Podcasts about eidas

這一集，Mark 和 Debbie 將深入探討「數位憑證皮夾在臺灣的發展狀況」！隨著數位轉型浪潮加速，各國政府積極推動電子身份認證與數位憑證應用 。在台灣，數位發展部推出了數位憑證皮夾雛形，並已開放試驗沙盒，力拼年底在特定場域試營運 。Mark 將詳細解釋數位憑證與電子證件的差異 ，並分享數位憑證皮夾在實際生活中的應用場景，例如租車、領藥或超商取貨 。面對大眾對於資安的疑慮，本集也將深入剖析數位憑證皮夾如何透過「身份自主」、遵循「可選擇同意與退出」原則，以及採用「分散式儲存與加密技術」等多重機制，確保用戶的資訊安全與隱私保護 。此外，也將探討國際間數位身份系統的發展經驗，為台灣的數位憑證皮夾發展提供借鏡。想了解數位憑證皮夾如何改變我們的數位生活，以及它在台灣的最新發展，就不要錯過這集了！本集重點03:55 臺灣數位憑證皮夾2025大進展08:20 電子證件vs數位憑證皮夾14:48 臺灣數位憑證皮夾資訊安全三大特點21:26 Mark看數位憑證皮夾的資訊安全與可行性24:34 臺灣數位憑證皮夾沙盒試驗有四大目標26:52 借鏡國際之歐盟 eIDAS 2.0 數位身分錢包31:26 借鏡國際之日本 My Number數位身份系統34:21 Mark談臺灣數位憑證皮夾目前掌握的關鍵要素▸除了podcast，也歡迎在其他平台關注 #馬克解讀金融科技IG：https://www.instagram.com/markreadfintech（@markreadfintech）Portaly：https://portaly.cc/markreadfintech This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.markreadfintech.com

On today's episode we spoke to Rebekah Johnson, Founder & CEO of Numeracle. This was a fascinating conversation about Rebekah's journey starting Numeracle in 2016 to bring trust back to business communications by tackling robocalling and spam in the telecom ecosystem.We talk about how Numeracle became an early identity issuer in telecom through the implementation of STIR/SHAKEN protocols which have now rolled out to subscribers of carriers like T-Mobile and how she overcame the classic chicken-and-egg problem of launching before carriers were ready. We also discuss how the business identity ecosystem compares to consumer digital identity, and what companies should do when they know a new standard is coming (like eIDAS 2.0), but it's not here yet.We finish by exploring modern AI's impact on communications, including how to preserve trust when automated agents or AI-powered voice calls are part of the conversation.You can learn more about Numeracle at numeracle.com and connect with Rebekah on LinkedIn.Subscribe to our weekly newsletter for more announcements related to the future of identity at trinsic.id/podcastReach out to Riley (@rileyphughes) and Trinsic (@trinsic_id) on Twitter. We'd love to hear from you.

Get ready for EIC 2025!

Get ready for EIC 2025!

[współpraca] Elektroniczna pieczęć zamiast tradycyjnej? E-doręczenia jako nowy standard? A może identyfikacja przez mojeID? Sprawdź, jakie usługi zaufania warto wdrożyć w kancelarii

Mit Maik Klotz haben wir diesmal einen der wichtigten Fin-Fluencer in Deutschland zu Gast! Zufälliger Weise ist Maik auch seit 2 Jahren beim DSGV beschäftigt und verantwortet die Wallet-Strategie der Sparkassen- Finanzgruppe. Gemeinsam mit Frank und Oli taucht er tief ein in die Welt der digitalen Wallets. Die Drei sprechen über den aktuellen Stand der Entwicklung und beleuchten, warum Wallets weit mehr sind als nur eine Möglichkeit, mit Google oder Apple Pay zu bezahlen. Im Moment brodelt es in der Branche: Der sogenannte 'Wallet War' ist in vollem Gange. Doch wer sind die Hauptakteure? Was genau passiert gerade? Und wer wird am Ende den größten Teil des Kuchens für sich beanspruchen? Fragen auf die wir eine Antwort geben :-)

The Austrian State Printing House is known for its secure passports and modern identity solutions. Through its digital subsidiary, youniqx Identity, the company has helped shape secure digital identities. In this episode, Sebastian Zehetbauer, Chief Product Officer, and Stefan Vogl, Chief Technology Officer at youniqx Identity AG, share insights into their projects and the future of digital credentials.Topics:- Core business of youniqx Identity- Origins and history from the CPO's perspective- Achieved milestones- MIA – My Identity App - Target group for digital identity solutions- Digital credentials for private companies- Projects in the pipeline- New era: eIDAS 2.0 and the EUDI Wallet- Data protection and security- The future of digital identities and credentialsIf you enjoyed this episode, please leave us four or five stars as a rating and follow the podcast on Spotify, Apple Music etc. If you have any suggestions, criticism, feedback or requests for future guests, please send an email to feedback@trendingtopics.at.

Step into the future of travel where digital identity technologies are reshaping cross-border experiences. Explore the rise of innovations like automated verification, while uncovering regional success stories like SITA and India's Digi Yatra. Discover how international collaboration could make cumbersome passport checks a thing of the past. Welcome to the next era of seamless and secure global journeys. Read the original blog post here: https://www.kuppingercole.com/events/eic2025/blog/the-future-of-digital-travel-credentials-trust-adoption-and-the-eidas-20-framework

Schon mal drüber nachgedacht, wie cool es wäre, all deine wichtigen Dokumente einfach auf deinem Smartphone dabei zu haben

We are closing this season with a Spring Newsroom before we officially kick off the summer, summarizing everything that's happened in the past quarter across our usual five sections: ePrivacy (enforcement, regulatory updates), MarTech/ AdTech, AI/ Competition/ Digital Markets, PETs/ Zero-Party Data, Future of media.  This includes: EDPB's ChatGPT Task Force report EU Digital Wallets Privacy Sandbox news EU Commission vs. Apple's App Store LLM updates (Llama3, GPT 4o, Gemini, Apple Intelligence) Meta AI *not* training on EU user data Mozilla's acquisition of Anonym Oracle's exit from AdTech Revolut ads Microsoft Copilot+ Recall retreat The Trade Desk's curated list of publishers FCC fines to telecom operators for the sale of location data Consent or Pay news TikTok ban. A full transcript with links and additional resources can be found on the PrivacyCloud blog.   

Are you curious about how Germany is navigating the complex landscape of digital identity wallets and interoperability? In this episode of The SSI Orbit Podcast, host Mathieu Glaude sits down with guests Kristina Yasuda and Niels Klomp to explore Germany's ambitious wallet strategy, the development of interoperability profiles, and the influence of big tech on digital identity. Kristina and Niels bring a wealth of knowledge and firsthand experience to the discussion, making this episode a must-listen for anyone interested in the future of digital identity. They delve into Germany's approach to creating a secure and user-friendly wallet infrastructure, the challenges of achieving interoperability across different systems, and how major technology companies are shaping the digital identity space. Get ready to uncover: The strategic objectives behind Germany's wallet initiative Key considerations for developing and implementing interoperability profiles The role of big tech in driving innovation and potential risks Insights into the regulatory landscape and its impact on digital identity projects Join us for an engaging and informative conversation highlighting the complexities and opportunities within the digital identity ecosystem. Tune in to The SSI Orbit Podcast to stay ahead of the curve and gain valuable insights into the future of digital identity. Chapters: 00:00 - What wallet solutions are the German government funding, how it fits into eIDAS 2.0 11:58 - Governments x Wallets x Governance Frameworks 18:02 - Technical interop profiles from an adoption cycle lens, adoption being 27:08 - eIDAS 2.0 Personal ID adoption can happen quicker because of Org ID 30:00 - More on technical interoperability profiles: HAIP, DIIP, and the future of interop profiles 41:05 - Japanese government national ID, implications of governments issuing into Big Tech Wallets 46:00 - The Browser API for credential presentation 50:31 - Is there anything missing on top of eIDAS 2.0? 55:48 - About Presentation Exchange and its current/future roadmap in OpenID4VP

Adrian Doerk is co-founder of Lissi GmbH and co-coordinator of the IDunion research project. He has extensive experience in the rollout of digital wallets, specializing in the European digital identity wallet (EUDI-Wallet) under the eIDAS 2.0 Regulation.  Adrian has helped us answer a few important questions on this topic: How much of our lives will soon be intermediated through digital wallets or digital identities? What is “selective disclosure”? What are the privacy risks? What are the challenges of decentralization? References: Adrian Doerk on LinkedIn eIDAS 2.0 Regulation Lissi IDunion research project  

Matthias is joined by his colleague Warwick Ashford to discuss the upcoming European Identity and Cloud Conference (EIC) 2024 in Berlin. Warwick, a senior analyst at KuppingerCole and the moderator of the keynote section, shares insights on the speakers and sessions to look forward to, including notable keynotes on digital identity, AI, and cybersecurity. The episode covers the importance of interoperability, privacy, and the impact of regulations like eIDAS 2.0 on global digital identity standards. It also highlights the networking opportunities and workshops available at EIC 2024.

How can we establish trusted digital ecosystems while driving innovation? In this episode of The SSI Orbit Podcast, host Mathieu Glaude picks the brain of Dima Postnikov, Vice Chairman at the OpenID Foundation, on a standards-based solution: OpenID Federation – a framework for enabling trust across networks. As open banking and open finance initiatives spread, a crucial need arises: secure mechanisms for managing trust between participants. Dima walks us through the genesis of OpenID Federation and its role in overcoming hurdles around trust discovery and governance. The evolution of trust management approaches across sectors like open banking Understanding OpenID Federation's intersection with verifiable credentials Leveraging standards to reduce barriers and foster interoperability Tailoring OpenID Federation for use cases like eIDAS 2.0 digital identity Unpack the keys to unlocking trusted, interoperable ecosystems that safeguard data while catalyzing innovation. Tune in to this insightful conversation now! Chapters: 00:00 - Background on trust management in the OpenID world 03:49 - Learnings in trust management from the world of Open Banking 11:58 - How trust chains complement/conflict with peer to peer interactions 17:25 - OpenID Federation's architecture design 34:25 - The evolution of standards in Open Banking 39:50 - eIDAS 2.0 profiles of OpenID Federation? 47:47 - Why Canadian Open Banking should have Trust Registries at launch

Vokietijos kancleris Olafas Šolcas generolo Silvestro Žukausko poligone su prezidentu Gitanu Nausėda aptarė Vokietijos indėlį stiprinant Lietuvos saugumą, Vokietijos brigados nuolatinio dislokavimo šalyje procesą, paramos Ukrainai klausimus. Pasak prezidento, Vokietijos brigados dislokavimas šalyje yra pagrindinis Lietuvos prioritetas.Sveikatos apsaugos ministerija pristatė veiksmų planą siekiant spręsti gydytojų ir slaugytojų trūkumą. Norint pritraukti reikiamus specialistus, bus apmokama studentų ir gydytojų rezidentų studijų kaina mainais į įsipareigojimą baigus studijas dirbti įstaigoje sutartą laikotarpį. Tuo metu medicinos įstaigų atstovai tikina, kad ministerijos pristatytų priemonių neužteka.Saulės elektrines turintys gyventojai skundžiasi, kad sistemos kartais atsijungia ir niekas nepaaiškina kodėl. ESO atstovai siūlo pasidomėti, ką veikia kaimynai.Praeitą savaitę Europos Sąjunga oficialiai paskelbė naujojo eIDAS reglamento tekstą, kuris automatiškai turi įsigalioti po 20ies dienų nuo balsavimo. Šiuo reglamentu bendrija įteisina trečią dokumentą asmens tapatybei patvirtinti, visų pirma skirtą skaitmeninei aplinkai. Jis galios šalia paso ir asmens tapatybės kortelės.Vieno lietuvio per metus suvalgomas mėsos kiekis tris su puse karto viršija Pasaulio sveikatos organizacijos rekomenduojamą 30ies kilogramų normą. Augalinio maisto entuziastai politikams ir sveikatos specialistams siūlo ne tik aktyviau diskutuoti apie aplinkai draugiško mitybos Lietuvoje galimybes, bet ir imtis konkrečių veiksmų.Ved. Liuda Kudinova

Matthias and Annie discuss real-life use cases of decentralized identity. They explore two categories of decentralized identity use cases: those that radically change the relationship between individuals and organizations, and those that solve specific problems using decentralized technology. They highlight the eIDAS 2.0 regulation in Europe as a driver for decentralized identity adoption and mention the importance of interoperability testing. They also touch on the potential use of decentralized identity in supply chain management and the need for open and interoperable ecosystems.

In this episode of the SSI Orbit Podcast, host Mathieu Glaude talks with Dominik Beron, Co-Founder and CEO of walt.id, about the game-changing eIDAS 2 regulation and its impact on decentralized identity across Europe. They explore organizations' growing interest in issuing credentials, the potential challenges facing traditional identity verification companies, and the mixed sentiments surrounding the regulation's timing. 01:29 Significance of EIDAS 2 10:28 Potential Disruption of Identity Verification Companies 13:13 Negative Sentiments towards EIDAS 2 21:19 Alignment in Digital Identity Offerings of Different Nation States  25:36 Role of European Blockchain Services Infrastructure (EBSI) 30:33 Value of Digital Credentials on Blockchain Networks 40:00 The Genesis of Open Source Strategy 44:16 Benefits of Building an Open Source Company 48:53 Contributing to Open Source Projects 50:23 The Future of Wallets 55:13 Digital Signatures and Identity Wallets

eIDAS 2.0 has been making headlines recently with its proposed expansion to the European digital identity ecosystem. But what is eIDAS? What does it do, and why does it exist? In this episode we give you the basics.

We look forward to 2024 and predict trends for PKI, certificates, and digital identity. We discuss shortening certificate lifespans, Multi-perspective Domain Validation (MPDV), eIDAS 2.0, OCSP, post-quantum cryptography (PQC), Certificate Lifecycle Management (CLM), passwords, root stores, and government versus encryption. Plus, will Jason be sent to the gulag for not being Canadian enough?

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU Black Basta ransomware group has netted over $107 million since early 2022 Google's new .meme top-level domain allowing meme-related web properties CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW

ETSI is preparing to release specifications for eIDAS 2.0. One controversial aspect of this new standard is that it limits browsers' ability to determine their own trusted roots. In this episode we explain this limitation and the concerns surrounding it.

Qu'est-ce que l'identité numérique et où en est son développement en Europe ? Dans cet épisode, on fait le point sur ce sujet qui nous concerne tous. 

Josh and Kurt talk about the new EU eIDAS regulation. This is a bill that will force web browsers to add root certificates based on law instead of technical merits, which is how it's currently done. This is concerning for a number of reasons that we discuss on the show. This proposal is not a good idea. Show Notes Mozilla site Root CA mailing list UK eIDAS regulation EFF statement on eIDAS Fixed XKCD comic

The Scott Helme Special: QWACs, eIDAS, Root Certificates, CA/Browser Forum, and Other EU Shenanigans; Sponsored by Aura https://www.troyhunt.com/weekly-update-374/See omnystudio.com/listener for privacy information.

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them. New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems. Russia moves to formally ban all VPN use in the country. Two new flaws found in OpenVPN software, one allowing memory access. SpinRite development paused as DOS and Windows versions are complete. Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful. Quantum-safe symmetric cryptography is limited compared to asymmetric crypto. EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes. "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid. Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure. 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation. Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT

Bis 2026 soll die von der EU geplante Novelle zur eIDAS-Verordnung umgesetzt sein. Sie soll eine einheitliche europäische digitale Identität auf der Basis eines E-Wallets ermöglichen. Wo Erleichterung draufsteht, droht jedoch weitreichende Überwachung. Web: https://www.epochtimes.de Probeabo der Epoch Times Wochenzeitung: https://bit.ly/EpochProbeabo Twitter: https://twitter.com/EpochTimesDE YouTube: https://www.youtube.com/channel/UC81ACRSbWNgmnVSK6M1p_Ug Telegram: https://t.me/epochtimesde Gettr: https://gettr.com/user/epochtimesde Facebook: https://www.facebook.com/EpochTimesWelt/ Unseren Podcast finden Sie unter anderem auch hier: iTunes: https://podcasts.apple.com/at/podcast/etdpodcast/id1496589910 Spotify: https://open.spotify.com/show/277zmVduHgYooQyFIxPH97 Unterstützen Sie unabhängigen Journalismus: Per Paypal: http://bit.ly/SpendenEpochTimesDeutsch Per Banküberweisung (Epoch Times Europe GmbH, IBAN: DE 2110 0700 2405 2550 5400, BIC/SWIFT: DEUTDEDBBER, Verwendungszweck: Spenden) Vielen Dank! (c) 2023 Epoch Times

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit

In this episode, we sit down with Keith Uber, VP of Sales Engineering at Ubisecure, to discuss the role of verifiable credentials in identity and access management.Keith shares his insights on Organizational Identity and how vLEIs change the game, create new business opportunities, and unlock efficiencies for representatives of businesses to transact more seamlessly.Keith also shares his perspective on how Ubisecure is engaging with the eIDAS 2.0 and European Identity Wallet initiatives on the consumer identity side.We explore the fascinating overlap between Organizational Identity and Consumer Identity. While Ubisecure's focus is in the EU market, there are loads of insights that will be helpful to people building IDtech products around the world.To learn more about Ubisecure, visit https://www.ubisecure.com/.Be sure to check out Ubisecure's podcast titled ‘Let's Talk About Digital Identity' at https://www.ubisecure.com/lets-talk-about-digital-identity-podcast/.Reach out to Riley (@rileyphughes) and Trinsic (@trinsic_id) on Twitter. We'd love to hear from you.

Roberto Capodieci completely unmuted his host mic, and performed a live interview in Vincenza (Italy) with Commercio.network's President Enrico Talin. The network's 96 companies consortium seamlessly integrates eIDAS rules via a compliant third-generation blockchain, revolutionizing and legally binding practices across the financial services industries. Their innovation unifies fintech and regtech, offering a harmonious solution that transcends traditional boundaries, ensuring a cohesive and secure future for the sectors. Welcome to Disruption Stories. ‌ Meet the guest: Enrico Talin - President, Commercio.network https://www.linkedin.com/in/enricotalin/ commercio.network