Tom takes us through some more news articles in the next thirty minutes, but we mainly focus on the Anthem personal identifiable information leak. Again we talk about what to do, what to watch out for. Next we talk about FIDO and Windows 10 wanting to destroy the password.
We came across three interesting news articles in the past week, two of them are philosophical problems regarding security.
First we talk about the the life of passwords as found in the NYTimes. How do you decrypt when you need to after the 9/11 attacks.
Second we talk about the hack on Sony, and what we know.
Finally, we have a debate of sorts of whose fault it is when IT knows it all, and the average user does not.
We had a topic on hand, but we shifted to pitfalls of Two Factor Authentication. Tom did a great presentation at OISF, and we figured we would discuss that. We finish with some pitfalls IT uses to try and make people more secure, but fail.
The first 10 minutes or so, have some slides. You should watch them.
Tom Webster – Two Factor General Discussion
This week we had two great questions from listeners that we needed to answer.
Gunnar had a question about how to prevent traffic from leaving his phone before the VPN kicked in. Short answer: It depends, but there is no good answer.
A YouTuber, DaNutcase8210, asked if there was anyway to access an encrypted truecrypt volume if you accidentally deleted your key file. Answer: Probably not.
After we discussed two news stories:
1) Russian security Firm steals 1.2 billion credentials. The general consensus is that there shouldn’t be any real worry. We both think this sounds fishy
2) Paypal’s 2FA has been compromised.
We brought Amber from LastPass back on to check in with them to see what has happened since last time we spoke with them. Well, they added a huge update to Android. Now with your premium service, you can have LastPass fill in your credentials into non browser, mobile apps.
LastPass Blog | Android Update
LastPass Blog | Thoughts on NSA