September 12, 2022
Matthew Kirkland

TWINN #89 Passwords: Cockroaches of the Internet

TWINN #89 Passwords Cockroaches of the Internet

TWINN #89 Passwords Cockroaches of the Internet

Passwords are like cockroaches of the Internet. We’ve been trying to kill them for a long time with everything from password managers to FaceID to TouchID. Today might mark a significant point of acceleration. Not that any of those things are going away, but the mechanism of a service provider *storing a secret* is no longer needed by any service that wants to authenticate you or me. This is an exciting step forward in how we handle internet security.

To be part of this, you’ll want to update your iOS today to iOS 16 and you may immediately start seeing some services already offering passkeys as a way to authenticate you against a service, without ever using a password.

It may sound confusing at first, but once you use it, it becomes second nature. It is important, though, to understand that these keys are currently not cross platform. Your passkeys on iPhone will not work on your Android and vice versa. At some point the promise is that nobody will be locked in, so we do expect cross-platform passkeys to work. It is likely going to be facilitated through password managers before anything else as 1password has already joined the FIDO alliance, and 1password will become a webauthN device.

To me, personally, that will complete the picture because I personally like the idea of passkeys, but I don’t want my iCloud account to have them. I want them in my password manager.

In the mean time, time to upgrade to iOS16 regardless. Lots of useful improvements:

YouTube video

Apple iOS 16.

Throughout today it is expected you can tap on Settings -> General -> Software Update and download/install.

Download: iOS 16

 

TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks.

Attackers are now actively profiling victims and targeting backdoor attacks.

What under-the-hood details of newly discovered attack control panel tell us about how the Evil Corp threat group manages its ServHelper backdoor malware campaigns.

 

Read More: TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks

 

New Linux malware combines unusual stealth with a full suite of capabilities.

Another multi-stage infection chain that is extremely difficult to detect. Time to raise the defenses, especially in the cloud where the majority of Linux instances live.

With polymorphic encoding and a multistage infection chain, Shikitega is hard to detect.

 

Read More: New Linux malware combines unusual stealth with a full suite of capabilities

 

New wave of data-destroying ransomware attacks hits QNAP NAS devices.

This one hits close to home as so many of us use NAS devices at home for personal storage. As is often the case with modern-day threats, not exposing it to the Internet is your best mitigation.

DeadBolt has already infected thousands of QNAP storage devices this year.

 

Read More: New wave of data-destroying ransomware attacks hits QNAP NAS devices

 

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts.

If your company has a Wordpress site, it really needs a security review.

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed.

 

Read More: Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts

 

Did you know?

adam:ONE is now available on VyOS. It was a somewhat quiet launch but we’re thrilled about the results so far!