POPULARITY
EP 247. ... and in this update, Microsoft has updated Windows Hello to require both infrared and color cameras for facial authentication, improving security by addressing a spoofing vulnerability, though it now requires visible lighting. This increases biometric reliability and inconvenience to users in low-light settings. Consider exploring alternative operating systems like Linux for flexible authentication options. Aim Labs identified and helped patch 'EchoLeak,' a zero-click vulnerability in Microsoft 365 Copilot that risked data exfiltration via malicious emails, highlighting the need for stonking great AI guardrails.Denmark is shifting from Microsoft Office and Windows to LibreOffice and Linux to enhance digital sovereignty and reduce reliance on foreign technology, driven by security, economic, and geopolitical priorities.Chinese AI companies are bypassing U.S. chip export controls by processing data in third countries like Malaysia, using suitcases of hard drives to transport AI-training data.Mattel has teamed up with OpenAI to develop AI-enhanced toys, promising safe, engaging, and age-appropriate experiences, with the first product set to launch later this year.Apple's new passkey import/export feature, built on FIDO Alliance standards, enables secure credential transfers across platforms, boosting interoperability while maintaining biometric security.This advances user convenience and cross-ecosystem flexibility. Now you can adopt passkeys to streamline secure authentication across your devices and platforms. A data broker owned by major U.S. airlines sold passenger flight data to DHS, prompting privacy concerns as agencies track travel without disclosing data sources.WhatsApp will begin displaying ads in its Updates section, using limited user data like location for targeting, while preserving end-to-end encryption for chats and messages.INTERPOL's Operation Secure dismantled over 20,000 malicious IPs linked to 69 malware variants, arresting 32 suspects and seizing significant data to curb phishing and fraud.Find the full transcript for this podcast here.
The Future of Security Operations podcast is back for a sixth season, and, to kick it off, Thomas is joined by Christofer Hoff. Christofer has over 30 years of experience in network and information security architecture, development, engineering, operations, and management, including security leadership roles at Bank of America, Citadel, and Juniper Networks. He's currently Chief Secure Technology Officer at LastPass, a unique role that combines the duties of CSO and CTO, while also serving on the board at FIDO Alliance. In this episode: [02:00] How blogging landed Christofer his first couple of jobs in security [06:50] Taking a more holistic approach to security through collaboration [09:40] Rebuilding LastPass's security org from scratch [12:03] Reflecting on incidents - what LastPass did right [16:12] Communicating with customers and the broader community during incidents [20:15] Navigating tech debt as a security leader [23:55] The biggest challenges AI has produced for his team [25:16] How LastPass uses an AI working group for decision-making [29:00] The evolving challenges of browser security [35:05] Passkeys, passwords and the future of secure authentication [41:40] Tips on hiring and structuring effective security teams [46:47] How LastPass creates efficiency through automation [50:38] The biggest changes he'd like to see in security [54:44] Connect with Chris The Future of Security Operations is brought to you by Tines, the orchestration, automation, and AI platform that powers some of the world's most important workflows. Where to find Christofer Hoff: LinkedIn Chris's Rational Survivability blog Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Chris on Google's Cloud Security Podcast LastPass Security Incident Summary
Welcome to the Fraudian Slip…the Identity Theft Resource Center's podcast, where we talk about all things identity compromise, crime, and fraud that impact people and businesses. Typically, on this podcast, we'd introduce a topic, a guest expert, and our CEO, Eva Velasquez. This month, we're listening in on “Identity Crimes Suck. So What Can We Do About it in an Era of Deregulation and Smaller Government?”, a special panel from the Identity, Authentication, and the Road Ahead Cybersecurity Policy Forum last month hosted by the Better Identity Coalition, the FIDO Alliance and the ITRC. Guests on the panel include Kemba Walden, President of Paladin Global Institute; John Breyault, Vice President of Public Policy, Telecommunications, and Fraud at the National Consumers League; Dan Lips, Senior Fellow at the Foundation for Research on Equal Opportunity; and the moderator, ITRC President, James E. Lee. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
Picking up from Part 1, hosts Lois Houston and Nikita Abraham continue their deep dive into MySQL security with MySQL Solution Engineer Ravish Patel. In this episode, they focus on user authentication techniques and tools such as MySQL Enterprise Audit and MySQL Enterprise Firewall. MySQL 8.4 Essentials: https://mylearn.oracle.com/ou/course/mysql-84-essentials/141332/226362 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. -------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead of Editorial Services with Oracle University, and with me is Lois Houston, Director of Innovation Programs. Lois: Hi everyone! Last week, we began exploring MySQL security, covering regulatory compliance and common security threats. Nikita: This week, we're continuing the conversation by digging deeper into MySQL's user authentication methods and taking a closer look at some powerful security tools in the MySQL Enterprise suite. 00:57 Lois: And we're joined once again by Ravish Patel, a MySQL Solution Engineer here at Oracle. Welcome, Ravish! How does user authentication work in MySQL? Ravish: MySQL authenticates users by storing account details in a system database. These accounts are authenticated with three elements, username and hostname commonly separated with an @ sign along with a password. The account identifier has the username and host. The host identifier specifies where the user connects from. It specifies either a DNS hostname or an IP address. You can use a wild card as part of the hostname or IP address if you want to allow this username to connect from a range of hosts. If the host value is just the percent sign wildcard, then that username can connect from any host. Similarly, if you create the user account with an empty host, then the user can connect from any host. 01:55 Lois: Ravish, can MySQL Enterprise Edition integrate with an organization's existing accounts? Ravish: MySQL Enterprise authentication integrates with existing authentication mechanisms in your infrastructure. This enables centralized account management, policies, and authentication based on group membership and assigned corporate roles, and MySQL supports a wide range of authentication plugins. If your organization uses Linux, you might already be familiar with PAM, also known as Pluggable Authentication Module. This is a standard interface in Linux and can be used to authenticate to MySQL. Kerberos is another widely used standard for granting authorization using a centralized service. The FIDO Alliance, short for Fast Identify Online, promotes an interface for passwordless authentication. This includes methods for authenticating with biometrics RUSB security tokens. And MySQL even supports logging into centralized authentication services that use LDAP, including having a dedicated plugin to connect to Windows domains. 03:05 Nikita: So, once users are authenticated, how does MySQL handle user authorization? Ravish: The MySQL privilege system uses the GRANT keyword. This grants some privilege X on some object Y to some user Z, and optionally gives you permission to grant the same privilege to others. These can be global administrative privileges that enable users to perform tasks at the server level, or they can be database-specific privileges that allow users to modify the structure or data within a database. 03:39 Lois: What about database privileges? Ravish: Database privileges can be fine-grained from the largest to the smallest. At the database level, you can permit users to create, alter, and delete whole databases. The same privileges apply at the table, view, index, and stored procedure levels. And in addition, you can control who can execute stored procedures and whether they do so with their own identity or with the privileges of the procedure's owner. For tables, you can control who can select, insert, update, and delete rows in those tables. You can even specify the column level, who can select, insert, and update data in those columns. Now, any privileged system carries with it the risk that you might forget an important password and lock yourself out. In MySQL, if you forget the password to the root account and don't have any other admin-level accounts, you will not be able to administer the MySQL server. 04:39 Nikita: Is there a way around this? Ravish: There is a way around this as long as you have physical access to the server that runs the MySQL process. If you launch the MySQL process with the --skip grant tables option, then MySQL will not load the privilege tables from the system database when it starts. This is clearly a dangerous thing to do, so MySQL also implicitly disables network access when you use that option to prevent users from connecting over the network. When you use this option, any client connection to MySQL succeeds and has root privileges. This means you should control who has shell access to the server during this time and you should restart the server or enable privileged system with the command flush privileges as soon as you have changed the root password. The privileges we have already discussed are built into MySQL and are always available. MySQL also makes use of dynamic privileges, which are privileges that are enabled at runtime and which can be granted once they are enabled. In addition, plugins and components can define privileges that relate to features of those plugins. For example, the enterprise firewall plugin defines the firewall admin privilege and the audit admin privilege is defined by the enterprise audit plugin. 06:04 Are you working towards an Oracle Certification this year? Join us at one of our certification prep live events in the Oracle University Learning Community. Get insider tips from seasoned experts and learn from others who have already taken their certifications. Go to community.oracle.com/ou to jump-start your journey towards certification today! 06:28 Nikita: Welcome back! Ravish, I want to move on to MySQL Enterprise security tools. Could you start with MySQL Enterprise Audit? Ravish: MySQL Enterprise Audit is an extension available in Enterprise Edition that makes it easier to comply with regulations that require observability and control over who does what in your database servers. It provides visibility of connections, authentication, and individual operations. This is a necessary part of compliance with various regulations, including GDPR, NIS2, HIPAA, and so on. You can control who has access to the audited events so that the audits themselves are protected. As well as configuring what you audit, you can also configure rotation policies so that unmonitored audit logs don't fill up your storage space. The configuration can be performed while the server is running with minimal effect on production applications. You don't need to restart the server to enable or disable auditing or to change the filtering options. You can output the audit logs in either XML or JSON format, depending on how you want to perform further searching and processing. If you need it, you can compress the logs to save space and you can encrypt the logs to provide address protection of audited identities and data modifications. The extension is available either as a component or if you prefer, as the legacy plugin. 07:53 Lois: But how does it all work? Ravish: Well, first, as a DBA, you'll enable the audit plugin and attach it to your running server. You can then configure filters to audit your connections and queries and record who does what, when they do it, and so on. Then once the system is up and running, it audits whenever a user authenticates, accesses data, or even when they perform schema changes. The logs are recorded in whatever format that you have configured. You can then monitor the audited events at will with MySQL tools such as Workbench or with any software that can view and manipulate XML or JSON files. You can even configure Enterprise Audit to export the logs to an external Audit Vault, enabling collection, and archiving of audit information from all over your enterprise. In general, you won't audit every action on every server. You can configure filters to control what specific information ends up in the logs. 08:50 Nikita: Why is this sort of filtering necessary, Ravish? Ravish: As a DBA, this enables you to create a custom designed audit process to monitor things that you're really interested in. Rules can be general or very fine grained, which enables you to reduce the overall log size, reduces the performance impact on the database server and underlying storage, makes it easier to process the log file once you've gathered data, and filters are configured with the easily used JSON file format. 09:18 Nikita: So what information is audited? Ravish: You can see who did what, when they did it, what commands they use, and whether they succeeded. You can also see where they connected from, which can be useful when identifying man in the middle attacks or stolen credentials. The log also records any available client information, including software versions and information about the operating system and much more. 09:42 Lois: Can you tell us about MySQL Enterprise Firewall, which I understand is a specific tool to learn and protect the SQL statements that MySQL executes? Ravish: MySQL Enterprise Firewall can be enabled on MySQL Enterprise Edition with a plugin. It uses an allow list to set policies for acceptable queries. You can apply this allow list to either specific accounts or groups. Queries are protected in real time. Every query that executes is verified per server and checked to make sure that it conforms to query structures that are defined in the allow list. This makes it very useful to block SQL injection attacks. Only transactions that match well-formed queries in the allow list are permitted. So any attempt to inject other types of SQL statements are blocked. Not only does it block such statements, but it also sends an alert to the MySQL error log in real time. This gives you visibility on any security gaps in your applications. The Enterprise Firewall has a learning mode during which you can train the firewall to identify the correct sort of query. This makes it easy to create the allow list based on a known good workload that you can create during development before your application goes live. 10:59 Lois: Does MySQL Enterprise Firewall operate seamlessly and transparently with applications? Ravish: Your application simply submits queries as normal and the firewall monitors incoming queries with no application changes required. When you use the Enterprise Firewall, you don't need to change your application. It can submit statements as normal to the MySQL server. This adds an extra layer of protection in your applications without requiring any additional application code so that you can protect against malicious SQL injection attacks. This not only applies to your application, but also to any client that configured user runs. 11:37 Nikita: How does this firewall system work? Ravish: When the application submits a SQL statement, the firewall verifies that the statement is in a form that matches the policy defined in the allow list before it passes to the server for execution. It blocks any statement that is in a form that's outside of policy. In many cases, a badly formed query can only be executed if there is some bug in the application's data validation. You can use the firewall's detection and alerting features to let when it blocks such a query, which will help you quickly detect such bugs, even when the firewall continues to block the malicious queries. 12:14 Lois: Can you take us through some of the encryption and masking features available in MySQL Enterprise Edition? Ravish: Transparent data encryption is a great way to protect against physical security disclosure. If someone gains access to the database files on the file system through a vulnerability of the operating system, or even if you've had a laptop stolen, your data will still be protected. This is called Data at Rest Encryption. It protects not only the data rows in tablespaces, but also other locations that store some version of the data, such as undo logs, redo logs, binary logs and relay logs. It is a strong encryption using the AES 256 algorithm. Once we enable transparent data encryption, it is, of course, transparent to the client software, applications, and users. Applications continue to submit SQL statements, and the encryption and decryptions happen in flight. The application code does not need to change. All data types, table structure, and database names remain the same. It's even transparent to the DBAs. The same data types, table structure, and so on is still how the DBA interacts with the system while creating indexes, views, and procedures. In fact, DBAs don't even need to be in possession of any encryption keys to perform their admin tasks. It is entirely transparent. 13:32 Nikita: What kind of management is required for encryption? Ravish: There is, of course, some key management required at the outside. You must keep the keys safe and put policies in place so that you store and rotate keys effectively, and ensure that you can recover those keys in the event of some disaster. This key management integrates with common standards, including KMIP and KMS. 13:53 Lois: Before we close, I want to ask you about the role of data masking in MySQL. Ravish: Data masking is when we replace some part of the private information with a placeholder. You can mask portions of a string based on the string position using the letter X or some other character. You can also create a table that contains a dictionary of suitable replacement words and use that dictionary to mask values in your data. There are specific functions that work with known formats of data, for example, social security numbers as used in the United States, national insurance numbers from the United Kingdom, and Canadian social insurance numbers. You can also mask various account numbers, such as primary account numbers like credit cards or IBAN numbers as used in the European Bank system. There are also functions to generate random values, which can be useful in test databases. This might be a random number within some range, or an email address, or a compliant credit card number, or social security number. You can also create random information using the dictionary table that contains suitable example values. 14:58 Nikita: Thank you, Ravish, for taking us through MySQL security. We really cannot overstate the importance of this, especially in today's data-driven world. Lois: That's right, Niki. Cyber threats are increasingly sophisticated these days. You really have to be on your toes when it comes to security. If you're interested in learning more about this, the MySQL 8.4 Essentials course on mylearn.oracle.com is a great next step. Nikita: We'd also love to hear your thoughts on our podcast so please feel free to share your comments, suggestions, or questions by emailing us at ou-podcast_ww@oracle.com. That's ou-podcast_ww@oracle.com. In our next episode, we'll journey into the world of MySQL backups. Until then, this is Nikita Abraham… Nikita: And Lois Houston, signing off! 15:51 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
With phishing and password breaches on the rise, passkeys could offer a more secure, user-friendly solution that could reshape how we protect our online identities. Today's guest is Christiaan Brand. Christiaan is the co-founder of Entersekt, a financial services security firm and a key player at Google in their security and identity teams. A respected voice in cybersecurity, Christian co-chairs the FIDO2 technical working group focusing on standardizing robust online security protocols in advancing the use of passkeys. He has been at the forefront of the shift toward more secure, password-free systems. We'll hear his insights on the challenges and opportunities of implementing passkeys to create safer online environments for users and organizations. Show Notes: [00:52] - Christiaan is part of the security team for Google accounts. He's been with Google for 9 years. Prior to that he had a startup. [01:30] - He joined the FIDO Alliance around the same time Google joined in 2013. When he joined Google, he was able to continue with the same type of work. [02:35] - Each of the big tech companies represents a portion of the market when it comes to how we interact with the web and apps. [04:06] - He became interested in security when he started thinking about what could go wrong with new technology solutions. He wanted users to be able to access their financial information in a safe and secure way. [05:06] - 2FA began gaining traction with Google in 2011. It coincided with the launch of Google Authenticator. 2FA was also used by a gaming company. [07:54] - Usability is important, that's why having an app that displays the codes was one of the first forays into making the technology more accessible. [08:34] - Passkeys allow us to move beyond passwords, leaving the extra hassle of traditional multi-factor authentication behind. [11:05] - Key fobs were one of the earlier ways to try and bring usability to security. Now the technology is being moved to smartphones. [12:33] - Passkeys are a replacement for a password manager. [13:35] - Passkeys are extremely long and asymmetric in nature. You and the site you're going to both have the passkey. [14:27] - The service will have the public part of the passkey, and you'll have the private part. Even if the public part leaks out, your passkey will still be secure. Passkeys can never be revealed to phishing sites. [15:47] - FIDO brings the second authentication step in. The service also has to identify themselves. [20:04] - Password managers try to balance security and convenience. Logging in or accessing a passkey is a unique challenge for providers. [22:20] - Phone numbers are a way to get users back into their accounts. [25:19] - Single device users have extra challenges. [26:08] - There are pros and cons to external sources of identity. [29:44] - The FIDO website has many certified solutions. [33:21] - To get passkeys into daily users' lives, we need to start using them on daily applications where we log in frequently. [35:49] - Hopefully this passkey solution will stand the test of time. [37:34] - Attacks are beginning to shift to session hijacking. [38:24] - DBSC or device-based session credentials is a new standard parallel to FIDO. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Entersekt Christiaan Brand on LinkedIn Christiaan Brand on Twitter Christiaan Brand on Facebook FIDO2 Technical Working Group Learn More About Passkeys Passkeys.Dev FIDO Alliance Passkeys
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
A look back at some of our favorite interviews from the past year: Emily Forlini of PCMag and her story about the AI "dating scene" AI through ChatGPT Plus and AI boyfriends and her somewhat lackluster experience. Jennifer Pattison Tuohy and the breaking news that the U.S. Department of Justice is suing Apple for claims that the company has an illegal monopoly over the smartphone market. Amanda Silberlng and her story that she wrote about how how AI images have entered this year's Met Gala's online discourse through celebrities who "appeared" on the Met Gala carpet. Abrar Al-Heeti and her story about how Harvard students created an app called I-XRAY that uses Meta's Ray-Ban smart glasses and facial recognition to find personal data on people in real-time, raising privacy concerns. Leah Nylen of Bloomberg talks with Mikah about the Google Antitrust Case and The Department of Justice's recommendations that could reshape the tech giant. And Nick Steele and David Turner from the FIDO Alliance join Mikah to discuss the Alliance's new specifications involving passkeys and their portability. Host: Mikah Sargent Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months. In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market. It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space. In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable! Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise. Segment Resources: Elevating Passwordless Security With AWS Nitro Synced Passkeys Will Be Portable FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys This week, in the enterprise security news, NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387 Snowflake takes security more seriously Microsoft takes security more seriously US Government takes telecom security more seriously Cleo Capital takes security more seriously EU's DORA takes effect soon Is phishing and security awareness training worthless? CISOs need financial literacy Supply chain firewall is basic but useful All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-387
For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months. In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market. It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space. In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable! Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise. Segment Resources: Elevating Passwordless Security With AWS Nitro Synced Passkeys Will Be Portable FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys This week, in the enterprise security news, NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387 Snowflake takes security more seriously Microsoft takes security more seriously US Government takes telecom security more seriously Cleo Capital takes security more seriously EU's DORA takes effect soon Is phishing and security awareness training worthless? CISOs need financial literacy Supply chain firewall is basic but useful All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-387
In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable! Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise. Segment Resources: Elevating Passwordless Security With AWS Nitro Synced Passkeys Will Be Portable FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys Show Notes: https://securityweekly.com/esw-387
In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable! Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise. Segment Resources: Elevating Passwordless Security With AWS Nitro Synced Passkeys Will Be Portable FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys Show Notes: https://securityweekly.com/esw-387
In this episode of the Trust Issues podcast, host David Puner sits down with Andrew Shikiar, the Executive Director and CEO of the FIDO Alliance, to discuss the critical issues surrounding password security and the innovative solutions being developed to address them. Andrew highlights the vulnerabilities of traditional passwords, their susceptibility to phishing and brute force attacks, and the significant advancements in passwordless authentication methods, particularly passkeys. He explains how passkeys, based on FIDO standards, utilize asymmetric public key cryptography to enhance security and reduce the risk of data breaches. The conversation also covers the broader implications of strong, user-friendly authentication methods for consumers and organizations, as well as the collaborative efforts of major industry players to make the internet a safer place. Additionally, Andrew highlights the importance of identity security in the context of these advancements, emphasizing how robust authentication methods can protect personal and organizational data. Tune in to learn about the future of authentication and the steps being taken to eliminate the reliance on passwords.
In this special episode of Identity at the Center, hosts Jim McDonald and Jeff Steadman kick off the inaugural FIDO Feud—a game show packed with fun and informative challenges about digital identity. Team Glitterati, led by Megan Shamas, and Team Identifriends, led by Jim, face off in a series of rounds centered around common passwords, identity trends, and future threats to IAM. Enjoy witty banter, audience interaction, and a spirited competition, all while diving deep into the world of Identity and Access Management. Special thanks to the FIDO Alliance and RSM US LLP for making this special event possible! 00:00 Introduction to Identity at the Center 00:20 Welcome to FIDO Feud 01:18 Meet the Team Captains 01:47 Team Names and Random Members 02:46 Game Rules and Setup 04:22 Round 1: Easy-to-Guess Passwords 07:37 Round 2: Tired Trends in IAM 11:44 IAM Metrics Showdown 12:22 Successful Logins and Password Resets 13:04 User Satisfaction and Breaches 13:44 Enrollment and Abandon Rate 14:33 Final IAM Metrics 15:45 Biggest Future Threats to IAM 17:29 Unexpected Answers and Final Round 21:16 Winners and Closing Remarks Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, I talk with Rew Islam from Dashlane about the plans from the FIDO Alliance to allow for Passkey migration between various password managers. Links FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys Synced Passkeys Will Be Portable Connect with Bradley Twitter LinkedIn Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele and David Turner Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele and David Turner Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele, David Turner, and Dan Moren Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele and David Turner Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele and David Turner Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele, David Turner, and Dan Moren Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele, David Turner, and Dan Moren Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Would you use an AI chatbot in your disagreements with your significant other? A discussion on mental health and the complexities with AI technology and social interactions. The FIDO Alliance published new specs to help promote credential portability. And Apple releases the next wave of upcoming Apple Intelligence features in the latest developer betas of iOS, macOS, and iPadOS. Emily Forlini of PCMag joins Mikah Sargent this week to discuss a humourous story from the subreddit r/AITAH, in which a user's girlfriend consults ChatGPT to help her in their arguments. Mikah shares a tragic case of a 14-year-old who took his own life after periods of interactions with an AI chatbot from Character.AI. Nick Steele and David Turner from the FIDO Alliance join the show to discuss the Alliance's new specifications involving passkeys and their portability. Dan Moren stops by to discuss the new Apple Intelligence features rolled out to the latest developer betas for iOS, iPadOS, and macOS. latest developer betas for iOS, iPadOS, and macOS. Content Warning: One of the following stories discusses the sensitive topic of suicide involving a minor. If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country. Hosts: Mikah Sargent and Emily Forlini Guests: Nick Steele, David Turner, and Dan Moren Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: threatlocker.com for Tech News Weekly shopify.com/twit uscloud.com INFO.ACILEARNING.COM/TWIT - code TWIT100
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
Inicialmente las passkeys se crearon con la idea de que estuviesen siempre asociadas a un hardware, pero el tiempo y su uso han demostrado que esto no es práctico. Por eso, la FIDO Alliance trabaja ya en el Credential Exchange Protocol (CXP) y el Credential Exchange Format (CXF).
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit
A recent MIT report revealing that 78% of businesses face challenges in AI adoption due to weak data foundations. Despite high aspirations for AI, such as enhancing efficiency and fostering innovation, only a small percentage of business leaders feel adequately prepared to engage with AI technologies. The report highlights that data governance and quality are significant obstacles, emphasizing the need for organizations to address underlying data issues before embarking on AI projects.The episode also covers the FIDO Alliance's announcement at the Authenticate conference regarding the Credential Exchange Protocol (CXP), which aims to make passkeys portable across different digital ecosystems. This initiative, supported by major tech companies like Apple, Google, and Microsoft, seeks to standardize secure transfer processes for passkeys, reducing concerns over vendor lock-in. The growing acceptance of passwordless technology is underscored by Amazon's report of over 175 million customers activating passkeys, indicating a shift towards more secure digital practices.Host Dave Sobel contrasts the approaches of OpenAI and Anthropic in the realm of AI development. OpenAI's new O1 model family focuses on structured prompt generation for efficiency and accuracy, while Anthropic emphasizes a more conversational and engaging AI experience. This divergence in methodologies reflects the differing priorities of the two companies, with OpenAI aiming for structured outputs and Anthropic fostering a personable interaction style. Additionally, a study by Apple researchers reveals limitations in mathematical reasoning within large language models, stressing the importance of human oversight in decision-making processes.Finally, the episode highlights the need for organizations to modernize their cybersecurity strategies by adopting an identity-centric zero trust model. As hybrid work environments and AI technologies challenge traditional security practices, a zero-trust approach ensures that all access requests are verified, protecting sensitive resources from unauthorized access. Sobel also discusses the importance of fostering AI experimentation within organizations to bridge the gap between individual productivity gains and overall performance, encouraging a cultural shift towards embracing AI as an integral part of business strategy. Four things to know today00:00 78% of Businesses Struggle with AI Adoption Due to Weak Data Foundations, Says MIT Report02:12 FIDO Alliance Unveils New Protocol to Make Passkeys Portable Across Platforms03:56 OpenAI's Structured AI vs. Anthropic's Conversational AI: What It Means for Business Efficiency06:23 Why AI Experimentation and Zero-Trust Security Are the Future of Organizational Strategy Supported by: https://mspradio.com/engage/ Event: www.smbTechFest.com/Go/Sobel All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social
In this episode, host Jim Love delves into sophisticated phishing attacks, cybersecurity initiatives, and significant changes in data security protocols. Listeners will learn about a national survey revealing that 53% of Canadians would switch banks after a data breach and hear insights on Apple's proposal to shorten SSL/TLS certificate lifespans. The episode also covers 23andMe's data breach and settlement, and introduces the FIDO Alliance's new protocol designed to enhance passkey portability across platforms. Emphasizing the importance of robust cybersecurity measures and user education, the discussion highlights advancements in passwordless authentication, as demonstrated by major implementations from companies like Amazon. This episode offers an in-depth look at current cybersecurity challenges and forward-thinking solutions in the realm of user authentication. 00:00 Introduction and Show Format Update 00:48 Canadian Banking Cybersecurity Concerns 01:14 Survey Insights and Financial Sector Responses 03:25 Customer Concerns and Communication Gaps 04:17 Financial Impact of Data Breaches 05:13 Apple's SSL/TLS Certificate Lifespan Proposal 06:20 Google's Push for Shorter Certificate Lifespans 07:24 23andMe Data Breach Settlement 09:55 FIDO Alliance and Passwordless Authentication 12:38 Conclusion and Show Notes
On this episode, Leo Laporte shows off his new Snapdragon Dev Kit to Paul Thurrott and Richard Campbell. He also tries setting it up, and the process is TOTALLY "seamless." AMD has revealed the Ryzen AI PRO 300 Series alongside Intel's launch of the Core Ultra 200S desktop processors. The FIDO Alliance has published new credential exchange specifications. Sarah Bond announces that Xbox games will be purchasable on Android. And Paul unveils his new "get rich" scheme... as he looks for some feedback. x86's Last Stand? Intel and AMD announce partnership that is clearly aimed at taking on Arm. Intel was already working on simplifying the x86 architecture by removing older, unused bits Don't worry, Intel and AMD will still compete. And AMD just released new AI processors, with Intel also announcing first Core Ultra chips for Desktop Which raises a question: Why do the desktop chips not meet the Copilot+ PC spec? Windows Redmond, we have a quality problem: 24H2 is besieged by a curious number of issues despite several months of gestation and a shared feature set with 23H2. Dev and Beta: Beta is minor, but Dev has some Taskbar updates Release Preview: New builds for 23H2 and 24H2 hint at this month's Week D preview updates - since this announcement, some features have been delayed Microsoft 365/Surfac Google Workspace is adding a OneDrive (for Business) data migration capability Is there some new cloud interoperability thing going on? We're seeing this in the consumer space too. Wondering if this is related to regulatory attention A Lunar Lake Surface Laptop? Probably not Passkeys Get Real As expected, FIDO Alliance will standardize passkey portability Two sides to this: Portability between devices but also import/export between password managers Amazon has 175 million customers using passkeys - one year after initial unveil Xbox With Google antitrust loss, Microsoft vaguely reveals that Xbox games are coming to Android Long-forgotten ability to stream games you purchased over Cloud Gaming is now coming soon Microsoft settles BS "Gamers' lawsuit" for what we hope was a pittance The only gamers with a case to sue Microsoft are Xbox fans - one year this week Call of Duty: Black Ops 6 and more are headed to Game Pass if anyone still cares Microsoft's Xbox Series X|S mid-season replacements are here, and they come with a fun surprise New Xbox wireless headset is incoming Microsoft to host Xbox Partner Preview tomorrow, October 17 Steam forced to communicate that you don't own anything you buy Tips and Picks Tip of the week: Check out the Thurrott swag App pick of the week: Arc browser, now native on Windows 11 on Arm! RunAs Radio this week: Pen Testing Yourself with Paula Januszkiewicz Brown liquor pick of the week: Jameson Irish Whiskey Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: lookout.com threatlocker.com 1password.com/windowsweekly uscloud.com
On this episode, Leo Laporte shows off his new Snapdragon Dev Kit to Paul Thurrott and Richard Campbell. He also tries setting it up, and the process is TOTALLY "seamless." AMD has revealed the Ryzen AI PRO 300 Series alongside Intel's launch of the Core Ultra 200S desktop processors. The FIDO Alliance has published new credential exchange specifications. Sarah Bond announces that Xbox games will be purchasable on Android. And Paul unveils his new "get rich" scheme... as he looks for some feedback. x86's Last Stand? Intel and AMD announce partnership that is clearly aimed at taking on Arm. Intel was already working on simplifying the x86 architecture by removing older, unused bits Don't worry, Intel and AMD will still compete. And AMD just released new AI processors, with Intel also announcing first Core Ultra chips for Desktop Which raises a question: Why do the desktop chips not meet the Copilot+ PC spec? Windows Redmond, we have a quality problem: 24H2 is besieged by a curious number of issues despite several months of gestation and a shared feature set with 23H2. Dev and Beta: Beta is minor, but Dev has some Taskbar updates Release Preview: New builds for 23H2 and 24H2 hint at this month's Week D preview updates - since this announcement, some features have been delayed Microsoft 365/Surfac Google Workspace is adding a OneDrive (for Business) data migration capability Is there some new cloud interoperability thing going on? We're seeing this in the consumer space too. Wondering if this is related to regulatory attention A Lunar Lake Surface Laptop? Probably not Passkeys Get Real As expected, FIDO Alliance will standardize passkey portability Two sides to this: Portability between devices but also import/export between password managers Amazon has 175 million customers using passkeys - one year after initial unveil Xbox With Google antitrust loss, Microsoft vaguely reveals that Xbox games are coming to Android Long-forgotten ability to stream games you purchased over Cloud Gaming is now coming soon Microsoft settles BS "Gamers' lawsuit" for what we hope was a pittance The only gamers with a case to sue Microsoft are Xbox fans - one year this week Call of Duty: Black Ops 6 and more are headed to Game Pass if anyone still cares Microsoft's Xbox Series X|S mid-season replacements are here, and they come with a fun surprise New Xbox wireless headset is incoming Microsoft to host Xbox Partner Preview tomorrow, October 17 Steam forced to communicate that you don't own anything you buy Tips and Picks Tip of the week: Check out the Thurrott swag App pick of the week: Arc browser, now native on Windows 11 on Arm! RunAs Radio this week: Pen Testing Yourself with Paula Januszkiewicz Brown liquor pick of the week: Jameson Irish Whiskey Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: lookout.com threatlocker.com 1password.com/windowsweekly uscloud.com
On this episode, Leo Laporte shows off his new Snapdragon Dev Kit to Paul Thurrott and Richard Campbell. He also tries setting it up, and the process is TOTALLY "seamless." AMD has revealed the Ryzen AI PRO 300 Series alongside Intel's launch of the Core Ultra 200S desktop processors. The FIDO Alliance has published new credential exchange specifications. Sarah Bond announces that Xbox games will be purchasable on Android. And Paul unveils his new "get rich" scheme... as he looks for some feedback. x86's Last Stand? Intel and AMD announce partnership that is clearly aimed at taking on Arm. Intel was already working on simplifying the x86 architecture by removing older, unused bits Don't worry, Intel and AMD will still compete. And AMD just released new AI processors, with Intel also announcing first Core Ultra chips for Desktop Which raises a question: Why do the desktop chips not meet the Copilot+ PC spec? Windows Redmond, we have a quality problem: 24H2 is besieged by a curious number of issues despite several months of gestation and a shared feature set with 23H2. Dev and Beta: Beta is minor, but Dev has some Taskbar updates Release Preview: New builds for 23H2 and 24H2 hint at this month's Week D preview updates - since this announcement, some features have been delayed Microsoft 365/Surfac Google Workspace is adding a OneDrive (for Business) data migration capability Is there some new cloud interoperability thing going on? We're seeing this in the consumer space too. Wondering if this is related to regulatory attention A Lunar Lake Surface Laptop? Probably not Passkeys Get Real As expected, FIDO Alliance will standardize passkey portability Two sides to this: Portability between devices but also import/export between password managers Amazon has 175 million customers using passkeys - one year after initial unveil Xbox With Google antitrust loss, Microsoft vaguely reveals that Xbox games are coming to Android Long-forgotten ability to stream games you purchased over Cloud Gaming is now coming soon Microsoft settles BS "Gamers' lawsuit" for what we hope was a pittance The only gamers with a case to sue Microsoft are Xbox fans - one year this week Call of Duty: Black Ops 6 and more are headed to Game Pass if anyone still cares Microsoft's Xbox Series X|S mid-season replacements are here, and they come with a fun surprise New Xbox wireless headset is incoming Microsoft to host Xbox Partner Preview tomorrow, October 17 Steam forced to communicate that you don't own anything you buy Tips and Picks Tip of the week: Check out the Thurrott swag App pick of the week: Arc browser, now native on Windows 11 on Arm! RunAs Radio this week: Pen Testing Yourself with Paula Januszkiewicz Brown liquor pick of the week: Jameson Irish Whiskey Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: lookout.com threatlocker.com 1password.com/windowsweekly uscloud.com
On this episode, Leo Laporte shows off his new Snapdragon Dev Kit to Paul Thurrott and Richard Campbell. He also tries setting it up, and the process is TOTALLY "seamless." AMD has revealed the Ryzen AI PRO 300 Series alongside Intel's launch of the Core Ultra 200S desktop processors. The FIDO Alliance has published new credential exchange specifications. Sarah Bond announces that Xbox games will be purchasable on Android. And Paul unveils his new "get rich" scheme... as he looks for some feedback. x86's Last Stand? Intel and AMD announce partnership that is clearly aimed at taking on Arm. Intel was already working on simplifying the x86 architecture by removing older, unused bits Don't worry, Intel and AMD will still compete. And AMD just released new AI processors, with Intel also announcing first Core Ultra chips for Desktop Which raises a question: Why do the desktop chips not meet the Copilot+ PC spec? Windows Redmond, we have a quality problem: 24H2 is besieged by a curious number of issues despite several months of gestation and a shared feature set with 23H2. Dev and Beta: Beta is minor, but Dev has some Taskbar updates Release Preview: New builds for 23H2 and 24H2 hint at this month's Week D preview updates - since this announcement, some features have been delayed Microsoft 365/Surfac Google Workspace is adding a OneDrive (for Business) data migration capability Is there some new cloud interoperability thing going on? We're seeing this in the consumer space too. Wondering if this is related to regulatory attention A Lunar Lake Surface Laptop? Probably not Passkeys Get Real As expected, FIDO Alliance will standardize passkey portability Two sides to this: Portability between devices but also import/export between password managers Amazon has 175 million customers using passkeys - one year after initial unveil Xbox With Google antitrust loss, Microsoft vaguely reveals that Xbox games are coming to Android Long-forgotten ability to stream games you purchased over Cloud Gaming is now coming soon Microsoft settles BS "Gamers' lawsuit" for what we hope was a pittance The only gamers with a case to sue Microsoft are Xbox fans - one year this week Call of Duty: Black Ops 6 and more are headed to Game Pass if anyone still cares Microsoft's Xbox Series X|S mid-season replacements are here, and they come with a fun surprise New Xbox wireless headset is incoming Microsoft to host Xbox Partner Preview tomorrow, October 17 Steam forced to communicate that you don't own anything you buy Tips and Picks Tip of the week: Check out the Thurrott swag App pick of the week: Arc browser, now native on Windows 11 on Arm! RunAs Radio this week: Pen Testing Yourself with Paula Januszkiewicz Brown liquor pick of the week: Jameson Irish Whiskey Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: lookout.com threatlocker.com 1password.com/windowsweekly uscloud.com
On this episode, Leo Laporte shows off his new Snapdragon Dev Kit to Paul Thurrott and Richard Campbell. He also tries setting it up, and the process is TOTALLY "seamless." AMD has revealed the Ryzen AI PRO 300 Series alongside Intel's launch of the Core Ultra 200S desktop processors. The FIDO Alliance has published new credential exchange specifications. Sarah Bond announces that Xbox games will be purchasable on Android. And Paul unveils his new "get rich" scheme... as he looks for some feedback. x86's Last Stand? Intel and AMD announce partnership that is clearly aimed at taking on Arm. Intel was already working on simplifying the x86 architecture by removing older, unused bits Don't worry, Intel and AMD will still compete. And AMD just released new AI processors, with Intel also announcing first Core Ultra chips for Desktop Which raises a question: Why do the desktop chips not meet the Copilot+ PC spec? Windows Redmond, we have a quality problem: 24H2 is besieged by a curious number of issues despite several months of gestation and a shared feature set with 23H2. Dev and Beta: Beta is minor, but Dev has some Taskbar updates Release Preview: New builds for 23H2 and 24H2 hint at this month's Week D preview updates - since this announcement, some features have been delayed Microsoft 365/Surfac Google Workspace is adding a OneDrive (for Business) data migration capability Is there some new cloud interoperability thing going on? We're seeing this in the consumer space too. Wondering if this is related to regulatory attention A Lunar Lake Surface Laptop? Probably not Passkeys Get Real As expected, FIDO Alliance will standardize passkey portability Two sides to this: Portability between devices but also import/export between password managers Amazon has 175 million customers using passkeys - one year after initial unveil Xbox With Google antitrust loss, Microsoft vaguely reveals that Xbox games are coming to Android Long-forgotten ability to stream games you purchased over Cloud Gaming is now coming soon Microsoft settles BS "Gamers' lawsuit" for what we hope was a pittance The only gamers with a case to sue Microsoft are Xbox fans - one year this week Call of Duty: Black Ops 6 and more are headed to Game Pass if anyone still cares Microsoft's Xbox Series X|S mid-season replacements are here, and they come with a fun surprise New Xbox wireless headset is incoming Microsoft to host Xbox Partner Preview tomorrow, October 17 Steam forced to communicate that you don't own anything you buy Tips and Picks Tip of the week: Check out the Thurrott swag App pick of the week: Arc browser, now native on Windows 11 on Arm! RunAs Radio this week: Pen Testing Yourself with Paula Januszkiewicz Brown liquor pick of the week: Jameson Irish Whiskey Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: lookout.com threatlocker.com 1password.com/windowsweekly uscloud.com
CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. Selected Reading Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds (CyberScoop) Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election (Fortinet) Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities (SecurityWeek) Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign (Infosecurity Magazine) Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds (CyberScoop) Eight Million Users Download 200+ Malicious Apps from Google Play (Infosecurity Magazine) TrickMo malware steals Android PINs using fake lock screen (Bleeping Computer) CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (Bleeping Computer) FIDO Alliance is Standardizing Passkey Portability (Thurrott) So far, cybercriminals appear to be just shopping around for a Telegram alternative (The Record) Ward Christensen, BBS inventor and architect of our online age, dies at age 78 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the Identity at the Center podcast, Jeff and Jim discuss the intricacies of authentication with Andrew Shikiar, Executive Director and CEO of the FIDO Alliance. The conversation covers various aspects of authentication including different use cases, the importance of passkeys, and regional adoption trends. They also highlight the upcoming Authenticate 2024 conference in Carlsbad, California, emphasizing its unique value for identity experts and practitioners. Listeners are encouraged to take advantage of early bird pricing and discount codes for the event linked below. 00:00 Welcome to the Identity at the Center Podcast 01:36 Podcast Milestones and Schedule 02:42 Engaging with the Audience 04:35 Introducing the Guest: Andrew Shikiar 07:34 FIDO Alliance and Passkeys Overview 10:12 The Importance of Passwordless Authentication 18:23 Authenticate Conference Highlights 22:07 Conference Details and Registration 26:19 Networking and Conference Challenges 26:35 Session Tracks and Remote Participation 28:02 FIDO APAC Summit in Kuala Lumpur 29:38 Highlights of the Authenticate Conference 32:21 Identity Verification and Adjacent Technologies 34:28 Live Podcasts and Interactive Sessions 35:59 Fun Activities and Networking at Authenticate 39:52 Travel Experiences and Final Thoughts Connect with Andrew: https://www.linkedin.com/in/andrewshikiar/ Learn more about the FIDO Alliance: https://fidoalliance.org/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ FIDO Alliance Shop - https://shop.fidoalliance.org/ - Use code IDAC10 for a discount on your purchase! Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
Are you ready for passkeys? Richard talks to Tarek Dawoud from Microsoft about the evolution of passwordless access with passkeys. Tarek talks about the FIDO alliance and the ongoing effort to create authentication strategies that are mathematically impossible to phish - no password stuffing under the covers that might get exploited by a man-in-the-middle attack. The conversation also dives into the passkeys name and how it's a rebranding of passwordless authentication to make it easier for everyone to understand that you'd rather have a passkey than a password. The products involved are still evolving, but there's plenty you can take advantage of today and make your organization more phishing-resistant than ever!LinksFido AllianceYubicoWindows Hello for BusinessMicrosoft Digital Defense Report 2023Accenture Passwordless JourneyConditional AccessTemporary Access PassEnable Passkeys For Your OrganizationWeb AuthenCTAPMicrosoft Password GuidanceRecorded June 3, 2024
As scams, ransomware, account takeovers, and old-fashioned data breaches persist in our personal and business lives, we are all pondering how to get ahead in the cat-and-mouse game that global fraud rings seemingly have mastered. With this episode, we're setting the stage for a series of discussions on authentication and identity, the critical components of tackling this pervasive issue. We're embarking on a journey of perspective gathering from some of the industry's leaders in risk management, authentication, and digital identity with this 2015 “from the vault” episode of Payments on Fire. Listen as Philip Andreae converses with George Peabody about the FIDO Alliance and its mission to bolster and streamline authentication. As you listen to this episode, consider the progress made since 2015 — have we come far enough, fast enough?
Microsoft's President admits security failures in congressional testimony. Paul Nakasone joins OpenAI's board. The feds hold their first AI tabletop exercise. CISA reports on the integration of space-based infrastructure. Cleveland city hall remains closed after a cyber attack. Truist commercial bank confirms a data breach. Rockwell Automation patches three high-severity vulnerabilities. University of Illinois researchers develop autonomous AI hacking agents. Arynn Crow, Sr Manager of AWS User Authentication Products, talks with N2K's Brandon Karpf about security through MFA and FIDO Alliance passkeys, and her work on the Digital Identity Advancement Foundation. Can an AI run for mayor? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In the first of our interviews captured during the AWS re:Inforce event this past week, guest Arynn Crow, Senior Manager of AWS User Authentication Products, talks with N2K's Brandon Karpf about security through MFA and FIDO Alliance passkeys, and her work on the Digital Identity Advancement Foundation. Selected Reading Microsoft Admits Security Failings Allowed China's US Government Hack (Infosecurity Magazine) OpenAI adds Trump-appointed former NSA director Paul M. Nakasone to its board (The Washington Post) CISA leads first tabletop exercise for AI cybersecurity (CyberScoop) New CISA report addresses zero trust in space, boosting security for satellites and ground infrastructure (Industrial Cyber) CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Insurance giant Globe Life investigating web portal breach (Bleeping Computer) Cleveland remains paralyzed by cyberattack (News 5 Cleveland) Truist Bank confirms breach after stolen data shows up on hacking forum (Bleeping Computer) Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE (SecurityWeek) Researchers at the University of Illinois have developed AI Agents that can Autonomously Hack Websites and Find Zero-Day Vulnerabilities (MarkTechPost) Wyoming mayoral candidate wants to govern by AI bot (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, hosts Jim McDonald and Jeff Steadman welcome Andrew Shikiar, Executive Director & CEO at the FIDO Alliance, for his 7th appearance on the Identity at the Center Podcast. They discuss what's new with the FIDO alliance and what to expect from the upcoming Authenticate event. The conversation also includes some yet to be determined topics. Don't miss out on this insightful discussion! In this episode of Identity at the Center, hosts Jim McDonald and Jeff Steadman sit down with Andrew Shakira, Executive Director of the FIDO Alliance, at Identiverse 2024. They explore the myths and realities of FIDO adoption in the banking sector, discuss the growth and impact of the FIDO Alliance, and delve into the latest developments in passwordless authentication and passkeys. Andrew shares insights into how FIDO is reducing identity-related fraud and the role of certifications in ensuring security and interoperability. The conversation also covers the importance of usability in multi-factor authentication (MFA) and the challenges and opportunities of implementing FIDO in various environments, from first responders to prisons. The episode wraps up with a look ahead to the Authenticate conference, emphasizing the collaborative and supportive nature of the identity community. Tune in for a comprehensive discussion on the state of identity authentication and the future of passwordless security. Connect with Andrew: https://www.linkedin.com/in/andrewshikiar/ Learn more about the FIDO Alliance: https://fidoalliance.org/ Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast