Security Now 997: Credential Exchange Protocol

• Did Chinese researchers really break RSA encryption? What did they do?
• What next-level terror extortion is being powered by the NPD breach data?
• The EU to hold software companies liable for software security?
• Microsoft lost weeks of security logs. How hard did the try to fix the problem?
• The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones.
• The DoJ wishes to acquire "DeepFake" technology to create fake people.
• Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant.
• A bit of BIMI logo follow-up, then...
• A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability

Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• threatlocker.com for Security Now
• flashpoint.io
• lookout.com
• bitwarden.com/twit