Security Now (Video)

• Picture of the Week.
• Another Malicious Chrome Extension.
• Germany to join the Huawei & ZTE ban.
• Putting "phishing" into perspective.
• The Polynonce attack.
• Plex's RCE now in CISA's KEV.
• Sci-Fi: Andor.
• Sony Sues Quad9.

Show Notes: https://www.grc.com/sn/SN-914-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• fortra.com
• bitwarden.com/twit
• plextrac.com/twit

• Picture of the Week.
• DDoS'ing Fosstodon.
• DDoS for Hire takedowns.
• TikTok Insanity.
• Illegal Warrantless Surveillance.
• Strategic Objective 3.3.
• GitHub Secret Scanning.
• CISA's Covert Red-Team.
• What's left?
• What's old is new again.
• TCG TPM vulnerabilities.
• WordPress "All In One SEO".
• Russia fines Wikipedia.
• A Fowl Incident.

Show Notes: https://www.grc.com/sn/SN-913-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• drata.com/twit
• kolide.com/securitynow

• Picture of the Week.
• Windows 11? ... anyone?
• As Plain as Ever.
• Edge's new built-in VPN?
• LastPass Incident Update.
• Signal says NO to the UK.
• More PyPI troubles.
• The QNAP bug bounty program.
• SpinRite.
• The NSA @ Home.

Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• kolide.com/securitynow

GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified

• Picture of the Week.
• GoneDaddy.
• Section 230.
• No Blue, No SMS-based 2FA.
• Bitwarden gets Argon.
• "Meta Verified".
• Emsisoft Fake Code Signing.
• Attacks breaking records.
• More Mirai.
• NPM malware.
• Patch Tuesday.
• Samsung announces "Message Guard".
• The Hyundai & Kia mess.
• A Clever Regurgitator.

Show Notes https://www.grc.com/sn/sn-911-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• drata.com/twit
• GO.ACILEARNING.COM/TWIT

• Picture of the Week
• ESXiArgs follow-up
• ChatGPT's Malicious Use
• Google Security Key Giveaway
• Brave goes HTTPS-by-default
• 1Password Makes Another Passkeys Move
• Russian Patriotic Hackers
• Amazon to FINALLY Secure Its AWS S3 Instances
• More Anti-Chinese Camera Removals
• Microsoft to embed Adobe Acrobat PDF reader into Edge
• Password Exhaustion
• One Time Passowrd OTPAuth
• Password Exhaustion
• Ascon

Show Notes https://www.grc.com/sn/sn-910-notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• bitwarden.com/twit
• plextrac.com/twit
• fortra.com

• Picture of the Week.
• The European Union's Internet Surveillance Proposal.
• 30,000 patient records online?
• .DEV is always HTTPS!
• Google changes Chrome's release strategy.
• Russia shoots the messenger.
• A fool and his Crypto...
• QNAP is back.
• CVSS severity discrepancy.
• Closing the Loop.
• How ESXi Fell.

Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• drata.com/twit
• barracuda.com/securitynow
• canary.tools/twit - use code: TWIT

• Android to start blocking old and unsafe apps.
• Microsoft to block Internet sourced Excel add-ins.
• An example of saying "no" even when it may hurt.
• Hacked Wormhole funds on the move.
• Kevin Rose Hacked.
• Facebook will be moving more users into E2EE.
• iOS 6.3 and FIDO.
• Scan thy Citizenry.
• The Hive ransomware organization takedown.
• Errata.
• Closing the Loop.
• SpinRite.
• Data Operand Independent Timing.

Show Notes: https://www.grc.com/sn/SN-908-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Melissa.com/twit
• kolide.com/securitynow

• Picture of the Week.
• PayPal Credential Stuffing.
• iOS 16.3 : Cloud encryption for all.
• InfoSecurity Magazine: "ChatGPT Creates Polymorphic Malware".
• CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT.
• "Meta" fined for the third time.
• Bitwarden acquires "Passwordless.dev".
• Closing the Loop.
• SpinRite.
• Credential Reuse.

Show Notes: https://www.grc.com/sn/SN-907-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• GO.ACILEARNING.COM/TWIT
• expressvpn.com/securitynow
• drata.com/twit

• Picture of the Week
• About Password Iterations
• EBC or CB
• Norton Lifelock Troubles
• Chrome Follows Microsoft and Firefox
• Chromium is Beginning to Rust
• BYOVD and Windows Defender Failures
• Closing the Loop (feedback)
• The Rule of Two

Show notes: https://www.grc.com/sn/sn-906-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• plextrac.com/twit
• bitwarden.com/twit
• barracuda.com/securitynow

• Picture of the Week.
• LastPass Aftermath.
• LastPass Vault De-Obfuscator.
• What more do we know this week regarding LastPass?
• The most alarming discovery by listeners.
• Understanding the scale of GPU-enhanced password cracking.
• On the true strength of passwords.
• Feedback from listeners regarding LastPass.

Show Notes https://www.grc.com/sn/SN-905-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• tanium.com/twit
• drata.com/twit