Security Now (Video) artwork

Security Now (Video)

205 episodes - English - Latest episode: 2 days ago - ★★★★★ - 82 ratings

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Tech News News Technology twit technology steve gibson leo laporte security spyware malware hacking cyber crime encryption
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Episodes

SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

March 27, 2024 01:22 - 2.41 KB Video

Apple vs U.S. DoJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://ww...

SN 966: Morris The Second - Voyager 1, The Web Turns 35

March 20, 2024 00:03 - 2 hours - 1.65 GB Video

Voyager 1 update The Web turned 35 and Dad is disappointed Automakers sharing driving data with insurance companies A flaw in Passkey thinking Passkeys vs 2fa Sharing accounts with Passkeys Passkeys vs. Passwords/MFA Workaround to sites that block anonymous email addresses Open Bounty programs on HackerOne Steve on Twitter Ways to disclose bugs publicly Security by obscurity Something you have/know/are vs Passkeys Passkeys vs TOTP Inspecting Chrome extensions Passkey transpor...

SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

March 13, 2024 00:47 - 2 hours - 1.84 GB Video

VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://ww...

SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

March 06, 2024 00:13 - 2 hours - 1.7 GB Video

"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer Cory Doctorow's Visions of the Future Humble Book Bundle CTRL-K shortcut for search on a browser Direct bootable image downloading for GRC's servers Closing the loop on compromised emails Taco Bell's passwordless app A solution for Bcrypt's password length limit of 72 bytes Data as the missing piece for law enforcement and privacy advocates The token solution for email-only login Apple's Password Manager ...

SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted

February 28, 2024 01:48 - 2 hours - 1.6 GB Video

Nevada attempts to block Meta's end-to-end encryption for minors. A survey of security breaches Edge's Super-Duper Secure Mode moves into Chrome DoorDash dashes our privacy Avast charged $16.5 million for selling user browsing data No charge for extra logging! European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members LockBit RaaS group disrupted Firefox v123 The ScreenConnect Authentication Bypass SpinRite upda...

SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

February 21, 2024 02:02 - 2 hours - 1.72 GB Video

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve ...

SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

February 14, 2024 01:54 - 2 hours - 1.58 GB Video

Toothbrush Botnet "There are too many damn Honeypots!" Remotely accessing your home network securely Going passwordless as an ecommerce site Facebook "old password" reminders Browsers on iOS More UPnP Issues A password for every website? "Free" accounts Keeping phones plugged in Running your own email server in 2024 iOS app sizes SpinRite 6.1 running on an iMac SpinRite update Bitlocker's encryption cracked in minutes Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf Host...

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

February 07, 2024 02:11 - 2 hours - 1.59 GB Video

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers ...

SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

January 31, 2024 02:28 - 2 hours - 1.75 GB Video

iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being paid Verified Camera Images More on the $15/month flashlight app What happens when apps change publishers Microsoft hating on Firefox Credit Karma is storing 1GB of data on the iPhone Staying on Windows 7 Sci-Fi recommendations Windows 7 and HSTS s...

SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results

January 24, 2024 02:37 - 2 hours - 1.73 GB Video

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack US Health and Human Services Breached Firefox vs "The Competition" Brave reduces its anti-fingerprinting protections CISA's proactive policing results one year later Longer Life For Samsung Updates Google Incognito Mode "Misunderstanding" Show Doc Not showing images on iOS Safari Generated AI Media Authentication Which computer languages to learn? Flashlight app subscription Google's Privacy Sandbox ...

SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles

January 17, 2024 01:27 - 1 hour - 1.35 GB Video

What would an IoT device look like that HAD been taken over? And speaking of DDoS attacks Trouble in the Quantum Crypto world The Browser Monoculture Question about the Apple backdoor Getting into infosec proton drive vs sync SpinRite update The Protected Audience API Show Notes - https://www.grc.com/sn/SN-957-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit...

SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass

January 10, 2024 02:14 - 1 hour - 1.45 GB Video

More on Apple's hardware backdoor Russian Hacking of Ukranian cameras Russian hackers were inside Ukraine telecoms giant for months Things are still a mess at 23andMe CoinsPaid was the victim of another cyberattack Crypto Hacking in 2023 Mandiant Twitter scam Defining "cyber warfare" LastPass is making some changes Windows Watch Google settles $5 billion lawsuit Return Oriented Programming Shutting Down Edge Root Certificates Credit freezing SpinRite Update Show Notes - http...

SN 955: The Mystery of CVE-2023-38606 - SpinRite Update, Nebula Mesh, Apple's Backdoor

January 03, 2024 02:20 - 1 hour - 1.44 GB Video

SpinRite 6.1 update Pruning Root Certificates A solution to Schrodinger's Bowl DNS Benchmark and anti-virus tools Nebula Mesh SpinRite 7 is coming The Mystery of CVE-2023-38606 Show Notes - https://www.grc.com/sn/SN-955-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps ...

SN 954: Best of 2023 - Security Now's Best Moments of 2023

December 26, 2023 18:30 - 1 hour - 1.25 GB Video

Leo looks back at the year's top security stories of 2023. Steve's Next Password Manager After the LastPass Hack CHESS is Safe Here Come the Fake AI-generated "News" Sites How Bad Guys Use Satellites Microsoft's "Culture of Toxic Obfuscation" Steve announces his commitment to SN Apple Says No NSA's Decade of Huawei Hacking ValiDrive announcement Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at http...

SN 953: Active Listening - KOSA, Cloudflare's Numbers, SpinRite Update

December 20, 2023 02:10 - 2 hours - 1.54 GB Video

Child protection legislation in the US Meta pushes back on the $200 billion FTC fine for COPPA violation Age verification on the internet Google moving from 3rd party cookies to topics A look at Cloudflare's metrics SpinRite update Cox Media admits that it spys on you Show Notes - https://www.grc.com/sn/SN-953-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.t...

SN 952: Quantum Computing Breakthrough - The Clear/Deep/Dark Web, Quad 9 victory, Telegram Flaw

December 13, 2023 02:24 - 2 hours - 1.59 GB Video

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthr...

SN 951: Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD

December 06, 2023 01:55 - 2 hours - 1.68 GB Video

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS) WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock Iranian hackers exploited default passwords in programmable logic controllers at US water facilities Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling Over 1 billion Android devices now have RCS messaging enabled EU Cyber Resilience Act will improve security of Internet of Things...

SN 950: Leo Turns 67 - Fingerprint Security, Do-Not-Track

November 29, 2023 01:50 - 2 hours - 1.69 GB Video

Adobe Flash Player Updater is (still) desperately trying to update Veracrypt password security Firefox moves to 120 with a bunch of very nice new features Do-Not-Track is back on track "ownCloud" -or- "PwnCloud" ? CrushFTP Critical Vulnerability Bypassing fingerprint authentication ApacheMQ TransUnion & Experian both hacked Show Notes - https://www.grc.com/sn/SN-950-Notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-n...

SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review

November 22, 2023 02:03 - 2 hours - 1.7 GB Video

Privacy and Funding Challenges Facing Signal Messaging App Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk Ransomware Group Files SEC Complaint Against Breached Company Europe Opening Up Radio Encryption Standard TETRA for Public Review Apple Announcing Adoption of RCS Messaging for iPhones Steve's Progress on Dynamic Code Signing for SpinRite Releases Removing Suction Cup Barnacles from Windshields Recommendations for Benchmarking USB Drive Read/Write Speeds ...

SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

November 15, 2023 02:46 - 2 hours - 1.69 GB Video

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog. No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption. Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft. Decentralized finance platform Raft lost $3.3M due to an exploit. Crook operated website iotaseed.io to generate wallet seed phrases, the...

SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

November 08, 2023 02:41 - 2 hours - 1.71 GB Video

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and...

SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

November 01, 2023 00:53 - 2 hours - 1.55 GB Video

What caused last week's connection interruption? Router was rebooting intermittently, but why? David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else. iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact. Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025. HackerOne breach bounties surpass $300M total payou...

SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

October 25, 2023 01:26 - 2 hours - 1.67 GB Video

How fake drives continue to be sold on Amazon despite negative reviews Microsoft is discontinuing support for the VBScript language The 30-year old NTLM authentication protocol will eventually be removed from Windows Two new vulnerabilities found in cURL A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices Debate over whether "lib" should rhyme with "vibe" or "air" Instructions for accessing the SpinRite 6.1 pre-release version Feedback on passkey exp...

SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

October 18, 2023 02:57 - 2 hours - 1.87 GB Video

ValiDrive release follow-up Passkeys exportability and phishing risk Passkeys for device verification like SSH keys Possibility of hobby browsers vs. production browsers Availability of SpinRite 6.1 pre-release Filling drives with crypto noise using VeraCrypt Steve and Leo's favorite OTP apps Google Docs link rewriting could be to prevent referrer leakage Abusing HTTP/2 Rapid Reset Show notes: https://www.grc.com/sn/SN-944-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or...

SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached

October 11, 2023 01:30 - 2 hours - 1.68 GB Video

Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue w...

SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

October 04, 2023 04:03 - 2 hours - 1.61 GB Video

Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk. Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware. Windows 11 now natively supports passkeys, though browser support may make this redundant. Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited. The ECH TLS extension encrypts the ClientHe...

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

September 27, 2023 01:18 - 2 hours - 1.87 GB Video

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language. China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden. A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords. The Signal messaging platform has added a post-quantum encry...

SN 940: When Hashes Collide - Secure-wipe best practices, browser identity segregation, bye bye Twitter (X)

September 20, 2023 01:34 - 2 hours - 1.61 GB Video

Last week's news about evidence of LastPass vault decryption targeting cryptocurrency keys, and the UK's backing down on its encryption monitoring legislation. How hardware security modules (HSMs) allow cryptographic operations like code signing without exposing private keys. Browser identity segregation using multiple profiles rather than separate browsers. Requirements and best practices for securely wiping data from modern solid state drives. A countdown clock for the 32-bit UNIX tim...

SN 893: Password Change Automation - Windows Update RSS, malicious kernal drivers, Signal SMS/MMS, ZimaBoard

October 19, 2022 01:59 - 1 hour - 2.41 KB Video

Picture of the Week. Microsoft "Won't Fix". Malicious Kernel Drivers. Microsoft has finally added an RSS feed for Windows Updates! Passkeys [dot] Dev. Largest DDoS attack. Signal will be dropping its SMS/MMS support. Brute-force protection for Windows local admin accounts. Other than that... SpinRite. Closing The Loop. xchg rax, rax and "xorpd" ZimaBoard Goodness. Password Change Automation. We invite you to read our show notes at https://www.grc.com/sn/SN-893-Notes.pdf Hosts...

SN 892: Source Port Randomization - Targeted Malware, Uber CSO Guilty

October 12, 2022 02:03 - 2 hours - 1.55 GB Video

Picture of the Week. Breach of Customer Information Meta-targeted Malware Uber's Chief Security Officer Found Guilty More Cryptocurrency Chaos The UK to drop GDPR Summer Internship with the NSA Many Incident Responders are Stressed Out Microsoft's newest dual 0-day Exchange Fumbles SpinRite news ZimaBoard Closing the Loop Source Port Randomization We invite you to read our show notes at https://www.grc.com/sn/SN-892-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or su...

SN 891: Poisoning Akamai - Turnstile vs CAPTCHA, Microsoft Teams Under Attack

October 05, 2022 01:57 - 1 hour - 1.51 GB Video

Picture of the Week. (What Could Possibly Go Wrong) Microsoft Teams - Unecessarily Insecure Roskomnadzor blocks Soundcloud Microsoft Exchange Server Under Attack Again I'm (Still) Not a Robot! Google TAG History Closing the Loop Poisoning Akamai We invite you to read our show notes at https://www.grc.com/sn/SN-891-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https...

SN 890: DarkNet Politics - EU and Google Analytics, Rockstar hacker busted, Mozilla says no fair

September 28, 2022 02:46 - 1 hour - 1.37 GB Video

Picture of the Week. Can't have it both ways. Denmark has become the fourth EU member to rule that the use of Google Analytics is illegal. Rockstar Games hacker is busted! Mozilla says: No fair! Vivaldi, Manifest V3, webRequest, and ad blockers. Sticky Chrome vulnerabilities. SMB authentication rate limiter now on by default in Windows Insider. US bill to secure FOSS software. Iran vs Albania. Closing The Loop. The Silver Ships. SpinRite. DarkNet Politics. We invite you to rea...

SN 889: Spell-Jacking - Cyber-Insurance, GTA 6 leak, MiraclePtr, CVSS9.8 for WordPress, Uber Oops!

September 21, 2022 01:46 - 1 hour - 1.4 GB Video

Picture of the Week. This is Patch News-Day. Lloyd's of London backing away from Cyber-Insurance. Uber Oops! Rockstar Games: Grand Theft Auto 6 Massive Leak. LastPass Breach Update. A CVSS 9.8 for WordPress. What cost, Security? Use-after-freedom: Google's "MiraclePtr" Closing The Loop. Spell-Jacking. We invite you to read our show notes at https://www.grc.com/sn/SN-889-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/sec...

SN 888: The EvilProxy Service - MooBot, Crypto Heist, Cyberwarfare, QNAP, The Silver Ships

September 14, 2022 04:03 - 2 hours - 1.57 GB Video

Picture of the Week. Cyberwarfare: Albania vs Iran. Crypto Heist — this or that. The White House "Tech Platform Accountability" Listening Session. Changes to the Dutch Intelligence Law. Another QNAP mess. D-Link's being taken over by MooBot. Sci-Fi Discovery: "The Silver Ships". Closing The Loop. The EvilProxy Service. We invite you to read our show notes at https://www.grc.com/sn/SN-888-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://...

SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

September 07, 2022 02:50 - 2 hours - 1.64 GB Video

Picture of the Week. Google's (newest) Open Source Software Vulnerability Rewards Program. Did TikTok leak 2.05 BILLION User Records? An urgent Chrome update patches new 0-day flaw. Permission-less Browser Clipboard Write. Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download. A Quantum Hype Bubble? All of the BlackHat 2022 Presentation Slides PDFs. Csurf NPM library mistake. SpinRite. Closing The Loop. Sci-Fi Discovery: "The Silver Ships" Embeddin...

SN 886: Wacky Data Exfiltration - LastPass breach, FTC Kochava lawsuit, Hikvision IoT mess

August 31, 2022 02:44 - 2 hours - 1.61 GB Video

Picture of the Week. LastPass Breached. The US Federal Trade Commission filed a lawsuit against data broker Kochava. The US Federal Communications Commission launched an investigation into mobile carriers' geolocation data practices. California, here I come! A conversation with a Ransomware Attacker. DuckDuckGo's Privacy-Enhanced eMail Forwarding. Another IoT mess care of "Hikvision" SpinRite. Closing The Loop. Wacky Data Exfiltration. We invite you to read our show notes at http...

SN 885: The Bumblebee Loader - RTL819x Exploit, RubyGems Update, Chrome's Fifth 0-Day of 2022

August 24, 2022 01:54 - 1 hour - 1.33 GB Video

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to t...

SN 884: TLS Private Key Leakage - BIG patch Tuesday, Facebook E2E encryption, VNC insecurity, Cyotek WebCopy

August 17, 2022 03:14 - 1 hour - 1.57 GB Video

Picture of the Week. Patch Flashback Tuesday. Facebook is cautiously creeping toward default E2E encryption. VNC's inherent insecurity. The need to control domain names. And speaking of backup: Cyotek WebCopy. Google's Ryan Sleevi Retweeted Jens Axboe. SandSara Update from Ed Cano. Closing The Loop. SpinRite. TLS Private Key Leakage. We invite you to read our show notes at https://www.grc.com/sn/SN-884-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this ...

SN 883: The Maker's Schedule - VirusTotal, Daniel Bernstein sues the NSA, Win 11 might damage encrypted data

August 10, 2022 02:40 - 1 hour - 1.49 GB Video

Picture of the Week. Crypto is Hard. VirusTotal: Deception at a scale. Windows 11 might damage encrypted data. Microsoft Defender External Attack Surface Management. Closing The Loop. Daniel Bernstein sues the NSA. The Maker's Schedule. We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/cl...

SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack

August 03, 2022 03:16 - 2 hours - 1.64 GB Video

Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subs...

SN 881: The MV720 - MS Office VBA macros, Win 11 security changes, start button failure

July 27, 2022 03:39 - 2 hours - 1.52 GB Video

Picture of the Week. Patch Tuesday Redux Redux. Windows 11 Start button failure. The continuing saga of Windows VBA macros. Windows 11 now blocks RDP brute-force attacks by default. Black Hat and DefCon coming soon. SpinRite. pfSense and TailScale. Closing The Loop. The MV720. We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes a...

SN 880: RetBleed - Facebook encrypted URLs, cracking Lockdown Mode, ClearView AI resistance, Roskomnadzor

July 20, 2022 02:15 - 1 hour - 1.54 GB Video

Picture of the Week. The Rolling Pwn, take II. The great IPv4 Address Space Depletion. Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet. Facebook has started encrypting its link URLs. Crack iOS 16's "Lockdown Mode", earn $2 million. ClearView AI faces some new headwind. Ransomware gangs are getting into the searchable database game, too... Roskomnadzor strikes again! Last Tuesday's Patches. SpinRite. Closing The Loop. RetBleed. We invite you to read o...

SN 879: The Rolling Pwn - OpenSSL patch, iOS Lockdown Mode, Yubikey's to Ukraine, Office Macros re-enabled

July 13, 2022 02:23 - 2 hours - 1.75 GB Video

 Picture of the Week.   OpenSSL's Patch For Heap Memory Corruption Vulnerability.   NIST Announces First Four Quantum-Resistant Cryptographic Algorithms.   Yubico donated 30,000 Yubikeys to Ukraine.   Apple's new extreme "Lockdown Mode".   Microsoft to re-enable Office Macros.   This Is the Code the FBI Used to Wiretap the World.   Closing The Loop.   The Rolling Pwn. We invite you to read our show notes at https://www.grc.com/sn/SN-879-Notes.pdf Hosts: Steve Gibson and Leo Laport...

SN 878: The ZuoRAT - 0-Day Chrome, Firefox v102, HackerOne

July 06, 2022 02:27 - 1 hour - 1.54 GB Video

 Picture of the week.  Chrome's fourth zero-day of 2022.  Mozilla's new Firefox privacy-enhancing feature.  HackerOne discloses a malicious insider incident.  Closing the loop.  The ZuoRAT. We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security...

SN 877: The "Hertzbleed" Attack - 3rd Party FIDO2, Log4Shell, '311" Proposal

June 28, 2022 21:57 - 2 hours - 1.93 GB Video

Picture of the Week. Errata: Firefox's "Total Cookie Protection" 3rd Party FIDO2 Authenticators Germany's not buying the EU's proposal which subverts encryption The Conti Gang have finally pulled the last plug Log4J and Log4Shell is alive and well The '311' emergency number proposal 56 Insecure-By-Design Vulnerabilities "Long Story Short" Closing The Loop The "Hertzbleed" Attack We invite you to read our show notes at https://www.grc.com/sn/SN-877-Notes.pdf Hosts: Steve Gibson a...

SN 876: Microsoft's Patchy Patches - 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies

June 22, 2022 01:00 - 2 hours - 1.79 GB Video

Picture of the Week. Double Decryption (Last week's key-strength puzzler). 3rd Party Authenticators. Firefox: Total Cookie Protection. We keep breaking DDoS attack records. MS-DFSNM. An Apple Safari regression. One Million WordPress sites force-updated. High-Severity RCE in Fastjson Library. Miscellany. Closing The Loop. Microsoft's Patchy Patches. We invite you to read our show notes at https://www.grc.com/sn/SN-876-Notes.pdf   Hosts: Steve Gibson and Leo Laporte Download o...

SN 875: The PACMAN Attack - WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation

June 15, 2022 01:30 - 2 hours - 1.66 GB Video

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/c...

SN 874: Passkeys, Take 2 - ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability

June 08, 2022 00:30 - 1 hour - 1.45 GB Video

Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874...

SN 873: DuckDuckGone? - Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD

June 01, 2022 01:00 - 2 hours - 1.65 GB Video

Picture of the Week. New South Wales DDL — Digital Driver's License. The latest Microsoft Office 0-day remote code execution vulnerability. GhostTouch. Vodafone's new TrustPiD. Closing the Loop. DuckDuckGone? We invite you to read our show notes at https://www.grc.com/sn/SN-873-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a ques...

SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1

May 25, 2022 00:30 - 1 hour - 1.59 GB Video

Picture of the Week. Emergency mid-cycle update for Active Directory. Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}. Clearview AI in Ukraine. Pwn2Own Vancouver 2022. The DoJ takes a welcome step back. Sometimes, unlocking can be too convenient. Closing The Loop. Dis-CONTI-nued: The End of Conti? We invite you to read our show notes at https://www.grc.com/sn/SN-872-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://...