Security 67 – Anthem Data Breach

Tom takes us through some more news articles in the next thirty minutes, but we mainly focus on the Anthem personal identifiable information leak. Again we talk about what to do, what to watch out for. Next we talk about FIDO and Windows 10 wanting to destroy the password.

Security 67 – Actual News Articles

We came across three interesting news articles in the past week, two of them are philosophical problems regarding security.

First we talk about the the life of passwords as found in the NYTimes. How do you decrypt when you need to after the 9/11 attacks.

Second we talk about the hack on Sony, and what we know.

Finally, we have a debate of sorts of whose fault it is when IT knows it all, and the average user does not.

Show Notes:
The Secret Life of Passwords – NY Times
Sony Hack: What We Know So Far – Wired – 
A Story About Jessica – @SwiftonSecurity – 

Security 47 – Too Much Security

We had a topic on hand, but we shifted to pitfalls of Two Factor Authentication. Tom did a great presentation at OISF, and we figured we would discuss that. We finish with some pitfalls IT uses to try and make people more secure, but fail.

The first 10 minutes or so, have some slides. You should watch them.

Show Notes:
Tom Webster – Two Factor General Discussion

Security 41 – Listener Feedback and News

This week we had two great questions from listeners that we needed to answer.

Gunnar had a question about how to prevent traffic from leaving his phone before the VPN kicked in. Short answer: It depends, but there is no good answer.

A YouTuber, DaNutcase8210, asked if there was anyway to access an encrypted truecrypt volume if you accidentally deleted your key file. Answer: Probably not.

After we discussed two news stories:
1) Russian security Firm steals 1.2 billion credentials. The general consensus is that there shouldn’t be any real worry. We both think this sounds fishy
2) Paypal’s 2FA has been compromised.

Show Notes:

Bruce Schnier | response on the 1.2 billion credentials being stolen
Brian Krebs | Legitimate concern
PayPal 2FA compromised

Security 24 – What’s Up LastPass

We brought Amber from LastPass back on to check in with them to see what has happened since last time we spoke with them. Well, they added a huge update to Android. Now with your premium service, you can have LastPass fill in your credentials into non browser, mobile apps.

Show Notes:
LastPass Blog | Android Update

LastPass Blog | Thoughts on NSA