Everyone hates dealing with passwords. This has led to a mad search for 'password-killer' technology. After several failed attempts, there's finally a worthy contender: passkeys. The technology has been around for years - it's the basis for hardware keys like YubiKey. But no one wanted to have to carry the little things all the time. With passkeys, you get the same phishing-proof, passwordless goodness but tied to a device you always have: your smartphone. Websites are slowly rolling out the ability to secure your accounts with passkeys, and Apple, Google and Microsoft are building support for passkeys into their operating systems. But I would caution you to wait a bit before jumping on the bandwagon - I'll explain why in today's show.
In other news: update all your Apple devices; FBI and NSA break the notorious Snake malware; Intel deploys microcode security update; location data on 2M Toyoya customers exposed for years; new .zip and .mov domains are dangerously ambiguous; new crafty Chinese router malware; online age verification will cause serious problems; Apple will allow you to 'bank' your voice soon.
Article Links
[Tom's Guide] Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now https://www.tomsguide.com/news/apple-issues-urgent-fix-to-block-zero-day-attacks-update-your-iphone-and-mac-now
[tech.co] FBI & NSA Cut the Head Off Notorious Russian Snake Malware https://tech.co/news/nsa-fbi-russian-snake-malware
[Tom's Hardware] Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake https://www.tomshardware.com/news/intel-microcode-security-update
[BleepingComputer] Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/
[Digital Trends] Hackers are using a devious new trick to infect your devices https://www.digitaltrends.com/computing/hackers-are-abusing-zip-mov-domain-names/
[9to5mac.com] Researchers find security flaw in Wemo Smart Plug, Belkin says it won’t release a patch https://9to5mac.com/2023/05/16/wemo-smart-plug-security-flaw-no-patch-coming/
[Ars Technica] Malware turns home routers into proxies for Chinese state-sponsored hackers https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/
[Electronic Frontier Foundation] Age Verification Mandates Would Undermine Anonymity Online https://www.eff.org/deeplinks/2023/03/age-verification-mandates-would-undermine-anonymity-online
[9to5mac.com] Everyone should use Personal Voice; it does in 15 minutes what currently takes several weeks https://9to5mac.com/2023/05/19/everyone-should-use-personal-voice/
Tip of the Week: The Pros & Cons of Passkeys https://firewallsdontstopdragons.com/the-pros-and-cons-of-passkeys/
Further Info
Meross MSS115 Matter-enabled smart plug: https://shop.meross.com/products/meross-matter-smart-wi-fi-plug-mini-mss115
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Support our mission! https://fdsd.me/support
Subscribe to the newsletter: https://fdsd.me/newsletter
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:10: Update on new location tracker spec
0:02:52: News preview
0:05:30: FBI & NSA Cut the Head Off Notorious Russian Snake Malware
0:07:27: Intel Deploys Undisclosed Microcode Security Update
0:11:12: Toyota location data of 2M customers exposed for years