Hello and welcome to the Thursday, May 4, 2020,

3 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Savi today wrote about an increase in scans for configuration files on his honeypot.

This is something that we have also been tracking in the honeypots deployed by our

volunteers, so in our D-Shield Honeypot network.

I've written a couple times about this in the past,

but what it really comes down to is that if you have any configuration file like environment variables or the like in your root web directory, they probably have been leaked.

There are a number of different name variations and so that are being attempted here.

If you go to our honeypot data, the web honeypot data page,

you can see sort of that among the top hits for any given days recently, there were things

like dot-env, Amazon.com, dot-env backup, and various variations of these configuration file names. So double check that you

haven't left any configuration files like this in your home directory. And not unexpectedly,

Google today announced that if you have an account with any of the Google sites, you will now be able to use pass

keys and also make pass key your exclusive way, how you are logging in to your Google

account, meaning that you will no longer need a password, but you also will no longer be able

to use a password if you wish

to do so. So this is an option that you have. What excites me about this is a pass case,

really sort of the next step in that Fido2 aligns motion to passwordless authentication. It's a

really interesting technology. It builds on top of the sort of

web auth and ecosystem that has evolved in the last few years. What I find kind of exciting about

PASCII versus some of the earlier kind of implementations of these FIDO standards is that it

...