Risky Business Podcast

April 10, 2018

Risky Business #494 -- Cisco customers have a bad week, plus a deep dive on WebAuthn

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Regular listeners would know Risky Business is just running the news and sponsor segments at the moment so there’s no feature interview in this week’s show. But that’s fine because we’ve got plenty to get through in the news segment with Adam Boileau.

Then we’ve got a killer sponsor interview for you this week with Nick Steele and James Barclay of Duo Security.

They’re here to talk about WebAuthn. It’s the new authentication spec currently going through the W3C process. Both Nick and James will be along later to talk about what the spec is designed to do, how it works and what its chances of becoming mainstream are, and spoiler alert, those chances are pretty good.

They’ve also provided me with some links for people out there who want to play around with Webauthn, they are below.

Links to all the news items are also below, and you can follow Patrick or Adam on Twitter if that floats your boat.

Risky Business #494 -- Cisco customers have a bad week, plus a deep dive on WebAuthn
0:00 / 40:54

Show notes

Nation-state hackers hit Cisco switches - Cyberscoop

"Don’t Mess With Our Elections": Vigilante Hackers Strike Russia, Iran - Motherboard

With trade war looming, Chinese cyberattacks may follow - CyberScoop

Police could access US cloud data under planned crime-fighting deal

DHS defends media-monitoring database, calls critics “conspiracy theorists” | Ars Technica

Alex Ionescu on Twitter: "I generally wasn't opposed to the idea of Chrome making sure that people's documents/downloads weren't full of latent ransomware. But pegging my CPU as you run... f*cking... ESET... on my entire drive? I'm glad I switched to Edge on my desktop PC, I guess it's time for the laptop https://t.co/PHNn7gT583"

After Crackdown, Neo-Nazis Are Hosting Propaganda on Censor-Proof Networks - Motherboard

Chinese Government Forces Residents To Install Surveillance App With Awful Security - Motherboard

A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready | WIRED

DARPA is looking to avoid another version of Meltdown or Spectre - CyberScoop

This Tool Can Help Identify Leakers Who Copy and Paste Secret Info - Motherboard

T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security - Motherboard

Beware of Bing Chrome Download Ads Pushing Adware/PUP Installers

Three Execs Get Prison Time for Pirating Oracle Firmware Patches

Russia Readies Telegram Ban After App Refused to Hand Over Encryption Keys to FSB

VirusTotal Launches Droidy, Its New Android Sandbox Technology

Researchers Hijack Over 2,000 Subdomains From Legitimate Sites in CloudFront Experiment

Tavis Ormandy on Twitter: "This is amazing, Windows Defender used the open source unrar code, but changed all the signed ints to unsigned for some reason, breaking the code. @halvarflake noticed and got it fixed. Remote SYSTEM memory corruption 😨 https://t.co/gsx9ZMk1Hz"

Australia's Offensive Cyber Capability | Australian Strategic Policy Institute | ASPI

Josh Marshall on Twitter: "oh look "security expert" Rudy Giuliani shows you how to do a special "dark web scan", courtesy of Experian. https://t.co/8DIlUY56Lu"

GitHub - duo-labs/webauthn: A Demonstration of the WebAuthn Specification

GitHub - duo-labs/py_webauthn: A WebAuthn Python module.

WebAuthn.io

ImperialViolet - Security Keys

Web Authentication: An API for accessing Public Key Credentials Level 1

Using Hardware Token-based 2FA with the WebAuthn API – Mozilla Hacks – the Web developer blog

Trying Out Web Authentication (WebAuthn)

Web Authentication: What It Is and What It Means for Passwords | Duo Security