Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
SN 913: A Fowl Incident - DDoS'ing Fosstodon, Strategic Objective 3.3, CISA's Covert Red-Team
Picture of the Week.DDoS'ing Fosstodon.DDoS for Hire takedowns.TikTok Insanity.Illegal Warrantless Surveillance.Strategic Objective 3.3.GitHub Secret Scanning.CISA's Covert Red-Team.What's left?What's old is new again.TCG TPM vulnerabilities.WordPress "All In One SEO".Russia fines Wikipedia.A Fowl Incident.Show Notes: https://www.grc.com/sn/SN-913-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT drata.com/twit kolide.com/securitynow
SN 912: The NSA @ Home - LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty
Picture of the Week.Windows 11? ... anyone?As Plain as Ever.Edge's new built-in VPN?LastPass Incident Update.Signal says NO to the UK.More PyPI troubles.The QNAP bug bounty program.SpinRite.The NSA @ Home.Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: kolide.com/securitynow
SN 911: A Clever Regurgitator - GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified
GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta VerifiedPicture of the Week.GoneDaddy.Section 230.No Blue, No SMS-based 2FA.Bitwarden gets Argon."Meta Verified".Emsisoft Fake Code Signing.Attacks breaking records.More Mirai.NPM malware.Patch Tuesday.Samsung announces "Message Guard".The Hyundai & Kia mess.A Clever Regurgitator.Show Notes https://www.grc.com/sn/sn-911-notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT
SN 910: Ascon - Malicious ChatGPT Use, Goole Security Key Giveaway, OTPAuth
Picture of the WeekESXiArgs follow-upChatGPT's Malicious UseGoogle Security Key GiveawayBrave goes HTTPS-by-default1Password Makes Another Passkeys MoveRussian Patriotic HackersAmazon to FINALLY Secure Its AWS S3 InstancesMore Anti-Chinese Camera RemovalsMicrosoft to embed Adobe Acrobat PDF reader into EdgePassword ExhaustionOne Time Passowrd OTPAuthPassword ExhaustionAsconShow Notes https://www.grc.com/sn/sn-910-notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit plextrac.com/twit fortra.com
SN 909: How ESXi Fell - EU Internet Surveillance, QNAP returns, .DEV is always HTTPS
Picture of the Week.The European Union's Internet Surveillance Proposal.30,000 patient records online?.DEV is always HTTPS!Google changes Chrome's release strategy.Russia shoots the messenger.A fool and his Crypto...QNAP is back.CVSS severity discrepancy.Closing the Loop.How ESXi Fell.Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit barracuda.com/securitynow canary.tools/twit - use code: TWIT
SN 908: Data Operand Independent Timing - Old Android apps, Kevin Rose, iOS 6.3 and FIDO, Hive hacked
Android to start blocking old and unsafe apps.Microsoft to block Internet sourced Excel add-ins.An example of saying "no" even when it may hurt.Hacked Wormhole funds on the move.Kevin Rose Hacked.Facebook will be moving more users into E2EE.iOS 6.3 and FIDO.Scan thy Citizenry.The Hive ransomware organization takedown.Errata.Closing the Loop.SpinRite.Data Operand Independent Timing.Show Notes: https://www.grc.com/sn/SN-908-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit kolide.com/securitynow
SN 907: Credential Reuse - iOS 16.3, ChatGPT creates malware, Bitwarden acquires Passwordless.dev
Picture of the Week.PayPal Credential Stuffing.iOS 16.3 : Cloud encryption for all.InfoSecurity Magazine: "ChatGPT Creates Polymorphic Malware".CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT."Meta" fined for the third time.Bitwarden acquires "Passwordless.dev".Closing the Loop.SpinRite.Credential Reuse.Show Notes: https://www.grc.com/sn/SN-907-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT expressvpn.com/securitynow drata.com/twit
SN 906: The Rule of Two - Norton Lifelock Data Breach, Chromium and Rust, LastPass
Picture of the WeekAbout Password IterationsEBC or CBNorton Lifelock TroublesChrome Follows Microsoft and FirefoxChromium is Beginning to RustBYOVD and Windows Defender FailuresClosing the Loop (feedback)The Rule of TwoShow notes: https://www.grc.com/sn/sn-906-notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit barracuda.com/securitynow
SN 905: 1 - LastPass Aftermath, LastPass vault de-obfuscator, LastPass iteration count folly
Picture of the Week.LastPass Aftermath.LastPass Vault De-Obfuscator.What more do we know this week regarding LastPass?The most alarming discovery by listeners.Understanding the scale of GPU-enhanced password cracking.On the true strength of passwords.Feedback from listeners regarding LastPass.Show Notes https://www.grc.com/sn/SN-905-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit drata.com/twit
SN 904: Leaving LastPass - How LastPass failed, Steve's next password manager, how to protect yourself
Picture of the Week.SpinRite.Leaving LastPass.Is there reason for concern?Well known password cracker Jeremi Gosney's LastPass rant.Steve shares his plan regarding LastPass.What is Steve's next password manager?What should LastPass users do to protect themselves?Show Notes https://www.grc.com/sn/SN-904-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: fortra.com canary.tools/twit - use code: TWIT
SN 903: Security Now Best of 2022 - The best moments from throughout the year
Anatomy of a Log4j Exploit.Will Russia Disconnect?FCC Says Kaspersky Labs is a National Security Threat.Lenovo UEFI Firmware Troubles.That "Passkeys" Thing.Dis-CONTI-nued: The End of Conti?Steve's Take on the LastPass Breach.Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow kolide.com/securitynow
SN 902: A Generic WAF Bypass - Pwn2Own Toronto, URSNIF malware, Vivaldi Mastodon support, Bye Bye SHA-1
Picture of the Week.A malware operation known as URSNIF.Pwn2Own Toronto 2022.Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities.Patch Tuesday.Another Uber breach?Elon Botches 'Bot Blockage.Vivaldi integrates Mastodon in its desktop browser.5,200 Dutch government warnings.CIB: "Coordinated Inauthentic Behavior"GitHub to require 2FA by the end of next year.Bye bye SHA-1.WordFence's VERY useful looking WordPress add-on vulnerability database.Closing The Loop.SpinRite.A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
SN 901: Apple Encrypts the Cloud - Chrome Passkeys, Telegram malware, SYNC.com outage, Rackspace lawsuits
Picture of the Week.Chrome does Passkeys.SYNC.COM suffered its first outage.Medibank reboot.Totally fake cryptocurrency trading platforms.Malware on Telegram.Texas gets in on the TikTok banning.The LastPass class action lawsuit.Rackspace had a big embarrassing problem.Rackspace is now facing at least three class action lawsuits.Another country goes on the offensive.Closing The Loop.SpinRite.Miscellany.Apple Encrypts the Cloud. Show Notes https://www.grc.com/sn/SN-901-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow bitwarden.com/twit expressvpn.com/securitynow
SN 900: LastPass Again - South Dakota bans TikTok, Anker Eufy Camera debacle, Mozilla yanks trusted root
Picture of the Week.Don't mess with Australia.Facebook / Meta fined by Ireland.REvil's full Medibank dump.Is nothing sacred?Mozilla yanks a (no longer) trusted root.Android Platform Certs Escape.South Dakota says: No more Tik-Tok.Albania blames its IT staff.Good news on the memory safe languages front.Black Hat USA 2022.Another Chrome 0-day bites the dust.Anker's Eufy Camera debacle.An amazing-looking WiFi-6 router... $119.Elon really said this.Closing the Loop.SpinRite.LastPass Again. Show Notes https://www.grc.com/sn/SN-900-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit
SN 899: Freebie Bots & Evil Cameras - iSpoofer no more, Boa server vulnerability, CISA on Mastodon
Picture of the Week.iSpoof you no more.Here come the Freebie Bots!Anatomy of the real-time Cryptocurrency heist.Lookin' for something to do?Boa server vulnerability.The dilemma of closed-source Chinese networking products.The Cyber Defense Index.Malicious Docker Hub images.Since we've been tracking 0-days for a while.CISA on Mastodon.Miscellany.Closing The Loop.SpinRite. Show Notes https://www.grc.com/sn/SN-899-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow plextrac.com/twit nordlayer.com/twit