The Secure One

X & Passkeys by @rmondello@hachyderm.io

You may have heard that “X”, “the everything app”, is making users re-enroll their passkeys so they have passkeys that are saved for x.com instead of twitter.com.Something that all of y’all should know is that, although passkeys are bound to an origin, passkeys are usable across origins (specific limitations apply). By adopting Related Origin Requests, the X app and website could make use of twitter.com passkeys. (Adopters of Related Origin Requests in production include Amazon, Microsoft, and Ticketmaster.)Forcing users to re-enroll their credentials is categorically technically unnecessary, unless their goal was to ensure users never see “twitter.com” in password manager UI. Hypothetically, if I had to execute on that goal, I wouldn’t set a deadline by which I’d stop accepting twitter.com passkeys, because that’s an inconvenience for users that can turn into a self-inflicted downgrade attack of sorts.

Evil Corp - Introducing Evil Corp - BBC podcasts

🐁🖱️How your mouse could eavesdrop and rat you out • The Register

Two teenagers arrested over cyber-attack on nursery chain - BBC News

The cyberattack on UK retailer Co-op in April caused empty shelves, customer data theft, and a $275M revenue loss securityaffairs.com/182713/se…

I did not realise golf had such aggressive audiences ⛳️🏌🏽

Haha hilarious ….podcasts.apple.com/gb/podcas…

Democracy in the Age of AI via @@au@g0v.social and @ia

It’s an old one but a good one. Protecting you kids online

youtube.com/watch

I think it is time to update the Rabbit to the new OS, looks interesting. Hopefully, it will move me away from using it as a paper weight!

Interesting read for a Sunday - Fugitive, Traitor, Soldier or Spy - www.gq-magazine.co.uk/article/d…

Can the EU break free from American tech companies ? In the FT

Denmark is doing the right thing Denmark to tackle deepfakes by giving people copyright to their own features | Deepfake | The Guardian