Problems with Passkeys - a podcast by Carey Parker

Everyone hates dealing with passwords. This has led to a mad search for'password-killer'technology. After several failed attempts, there's finally a worthy contender: passkeys. The technology has been around for years - it's the basis for hardware keys like YubiKey. But no one wanted to have to carry the little things all the time. With passkeys, you get the same phishing-proof, passwordless goodness but tied to a device you always have: your smartphone. Websites are slowly rolling out the ability to secure your accounts with passkeys, and Apple, Google and Microsoft are building support for passkeys into their operating systems. But I would caution you to wait a bit before jumping on the bandwagon - I'll explain why in today's show.



In other news: update all your Apple devices; FBI and NSA break the notorious Snake malware; Intel deploys microcode security update; location data on 2M Toyoya customers exposed for years; new .zip and .mov domains are dangerously ambiguous; new crafty Chinese router malware; online age verification will cause serious problems; Apple will allow you to'bank'your voice soon.



Article Links[Tom's Guide] Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now https://www.tomsguide.com/news/apple-issues-urgent-fix-to-block-zero-day-attacks-update-your-iphone-and-mac-now[tech.co] FBI&NSA Cut the Head Off Notorious Russian Snake Malware https://tech.co/news/nsa-fbi-russian-snake-malware



[Tom's Hardware] Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake https://www.tomshardware.com/news/intel-microcode-security-update[BleepingComputer] Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/[Digital Trends] Hackers are using a devious new trick to infect your devices https://www.digitaltrends.com/computing/hackers-are-abusing-zip-mov-domain-names/[9to5mac.com] Researchers find security flaw in Wemo Smart Plug, Belkin says it won’t release a patch https://9to5mac.com/2023/05/16/wemo-smart-plug-security-flaw-no-patch-coming/[Ars Technica] Malware turns home routers into proxies for Chinese state-sponsored hackers https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/[Electronic Frontier Foundation] Age Verification Mandates Would Undermine Anonymity Online https://www.eff.org/deeplinks/2023/03/age-verification-mandates-would-undermine-anonymity-online[9to5mac.com] Everyone should use Personal Voice; it does in 15 minutes what currently takes several weeks https://9to5mac.com/2023/05/19/everyone-should-use-personal-voice/Tip of the Week: The Pros&Cons of Passkeys https://firewallsdontstopdragons.com/the-pros-and-cons-of-passkeys/




Further InfoMeross MSS115 Matter-enabled smart plug: https://shop.meross.com/products/meross-matter-smart-wi-fi-plug-mini-mss115



Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons 



Send me your questions! https://fdsd.me/qna Support our mission! https://fdsd.me/support 



Subscribe to the newsletter: https://fdsd.me/newsletter Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest Generate secure passphrases! https://d20key.com/#/ 




Table of ContentsUse these timestamps to jump to a particular section of the show.




0:01:10: Update on new location tracker spec0:02:52: News preview



0:05:30: FBI&NSA Cut the Head Off Notorious Russian Snake Malware



0:07:27: Intel Deploys Undisclosed Microcode Security Update0:11:12: Toyota location data of 2M customers exposed for years

Further episodes of Firewalls Don

Further podcasts by Carey Parker

Website of Carey Parker