Bluetooth Bug, Tenable, and Cosco – Paul’s Security Weekly #569

Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and GhostPack. Full Show Notes Subscribe to YouTube Channel
The post Bluetoo… Continue reading Bluetooth Bug, Tenable, and Cosco – Paul’s Security Weekly #569

Why is the U2F secret key on yubikeys is not programmable, and how to get a universal backup token?

I’m trying to figure the best strategy for having a backup U2F token. Ideally, I want to have two identical tokens; obviously I’ll have the primary one easily accessible (say, on my keyring), but the second one I’d place some… Continue reading Why is the U2F secret key on yubikeys is not programmable, and how to get a universal backup token?

Google hasn’t suffered an employee phishing compromise in over a year

Phishing attackers have failed to compromise a single employee account at Google since the company mandated authentication using U2F hardware tokens in early 2017. That’s the remarkable claim made to security writer Brian Krebs. Continue reading Google hasn’t suffered an employee phishing compromise in over a year

Google: Security Keys Neutralized Employee Phishing

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. Continue reading Google: Security Keys Neutralized Employee Phishing