Don’t believe everything you read—especially when it’s part of a marketing pitch designed to sell security services.
The latest example of the runaway hype that can come from such pitches is research published today by SquareX, a startup selling services for securing browsers and other client-side applications. It claims, without basis, to have found a “major passkey vulnerability” that undermines the lofty security promises made by Apple, Google, Microsoft, and thousands of other companies that have enthusiastically embraced passkeys.
Ahoy, face-palm ahead
“Passkeys Pwned,” the attack described in the research, was demonstrated earlier this month in a Defcon presentation. It relies on a malicious browser extension, installed in an earlier social engineering attack, that hijacks the process for creating a passkey for use on Gmail, Microsoft 365, or any of the other thousands of sites that now use the alternative form of authentication.Read full article
Comments
‘Healthcare is a team sport’: GW Hospital CEO shares strategy for DC market
Jason Barrett began serving as CEO of The George Washington University Hospital in Washington, D.C., on Aug. 18, and he brings more than 25 years
