Regular listeners would know Risky Business is just running the news and sponsor segments at the moment so there’s no feature interview in this week’s show. But that’s fine because we’ve got plenty to get through in the news segment with Adam Boileau.
Then we’ve got a killer sponsor interview for you this week with Nick Steele and James Barclay of Duo Security.
They’re here to talk about WebAuthn. It’s the new authentication spec currently going through the W3C process. Both Nick and James will be along later to talk about what the spec is designed to do, how it works and what its chances of becoming mainstream are, and spoiler alert, those chances are pretty good.
They’ve also provided me with some links for people out there who want to play around with Webauthn, they are below.
Links to all the news items are also below, and you can follow Patrick or Adam on Twitter if that floats your boat.
- Nation-state hackers hit Cisco switches - Cyberscoop
- "Don’t Mess With Our Elections": Vigilante Hackers Strike Russia, Iran - Motherboard
- With trade war looming, Chinese cyberattacks may follow - CyberScoop
- Police could access US cloud data under planned crime-fighting deal
- DHS defends media-monitoring database, calls critics “conspiracy theorists” | Ars Technica
- Alex Ionescu on Twitter: "I generally wasn't opposed to the idea of Chrome making sure that people's documents/downloads weren't full of latent ransomware. But pegging my CPU as you run... f*cking... ESET... on my entire drive? I'm glad I switched to Edge on my desktop PC, I guess it's time for the laptop https://t.co/PHNn7gT583"
- After Crackdown, Neo-Nazis Are Hosting Propaganda on Censor-Proof Networks - Motherboard
- Chinese Government Forces Residents To Install Surveillance App With Awful Security - Motherboard
- A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready | WIRED
- DARPA is looking to avoid another version of Meltdown or Spectre - CyberScoop
- This Tool Can Help Identify Leakers Who Copy and Paste Secret Info - Motherboard
- T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security - Motherboard
- Beware of Bing Chrome Download Ads Pushing Adware/PUP Installers
- Three Execs Get Prison Time for Pirating Oracle Firmware Patches
- Russia Readies Telegram Ban After App Refused to Hand Over Encryption Keys to FSB
- VirusTotal Launches Droidy, Its New Android Sandbox Technology
- Researchers Hijack Over 2,000 Subdomains From Legitimate Sites in CloudFront Experiment
- Tavis Ormandy on Twitter: "This is amazing, Windows Defender used the open source unrar code, but changed all the signed ints to unsigned for some reason, breaking the code. @halvarflake noticed and got it fixed. Remote SYSTEM memory corruption 😨 https://t.co/gsx9ZMk1Hz"
- Australia's Offensive Cyber Capability | Australian Strategic Policy Institute | ASPI
- Josh Marshall on Twitter: "oh look "security expert" Rudy Giuliani shows you how to do a special "dark web scan", courtesy of Experian. https://t.co/8DIlUY56Lu"
- GitHub - duo-labs/webauthn: A Demonstration of the WebAuthn Specification
- GitHub - duo-labs/py_webauthn: A WebAuthn Python module.
- ImperialViolet - Security Keys
- Web Authentication: An API for accessing Public Key Credentials Level 1
- Using Hardware Token-based 2FA with the WebAuthn API – Mozilla Hacks – the Web developer blog
- Trying Out Web Authentication (WebAuthn)
- Web Authentication: What It Is and What It Means for Passwords | Duo Security