maxeddy

@maxeddy@infosec.exchange

Award-winning, sweaty infosec journalist at Wirecutter, previously of PCMag.
:bisexual_flag:
Proud union member.
Former write-in candidate for Washtenaw County Drain Commissioner.
:think_bread:

This profile is from a federated server and may be incomplete. Browse more on the original instance.

chetwisniewski, to infosec
@chetwisniewski@securitycafe.ca avatar

I feel like such an underachiever. I have had a Flipper Zero since it launched and I still have the same number of cars I started with.

maxeddy,

@chetwisniewski Never too late to start.

maxeddy, to random

Guess I'm not going to Canada anytime soon.

https://www.pcmag.com/news/canada-to-ban-flipper-zero-devices-over-car-thefts

maxeddy,

It's worth pointing out that while it's supposed to be difficult to access a car using a replay attack it's sometimes super easy.

https://www.pcmag.com/news/is-your-car-key-fob-vulnerable-to-this-simple-replay-attack

maxeddy,

Also seems silly to ban the Flipper when you could use a laptop with some cheap RF hardware connected to it.

maxeddy,

@hacks4pancakes I love the Flipper because it makes impractical things easy and easy things impractical.

maxeddy, to random

Mister Power...! 👀

maxeddy, to random

Mozilla Monitor is now a data removal service, powered by Onerep.
https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests

maxeddy, to random

Holy moly.
https://www.theverge.com/2024/2/5/24061997/twitter-alternative-spoutible-vulnerabilty

maxeddy, to random

What 2FA apps are y'all using these days? Duo Mobile? Authy? Google? Something else? I'd love to hear about it.

maxeddy, to random

We have always been at war with webex

maxeddy, to firefox

Looks like 122 now supports passkeys on macOS! Just tried it out, worked just fine.

maxeddy, to random

Very 👀 at passkeys potentially coming to WhatsApp

https://9to5mac.com/2024/01/29/whatsapp-passkey-iphone/

maxeddy, to random

"It's an unprecedented overreach by the government and, if enacted, the UK could attempt to secretly veto new user protections globally preventing us from ever offering them to customers."

https://www.bbc.com/news/technology-68128177

maxeddy, to random

Early security theater.

maxeddy, to random

Looking at the Stolen Device Protection feature in iOS 17.3, it's interesting to see what changes Apple put in place to try and thwart a really specific but effective attack.

https://www.nytimes.com/wirecutter/blog/ios-17-3-stolen-device-protection/

maxeddy, to random

After my experience speed dating password managers, @1password and @bitwarden remain at the top of the heap.

https://www.nytimes.com/wirecutter/reviews/best-password-managers/

maxeddy, to random

Not just them, either.

https://appleinsider.com/articles/24/01/26/us-defense-and-intelligence-services-are-buying-troves-of-data-about-americans-on-the-open-market

maxeddy, to random

Forbes union and New York Daily News are walking out today! Don't click their links!

NY Daily News is out for one day
https://x.com/nyguild/status/1750521293684736134?s=20

And Forbes is out for three
https://x.com/nyguild/status/1750522160081244421?s=20

maxeddy, to random

I love getting PR pitches from transparently evil companies that have not read my bio.

maxeddy,

Hi there, Max. We represent a company making billions off of everything you're personally and professionally against, morally and even technically!

maxeddy, to random

It's finished.

https://www.nytimes.com/wirecutter/reviews/best-security-keys/

maxeddy,

This was an afternoon well spent.

A video of a late model Pontiac Vibe running over several security keys.

maxeddy,

@cassidy That's fascinating because in my years of testing these things I've never had any just...fail. That includes this time, when these things were run through the was and run over like 10 times.

maxeddy,

@chetwisniewski @ajn142 is the same memory used for passkeys as TOTP? The Google Titan holds 250 passkeys so I wonder...

Scraft161, to infosec
@Scraft161@tsukihi.me avatar

Hardware security key options?

I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.

PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.

@linux @technology @technology @privacy

maxeddy,

@Scraft161 Hello there! I've reviewed security keys for years.

First thing you might consider is whether you want a boatload of features or just U2F/WebAuthn support. The Yubico Security Key and similar devices are very affordable but do only the basics. The YubiKey 5 Series has many more features, but is significantly more expensive.

The second thing to think about is whether you require open-source hardware/firmware or not. Nitrokey and SoloKey both tout their open-source roots, while Yubico keeps things mostly closed.

I've tested dozens of these things and they all work equally well. Yubico's build quality and sheer number of features in the 5 series makes it my go-to, but it's hard to go wrong here sticking with known brands.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • khanakhh
  • kavyap
  • thenastyranch
  • everett
  • tacticalgear
  • rosin
  • Durango
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • anitta
  • ethstaker
  • ngwrru68w68
  • cisconetworking
  • modclub
  • normalnudes
  • osvaldo12
  • cubers
  • GTA5RPClips
  • Leos
  • tester
  • megavids
  • provamag3
  • lostlight
  • All magazines
    •