Security Now (Video)
by TWiTCybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Copyright: This work is licensed under a Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International - http://creativecommons.org/licenses/by-nc-nd/4.0/
Episodes
SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo
2h 15m · Published- What do you call "Stuxnet on steroids"??
- Voyager 1 update
- Android 15 to quarantine apps
- Thunderbird & Microsoft Exchange
- China bans Western encrypted messaging apps
- Gentoo says "no" to AI
- Cars collecting diving data
- Freezing your credit
- Investopedia
- Computer Science Abstractions
- Lazy People vs. Secure Systems
- Actalis issues free S/MIME certificates
- PIN Encryption
- DRAM and GhostRace
- AT&T Phishing Scam
- Race Conditions and Multi-core processors
- An Alternative to the Current Credit System
- SpinRite Updates
- Chat (out of) Control
Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- canary.tools/twit - use code: TWIT
- lookout.com
- kolide.com/securitynow
- zscaler.com/zerotrustAI
SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons
1h 52m · Published- An update on the AT&T data breach
- 340,000 social security numbers leaked
- Cookie Notice Compliance
- The GDPR does enforce some transparency
- Physical router buttons
- Wifi enabled button pressers
- Netsecfish disclosure of Dlink NAS vulnerability
- Chrome bloat
- SpinRite update
- GhostRace
Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- kolide.com/securitynow
- bitwarden.com/twit
- vanta.com/SECURITYNOW
- 1bigthink.com
SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense
0s · PublishedOut-of-support DLink NAS devices contain hard coded backdoor credentials
Privnote is not so "Priv"
Crowdfense is willing to pay millions
Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution
SpinRite Update
Minimum Viable Secure Product
Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- zscaler.com/zerotrustAI
- business.eset.com/twit
- lookout.com
- joindeleteme.com/twit promo code TWIT
SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach
1h 45m · Published- A near-Universal (Local) Linux Elevation of Privilege vulnerability
- TechCrunch informed AT&T of a 5 year old data breach
- Signal to get very useful cloud backups
- Telegram to allow restricted incoming
- HP exits Russia ahead of schedule
- Advertisers are heavier users of Ad Blockers than average Americans!
- The Google Incognito Mode Lawsuit
- Canonical fights malicious Ubuntu store apps
- Spinrite update
- A Cautionary Tale
Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- 1bigthink.com
- kolide.com/securitynow
- Melissa.com/twit
- vanta.com/SECURITYNOW
SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
0s · Published- Apple vs U.S. DoJ
- G.M.'s Unbelievably Horrible Driver Data Sharing Ends
- Super Sushi Samurai
- Apple has effectively abandoned HomeKit Secure Routers
- The forthcoming ".INTERNAL" TLD
- The United Nations vs AI.
- Telegram now blocked throughout Spain
- Vancouver Pwn2Own 2024
- China warns of incoming hacks
- Annual Tax Season Phishing Deluge
- SpinRite update
- Authentication without a phone
- Are Passkeys quantum safe?
- GoFetch: The Unpatchable vulnerability in Apple chips
Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- zscaler.com/zerotrustAI
- bitwarden.com/twit
- canary.tools/twit - use code: TWIT
- panoptica.app
- kolide.com/securitynow
SN 966: Morris The Second - Voyager 1, The Web Turns 35
2h 7m · Published- Voyager 1 update
- The Web turned 35 and Dad is disappointed
- Automakers sharing driving data with insurance companies
- A flaw in Passkey thinking
- Passkeys vs 2fa
- Sharing accounts with Passkeys
- Passkyes vs. Passwords/MFA
- Workaround to sites that block anonymous email addresses
- Open Bounty programs on HackerOne
- Steve on Twitter
- Ways to disclose bugs publicly
- Security by obscurity
- Something you have/know/are vs Passkeys
- Passkeys vs TOTP
- Inspecting Chrome extensions
- Passkey transportability
- Morris the Second
Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- zscaler.com/zerotrustAI
- robinhood.com/boost
- GO.ACILEARNING.COM/TWIT
- joindeleteme.com/twit promo code TWIT
- vanta.com/SECURITYNOW
SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta
2h 23m · Published- VMware needs immediate patching
- Midnight Blizzard still on the offensive
- China is quietly "de-American'ing" their networks
- Signal Version 7.0, now in beta
- Meta, WhatsApp, and Messenger -meets- the EU's DMA
- The Change Healthcare cyberattack
- SpinRite update
- Telegram's end-to-end encryption
- KepassXC now supports passkeys
- Login accelerators
- Sites start rejecting @duck.com emails
- Tool to detect chrome extensions change owners
- Sortest SN title
- Passkeys vs 2FA
Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- vanta.com/SECURITYNOW
- joindeleteme.com/twit promo code TWIT
- kolide.com/securitynow
- business.eset.com/twit
SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol
2h 12m · Published- "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
- Cory Doctorow's Visions of the Future Humble Book Bundle
- CTRL-K shortcut for search on a browser
- Direct bootable image downloading for GRC's servers
- Closing the loop on compromised emails
- Taco Bell's passwordless app
- A solution for Bcrypt's password length limit of 72 bytes
- Data as the missing piece for law enforcement and privacy advocates
- The token solution for email-only login
- Apple's Password Manager Resources on Github
- The risk of long-term persistent cookies in browsers
- Why mainframe industries still require weak passwords
- A conundrum involving an exploitable Response Header error and a bounty payment.
- An inspection of Apple's new Post-Quantum Encryption upgrade
Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- GO.ACILEARNING.COM/TWIT
- Melissa.com/twit
- bitwarden.com/twit
- kolide.com/securitynow
SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted
2h 4m · Published- Nevada attempts to block Meta's end-to-end encryption for minors.
- A survey of security breaches
- Edge's Super-Duper Secure Mode moves into Chrome
- DoorDash dashes our privacy
- Avast charged $16.5 million for selling user browsing data
- No charge for extra logging!
- European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
- LockBit RaaS group disrupted
- Firefox v123
- The ScreenConnect Authentication Bypass
- SpinRite update
- Introducing BootAble
- Cox moving to Yahoo Mail for users
- Credit Card security
- Exploiting password complexity reqirements?
- Email only logins
- Flipper Zero in Canada
- German Router security
- More Flipper Zero in Canada
- Throwaway email addresses
- Shared email accounts
- Password quality enforcement
- Fingerprint tech and some future stories
Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- canary.tools/twit - use code: TWIT
- vanta.com/SECURITYNOW
- robinhood.com/boost
- joindeleteme.com/twit promo code TWIT
SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap
2h 14m · Published- Wyze breach
- Microsoft patch Tuesday fixes 15 remote code execution flaws
- Why are there password restrictions?
- The Canadian Flipper Zero Ban
- Security on the old internet
- Using Old Passwords
- Passwordless login
- TOTP as a second factor
- German ISP using default router passwords
- Email encryption in transit
- pfSense Tailscale integration
- DuckDuckGo's email protection integration with Bitwarden
- The KeyTrap Vulnerability
Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- panoptica.app
- kolide.com/securitynow
- vanta.com/SECURITYNOW
- GO.ACILEARNING.COM/TWIT
Security Now (Video) has 70 episodes in total of non- explicit content. Total playtime is 126:37:59. The language of the podcast is English. This podcast has been added on February 22nd 2023. It might contain more episodes than the ones shown here. It was last updated on April 26th, 2024 17:46.