Hello, welcome to the Wednesday, July 24, 2019 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Today in Diaries, we got a post from Boyan regarding how to test your TLS configuration.

Of course, that always has been sort of some of these

canaries. I think if your TLS configuration isn't sort of close to up to date, then probably

you're doing a bunch of other things wrong. Now, Boyan also has a nice webcast coming. In this webcast,

he'll actually demonstrate some of these poodle vulnerabilities, for example, and that's, I think,

something that's often missing here, where we're talking about these vulnerabilities. We're

claiming that they're severe, but hardly anybody sort of ever has gone through an actual

exploit of one of these vulnerabilities.

And over the last two days, Apple again pretty much updated everything starting on Monday

with their operating systems, MacOS, Apple TV OS, WatchOS, and iOS, and on Tuesday with updates

for some Windows software like ICloud for Windows and iTunes. Probably the highest profile vulnerability

being addressed here was an issue in the walkie-talkie feature in the Apple Watch,

and that's actually something that Apple even disabled prior to this update being released.

Now, in this update in the security notes, there is a brief description of this

that says a logic issue existed in the answering of phone calls.

The issue was addressed with improved state management.

So apparently if someone called you and also did initiate a walkie-talkie connection at the same time,

they may be able to eavesdrop on you without you realizing that this walkie-talkie connection

was established.

...