AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/29/2023

Windows 11 tests letting you sign into websites with your fingerprint or face 

Microsoft is improving Windows 11’s support for the new passkey standard that aims to replace passwords with a more secure and convenient way of logging in. A recent Insider Preview Build (23486) now lets you use Windows Hello natively to create and sign in to supported applications and websites using passkeys, where you’ll be asked to prove your identity using a PIN, fingerprint, or face-scan.  

 

The Password Game will make you want to break your keyboard in the best way 

I once worked at a small-town newspaper, part of a micro-chain of four publications. There was one young guy who oversaw “IT” for all four sites, and he occasionally tried to impose IT-like rules, like making us change our publication software passwords every few weeks. Did “password1234” protect our ink-stained souls, whereas “password123” would have meant doom? Who can say? I chafed at this occasional performative security. In a fit of pique, I decided my rotating password scheme would be the IT manager’s license plate, followed by whatever I had for lunch that day. I thought myself quite clever, even if, a few months later, I forgot I had typed in “turkeyhoagie” instead of “turkeysub” earlier that new-password day, and I had to call said IT manager for a reset. I have no idea if he saw my password before he provided the replacement. I still felt clever, even in defeat. 

 

Apple joins the opposition to encryption-bypassing ‘spy clause’ in UK internet law 

Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation’s Online Safety Bill – which for now is in the hands of the House of Lords – so that it safeguards strong end-to-end encryption. “End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats,” Apple argued in a statement to the media. “It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk.” 

 

US company using cell data to rank ‘reliability’ of billions of phone users, lawsuit alleges 

A European digital rights organization is alleging that a telecommunications giant and a U.S.-based fraud detection company are violating privacy laws by gathering and transferring the cellphone data of half the world’s population and using it to create personalized scores of individuals’ trustworthiness. The European Center for Digital Rights — also called noyb, from “none of your business” — filed a complaint Friday with the Belgian Data Protection Authority on behalf of a group of unnamed plaintiffs who allege their privacy was violated. 

 

Kazakhstan detains Russian cyber expert wanted by Washington 

Nikita Kislitsin, an employee of Russian cybersecurity firm F.A.C.C.T., was detained on 22 June and Kazakh authorities are considering Washington’s extradition request, the company said in a statement. The United States has accused Kislitsin of buying personal data obtained through the 2012 hack of Formspring, a now-defunct social media site that allowed users to receive answers to questions. Russia has protested the detention, calling on Kazakhstan not to carry out the US request. A Russian diplomat in Kazakhstan, Consul-General Yevgeny Bobrov, was quoted in Russian media reports on 28 June as saying that the diplomatic mission had sent a note to the Kazakh foreign ministry, urging it not to move quickly on the extradition. 

Related Posts