Podcasts about YubiKey

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didn't matter NSA and CyberCom leaders fired for not being MAGA enough US Treasury had some dusty corners it hadn't found China in yet, looked, found China in them …which is a great time to discuss slashing CISA's staffing Ransomware crews and bullet proof hosting providers are getting rekt, and we love it And Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico's Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve. This episode is also available on Youtube. Show notes Oracle privately confirms Cloud breach to customers Oracle have finally issued a written notification to customers about their cybersecurity incident. Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive Trump fires numerous National Security Council staff - The Washington Post Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive Hackers Spied on US Bank Regulators' Emails for Over a Year - Bloomberg This is how Jeffrey Goldberg got added to the Signal chat Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News $500,000 stolen in Australian super fund data breach | Superannuation | The Guardian Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News Everest ransomware group's darknet site offline following defacement | The Record from Recorded Future News On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34). There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub The DragonForce ransomware group hacked two rivals this month CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News Kill Security Campaign Targets CrushFTP Servers National Vulnerability Database | NIST Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

Ronnie Manning is the Chief Brand Associate at Yubico, a global cybersecurity company renowned for inventing the YubiKey, which offers phishing-resistant multi-factor authentication solutions. With over 20 years of experience in agency and corporate communications, he has focused on public relations and marketing strategies to bring new technology products to market. Prior to joining Yubico, Ronnie held positions at Raytheon/Websense and Edelman Public Relations. At Yubico, he has been instrumental in promoting the adoption of hardware-based authentication solutions and advocating for enhanced cybersecurity measures. In this episode… Cyber threats are evolving faster than ever, yet many users and organizations still rely on outdated or weak authentication methods. With phishing attacks on the rise and data breaches growing costlier, the need for robust-yet-intuitive security solutions has never been greater. But how do you convince people to adopt a physical device for digital protection in a world that's increasingly mobile and virtual? According to Ronnie Manning, a cybersecurity branding expert, the answer lies in simplicity. He explains that strong security doesn't necessitate complicated processes. Ronnie also highlights how real-world usability, like eliminating the need to fumble with codes or apps, drives faster adoption. This shift toward user-friendly security builds trust, saves time, and reduces risk. He adds that educating new markets with human-centered storytelling plays a key role in overcoming resistance and legacy perceptions about hardware-based solutions. In this episode of the Revenue Engine Podcast, host Alex Gluz sits down with Ronnie Manning, Chief Brand Associate at Yubico, to talk about making cybersecurity simple, scalable, and phishing resistant. They explore how physical keys streamline enterprise authentication, why user education is key to adoption, and how phishing-resistant methods like FIDO are gaining traction. Ronnie also shares strategies for large-scale rollout and onboarding in hybrid work environments.

William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect how hardware tokens are authenticated against. The conversation covers the spectrum of hardware security key quality, attestation mechanisms, and the barriers preventing open source developers from improving industry standards despite their expertise. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-fido_auth_william_brown/

OpeningJordan Peterson. Ride or DieGrok vs GoogleGolfCalifornia BusinessMarketsS&P 8% off highs. Was 10% 1 week ago. So that was a correction Tesla 52%. Nvidia, Meta: 20%. Apple: 18%.Finance EducationSecurity. Digital Hygiene:  Great from Karpathy 2-factor authentication and strong password for financial websites. YubiKey. 1PasswordIRA Contributions401k Max: 2025: $23,500 + Employer Match + After-tax = $70,000Still can do $7000 in IRA.Treasury Secretary Scott Bessent and All-inFull Interview on X here.PalantirDOGEWebsite is GREAT!! www.doge.gov I had to google “Timor-Leste”Elon on what DOGE is finding.DOGE's spending cuts are ramping up so quickly that United Airlines announced government travel is down a MASSIVE -50%NetflixCNBC video here. MoffetNathanson Upgrades Netflix to $1100. “Netflix has won the streaming wars.Case closed”Nvidia Jensen Huang KeyNote at GTC 2025Nvidia working on driverless vehicle with GM!!   Video post here.Blue the robot. Robots are coming!!SpaceX Tesla$480. Now $230. Sow down 52%. So increase 1.1x or 110% to get back. Play at 0:30. Winner take most by Cathie Wood. $8-10 trillion in Revenue in 2030. ½ to platforms, like Tesla. Which is the biggest AI platform in the world.Dragon crew launch to ISS.Carried a russian cosmo.Stuck no More! WSJ 285 days in space. 9 months. No other US company can do this. 400th landing of Falcon 9 booster.  Will launch to Mars and carry Optimus. Crossover.Per Elon, SpaceX carries 95% of payload to orbit.Starship is the only “vehicle” currently built that can go to Mars. Boston Dynamics Robot - Break dancing. Yes its here. BYD. Sheer size of Shenzhen factory. University EndowmentsTrump threatening to suspend federal grants to Columbia University per WSJ.Play  Andreeson on University funding. RecommendationsAll-In Podcast. Chamath and Friedberg interviewing Secretary of Treasury Scott DictatorsWhite LotusElon Interview on Ted Cruz

This show has been flagged as Explicit by the host. Chatting wth Sgoti Sgoti talks about SSH and Github. openbsd: PreferredAuthentications Specifies the order in which the client should try authentication methods. gssapi-with-mic,hostbased,publickey,keyboard-interactive,password openbsd: HostKeyAlgorithms $ssh -Q HostKeyAlgorithms; ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp256@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-rsa-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com openbsd: IdentitiesOnly Specifies that ssh(1) should only use the configured authentication identity and certificate files (either the default files, or those explicitly configured in the ssh_config files or passed on the ssh(1) command-line), even if ssh-agent(1) or a PKCS11Provider or SecurityKeyProvider offers more identities. The argument to this keyword must be yes or no (the default). This option is intended for situations where ssh-agent offers many different identities. Sample ssh config. #Github Primary Yubikey Host github User git HostName github.com Port 22 IdentityFile ~/.ssh/github-yubikey-0 #Github Secondary Yubikey Host github User git HostName github.com Port 22 IdentityFile ~/.ssh/github-yubikey-1 #Global properties. Host * PubkeyAuthentication=yes PreferredAuthentications=publickey,keyboard-interactive PubkeyAcceptedAlgorithms=sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512 #ssh-ed25519 #ssh-ed25519-cert-v01@openssh.com #sk-ssh-ed25519@openssh.com #sk-ssh-ed25519-cert-v01@openssh.com #ssh-rsa ssh-keygen -t ed25519-sk -C "user@domain.tld" -f ~/.ssh/github-yubikey-0; ssh-keygen -t ed25519-sk -C "user@domain.tld" -f ~/.ssh/github-yubikey-1; chmod --change =400 ~/.ssh/github*; #Owner only! lawrencesystems: SSH with YubiKey FIDO U2F Authentication. yubico: YubiKey 5 Series github: Generating a new SSH key and adding it to the ssh-agent. EOFProvide feedback on this episode.

Technical Architecture for Digital IndependenceCore ConceptSmartphones represent a monolithic architecture that needs to be broken down into microservices for better digital independence.Authentication StrategyHardware security keys (YubiKey) replace mobile authenticatorsUSB-C insertion with button pressMore convenient than SMS/app-based 2FARequires backup key strategyOffline authentication optionsLocal encrypted SQLite password databaseAir-gapped systemsBackup protocolsDevice Distribution ArchitectureCore Components:Dumbphone/flip phone for basic communicationOffline GPS device with downloadable mapsUtility Android tablet ($50-100) for specific appsLinux workstation for developmentImplementation:SIM transfer protocols between carriersData isolation techniquesOffline-first approachDevice-specific use casesData StrategyCloud Migration:iCloud data extractionLocal storage solutionsPrivacy-focused sync servicesEncrypted remote storage with rsyncLinux Migration:Open source advantagesReduced system overheadNo commercial spywarePowers 90% of global infrastructureNetwork ArchitectureDistributed Connectivity:Pay-as-you-go hotspotsMinimal data plan requirementsImproved security through isolationUse Cases:Offline maps for navigationBatch downloading for podcastsHome network sync for updatesGarage WiFi for car updatesCost BenefitsStandard smartphone setup: ~$5,000/yeariPhone upgradesData plansCloud servicesMicroservices approach:Significantly reduced costsBetter concentrationImproved controlEnhanced privacyKey TakeawaySoftware engineering perspective suggests breaking monolithic mobile systems into optimized, offline-first microservices for better functionality and reduced dependency.

Back Down the IoT Switch Rabbit Hole; YubiKey or Phish; ABC’s HIBP PIN Analysis; Grafana’ing All Our Things; Sponsored by 1Password https://www.troyhunt.com/weekly-update-437/See omnystudio.com/listener for privacy information.

In this episode of Because of Bitcoin, Mauricio Di Bartolomeo welcomes Nick Neuman, the Co-founder and CEO of Casa, to discuss the evolution of Bitcoin self-custody, the benefits of collaborative custody, and how Casa simplifies Bitcoin security for individuals and businesses. Nick shares his journey from growing up in Kansas City to becoming a leader in Bitcoin security, as well as how Casa empowers users to take control of their digital assets while mitigating common risks.Whether you're a seasoned Bitcoin investor or new to the world of digital assets, this episode sheds light on how self-custody and innovative tools like multisig are redefining financial freedom.Key Topics Covered:Nick's Journey: From humble beginnings in Kansas City to founding Casa and revolutionizing Bitcoin security.What Is Collaborative Custody?: How multisig setups distribute the risk of managing Bitcoin keys across devices or agents.Bitcoin Security Innovations: Casa's recent features, including Casa Inheritance and YubiKey support, to enhance usability and safety.For Individuals and Businesses: How Casa serves high-net-worth individuals and companies securing Bitcoin as a treasury asset.Challenges in Financial Services: Why traditional institutions are slow to adopt multisig custody solutions and how decentralized finance could fill the gap.Quotes to Remember:"Bitcoin enables financial freedom and privacy in a way that no other tool had done yet." — Mauricio Di Bartolomeo"We design all the best practices into Casa as defaults, so you don't have to be a security expert to protect your Bitcoin." — Nick Neuman"Self-custody puts you in control of one of the most important things in your life—your money." — Nick NeumanLinks and Resources:Learn More About CasaFollow Nick Neuman on TwitterExplore Bitcoin-Backed Loans at LednEnjoyed this episode? Please leave us a review and subscribe to Because of Bitcoin on your favorite podcast platform. Stay informed with our weekly newsletter at ledn.io.

In this episode, we dive into an exciting announcement with Zach and Q from Foundation. After two years of hard work, they unveil the team's latest creation, the Passport Prime, a revolutionary personal security platform. Unlike traditional hardware wallets, Passport Prime combines the features of a hardware wallet with those of a YubiKey, offering multi-factor authentication, encrypted storage, and an extendable app platform for third-party developers. This open app platform aims to empower developers to build security applications, contrasting with Ledger's closed ecosystem.Zach and Q discuss the meticulous design process behind Passport Prime, highlighting its unique industrial design, including a curved screen and CNC'd aluminum chassis. They emphasize the device's durability, featuring Gorilla Glass and a high-quality IPS touchscreen display.The conversation shifts to the device's capabilities, which extend beyond a typical hardware wallet. Passport Prime supports various applications, including a 2FA codes app, a security key application, a file browser with a unique AirLock feature, and a seed vault app. These features make it a Swiss army knife for personal security, allowing users to securely store and manage their digital assets.KeyOS, the operating system powering Passport Prime, is introduced as a microkernel-based OS written in Rust, offering modularity, resilience, and enhanced security. The open-source nature of KeyOS allows third-party developers to create apps for the platform, with Cake Wallet being the first to integrate.The episode also covers the innovative Quantum Link Bluetooth, which ensures secure communication between Passport Prime and smartphones. This feature, along with the device's modular design, addresses potential security concerns while enhancing user experience.Finally, the hosts discuss the backup solutions for Passport Prime, utilizing NFC key cards and optional cloud backups to provide a seamless recovery process. The episode concludes with details on the device's availability and pricing, highlighting the team's dedication to creating a high-quality, user-friendly product.IMPORTANT LINKShttps://foundation.xyz/ungovernablehttps://foundation.xyz/beyondungovernablecrew@proton.mehttps://github.com/betrusted-ioVALUE FOR VALUEThanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.You can support this episode using your time, talent or treasure.TIME:- create fountain clips for the show- create a meetup- help boost the signal on social mediaTALENT:- create ungovernable misfit inspired art, animation or music- design or implement some software that can make the podcast better- use whatever talents you have to make a contribution to the show!TREASURE:- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com- DONATE via Paynym @ https://paynym.rs/+misfit- DONATE via Monero @ https://xmrchat.com/ugmf- BUY SOME CLOTHING @ https://ungovernablemisfits.com/store/- BUY SOME ART!! @ https://ungovernablemisfits.com/art-gallery/FOUNDATIONhttps://foundation.xyz/ungovernableFoundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.As a sovereign computing company, Foundation is the antithesis of today's tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can't be evil”.Thank you Foundation Devices for sponsoring the show!Use code: Ungovernable for $10 off of your purchaseCAKE WALLEThttps://cakewallet.comCake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.Features:- Built-in Exchange: Swap easily between Bitcoin and Monero.- User-Friendly: Simple interface for all users.Monero Users:- Batch Transactions: Send multiple payments at once.- Faster Syncing: Optimized syncing via specified restore heights- Proxy Support: Enhance privacy with proxy node options.Bitcoin Users:- Coin Control: Manage your transactions effectively.- Silent Payments: Static bitcoin addresses- Batch Transactions: Streamline your payment process.Thank you Cake Wallet for sponsoring the show!(00:00:00) INTRO(00:03:05) THANK YOU FOUNDATION(00:03:54) THANK YOU CAKE WALLET(00:04:59) Introducing Passport Prime: A New Personal Security Platform(00:08:09) Passport Prime: Design and Build Quality(00:11:59) Passport Prime: What Can It Do?(00:18:56) Passport Prime: Why You Need It In Your Life(00:26:34) KeyOS: The New Operating System(00:33:08) KeyOS: wHo DiD wE cLoNe!?(00:36:11) KeyOS: Third-Party Apps and Developer Ecosystem(00:41:48) Quantum Link Bluetooth: Proper Futuristic(00:49:05) What's The FUD Gonna Be?(00:51:07) Quantum Link Bluetooth: Erasing UX Hurdles(00:58:24) Quantum Link Bluetooth: Examples of Better UX(01:01:45) Quantum Link Bluetooth: The Nostr Bounty(01:07:08) Accessories and Future Features(01:12:10) So How Are We Backing All of This Up?(01:24:37) Hardware Deep Dive: What's Inside the Device?(01:34:34) Hardware Deep Dive: Q's Victory Lap(01:39:54) Call For Questions(01:40:18) When Can I Get My Hands On One?(01:43:49) Passport Gen 2 is Here To Stay(01:46:19) Congratulations Foundation!

In this interview Patrick Gray talks to Yubico's COO and President Jerrod Chong about a new Yubikey feature: pre-registration. You can now ship pre-registered Yubikeys to your staff so you don't need to rely on your staff to enrol them. They've achieved this with really slick Okta and Entra ID integrations. Jerrod also talks about a recent trip to Singapore and concerns he has about the cybersecurity of critical infrastructure in the energy sector.

In der neuesten Folge von "Passwort" kommen die Hosts an einer kurzen Einordnung der explodierenden Pager nicht vorbei, halten sich aber mit dem Thema nicht lange auf. Schließlich gibt es noch viel anderes zu besprechen, etwa einen nun durch Strafverfolger abgeräumten Messengerdienst für Kriminelle, Details zum Fehler in Yubikeys, Malware mit cleveren Social-Engineering-Tricks und Clipboard-Manipulation und ein "bat-ylonisches" Dateiendungs-Gewirr. - Qubes OS - a reasonable secure operating system: https://www.qubes-os.org/ Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://aktionen.heise.de/heise-security-pro

Growth always brings challenges. In today's episode, we talk about how the DoD can manage the challenge of development in several aspects of identity management. Like most federal agencies, the DoD has made a move to the hybrid cloud; this alone adds to the complexity of the identification process. However, in addition to the 1.3 million active-duty service members, they must contend with reserves, DoD civilians, veterans, and many more. Oh, did we mention mobile? The official designation of the process of validating identity is called Identity Credentialing and Access Management, or ICAM. During this interview, experts from Akamai suggest: >> Consider applying AI/ML to help analyze identity data. >>> Fast Identity Online (FIDO) FIDO standards exist, and one can consider applying FIDO to simplify identity. Akamai has worked with both Defense and Civilian agencies to enable technologies like CAC/PIV and YUBIkey. Further, their well-known enterprise access management gives them the ability to protect web applications as well as mobile devices. Many organizations are tasked with managing millions of individuals. Very few are associated with capabilities that can have as serious consequences as the DoD.

Coming up in this episode * Death & Taxes * Stop Filing Bug Reports! -- like that * and Your Emails! 0:00 Cold Open 1:25 Yubikeys are DEAD! 10:41 Deep In the Heart of Ptyxis 28:01 The Do's and Don'ts of Bug Reports 42:47 Email: Scott J 49:47 Email: Ben 52:49 Email: Bruce H 57:48 Email: Rob Simmons 1:03:22 Email: DailyDriver 1:04:24 Email: J 1:08:34 Pnext Time 1:10:17 Pstinger See the Video on Youtube (https://youtu.be/jWSVnDYeEe4)! https://youtu.be/jWSVnDYeEe4 Your Yubikey is DEAD! The Yubico advisory (https://www.yubico.com/support/security-advisories/ysa-2024-03/) arsTechnica coverage (https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/) The really deep dive details (https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf)

This week, in the enterprise security news, Cribl, Zafran, and US states raise funding Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups AI Security products are picking up steam You probably shouldn't be too worried about Yubikey cloning Instead, you should be more worried about malicious npm packages! The White House wants to fix BGP SolarWinds has shady stuff in its source code, AGAIN The challenge of bringing security to small business Scams are getting quicker and more effective how not to run a phishing test and AI assistants rickroll paying customers! We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it's important for security professionals to attend/tune in. This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass! Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team. For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three. A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did! Segment Resources: Keeper Press Release on the Partnership Williams Press Release on the Partnership Some more details from Keeper on why they chose to sponsor automotive racing Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-375

This week, in the enterprise security news, Cribl, Zafran, and US states raise funding Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups AI Security products are picking up steam You probably shouldn't be too worried about Yubikey cloning Instead, you should be more worried about malicious npm packages! The White House wants to fix BGP SolarWinds has shady stuff in its source code, AGAIN The challenge of bringing security to small business Scams are getting quicker and more effective how not to run a phishing test and AI assistants rickroll paying customers! We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it's important for security professionals to attend/tune in. This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass! Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team. For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three. A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did! Segment Resources: Keeper Press Release on the Partnership Williams Press Release on the Partnership Some more details from Keeper on why they chose to sponsor automotive racing Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-375

EUCLEAK, a newly revealed side channel vulnerability, can clone the contents of a YubiKey. We talk about the attack and its significance.

This week, in the enterprise security news, Cribl, Zafran, and US states raise funding Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups AI Security products are picking up steam You probably shouldn't be too worried about Yubikey cloning Instead, you should be more worried about malicious npm packages! The White House wants to fix BGP SolarWinds has shady stuff in its source code, AGAIN The challenge of bringing security to small business Scams are getting quicker and more effective how not to run a phishing test and AI assistants rickroll paying customers! Show Notes: https://securityweekly.com/esw-375

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story on the "Hello pervert" sextortion scam, where scammers now use threats of Pegasus spyware and photos of victims' homes to intensify their demands. We have quite a bit of follow-up today. Scott from Australia shared how self-service checkouts now display scam warnings when purchasing gift cards to prevent fraud. Jim highlighted a vulnerability in YubiKey encryption libraries that allows key cloning with an oscilloscope, while a former US Marshal reminded us that Zelle is marketed specifically for transfers between friends and family. Joe's story is on Loria Stern, a small bakery owner who fell victim to a counterfeit check scam after receiving a $7,500 payment for a large cupcake order that was later halved, resulting in her bank withdrawing the funds. Dave's story follows the scams targeting grieving individuals on Facebook, where cybercriminals use fake funeral live stream links or donation requests to steal money and credit card details. Our catch of the day comes from listener Anne, who shares a phishing email sent to a friend. The email emphasized the importance of thorough testing in the software development lifecycle and came with a suspicious PDF attachment, likely containing a malicious link. Anne hopes the campaign has zero success. Links to the stories: “Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home LA bakery owner takes big financial hit after receiving scam order of 1,000 cupcakes, paid for with a $7.5K counterfeit check — her bank's promise of protection fell through Fake funeral “live stream” scams target grieving users on Facebook You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Lee comes on the show to discuss: EU CRA - https://en.wikipedia.org/wiki/CyberResilienceAct - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure" Recent legislation on disputes for federal agency fines - Chevron deference rule - supreme court decision, uncertainty, more or less clarity - proven in the first court case? opens to more litigation -https://www.nrdc.org/stories/what-happens-if-supreme-court-ends-chevron-deference Breach disclosure laws - mandatory disclosure rules from the SEC - https://www.sec.gov/newsroom/press-releases/2024-31 Defcon cease and desist - “Copyright Act, the Defend Trade Secret Acts, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act” - https://securityledger.com/2024/08/a-digital-lock-maker-tried-to-squash-a-def-con-talk-it-happened-anyway-heres-why/ Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram's encryption: it's kinda like putting a 'Keep Out' sign but leaving the door unlocked. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-842

Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram's encryption: it's kinda like putting a 'Keep Out' sign but leaving the door unlocked. Show Notes: https://securityweekly.com/psw-842

Lee comes on the show to discuss: EU CRA - https://en.wikipedia.org/wiki/CyberResilienceAct - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure" Recent legislation on disputes for federal agency fines - Chevron deference rule - supreme court decision, uncertainty, more or less clarity - proven in the first court case? opens to more litigation -https://www.nrdc.org/stories/what-happens-if-supreme-court-ends-chevron-deference Breach disclosure laws - mandatory disclosure rules from the SEC - https://www.sec.gov/newsroom/press-releases/2024-31 Defcon cease and desist - “Copyright Act, the Defend Trade Secret Acts, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act” - https://securityledger.com/2024/08/a-digital-lock-maker-tried-to-squash-a-def-con-talk-it-happened-anyway-heres-why/ Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram's encryption: it's kinda like putting a 'Keep Out' sign but leaving the door unlocked. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-842

Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

Drex highlights a significant cryptographic flaw discovered in YubiKey 5 series devices, which could leave your organization exposed. Next, he discusses the increasing need to quantify and communicate cyber risk effectively, shifting to the implications of a recent legal victory for the hospital industry on patient data privacy. Remember, Stay a little paranoid.Subscribe: https://www.thisweekhealth.com/subscribe/Linkedin: https://www.linkedin.com/company/ThisWeekHealthTwitter: https://twitter.com/thisweekhealthDonate: Alex's Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454

In this episode of Patch [FIX] Tuesday, Tom and Jason celebrate their 11th episode and reflect on the success of the Automox YouTube channel. They discuss a Windows Update RCE, YubiKey Security Advisories, and a Visio RCE. They emphasize the importance of patching the Windows Update vulnerability immediately due to its potential for exploitation. They also discuss the YubiKey vulnerability, noting that while it requires specialized equipment to exploit, it highlights the fundamental role of YubiKeys in security.

In episode 278 of the Defensive Security Podcast, Jerry Bell and Andrew Kalat discuss various recent cybersecurity topics. The episode starts with light-hearted banter about vacations before diving into the main topics. Key discussions include a new vulnerability in YubiKey that requires sophisticated physical attacks, resulting in a low overall risk but sparking debate about … Continue reading Defensive Security Podcast Episode 278 →

Episode 194: Yubikey vulnerability, escalating sextortion scams, Clearview fine, Bitwarden iOS overhaul, and more!

- Judge Orders X Ban in Brazil, Threatens People Accessing X via VPN with $8,874 Daily Fine https://www.nobsbitcoin.com/judge-orders-x-ban-in-brazil-threatens-people-accessing-x-via-vpn-with-8-874-daily-fine/ - Older YubiKeys Vulnerable to Sophisticated Cloning Attacks https://www.nobsbitcoin.com/older-yubikeys-vulnerable-to-cloning-attacks/ - Mutiny Wallet Shutdown Timeline https://www.nobsbitcoin.com/mutiny-wallet-shutdown-timeline-announced/ - Bull Bitcoin Announces Launch in France, Mobile Wallet v0.3.0 https://www.nobsbitcoin.com/bull-bitcoin-announces-launch-in-france-mobile-wallet-v0-3-0-released/ - Strike Now Supports Sending Payments to BOLT 12 Offers https://www.nobsbitcoin.com/strike-now-supports-sending-payments-to-bolt-12-offers/ - Human Rights Foundation Story of the Week Tanzania | Blocks X Amid Political Repression Tanzania's government is cracking down on political dissent by blocking access to X, as reported by HRF grantee Netblocks, an organization dedicated to monitoring Internet freedom worldwide. According to Netblocks, “the incident comes as the police force issues an alert over alleged opposition party plans to raid police stations where political prisoners might be held.” Tanzania has witnessed an unprecedented crackdown from security forces, who have detained hundreds of opposition party members, including the chairman of the Chadema party, Freeman Mbwoe, and his deputy, Tundu Lissu. Other prominent critics, including Deusdedith Soka and Dioniz Kipanya, disappeared, while Shadrack Chaula, a TikToker critical of President Samia Suluhu Hassan, remains missing. These actions undermine democratic processes and escalate the government's efforts to stifle dissent and control information. FinancialFreedomReport.org - Core Lightning v24.08: 'Steel Backed-up Channels' https://www.nobsbitcoin.com/core-lightning-v24-08/ - Alby Hub v1.7.2: Friends & Family App https://www.nobsbitcoin.com/alby-hub-v1-7-2/ - Blixt Wallet v7.0.0: New Syncing Nodes, Stability Improvements & More https://www.nobsbitcoin.com/blixt-wallet-v7-0-0/ - Breez SDK Liquid v0.3.0: LNURL-Pay Support,Go & C# Bindings & More https://www.nobsbitcoin.com/breez-sdk-liquid-v0-3-0/ - Geyser v0.12.0: Major UX Redesign https://www.nobsbitcoin.com/geyser-v0-12-0/ - noStrudel v0.40.0: Encrypted nSec, Blossom Uploads, Wasm Relay, Blindspot Feeds & More https://www.nobsbitcoin.com/nostrudel-v0-40-0/ 2:51 - Back in Austin 6:31 - Dashboard & dogs 9:09 - X ban in Brazil, Nostr, free speech 27:32 - Stak 28:49 - Yubikey vulnerable 32:30 - Mutiny shutdown timeline 34:19 - Bull Bitcoin in France 38:29 - Strike BOLT12 44:04 - HRF Story of the Week 47:16 - Nostr C2A & more dogs 50:54 - Boosts and Fountain Nostr 58:05 - Software updates 1:07:55 - RIP Walgreens Shoutout to our sponsors: Unchained Capital https://unchained.com/concierge/ Coinkite https://coinkite.com/ TFTC Merch is Available: Shop Now https://merch.tftc.io/ Join the TFTC Movement: Main YT Channel https://www.youtube.com/c/TFTC21/videos Clips YT Channel https://www.youtube.com/channel/UCUQcW3jxfQfEUS8kqR5pJtQ Website https://tftc.io/ Twitter https://twitter.com/tftc21 Instagram https://www.instagram.com/tftc.io/ Follow Marty Bent: Twitter https://twitter.com/martybent Newsletter https://tftc.io/martys-bent/ Podcast https://tftc.io/podcasts/ Follow Odell: Nostr https://primal.net/odell Newsletter https://discreetlog.com/ Podcast https://citadeldispatch.com/

Video Episode: https://youtu.be/ECOVSA0MIyY In today's episode, we delve into the newly discovered EUCLEAK attack affecting YubiKey FIDO devices, emphasizing the potential for state-sponsored actors to exploit vulnerabilities in the Infineon SLE78 microcontroller. We also discuss Cisco's response to a backdoor found in the Smart Licensing Utility, a critical flaw that allows unauthorized admin access, and highlight the Revival Hijack supply-chain attack endangering over 22,000 PyPI packages. Lastly, we urge Android users to install security updates addressing the actively exploited CVE-2024-32896 vulnerability. Links to articles discussed: https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/ https://www.bleepingcomputer.com/news/security/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/ https://www.bleepingcomputer.com/news/security/revival-hijack-supply-chain-attack-threatens-22-000-pypi-packages/ https://thehackernews.com/2024/09/google-confirms-cve-2024-32896.html Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ EUCLEAK, YubiKey, Infineon, microcontroller, Cisco, Smart Licensing Utility, vulnerability, cybersecurity, Revival Hijack, PyPI, JFrog, Hackers, CVE-2024-32896, Google What are today's top cybersecurity news stories?, EUCLEAK YubiKey vulnerability, Cisco Smart Licensing Utility backdoor, Revival Hijack PyPI package threat, CVE-2024-32896 Android update urgency, cybersecurity measures for YubiKey owners, protecting Cisco systems from vulnerabilities, safeguarding PyPI packages from hackers, critical updates for Android devices, cybersecurity risks in the technology industry

The team discusses the latest launches at IFA, including the new chips that Intel hopes will put it back on the map. We also ask whether the USB Type-A connector is finally on its way out, and whether we need to worry about a new vulnerability discovered in Yubikey security tokens. Our Hot Hardware candidate is the IcyBox IB-180MC-C31, a USB M.2 enclosure that's every bit as versatile as its name implies.

Nvidia faces headwinds with US regulators and from the stock market. Plus security researchers at NinjaLab have found a potential attack vector for YubiKey. And the latest with Intel's Lunar Lake processors.Starring Tom Merritt, Sarah Lane, Scott Johnson, Roger Chang, Joe.Link to the Show Notes.

On this week's show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Brazil's supreme court bans X-formerly-Twitter, Iranian cyber teams cooperate with ransomware crews While North Koreans wield chrome-windows 0-day Yubikey cloning attack is impressive, but doesn't have us binning our keys quite yet The White House is coming for your unsigned BGP announcements And much, much more. This week's episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is! You can also watch this episode on Youtube. Show notes Brazil X ban: Top court judges uphold block of Musk's platform Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA Malicious North Korean packages appear again in open source code repository North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog SEC.gov | SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions Chinese ‘Spamouflage' operatives are mimicking disillusioned Americans online Researchers uncover ‘SlowTempest' espionage campaign within China City of Columbus sues man after he discloses severity of ransomware attack | Ars Technica Bypassing airport security via SQL injection Cyberattack hits agency responsible for London's transport network German air traffic control agency confirms cyberattack, says operations unaffected White House calls attention to ‘hard problem' of securing internet traffic routing Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica CrowdStrike takes a revenue hit as global IT outage reckoning lingers | Cybersecurity Dive Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security

Nvidia faces headwinds with US regulators and from the stock market. Plus security researchers at NinjaLab have found a potential attack vector for YubiKey. And the latest with Intel's Lunar Lake processors. Starring Tom Merritt, Sarah Lane, Scott Johnson, Roger Chang, Joe. To read the show notes in a separate page click here! Support the show on Patreon by becoming a supporter!

On this week's show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob's left the government service, he's hobnobbing with us pundits, talking through the week's news: Apple announces a big leap for confidential cloud computing into the mass market While at the same time, letting you just mosey around your iPhone from your Mac Mandiant reports in about the Snowflake breach Moody's say credit ratings might consider cyber incidents Microsoft fixes an Azure flaw with a… “comprehensive documentation update” And much, much more. This week's show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico's COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem. Show notes Apple makes a password manager play in a heavily targeted market | Cybersecurity Dive macOS Sequoia takes productivity and intelligence on Mac to new heights - Apple The Wiretap: Apple's AI Announcement Promises Big Security Boosts–Not Everyone Is Convinced Matthew Green on X: "Ok there are probably half a dozen more technical details in the blog post. It's a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this. 14/" / X Risky Biz News: Microsoft budges on Windows 11 Recall Tenable finds an Azure flaw, Microsoft calls it a feature • The Register LendingTree confirms that cloud services attack potentially affected subsidiary Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica 7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope | Ars Technica Urgent call for O-type blood donations following London hospitals ransomware attack Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down Cyberattacks pose mounting risks to creditworthiness: Moody's | Cybersecurity Dive Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab FCC moves ahead on internet routing security rules | CyberScoop House Republicans propose eliminating funding for election security | CyberScoop New DJI policy: No flight record syncing for US drone pilots Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors Critical PHP CVE is under attack — research shows it's easy to exploit | Cybersecurity Dive A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED

When you're the biggest target... Searching for Search How long will a Windows XP machine survive unprotected on the Internet? Free Laundry VPNs and Firewalls Netgate SG1100 Ad Industry vs. Google Privacy Sandbox Bitwarden and passkeys Token2 passkey dongle 312 Scientists & Researchers Respond Show Notes - https://www.grc.com/sn/SN-975-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1bigthink.com business.eset.com/twit mylio.com/TWIT25

When you're the biggest target... Searching for Search How long will a Windows XP machine survive unprotected on the Internet? Free Laundry VPNs and Firewalls Netgate SG1100 Ad Industry vs. Google Privacy Sandbox Bitwarden and passkeys Token2 passkey dongle 312 Scientists & Researchers Respond Show Notes - https://www.grc.com/sn/SN-975-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1bigthink.com business.eset.com/twit mylio.com/TWIT25

When you're the biggest target... Searching for Search How long will a Windows XP machine survive unprotected on the Internet? Free Laundry VPNs and Firewalls Netgate SG1100 Ad Industry vs. Google Privacy Sandbox Bitwarden and passkeys Token2 passkey dongle 312 Scientists & Researchers Respond Show Notes - https://www.grc.com/sn/SN-975-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1bigthink.com business.eset.com/twit mylio.com/TWIT25

When you're the biggest target... Searching for Search How long will a Windows XP machine survive unprotected on the Internet? Free Laundry VPNs and Firewalls Netgate SG1100 Ad Industry vs. Google Privacy Sandbox Bitwarden and passkeys Token2 passkey dongle 312 Scientists & Researchers Respond Show Notes - https://www.grc.com/sn/SN-975-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1bigthink.com business.eset.com/twit mylio.com/TWIT25

When you're the biggest target... Searching for Search How long will a Windows XP machine survive unprotected on the Internet? Free Laundry VPNs and Firewalls Netgate SG1100 Ad Industry vs. Google Privacy Sandbox Bitwarden and passkeys Token2 passkey dongle 312 Scientists & Researchers Respond Show Notes - https://www.grc.com/sn/SN-975-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1bigthink.com business.eset.com/twit mylio.com/TWIT25

Picture of the Week. Most to least common 4-digit pins. Enhanced LORAN. Passkeys. Microsoft's Head in the Clouds. Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com zscaler.com/zerotrustAI kolide.com/securitynow joindeleteme.com/twit promo code TWIT

Picture of the Week. Most to least common 4-digit pins. Enhanced LORAN. Passkeys. Microsoft's Head in the Clouds. Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com zscaler.com/zerotrustAI kolide.com/securitynow joindeleteme.com/twit promo code TWIT

Picture of the Week. Most to least common 4-digit pins. Enhanced LORAN. Passkeys. Microsoft's Head in the Clouds. Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com zscaler.com/zerotrustAI kolide.com/securitynow joindeleteme.com/twit promo code TWIT

Picture of the Week. Most to least common 4-digit pins. Enhanced LORAN. Passkeys. Microsoft's Head in the Clouds. Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com zscaler.com/zerotrustAI kolide.com/securitynow joindeleteme.com/twit promo code TWIT

Request for Your Input to Commemorate Allison's 1000th NosillaCast Episode CCATP #793 — Bart Busschots on PBS 165 of X – jq: Variables Find Any File – ScreenCastsONLINE Tutorial Eero, MoCA, ONT – Not a Happy Networking Story 2024 CES: YubiKey Online Hardware Security Keys Support the Show Security Bits — 12 May 2024 Transcript of NC_2024_05_12 Join the Conversation: allison@podfeet.com podfeet.com/slack Support the Show: Patreon Donation PayPal one-time donation Podfeet Podcasts Mugs at Zazzle Podfeet 15-Year Anniversary Shirts Referral Links: Parallels Toolbox - 3 months free for you and me Learn through MacSparky Field Guides - 15% off for you and me Backblaze - One free month for me and you Setapp - One free month for me and you Eufy - $40 for me if you spend $200. Sadly nothing in it for you. PIA VPN - One month added to Paid Accounts for both of us CleanShot X - Earns me $25%, sorry nothing in it for you but my gratitude

Leo Laporte has returned from his vacation! What's the best way for guests to easily connect to your in-home WiFi network? How important is it to own your modem and router? What does your ISP see when using an encrypted DNS server? Plus, Dick DeBartolo stops by to share some of his favorite gadgets, as usual! United States sues Apple. 'Even stronger' than imagined: DOJ's sweeping Apple lawsuit draws expert praise. The antitrust case against Apple. How can I set up a NFC chip to allow guests to connect to my WiFi network? Should I use another method instead? What website builders do Mikah and Leo recommend nowadays? Dick Debartolo and the ASUS Zenbook Duo and Fingerlings Bird! How do I set up a YubiKey & tie it to my Windows login? How important is it to own your modem or router with whichever ISP I may have? What's the difference when using a fiber connection? What's happening with my OTP Auth when Face ID doesn't work when trying to access it? Why aren't my AirPods not connecting to my Apple TV? What does "#21#" do when I enter it on my phone? A friend of the network calls in... What can my ISP see when browsing the internet through an encrypted DNS server? Hosts: Leo Laporte and Mikah Sargent Guest: Dick DeBartolo Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/2017 Download or subscribe to this show at: https://twit.tv/shows/ask-the-tech-guys Sponsors: fastmail.com/twit eufy.com