Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo
What do you call "Stuxnet on steroids"??Voyager 1 updateAndroid 15 to quarantine appsThunderbird & Microsoft ExchangeChina bans Western encrypted messaging appsGentoo says "no" to AICars collecting diving dataFreezing your creditInvestopediaComputer Science AbstractionsLazy People vs. Secure SystemsActalis issues free S/MIME certificatesPIN EncryptionDRAM and GhostRaceAT&T Phishing ScamRace Conditions and Multi-core processorsAn Alternative to the Current Credit SystemSpinRite UpdatesChat (out of) ControlShow Notes - https://www.grc.com/sn/SN-971-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons
An update on the AT&T data breach340,000 social security numbers leakedCookie Notice ComplianceThe GDPR does enforce some transparencyPhysical router buttonsWifi enabled button pressersNetsecfish disclosure of Dlink NAS vulnerabilityChrome bloatSpinRite updateGhostRaceShow Notes - https://www.grc.com/sn/SN-970-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit vanta.com/SECURITYNOW 1bigthink.com
SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense
Out-of-support DLink NAS devices contain hard coded backdoor credentialsPrivnote is not so "Priv"Crowdfense is willing to pay millionsEngineers Pinpoint Cause of Voyager 1 Issue, Are Working on SolutionSpinRite UpdateMinimum Viable Secure ProductShow Notes - https://www.grc.com/sn/SN-969-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI business.eset.com/twit lookout.com joindeleteme.com/twit promo code TWIT
SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach
A near-Universal (Local) Linux Elevation of Privilege vulnerabilityTechCrunch informed AT&T of a 5 year old data breachSignal to get very useful cloud backupsTelegram to allow restricted incomingHP exits Russia ahead of scheduleAdvertisers are heavier users of Ad Blockers than average Americans!The Google Incognito Mode LawsuitCanonical fights malicious Ubuntu store appsSpinrite updateA Cautionary TaleShow Notes - https://www.grc.com/sn/SN-968-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com kolide.com/securitynow Melissa.com/twit vanta.com/SECURITYNOW
SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
Apple vs U.S. DoJG.M.'s Unbelievably Horrible Driver Data Sharing EndsSuper Sushi SamuraiApple has effectively abandoned HomeKit Secure RoutersThe forthcoming ".INTERNAL" TLDThe United Nations vs AI.Telegram now blocked throughout SpainVancouver Pwn2Own 2024China warns of incoming hacksAnnual Tax Season Phishing DelugeSpinRite updateAuthentication without a phoneAre Passkeys quantum safe?GoFetch: The Unpatchable vulnerability in Apple chipsShow Notes - https://www.grc.com/sn/SN-967-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow
SN 966: Morris The Second - Voyager 1, The Web Turns 35
Voyager 1 updateThe Web turned 35 and Dad is disappointedAutomakers sharing driving data with insurance companiesA flaw in Passkey thinkingPasskeys vs 2faSharing accounts with PasskeysPasskyes vs. Passwords/MFAWorkaround to sites that block anonymous email addressesOpen Bounty programs on HackerOneSteve on TwitterWays to disclose bugs publiclySecurity by obscuritySomething you have/know/are vs PasskeysPasskeys vs TOTPInspecting Chrome extensionsPasskey transportabilityMorris the SecondShow Notes - https://www.grc.com/sn/SN-966-Notes.pdfHosts: Steve Gibson and Mikah SargentDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: robinhood.com/boost GO.ACILEARNING.COM/TWIT joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW
SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta
VMware needs immediate patchingMidnight Blizzard still on the offensiveChina is quietly "de-American'ing" their networksSignal Version 7.0, now in betaMeta, WhatsApp, and Messenger -meets- the EU's DMAThe Change Healthcare cyberattackSpinRite updateTelegram's end-to-end encryptionKepassXC now supports passkeysLogin acceleratorsSites start rejecting @duck.com emailsTool to detect chrome extensions change ownersSortest SN titlePasskeys vs 2FAShow Notes - https://www.grc.com/sn/SN-965-Notes.pdfHosts: Steve Gibson and Mikah SargentDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol
"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorerCory Doctorow's Visions of the Future Humble Book BundleCTRL-K shortcut for search on a browserDirect bootable image downloading for GRC's serversClosing the loop on compromised emailsTaco Bell's passwordless app A solution for Bcrypt's password length limit of 72 bytesData as the missing piece for law enforcement and privacy advocatesThe token solution for email-only loginApple's Password Manager Resources on GithubThe risk of long-term persistent cookies in browsersWhy mainframe industries still require weak passwordsA conundrum involving an exploitable Response Header error and a bounty payment.An inspection of Apple's new Post-Quantum Encryption upgrade Show Notes - https://www.grc.com/sn/SN-964-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT Melissa.com/twit bitwarden.com/twit kolide.com/securitynow
SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted
Nevada attempts to block Meta's end-to-end encryption for minors.A survey of security breachesEdge's Super-Duper Secure Mode moves into ChromeDoorDash dashes our privacyAvast charged $16.5 million for selling user browsing dataNo charge for extra logging!European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee membersLockBit RaaS group disruptedFirefox v123The ScreenConnect Authentication BypassSpinRite updateIntroducing BootAbleCox moving to Yahoo Mail for usersCredit Card securityExploiting password complexity reqirements?Email only loginsFlipper Zero in CanadaGerman Router securityMore Flipper Zero in CanadaThrowaway email addressesShared email accountsPassword quality enforcementFingerprint tech and some future storiesShow Notes - https://www.grc.com/sn/SN-963-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW robinhood.com/boost joindeleteme.com/twit promo code TWIT
SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap
Wyze breachMicrosoft patch Tuesday fixes 15 remote code execution flawsWhy are there password restrictions?The Canadian Flipper Zero BanSecurity on the old internetUsing Old PasswordsPasswordless loginTOTP as a second factorGerman ISP using default router passwordsEmail encryption in transitpfSense Tailscale integrationDuckDuckGo's email protection integration with BitwardenThe KeyTrap VulnerabilityShow Notes - https://www.grc.com/sn/SN-962-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT
SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked
Toothbrush Botnet"There are too many damn Honeypots!"Remotely accessing your home network securelyGoing passwordless as an ecommerce siteFacebook "old password" remindersBrowsers on iOSMore UPnP IssuesA password for every website?"Free" accountsKeeping phones plugged inRunning your own email server in 2024iOS app sizesSpinRite 6.1 running on an iMacSpinRite updateBitlocker's encryption cracked in minutesShow Notes - https://www.grc.com/sn/SN-961-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit kolide.com/securitynow robinhood.com/boost
SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL
CISA's "Secure by Design" InitiativeThe GNU C Library FlawFastly CDN switches from OpenSSL to BoringSSLRoskomnadzor asserts itselfGoogle updates Android's Password ManagerFirefox gets post-quantum cryptoGet your TOTP tokens from LastPassInflated iOS app dataLearnDMARCSync mobile app bugSpinRite and Windows DefenderCrypto signing cameraAnalog hole in digital camera authenticationiOS and Google's TopicsThe gathering of the StephvensProgrammable Logic ControllersSpinRite updateMalware-infected ToothbrushThe Unforeseen Consequences of Google's 3rd-party Cookie CutoffShow Notes - https://www.grc.com/sn/SN-960-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code
iOS to allow native Chromium and Firefox engines.An OS immune to ransomware?HP back in the doghouse over "anti-virus" printer brickingThe mother of all breachesNew "Thou shall not delete those chats" rulesFewer ransoms are being paidVerified Camera ImagesMore on the $15/month flashlight appWhat happens when apps change publishersMicrosoft hating on FirefoxCredit Karma is storing 1GB of data on the iPhoneStaying on Windows 7Sci-Fi recommendationsWindows 7 and HSTS sitesTOTP codes/secrets and BitwardenSpinRite on MacSpinRite v6.1 is done!LearnDMARC.comAlex Stamos on "Microsoft Security"Show Notes - https://www.grc.com/sn/SN-959-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT
SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT AttackUS Health and Human Services BreachedFirefox vs "The Competition"Brave reduces its anti-fingerprinting protectionsCISA's proactive policing results one year laterLonger Life For Samsung UpdatesGoogle Incognito Mode "Misunderstanding"Show Doc Not showing images on iOS SafariGenerated AI Media AuthenticationWhich computer languages to learn?Flashlight app subscriptionGoogle's Privacy Sandbox systemMalware and IoT devicesProtected Audience API vs. MalvertisingDefensive computingWhy ISPs don't do anything about DDoS attacksSpinRite UpdateShow Notes - https://www.grc.com/sn/SN-958-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: paloaltonetworks.com/ot-security-tco bitwarden.com/twit drata.com/twit kolide.com/securitynow
SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles
What would an IoT device look like that HAD been taken over?And speaking of DDoS attacksTrouble in the Quantum Crypto worldThe Browser MonocultureQuestion about the Apple backdoorGetting into infosecproton drive vs syncSpinRite updateThe Protected Audience APIShow Notes - https://www.grc.com/sn/SN-957-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: meraki.cisco.com/twit kolide.com/securitynow lookout.com bitwarden.com/twit joindeleteme.com/twit promo code TWIT