Dark mode: ON

Infosec Decoded Season 5 #34: WebAuthn

With Doug Spindler and sambowne@infosec.exchange

Recorded Fri, May 2, 2025

Politics

The DOJ Says Trump Has Saved 258 Million Lives. I Asked Them What That’s Based On.

Attorney General Pam Bondi said “Since you have been in office, President Trump, your DOJ agencies have seized more than 22 million fentanyl pills, 3,400 kilos of fentanyl, which saved—are you ready for this, media?—258 million lives.” This is based on 2 mg being treated as a lethal dose.

In 2022, around 73,838 people in the United States died from a drug overdose that involved fentanyl. This was the highest number of fentanyl overdose deaths ever recorded in the United States

Musk Risks Turning Tesla Into the Next Boeing

Across industries, safe companies ensure that everyone who works there has psychological safety — that they feel free to express ideas, ask questions, admit mistakes and even disagree with superiors, all without fear.

When it comes to safety, Musk often says the right things, but his actions don’t align with his words.

In 2014, Tesla engineer Cristina Balan says she went to him with concerns about the safety of the Model S’s floormats and the quality of its suppliers. According to Balan, she was told that if she did not resign, members of her team who were waiting on their green cards would be deported.

So, Tesla’s safety culture likely leaves a great deal to be desired. And if a problem does arise, Musk himself has ensured that the company can’t rely on regulators as a backstop. The DOGE job cuts at the National Highway Traffic Safety Administration have been concentrated among “staff assessing self-driving risks,” reports Ars Technica. This is reminiscent of what happened with Boeing, which reportedly used its influence with the federal government to weaken FAA oversight of the company.

Trump orders end to federal funding for NPR and PBS

Infosec

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.

H 540: RDP and Old Passwords (15 pts)

Common chemicals in plastic linked to over 350,000 deaths from heart disease

Researchers estimate that exposure to phthalates contributes to 13 percent of all heart disease deaths in people between ages 55 and 64 each year worldwide. They are found in food packaging, plastics, and lotions and shampoos.

Why MFA is getting easer to bypass and what to do about it

Services that use WebAuthn are highly resistant to adversary-in-the-middle attacks, if not absolutely immune. There are two reasons for this. First, WebAuthn credentials are cryptographically bound to the URL they authenticate. WebAuthn-based authentication must happen on or in proximity to the device the victim is using to log into the account. This occurs because the credential is also cryptographically bound to a victim device.

Sam Altman-backed World comes to the U.S.

World said it will bring its Orb scanner to the U.S., starting in Atlanta, Austin, Los Angeles, Miami, Nashville and San Francisco. The Altman-backed project made headlines for offering a small amount of its cryptocurrency in exchange for verifying identity and biometric data.

North Korean operatives have infiltrated hundreds of Fortune 500 companies

“Nearly every CISO that I’ve spoken to about the North Korean IT worker problem has admitted they’ve hired at least one North Korean IT worker, if not a dozen or a few dozen.”