Google was pretty quick in blocking the account responsible for the attack,

it still showcased how O-Oth can be abused.

A much more common scenario is applications that users no longer need or applications that request many more

privileges than are actually required to use the application. Rob has a nice diary today about

how to review the Oath permissions on various social media accounts. You will often find a list of applications within your account privacy or security settings,

but every site does a little bit different.

So Rob gives you a lot of the direct URLs that get you to the area where you do adjust

and review these application permissions,

something you probably should put in your calendar every few months to do.

And Apple apparently is working on a system to warn users of firmware updates or firmware changes, I should say.

Firmware integrity is a long ongoing issue and has been moved more and more into the spotlight again

after recent leaks of government hacking tools that are used to manipulate firmware

in order to gain persistence on exploited machines.

Now, Apple's proposed system would warn the user of changes made to the firmware

and then would give the user the option to transmit these changes to Apple for review.

So similar like a crash dialogue that you often see where it tells you are an application

crashed and you can submit details about the crash to Apple or to whoever made the application.

The tool that does review the firmware EFI check was part of the beta version of the current

...