| Signal | kev.42 |
Kevin
- 27 Followers
- 183 Following
- 437 Posts
@bagder @fm_volker I am genuinely surprised curl has OS/400 port. Chapeau!
The VergeIkea’s new smart home collection is entirely Matter-compatible https://www.theverge.com/news/814241/ikea-smart-home-matter-thread-lights-sensors-remote-control
@cryptgoat platform-bound passkeys are an equivalent of OIDC-based “platform login” (like “login with Apple” or “login with Google”) for almost all practical purposes. They are even worse, because if an account is compromised and later recovered, the OIDC-based login remains secure, whereas stored passkeys are gone for good.
This explains why platforms are so interested in supporting passkeys and in the same time are so disinterested in allowing secure cross-platform migration. Passkeys are the way to bound users to the platform, not to provide security.
I think for corp IdP security teams will have to insist on using attested hardware keys. I am also to sure, if resident keys are any better then non-resident keys.
@ncweaver.skerry-tech.com Microsoft’s track record is much worse
Richard StephensSecurity conference talks fall into two categories
* we designed a distributed entropy siphon to perform a black-box hypervisor side channel escape and chain-load a persistent rootkit into the CPU cache
* we looked behind the sofa and found an entire industry of products/services that have made no attempt at security at all and are therefore vulnerable to the most basic issues that we've been finding in everything for the past 30 years, and no-one else had bothered to look.
* we designed a distributed entropy siphon to perform a black-box hypervisor side channel escape and chain-load a persistent rootkit into the CPU cache
* we looked behind the sofa and found an entire industry of products/services that have made no attempt at security at all and are therefore vulnerable to the most basic issues that we've been finding in everything for the past 30 years, and no-one else had bothered to look.
@alecm yeah…
Well, sadly, they did: https://en.wikipedia.org/wiki/Yarovaya_law Yes, we protested. No, they did not rescind. No, they don’t need to save their faces.
@monsoonrains @arstechnica ARS Technica did not understand AWS’ incident postmortem (https://aws.amazon.com/message/101925/). Maybe you should read and try to understand it before commenting.