Security 205 – Wifi Spyliance

This week:

We talk wifi WPA3 vulnerabilities: https://gizmodo.com/new-super-secure-wifi-is-actually-full-of-security-hole-1833967122

Finally a settlement from the Pixel 6p: https://www.theverge.com/2019/4/11/18306552/google-huawei-nexus-6p-class-action-lawsuit-settlement-agreement-compensate

Google Security Key is your phone: https://www.theverge.com/2019/4/10/18295348/google-android-phone-fido-webauthn-phishing-two-factor-authentication

Can you please fill out our podtrac survey: http://survey.podtrac.com/start-survey.aspx?pubid=B8NmaYB8k-kH&ver=short

Security 204 – Too Much Facebook

Podtrac Survey: http://survey.podtrac.com/start-survey.aspx?pubid=B8NmaYB8k-kH&ver=standard

Facebook internally stored passwords in plaintext: https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

Response: https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/

If your a system admin, how would you stop the New Zealand shooting video.

Netflix changing show order based on something: https://twitter.com/LukasThoms/status/1107839333824937984?s=19

Scam Alerts through Social Security:

Security 203 – Multi factor Problems

First, update chrome‚Ķ We explain why. This link doesn’t: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/

Then Facebook says we care about security (Again): https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634/

We finish about Multi Factor Authentication, and how terrible it is to explain to the average user.

Tom’s Talk: https://samurailink3.com/talks/2-factor/
Crypto and Privacy Village Talk: https://www.youtube.com/watch?v=i8Hj9TpFpjY

Comcast PIN is 000000: https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/

Security 202 – Not So Hidden Microphone

There was a not so hidden microphone in Nest’s security base: https://www.androidauthority.com/nest-secure-google-assistant-mic-950134/

Should you lock people out of their account for insecure passwords?
https://www.theinquirer.net/inquirer/news/3071207/googles-nest-is-locking-customers-out-of-accounts-until-they-fix-their-security

Can you please fill out our podtrac survey: http://survey.podtrac.com/start-survey.aspx?pubid=B8NmaYB8k-kH&ver=short

Security 192 – Election Security

 

Signal tries to hide sender metadata: https://signal.org/blog/sealed-sender/

Google to enforce two years of security updates: https://www.theverge.com/2018/10/24/18019356/android-security-update-mandate-google-contract

Attacking Google Authenticator: https://www.unix-ninja.com/p/attacking_google_authenticator