June 6, 2023
End of passwords? The Illusion of Verification, FSB Accuses NSA Hacking iPhones
In this Episode:
Is this the End of Passwords?
?? Edwin Kwan, Sydney, Australia ↗
1Password enables passkeys — a new option from passwords
The Illusion of Verification: How Gmail’s Checkmark System Fools Users
?? Ian Garrett, Arlington, Virginia ↗
https://www.forbes.com/sites/gordonkelly/2023/06/05/google-gmail-problem-new-security-warning-sender-verification
FSB accuses NSA of Hacking iPhones
?? Katy Craig, San Diego, California ↗
Operation Triangulation: iOS devices targeted with previously unknown malware | Securelist
This Day in Tech History
?? Marcel Brown, St. Louis, Missouri ↗
http://thisdayintechhistory.com/06/06
Episode Transcription:
Pokie Huang:
Hey, it’s 5:05 on Tuesday, June 6th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwon in Sydney, Australia, Ian Garrett in Arlington, Virginia, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri.
Let’s get to it.
Edwin Kwan:
This is Edwin Kwan from Sydney, Australia.
Passwords are painful. If you don’t use a password manager, creating, remembering and using a strong password can be a huge hassle. This is why so many people either use short passwords or reuse the same password across multiple accounts. There’s a solution for that and they’re called Passkeys.
They are the new kind of login credential that entirely replaces passwords. Unlike passwords, Passkeys don’t need to be memorized. There’s no such thing as a weak pass key, and they can’t be stolen in a data breach. They’re much more secure than passwords, incredibly easy to use and they are widely supported.
From today, that’s June 6th, 1Password’s browser extension will support Passkey sign in and in July the company will go further releasing a beta of their password manager and let users sign into their vaults with a public private encrypted passkey.
Perhaps this is the tipping point where passwords will start being past tense.
Ian Garrett:
Don’t trust the new blue check marks in Gmail. A recent security warning has raised concerns for the 1.8 billion users of Google’s popular email service Gmail. One of its newest security features, the check mark system designed to help users identify verified companies and organizations, has been exploited by hackers.
Hey folks, this is Ian Garrett in Arlington, Virginia.
Just last month, Gmail introduced a new security feature called the Checkmark System. The idea behind it was to help users distinguish between legitimate emails and those sent by impersonators running scams. The system would highlight verified companies in organizations with a blue checkmark.
While the system sounds great on paper, unfortunately scammers have managed to exploit the feature. According to cybersecurity engineer Chris Plumber, scammers have found a way to trick Gmail into thinking that the fake brands are legitimate.
Initially, Google dismissed Plumber’s discovery labeling it as intended behavior. But thanks to Plumber’s persistence and the attention that his tweets received, Google finally acknowledged the error and classified it as a top priority fix.
The security flaw works because Gmail’s BIMI implementation only requires SPF to match while allowing the DKIM signature to be from any domain. The effect of this attack is that the scammers are producing legitimately verified domains, but posing as other entities.
The implications of the security flow are significant to unsuspecting users. The check mark verification system, which was supposed to instill confidence in users and help them make informed decisions about the legitimacy of emails, is now putting Gmail users at risk.
So what can you do to protect yourself while Google works on a fix? Stay vigilant. Be cautious when dealing with emails, even if they have the check mark. Ultimately, while the check mark system is flawed, every email must be treated with the same scrutiny as before.
Katy Craig:
The Russian FSB Intelligence Service claims to have busted a US intelligence operation targeting Apple smartphones belonging to diplomatic missions and embassies right there in Russia.
This is Katy Craig in San Diego, California.
This alleged operation didn’t hold back. It set its sights on thousands of devices. We’re talking about smartphones of Russian citizens, diplomatic representatives from NATO countries, the post-Soviet block, Israel, China, South Africa, and more.
And how did they do it? Well, they exploited zero click vulnerability in those shiny Apple smartphones. The FSB pointed the finger at none other than the US National Security Agency, and they claim that Apple cooperated with the NSA for these attacks.
But that’s not all. Russian cybersecurity firm, Kaspersky, has some insights too. They’ve been tracking these attacks, calling them Operation Triangulation, and guess what? Even their own employees were targeted.
Kaspersky discovered compromised devices dating all the way back to 2019, and the attacks are still happening as we speak. Unlike the FSB, Kaspersky didn’t explicitly link the attacks to the NSA or any other advanced persistent threat. They couldn’t say for sure if other organizations were targeted.
Russian officials have asked their prosecutor general’s office to launch a formal investigation into Apple employees and US intelligence officials. They want answers and they want them now.
Apple categorically denies aiding any government organization or installing back doors and states they have never and will never spy on their users.
This is Katy Craig. Stay safe out there.
Marcel Brown:
This is Marcel Brown, the most trusted name in technology, serving you up some technology history for June 6th.
June 6th, 1984. Alexey Pajitnov first releases the game Tetris in the USSR. Tetris will become one of the most popular puzzle video games of all time.
Originally programmed for a Soviet built Electronika 60 computer, the game was soon ported to the IBM PC where it’s spread quickly throughout Moscow and the rest of the USSR, eventually making its way to Hungary. From there, the game was discovered and questionable attempts to license it for sale by various software companies were made. By 1989, half a dozen different companies claimed rights to create and distribute the Tetris software for home computers, game consoles in handheld systems.
Several highly complex and drawn out legal battles ensued in the following years to settle who had the rightful licenses and authority to sell the Tetris game in various formats and countries around the world. Ironically, Pajitnov itself was not able to make any money on Tetris for years because as an employee for the Soviet government, the Soviet State ended up owning the rights.
It was only when the rights reverted from the old Soviet government to Pajitnov and he moved to the US in 1996, that he was able to form a company and collect royalties. Then he went on to work for Microsoft Trading, one oppressive regime for another it would seem.
June 6th, 2005. In a keynote address at Apple’s Worldwide Developers Conference, Steve Jobs announces that Macintosh computers will transition from Power PC to Intel processors and demonstrates the Mac OS running on a computer with an Intel Pentium 4 processor.
Jobs revealed at the time that Apple had been secretly preparing for a possible transition to Intel for many years. Unbeknownst to the public, for every version of Mac OS 10 released, Apple actually had prepared a version running on an Intel processor. By making the transition to Intel, Apple paved the way for the resurgence of the Macintosh computer by making it more compatible with software for Microsoft Windows.
June 6th, 2009. Palm Incorporated releases the Palm pre smartphone through Sprint in an attempt to regain market share after their Treo line of smartphones is dwarfed by Apple’s iPhone.
Featuring the Linux-based palm webOS operating system the Pre receives some praise from technical reviewers, but due to poor marketing and the rapid pace in which Apple dominates the new world of smartphones, Palm series of phones and the webOS never really have a chance to gain a foothold.
Within the course of one year, Palm is purchased by HP for $1.2 billion. One year later after just two months of abysmal sales of their TouchPad tablets, HP halted production of all webOSX based devices. HP later released webOSX under an open source license, sold the operating system to electronics manufacturer LG, and the webOSX and Palm patents to Qualcomm. Today, lG licenses webOS from Qualcomm as the operating system for their smart televisions, smart refrigerators, and smart projectors.
Web OS also lives on an open source form.
That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
Pokie Huang:
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Edwin Kwan, Ian Garrett, Katy Craig, Marcel Brown for today’s contributions.
The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.