Everyone hates dealing with passwords. This has led to a mad search for ‘password-killer’ technology. After several failed attempts, there’s finally a worthy contender: passkeys. The technology has been around for years – it’s the basis for hardware keys like YubiKey. But no one wanted to have to carry the little things all the time. With passkeys, you get the same phishing-proof, passwordless goodness but tied to a device you always have: your smartphone. Websites are slowly rolling out the ability to secure your accounts with passkeys, and Apple, Google and Microsoft are building support for passkeys into their operating systems. But I would caution you to wait a bit before jumping on the bandwagon – I’ll explain why in today’s show.

In other news: update all your Apple devices; FBI and NSA break the notorious Snake malware; Intel deploys microcode security update; location data on 2M Toyoya customers exposed for years; new .zip and .mov domains are dangerously ambiguous; new crafty Chinese router malware; online age verification will cause serious problems; Apple will allow you to ‘bank’ your voice soon.

1. [Tom’s Guide] Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now https://www.tomsguide.com/news/apple-issues-urgent-fix-to-block-zero-day-attacks-update-your-iphone-and-mac-now
   
2. [tech.co] FBI & NSA Cut the Head Off Notorious Russian Snake Malware https://tech.co/news/nsa-fbi-russian-snake-malware
   
3. [Tom’s Hardware] Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake https://www.tomshardware.com/news/intel-microcode-security-update
   
4. [BleepingComputer] Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/
   
5. [Digital Trends] Hackers are using a devious new trick to infect your devices https://www.digitaltrends.com/computing/hackers-are-abusing-zip-mov-domain-names/
   
6. [9to5mac.com] Researchers find security flaw in Wemo Smart Plug, Belkin says it won’t release a patch https://9to5mac.com/2023/05/16/wemo-smart-plug-security-flaw-no-patch-coming/
   
7. [Ars Technica] Malware turns home routers into proxies for Chinese state-sponsored hackers https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/
   
8. [Electronic Frontier Foundation] Age Verification Mandates Would Undermine Anonymity Online https://www.eff.org/deeplinks/2023/03/age-verification-mandates-would-undermine-anonymity-online
   
9. [9to5mac.com] Everyone should use Personal Voice; it does in 15 minutes what currently takes several weeks https://9to5mac.com/2023/05/19/everyone-should-use-personal-voice/
   
10. Tip of the Week: The Pros & Cons of Passkeys https://firewallsdontstopdragons.com/the-pros-and-cons-of-passkeys/
    

• Meross MSS115 Matter-enabled smart plug: https://shop.meross.com/products/meross-matter-smart-wi-fi-plug-mini-mss115
  
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 
  
• Give the gift of privacy and security: https://fdsd.me/coupons 
  
• Send me your questions! https://fdsd.me/qna 
  
• Support our mission! https://fdsd.me/support 
  
• Subscribe to the newsletter: https://fdsd.me/newsletter 
  
• Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
  
• Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest 
  
• Generate secure passphrases! https://d20key.com/#/ 
  

Use these timestamps to jump to a particular section of the show.

• 0:01:10: Update on new location tracker spec
  
• 0:02:52: News preview
  
• 0:05:30: FBI & NSA Cut the Head Off Notorious Russian Snake Malware
  
• 0:07:27: Intel Deploys Undisclosed Microcode Security Update
  
• 0:11:12: Toyota location data of 2M customers exposed for years
  
• 0:15:34: Phishers looking to capitalize on ambiguous new TLDs
  
• 0:19:32: Security flaws in Wemo Smart Plug won’t be fixed
  
• 0:25:08: Malware turns home routers into proxies for Chinese hackers
  
• 0:30:53: Age Verification Mandates Would Undermine Anonymity Online
  
• 0:39:23: Apple to offer new “voice-banking” technology
  
• 0:43:42: Dear Carey/Tip of the Week
  
• 0:59:19: Upcoming shows, coin promotion