Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
Similar Podcasts
Open Source Security Podcast
A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
FLOSS Weekly (Audio)
We're not talking dentistry here; FLOSS all about Free Libre Open Source Software. Join host Doc Searls and his rotating panel of co-hosts every Wednesday as they talk with the most interesting and important people in the Open Source and Free Software community.
Records live every Wednesday at 12:30pm Eastern / 9:30am Pacific / 17:30 UTC.
no dogma podcast
discussions on software development
SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked
Toothbrush Botnet"There are too many damn Honeypots!"Remotely accessing your home network securelyGoing passwordless as an ecommerce siteFacebook "old password" remindersBrowsers on iOSMore UPnP IssuesA password for every website?"Free" accountsKeeping phones plugged inRunning your own email server in 2024iOS app sizesSpinRite 6.1 running on an iMacSpinRite updateBitlocker's encryption cracked in minutesShow Notes - https://www.grc.com/sn/SN-961-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit kolide.com/securitynow robinhood.com/boost
SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL
CISA's "Secure by Design" InitiativeThe GNU C Library FlawFastly CDN switches from OpenSSL to BoringSSLRoskomnadzor asserts itselfGoogle updates Android's Password ManagerFirefox gets post-quantum cryptoGet your TOTP tokens from LastPassInflated iOS app dataLearnDMARCSync mobile app bugSpinRite and Windows DefenderCrypto signing cameraAnalog hole in digital camera authenticationiOS and Google's TopicsThe gathering of the StephvensProgrammable Logic ControllersSpinRite updateMalware-infected ToothbrushThe Unforeseen Consequences of Google's 3rd-party Cookie CutoffShow Notes - https://www.grc.com/sn/SN-960-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW
SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code
iOS to allow native Chromium and Firefox engines.An OS immune to ransomware?HP back in the doghouse over "anti-virus" printer brickingThe mother of all breachesNew "Thou shall not delete those chats" rulesFewer ransoms are being paidVerified Camera ImagesMore on the $15/month flashlight appWhat happens when apps change publishersMicrosoft hating on FirefoxCredit Karma is storing 1GB of data on the iPhoneStaying on Windows 7Sci-Fi recommendationsWindows 7 and HSTS sitesTOTP codes/secrets and BitwardenSpinRite on MacSpinRite v6.1 is done!LearnDMARC.comAlex Stamos on "Microsoft Security"Show Notes - https://www.grc.com/sn/SN-959-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow panoptica.app kolide.com/securitynow canary.tools/twit - use code: TWIT
SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT AttackUS Health and Human Services BreachedFirefox vs "The Competition"Brave reduces its anti-fingerprinting protectionsCISA's proactive policing results one year laterLonger Life For Samsung UpdatesGoogle Incognito Mode "Misunderstanding"Show Doc Not showing images on iOS SafariGenerated AI Media AuthenticationWhich computer languages to learn?Flashlight app subscriptionGoogle's Privacy Sandbox systemMalware and IoT devicesProtected Audience API vs. MalvertisingDefensive computingWhy ISPs don't do anything about DDoS attacksSpinRite UpdateShow Notes - https://www.grc.com/sn/SN-958-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: paloaltonetworks.com/ot-security-tco bitwarden.com/twit drata.com/twit kolide.com/securitynow
SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles
What would an IoT device look like that HAD been taken over?And speaking of DDoS attacksTrouble in the Quantum Crypto worldThe Browser MonocultureQuestion about the Apple backdoorGetting into infosecproton drive vs syncSpinRite updateThe Protected Audience APIShow Notes - https://www.grc.com/sn/SN-957-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: meraki.cisco.com/twit kolide.com/securitynow lookout.com bitwarden.com/twit joindeleteme.com/twit promo code TWIT
SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass
More on Apple's hardware backdoorRussian Hacking of Ukranian camerasRussian hackers were inside Ukraine telecoms giant for monthsThings are still a mess at 23andMeCoinsPaid was the victim of another cyberattackCrypto Hacking in 2023Mandiant Twitter scamDefining "cyber warfare"LastPass is making some changesWindows WatchGoogle settles $5 billion lawsuitReturn Oriented ProgrammingShutting Down EdgeRoot CertificatesCredit freezingSpinRite UpdateShow Notes - https://www.grc.com/sn/SN-956-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com paloaltonetworks.com/ot-security-tco kolide.com/securitynow bitwarden.com/twit
SN 955: The Mystery of CVE-2023-38606 - SpinRite Update, Nebula Mesh, Apple's Backdoor
SpinRite 6.1 updatePruning Root CertificatesA solution to Schrodinger's BowlDNS Benchmark and anti-virus toolsNebula MeshSpinRite 7 is comingThe Mystery of CVE-2023-38606Show Notes - https://www.grc.com/sn/SN-955-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit kolide.com/securitynow Melissa.com/twit drata.com/twit
SN 954: Best of 2023 - Security Now's Best Moments of 2023
Leo looks back at the year's top security stories of 2023.Steve's Next Password Manager After the LastPass HackCHESS is SafeHere Come the Fake AI-generated "News" SitesHow Bad Guys Use SatellitesMicrosoft's "Culture of Toxic Obfuscation"Steve announces his commitment to SNApple Says NoNSA's Decade of Huawei HackingValiDrive announcementHost: Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
SN 953: Active Listening - KOSA, Cloudflare's Numbers, SpinRite Update
Child protection legislation in the USMeta pushes back on the $200 billion FTC fine for COPPA violationAge verification on the internetGoogle moving from 3rd party cookies to topicsA look at Cloudflare's metricsSpinRite updateCox Media admits that it spys on youShow Notes - https://www.grc.com/sn/SN-953-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securemyemail.com/twit Use Code TWIT drata.com/twit GO.ACILEARNING.COM/TWIT
SN 952: Quantum Computing Breakthrough - The Clear/Deep/Dark Web, Quad 9 victory, Telegram Flaw
The government collection of push notification metadataFacebook Messenger sets end to end encryption as the defaultIran's Cyber Av3ngersCisco's Talos Top 10 cyber security exploits this yearOver 30% of apps are still using a using a vulnerable version the Log4J libraryQuad 9 speaks on their legal victory against SonyWhat are the "Clear Web", "Dark Web", and "Deep Web"?A Flaw in TelegramXfinity Mobile wants you to accept a root CA, DO NOTHardware VPN alternativeA breakthrough in quantum computingShow Notes - https://www.grc.com/sn/SN-952-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit
SN 951: Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD
How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)WhatsApp's addition of Secret Code for extra privacy protection in Chat LockIranian hackers exploited default passwords in programmable logic controllers at US water facilitiesAttempt by Montana to ban TikTok statewide was stalled by a federal judge rulingOver 1 billion Android devices now have RCS messaging enabledEU Cyber Resilience Act will improve security of Internet of Things devices sold in the EUBlack Basta ransomware group has netted over $107 million since early 2022Google's new .meme top-level domain allowing meme-related web propertiesCISA's Secure by Design initiative echoes security best practices frequently recommended on the podcastFrance plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid insteadConcerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trustShow Notes - https://www.grc.com/sn/SN-951-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW
SN 950: Leo Turns 67 - Fingerprint Security, Do-Not-Track
Adobe Flash Player Updater is (still) desperately trying to updateVeracrypt password securityFirefox moves to 120 with a bunch of very nice new featuresDo-Not-Track is back on track"ownCloud" -or- "PwnCloud" ?CrushFTP Critical VulnerabilityBypassing fingerprint authenticationApacheMQTransUnion & Experian both hackedShow Notes - https://www.grc.com/sn/SN-950-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: paloaltonetworks.com/ot-security-tco Melissa.com/twit GO.ACILEARNING.COM/TWIT
SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review
Privacy and Funding Challenges Facing Signal Messaging AppLoss of Advertisers for Twitter After Controversial Tweet by Elon MuskRansomware Group Files SEC Complaint Against Breached CompanyEurope Opening Up Radio Encryption Standard TETRA for Public ReviewApple Announcing Adoption of RCS Messaging for iPhonesSteve's Progress on Dynamic Code Signing for SpinRite ReleasesRemoving Suction Cup Barnacles from WindshieldsRecommendations for Benchmarking USB Drive Read/Write SpeedsConcerns Over EU's Proposed eIDAS 2.0 QWACs LegislationWhy Protectli Routers Are Preferred for pfSense SetupsCredit Card Security Precautions for Ex-LastPass UsersOrigins and Evolution of Ethernet Networking Over 50 YearsShow Notes - https://www.grc.com/sn/SN-949-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW kolide.com/securitynow securemyemail.com/twit Use Code TWIT
SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45
Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.Decentralized finance platform Raft lost $3.3M due to an exploit.Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.Russia moves to formally ban all VPN use in the country.Two new flaws found in OpenVPN software, one allowing memory access.SpinRite development paused as DOS and Windows versions are complete.Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes."Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.Show Notes - https://www.grc.com/sn/SN-948-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit GO.ACILEARNING.COM/TWIT
SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing keyA quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fixApache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerableUpdate on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activityCVSS version 4 released with new metrics for better granularity and clarity of vulnerability scoresAce Hardware suffered a cyberattack impacting servers and systemsGoogle abandons controversial "Web DRM" proposal to let sites restrict browser extensionsAnalysis of "BadCandy" malware infecting vulnerable Cisco routersBitwarden password manager adds support for FIDO2 passkeys in browser extensionRescuing a severely degraded SSD and bringing it back to life with SpinRiteFeedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and moreThe brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web trafficShow Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit