Security Now (Video)
229 episodes - English - Latest episode: 5 days ago - ★★★★★ - 124 ratingsCybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
SN 759: TRRespass
March 24, 2020 22:10 - 1 hour - 434 MB VideoThis week's stories: Two new un-patched 0-days affecting billions of Windows users - here is the fix! Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirus A micropatch for Win7 and Server 2008 Chrome's release schedule has been impacted by the coronavirus Avast emergency-disables their internal JavaScript emulator CookieThief - "FireSheep evolves for the 21st century" PwnToOwn Spring 2020 winners Steve's coronavirus journey The fixes for RowHammer have ...
SN 758: The SMBGhost Fiasco
March 18, 2020 00:07 - 2 hours - 456 MB VideoThis Week's Stories: Does Steve have coronavirus? Maybe? He got very sick over the weekend and is still coughing, but he couldn't get tested. Mayhem ensues after last week's Patch Tuesday List of free technology services during coronavirus, from Adobe to Zoom The state of open source vulnerabilities The "EARN IT" act is a despicable attack on encryption and freedom of speech. Please call your congressperson and tell them not to support it. The SMBGhost Fiasco Hosts: Steve Gibso...
SN 757: The Fuzzy Bench
March 11, 2020 01:54 - 2 hours - 438 MB VideoThis Week's Stories Microsoft, Google, LogMeIn & Cisco offer limited-time free use of telecommuting Tools Hack the Pentagon! The Android security dilemma AMD processors get some unwelcome but necessary side-channel attack scrutiny Intel also has some serious new trouble on its hands SETI@home shuts down its distributed computing project after 21 years Critical PPP daemon flaw opens most Linux systems to remote hackers FuzzBench: fuzzer benchmarking as a service Hosts: Steve...
SN 756: Kr00k
March 04, 2020 04:08 - 2 hours - 481 MB VideoThis Week's Stories Lets Encrypt hits 1 BILLION certs Pakistan passes Internet censorship law Clearview AI breach: clients and searches stolen Swiss government submits criminal complaint over CIA Crypto spying scandal Ghostcat - (Apache) Tomcat Users: Update NOW! Revisiting OCSP Must Staple Kr00k: serious WiFi vulnerability affecting more than a billion devices Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You ...
SN 755: Apple's Cert Surprise
February 26, 2020 03:12 - 2 hours - 526 MB VideoThis Week's Security News: More Windows 10 lost profile pain A micropatch for the jscript.dll problem Coming in the next Feature Release (Win10 2004): optional device driver updates A new attack on 4G LTE and 5G Starting today: DoH by default on Firefox A new next-generation WebAssembly sandbox is coming first to Linux and Mac and then to Windows Chrome was just updated to close a 0-day attack Safari will only trust certificates with a validity of 398 days or less Hosts: St...
SN 754: The Internet of Troubles
February 19, 2020 03:04 - 1 hour - 380 MB VideoTWiT Audience Survey- ENDS FEBRUARY 19TH!!! It's time for TWiT's annual audience survey and we want to hear from you! It only takes five minutes. Please visit twit.tv/survey and let us know what you think. There's no sign-up form and we don't track you. Your feedback helps us make TWiT even better." This Week's Stories How to fix the Windows 7 "You don't have permission to shut down this computer." error Win10's "One Button PC Reset" fails after KB4524244. And, also... "The new disap...
SN 753: Promiscuous Cookies
February 12, 2020 03:03 - 1 hour - 480 MB VideoTwitter, Google, and Facebook tell Clearview AI to stop stealing your face to catch crooks The NIST is testing methods to recover data from smashed smartphones Whoa! We get to REMAIN with Security Essentials under Windows 7! Microsoft drops a fix for the wallpaper stretch black screen Windows 7 users are being told: "You don't have permission to shut down this computer." Win10 Firefox users being "reminded" about Edge Last week Google closed an Android RCE flaw in the BlueTooth...
SN 752: The Little Red Wagon
February 05, 2020 02:31 - 2 hours - 479 MB VideoThis Week's Stories: - L1D Eviction Sampling becomes "CacheOut" - Only one final version of Windows? - Windows 7 and the Free Software Foundation - Windows 7's final patch broke wallpaper stretching - RCE Exploit for Windows RDP Gateway Demoed by Researcher - Google more than doubles its own bug bounty record - The return of Roskomnadzor! - Facebook DID get fined, but not by Russia - who exactly owns our biometric data? - Avast Jumpshot missed the hoop - An Update on the WireGuar...
SN 751: SHAmbles
January 29, 2020 01:37 - 1 hour - 435 MB VideoThis Week's Stories: Is Apple actually encrypting our iCloud storage backups? 250 Million Microsoft Customer Support Records Exposed Online New York state is aiming to ban the use of public funds for Ransomware New Muhstik Botnet Attacks Target Tomato Routers Chrome under attack from browser extensions Firefox under attack from browser extensions NIST publishes a new Privacy Framework Hacker Leaks More Than 500K Telnet Credentials for IoT Devices A Welcome "Micro Patch" for the Win...
SN 748: Our Malware Lexicon
January 08, 2020 02:55 - 2 hours - 441 MB VideoThis Week's Stories The Deadly Seven top cybersecurity attacks Russia successfully cuts itself off from the rest of the internet. Love Wawa? Surprise! Your credit card has been stolen. Huge Point of Sale attack on all of Landry's restaurants, including Rainforest Cafe. Python 2.7 Reaches End of Life After 20 Years. HackerOne's 20 top bug bounty programs A proposed standard for making warrant canaries machine-readable Xiaomi IoT camera owners can watch other Xiaomi users' vid...
SN 747: The Year's Best
December 31, 2019 15:30 - 1 hour - 340 MB VideoThe best of Security Now from 2019. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
SN 746: A Decade of Hacks
December 24, 2019 00:21 - 1 hour - 367 MB VideoOn this Eve of 2020, we look back over the hacks of the past decade: The big news of 2010 was Stuxnet -- Boy did THAT make an impression Operation Aurora - the hack that changed Google The Sony Playstation Hack And then we have... Diginotar Edward Snowden The Target hack The Adobe hack Silk Road takedown Have I Been Pwned? The hack of Sony Pictures The hack of Mt. Gox Heartbleed RowHammer Ashley Madison data breach SIM swapping The Ukraine power grid hacks DNC hack Yahoo h...
SN 745: PlunderVolt
December 18, 2019 02:38 - 2 hours - 434 MB VideoThis Week's Stories: Google turns over 1500 users' location data to catch Milwaukee arsonist Android's Messenger app offers its users verified SMS messaging conversations with supporting companies US Senate Judiciary Committee threatens Apple and Facebook Apple's iOS v13.3 adds support for hardware key dongle authentication in Safari Patch Tuesday shuts down a widespread elevation of privilege vulnerability Researchers discover prime factor collisions in active RSA certificates ...
SN 744: VPN-geddon Denied
December 11, 2019 03:56 - 1 hour - 360 MB VideoThis Week's Stories Microsoft has started forcing feature updates on people who don't want them. Bypass to continue obtaining Win7 updates created. Microsoft's Project Verona continues moving forward. Microsoft's RDP client for iOS is back. Avast / AVG in the doghouse. Making a mountain out of a VPN molehill. We invite you to read our show notes at https://www.grc.com/sn/SN-744-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows...
SN 743: Android “StrandHogg”
December 04, 2019 03:18 - 2 hours - 478 MB VideoThis Week's Stories Everyone can still upgrade to Windows 10 for free with this trick HP SSDs fail after 32768 hours The EU is not happy about a possible US encryption ban US government's formal permission to hack 110 nursing homes have been crippled by a ransomware attack Firefox is seriously pushing back on tracking signal leakage New problems with Windows DLLs The StrandHogg vulnerability We invite you to read our show notes at https://www.grc.com/sn/SN-743-Notes.pdf Hosts: Ste...
SN 742: Pushing "DoH"
November 27, 2019 03:40 - 2 hours - 410 MB VideoThe future of the Linux kernel underneath the Android OS Inherent challenges presented by the nature of the Android ecosystem VNC users: Time to update! A welcome change to Twitter & SMS-based 2FA A "foregone conclusion" to law enforcement's strategy to force password divulgence Pre-announcement from Microsoft about DNS Details of the emerging DoH protocol We invite you to read our show notes at https://www.grc.com/sn/SN-742-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or...
SN 741: TPM-FAIL
November 20, 2019 03:42 - 2 hours - 469 MB VideoNovember's Patch Tuesday is the antepenultimate free Windows 7 update CheckM8 & https://Checkra.in GitHub launches Security Lab to boost open-source security Warrantless searches of devices at US borders were just ruled unconstitutional Another WhatsApp bug lets hackers quietly install spyware on your device ZombieLoad v2 The ByteCode Alliance http://tpm.fail/ We invite you to read our show notes at https://www.grc.com/sn/SN-741-Notes.pdf Hosts: Steve Gibson and Leo Laporte Downlo...
SN 740: Credential Delegation
November 13, 2019 03:04 - 2 hours - 418 MB VideoCheckM8 & Checkra.in moves to first public beta The case of the misbehaving transducer BlueKeep and Microsoft BlueKeep and BSODs BlueKeep and Marcus Hutchins Mozilla on DoH -vs- COMCAST Yet another approach for solving the problem of certificate revocation within a more limited scope. We invite you to read our show notes at https://www.grc.com/sn/SN-740-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can ...
SN 739: DOH and Bluekeep
November 06, 2019 02:44 - 1 hour - 371 MB VideoOctober's Windows Patch Tuesday BROKE Windows' ability to connect to a significant number of the Internet's websites. Here's how to fix it. Chrome 78 disables Code Integrity Check to mitigate "Aw Snap!" crashes. "Chrome 78 patches a Chrome 0-day which had been discovered by Kaspersky being exploited in the wild." News from the Edge: the first Chromium-based Microsoft Edge Stable Release Candidate. Microarchitectural Data Sampling Vulnerabilities. Trouble for QNAP NAS devices exposed to...
SN 738: A Foregone Conclusion
October 30, 2019 02:07 - 2 hours - 378 MB VideoThis Week's Stories 3rd-party antivirus strikes again Windows Defender offline scan Adobe databases hacked Johannesburg hit by ransomware Firefox's anti-tracking effectiveness Bad new PHP/NGINX RCE being exploited in the wild Goodbye SMS (maybe kinda) Hello RCS? Forced Password Disclosure We invite you to read our show notes: https://www.grc.com/sn/SN-738-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You ...
SN 737: Biometric Mess
October 23, 2019 01:24 - 2 hours - 433 MB VideoPixel 4 Face Unlock is so easy you can do it with your eyes closed! Samsung Galaxy S10 and Note 10 fingerprint sensor can be foiled with a $3 screen protector. The frenzy to turn CheckM8 into a consumer-friendly iOS jailbreak. Steganography finds a new host file format. Security display changes are coming to Firefox 70. More on Microsoft's open source "ElectionGuard" election security system. A potentially serious flaw found in Realtek WiFi drivers. Yubikey for local Windows l...
SN 736: CheckM8
October 16, 2019 03:12 - 1 hour - 436 MB VideoThis week's stories A sobering reminder about supply chain attacks Facebook's stance on end-to-end encryption raises official protests UNIX's Co-Creator Ken Thompson's BSD UNIX Password Has Finally Been Cracked Japanese stalker finds idol using reflections in her eyes Americans and Digital Knowledge OpenPGP being built into Mozilla's Thunderbird eMail client Windows 10 Tamper Protection being enabled by default CheckM8 We invite you to read our show notes at https://www.grc.com/sn/...
SN 735: Makes Ya WannaCry
October 09, 2019 03:05 - 2 hours - 398 MB VideoRansomware hits schools, hospitals, and hearing aid manufacturers Sodinokibi: the latest advances in Ransomware-as-a-Service Win7 Extended Security Updates are extended A new Nasty 0-Day RCE in vBulletin There's a new WannaCry in town We invite you to read our show notes at https://www.grc.com/sn/SN-735-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Fee...
SN 734: The Joy of Sync
October 02, 2019 01:00 - 2 hours - 374 MB VideoThis Week's Stories The latest state-of-the-art secure solutions for cross-device, cross-location device synchronization Mozilla's recently announced plans to gradually and carefully bring DNS-over-HTTPS to all Firefox users in the US The EFF weighs in on DNS-over-HTTPS The 100% free VPN offering coming from our friends at Cloudflare We invite you to read our show notes at https://www.grc.com/sn/SN-734-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show a...
SN 733: Top 25 Bug Classes
September 25, 2019 00:46 - 1 hour - 329 MB VideoThis Week's Stories: Cryptomining makes a comeback The top three most attacked ports Small office/home office (SOHO) routers and wireless access points: "SOHOpelessly Broken" Chrome gets an emergency update, to 77.0.3865.90 2019 CWE Top 25 Most Dangerous Software Errors We invite you to read our show notes at https://www.grc.com/sn/SN-733-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question...
SN 732: SIM Jacking
September 18, 2019 02:58 - 1 hour - 301 MB VideoThis Week's Stories SIMjacker allows attackers to hijack any phone just by sending it an SMS message. Here comes iOS "Lucky" 13! Chrome follows Mozilla to DoH with a twist. Want to enable DoH in Chrome right now? You can, right now, if you wish. Chrome stops showing Extended Validation certs in the URL bar. Mozilla launches 'Firefox Private Network' VPN service as a browser extension. Windows Patch Tuesday redux Chrome Remote Desktop EXIM eMail servers are in trouble again. We inv...
SN 731: DeepFakes
September 10, 2019 01:45 - 1 hour - 405 MB VideoThis week's stories: Get rich quick spotting deepfakes! A forced two-day recess of all schools in Flagstaff, Arizona The case of a ransomware operator being too greedy Apple's controversial response to Google's discovery of Chinese iOS hacks Zerodium's new payout schedule and what it might mean. The final full public disclosure of BlueKeep exploitation code Serious PHP flaws, some potentially serious flaws found We invite you to read our show notes at https://www.grc.com/sn/SN-731-N...
SN 730: The Ransomware Epidemic
September 04, 2019 01:38 - 1 hour - 369 MB VideoThis Week's Stories: Google expands its bug bounty program New bug bounty millionaires Google's Project Zero group dropped a bomb on iOS Ransomware attacks on local governments and businesses are on the rise We invite you to read our show notes at https://www.grc.com/sn/SN-730-Notes.pdf If you're in Boston on October 3rd, join LastPass and TWiT.tv for the Cybersecurity & Identity Trends, Unlocked event. Sign up at http://twit.to/unlocked Hosts: Steve Gibson and Leo Laporte Download...
SN 729: Next Gen Ad Privacy
August 28, 2019 02:45 - 2 hours - 423 MB Video• Texas Ransomware Update • Remember that Kazakhstan cert? • The mixed-blessing of "wide open" source projects • RubyGems is in trouble again • Chrome to add data breach notification • iOS v12.4 updated quickly to 12.4.1 • Next-gen ad privacy We invite you to read our show notes at https://www.grc.com/sn/SN-729-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Fee...