Podcasts about passkeys

The monthly Q&A ep is here again, and this time around we field emails and Discord Qs about managing the cognitive load of your hobbies, doing jury duty in a movie theater, site discovery on the indie web, safe ways to repair damaged power cords, websites getting pushy about passkeys, even MORE accurate network time, the high technology of modern sports broadcasting, and more.Link aggregators for the indie web we mentioned include https://rss.joy and https://ooh.directory Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

The latest In Touch With iOS with Dave he is joined by Chuck Joiner, Eric Bolden, Marty Jencius, Jill McKinley. Episode 364 dives into the latest post-WWDC 2025 announcements from Apple. The panel explores updates to VisionOS, iOS 26, macOS 26 (“Tahoe”), iPad multitasking, CarPlay improvements, and Apple Watch accessibility. With new UI designs, spatial widget integration, AI feature rollouts, and hardware enhancement. The show notes are at InTouchwithiOS.com  Direct Link to Audio  Links to our Show Give us a review on Apple Podcasts! CLICK HERE we would really appreciate it! Click this link Buy me a Coffee to support the show we would really appreciate it. intouchwithios.com/coffee  Another way to support the show is to become a Patreon member patreon.com/intouchwithios Website: In Touch With iOS YouTube Channel In Touch with iOS Magazine on Flipboard Facebook Page BlueSky Mastodon X Instagram Threads Spoutible Summary In this episode of In Touch With iOS, host David Ginsburg is joined by Jill McKinley, Marty Jencius, Chuck Joiner, and Eric Bolden to unpack Apple's post-WWDC 2025 news. The conversation starts with Vision Pro and VisionOS beta capabilities, including spatial widgets and immersive media viewing in a VR environment. Marty details how he's placing widgets in his virtual space, while Eric highlights improvements in gaze-based navigation. The discussion moves to iOS 26 and its public beta (18.6), spotlighting updates focused on battery life and Apple's AI features — particularly how regulatory hurdles are shaping rollouts in international markets like China. macOS 26, codenamed “Tahoe,” gets praise for its sleek new “liquid glass” UI and personalization upgrades, including a theming engine that enhances accessibility. The team reflects on UI changes and how they affect daily workflows. Chuck shares insights from Apple leadership on multitasking in iPadOS, while Jill recounts using her iPad in the wild to stay productive. The group continues by reviewing Apple Watch's new accessibility tools and watch faces, before diving into improved Reminders functionality and syncing. Also on the docket: Meta's adoption of Passkeys, a new Google ad taking aim at iOS features, Adobe's Firefly AI toolset, Apple's Back to School promotion, and new Logitech gear built for Vision Pro. The episode wraps with a preview of Macstock 2024 and closing thoughts from the panel. Topics and Links In Touch With Vision Pro this week.  Marty tested some of the new features on VisionOS 26 beta, Widget App finding it. Fsntasical was tried F1 trailer was watched  Scrolling windows with eyes.  Beta this week. iOS 26 Beta 1 continues. Apple Seeds Revised iOS 26 Developer Beta to Fix Battery Issue Apple Releases iOS 18.6 Public Beta  In Touch With Mac this week Get a First Look at macOS Tahoe's Design and Spotlight Changes macOS Tahoe's New Theming System Explained Craig Federighi Explains Why Apple Won't Merge iPad and Mac: 'We Don't Want to Build Sporks' Post WWDC 25 Finds Safari Changes on iOS 26 Go Beyond the Address Bar - MacRumors Apple Offers Safari Design Choices in iOS 26, Learning from Past Criticism CarPlay on iOS 26: Here's Everything New Get Pumped: The 8 Coolest Features Coming to Your Apple Watch in watchOS 26 tvOS 26 Introduces Automatic Sign-In Feature for Apple TV Apps These tvOS 26 Features Are Only Available on Newer Apple TV Models Here's everything new coming to Reminders in iOS 26  News Facebook Now Supports Passkeys for Passwordless Login on iPhone and iPad Apple Begins Selling Wide Range of Accessories in Fun Summer Colors Apple Hit With Class Action Lawsuit Over iCloud Backups Google Says iOS 26 Copies Three Android Features Adobe Firefly App Launches on iOS and Android  Apple's 2025 Back to School Sale Now Live, Offering Free Accessories With Purchases Logitech Announces Two New Accessories for WWDC Apple Says iPhone XS is Now Vintage YouTube fixes crashing issue on mobile apps, tells iOS users to reinstall Announcements Macstock 9 is here for 3 Days on July 11, 12, and 13th, 2025. We have an exclusive coupon code use INTOUCH50 at checkout and save $50..Click here to Register | Macstock Conference & Expo Book your room with a Macstock discount here. Location | Macstock Conference & Expo I hope to see you there! Our Host Dave Ginsburg is an IT professional supporting Mac, iOS and Windows users and shares his wealth of knowledge of iPhone, iPad, Apple Watch, Apple TV and related technologies. Visit the YouTube channel https://youtube.com/intouchwithios follow him on Mastadon @daveg65, and the show @intouchwithios   Our Regular Contributors Jeff Gamet is a podcaster, technology blogger, artist, and author. Previously, he was The Mac Observer's managing editor, and Smile's TextExpander Evangelist. You can find him on Mastadon @jgamet as well as Twitter and Instagram as @jgamet  His YouTube channel https://youtube.com/jgamet Marty Jencius, Ph.D., is a professor of counselor education at Kent State University, where he researches, writes, and trains about using technology in teaching and mental health practice. His podcasts include Vision Pro Files, The Tech Savvy Professor and Circular Firing Squad Podcast. Find him at jencius@mastodon.social  https://thepodtalk.net  Eric Bolden is into macOS, plants, sci-fi, food, and is a rural internet supporter. You can connect with him by email at eabolden@mac.com, on Mastodon at @eabolden@techhub.social, on his blog, Trending At Work, and as co-host on The Vision ProFiles podcast.   Chuck Joiner is the host of MacVoices and hosts video podcasts with influential members of the Apple community. Make sure to visit macvoices.com and subscribe to his podcast. You can follow him on Twitter @chuckjoiner and join his MacVoices Facebook group. About our Guest Jill McKinley works in enterprise software, server administration, and IT. A lifelong tech enthusiast, she started her career with Windows but is now an avid Apple fan. Beyond technology, she shares her insights on nature, faith, and personal growth through her podcasts—Buzz Blossom & Squeak, Start with Small Steps, and The Bible in Small Steps. Watch her content on YouTube at @startwithsmallsteps and follow her on X @schmern.

Better account security is coming to Facebook They will be adding passkey support. Why are Passkeys better? Because they prevent you from being tricked into giving your credentials to a fake site. They also can't be stolen, guessed, or leaked. A password doesn't care who it sends it to, you just hand it over and if it matches it lets you in, but you could be handing it over to anyone, the real site, or a fake site. A passkey is a more sophisticated form of authentication that first sends you a secret key. If that secret key matches, meaning that site and your device can now confirm they know each other, then a different key is sent back to log you in – the site also verifies that. Think of it like a secure handshake with only the one person you want to shake hands with – everything is verified before sending any details. Meta and Oakley are teaming up for a smart glasses collab Meta really wants smart glasses to be a thing! They're releasing five Oakley styles to appeal to more people. The Oakley glasses have a 3K front-facing camera (that records video), open-ear speakers, and microphones built into the frame. When connected to your phone you can listen to music or podcasts, conduct phone calls, or chat with Meta AI. Your Kindle is about to get more accessible With the latest software update rolling out there'll be more options for adjusting line spacing, paragraph spacing, word spacing, and even character spacing. It's a big improvement for those with vision impairments. LISTEN ABOVE See omnystudio.com/listener for privacy information.

In this Road to Macstock Conference and Expo conversation we welcome longtime speaker Kirschen Seah to discuss her upcoming session, Passkeys Demystified. Kirschen explains the promise of passkeys as a more secure, user-friendly alternative to passwords, and why adoption has been slower than expected. She shares insights into how passkeys work using public key cryptography, addresses common concerns about biometric data, and outlines how password managers like Apple Keychain and 1Password integrate with the system. With real-world scenarios and practical examples, Kirschen aims to help attendees confidently adopt passkeys and understand the evolving standards behind them.  Show Notes: Chapters: 00:08 Introduction to MacVoices 00:45 Kirschen Seah Joins the Conversation 02:20 Passkeys Demystified 08:44 Managing Multiple Accounts 10:32 The Role of Password Managers 13:15 Preparing for the Session 15:55 Macstock Conference Details 17:51 The Value of Curiosity at Macstock Links: Macstock Conference and Expo Save $50 with the Kirschen's discount code: freerangecoder Save $50 with Chuck's discount code: macvoices50 Guests: Kirschen Seah's background is Computer Sciences with interests in Software Engineering, User Experience, and Mac OS X / iPhone OS development. She started programming with BASIC in 1978 on an Apple ][ and have over 30 years of experience in the field. Kirschen worked on OPENSTEP (precursor to Mac OS X Cocoa) graphical prototyping applications initially when she joined Rockwell Collins (now Collins Aerospace) in 1999, and was a Senior Principal Systems Engineer in the Flight Management Systems department focussed on the user interface for pilot interaction. Prior to joining Rockwell Collins Kirschen worked at Acuity (formerly ichat) developing interactive user interfaces for live chat customer service agents. Now retired, there's now more time to share technical insights on her blog, develop useful scripts (Python, shell), and write Shortcuts. Kirschen is really motivated to share her experience to help fellow software practitioners develop better skills – be that in good design, implementation, or computer science fundamentals. As much as she can, Kirschen tries to share the delight in discovering how iOS and macOS applications for productivity and creativity have helped her do better in her personal and (former) work life. Connect with her on her web site, FreeRangeCoder Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Parce que… c'est l'épisode 0x600! Shameless plug 2 au 4 avril 2025 - Humaco 8 et 9 avril 2025 - Cybereco 10 au 18 mai 2025 - NorthSec 27 au 30 mai 2025 - Cycon 4 au 6 juin 2025 - SSTIC 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Introduction et contexte Le 600e épisode du podcast Policesécure réunit une assemblée d'experts en cybersécurité pour aborder un sujet particulièrement pertinent : l'obsec (operational security) personnel et la façon dont les professionnels de la sécurité gèrent leurs propres risques numériques. L'animateur Nicolas souligne d'emblée le paradoxe central de cette discussion : bien que ces experts conseillent quotidiennement leurs clients sur les meilleures pratiques de sécurité, ils admettent volontiers ne pas toujours appliquer ces recommandations dans leur vie personnelle. Cette conversation virtuelle rassemble des professionnels aux parcours variés : Vincent Milette (gestionnaire chez Air Canada), Guillaume Ross (expert en sécurité avec plus de 20 ans d'expérience), Samuel Harper (journaliste spécialisé), Dominique Derrier (consultant en cybersécurité), Catherine Dupont-Gagnon (spécialiste en sensibilisation), Alexandre Fournier (expert en continuité d'activité), Stéphane Laberge (professionnel chevronné) et Andréanne Bergeron (professeure associée à l'Université de Montréal). Les approches personnelles de la sécurité Vincent Milette : l'approche pragmatique Vincent adopte une perspective d'affaires même dans sa vie personnelle. Il privilégie la praticité et évite les solutions trop contraignantes qui pourraient affecter la flexibilité de sa famille. Sa stratégie repose sur la diversification : plusieurs navigateurs selon les contextes, utilisation de VPN pour certaines activités spécifiques, et adaptation aux besoins d'une famille où les niveaux techniques varient considérablement. Guillaume Ross : l'expert prudent mais réaliste Guillaume se distingue par sa rigueur concernant les mises à jour système et les sauvegardes. Il maintient un chiffrement systématique de ses données, qu'elles soient locales ou dans le cloud. Cependant, il avoue ne pas utiliser de VPN par paranoïa du WiFi public, préférant s'appuyer sur le chiffrement TLS généralisé. Son approche révèle une contradiction intéressante : parfois, trop de sécurité peut créer des vulnérabilités, comme il l'illustre avec l'anecdote de ses trois appareils dans le même sac contenant son gestionnaire de mots de passe. Samuel Harper : le journaliste pragmatique En tant que journaliste d'enquête, Samuel présente un cas d'usage particulier. Il utilise des VPN principalement pour ses recherches sur des infrastructures suspectes et maintient des comptes séparés pour ses investigations. Il souligne la difficulté pratique de maintenir un anonymat total, notamment concernant les numéros de téléphone anonymes, et prône une approche équilibrée entre sécurité et sanité mentale. Les autres approches Dominique se décrit comme “pourri” dans son obsec personnel malgré ses conseils professionnels. Catherine révèle les défis liés à son passé en marketing, où elle a construit une présence numérique importante avant de s'intéresser à la cybersécurité. Andréanne propose une philosophie intéressante : éviter la paranoïa excessive tout en maintenant une cohérence entre discours et pratique. Les anecdotes révélatrices L'incident de Catherine : un cas d'école de sécurité physique Catherine partage une anecdote particulièrement instructive de l'époque où elle animait un canal Twitch. En annonçant publiquement ses déplacements vers un café spécifique et en diffusant depuis son appartement avec une fenêtre visible, elle a involontairement fourni assez d'informations pour qu'un spectateur déduise son adresse exacte. Cette histoire illustre parfaitement comment l'ingénierie sociale et l'agrégation d'informations apparemment anodines peuvent compromettre la sécurité personnelle. Les désastres de sauvegarde Plusieurs participants partagent leurs expériences de pertes de données. Nicolas raconte avoir perdu des machines complètes à cause de clés de chiffrement perdues, tandis qu'Alexandre évoque sa “formation” précoce à l'importance des sauvegardes après avoir accidentellement supprimé des répertoires entiers sur un mainframe militaire, affectant 200 personnes passant un examen. La sécurité physique versus numérique La discussion révèle une dichotomie intéressante entre sécurité numérique et physique. Andréanne avoue une obsession pour la sécurité physique, cachant ses équipements dans des “pièces secrètes” et utilisant des leurres, contrastant avec son approche décontractée de la cybersécurité. Cette différence d'approche soulève des questions sur la perception des menaces et leur hiérarchisation. Les participants abordent également les défis pratiques des voyages : où laisser son passeport, comment gérer les appareils électroniques, l'utilisation des coffres-forts d'hôtel (généralement considérés comme peu fiables), et les précautions à prendre aux frontières. Les outils et leur utilisation Gestionnaires de mots de passe La conversation révèle des approches variées concernant les gestionnaires de mots de passe. Alors que la plupart utilisent des solutions classiques, Andréanne se distingue en utilisant un algorithme mental personnel pour générer ses mots de passe. Dominique utilise trois voûtes différentes selon le niveau de sensibilité des comptes. VPN et WiFi public Les avis divergent considérablement sur l'utilité des VPN. Guillaume argue que le chiffrement TLS généralisé rend les VPN moins critiques pour le WiFi public, tandis que d'autres les utilisent pour des cas spécifiques. La discussion souligne l'importance de comprendre la menace réelle plutôt que de suivre aveuglément des recommandations génériques. Passkeys et nouvelles technologies Les participants sont généralement optimistes concernant les passkeys, avec Sony PlayStation citée comme exemple positif d'implémentation, malgré des défis de récupération complexes. L'adoption reste limitée par la fragmentation entre les écosystèmes (Google, Apple, Microsoft). La fatigue sécuritaire et l'expérience utilisateur Un thème central émerge : la fatigue sécuritaire. Trop de mesures de sécurité peuvent conduire à l'abandon ou à des pratiques moins sûres. Les participants soulignent l'importance de l'expérience utilisateur dans l'adoption des bonnes pratiques. Les exemples incluent les sites bloquant le copier-coller de mots de passe, les demandes répétitives d'authentification, et les interfaces mal conçues qui poussent les utilisateurs vers des solutions moins sécurisées. Signal et la communication sécurisée La discussion sur “Signalgate” illustre les limites des outils de communication sécurisée. Signal offre un excellent chiffrement de bout en bout, mais ne protège pas contre les mauvaises pratiques d'utilisation ou les compromissions d'appareils. Les participants soulignent l'importance de comprendre ce que chaque outil protège réellement versus ce qu'il ne protège pas. Les menaces modernes et l'évaluation des risques Au-delà du hacker traditionnel Les participants identifient des menaces souvent négligées : la manipulation par la publicité ciblée, l'exploitation des données par des courtiers légitimes, et l'utilisation de ces informations par les forces de l'ordre sans mandat. Samuel souligne que cette collecte légale de données personnelles représente souvent une menace plus concrète que les cyberattaques traditionnelles. L'exemple des employés nord-coréens La discussion aborde le phénomène des employés nord-coréens infiltrant des entreprises occidentales, illustrant comment les processus de vérification d'identité pour les employés distants sont souvent moins rigoureux que ceux appliqués aux clients. Évolutions technologiques et perspectives Les participants notent plusieurs améliorations positives : 99% des connexions Chrome utilisent maintenant TLS, les gestionnaires de mots de passe sont intégrés dans les systèmes d'exploitation, et le chiffrement devient standard. Cependant, des défis persistent, notamment les paramètres par défaut souvent inadéquats et la complexité de maintenance de certaines solutions. Réflexions sur l'industrie et l'éducation La conversation révèle une autocritique de l'industrie de la sécurité : les experts reconnaissent leur difficulté à communiquer efficacement avec le grand public. Les conseils sont souvent trop techniques, contradictoires, ou inadaptés au modèle de menace réel des utilisateurs moyens. L'exemple du “carnet de mots de passe” illustre cette déconnexion : universellement critiqué par les experts, il peut pourtant être la solution la plus sécurisée pour certains utilisateurs. Conclusion Ce 600e épisode de Policesécure offre une perspective rafraîchissante et honnête sur la sécurité personnelle. En admettant leurs propres failles et contradictions, ces experts humanisent les défis de la cybersécurité. Leur message principal est clair : l'évaluation du risque doit précéder toute mesure de sécurité. Il ne s'agit pas d'atteindre la perfection sécuritaire, mais de trouver un équilibre praticable entre protection et fonctionnalité. La discussion souligne l'importance de contextualiser les conseils de sécurité selon le profil de menace réel de chaque individu, plutôt que d'appliquer une approche universelle. Elle met également en lumière les défis persistants de l'industrie pour rendre la sécurité accessible et compréhensible pour tous, tout en évitant la fatigue sécuritaire qui peut paradoxalement réduire le niveau de protection global. Collaborateurs Nicolas-Loïc Fortin Dominique Derrier Stéphane Laberge Andréanne Bergeron Catherine Dupont-Gagnon Samuel Harper Vincent Milette Guillaume Ross Alexandre Fournier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

New Apple Stuff. Data Collection is maybe not so scary. Are Passkeys evil?

Passkeys and hardware authentication keys are completely different but partially related. You can use some, but not all, hardware keys as passkeys. I'll clear up the confusion, and tell you what to look for.

Jake and Michael discuss all the latest Laravel releases, tutorials, and happenings in the community.This episode is sponsored by CodeRabbit - cut code review time and bugs in half with AI-driven, contextual feedback.Show linksArr::from() Method in Laravel 12.14 "In Array Keys" Validation Rule Added in Laravel 12.16 Cast Model Properties to a Uri Instance in 12.17 Improved Installation and Frontend Hooks in Laravel Echo 2.1 PHPVerse with Brent Roose Filament Is Now Running Natively on Mobile Laravel Seeder Generator Use Passkeys in Your Laravel App Auto-translate Application Strings with Laratext Deployer Validate Controller Requests with the Laravel Data Package ElasticLens: Eloquent-Powered Elasticsearch for Laravel A Blade-Only Starter Kit for Laravel 12 Projects Prism Relay Efficiently remove expired cache data with Laravel Cache Evict Customize URL Handling with Laravel's Macroable URI Class Streamline API Resources with Laravel's Fluent MethodsFilter Model Attributes with Laravel's New except() Method Simplify Factory Associations with Laravel's UseFactory Attribute Transform JSON into Typed Collections with Laravel's AsCollection::of() Validate URLs Effectively with Laravel's Str::isUrl Method Compare Collection Keys with Laravel's diffKeys Method Verify Nested Relations Efficiently with Laravel's Enhanced relationLoaded Method Enhance Collection Validation with containsOneItem() Closure Support Test Job Failures Precisely with Laravel's assertFailedWith Method Simplify Negative Relation Queries with Laravel's whereDoesntHaveRelation Methods 

Auch Jahre nach dem «Takata-Skandal» sind in der Schweiz noch zehntausende Fahrzeuge mit lebensgefährlichen Airbags unterwegs. +++ Weiteres Thema: Swiss-ID stellt auf Login mit Passkeys um.

Random but Memorable turns 150! 1️⃣5️⃣0️⃣ (It's official, we're old.)

See omnystudio.com/listener for privacy information.

Como acceder a tus servicios auto alojados sin #contraseñas utilizando #passkeys y un estupendo proveedor de identidad como es #pocketidLas contraseñas son una auténtica contrariedad. Probablemente es de los aspectos que mas fricción crean a la hora de utilizar cualquier servicio o aplicación que lo requieran. Todas las condiciones para hacer tus contraseñas robustas son puntos de fricción. Así, no puedes utilizar una contraseña facilita para recordarla con comodidad. Además es necesario que la contraseña sea cuanto mas larga mejor. Debería tener mayúsculas, minúsculas, caracteres extraños. Por supuesto, no puedes utilizar la misma contraseña para todos tus servicios. Y para rematar la faena, tienes que cambiar las contraseñas periódicamente. Toda una Yincana que en ocasiones se convierte en una auténtica pesadilla. Y a pesar de todo esto, tampoco estamos seguros y añadimos el segundo factor de autenticación. En fin, un auténtico infierno. ¿Como resolver todo esto? con las Passkeys. En este episodio te voy a hablar sobre Passkeys y PocketID.Más información, enlaces y notas en https://atareao.es/podcast/698

Como acceder a tus servicios auto alojados sin #contraseñas utilizando #passkeys y un estupendo proveedor de identidad como es #pocketidLas contraseñas son una auténtica contrariedad. Probablemente es de los aspectos que mas fricción crean a la hora de utilizar cualquier servicio o aplicación que lo requieran. Todas las condiciones para hacer tus contraseñas robustas son puntos de fricción. Así, no puedes utilizar una contraseña facilita para recordarla con comodidad. Además es necesario que la contraseña sea cuanto mas larga mejor. Debería tener mayúsculas, minúsculas, caracteres extraños. Por supuesto, no puedes utilizar la misma contraseña para todos tus servicios. Y para rematar la faena, tienes que cambiar las contraseñas periódicamente. Toda una Yincana que en ocasiones se convierte en una auténtica pesadilla. Y a pesar de todo esto, tampoco estamos seguros y añadimos el segundo factor de autenticación. En fin, un auténtico infierno. ¿Como resolver todo esto? con las Passkeys. En este episodio te voy a hablar sobre Passkeys y PocketID.Más información, enlaces y notas en https://atareao.es/podcast/698

Adam Bell and Peter NikolaidisThe Blurring The Lines Podcast In this episode, Adam Bell and Peter Nikolaidis return with personal updates, tech talk, and a few laughs. From Adam's daughters visiting and Peter's prep for a long run, to tech hiccups and humorous pickleball injuries, the duo keeps it real. They dive into the looming […]

Passkeys are gaining attention as a new way to log in without passwords. How do they work, and how do they compare to traditional multi-factor authentication (MFA)? In this episode, we explore the history of passwords, the strengths and weaknesses of common MFA methods, and the potential of passkeys to enhance security. What threats do passkeys mitigate, and what still remain?   Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.

Losing a device with a passkey to one of your accounts will not lock you out.

Gambian Government; Isle of Man Government; Passkeys for Normal People; The Have I Been Pwned Alpine Grand Tour ; Sponsored by Snyk https://www.troyhunt.com/weekly-update-451/See omnystudio.com/listener for privacy information.

Europol shuts down six DDoS-for-hire services used in global attacks CrowdStrike says it will lay off 500 workers Passkeys set to protect GOV.UK accounts against cyber-attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

It's our World Password Day Special!

Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC  info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Steganography Challenge Didier published a fun steganography challenge. A solution will be offered on Saturday. https://isc.sans.edu/diary/Steganography+Challenge/31910 Microsoft Makes Passkeys Default Authentication Method Microsoft is now encouraging new users to use Passkeys as the default and only login method, further moving away from passwords https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/ Microsoft Authenticator Autofill Changes Microsoft will no longer support the use of Microsoft authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6 Backdoor found in popular e-commerce components SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point. https://sansec.io/research/license-backdoor

Microsoft ends Authenticator password autofill in favor of Edge StealC malware enhanced with stealth upgrades and data theft White House proposes cutting $491M from CISA budget Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Mikah Sargent takes viewers on a comprehensive tour of the Passwords app in macOS Sequoia, demonstrating how this robust tool serves as a complete credential management system. From passkeys to verification codes and shared passwords, Mikah explores how Apple has created a secure yet user-friendly solution for managing all your login information across devices. Passkeys - These are created automatically when you set up passkey authentication on websites, with limited editing options but the ability to add notes or modify the associated website. Verification codes - Users can add two-factor authentication codes either by entering setup keys manually or scanning QR codes. Wi-Fi - The app stores Wi-Fi network credentials, displays network security information (WPA2/WPA3), and lets users generate QR codes for easy sharing. Security recommendations - The app alerts users when passwords may be compromised in data breaches using Apple's differential privacy techniques that protect user privacy. Password sharing feature - Users can create groups to share specific login credentials with family members or others, with granular control over which passwords are shared. Password importing - The app supports importing passwords from CSV files, though Mikah strongly recommends deleting these files immediately after import for security. Cross-device synchronization - All passwords sync across Apple devices with end-to-end encryption via iCloud. Windows compatibility - Even Windows users can access their passwords through the iCloud Passwords app, making it a versatile solution. Passwords User Guide - Apple Support - https://support.apple.com/guide/passwords/welcome/1.1/mac/15.4.1 Host: Mikah Sargent Download or subscribe to Hands-On Mac at https://twit.tv/shows/hands-on-mac Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Mikah Sargent takes viewers on a comprehensive tour of the Passwords app in macOS Sequoia, demonstrating how this robust tool serves as a complete credential management system. From passkeys to verification codes and shared passwords, Mikah explores how Apple has created a secure yet user-friendly solution for managing all your login information across devices. Passkeys - These are created automatically when you set up passkey authentication on websites, with limited editing options but the ability to add notes or modify the associated website. Verification codes - Users can add two-factor authentication codes either by entering setup keys manually or scanning QR codes. Wi-Fi - The app stores Wi-Fi network credentials, displays network security information (WPA2/WPA3), and lets users generate QR codes for easy sharing. Security recommendations - The app alerts users when passwords may be compromised in data breaches using Apple's differential privacy techniques that protect user privacy. Password sharing feature - Users can create groups to share specific login credentials with family members or others, with granular control over which passwords are shared. Password importing - The app supports importing passwords from CSV files, though Mikah strongly recommends deleting these files immediately after import for security. Cross-device synchronization - All passwords sync across Apple devices with end-to-end encryption via iCloud. Windows compatibility - Even Windows users can access their passwords through the iCloud Passwords app, making it a versatile solution. Passwords User Guide - Apple Support - https://support.apple.com/guide/passwords/welcome/1.1/mac/15.4.1 Host: Mikah Sargent Download or subscribe to Hands-On Mac at https://twit.tv/shows/hands-on-mac Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Mikah Sargent takes viewers on a comprehensive tour of the Passwords app in macOS Sequoia, demonstrating how this robust tool serves as a complete credential management system. From passkeys to verification codes and shared passwords, Mikah explores how Apple has created a secure yet user-friendly solution for managing all your login information across devices. Passkeys - These are created automatically when you set up passkey authentication on websites, with limited editing options but the ability to add notes or modify the associated website. Verification codes - Users can add two-factor authentication codes either by entering setup keys manually or scanning QR codes. Wi-Fi - The app stores Wi-Fi network credentials, displays network security information (WPA2/WPA3), and lets users generate QR codes for easy sharing. Security recommendations - The app alerts users when passwords may be compromised in data breaches using Apple's differential privacy techniques that protect user privacy. Password sharing feature - Users can create groups to share specific login credentials with family members or others, with granular control over which passwords are shared. Password importing - The app supports importing passwords from CSV files, though Mikah strongly recommends deleting these files immediately after import for security. Cross-device synchronization - All passwords sync across Apple devices with end-to-end encryption via iCloud. Windows compatibility - Even Windows users can access their passwords through the iCloud Passwords app, making it a versatile solution. Passwords User Guide - Apple Support - https://support.apple.com/guide/passwords/welcome/1.1/mac/15.4.1 Host: Mikah Sargent Download or subscribe to Hands-On Mac at https://twit.tv/shows/hands-on-mac Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Hear from host Paul Spain and Justin Soong founder and technical director at Authsignal, as Justin shares about fortifying online security through innovative authentication solutions. They discuss the challenges and triumphs surrounding identity protection and the latest cybersecurity breaches. Plus, tech news from the week including:2025 Hi-Tech Awards finalists revealedCanadian Tech company buys majority in SeratoQuantifi Photonics acquired2degrees fined $325k for misleading claimsMicrosoft turns 50Trump's tariffs may mean paying more for gadgets in USAmazon can now buy from other websites for youWhy military planning shouldn't be on SignalThanks to our Partners One NZ, 2degrees, HP, Spark and Gorilla Technology

The Future of Security Operations podcast is back for a sixth season, and, to kick it off, Thomas is joined by Christofer Hoff. Christofer has over 30 years of experience in network and information security architecture, development, engineering, operations, and management, including security leadership roles at Bank of America, Citadel, and Juniper Networks. He's currently Chief Secure Technology Officer at LastPass, a unique role that combines the duties of CSO and CTO, while also serving on the board at FIDO Alliance. In this episode: [02:00] How blogging landed Christofer his first couple of jobs in security [06:50] Taking a more holistic approach to security through collaboration [09:40] Rebuilding LastPass's security org from scratch [12:03] Reflecting on incidents - what LastPass did right [16:12] Communicating with customers and the broader community during incidents [20:15] Navigating tech debt as a security leader [23:55] The biggest challenges AI has produced for his team [25:16] How LastPass uses an AI working group for decision-making [29:00] The evolving challenges of browser security [35:05] Passkeys, passwords and the future of secure authentication [41:40] Tips on hiring and structuring effective security teams [46:47] How LastPass creates efficiency through automation [50:38] The biggest changes he'd like to see in security [54:44] Connect with Chris The Future of Security Operations is brought to you by Tines, the orchestration, automation, and AI platform that powers some of the world's most important workflows. Where to find Christofer Hoff: LinkedIn Chris's Rational Survivability blog Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Chris on Google's Cloud Security Podcast LastPass Security Incident Summary

What about Signal messaging? The Government and Technology Disconnect; Email Masking for Privacy; How to download and delete your 23andme data NOW; The shift from passwords to passkeys; HP wins ink Cartridge class action suit; Cleaning your electronic devices; Protect your identity with IRS PINs; Top in streaming

March 26, 2025Google Passkeys-JACKED UP DAILY!On today's episode, Tim discusses google and the way they push passkeys on us users. Google is pushing so hard to get the public to have biometric passkeys. Here is the Video that Tim is watching during this episode...https://youtu.be/C4qNBLDpmss?si=8QEIyPAZXwt7lBJCOur website is www.LetsGetJackedUp.com Welcome to Jacked Up Daily with Tim, Jack, Bobby, and Karen, a dynamic daily podcast on the Fringe Radio Network. Tune in Monday through Friday at 7 AM for conservative commentary, Bible prophecy, and insights from a modern American Christian perspective. Based in Fresno, California, in the heart of the Central Valley, Jacked Up Daily brings a unique West Coast viewpoint to everything from politics and social issues to fringe topics like aliens, ghosts, and the anti-Christ. Whether discussing the rapture, end times prophecy, or offering analysis on current events, this show is perfect for your morning drive. Catch the latest episode on FringeRadioNetwork.com and join us as we explore the mysteries of the world from a bold, Christian viewpoint. Don't miss a moment of this thought-provoking and engaging show, where no topic is off-limits!FringeRadioNetwork.com LetsGetJackedup.com  E-mail us at letsgetjackedup@gmail.comFollow us on X @LetsGetJackedUp  and Facebookgo to www.StrawHatPizza.com to order your pizza if you live in Clovis or Fresno Californiamusic for this episode was from Back to the 80'shttps://youtu.be/0QKQlf8r7ls?si=dOoU1o_-HRiNm0Pv 

This episode features some game exploitation in Neverwinter Nights, weaknesses in mobile implementation for PassKeys, and a bug that allows disclosure of the email addresses of YouTube creators. We also cover some research on weaknesses in Azure.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/278.html[00:00:00] Introduction[00:00:35] Exploiting Neverwinter Nights[00:08:48] PassKey Account Takeover in All Mobile Browsers [CVE-2024-9956][00:22:51] Disclosing YouTube Creator Emails for a $20k Bounty[00:31:58] Azure's Weakest Link? How API Connections Spill Secrets[00:39:02] SAML roulette: the hacker always wins[00:40:56] Compromise of Fuse Encryption Key for Intel Security FusesPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

Las contraseñas están quedando obsoletas y la autenticación sin claves es el futuro. Descubre cómo funcionarán las Passkeys y la biometría. Hablemos de esto El show es en vivo así que no me responsabilizo por... mucho.

Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

Unfurl Update Released Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs. https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716 Google Confirms GMail To Ditch SMS Code Authentication Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/ Beware of Paypal New Address Feature Abuse Attackers are using "address change" e-mails to send links to phishing sites or trick users into calling fake tech support phone numbers. Attackers are just adding the malicious content as part of the address. The e-mail themselves are legitimate PayPal emails and will pass various spam and phishing filters. https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/ Exim SQL Injection Vulnerability Exim, with sqlite support and ETRN enabled, is vulnerable to a simple SQL injection exploit. A PoC has been released https://www.exim.org/static/doc/security/CVE-2025-26794.txt https://github.com/OscarBataille/CVE-2025-26794? XMLlib patches https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 0-Day in Parallels https://jhftss.github.io/Parallels-0-day/

In this eye-opening episode about passwords vs passkeys, W. Curtis Preston and Prasanna Malaiyandi expose why traditional password protection isn't enough for your backup systems anymore. They break down the evolution from basic passwords to MFA, and explain why passkeys and FIDO compliance represent the next level in security.Learn why hackers target backup systems first, how they exploit password vulnerabilities, and why even multi-factor authentication has its weak points. Discover why there hasn't been a single successful attack against FIDO-compliant systems, and why you should be pushing your backup vendors to support passkeys. Whether you're using a traditional backup system or a SaaS solution, this episode gives you the knowledge you need to better protect your last line of defense.We talked about this previous episode: https://www.backupwrapup.com/how-do-you-authenticate-with-all-new-hardware/

In this episode, we explore the efficient storage of honeypot logs in databases, issues with Citrix's Session Recording Agent and Windows Update. Ivanti is having another interesting security event and our SANS.edu graduate student Rich Green talks about his research on Passkeys. Extracting Practical Observations from Impractical Datasets: A SANS Internet Storm Center diary entry discusses strategies for analyzing complex datasets to derive actionable insights. https://isc.sans.edu/diary/Extracting%20Practical%20Observations%20from%20Impractical%20Datasets/31582 Citrix Session Recording Agent Update Issue: Citrix reports that Microsoft's January security update fails or reverts on machines with the 2411 Session Recording Agent installed, providing guidance on addressing this issue. https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US Ivanti Endpoint Manager Security Advisory: Ivanti releases a security advisory for Endpoint Manager versions 2024 and 2022 SU6, detailing vulnerabilities and recommended actions. https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords: A SANS.edu research paper explores the shift from traditional passwords to passkeys, highlighting the benefits and challenges of adopting passwordless authentication methods. https://www.sans.edu/cyber-research/revolutionizing-enterprise-security-exciting-future-passkeys-beyond-passwords/

In the first episode of 2025, Mikah and Abrar discuss Meta's plans to add AI bots to their social media platforms, the rise of AI-generated phishing scams, the trend of parents giving their kids retro tech devices to reduce screen time, and the current state and future potential of passkeys for secure logins. Meta plans to populate Facebook and Instagram with AI-generated bot accounts that can create content, share posts, and interact with users, in an effort to drive engagement as user growth stagnates. Abrar and Mikah debate the pros and cons of AI bots on social media. Cybersecurity experts have seen a significant increase in sophisticated phishing scams using AI to generate hyper-personalized messages mimicking people's communication styles, with over 90% of successful cyberattacks now beginning with phishing emails. Abrar and Mikah discuss cybersecurity training and email filtering used by companies to combat this. There's a growing trend of parents gifting their kids retro tech like Walkmans, portable CD players, and MP3 players in an effort to reduce screen time. Mikah and Abrar reflect on the appeal of single-purpose devices and bonding over music. Passkeys, a new login technology aiming to replace passwords, have seen increasing adoption but face usability challenges and inconsistent implementation across sites and devices. Mikah explains how passkeys work and recommends using password managers for now, as both hosts agree passkeys aren't quite ready for mainstream adoption yet. Hosts: Mikah Sargent and Abrar Al-Heeti Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit