Security Now (Audio) artwork

Security Now (Audio)

212 episodes - English - Latest episode: 2 days ago - ★★★★★ - 1.5K ratings

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Tech News News Technology twit technology steve gibson leo laporte security spyware malware hacking cyber crime encryption
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Episodes

SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

March 27, 2024 01:22 - 2 hours - 2.41 KB

Apple vs U.S. DoJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://ww...

SN 966: Morris The Second - Voyager 1, The Web Turns 35

March 20, 2024 00:03 - 2 hours - 58.9 MB

Voyager 1 update The Web turned 35 and Dad is disappointed Automakers sharing driving data with insurance companies A flaw in Passkey thinking Passkeys vs 2fa Sharing accounts with Passkeys Passkeys vs. Passwords/MFA Workaround to sites that block anonymous email addresses Open Bounty programs on HackerOne Steve on Twitter Ways to disclose bugs publicly Security by obscurity Something you have/know/are vs Passkeys Passkeys vs TOTP Inspecting Chrome extensions Passkey transpor...

SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

March 13, 2024 00:47 - 2 hours - 65.8 MB

VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://ww...

SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

March 06, 2024 00:13 - 2 hours - 60.7 MB

"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer Cory Doctorow's Visions of the Future Humble Book Bundle CTRL-K shortcut for search on a browser Direct bootable image downloading for GRC's servers Closing the loop on compromised emails Taco Bell's passwordless app A solution for Bcrypt's password length limit of 72 bytes Data as the missing piece for law enforcement and privacy advocates The token solution for email-only login Apple's Password Manager ...

SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted

February 28, 2024 01:48 - 2 hours - 114 MB

Nevada attempts to block Meta's end-to-end encryption for minors. A survey of security breaches Edge's Super-Duper Secure Mode moves into Chrome DoorDash dashes our privacy Avast charged $16.5 million for selling user browsing data No charge for extra logging! European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members LockBit RaaS group disrupted Firefox v123 The ScreenConnect Authentication Bypass SpinRite upda...

SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

February 21, 2024 02:02 - 2 hours - 61.6 MB

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve ...

SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

February 14, 2024 01:54 - 2 hours - 56.8 MB

Toothbrush Botnet "There are too many damn Honeypots!" Remotely accessing your home network securely Going passwordless as an ecommerce site Facebook "old password" reminders Browsers on iOS More UPnP Issues A password for every website? "Free" accounts Keeping phones plugged in Running your own email server in 2024 iOS app sizes SpinRite 6.1 running on an iMac SpinRite update Bitlocker's encryption cracked in minutes Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf Host...

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

February 07, 2024 02:11 - 2 hours - 57.1 MB

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers ...

SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

January 31, 2024 02:28 - 2 hours - 63.5 MB

iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS s...

SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results

January 24, 2024 02:37 - 2 hours - 61.9 MB

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack US Health and Human Services Breached Firefox vs "The Competition" Brave reduces its anti-fingerprinting protections CISA's proactive policing results one year later Longer Life For Samsung Updates Google Incognito Mode "Misunderstanding" Show Doc Not showing images on iOS Safari Generated AI Media Authentication Which computer languages to learn? Flashlight app subscription Google's Privacy Sandbox ...

SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles

January 17, 2024 01:27 - 1 hour - 48.4 MB

What would an IoT device look like that HAD been taken over? And speaking of DDoS attacks Trouble in the Quantum Crypto world The Browser Monoculture Question about the Apple backdoor Getting into infosec proton drive vs sync SpinRite update The Protected Audience API Show Notes - https://www.grc.com/sn/SN-957-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit...

SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass

January 10, 2024 02:14 - 1 hour - 52.2 MB

More on Apple's hardware backdoor Russian Hacking of Ukranian cameras Russian hackers were inside Ukraine telecoms giant for months Things are still a mess at 23andMe CoinsPaid was the victim of another cyberattack Crypto Hacking in 2023 Mandiant Twitter scam Defining "cyber warfare" LastPass is making some changes Windows Watch Google settles $5 billion lawsuit Return Oriented Programming Shutting Down Edge Root Certificates Credit freezing SpinRite Update Show Notes - http...

SN 955: The Mystery of CVE-2023-38606 - SpinRite Update, Nebula Mesh, Apple's Backdoor

January 03, 2024 02:20 - 1 hour - 51.9 MB

SpinRite 6.1 update Pruning Root Certificates A solution to Schrodinger's Bowl DNS Benchmark and anti-virus tools Nebula Mesh SpinRite 7 is coming The Mystery of CVE-2023-38606 Show Notes - https://www.grc.com/sn/SN-955-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps ...

SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

October 04, 2023 04:03 - 2 hours - 58.6 MB

Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk. Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware. Windows 11 now natively supports passkeys, though browser support may make this redundant. Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited. The ECH TLS extension encrypts the ClientHe...

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

September 27, 2023 01:18 - 2 hours - 67 MB

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language. China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden. A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords. The Signal messaging platform has added a post-quantum encry...

SN 940: When Hashes Collide - Secure-wipe best practices, browser identity segregation, bye bye Twitter (X)

September 20, 2023 01:34 - 2 hours - 58 MB

Last week's news about evidence of LastPass vault decryption targeting cryptocurrency keys, and the UK's backing down on its encryption monitoring legislation. How hardware security modules (HSMs) allow cryptographic operations like code signing without exposing private keys. Browser identity segregation using multiple profiles rather than separate browsers. Requirements and best practices for securely wiping data from modern solid state drives. A countdown clock for the 32-bit UNIX tim...

SN 939: LastMess - Online Safety Bill, Microsoft Outlook breach details, auto brand data privacy

September 13, 2023 00:56 - 2 hours - 55.4 MB

UK government appears to back down on demands to break encryption in Online Safety Bill Microsoft reveals how China-based hackers acquired secret key used to breach Outlook accounts Multiple flaws allowed key to improperly leave highly secure environment Mozilla research finds all major auto brands fail on privacy protection Evidence suggests LastPass encrypted vault data is being decrypted Researchers tie $35M in crypto thefts to compromised LastPass accounts Brute force feasible on ...

SN 938: Apple Says No - Topics coming to Android, Apple security research, browser extension vulnerabilities

September 06, 2023 02:20 - 2 hours - 56.3 MB

Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives. There has been another sighting of Google's Topics API, this time on Android phones. It allows apps to get information about users' interests based on recent app usage. Apple has opened up their iPhones to security researchers through their Security Research Device program since 2019. Researchers get access to customize...

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

August 30, 2023 01:28 - 2 hours - 59.6 MB

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. ...

SN 936: When Heuristics Backfire - OpenSUSE, SanDisk and Western Digital, 8Base, TSSHOCK

August 23, 2023 02:10 - 2 hours - 61.2 MB

OpenSUSE goes private. Android to get satellite comms. SanDisk and Western Digital in hot water. You're asking for it: YouTube children's privacy. Whoopsie! 8Base. Where the money is. The TSSHOCK vulnerability. BitForge. A Quantum resilient security key. Removed Chrome extensions notifications. HTTPS by default? WinRAR 6.23 final released. Closing the Loop. When Heuristics Backfire. Show Notes - https://www.grc.com/sn/SN-936-Notes.pdf Hosts: Steve Gibson and Leo Laporte Down...

SN 935: "Topics" Arrives - Firefox multi-account containers, DuckDuckGo email alias, satellite crowding

August 16, 2023 00:53 - 1 hour - 54.8 MB

Picture of the Week. Security Now!'s 18th birthday! Closing the Loop. Firefox Multi-Account Containers. A question about Full Disk Encryption on SSD's. Should I run SpinRite before I back up my drives to a NAS? Overly complex password rules. DuckDuckGo's email alias. The new Russian Astra Linux based OS can not legally be possible. Regarding satellite crowding: The skies won't be darkening anytime soon. This is what came to mind on the Voyager 2 segment with the shout. Can you pl...

SN 934: Revisiting Global Privacy Control - Voyager 2, MS Security, keyboard acoustic side-channel attacks

August 09, 2023 01:31 - 2 hours - 55.4 MB

Picture of the Week. NASA "shouted" at Voyager. Another view of Microsoft. What about this Chinese attack? AI meets Keyboard Acoustic Side-Channel attacks. Closing the Loop. Revisiting Global Privacy Control. Show Notes: https://www.grc.com/sn/SN-934-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the ...

SN 933: TETRA:BURST - Satellite Turla, Android tracker tech, VirusTotal 2023 report, open source in Russia

August 02, 2023 02:15 - 2 hours - 66.6 MB

Picture of the Week. Satellite Turla: APT Command and Control in the Sky. OS 17 to further crack down on device fingerprinting. Android to start warning of "unknown trackers". The 7th branch of the US military. Russia criminalizes open source project contribution. VirusTotal's 2023 report. Closing the Loop. TETRA:BURST. Show Notes - https://www.grc.com/sn/SN-933-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now....

SN 932: Satellite Insecurity, Part 2 - Apple vs UK, Cyber Resilience Act, Web Environment Integrity

July 26, 2023 02:06 - 2 hours - 61.1 MB

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this...

SN 931: Satellite Insecurity, Part 1 - Kaspersky on MS flaw, WormGPT, Bitcoin addresses, Twitter DM change

July 19, 2023 00:28 - 1 hour - 52.2 MB

Picture of the Week. Kaspersky on Microsoft's Patch Tuesday. As the worm turns: WormGPT. Microsoft revokes 100+ malicious drivers. MOVEit Update. Does Dun & Bradstreet know you? No Threads for you! (or EU!) All Bitcoin addresses look alike. Twitter changes DM settings. Closing the Loop. SpinRite. Satellite Insecurity, Part 1. Show Notes: https://www.grc.com/sn/SN-931-Notes.pdf  Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/secu...

SN 930: Rowhammer Indelible Fingerprinting - MOVEit SQLi flaw, China's OpenKylin v1, Firefox 115, Syncthing

July 12, 2023 01:14 - 2 hours - 59.5 MB

Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible F...

SN 929: Operation Triangulation - DuckDuckBrowse, KasperskyOS Phone, Cyber Force, MOVEit

June 28, 2023 02:02 - 2 hours - 58.3 MB

Picture of the Week. Catching Leo up to speed from last week. DuckDuckBrowse. And an updated Tor Browser. Opera, now enhanced with "AI". The KasperskyOS Phone. The cost of doing business in Russia. Slowly turn the wheels of justice. The US to create a new "Cyber Force". Apple.com now supports Passkeys. Selective GDPR enforcement? Facial Recognition is Photo Recognition. Google cybersecurity clinics. Progress/MOVEit sued. Closing the Loop. SpinRite. Operation Triangulation. ...

SN 928: The Massive MOVEit Maelstrom - Patch Tuesday, SpinRite 7.1, MOVEit

June 21, 2023 00:57 - 2 hours - 56.1 MB

Picture of the Week. Patch Tuesday. Does EVERYTHING leak?? Closing the Loop. SpinRite gets version 7.1! The Massive MOVEit Maelstrom. Show Notes: https://www.grc.com/sn/SN-928-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including...

SN 927: Scanning the Internet - IoT DDoS rising, who pays for Cryptomining, WWDC security announcements

June 14, 2023 01:39 - 2 hours - 68.3 MB

Picture of the Week. Cryptomining Rude Surprise Billing. Musk's Twitter is refusing to pay for Cloud Services. IoT DDoS rapidly rising. H1CA found executing code on client machines. Apple's WWDC Redux. France takes a different approach... Russia: Scanners stay out! Miscellany. Closing the Loop. SpinRite. Scanning the Internet. Show Notes: https://www.grc.com/sn/SN-927-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/secu...

SN 926: Windows Platform Binary Table - OWASP, Tor anti-DoS protection, Mandatory SMB Signing on Win 11

June 07, 2023 02:24 - 2 hours - 62 MB

Picture of the Week. Another week of silence from HP. Mandatory "SMB Signing" coming to Windows 11. OWASP. Did Apple help the NSA attack the Kremlin? Kaspersky's analysis of this iPhone attack and compromise. The Trifecta Jackpot! Who wrote that? Tor gets anti-DoS protection. Cybersecurity at Educational institutions. Civilian Surveillance Cameras in Ukraine. Cyber Mercenaries. Closing the Loop. Windows Platform Binary Table. Show Notes: https://www.grc.com/sn/SN-926-Notes.pdf...

SN 907: Credential Reuse - iOS 16.3, ChatGPT creates malware, Bitwarden acquires Passwordless.dev

January 25, 2023 03:15 - 1 hour - 48.9 MB

Picture of the Week. PayPal Credential Stuffing. iOS 16.3 : Cloud encryption for all. InfoSecurity Magazine: "ChatGPT Creates Polymorphic Malware". CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT. "Meta" fined for the third time. Bitwarden acquires "Passwordless.dev". Closing the Loop. SpinRite. Credential Reuse. Show Notes: https://www.grc.com/sn/SN-907-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows...

SN 906: The Rule of Two - Norton Lifelock Data Breach, Chromium and Rust, LastPass

January 18, 2023 02:44 - 1 hour - 52.7 MB

Picture of the Week About Password Iterations EBC or CB Norton Lifelock Troubles Chrome Follows Microsoft and Firefox Chromium is Beginning to Rust BYOVD and Windows Defender Failures Closing the Loop (feedback) The Rule of Two Show notes: https://www.grc.com/sn/sn-906-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to...

SN 905: 1 - LastPass Aftermath, LastPass vault de-obfuscator, LastPass iteration count folly

January 11, 2023 03:33 - 1 hour - 51.3 MB

Picture of the Week. LastPass Aftermath. LastPass Vault De-Obfuscator. What more do we know this week regarding LastPass? The most alarming discovery by listeners. Understanding the scale of GPU-enhanced password cracking. On the true strength of passwords. Feedback from listeners regarding LastPass. Show Notes https://www.grc.com/sn/SN-905-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free ...

SN 904: Leaving LastPass - How LastPass failed, Steve's next password manager, how to protect yourself

January 04, 2023 04:47 - 2 hours - 56.6 MB

Picture of the Week. SpinRite. Leaving LastPass. Is there reason for concern? Well known password cracker Jeremi Gosney's LastPass rant. Steve shares his plan regarding LastPass. What is Steve's next password manager? What should LastPass users do to protect themselves? Show Notes https://www.grc.com/sn/SN-904-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit....

SN 903: Security Now Best of 2022 - The best moments from throughout the year

December 27, 2022 17:02 - 2 hours - 64.9 MB

Anatomy of a Log4j Exploit. Will Russia Disconnect? FCC Says Kaspersky Labs is a National Security Threat. Lenovo UEFI Firmware Troubles. That "Passkeys" Thing. Dis-CONTI-nued: The End of Conti? Steve's Take on the LastPass Breach. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbp...

SN 902: A Generic WAF Bypass - Pwn2Own Toronto, URSNIF malware, Vivaldi Mastodon support, Bye Bye SHA-1

December 21, 2022 02:39 - 1 hour - 53.6 MB

Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability da...

SN 901: Apple Encrypts the Cloud - Chrome Passkeys, Telegram malware, SYNC.com outage, Rackspace lawsuits

December 14, 2022 04:00 - 2 hours - 66.6 MB

Picture of the Week. Chrome does Passkeys. SYNC.COM suffered its first outage. Medibank reboot. Totally fake cryptocurrency trading platforms. Malware on Telegram. Texas gets in on the TikTok banning. The LastPass class action lawsuit. Rackspace had a big embarrassing problem. Rackspace is now facing at least three class action lawsuits. Another country goes on the offensive. Closing The Loop. SpinRite. Miscellany. Apple Encrypts the Cloud. Show Notes https://www.grc.com/sn/S...

SN 900: LastPass Again - South Dakota bans TikTok, Anker Eufy Camera debacle, Mozilla yanks trusted root

December 07, 2022 03:08 - 2 hours - 56.3 MB

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop...

SN 899: Freebie Bots & Evil Cameras - iSpoofer no more, Boa server vulnerability, CISA on Mastodon

November 30, 2022 02:24 - 1 hour - 54.7 MB

Picture of the Week. iSpoof you no more. Here come the Freebie Bots! Anatomy of the real-time Cryptocurrency heist. Lookin' for something to do? Boa server vulnerability. The dilemma of closed-source Chinese networking products. The Cyber Defense Index. Malicious Docker Hub images. Since we've been tracking 0-days for a while. CISA on Mastodon. Miscellany. Closing The Loop. SpinRite. Show Notes https://www.grc.com/sn/SN-899-Notes.pdf   Hosts: Steve Gibson and Leo Laporte D...

SN 898: Wi-Peep - FBI purchased Pegasus, Passkey support directory, Quantum decryption deadline, Firefox 107

November 23, 2022 02:59 - 2 hours - 62.4 MB

Picture of the Week. Firefox v107 was released last Tuesday. Google settles for a cool $391.5 million. Red Hat Signing its ZIP file Packages. The FBI purchased Pegasus for "research and development purposes". Greece bought Predator for €7 million. A passkeys support directory. Quantum decryption deadline. Attorneys General ask the FTC for online privacy regulation. Closing The Loop. SpinRite. Wi-Peep. Show Notes https://www.grc.com/sn/SN-898-Notes.pdf Hosts: Steve Gibson and Le...

SN 891: Poisoning Akamai - Turnstile vs CAPTCHA, Microsoft Teams Under Attack

October 05, 2022 01:57 - 1 hour - 54.2 MB

Picture of the Week. (What Could Possibly Go Wrong) Microsoft Teams - Unecessarily Insecure Roskomnadzor blocks Soundcloud Microsoft Exchange Server Under Attack Again I'm (Still) Not a Robot! Google TAG History Closing the Loop Poisoning Akamai   We invite you to read our show notes at https://www.grc.com/sn/SN-891-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https:...

SN 890: DarkNet Politics - EU and Google Analytics, Rockstar hacker busted, Mozilla says no fair

September 28, 2022 02:46 - 1 hour - 48.9 MB

Picture of the Week. Can't have it both ways. Denmark has become the fourth EU member to rule that the use of Google Analytics is illegal. Rockstar Games hacker is busted! Mozilla says: No fair! Vivaldi, Manifest V3, webRequest, and ad blockers. Sticky Chrome vulnerabilities. SMB authentication rate limiter now on by default in Windows Insider. US bill to secure FOSS software. Iran vs Albania. Closing The Loop. The Silver Ships. SpinRite. DarkNet Politics. We invite you to rea...

SN 889: Spell-Jacking - Cyber-Insurance, GTA 6 leak, MiraclePtr, CVSS9.8 for WordPress, Uber Oops!

September 21, 2022 01:46 - 1 hour - 50.2 MB

Picture of the Week. This is Patch News-Day. Lloyd's of London backing away from Cyber-Insurance. Uber Oops! Rockstar Games: Grand Theft Auto 6 Massive Leak. LastPass Breach Update. A CVSS 9.8 for WordPress. What cost, Security? Use-after-freedom: Google's "MiraclePtr" Closing The Loop. Spell-Jacking. We invite you to read our show notes at https://www.grc.com/sn/SN-889-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/sec...

SN 888: The EvilProxy Service - MooBot, Crypto Heist, Cyberwarfare, QNAP, The Silver Ships

September 14, 2022 04:03 - 2 hours - 56.8 MB

Picture of the Week. Cyberwarfare: Albania vs Iran. Crypto Heist — this or that. The White House "Tech Platform Accountability" Listening Session. Changes to the Dutch Intelligence Law. Another QNAP mess. D-Link's being taken over by MooBot. Sci-Fi Discovery: "The Silver Ships". Closing The Loop. The EvilProxy Service. We invite you to read our show notes at https://www.grc.com/sn/SN-888-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://...

SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

September 07, 2022 02:50 - 2 hours - 55.8 MB

Picture of the Week. Google's (newest) Open Source Software Vulnerability Rewards Program. Did TikTok leak 2.05 BILLION User Records? An urgent Chrome update patches new 0-day flaw. Permission-less Browser Clipboard Write. Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download. A Quantum Hype Bubble? All of the BlackHat 2022 Presentation Slides PDFs. Csurf NPM library mistake. SpinRite. Closing The Loop. Sci-Fi Discovery: "The Silver Ships" Embeddin...

SN 886: Wacky Data Exfiltration - LastPass breach, FTC Kochava lawsuit, Hikvision IoT mess

August 31, 2022 02:44 - 2 hours - 55.5 MB

Picture of the Week. LastPass Breached. The US Federal Trade Commission filed a lawsuit against data broker Kochava. The US Federal Communications Commission launched an investigation into mobile carriers' geolocation data practices. California, here I come! A conversation with a Ransomware Attacker. DuckDuckGo's Privacy-Enhanced eMail Forwarding. Another IoT mess care of "Hikvision" SpinRite. Closing The Loop. Wacky Data Exfiltration. We invite you to read our show notes at http...

SN 885: The Bumblebee Loader - RTL819x Exploit, RubyGems Update, Chrome's Fifth 0-Day of 2022

August 24, 2022 01:54 - 1 hour - 49.3 MB

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to t...

SN 884: TLS Private Key Leakage - BIG patch Tuesday, Facebook E2E encryption, VNC insecurity, Cyotek WebCopy

August 17, 2022 03:14 - 1 hour - 51.9 MB

Picture of the Week. Patch Flashback Tuesday. Facebook is cautiously creeping toward default E2E encryption. VNC's inherent insecurity. The need to control domain names. And speaking of backup: Cyotek WebCopy. Google's Ryan Sleevi Retweeted Jens Axboe. SandSara Update from Ed Cano. Closing The Loop. SpinRite. TLS Private Key Leakage. We invite you to read our show notes at https://www.grc.com/sn/SN-884-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this ...

SN 883: The Maker's Schedule - VirusTotal, Daniel Bernstein sues the NSA, Win 11 might damage encrypted data

August 10, 2022 02:40 - 1 hour - 50.9 MB

Picture of the Week. Crypto is Hard. VirusTotal: Deception at a scale. Windows 11 might damage encrypted data. Microsoft Defender External Attack Surface Management. Closing The Loop. Daniel Bernstein sues the NSA. The Maker's Schedule. We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/cl...

SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack

August 03, 2022 03:16 - 2 hours - 60.9 MB

Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subs...