SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

Security Now (Audio)

English - October 04, 2023 04:03 - 2 hours - 58.6 MB - ★★★★★ - 1.5K ratings
Tech News News Technology twit technology steve gibson leo laporte security spyware malware hacking cyber crime encryption Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Next Episode: SN 955: The Mystery of CVE-2023-38606 - SpinRite Update, Nebula Mesh, Apple's Backdoor

Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware.
Windows 11 now natively supports passkeys, though browser support may make this redundant.
Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited.
The ECH TLS extension encrypts the ClientHello packet to hide SNI data.
Exim disclosure timeline and impact on millions of vulnerable servers.
Bing chat ads mimic search result malvertising risks amplified by chatbot trust.

Show notes: https://www.grc.com/sn/SN-942-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

canary.tools/twit - use code: TWIT
expressvpn.com/securitynow
kolide.com/securitynow