This episode explores the security risks of AI, including 'agentic blabbering' in AI browsers that aids phishing attacks, the ability of models like Claude Opus to resurrect vulnerabilities in legacy code, the debate on 'shift left' security practices, and new threats like AI-generated 'ephemeral malware' and the challenges of the post-authentication perimeter.
An in-depth analysis of biometric authentication, exploring how the technology works, its applications in security, and the significant privacy risks involved. The summary covers biometric templates, threats like deepfakes, and mitigation strategies such as cancellable biometrics and multi-factor authentication.
Mazharul Islam from the University of Wisconsin—Madison introduces CASPER, a novel deception-based framework designed to detect the misuse of passkeys stolen from cloud storage providers. CASPER uses a system of decoy secrets and passkeys to enable relying parties (websites) to identify and flag unauthorized login attempts, effectively balancing security, usability, and deployability without disrupting the user experience.
This talk introduces an "abusability analysis framework" to evaluate technologies like passkeys under interpersonal threat models, such as intimate partner violence. An analysis of 19 services revealed critical implementation flaws, including irrevocable cloned passkeys and the failure of password resets to secure accounts, which can create persistent backdoors for abusers.