Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
Similar Podcasts
FLOSS Weekly (Audio)
We're not talking dentistry here; FLOSS all about Free Libre Open Source Software. Join host Doc Searls and his rotating panel of co-hosts every Wednesday as they talk with the most interesting and important people in the Open Source and Free Software community.
Records live every Wednesday at 12:30pm Eastern / 9:30am Pacific / 17:30 UTC.
no dogma podcast
discussions on software development
Open Source Security Podcast
A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
SN 938: Apple Says No - Topics coming to Android, Apple security research, browser extension vulnerabilities
Steve provides an update on ValiDrive, his new freeware utility for testing USB drives. It identifies bogus mass storage drives and performance differences between drives.There has been another sighting of Google's Topics API, this time on Android phones. It allows apps to get information about users' interests based on recent app usage.Apple has opened up their iPhones to security researchers through their Security Research Device program since 2019. Researchers get access to customize kernels, entitlements, and other low-level features without compromising security.Research reveals vulnerabilities in browser extensions that allow them to steal plaintext passwords from a website's HTML source code. Even sites like Google, Facebook, Amazon, IRS, and Capital One are affected.Feedback from listeners on topics like Apple's stance on scanning iCloud data for CSAM, Microsoft's broken TLS timestamp implementation, using VirusTotal to check downloaded files, ReadSpeed limitations, and downloading malware for VirusTotal checks.Apple publicly shares a letter from a CSAM activist demanding they implement scanning to detect child abuse images in iCloud Photos. Apple responds clearly stating they will not compromise user privacy and security to do so.Show Notes - https://www.grc.com/sn/SN-938-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit panoptica.app canary.tools/twit - use code: TWIT
SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.Show Notes - https://www.grc.com/sn/SN-937-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast
SN 936: When Heuristics Backfire - OpenSUSE, SanDisk and Western Digital, 8Base, TSSHOCK
OpenSUSE goes private.Android to get satellite comms.SanDisk and Western Digital in hot water.You're asking for it: YouTube children's privacy.Whoopsie! 8Base.Where the money is.The TSSHOCK vulnerability.BitForge.A Quantum resilient security key.Removed Chrome extensions notifications.HTTPS by default?WinRAR 6.23 final released.Closing the Loop.When Heuristics Backfire.Show Notes - https://www.grc.com/sn/SN-936-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow joindeleteme.com/twit promo code TWIT
SN 935: "Topics" Arrives - Firefox multi-account containers, DuckDuckGo email alias, satellite crowding
Picture of the Week.Security Now!'s 18th birthday!Closing the Loop.Firefox Multi-Account Containers.A question about Full Disk Encryption on SSD's.Should I run SpinRite before I back up my drives to a NAS?Overly complex password rules.DuckDuckGo's email alias.The new Russian Astra Linux based OS can not legally be possible.Regarding satellite crowding: The skies won't be darkening anytime soon.This is what came to mind on the Voyager 2 segment with the shout.Can you please share the name of the session manager that you use in Firefox?The numbers behind the Voyager recorrection."Topics" Arrives.How Topics Works.Show Notes: https://www.grc.com/sn/SN-935-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: cs.co/twit Building Cyber Resilience Podcast bitwarden.com/twit
SN 934: Revisiting Global Privacy Control - Voyager 2, MS Security, keyboard acoustic side-channel attacks
Picture of the Week.NASA "shouted" at Voyager.Another view of Microsoft.What about this Chinese attack?AI meets Keyboard Acoustic Side-Channel attacks.Closing the Loop.Revisiting Global Privacy Control.Show Notes: https://www.grc.com/sn/SN-934-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
SN 933: TETRA:BURST - Satellite Turla, Android tracker tech, VirusTotal 2023 report, open source in Russia
Picture of the Week.Satellite Turla: APT Command and Control in the Sky.OS 17 to further crack down on device fingerprinting.Android to start warning of "unknown trackers".The 7th branch of the US military.Russia criminalizes open source project contribution.VirusTotal's 2023 report.Closing the Loop.TETRA:BURST.Show Notes - https://www.grc.com/sn/SN-933-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: podtail.com/podcast/building-cyber-resilience bitwarden.com/twit drata.com/twit
SN 932: Satellite Insecurity, Part 2 - Apple vs EU, Cyber Resilience Act, Web Environment Integrity
Picture of the Week.R.I.P. Kevin Mitnick.Apple says: "Thanks, but we'd rather leave."Web Environment Integrity.Web Analytics under the spotlight.More progress on the IoT security front.The "Expeditionary cyber force".Ransomware payouts being made much less often.MOVEit Update.TikTok + Passkeys.Closing the Loop.SpinRite.Satellite Insecurity, Part 2.Show Notes: https://www.grc.com/sn/SN-932-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit
SN 931: Satellite Insecurity, Part 1 - Kaspersky on MS flaw, WormGPT, Bitcoin addresses, Twitter DM change
Picture of the Week.Kaspersky on Microsoft's Patch Tuesday.As the worm turns: WormGPT.Microsoft revokes 100+ malicious drivers.MOVEit Update.Does Dun & Bradstreet know you?No Threads for you! (or EU!)All Bitcoin addresses look alike.Twitter changes DM settings.Closing the Loop.SpinRite.Satellite Insecurity, Part 1.Show Notes: https://www.grc.com/sn/SN-931-Notes.pdf Hosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow drata.com/twit cs.co/twit
SN 930: Rowhammer Indelible Fingerprinting - MOVEit SQLi flaw, China's OpenKylin v1, Firefox 115, Syncthing
Picture of the Week.Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software.And as for MOVEit...What's a "Rug Pull" ??"Avast, ye Matey"China's OpenKylin v1.TootRoot!Firefox 115.Did Russia Disconnect?Use some honey if you want to catch some flies.Cryptocurrency losses.International Consumer Data Transit.Apple's emergency update retraction.Syncthing Revisited.Closing the Loop.SpinRite's first RTM release.RTOS-32.Rowhammer Indelible Fingerprinting.Show Notes: https://www.grc.com/sn/SN-930-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
SN 929: Operation Triangulation - DuckDuckBrowse, KasperskyOS Phone, Cyber Force, MOVEit
Picture of the Week.Catching Leo up to speed from last week.DuckDuckBrowse.And an updated Tor Browser.Opera, now enhanced with "AI".The KasperskyOS Phone.The cost of doing business in Russia.Slowly turn the wheels of justice.The US to create a new "Cyber Force".Apple.com now supports Passkeys.Selective GDPR enforcement?Facial Recognition is Photo Recognition.Google cybersecurity clinics.Progress/MOVEit sued.Closing the Loop.SpinRite.Operation Triangulation.Show Notes: https://www.grc.com/sn/SN-929-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drinkAG1.com/securitynow lookout.com drata.com/twit
SN 928: The Massive MOVEit Maelstrom - Patch Tuesday, SpinRite 7.1, MOVEit
Picture of the Week.Patch Tuesday.Does EVERYTHING leak??Closing the Loop.SpinRite gets version 7.1!The Massive MOVEit Maelstrom.Show Notes: https://www.grc.com/sn/SN-928-Notes.pdfHosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit cs.co/twit kolide.com/securitynow
SN 927: Scanning the Internet - IoT DDoS rising, who pays for Cryptomining, WWDC security announcements
Picture of the Week.Cryptomining Rude Surprise Billing.Musk's Twitter is refusing to pay for Cloud Services.IoT DDoS rapidly rising.H1CA found executing code on client machines.Apple's WWDC Redux.France takes a different approach...Russia: Scanners stay out!Miscellany.Closing the Loop.SpinRite.Scanning the Internet.Show Notes: https://www.grc.com/sn/SN-927-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT bitwarden.com/twit athleticgreens.com/securitynow
SN 926: Windows Platform Binary Table - OWASP, Tor anti-DoS protection, Mandatory SMB Signing on Win 11
Picture of the Week.Another week of silence from HP.Mandatory "SMB Signing" coming to Windows 11.OWASP.Did Apple help the NSA attack the Kremlin?Kaspersky's analysis of this iPhone attack and compromise.The Trifecta Jackpot!Who wrote that?Tor gets anti-DoS protection.Cybersecurity at Educational institutions.Civilian Surveillance Cameras in Ukraine.Cyber Mercenaries.Closing the Loop.Windows Platform Binary Table.Show Notes: https://www.grc.com/sn/SN-926-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: meraki.cisco.com/twit joindeleteme.com/twittv canary.tools/twit - use code: TWIT
SN 925: Brave's Brilliant Off the Record Request - .ZIP TLD, Bitwarden Passkey support, PyPi
Picture of the Week.HP = "Huge Pile"The ".ZIP" TLD — What could possibly go wrong?PyPI gets more serious about security AND privacy."No logs saved anywhere"???Twitter in the EU?Bitwarden's support for Passkeys.A €1.2 billion fine will grab your attention.Editing WhatsApp messages.A new Google Bug Bounty.SpinRite.Brave's Brilliant Off the Record Request.Show Notes: https://www.grc.com/sn/SN-925-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: cs.co/twit drata.com/twit Melissa.com/twit
SN 924: VCaaS – Voice Cloning as a Service - HP printer update, KeePass vulnerability, SpinRite bug
Picture of the Week.Tracker Follow-Up.Automatic IoT device updating.HP 9020e - error code 83C0000B.Section 230 Stands.The KeePass Vulnerability.Apple joins Samsung, Amazon and Verizon in banning ChatGPT.Google's Privacy Sandbox moves forward.The FBI heavily misused FISA powers.Supply Chain Nightmare.SpinRite.VCaaS – Voice Cloning as a Service.Show Notes: https://www.grc.com/sn/SN-924-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.Get episodes ad-free with Club TWiT at https://twit.tv/clubtwitYou can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow athleticgreens.com/securitynow lookout.com