We're sunsetting PodQuest on 2025-07-28. Thank you for your support!
Export Podcast Subscriptions
cover of episode SN 997: Credential Exchange Protocol - DJI Sues DoD, Quantum Vs. RSA, Lost MS Logs

SN 997: Credential Exchange Protocol - DJI Sues DoD, Quantum Vs. RSA, Lost MS Logs

2024/10/23
logo of podcast Security Now (Audio)

Security Now (Audio)
AI Deep Dive AI Chapters Transcript
Topics
Steve Gibson:就中国研究人员对RSA加密的研究,其研究并非真正破解RSA加密,而是发现了一种利用量子计算机改进素因子分解问题的方法。虽然这是一个重大发现,但目前对实际RSA加密的安全性影响不大。关于NPD数据泄露引发的勒索事件,诈骗者利用泄露的个人信息进行恐吓和勒索,这凸显了数据安全的重要性。欧盟新的软件产品责任法将改变软件行业的格局,软件公司将对软件安全漏洞造成的损害承担责任,这将推动软件行业提高安全水平。微软丢失安全日志事件反映了安全日志管理的重要性,以及及时发现和解决问题的必要性。大疆起诉美国国防部事件显示了中美两国在科技和安全领域的紧张关系。美国国防部寻求Deepfake技术用于情报工作,这引发了伦理和安全方面的担忧。微软的反钓鱼策略是利用机器人诱骗攻击者,收集攻击者的信息和技术,这是一种积极主动的防御措施。FIDO联盟的凭据交换协议旨在提高密码的安全性及可移植性,但目前规范仍处于早期阶段。 Leo Laporte:就中国研究人员对RSA加密的研究,这是一个重要的研究进展,但目前还不足以对实际RSA加密构成威胁。关于NPD数据泄露引发的勒索事件,这是一种新型的网络犯罪,对个人和社会都造成了严重的危害。欧盟新的软件产品责任法将对软件行业产生深远的影响,软件公司需要加强软件安全措施,以避免承担法律责任。微软丢失安全日志事件暴露了其安全管理上的不足,需要加强安全管理体系建设。大疆诉讼事件反映了中美两国在科技领域的竞争和冲突。美国国防部寻求Deepfake技术引发了人们对滥用技术的担忧。微软的反钓鱼策略是一种创新性的防御方法,可以有效地收集攻击者的信息。FIDO联盟的凭据交换协议将提高密码的安全性及可移植性,这将对用户体验和数据安全产生积极影响。

Deep Dive

Chapters
The episode discusses the misleading headlines about Chinese researchers breaking RSA encryption and clarifies that they only demonstrated a better way to employ quantum computers against the prime factorization problem.
  • Chinese researchers did not break RSA encryption.
  • They demonstrated a better way to use quantum computers against the prime factorization problem.
  • The discovery represents a significant breakthrough in quantum computing applications for cryptographic problems.

Shownotes Transcript

  • Did Chinese researchers really break RSA encryption? What did they do?

  • What next-level terror extortion is being powered by the NPD breach data?

  • The EU to hold software companies liable for software security?

  • Microsoft lost weeks of security logs. How hard did the try to fix the problem?

  • The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones.

  • The DoJ wishes to acquire "DeepFake" technology to create fake people.

  • Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant.

  • A bit of BIMI logo follow-up, then...

  • A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability

Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf)

Hosts: Steve Gibson) and Leo Laporte)

Download or subscribe to this show at https://twit.tv/shows/security-now).

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit)

You can submit a question to Security Now at the GRC Feedback Page).

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com), also the home of the best disk maintenance and recovery utility ever written Spinrite 6).

Sponsors: