This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Konten disediakan oleh Carey Parker. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Carey Parker atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang dijelaskan di sini https://id.player.fm/legal.
Mirip dengan Firewalls Don't Stop Dragons Podcast
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
))
SPECIAL: LastPass Breach
Manage episode 351339233 series 2372096
Konten disediakan oleh Carey Parker. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Carey Parker atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang dijelaskan di sini https://id.player.fm/legal.
Right before Christmas, LastPass dropped a bombshell report explaining that bad actors appeared to have made copies of LastPass users' encrypted password vaults. The information was a little short on key details, probably indicating that the investigation is ongoing and we will learn more in the coming weeks. However, we have already learned enough to know that the data breach did leak some important metadata contained in people's password vaults and that any users who had less-than-secure master passwords should be worried that the encrypted contents may now be vulnerable to disclosure. That is about as bad as it gets. Today I will speak with a cybersecurity and authentication expert from CISA about this breach: what we know, what we don't know, what we should learn from the incident, and (most importantly) what LastPass users should do about this. Bob Lord is a Senior Technical Advisor for the Cybersecurity and Infrastructure Security Agency (CISA) and former Chief Information Security Officer (CISO) for Yahoo. Interview Notes SPECIAL REPORT: LastPass Breach: https://firewallsdontstopdragons.com/special-lastpass-breach/ Twitter thread investigating what’s encrypted and what’s not: https://twitter.com/UK_Daniel_Card/status/1606012536582656000 Write-up by a security researcher: https://www.pwndefend.com/2022/12/24/lastpass-breach-the-danger-of-metadata/ Mastodon technical thread #1: https://mastodon.social/@epixoip@infosec.exchange/109585049690097599 Mastodon technical thread #2: https://infosec.exchange/@WPalant/109590750504031700 My “diceware” passphrase generator: https://d20key.com/ My blog on creating strong passphrase: https://firewallsdontstopdragons.com/how-when-to-use-a-passphrase/ How to make stronger passwords: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/ Classic XKCD cartoons on passphrases: https://xkcd.com/936/ Consumer Reports Security Planner: https://securityplanner.consumerreports.org/ Further Info Follow me on social media: https://firewallsdontstopdragons.com/contact/ Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://fdsd.me/newsletter Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:47: Ep300 giveaway updates 0:03:15: interview setup 0:08:17: What do we know about the LastPass breaches? 0:13:25: Were all LastPass users affected? 0:15:03: How is my LastPass data secured, exactly? 0:19:53: What is PBKDF2 and why are iterations important? 0:23:10: Did LastPass increase the iterations for all users over time? 0:26:46: Is any information in my password vault not encrypted? 0:29:35: How do I know if my vault password is strong enough? 0:36:13: What if I didn't have a strong vault password? What should I do? 0:41:47: Do we have any evidence that people's vaults have been cracked? 0:45:34: Did LastPass handle this properly? 0:50:50: What can the government do to help here? 0:53:30: Should LastPass users switch to a different service? 0:57:11: Will passwordless authentication solve this problem? 1:01:03: What are the key take-aways here? 1:02:37: My take on the breach and what you should do about it
…
continue reading
373 episode
Bagikan
Manage episode 351339233 series 2372096
Konten disediakan oleh Carey Parker. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Carey Parker atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang dijelaskan di sini https://id.player.fm/legal.
Right before Christmas, LastPass dropped a bombshell report explaining that bad actors appeared to have made copies of LastPass users' encrypted password vaults. The information was a little short on key details, probably indicating that the investigation is ongoing and we will learn more in the coming weeks. However, we have already learned enough to know that the data breach did leak some important metadata contained in people's password vaults and that any users who had less-than-secure master passwords should be worried that the encrypted contents may now be vulnerable to disclosure. That is about as bad as it gets. Today I will speak with a cybersecurity and authentication expert from CISA about this breach: what we know, what we don't know, what we should learn from the incident, and (most importantly) what LastPass users should do about this. Bob Lord is a Senior Technical Advisor for the Cybersecurity and Infrastructure Security Agency (CISA) and former Chief Information Security Officer (CISO) for Yahoo. Interview Notes SPECIAL REPORT: LastPass Breach: https://firewallsdontstopdragons.com/special-lastpass-breach/ Twitter thread investigating what’s encrypted and what’s not: https://twitter.com/UK_Daniel_Card/status/1606012536582656000 Write-up by a security researcher: https://www.pwndefend.com/2022/12/24/lastpass-breach-the-danger-of-metadata/ Mastodon technical thread #1: https://mastodon.social/@epixoip@infosec.exchange/109585049690097599 Mastodon technical thread #2: https://infosec.exchange/@WPalant/109590750504031700 My “diceware” passphrase generator: https://d20key.com/ My blog on creating strong passphrase: https://firewallsdontstopdragons.com/how-when-to-use-a-passphrase/ How to make stronger passwords: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/ Classic XKCD cartoons on passphrases: https://xkcd.com/936/ Consumer Reports Security Planner: https://securityplanner.consumerreports.org/ Further Info Follow me on social media: https://firewallsdontstopdragons.com/contact/ Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://fdsd.me/newsletter Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:47: Ep300 giveaway updates 0:03:15: interview setup 0:08:17: What do we know about the LastPass breaches? 0:13:25: Were all LastPass users affected? 0:15:03: How is my LastPass data secured, exactly? 0:19:53: What is PBKDF2 and why are iterations important? 0:23:10: Did LastPass increase the iterations for all users over time? 0:26:46: Is any information in my password vault not encrypted? 0:29:35: How do I know if my vault password is strong enough? 0:36:13: What if I didn't have a strong vault password? What should I do? 0:41:47: Do we have any evidence that people's vaults have been cracked? 0:45:34: Did LastPass handle this properly? 0:50:50: What can the government do to help here? 0:53:30: Should LastPass users switch to a different service? 0:57:11: Will passwordless authentication solve this problem? 1:01:03: What are the key take-aways here? 1:02:37: My take on the breach and what you should do about it
…
continue reading
373 episode
Semua episode
×
Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.
Mirip dengan Firewalls Don't Stop Dragons Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
