Equifax’s shambolic response to its huge data breach, a scary-sounding Bluetooth exploit, and Apple’s iPhone X comes with Face ID.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik.
Smashing Security #042: 'Equifax, BlueBorne, and the iPhone X'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Hosts:
Graham Cluley:
Carole Theriault:
Guest:
Javvad Malik – @j4vv4d
Show notes:
- We tested Equifax's data breach checker — and it's basically useless | ZDNet
- Equifax hack: 44 million Britons' personal details feared stolen in major US data breach
- "The front page of Equifax's UK website. They don't seem to have room to mention the data breach affecting up to 44 million Brits." – Twitter
- Chatbot lets you sue Equifax for up to $25,000 without a lawyer – The Verge
- How to protect yourself in the wake of the Equifax data breach
- Ayuda! (Help!) Equifax Has My Data! — Krebs on Security
- BlueBorne Information from the Research Team – Armis Labs
- The five biggest questions about Apple’s new facial recognition system – The Verge
- Can the government force you to unlock your own phone? | The Guardian
- UK police have a new tactic to circumvent strong iPhone encryption: steal the unlocked phone out of the criminal’s hand | 9to5Mac
- Chessable
- The science that makes chess learning easier – Chessable.com
- You can actually be allergic to exercise – Pop Science
- Dr Mandell's Push and Pull Technique (20-Second Neck Pain Relief) – YouTube
- It's all about the Squinch! – YouTube
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Thanks to our sponsor:
This episode of Smashing Security is made possible by the generous support of Rapid7.
Identifying, prioritizing and managing vulnerabilities all the way through to remediation is not only possible, it can be simple. Right now.
Build a vulnerability management program that works for you with Insight VM, by Rapid7. Get started with your free 30 day trial at www.rapid7.com
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on iTunes or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
You mentioned the bluetootth on your phone/headset etc being patched, but what about on your actual car – is that possible to be infected and then as you're driving around town, it's spreading the lurgee?
iPhoneX FaceID
Question: What FAR means when it does not come with the corresponding FRR?
Answer: It means nothing.
According to some tech media¸the FAR (false acceptance rate) of iPhone X Face ID is said to be one millionth, which might be viewed as considerably better than the reported one 50,000th of Touch ID.
It is not the case, however. The fact is that which is better or worse can by no means be decided when the corresponding FRR (false rejection rates) of Face ID and Touch ID, which are in the trade-off relation with FAR, are not known. This crucial observation is seldom reported by major tech media. It is really sad to see the misguided tech media spreading the misguiding information in a huge scale.
The only meaningful fact that we can logically get confirmed by the trade-off between FAR and FRR is that the biometrics deployed with a password as a fallback means against false rejection would only provide the level of security lower than that of a password-only authentication.
Face ID, which brings down security as such, could be recommended only for those who want better convenience, as in the case of Touch ID. If recommended for better security, it would only get criminals and tyrants delighted.
Security professionals are expected to speak up