Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!
- How fake drives continue to be sold on Amazon despite negative reviews
- Microsoft is discontinuing support for the VBScript language
- The 30-year old NTLM authentication protocol will eventually be removed from Windows
- Two new vulnerabilities found in cURL
- A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
- Debate over whether "lib" should rhyme with "vibe" or "air"
- Instructions for accessing the SpinRite 6.1 pre-release version
- Feedback on passkey exportability and server IP address encryption
- A listener asks if ransomware can encrypt already encrypted files
- How Privacy Badger un-rewrites Google's search result links
- The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts
Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors: