Podcast: Play in new window | Download (Duration: 1:01:59 — 70.9MB) | Embed
Subscribe: Google Podcasts | Spotify | Stitcher | TuneIn | RSS | More
Everyone hates dealing with passwords. This has led to a mad search for ‘password-killer’ technology. After several failed attempts, there’s finally a worthy contender: passkeys. The technology has been around for years – it’s the basis for hardware keys like YubiKey. But no one wanted to have to carry the little things all the time. With passkeys, you get the same phishing-proof, passwordless goodness but tied to a device you always have: your smartphone. Websites are slowly rolling out the ability to secure your accounts with passkeys, and Apple, Google and Microsoft are building support for passkeys into their operating systems. But I would caution you to wait a bit before jumping on the bandwagon – I’ll explain why in today’s show.
In other news: update all your Apple devices; FBI and NSA break the notorious Snake malware; Intel deploys microcode security update; location data on 2M Toyoya customers exposed for years; new .zip and .mov domains are dangerously ambiguous; new crafty Chinese router malware; online age verification will cause serious problems; Apple will allow you to ‘bank’ your voice soon.
Article Links
- [Tom’s Guide] Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now https://www.tomsguide.com/news/apple-issues-urgent-fix-to-block-zero-day-attacks-update-your-iphone-and-mac-now
- [tech.co] FBI & NSA Cut the Head Off Notorious Russian Snake Malware https://tech.co/news/nsa-fbi-russian-snake-malware
- [Tom’s Hardware] Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake https://www.tomshardware.com/news/intel-microcode-security-update
- [BleepingComputer] Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/
- [Digital Trends] Hackers are using a devious new trick to infect your devices https://www.digitaltrends.com/computing/hackers-are-abusing-zip-mov-domain-names/
- [9to5mac.com] Researchers find security flaw in Wemo Smart Plug, Belkin says it won’t release a patch https://9to5mac.com/2023/05/16/wemo-smart-plug-security-flaw-no-patch-coming/
- [Ars Technica] Malware turns home routers into proxies for Chinese state-sponsored hackers https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/
- [Electronic Frontier Foundation] Age Verification Mandates Would Undermine Anonymity Online https://www.eff.org/deeplinks/2023/03/age-verification-mandates-would-undermine-anonymity-online
- [9to5mac.com] Everyone should use Personal Voice; it does in 15 minutes what currently takes several weeks https://9to5mac.com/2023/05/19/everyone-should-use-personal-voice/
- Tip of the Week: The Pros & Cons of Passkeys https://firewallsdontstopdragons.com/the-pros-and-cons-of-passkeys/
Further Info
- Meross MSS115 Matter-enabled smart plug: https://shop.meross.com/products/meross-matter-smart-wi-fi-plug-mini-mss115
- Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
- Give the gift of privacy and security: https://fdsd.me/coupons
- Send me your questions! https://fdsd.me/qna
- Support our mission! https://fdsd.me/support
- Subscribe to the newsletter: https://fdsd.me/newsletter
- Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
- Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest
- Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
- 0:01:10: Update on new location tracker spec
- 0:02:52: News preview
- 0:05:30: FBI & NSA Cut the Head Off Notorious Russian Snake Malware
- 0:07:27: Intel Deploys Undisclosed Microcode Security Update
- 0:11:12: Toyota location data of 2M customers exposed for years
- 0:15:34: Phishers looking to capitalize on ambiguous new TLDs
- 0:19:32: Security flaws in Wemo Smart Plug won’t be fixed
- 0:25:08: Malware turns home routers into proxies for Chinese hackers
- 0:30:53: Age Verification Mandates Would Undermine Anonymity Online
- 0:39:23: Apple to offer new “voice-banking” technology
- 0:43:42: Dear Carey/Tip of the Week
- 0:59:19: Upcoming shows, coin promotion