Podcasts about eidas

Janusz Cieszyński, były wiceminister cyfryzacji, w „Poranku Wnet” bronił dorobku aplikacji M-Obywatel i skrytykował sposób wdrażania europejskiego portfela tożsamości cyfrowej.Polska jest liderem, jeżeli chodzi o cyfrową tożsamość w Unii Europejskiej. Delegacje z całej Europy przyjeżdżały do Warszawy zobaczyć, jak to zrobiliśmy– mówił.Przypomniał, że od lipca 2023 r. Polska była największym krajem UE z cyfrowym dokumentem tożsamości równoważnym plastikowemu dowodowi osobistemu.Europejski portfel – dobry kierunek, zła realizacja?Cieszyński zaznaczył, że samo wdrożenie europejskiego portfela tożsamości cyfrowej, wynikającego z rozporządzenia eIDAS 2.0, jest potrzebne i może zwiększyć bezpieczeństwo danych.Architektura tego europejskiego portfela jest lepsza, bo bardziej skoncentrowana na prywatności. To jest dobry kierunek– ocenił.

L'EUDI Wallet, Portefeuille d'identité numérique européen Nous vivons de plus en plus dans un système qui nécessite de prouver son identité. Récemment de nouvelles lois prévoient de justifier son age pour les réseaux sociaux. Pour cela une identité numérique s’impose. A chaque contrôle on donne plus de données que nécessaire en réalité. Faut-il sacrifier son intimité pour une simple transaction. Aujourd’hui, prouver sa majorité pour accéder à un service ou ouvrir un compte bancaire exige de scanner l’intégralité d’un titre d’identité. C’est un paradoxe flagrant : pour une simple vérification d’âge, un tiers accède à votre adresse, votre lieu de naissance et votre nom complet. Ce partage excessif facilité l’usurpation d’identité et le traçage publicitaire systémique. L'EUDI Wallet (European Digital Identity Wallet) promet de briser ce cycle. Plus qu'une application, c'est le pivot d'un changement de paradigme où l’utilisateur ne subit plus la collecte de données, mais orchestre sa propre « économie de la preuve ». Quelques précisions sur le EUDI Wallet Le Portefeuille Européen d'Identité Numérique (EUDI Wallet) est un système sécurisé de gestion de l'identité instauré pour permettre aux citoyens, résidents et entreprises de l'Union européenne de s'identifier et de s'authentifier en ligne et hors ligne. Ce dispositif s’appuie sur un cadre réglementaire et technique précis pour transformer les interactions numériques au sein du marché unique. Le Cadre Juridique : eIDAS 2.0 La mise en place du EUDI Wallet repose sur le règlement eIDAS 2.0, adopté en avril 2024. Ce texte fait évoluer le cadre de 2014 pour imposer de nouvelles obligations : D'ici fin 2026 : Chaque État membre doit fournir au moins un portefeuille numérique à ses citoyens. C’est cette année que vous allez découvrir votre identité numérique généralisée. D'ici fin 2027 : Les entreprises soumises à la réglementation de lutte contre le blanchiment (AML), les grandes plateformes numériques et certains services publics devront obligatoirement accepter le portefeuille comme moyen d'identification. Objectif 2030 : L'Union européenne ambitionne que 80 % des citoyens utilisent cette solution d'ici 2030. Fonctionnement et Technologies Clés Le portefeuille fonctionne comme une application mobile sécurisée stockant des identifiants numériques vérifiés (permis de conduire, diplômes, certificats de santé). L’Architecture Reference Framework (ARF) : C’est le cadre technique qui définit les normes, protocoles et spécifications pour garantir l’interopérabilité entre les différents pays. Zéro Knowledge Proof (ZKP) : Pour protéger la vie privée, le portefeuille utilise des preuves à divulgation nulle de connaissance. Cela permet, par exemple, de prouver que l’on est majeur sans révéler sa date de naissance exacte. SD-JWT (Selective Disclosure JSON Web Tokens) : Cette technologie permet de ne dévoiler que les champs strictement nécessaires d’un document numérique. Usages et Avantages pour les Utilisateurs Le EUDI Wallet simplifie de nombreuses démarches quotidiennes : Services Financiers : Ouverture de comptes bancaires ou demandes de prêts facilitées par la transmission instantanée de documents certifiés (KYC en temps réel). Signatures Électroniques : Le portefeuille permettra de réaliser gratuitement des signatures électroniques qualifiées (QES), ayant la même valeur juridique qu’une signature manuscrite. Services Publics et Vie Quotidienne : Demande de passeport, déclaration fiscale, accès à la sécurité sociale, ou encore enregistrement d’une carte SIM. Mise en œuvre en France : France Identité La France est particulièrement avancée grâce à l’application France Identité, qui sert de socle à cette transition. Elle permet déjà d’accéder à des titres d’identité (CNI, permis de conduire numérique, carte grise) sur smartphone. L’Agence nationale des titres sécurisés (ANTS) coordonne le consortium POTENTIAL, un projet pilote européen majeur impliquant 19 États membres pour tester les usages du portefeuille. Pour les entreprises françaises, l’enjeu est immédiat. Grâce à l’avance prise par l’ANTS avec France Identité et le pilotage du consortium européen POTENTIAL, on dispose d’une longueur d’avance. Ce socle technique national permet d’anticiper le “go-to-regulatory” (conformité) sans sacrifier le “go-to-market” (expérience client). Autant faut-il accepter pour chaque citoyen de disposer des identités compatibles, permis de conduire et carte d’identité. Exemple pour un prêt bancaire. Procédure actuelle Prêt bancaire Procédure numérique Prêt bancaire Enjeux et Risques Identifiés Malgré les avantages en termes de lutte contre la fraude et de fluidité, plusieurs points de vigilance sont soulevés : Risque de traçage : Certains craignent que l’utilisation du portefeuille ne laisse des traces permettant à l’État ou aux émetteurs de suivre les connexions des citoyens. Actuellement en France on a le droit de vivre sans permis ni carte d’identité. Avec ses systèmes vous devez vous enregistrer sur un de ces documents. Cybersécurité (Article 45) : Le règlement oblige les navigateurs à accepter certains certificats de sécurité étatiques (QWAC), ce qui inquiète les experts quant à de possibles interceptions de trafic chiffré. Penser aussi aux textes de loi sur les back door gouvernementales pour contourner les cryptages. Dépendance matérielle : Le portefeuille repose sur les composants de sécurité des smartphones contrôlés par des firmes américaines (Apple et Google) et chinoises, posant un défi de souveraineté technologique. Pour les entreprises, l’intégration peut se faire soit en direct (gestion interne de la complexité technique et réglementaire), soit via des intermédiaires (plateformes comme Hopae ou Docusign) qui facilitent la connexion aux différents registres de confiance européens. ThématiquePromesse (Vision UE)Risque (Critique des Opposants)Vie PrivéeZéro Knowledge Proof : Vous prouvez votre âge sans donner votre date de naissance.Traçage d’usage : L’État ou le fournisseur du Wallet sait où et quand vous l’utilisez.SécuritéCoffre-fort numérique : Fin des mots de passe volés et de l’usurpation d’identité.Point de défaillance unique : Si votre smartphone est compromis ou le système piraté, toute votre vie est exposée.SouverainetéIndépendance : Une solution européenne pour ne plus dépendre de Facebook/Google Connect.Infrastructure US : Le Wallet repose sur les puces (Secure Enclave) d’Apple et Google.Liberté d’accèsVolontariat : Le citoyen reste libre d’utiliser le format papier ou plastique.Obligation déguisée : Si les banques et services publics l’imposent pour “aller plus vite”, le refus devient impossible.Web de confianceAuthentification forte : Moins de bots, de deepfakes et d’arnaques en ligne.Fin de l’anonymat : Risque de voir disparaître la possibilité de naviguer sous pseudonyme sur le Web. Transformer la contrainte en opportunité L’identité numérique n’est pas qu’une affaire de juristes ; c’est un levier de performance. La lourdeur des vérifications KYC (Know Your Customer) est le premier frein à la croissance. L’EUDI Wallet transforme ce parcours : De 7 étapes à une validation instantanée : Fini le scan de documents et la saisie manuelle. L’accès aux « credentials vérifiables » (diplômes, IBAN, attestations de fonds) fluidifie l’entrée en relation. Synergie avec l’Open Banking : Dans la lignée de la DSP3, le Wallet devient l’infrastructure de confiance permettant de sécuriser les consentements et les interactions financières en temps réel. Réduction drastique de la fraude : L’utilisation d’identités régaliennes de niveau d’assurance “élevé” élimine la fraude documentaire à la source. Souveraineté et points de friction Malgré l’optimisme technologique, des zones d’ombre persistent. Le débat s’est cristallisé autour de l’Article 45 du règlement. Les experts s’inquiètent de l’obligation faite aux navigateurs d’accepter des certificats de sécurité (QWAC) émis par les États. Le risque ? Des attaques de type Man-in-the-Middle, où un État pourrait théoriquement intercepter le trafic chiffré de ses citoyens. Plus piquant encore est le paradoxe matériel : le Wallet repose sur des “enclaves sécurisées” (puces NFC et biométrie) intégrées aux smartphones. Ces technologies NFC sont américaines sur des smartphone chinois, coréen ou américains. « L'Europe construit son identité ‘souveraine’ sur une infrastructure matérielle qu'elle ne maîtrise pas. » L’identité régalienne de demain dépendra donc, en dernier ressort, de la bonne volonté d’Apple et Google à ouvrir leurs composants sécurisés. Enfin, subsiste le risque d’un traçage par l’émetteur (l’État) qui, bien que ne voyant pas le contenu des données via ZKP, pourrait enregistrer la fréquence et le lieu des authentifications, dessinant ainsi une “ombre numérique” persistante. Conclusion : Vers une “économie de la preuve” L’EUDI Wallet marque l’avènement d’une société où la preuve certifiée — qu’il s’agisse d’un diplôme, d’une attestation électronique d’attributs ou d’un statut professionnel — devient un actif fluide et portable. Pour les entreprises, c’est l’opportunité de passer d’un web de documents statiques à un web de confiance dynamique. Cependant, le défi reste humain. Saurons-nous transformer cet outil en levier de souveraineté individuelle ou glisserons-nous vers une dépendance régalienne automatisée ? Sources : Commission européenne sur identité numérique Réglement eIDAS Par Régis BAUDOUINThe post L'EUDI Wallet, Portefeuille d'identité numérique européen first appeared on XY Magazine.

Wordt 2026 het jaar waarin we onze autonomie definitief overdragen aan de machine?In deze tech-update spreekt Jelle van Baardenwijk met Michel Portier (podcast 'De Mens in de Machine') over de razendsnelle en vaak zorgwekkende ontwikkelingen in de digitale wereld. Van AI-agenten die je computer overnemen tot de naderende invoering van de Europese digitale identiteit (eIDAS).Portier schechetst een beeld van een wereld waarin "enshittification" het internet onbruikbaar maakt, waardoor we gedwongen worden om AI-interfaces en digitale paspoorten te gebruiken. We bespreken de casus van Eva Vlaardingenbroek als voorbode van een digitaal reisverbod, de impact van Jonathan Haidts "Anxious Generation" op Europees beleid, en de megalomane visies van Elon Musk waarbij satellieten en AI samensmelten tot een globaal zenuwstelsel.Onderwerpen in deze video:AI-agenten: Waarom we onze creditcards en privacy weggeven aan autonome software.Digital ID & Wallet: Wat er over 9 maanden verandert voor iedere EU-burger.Censuur & Reach: Hoe alternatieve platforms zoals Odyssey worden aangepakt.De economische afgrond: Waarom robotisering en AI de arbeidsmarkt in 2026 fundamenteel gaan ontwrichten.De Mens in de Machine: Hoe behouden we onze menselijkheid in een wereld die volledig wordt beheerd door algoritmes?Bronnen en links bij deze uitzending: Het kanaal van Michel:

We are live from the Gartner IAM Summit 2025 in Grapevine, Texas! In this episode, we welcome back Sarah Clark, now the Chief Product Officer and GM of North America at Hopae. Sarah shares her journey from Mastercard to buying rainforests in Costa Rica and rescuing dogs, before diving deep into the world of digital identity infrastructure. We discuss connecting government-issued digital IDs with the private sector to combat fraud and improve user experiences. Sarah breaks down the differences in global adoption, highlighting why the EU is leading the charge with upcoming mandates and how countries like Brazil and India are scaling their programs. We also explore the state of mobile driver's licenses in the US, the potential for age verification and workforce management use cases, and whether the US can catch up to the rest of the world. Plus, we wrap up with a heartfelt conversation about dog rescue and the challenges of pet adoption.Connect with Sarah https://www.linkedin.com/in/sarahmclark/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00:00 - Intro: Live from Gartner IAM Summit 202500:01:25 - Introducing Sarah Clark and her journey to Hopae00:03:00 - What is Hopae and the vision for digital identity infrastructure?00:04:19 - Why governments are moving toward digital IDs (186 countries!)00:05:32 - Solving the fraud crisis with government-issued credentials00:07:05 - The benefits: Security, efficiency, and inclusion00:08:52 - Global adoption curves: India, Philippines, and Brazil00:10:48 - The EU vs. US: Who is winning the digital ID race?00:14:04 - eIDAS 2.0 mandates and the intermediary role00:17:03 - Future trends: Age verification, Fintech, and stablecoins00:19:54 - Workforce management and "Know Your Employee"00:21:28 - Sarah's passion project: Rainforest preservation and dog rescue00:25:35 - Closing thoughts on the future of identityKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Sarah Clark, Hope, Digital Identity, Digital Wallets, Mobile Driver's License, mDL, eIDAS 2.0, Identity Verification, Fraud Prevention, KYC, Verifiable Credentials, Gartner IAM Summit, Digital Infrastructure, Biometrics, Age Verification

Die EUDI Wallet ist kein Zufallsprodukt, sondern das Ergebnis einer langen regulatorischen Entwicklung. In Folge 2 von „Alles Legal – Fintech-Recht kompakt“ ordnet Peter Frey (Annerton) ein, was eIDAS 2 rechtlich neu macht, wie Governance und Durchführungsakte zusammenspielen und warum dieser Schritt weit über eine klassische Signaturverordnung hinausgeht.

Annerton-Experte Peter Frey erklärt im „Alles Legal”-Podcast, was hinter der EUDI-Wallet steckt, wer sie herausgeben darf und wie sie künftig Prozesse bei Identifikation, Vertragsabschluss und Authentifizierung verändern wird.

We share our PKI predictions for 2026. Topics include PQC, eIDAS 2, CT logging, ACME, passkeys, CA distrust, AI model poisoning, and new attack vectors.

Die EU baut gerade das Betriebssystem für unsere künftige digitale Identität. Welche Rolle spielt Deutschland? Wie passen EUDI-Wallet, EIDAS 2.0, AMLR zusammen? Genau darüber spricht Maik Klotz in der neuen Podcast-Folge mit Philipp Angermann und Philipp Wegmann von Signicat:

Aste honetan hiru gai nagusitan zentratuko dugu programa. Lehenengoa OpenAI da, azkenean irabazi asmorik gabeko erakundea izateari utzi eta enpresa pribatua izango dena. Bigarrenik, Chat Control 2.0-ri buruz hitz egiten jarraituko dugu, eta azpimarratuko dugu Danimarkak baztertu egin duela mezularitzako aplikazioen enkriptazioarekin amaitzeko proposamena. Halaber, Italiak adinari buruzko egiaztapena eskatuko du helduentzako orrietan, eIDAS jarraibideen […]

Veilig omgaan met je persoonlijke gegevens online wordt steeds belangrijker, zeker nu de regels door de nieuwe eIDAS wet gaan veranderen. Daardoor moeten verschillende digitale ID-wallets op de markt breed geaccepteerd worden. Het is een belangrijke stap naar het veilig kunnen opslaan en delen van je persoonlijke gegevens.

Veilig omgaan met je persoonlijke gegevens online wordt steeds belangrijker, zeker nu de regels door de nieuwe eIDAS wet gaan veranderen. Daardoor moeten verschillende digitale ID-wallets op de markt breed geaccepteerd worden. Het is een belangrijke stap naar het veilig kunnen opslaan en delen van je persoonlijke gegevens. Eind 2026 moet daarom elke lidstaat van de Europese Unie ten minste één digitale ID-wallet beschikbaar stellen. Het jaar daarna moeten dit soort wallets verplicht geaccepteerd worden in Europa. Uiteindelijk moet het zorgen voor meer overzicht in een situatie waarin tientallen verschillende digitale ID-wallets bestaan. Eén van de partijen die dat ook probeert is Ver.ID. Het bedrijf implementeert al die verschillende ID-wallets, waardoor een gemeente of een bank via Ver.ID toegang heeft tot al die wallets. In dit soort digitale ID-wallets kan iemand meer informatie stoppen dan alleen een identiteitsbewijs of rijbewijs. Iemand zou alle informatie uit ‘mijn overheid’ in de digitale portemonnee kwijt kunnen, inclusief zaken als diploma of BKR-registratie. Het hele verhaal hoor je van Thomas Jan Geelen van Ver.ID. in gesprek met Ben van der Burg en Daniël Mol in deze aflevering van De Technoloog. Gast Thomas Jan Geelen Video Youtube Hosts Ben van der Burg & Daniël Mol Redactie Daniël Mol Rosanne Peters See omnystudio.com/listener for privacy information.

SPID non muore, sopravvive.La CIE infatti non sostituirà (ancora) lo SPID, anche grazie all'accordo firmato il 7 ottobre 2025 tra governo e gestori dell'identità digitale.Tutti i miei link: https://linktr.ee/br1brownPerché l'Italia vuole sostituire SPID con la CIE? È davvero così? | IlSoftware.itSPID non muore: rinnovata la convenzione con gli Identity ProviderIl governo ha rinnovato per cinque anni la convenzione con le aziende che forniscono lo SPID - Il PostSPID è stato rinnovato per 5 anni, ma potrà essere a pagamento e dovrà migliorare la sicurezza | DDay.itTELEGRAM - INSTAGRAMSe ti va supportami https://it.tipeee.com/br1brown

In this episode of the CIONET Podcast, Hendrik Deckers interviews Radosław Maćkiewicz, CEO of COI – Polish Centre for Information Technology, who is a nominee for the CIONET Awards 2026 (Applications & Architecture). Register here to find out who wins this prestigious title: https://www.cionet.com/events/cionet-awards-2026-part-1! Radosław unpacks Poland's public-sector digital transformation—most visibly mObywatel (mCitizen), the national digital wallet and reflects on how COI: - Reorganized ~700 engineers into 46 cross-functional product teams - Shifted decisively to Agile with clear KPIs and product ownership - Elevated delivery quality using DORA metrics (and dramatically improved time to restore) - Boosted NPS from ~20 to 47 and raised app store ratings via continuous citizen feedback - Built API-first platforms and a reusable design system aligned with eIDAS 2.0 - Drove adoption to ~11M mObywatel users with an ambition of 20M by 2035 Beyond tech, Radosław highlights the human side: emotional engagement, trust, and empowerment as the foundation for change—plus the importance of investing in the Product Owner role to keep ministries, market feedback, roadmaps, and support aligned. Don't miss the panel where Radosław will share his accomplishments: https://www.cionet.com/events/cionet-awards-2026-part-1! #CIONET #CIONETAwards #CIONETAwards2026 #DigitalLeadership #CIO #CDO #CTO #CXO #Data #AI #Applications #Architecture #CIOCommunity

Depuis le 30 juin 2025, les automobilistes français peuvent désormais stocker leur carte grise sur leur smartphone via l'application France Identité. Une avancée vers la dématérialisation des documents officiels, mais qui soulève encore de nombreuses questions pratiques et techniques.Dans cet épisode, je vous explique comment fonctionne ce nouveau service, qui peut en bénéficier, et quelles sont les limites actuelles. Vous découvrirez aussi pourquoi la carte grise numérique — comme les autres documents dématérialisés — n'est pas encore acceptée partout, malgré son caractère officiel.Je fais également un point sur l'écosystème de l'identité numérique en France, en comparant France Identité et l'identité numérique de La Poste, et en évoquant les modèles étrangers (Estonie, Suède, Belgique…). Enfin, je vous parle du futur « portefeuille d'identité européen » prévu par le règlement EIDAS 2.Au programme :Comment ajouter sa carte grise à l'application France Identité ;Les restrictions : types de véhicules concernés, conditions d'éligibilité ;Pourquoi tous les organismes ne l'acceptent pas encore ;La différence entre France Identité et l'identité numérique de La Poste ;Tour d'horizon des modèles internationaux ;Le futur portefeuille d'identité européen prévu pour 2026.-----------

De online wereld kent nog altijd een fundamenteel probleem: betrouwbare en gebruiksvriendelijke digitale identiteit ontbreekt, en Europa ziet dat ook. Te gast is Sten Reijers, mede-oprichter van Ver.ID, een bedrijf dat het Adyen voor digitale identiteiten wil worden. Geïnspireerd door IRMA, inmiddels hernoemd naar Yivi, ontwikkelt het bedrijf een infrastructuur waarmee gebruikers hun identiteitsgegevens veilig en gecontroleerd kunnen delen, ongeacht welke digitale wallet er gebruikt wordt. De Europese wetgeving helpt daarbij. Met de komst van eIDAS 2.0 verplicht de EU lidstaten om burgers toegang te geven tot een publieke digitale portemonnee. In die wallet komen verificatiegegevens te staan, die eenvoudig met organisaties gedeeld kunnen worden. De nieuwe wet moet zorgen voor één veilig en gebruiksvriendelijk alternatief. Voor Ver.iD is dat niet alleen een kans, maar ook een voorwaarde: zonder deze wet was er voor de dienst simpelweg geen markt geweest. In theorie zijn de toepassingen eindeloos. Van eenvoudige leeftijdsverificatie op sociale media tot digitale incheck bij hotels of overheden. Ook cryptobedrijven, banken en fintechs staan voor de uitdaging om klanten soepel én veilig te verifiëren. Online leeftijdsverificatie bij goksites of pornosites onbetrouwbaar. Dat geldt ook voor het vullen van webformulieren en identificatie bij e-commerceplatformen. Een universele oplossing zou daar verandering in brengen, zeker als deze bedrijven binnenkort gedwongen worden een digitaal alternatief aan te bieden. Concurrentie is er genoeg. In de VS ontwikkelt big tech eigen oplossingen, zoals Apple en Google met hun eigen wallets. In Europa is het landschap op dit moment versplinterd. En tegelijkertijd zijn er ook nog allerlei wilde technische innovaties, zoals de World Wallet van Sam Altman (scan je iris voor wat cryptogeld) en de cryptografische Zero Knowledge Proofs. Co-host is Mauro Halve. Gasten Sten Reijers Mauro Halve Links Host Daniël Mol Redactie Daniël MolSee omnystudio.com/listener for privacy information.

這一集，Mark 和 Debbie 將深入探討「數位憑證皮夾在臺灣的發展狀況」！隨著數位轉型浪潮加速，各國政府積極推動電子身份認證與數位憑證應用 。在台灣，數位發展部推出了數位憑證皮夾雛形，並已開放試驗沙盒，力拼年底在特定場域試營運 。Mark 將詳細解釋數位憑證與電子證件的差異 ，並分享數位憑證皮夾在實際生活中的應用場景，例如租車、領藥或超商取貨 。面對大眾對於資安的疑慮，本集也將深入剖析數位憑證皮夾如何透過「身份自主」、遵循「可選擇同意與退出」原則，以及採用「分散式儲存與加密技術」等多重機制，確保用戶的資訊安全與隱私保護 。此外，也將探討國際間數位身份系統的發展經驗，為台灣的數位憑證皮夾發展提供借鏡。想了解數位憑證皮夾如何改變我們的數位生活，以及它在台灣的最新發展，就不要錯過這集了！本集重點03:55 臺灣數位憑證皮夾2025大進展08:20 電子證件vs數位憑證皮夾14:48 臺灣數位憑證皮夾資訊安全三大特點21:26 Mark看數位憑證皮夾的資訊安全與可行性24:34 臺灣數位憑證皮夾沙盒試驗有四大目標26:52 借鏡國際之歐盟 eIDAS 2.0 數位身分錢包31:26 借鏡國際之日本 My Number數位身份系統34:21 Mark談臺灣數位憑證皮夾目前掌握的關鍵要素▸除了podcast，也歡迎在其他平台關注 #馬克解讀金融科技IG：https://www.instagram.com/markreadfintech（@markreadfintech）Portaly：https://portaly.cc/markreadfintech This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.markreadfintech.com

On today's episode we spoke to Rebekah Johnson, Founder & CEO of Numeracle. This was a fascinating conversation about Rebekah's journey starting Numeracle in 2016 to bring trust back to business communications by tackling robocalling and spam in the telecom ecosystem.We talk about how Numeracle became an early identity issuer in telecom through the implementation of STIR/SHAKEN protocols which have now rolled out to subscribers of carriers like T-Mobile and how she overcame the classic chicken-and-egg problem of launching before carriers were ready. We also discuss how the business identity ecosystem compares to consumer digital identity, and what companies should do when they know a new standard is coming (like eIDAS 2.0), but it's not here yet.We finish by exploring modern AI's impact on communications, including how to preserve trust when automated agents or AI-powered voice calls are part of the conversation.You can learn more about Numeracle at numeracle.com and connect with Rebekah on LinkedIn.Subscribe to our weekly newsletter for more announcements related to the future of identity at trinsic.id/podcastReach out to Riley (@rileyphughes) and Trinsic (@trinsic_id) on Twitter. We'd love to hear from you.

Get ready for EIC 2025!

Step into the future of travel where digital identity technologies are reshaping cross-border experiences. Explore the rise of innovations like automated verification, while uncovering regional success stories like SITA and India's Digi Yatra. Discover how international collaboration could make cumbersome passport checks a thing of the past. Welcome to the next era of seamless and secure global journeys. Read the original blog post here: https://www.kuppingercole.com/events/eic2025/blog/the-future-of-digital-travel-credentials-trust-adoption-and-the-eidas-20-framework

Schon mal drüber nachgedacht, wie cool es wäre, all deine wichtigen Dokumente einfach auf deinem Smartphone dabei zu haben

We are closing this season with a Spring Newsroom before we officially kick off the summer, summarizing everything that's happened in the past quarter across our usual five sections: ePrivacy (enforcement, regulatory updates), MarTech/ AdTech, AI/ Competition/ Digital Markets, PETs/ Zero-Party Data, Future of media.  This includes: EDPB's ChatGPT Task Force report EU Digital Wallets Privacy Sandbox news EU Commission vs. Apple's App Store LLM updates (Llama3, GPT 4o, Gemini, Apple Intelligence) Meta AI *not* training on EU user data Mozilla's acquisition of Anonym Oracle's exit from AdTech Revolut ads Microsoft Copilot+ Recall retreat The Trade Desk's curated list of publishers FCC fines to telecom operators for the sale of location data Consent or Pay news TikTok ban. A full transcript with links and additional resources can be found on the PrivacyCloud blog.   

Are you curious about how Germany is navigating the complex landscape of digital identity wallets and interoperability? In this episode of The SSI Orbit Podcast, host Mathieu Glaude sits down with guests Kristina Yasuda and Niels Klomp to explore Germany's ambitious wallet strategy, the development of interoperability profiles, and the influence of big tech on digital identity. Kristina and Niels bring a wealth of knowledge and firsthand experience to the discussion, making this episode a must-listen for anyone interested in the future of digital identity. They delve into Germany's approach to creating a secure and user-friendly wallet infrastructure, the challenges of achieving interoperability across different systems, and how major technology companies are shaping the digital identity space. Get ready to uncover: The strategic objectives behind Germany's wallet initiative Key considerations for developing and implementing interoperability profiles The role of big tech in driving innovation and potential risks Insights into the regulatory landscape and its impact on digital identity projects Join us for an engaging and informative conversation highlighting the complexities and opportunities within the digital identity ecosystem. Tune in to The SSI Orbit Podcast to stay ahead of the curve and gain valuable insights into the future of digital identity. Chapters: 00:00 - What wallet solutions are the German government funding, how it fits into eIDAS 2.0 11:58 - Governments x Wallets x Governance Frameworks 18:02 - Technical interop profiles from an adoption cycle lens, adoption being 27:08 - eIDAS 2.0 Personal ID adoption can happen quicker because of Org ID 30:00 - More on technical interoperability profiles: HAIP, DIIP, and the future of interop profiles 41:05 - Japanese government national ID, implications of governments issuing into Big Tech Wallets 46:00 - The Browser API for credential presentation 50:31 - Is there anything missing on top of eIDAS 2.0? 55:48 - About Presentation Exchange and its current/future roadmap in OpenID4VP

Adrian Doerk is co-founder of Lissi GmbH and co-coordinator of the IDunion research project. He has extensive experience in the rollout of digital wallets, specializing in the European digital identity wallet (EUDI-Wallet) under the eIDAS 2.0 Regulation.  Adrian has helped us answer a few important questions on this topic: How much of our lives will soon be intermediated through digital wallets or digital identities? What is “selective disclosure”? What are the privacy risks? What are the challenges of decentralization? References: Adrian Doerk on LinkedIn eIDAS 2.0 Regulation Lissi IDunion research project  

eIDAS 2.0 has been making headlines recently with its proposed expansion to the European digital identity ecosystem. But what is eIDAS? What does it do, and why does it exist? In this episode we give you the basics.

We look forward to 2024 and predict trends for PKI, certificates, and digital identity. We discuss shortening certificate lifespans, Multi-perspective Domain Validation (MPDV), eIDAS 2.0, OCSP, post-quantum cryptography (PQC), Certificate Lifecycle Management (CLM), passwords, root stores, and government versus encryption. Plus, will Jason be sent to the gulag for not being Canadian enough?

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

ETSI is preparing to release specifications for eIDAS 2.0. One controversial aspect of this new standard is that it limits browsers' ability to determine their own trusted roots. In this episode we explain this limitation and the concerns surrounding it.

Josh and Kurt talk about the new EU eIDAS regulation. This is a bill that will force web browsers to add root certificates based on law instead of technical merits, which is how it's currently done. This is concerning for a number of reasons that we discuss on the show. This proposal is not a good idea. Show Notes Mozilla site Root CA mailing list UK eIDAS regulation EFF statement on eIDAS Fixed XKCD comic

The Scott Helme Special: QWACs, eIDAS, Root Certificates, CA/Browser Forum, and Other EU Shenanigans; Sponsored by Aura https://www.troyhunt.com/weekly-update-374/See omnystudio.com/listener for privacy information.

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Bis 2026 soll die von der EU geplante Novelle zur eIDAS-Verordnung umgesetzt sein. Sie soll eine einheitliche europäische digitale Identität auf der Basis eines E-Wallets ermöglichen. Wo Erleichterung draufsteht, droht jedoch weitreichende Überwachung. Web: https://www.epochtimes.de Probeabo der Epoch Times Wochenzeitung: https://bit.ly/EpochProbeabo Twitter: https://twitter.com/EpochTimesDE YouTube: https://www.youtube.com/channel/UC81ACRSbWNgmnVSK6M1p_Ug Telegram: https://t.me/epochtimesde Gettr: https://gettr.com/user/epochtimesde Facebook: https://www.facebook.com/EpochTimesWelt/ Unseren Podcast finden Sie unter anderem auch hier: iTunes: https://podcasts.apple.com/at/podcast/etdpodcast/id1496589910 Spotify: https://open.spotify.com/show/277zmVduHgYooQyFIxPH97 Unterstützen Sie unabhängigen Journalismus: Per Paypal: http://bit.ly/SpendenEpochTimesDeutsch Per Banküberweisung (Epoch Times Europe GmbH, IBAN: DE 2110 0700 2405 2550 5400, BIC/SWIFT: DEUTDEDBBER, Verwendungszweck: Spenden) Vielen Dank! (c) 2023 Epoch Times

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit