Security Now (Video)
229 episodes - English - Latest episode: 5 days ago - ★★★★★ - 124 ratingsCybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
SN 800: SolarBlizzard - SolarWinds' Orion Software, Swatting Goes IoT, PHP Zend Framework Vulnerability
January 06, 2021 02:00 - 1 hour - 1.17 GB VideoSolarWinds' Orion software, swatting goes IoT, PHP Zend Framework vulnerability. Chrome struggles with A/V pre-scan file locking. Zyxel security products protected by a single redundant password. How Swatters are using IoT devices to increase the terror. A new serious problem in the PHP Zend Framework on WordPress. Bitcoin woes as value reaches new peaks. ReadSpeed, SSD's, and SpinRite. A new flaw discovered in SolarWinds' Orion software. We invite you to read our show notes at htt...
SN 799: Sunburst & Supernova - Ransomware Task Force, Chrome 87, Firefox Caches, Preserving Flash Video
December 30, 2020 01:30 - 1 hour - 1.22 GB VideoRansomware Task Force, Chrome 87, Firefox caches, preserving Flash video. Chrome 87 backs away from Insecure Form Warnings. Firefox to begin partitioning its caches. Browsers say no to Kazakhstan again. Announcing the RTF - The Ransomware Task Force. 5 million WordPress sites in critical danger. Treck's TCP/IO stack strikes again! Preserving Flash content online. SpinRite: ReadSpeed is ready! InitDisk is at release 5. Numerous updates on SolarWind, Sunburst, and Supernova. We in...
SN 798: Best of 2020 - The Year's Best Stories on Security Now
December 22, 2020 19:00 - 1 hour - 921 MB VideoLeo Laporte walks through some of the highlights of the show and most impactful stories of 2020. Stories include: Clearview AI face scanning. The "EARN IT" act. Zoom security issues. Why contact tracing apps won't work. How to prevent the next Twitter hack Ring's autonomous flying home security webcam. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. ...
SN 797: SolarWinds - Chrome Throttling Ads, Google Outage, 2020 Pwnie Awards, JavaScript's 25th Birthday
December 16, 2020 03:00 - 2 hours - 1.45 GB VideoChrome throttling ads, Google outage, 2020 Pwnie Awards, JavaScript's 25th birthday. Chrome's heavy ad intervention. Adrozek. Ransomware: "Double Extortion." A 0-click wormable vulnerability in D-Link VPN servers. Google suffered an outage. Amnesia:33. Zero-day in WordPress SMTP plugin. The 2020 Pwnie Awards. The end of Flash. JavaScript is celebrating its 25th birthday. InitDisk release 4 published. A deep look at the SolarWinds hack. We invite you to read our show notes at h...
SN 796: Amazon Sidewalk - Google Play Core Library, iOS Zero-Click Radio Proximity Exploit, Apple M1 Chip
December 09, 2020 02:00 - 2 hours - 1.52 GB VideoGoogle Play Core Library, iOS zero-click radio proximity exploit, Apple M1 chip. Ransomware news regarding Foxconn, Egregor, and K12 Inc. The Apple iPhone zero-click radio proximity vulnerability. Oblivious DoH (ODoH). Google Play Core Library problems. The mysterious power of Apple's M1 Arm processor chip. InitDisk release 2 published. SpinRite update. Amazon Sidewalk. We invite you to read our show notes at https://www.grc.com/sn/SN-796-Notes.pdf Hosts: Steve Gibson and Leo Lap...
SN 795: DNS Consolidation - Generic Smart Doorbells, Tesla Model X Key Fobs, Critical Drupal Flaw, Spotify
December 02, 2020 03:00 - 2 hours - 1.43 GB VideoGeneric smart doorbells, Tesla Model X key fobs, critical Drupal flaw, Spotify. Chrome Omnibox becomes more Omni. Chrome's open tabs search. Ransomware news involving Delaware County, Canon, US Fertility, Ritzau, Baltimore County Public Schools, and Banijay group SAS. Drupal's security advisory titled "Drupal core - Critical - Arbitrary PHP code execution." The revenge of cheap smart doorbells. Tesla Key Fob Hack #3. CA's adapt to single-year certs. Nearly 50,000 Fortinet VPN crede...
SN 794: Cicada - Ongoing WordPress Attack, RCS Gets End-to-End Encryption
November 25, 2020 01:30 - 1 hour - 1.06 GB VideoOngoing WordPress attack, RCS gets End-to-end encryption. Chrome moves to release 87. Explicit Publication of Privacy Practices. Firefox 83 gets HTTPS-only Mode. Mozilla seeks consultation on implementing DNS-over-HTTPS. The comical announcement strategy of the Egregor Ransomware. Large-scale attacks targeting Epsilon Framework Themes in WordPress. Cybercrime gang installs hidden e-commerce stores on WordPress sites. 245,000 Windows systems still vulnerable to BlueKeep RDP bug. Go...
SN 793: SAD DNS - Malicious Android Apps, Ransomware-as-a-Service
November 18, 2020 03:29 - 1 hour - 1.31 GB VideoMalicious Android apps, ransomware-as-a-service. Where do most malicious Android apps come from? SAD DNS is a revival of the classic DNS cache poisoning attack How many Ransomware-as-a-Service (RaaS) operations are there? Ragnar Locker ransomware gang takes out a Facebook ad Two more new 0-days revealed in Chrome Last Tuesday, Microsoft fixed 112 known vulnerabilities in Microsoft products We invite you to read our show notes at https://www.grc.com/sn/SN-793-Notes.pdf Hosts: Steve ...
SN 792: NAT Firewall Bypass - SlipStream NAT Firewall Bypass, MS Police Use Ring Doorbell Cams
November 11, 2020 02:30 - 1 hour - 1.25 GB VideoSlipStream NAT firewall bypass, MS Police use Ring doorbell cams. Let's Encrypt's cross-signed root expires next year Chrome updates on Windows, macOS, Linux, and Android to remove 0-day vulnerability Mattel, Compel, Capcom, and Campari fall to ransomware attacks iOS 14.2 fixes three 0-day vulnerabilities Introducing the Tianfu Cup: China's version of the Pwn2Own hacker competition November's Patch Tuesday The Great Encryption Dilemma hits Europe Ring Doorbells to be tapped in a tr...
SN 791: Google's Root Program - Google One VPN, WordPress Update Fail, Windows 7 0-Day
November 04, 2020 02:00 - 1 hour - 1.13 GB VideoGoogle One VPN, WordPress update fail, Windows 7 0-Day. A new 0-day in Win7 through Win10 A public service reminder from Microsoft Google One adding an Android VPN Vulnonym: Stop the Naming Madness! WordPress fumbles an important update Chrome's Root Program We invite you to read our show notes at https://www.grc.com/sn/SN-791-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Secu...
SN 790: Top 25 Vulnerabilities - Chrome 0-Day, Edge for Linux, WordPress Loginizer
October 28, 2020 01:00 - 1 hour - 1.1 GB VideoChrome 0-Day, Edge for Linux, WordPress Loginizer. Top 25 Vulnerabilities Critical 0-day in Chrome Chrome 86 is now blocking slippery notifications Site Isolation coming soon to Firefox Microsoft's Chredge for Linux WordPress Loginizer vulnerability We invite you to read our show notes at https://www.grc.com/sn/SN-790-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now!...
SN 789: Anatomy of a Ryuk Attack - Zoom End-to-End Encryption, Windows 10 God Mode, Manifest v3
October 21, 2020 00:30 - 1 hour - 1.11 GB VideoZoom end-to-end encryption, Windows 10 god mode, Manifest v3. Last Wednesday, Zoom announced that THIS week their 30-evaluation of end-to-end encrypted video conferencing would begin How to enable Windows 10 "God Mode" Edge to be updated with browser extensions "Manifest v3" Last Tuesday Microsoft issued fixes for 87 security vulnerabilities - so, yeah, it was a slow month... Your SonicWall Network Security Appliance (NSA) MUST be patched now! Microsoft's two out-of-cycle patches An...
SN 788: Well Known URI's - Carnival Cruise Hack, ZeroLogon, Five Eyes vs Encryption
October 14, 2020 01:00 - 2 hours - 1.38 GB VideoCarnival Cruise hack, ZeroLogon, Five Eyes vs Encryption. Chrome gets 86'd! Carnival Cruise Line Hack The largest company you've never heard of gets hit by ransomware hackers No connection logs? In France, you go to jail! Hacking the Apple ZeroLogon, the FBI, DHS and our forthcoming election security The revenge of DNT, as GPC, now enhanced with legislation The Anti-E2EE drumbeat beats yet again We invite you to read our show notes at https://www.grc.com/sn/SN-788-Notes.pdf Hosts...
SN 787: Why Win7 Lives On - Android Security, Windows 7 Security, Microsoft Defender
October 07, 2020 01:00 - 1 hour - 1.16 GB VideoAndroid Security, Windows 7 Security, Microsoft Defender. Google to get even more proactive about Android security Why are people sticking with Windows 7? And Google funds a JavaScript research engine Microsoft Defender gets in Vitro Updating WSL 2 (Windows Subsystem for Linux v2) completely bypasses the hosting Windows 10 firewall Most Microsoft Exchange Servers remain unpatched after 9 eight months! Cloudflare has just added a free web API firewall service for all customers US De...
SN 786: ZeroLogon++ - Amazon Flying Security Cam, ZeroLogon on GitHub, Ransomware Roundup
September 30, 2020 01:00 - 2 hours - 1.3 GB VideoAmazon flying security cam, ZeroLogon on GitHub, ransomware roundup. What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam Evil ransomware gang deposited $1 million of bitcoin in a hacker recruitment drive Over this past weekend, Universal Health Services was hit by a huge Ryuk ransomware One week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search results Security Fixes in Chrome's v85.0.4183.121 R...
SN 785: Formal Verification - iOS 14 & Android 11 Security Features, DuckDuckGo Gets Big
September 23, 2020 03:53 - 1 hour - 1.34 GB VideoiOS 14 & Android 11 security features, DuckDuckGo gets big. The most important iOS 14 privacy & security features All of Android 11's new privacy & security features DuckDuckGo usage growth goes exponential LAN attack bug fixed in Firefox 79 for Android Goodbye Forever Firefox Send and Notes... Oh, how we loved ye Microsoft's catastrophic Zerologon vulnerability Why we're headed toward formal verification of security protocols We invite you to read our show notes at https://www.grc...
SN 784: BlindSide & BLURtooth - Chrome vs Abusive Ads, Patch Tuesday Palooza
September 16, 2020 00:00 - 1 hour - 1.04 GB VideoChrome vs abusive ads, patch Tuesday palooza. BlindSide and BLURtooth Chrome gets tough on abusive ads The last hurrah for IE & Flash exploits Chromium Edge on Win10: Forcing the issue Edge enables "Ask me..." for each download Patch Tuesday Palooza! Excessive SSD Defragging also fixed The WordPress File Manager flaw... two weeks downstream Zoom... now with 2FA New Raccoon attack We invite you to read our show notes at https://www.grc.com/sn/SN-784-Notes.pdf Hosts: Steve Gibson...
SN 783: IoT Isolation Strategies - Isolate Your IoT Devices, Threema Goes Open-Source
September 09, 2020 02:54 - 2 hours - 1.32 GB VideoIsolate your IoT devices, Threema goes open-source. IoT Isolation Strategies DoH coming to Chrome for Android Bye Bye Drive-By Downloads Threema goes Open-Source WordPress File Manage 0-day flaw Facebook's new VDP — Vulnerability Disclosure Policy Facebook's new "WhatsApp Security Advisories" page The Tor Project Membership Program Intel's latest microcode patches We invite you to read our show notes at https://www.grc.com/sn/SN-783-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 782: I Know What You Did Last Summer - Russian Tries to Hack Tesla, Web Browser History Research
September 02, 2020 01:00 - 1 hour - 968 MB VideoRussian tries to hack Tesla, web browser history research. Chrome 85 security features Russian Attempts to Cyber Attack Tesla More EMV Standard monetary transaction method problems Watch this video on Covid testing I Know What You Did Last Summer: research on web browsing histories We invite you to read our show notes at https://www.grc.com/sn/SN-782-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can su...
SN 781: SpiKey - Ransomware Hits Jack Daniel's, Iranian Script-Kiddies, How Ransomware Happens
August 26, 2020 01:30 - 2 hours - 1.07 GB VideoRansomware hits Jack Daniel's, Iranian Script-Kiddies, how ransomware happens. SpiKey: using the sound of a key to determine its shape What do The University of Utah, Jack Daniel's Whiskey, and Carnival Cruise Lines all have in common? Ransomware A Remote Code Execution in Chrome's WebGL How ransomware happens: email phishing, remote desktop protocol compromise, and software vulnerability Emergency Windows update! Iranian script-kiddies using RDP to deploy Dharma ransomware The Zero...
SN 780: Microsoft's 0-Day Folly - Microsoft Acts Badly, Canon Ransomware, Mozilla Tries to Pivot
August 19, 2020 00:30 - 2 hours - 1.47 GB VideoMicrosoft acts badly, Canon ransomware, Mozilla tries to pivot. When Microsoft doesn't act responsibly: Parts 1 and 2 Snap Your Dragon / "Achilles: Small Chip, Big Peril" 3rd largest Patch Tuesday ever Mozilla pivoting to VPN, future uncertain The other ransomware shoe drops at Canon Software glitch in California's COVID case reporting Threema gets E2EE Video Calls We invite you to read our show notes at https://www.grc.com/sn/SN-780-Notes.pdf Hosts: Steve Gibson and Leo Laporte ...
SN 779: Geneva - Great Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned
August 12, 2020 01:00 - 2 hours - 1.19 GB VideoGreat Firewall Of China, Black Hat/DEFCON 2020, Have I Been Pwned. It's Patch Tuesday! News from Black Hat / DEFCON 2020 Generalizing Speculative Execution Vulnerabilities Canon hit by the Maze ransomware A vBulletin Emergency DoH for Win10 Troy Hunt Hasn't Been Pwned Geneva: China's Great Firewall Tightens We invite you to read our show notes at https://www.grc.com/sn/SN-779-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/sho...
SN 778: BootHole - Twitter Hackers Arrested, Garmin Hackers Get Ransom
August 05, 2020 03:00 - 2 hours - 1.11 GB VideoTwitter hackers arrested, Garmin hackers get ransom. Vitamin D fights death by Covid Firefox is now at v79 Twitter hackers arrested Garmin hackers rewarded Tor and Dr. Krawetz Dropping 0Days Blocking Tor Connections the Smart Way Enabling Zoom Meeting Hacking Another SHA-1 Deprecation QNAP and QSnatch BootHole We invite you to read our show notes at https://www.grc.com/sn/SN-778-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv...
SN 777: rwxrwxrwx - Garmin Outage, Twitter Hack Update, GnuTLS
July 29, 2020 00:30 - 1 hour - 1.2 GB VideoF5 Networks "Big-IP" devices in Big-Trouble Twitter bitcoin hack update GnuTLS vs OpenSSL The Garmin outage then and now Cisco's latest trouble Surprising SpinRite results We invite you to read our show notes at https://www.grc.com/sn/SN-777-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including...
SN 776: A Tale of Two Counterfeits - Twitter Hack, Cloudflare Outage, Zoom's Vanity URL Flaw
July 22, 2020 00:30 - 1 hour - 1.21 GB VideoHere's how Twitter was hacked. How can we prevent the next Twitter hack? Cloudflare outage takes out huge swath of American internet, including Down Detector. All internet got sent to Atlanta. Zoom's vanity URL flaw: when is a "zero day" not a zero day? Not all VPNs are created equal. Apple updated its iOS and macOS with a handful of useful security patches. SigRed: "This is not just another vulnerability." And speaking of last week's July Patch Tuesday... "Firefox Send" is still not...
SN 775: Tsunami - EARN IT is Still Evil, Google Tsunami
July 15, 2020 00:00 - 1 hour - 1.13 GB VideoEARN IT is still evil, Google tsunami. Mozilla suspends "Send" due to persistent malware abuse Zoom fixed a new RCE affecting Windows 7 and earlier systems The EARN IT bill, take II is still just as bad as the original Google bans ads on stalkerware A Chinese Internet equipment vendor in the hot seat Locating hidden drone operators Rampant Router Insecurities Tsunami: Google's open-source enterprise network vulnerability scanner We invite you to read our show notes at https://www.g...
SN 775: Tsunami
July 15, 2020 00:00 - 1 hour - 1.13 GB VideoEARN IT is still evil, Google tsunami. Mozilla suspends "Send" due to persistent malware abuse Zoom fixed a new RCE affecting Windows 7 and earlier systems The EARN IT bill, take II is still just as bad as the original Google bans ads on stalkerware A Chinese Internet equipment vendor in the hot seat Locating hidden drone operators Rampant Router Insecurities Tsunami: Google's open-source enterprise network vulnerability scanner We invite you to read our show notes at https://www.g...
SN 774: 123456
July 08, 2020 00:30 - 1 hour - 1.29 GB VideoBoston bans face recognition, bad passwords. Boston bans facial recognition 123456 is still the most popular password iOS 14 catches Linked-In, Tik Tok, and others red handed! US-CERT notes two Emergency Windows Updates HackerOne shares their top 10 public bug bounty programs Sony launches PlayStation bug bounty program with rewards of $50K+ F5 Networks patches a highest-severity vulnerability We invite you to read our show notes at https://www.grc.com/sn/SN-774-Notes.pdf Hosts: St...
SN 774: 123456 - Boston Bans Face Recognition, Bad Passwords
July 08, 2020 00:30 - 1 hour - 1.29 GB VideoBoston bans face recognition, bad passwords. Boston bans facial recognition 123456 is still the most popular password iOS 14 catches Linked-In, Tik Tok, and others red handed! US-CERT notes two Emergency Windows Updates HackerOne shares their top 10 public bug bounty programs Sony launches PlayStation bug bounty program with rewards of $50K+ F5 Networks patches a highest-severity vulnerability We invite you to read our show notes at https://www.grc.com/sn/SN-774-Notes.pdf Hosts: St...
SN 773: Ripple20 Too - Congress Wants to Kill Encryption & Face Recognition
July 01, 2020 00:30 - 1 hour - 1020 MB VideoCongress wants to kill encryption & face recognition. New information about Ripple20 The Facial Recognition and Biometric Technology Moratorium Act wants to kill face recognition The Lawful Access to Encrypted Data Act wants to kill encryption Michigan State's legislative House passed the "Microchip Protection Act" Apple forces the industry down to one-year web browser certificate lifespans Safari to eschew 16 new web API's for the sake of user privacy Apple also got on the DoH & DoT...
SN 773: Ripple20 Too
July 01, 2020 00:30 - 1 hour - 1020 MB VideoCongress wants to kill encryption & face recognition. New information about Ripple20 The Facial Recognition and Biometric Technology Moratorium Act wants to kill face recognition The Lawful Access to Encrypted Data Act wants to kill encryption Michigan State's legislative House passed the "Microchip Protection Act" Apple forces the industry down to one-year web browser certificate lifespans Safari to eschew 16 new web API's for the sake of user privacy Apple also got on the DoH & DoT...
SN 772: Ripple20 - Zoom Encryption, Windows 10 Printer Error
June 24, 2020 01:00 - 2 hours - 1.22 GB VideoZoom encryption, Windows 10 printer error. Ripple20: a set of 19 TCP/IP vulnerabilities that could let remote attackers gain control over your device Russian government lifts its failed ban on Telegram Zoom: everybody gets optional end to end encryption Google removed 106 malicious Chrome extensions collecting sensitive user data Windows 10 update breaks printing VLC Media Player 3.0.11 fixes severe remote code execution flaw Netgear in the doghouse DDoS is alive and well... and gro...
SN 772: Ripple20
June 24, 2020 01:00 - 2 hours - 1.22 GB VideoZoom encryption, Windows 10 printer error. Ripple20: a set of 19 TCP/IP vulnerabilities that could let remote attackers gain control over your device Russian government lifts its failed ban on Telegram Zoom: everybody gets optional end to end encryption Google removed 106 malicious Chrome extensions collecting sensitive user data Windows 10 update breaks printing VLC Media Player 3.0.11 fixes severe remote code execution flaw Netgear in the doghouse DDoS is alive and well... and gro...
SN 771: Lamphone - Windows Update Kills Printers & SSDs
June 17, 2020 00:00 - 1 hour - 1.1 GB VideoWindows update kills printers & SSDs. Lamphone: eavesdrop on a hanging lightbulb Brave Browser caught and chastised for tweaking user-entered URLs for its benefit Microsoft breaks its own record for Patch Tuesday patches TFW Windows 10 loses your printer port Last week's Patch Tuesday broke ALL PRINTING (even to PDFs) for many users. Fix won't come for a month Windows 10 2004 update is messing up SSDs and non-SSDs SMBleed Subject: Your Site Has Been Hacked Authentic database ransom...
SN 771: Lamphone
June 17, 2020 00:00 - 1 hour - 1.1 GB VideoWindows update kills printers & SSDs. Lamphone: eavesdrop on a hanging lightbulb Brave Browser caught and chastised for tweaking user-entered URLs for its benefit Microsoft breaks its own record for Patch Tuesday patches TFW Windows 10 loses your printer port Last week's Patch Tuesday broke ALL PRINTING (even to PDFs) for many users. Fix won't come for a month Windows 10 2004 update is messing up SSDs and non-SSDs SMBleed Subject: Your Site Has Been Hacked Authentic database ransom...
SN 770: Zoom's E2EE Debacle - Zoom's End-to-End Encryption Fail
June 10, 2020 02:00 - 1 hour - 1.05 GB VideoZoom's end-to-end encryption fail. Zoom will offer end-to-end encryption, but only if you pay for it IBM announces no more work on facial recognition The Odd Case of Mozilla's DoH DDoS Cisco's Talos group found two critical flaws in the Zoom client CallStranger UPnP bug has tech press in a tizzy Microsoft has started to replace old Edge with new Edge We invite you to read our show notes at https://www.grc.com/sn/SN-770-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subsc...
SN 770: Zoom's E2EE Debacle
June 10, 2020 02:00 - 1 hour - 1.05 GB VideoZoom's end-to-end encryption fail. Zoom will offer end-to-end encryption, but only if you pay for it IBM announces no more work on facial recognition The Odd Case of Mozilla's DoH DDoS Cisco's Talos group found two critical flaws in the Zoom client CallStranger UPnP bug has tech press in a tizzy Microsoft has started to replace old Edge with new Edge We invite you to read our show notes at https://www.grc.com/sn/SN-770-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subsc...
SN 769: Zoom's E2EE Design - Zoom Gets End-to-End Encryption
June 03, 2020 01:00 - 2 hours - 1.19 GB VideoZoom gets end-to-end encryption. ACLU takes Clearview to court, but maybe they should worry about their own website first The state of drive-by malvertising downloads Google will be bad listing notification abusing sites Who else is doing the eBay-like ThreatMetrix port scanning? Facebook to require identity verification for high impact posters Google Messaging is apparently heading toward E2EE The return of a much more worrisome StrandHogg The SHA-1 hash to finally be dropped from...
SN 769: Zoom's E2EE Design
June 03, 2020 01:00 - 2 hours - 1.19 GB VideoZoom gets end-to-end encryption. ACLU takes Clearview to court, but maybe they should worry about their own website first The state of drive-by malvertising downloads Google will be bad listing notification abusing sites Who else is doing the eBay-like ThreatMetrix port scanning? Facebook to require identity verification for high impact posters Google Messaging is apparently heading toward E2EE The return of a much more worrisome StrandHogg The SHA-1 hash to finally be dropped from...
SN 768: Contact Tracing Apps R.I.P. - Contact Tracing Apps Are Not Going to Work
May 27, 2020 02:33 - 1 hour - 1.2 GB VideoContact tracing apps are not going to work. Why contact tracing apps are never going to work Unc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice! Firefox 77 picks up a nifty new security trick New features in Chrome 83: cookie management, "Safety Check," blocking third-party cookies by default in Incognito mode, and "Tab Groups" Adobe rushes out four out-of-cycle emergency updates to fix security flaws Zerodium temporarily stops buying iOS remote cod...
SN 768: Contact Tracing Apps R.I.P.
May 27, 2020 02:33 - 1 hour - 1.2 GB VideoContact tracing apps are not going to work. Why contact tracing apps are never going to work Unc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice! Firefox 77 picks up a nifty new security trick New features in Chrome 83: cookie management, "Safety Check," blocking third-party cookies by default in Incognito mode, and "Tab Groups" Adobe rushes out four out-of-cycle emergency updates to fix security flaws Zerodium temporarily stops buying iOS remote cod...
SN 767: WiFi 6, Apple vs. FBI, Face Masks
May 20, 2020 00:00 - 2 hours - 1.39 GB VideoWiFi 6, Apple vs. FBI, face masks. Last Tuesday's Windows patch Tuesday was not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were rated CRITICAL and all but one of which enabled Remote Code Execution by an attacker. The DOJ and FBI again criticize Apple over encryption When is a fix not a fix? Face masks have thwarted the London police's LFR rollout Utah chooses to roll their own contact tracing ...
SN 767: WiFi 6
May 20, 2020 00:00 - 2 hours - 1.39 GB VideoWiFi 6, Apple vs. FBI, face masks. Last Tuesday's Windows patch Tuesday was not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were rated CRITICAL and all but one of which enabled Remote Code Execution by an attacker. The DOJ and FBI again criticize Apple over encryption When is a fix not a fix? Face masks have thwarted the London police's LFR rollout Utah chooses to roll their own contact tracing ...
SN 766: ThunderSpy
May 12, 2020 22:00 - 1 hour - 1.35 GB VideoThunderbolt security flaw, Zoom buys Keybase. Why the ThunderSpy Thunderbolt security flaw is such a big deal Zoom purchases Keybase to fix encryption Firefox 76 released with new features But Firefox 76 broke Amazon's Assistant! Hallelujah!! Edge moves to silence those annoying notification requests. Critical WordPress plugin bugs present on over one million sites Critical vBulletin patch Samsung has patched a CRITICAL bug affecting the past 6 years of Smartphones DefCon and Blac...
SN 765: An Authoritarian Internet?
May 06, 2020 02:00 - 1 hour - 1.64 GB VideoChina wants to rebuild the Internet. China's proposal to rebuild the internet is an authoritarian nightmare Bruce Schneier on COVID-19 Contact Tracing Apps Political Correctness hits cybersecurity DHS's CISA says no to 3rd-party DoH "POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers" An authorization bypass in SaltStack Adobe's Big Last Tuesday, Non-Patch Tuesday, Update Google has announced its impending clean-up of the Chrome Web Store...
SN 764: RPKI
April 28, 2020 21:40 - 1 hour - 1.25 GB VideoApple/Google Contact Tracing, Best VPNs to protect you. Apple/Google Contact Tracing Update iOS 0-Day Alert! Update Apple Mail Best VPNs to protect you from the Five Eyes TypoSquatting attacks Vitamin D linked to COVID-19 mortality Resource Public Key Infrastructure How BGP can break the Internet We invite you to read our show notes at https://www.grc.com/sn/SN-764-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-no...
SN 763: The COVID Effect
April 22, 2020 04:01 - 1 hour - 374 MB VideoZoom Fixes Security, EARN IT is Evil, Tor in Trouble Zoom gets big-name help with security fixes Google updates Chrome to v81.0.4044.113 to squash a critical flaw FTP in Chrome lives another day! Google "undepreciates" FTP. Windows Patch Tuesday for April 2020 fixes 113 vulnerabilities "Basic Authentication" lives another day! Due to COVID-19, Microsoft and Google will keep "Basic Authentication" around for a little while longer EARN IT Act: call your Senator before it is too late! T...
SN 762: Virus Contact Tracking
April 15, 2020 01:50 - 1 hour - 431 MB VideoApple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of Life Apple & Google Virus Contact Tracing: secure and effective Zoom gets another Zoom-bombing mitigation... and a Class-Action Lawsuit Meanwhile, Zoom has enlisted the aid of Alex Stamos Zoom creates a CISO Council What's next for Zoom? Browser Security News: Chrome 81 and Firefox 75 Android Apps Again in the Crosshairs Sandboxie goes Open Source RIP John Conway, creator of Conway's Game of Life We i...
SN 761: Zoom Go Boom
April 08, 2020 02:52 - 1 hour - 414 MB VideoZoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative! Mozilla just patched a pair of CRITICAL 0-days Eight security bugs eliminated from Chrome last week Safari gets a bunch of very important fixes Chrome and Edge join Mozilla in postponing the deprecation of TLS v1.0 and v1.1 Chrome team reversing themselves on the enforcement of Same Site cookies Edge with Vertical Tabs and Smart Cop...
SN 760: Folding Proteins
April 01, 2020 01:45 - 1 hour - 419 MB VideoiOS VPN bug, Coronavirus Folding@Home VPN bug in iOS 13.4 Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19. RDP and VPN use skyrocketing To 'www' or not to 'www' Firefox 76 to finally stop assuming "HTTP" Google again revises its schedule for Chrome releases Microsoft moves to support "Shadow Stacks" Cloudflare's 1.1.1.1 DNS is audited by KPMG We invite you to read our show notes at https://www.grc.com/sn/SN-760-Notes.pdf Hosts: Steve Gibson ...