Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

August 29, 2023 2:09:45 62.49 MB Downloads: 0
  • Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.
  • WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.
  • HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.
  • Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.
  • Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.
  • Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.
  • Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.
  • Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.
  • Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.
  • Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.

Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: