Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
Similar Podcasts
FLOSS Weekly (Audio)
We're not talking dentistry here; FLOSS all about Free Libre Open Source Software. Join host Doc Searls and his rotating panel of co-hosts every Wednesday as they talk with the most interesting and important people in the Open Source and Free Software community.
Records live every Wednesday at 12:30pm Eastern / 9:30am Pacific / 17:30 UTC.
Open Source Security Podcast
A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
no dogma podcast
discussions on software development
SN 976: The 50 Gigabyte Privacy Bomb - Google AI Workarounds, Microsoft Recall
The bigger problem with AI Overviewhttps://udm14.com/ -and- https://tenbluelinks.org/The horses have left the barnVPNs and FirewallsEmail @ GRCExtension to fix Google searchPasswords and SPAMFixing motherboard componentsVertical tabs in FirefoxFritzBox routersToo many PINsMore Google search fixesTesting Windows XPThe 50 Gigabyte Privacy BombShow Notes - https://www.grc.com/sn/SN-976-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow joindeleteme.com/twit promo code TWIT bitwarden.com/twit 1bigthink.com
SN 975: 312 Scientists & Researchers Respond - 3 Chrome Zero-Days, Free Laundry
When you're the biggest target...Searching for SearchHow long will a Windows XP machine survive unprotected on the Internet?Free LaundryVPNs and FirewallsNetgate SG1100Ad Industry vs. Google Privacy SandboxBitwarden and passkeysToken2 passkey dongle312 Scientists & Researchers RespondShow Notes - https://www.grc.com/sn/SN-975-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1bigthink.com business.eset.com/twit mylio.com/TWIT25
SN 974: Microsoft's Head in the Clouds - 4-Digit Pins, Long Range Navigation, Microsoft
Picture of the Week.Most to least common 4-digit pins.Enhanced LORAN.Passkeys.Microsoft's Head in the Clouds.Show Notes - https://www.grc.com/sn/SN-974-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com zscaler.com/zerotrustAI kolide.com/securitynow joindeleteme.com/twit promo code TWIT
SN 973: Not So Fast - GPS Vulnerabilites, VPN Flaw
The vulnerability of GPSIs the sky falling on all VPN systems?Multi-user Passkeys, YubiKeys?The iCloud KeychainThe UK and Google's TopicsShow Notes - https://www.grc.com/sn/SN-973-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit kolide.com/securitynow lookout.com bitwarden.com/twit
SN 972: Passkeys: A Shattered Dream? - IoT Default Passwords, Passkeys
GCHQ: No more default passwords for consumer IoT devices!What happened with Chrome and 3rd-party cookies?Race conditions and multi-threadingGM "accidentally" enrolled millions into "OnStar Smart Driver +" programSteve recommends Ryk Brown's "Frontiers Saga"SpinRite updatePasskeys: A Shattered Dream?Show Notes - https://www.grc.com/sn/SN-972-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit vanta.com/SECURITYNOW 1bigthink.com lookout.com
SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo
What do you call "Stuxnet on steroids"??Voyager 1 updateAndroid 15 to quarantine appsThunderbird & Microsoft ExchangeChina bans Western encrypted messaging appsGentoo says "no" to AICars collecting diving dataFreezing your creditInvestopediaComputer Science AbstractionsLazy People vs. Secure SystemsActalis issues free S/MIME certificatesPIN EncryptionDRAM and GhostRaceAT&T Phishing ScamRace Conditions and Multi-core processorsAn Alternative to the Current Credit SystemSpinRite UpdatesChat (out of) ControlShow Notes - https://www.grc.com/sn/SN-971-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons
An update on the AT&T data breach340,000 social security numbers leakedCookie Notice ComplianceThe GDPR does enforce some transparencyPhysical router buttonsWifi enabled button pressersNetsecfish disclosure of Dlink NAS vulnerabilityChrome bloatSpinRite updateGhostRaceShow Notes - https://www.grc.com/sn/SN-970-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit vanta.com/SECURITYNOW 1bigthink.com
SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense
Out-of-support DLink NAS devices contain hard coded backdoor credentialsPrivnote is not so "Priv"Crowdfense is willing to pay millionsEngineers Pinpoint Cause of Voyager 1 Issue, Are Working on SolutionSpinRite UpdateMinimum Viable Secure ProductShow Notes - https://www.grc.com/sn/SN-969-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI business.eset.com/twit lookout.com joindeleteme.com/twit promo code TWIT
SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach
A near-Universal (Local) Linux Elevation of Privilege vulnerabilityTechCrunch informed AT&T of a 5 year old data breachSignal to get very useful cloud backupsTelegram to allow restricted incomingHP exits Russia ahead of scheduleAdvertisers are heavier users of Ad Blockers than average Americans!The Google Incognito Mode LawsuitCanonical fights malicious Ubuntu store appsSpinrite updateA Cautionary TaleShow Notes - https://www.grc.com/sn/SN-968-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com kolide.com/securitynow Melissa.com/twit vanta.com/SECURITYNOW
SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
Apple vs U.S. DoJG.M.'s Unbelievably Horrible Driver Data Sharing EndsSuper Sushi SamuraiApple has effectively abandoned HomeKit Secure RoutersThe forthcoming ".INTERNAL" TLDThe United Nations vs AI.Telegram now blocked throughout SpainVancouver Pwn2Own 2024China warns of incoming hacksAnnual Tax Season Phishing DelugeSpinRite updateAuthentication without a phoneAre Passkeys quantum safe?GoFetch: The Unpatchable vulnerability in Apple chipsShow Notes - https://www.grc.com/sn/SN-967-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow
SN 966: Morris The Second - Voyager 1, The Web Turns 35
Voyager 1 updateThe Web turned 35 and Dad is disappointedAutomakers sharing driving data with insurance companiesA flaw in Passkey thinkingPasskeys vs 2faSharing accounts with PasskeysPasskyes vs. Passwords/MFAWorkaround to sites that block anonymous email addressesOpen Bounty programs on HackerOneSteve on TwitterWays to disclose bugs publiclySecurity by obscuritySomething you have/know/are vs PasskeysPasskeys vs TOTPInspecting Chrome extensionsPasskey transportabilityMorris the SecondShow Notes - https://www.grc.com/sn/SN-966-Notes.pdfHosts: Steve Gibson and Mikah SargentDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: robinhood.com/boost GO.ACILEARNING.COM/TWIT joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW
SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta
VMware needs immediate patchingMidnight Blizzard still on the offensiveChina is quietly "de-American'ing" their networksSignal Version 7.0, now in betaMeta, WhatsApp, and Messenger -meets- the EU's DMAThe Change Healthcare cyberattackSpinRite updateTelegram's end-to-end encryptionKepassXC now supports passkeysLogin acceleratorsSites start rejecting @duck.com emailsTool to detect chrome extensions change ownersSortest SN titlePasskeys vs 2FAShow Notes - https://www.grc.com/sn/SN-965-Notes.pdfHosts: Steve Gibson and Mikah SargentDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol
"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorerCory Doctorow's Visions of the Future Humble Book BundleCTRL-K shortcut for search on a browserDirect bootable image downloading for GRC's serversClosing the loop on compromised emailsTaco Bell's passwordless app A solution for Bcrypt's password length limit of 72 bytesData as the missing piece for law enforcement and privacy advocatesThe token solution for email-only loginApple's Password Manager Resources on GithubThe risk of long-term persistent cookies in browsersWhy mainframe industries still require weak passwordsA conundrum involving an exploitable Response Header error and a bounty payment.An inspection of Apple's new Post-Quantum Encryption upgrade Show Notes - https://www.grc.com/sn/SN-964-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT Melissa.com/twit bitwarden.com/twit kolide.com/securitynow
SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted
Nevada attempts to block Meta's end-to-end encryption for minors.A survey of security breachesEdge's Super-Duper Secure Mode moves into ChromeDoorDash dashes our privacyAvast charged $16.5 million for selling user browsing dataNo charge for extra logging!European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee membersLockBit RaaS group disruptedFirefox v123The ScreenConnect Authentication BypassSpinRite updateIntroducing BootAbleCox moving to Yahoo Mail for usersCredit Card securityExploiting password complexity reqirements?Email only loginsFlipper Zero in CanadaGerman Router securityMore Flipper Zero in CanadaThrowaway email addressesShared email accountsPassword quality enforcementFingerprint tech and some future storiesShow Notes - https://www.grc.com/sn/SN-963-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW robinhood.com/boost joindeleteme.com/twit promo code TWIT
SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap
Wyze breachMicrosoft patch Tuesday fixes 15 remote code execution flawsWhy are there password restrictions?The Canadian Flipper Zero BanSecurity on the old internetUsing Old PasswordsPasswordless loginTOTP as a second factorGerman ISP using default router passwordsEmail encryption in transitpfSense Tailscale integrationDuckDuckGo's email protection integration with BitwardenThe KeyTrap VulnerabilityShow Notes - https://www.grc.com/sn/SN-962-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT