Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
SN 928: The Massive MOVEit Maelstrom - Patch Tuesday, SpinRite 7.1, MOVEit
Picture of the Week.Patch Tuesday.Does EVERYTHING leak??Closing the Loop.SpinRite gets version 7.1!The Massive MOVEit Maelstrom.Show Notes: https://www.grc.com/sn/SN-928-Notes.pdfHosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit cs.co/twit kolide.com/securitynow
SN 927: Scanning the Internet - IoT DDoS rising, who pays for Cryptomining, WWDC security announcements
Picture of the Week.Cryptomining Rude Surprise Billing.Musk's Twitter is refusing to pay for Cloud Services.IoT DDoS rapidly rising.H1CA found executing code on client machines.Apple's WWDC Redux.France takes a different approach...Russia: Scanners stay out!Miscellany.Closing the Loop.SpinRite.Scanning the Internet.Show Notes: https://www.grc.com/sn/SN-927-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT bitwarden.com/twit athleticgreens.com/securitynow
SN 926: Windows Platform Binary Table - OWASP, Tor anti-DoS protection, Mandatory SMB Signing on Win 11
Picture of the Week.Another week of silence from HP.Mandatory "SMB Signing" coming to Windows 11.OWASP.Did Apple help the NSA attack the Kremlin?Kaspersky's analysis of this iPhone attack and compromise.The Trifecta Jackpot!Who wrote that?Tor gets anti-DoS protection.Cybersecurity at Educational institutions.Civilian Surveillance Cameras in Ukraine.Cyber Mercenaries.Closing the Loop.Windows Platform Binary Table.Show Notes: https://www.grc.com/sn/SN-926-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: meraki.cisco.com/twit joindeleteme.com/twittv canary.tools/twit - use code: TWIT
SN 925: Brave's Brilliant Off the Record Request - .ZIP TLD, Bitwarden Passkey support, PyPi
Picture of the Week.HP = "Huge Pile"The ".ZIP" TLD — What could possibly go wrong?PyPI gets more serious about security AND privacy."No logs saved anywhere"???Twitter in the EU?Bitwarden's support for Passkeys.A €1.2 billion fine will grab your attention.Editing WhatsApp messages.A new Google Bug Bounty.SpinRite.Brave's Brilliant Off the Record Request.Show Notes: https://www.grc.com/sn/SN-925-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: cs.co/twit drata.com/twit Melissa.com/twit
SN 924: VCaaS – Voice Cloning as a Service - HP printer update, KeePass vulnerability, SpinRite bug
Picture of the Week.Tracker Follow-Up.Automatic IoT device updating.HP 9020e - error code 83C0000B.Section 230 Stands.The KeePass Vulnerability.Apple joins Samsung, Amazon and Verizon in banning ChatGPT.Google's Privacy Sandbox moves forward.The FBI heavily misused FISA powers.Supply Chain Nightmare.SpinRite.VCaaS – Voice Cloning as a Service.Show Notes: https://www.grc.com/sn/SN-924-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow athleticgreens.com/securitynow lookout.com
SN 923: Location Tracker Behavior - Diving deep into Google and Apple's tracker spec, SpinRite update
Picture of the Week.SpinRite.Location Tracker Behavior.Formal definitions from the specification.Bluetooth LE devices have MAC addresses and therein lies a problem.All devices are serialized.And now, that "pairing registry".Privacy considerations.Show Notes: https://www.grc.com/sn/SN-923-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit GO.ACILEARNING.COM/TWIT
SN 922: Detecting Unwanted Location Trackers - Google Passkeys, Chrome lock icon, AI news sites, Vint Cerf
Picture of the Week.Google & Passkeys.TP-Link routers DO auto-update.US Marshals Service: Where's the backup??T-Mobile keeps getting breached.Chrome: No more LOCK icon.Apple's new "Rapid Security Response" system.Elon Musk, making friends wherever he goes...A quick Mastodon aside.Here come the fake AI-generated "news" sites.Russia to replace "American" TCP/IP with "Russian Internet".Vint Serf's 3 mistakes.Detecting Unwanted Location Trackers.Show Notes: https://www.grc.com/sn/SN-922-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow
SN 921: OSB OMG and Other News! - Age verification, Google Authenticator E2EE, VirusTotal AI, cURL
Picture of the Week.The Encryption Debate.Age does matter...Age Verification.WhatsApp: Rather be blocked in UK than weaken security.Exposing Side-Channel Monitoring.Closing the Loop.A new UDP reflection attack vector.Google Authenticator Updated.Does Israel use NSO Group commercial spyware?A Russian OS?TP-Link routers compromised.A pre-release security audit.Another Intel side-channel attack.Windows users: Don't remove cURL!AI comes to VirusTotal. Show Notes https://www.grc.com/sn/SN-921-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twittv drata.com/twit
SN 920: An End-to-End Encryption Proposal - Wipe those routers, Lockdown Mode, ChatGPT black market
Picture of the Week. Lockdown Mode seen succeeding. A growing black market for ChatGPT accounts. Decommissioned Corporate Routers Leak Secrets. Jaguar Tooth: Cisco router vulnerabilities. Security Research Legal Defense Fund. A quick Firefox fix. Kubernetes security audit. Google Chrome zero-day. An End-to-End Encryption Proposal. Show Notes https://www.grc.com/sn/SN-920-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: athleticgreens.com/securitynow lookout.com
SN 919: Forced Entry - Patch Tuesday, Google Assured Open Source Software, WhatsApp Improvements
Picture of the Week.Patch Tuesday Review.Risky Business News.Google Assured Open Source Software.WhatsApp Improvements.Bad Security? Go to jail!Forced Entry.Show Notes https://www.grc.com/sn/SN-919-Notes.pdf Hosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: meraki.cisco.com/twit bitwarden.com/twit GO.ACILEARNING.COM/TWIT
SN 918: A Dangerous Interpretation - H26FORGE, Privatized ChatGPT, Mozilla Site Breach Monitor
Picture of the Week.Microsoft and Fortra go on the offensive.Can ChatGPT keep a secret?Apple updates their OS's.Wordpress under attack... again.Mozilla's Site Breach Monitor.Another ChatGPT investigation.Samsung handsets reaching EoL.Less access for loan apps.The right to be forgotten.SpinRite.A Dangerous Interpretation.Show Notes: https://www.grc.com/sn/SN-918-Notes.pdf Hosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twittv meraki.cisco.com/twit kolide.com/securitynow
SN 917: Zombie Software - ChatGPT Ban, Hacking the Pentagon
Picture of the WeekSo... Not an attack, then?AI Overlord HysteriaItaly says NO to ChatGPTIt's illegal... How much will that be?The U.S. FDA & medical device securityHack the PentagonFirefox 3dr-party DLL check-upMicrosoft's Extortion?The Silver ShipsZombie SoftwareShow Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant PruittDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
SN 916: Microsoft's Email Extortion - Pwn2Own, Edge Crypto Wallet
Picture of the Week.Synacktiv wins this year's CanSecWest Pwn2OwnGitHub: Mistakes happenDDoS for Hire. . .Or Not144,000 malicious packages publishedNo iPhones For Russian Presidential StaffI NUITEdge Gets CryptoMicrosoft's Email ExtortionShow Notes: https://www.grc.com/sn/sn-916-notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com kolide.com/securitynow Melissa.com/twit
SN 915: Flying Trojan Horses - Exynos 0-days, TikTok Tick Tock, 90-day TLS cert life, CHESS is safe!
Picture of the Week.Multiple Exploitable Samsung 0-Days.A good idea for NPM.The TikTok Tick Tock.Google pushes for 90-day TLS certificate life.CHESS is safe.CISA has begun scanning!Flying Trojan Horses.Show Notes: https://www.grc.com/sn/SN-915-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT expressvpn.com/securitynow
SN 914: Sony Sues Quad9 - Polynonce attack, Germany Huawei ban, Plex Media Server defect, Andor review
Picture of the Week.Another Malicious Chrome Extension.Germany to join the Huawei & ZTE ban.Putting "phishing" into perspective.The Polynonce attack.Plex's RCE now in CISA's KEV.Sci-Fi: Andor.Sony Sues Quad9.Show Notes: https://www.grc.com/sn/SN-914-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: fortra.com bitwarden.com/twit plextrac.com/twit