Risky Bulletin Newsletter
May 06, 2022
Risky Biz News: Gen. Nakasone asked to remain in charge of NSA and CYBERCOM for one more year
Presented by

News Editor
Alcohol supply in Russia: A series of DDoS attacks carried out by Ukraine's IT Army on EGAIS, a government system used to control and regulate alcohol production in Russia, is apparently causing production delays and supply chain issues across the country. According to Russian "alcohol" media (because that's apparently a thing), alcohol factories and warehouses are very dependent on the EGAIS system, which they use to control supply volumes and avoid overstocking, and some beer factories had to temporarily shut down operations because of EGAIS being down.
Passwordless goes mainstream: Apple, Google, and Microsoft announced on Thursday plans to expand support for the FIDO standards inside their core products. At a technical, support for "passwordless" logins will mean that devices from the three companies will be able to handle a FIDO sign-in credential (referred to as a passkey) that will be stored on their devices. This passkey will be used when users want to sign up or log into mobile apps or websites. Instead of a password, their devices will provide this cryptographic-secure passkey instead. The FIDO Alliance said that the passkey wouldn't be shared unless users prove they are in control of the device by authenticating with a PIN, face scan, fingerprint, or even another nearby device (such as a smartphone). In a press release, the FIDO Alliance said it expects Apple, Google, and Microsoft devices and services to start supporting these new FIDO passkeys within the next year.
GitHub goes full 2FA: GitHub took steps on Wednesday to bolster the security of its ecosystem. The company announced that it will require all users who contribute code on projects hosted on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. According to the company, only 16.5% of current GitHub users have 2FA enabled, which is in itself a large adoption rate, compared to Twitter, where only 2.3% of users use 2FA.