Week of September 6

Welcome to my weekly letter, where I share a few noteworthy articles and my own commentary. Without further ado…

Weekly Read

• Why the Password Isn’t Dead Quite Yet (Wired) — DoD’s CAC and US government’s PIV started to make identity binding and transfer more secure by utilizing PKI, various SSO solutions successfully reduced the need of multiple account and passwords, then in the past decade FIDO alliance has helped to almost make password extinct… almost, but until then, currently the best option is still to use the combination of 1) a password manager (like Chrome Password manager that integrates fairly well with Android) to manage challenging passwords that’s unique for each site/services, and, 2) enabling MFA (use a security key, or an authenticator app. Don’t use SMS-based MFA!)
• An Office Phone Flaw Can’t Be Fixed by Cisco Alone (Wired) — Perhaps it is time to just move everyone to a VOIP based softphone solution… and for the nostalgic ones, give them an accessory like this 😉
• An Explosive Spyware Report Shows the Limits of iOS Security (Wired) — this is about NGO’s invasive Pegasus spyware, that’s able to perform zero-click exploit against both iOS and Android devices for the intent to access the data that’s private to its user. Quite scary stuff, considering that there’s still no real fix to the spyware. For consolation, it is a spyware that’s costly, thus typically only used by state sponsored attacks against specific targets (instead of random hacker attacking random individuals)
• Hospitals Still Use Pneumatic Tubes-and They Can Be Hacked (Wired) — I am not sure if I am more imprisoned by the vulnerability or by knowing this old infrastructure is still around! Last time I saw them was almost 20 years ago in one of my college jobs…

That’s it for this week! Have a nice weekend!

Stay Tuned…

It’s super easy to follow my updates:

1. If you use any feed readers (e.g. Feedly): Subscribe to my site’s RSS feed
2. If you are a Medium user, follow me or my publication. Optionally you can adjust your email preference to get my updates via emails

Originally published at https://heta.link on September 10, 2021.