logo
episode-header-image
May 2024
2h 11m

SN 972: Passkeys: A Shattered Dream? - I...

TWiT
About this episode
  • GCHQ: No more default passwords for consumer IoT devices!
  • What happened with Chrome and 3rd-party cookies?
  • Race conditions and multi-threading
  • GM "accidentally" enrolled millions into "OnStar Smart Driver +" program
  • Steve recommends Ryk Brown's "Frontiers Saga"
  • SpinRite update
  • Passkeys: A Shattered Dream?

Show Notes - https://www.grc.com/sn/SN-972-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next
May 7
SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach
Microsoft to officially abandon passwords and support their deletion. Meta's RayBan smart glasses weaken their privacy terms. 30% of Microsoft code is now being written by AI. Google says prying Chrome from it will damage its security. Nearly 1,000 six-year-old eCommerce backdoor ... Show More
2h 46m
Apr 30
SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"
Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. ... Show More
2h 44m
Apr 23
SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats
Enabling Firefox's Tab Grouping. Recalled Recall Re-Rolls out. The crucial CVE program nearly died. It's been given new life. China confesses to hacking the US (blames our stance on Taiwan). CISA says what Oracle still refuses to. Brute force attacks on the (rapid) rise. An AI/ML ... Show More
2h 53m
Recommended Episodes
Dec 2022
512: Owned With a P
Pre-show: Past-Marco made poor life choices, and today-Marco paid the price Follow-up: Mastodon instances and federation Hive Social is going… well, it’s not really going actually Sharrow 👍 Merlin is vindicated; it’s a real thing 👎 …but it’s not exactly a “share arrow”. But it ... Show More
1h 56m
Jan 2025
Hands-On Samsung S25, Deleting Old Accounts & Accessibility Tech
Rich gives his initial impressions of the Samsung Galaxy S25 series. Freddy in Yonkers is looking for a way to rip audio off CDs. Rich mentioned Exact Audio Copy. Drew in Sherman Oaks is looking for a way to free up storage on on his iPad without deleting his photos from iCloud. ... Show More
1h 47m
Aug 2024
80% of professional programmers are unhappy (News)
The latest Stack Overflow Developer Survey has some concerning results, Joeri Sebrechts helps you do plain vanilla web dev, MIT’s “missing semester” course looks pretty amazing, a dive into the fascinating history of CSV & a tool to get request analytics from the nginx access log ... Show More
6m 44s
Dec 2023
539: Rollback Required
This week, our embarrassment is your entertainment. Then, we check the age and health of all our disks with one app.Sponsored By:Tailscale: Tailscale is a Zero config VPN. It installs on any device in minutes, manages firewall rules for you, and works from anywhere. Get 20 device ... Show More
1h 12m
Aug 2024
Picking a database should be simple (Changelog & Friends #56)
Database aficionado, Ben Johnson, joins Jerod to answer the age ol’ question: which database should you use? Answering that isn’t always easy, which means it’s time to play the “It Depends” jingle & weigh (some of) the options. Leave us a commentChangelog++ members save 9 minutes ... Show More
1h 6m
Sep 2020
SLP215 Michael Flaxman - 10x Your Bitcoin Security With Multisig
After terrifying everyone with his prior SLP appearance re: hardware wallet security, Michael Flaxman rejoins me on the show to talk about his new multisig guide to help users secure their coins without any single point of failure. We cover: What’s improved in the space since las ... Show More
2h 33m
Nov 2024
#485: Secure coding for Python with SheHacksPurple
What do developers need to know about AppSec and building secure software? We have Tonya Janca (AKA SheHacksPurple) on the show to tell us all about it. We talk about what developers should expect from threat modeling events as well as concrete tips for security your apps and ser ... Show More
1h 9m
Listen to millions of songs and podcasts on Anghami