Security Now (Audio)

• What do you call "Stuxnet on steroids"??
• Voyager 1 update
• Android 15 to quarantine apps
• Thunderbird & Microsoft Exchange
• China bans Western encrypted messaging apps
• Gentoo says "no" to AI
• Cars collecting diving data
• Freezing your credit
• Investopedia
• Computer Science Abstractions
• Lazy People vs. Secure Systems
• Actalis issues free S/MIME certificates
• PIN Encryption
• DRAM and GhostRace
• AT&T Phishing Scam
• Race Conditions and Multi-core processors
• An Alternative to the Current Credit System
• SpinRite Updates
• Chat (out of) Control

Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• lookout.com
• kolide.com/securitynow
• zscaler.com/zerotrustAI

• An update on the AT&T data breach
• 340,000 social security numbers leaked
• Cookie Notice Compliance
• The GDPR does enforce some transparency
• Physical router buttons
• Wifi enabled button pressers
• Netsecfish disclosure of Dlink NAS vulnerability
• Chrome bloat
• SpinRite update
• GhostRace

Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• kolide.com/securitynow
• bitwarden.com/twit
• vanta.com/SECURITYNOW
• 1bigthink.com

Out-of-support DLink NAS devices contain hard coded backdoor credentials

Privnote is not so "Priv"

Crowdfense is willing to pay millions

Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution

SpinRite Update

Minimum Viable Secure Product

Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• zscaler.com/zerotrustAI
• business.eset.com/twit
• lookout.com
• joindeleteme.com/twit promo code TWIT

• A near-Universal (Local) Linux Elevation of Privilege vulnerability
• TechCrunch informed AT&T of a 5 year old data breach
• Signal to get very useful cloud backups
• Telegram to allow restricted incoming
• HP exits Russia ahead of schedule
• Advertisers are heavier users of Ad Blockers than average Americans!
• The Google Incognito Mode Lawsuit
• Canonical fights malicious Ubuntu store apps
• Spinrite update
• A Cautionary Tale

Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• 1bigthink.com
• kolide.com/securitynow
• Melissa.com/twit
• vanta.com/SECURITYNOW

• Apple vs U.S. DoJ
• G.M.'s Unbelievably Horrible Driver Data Sharing Ends
• Super Sushi Samurai
• Apple has effectively abandoned HomeKit Secure Routers
• The forthcoming ".INTERNAL" TLD
• The United Nations vs AI.
• Telegram now blocked throughout Spain
• Vancouver Pwn2Own 2024
• China warns of incoming hacks
• Annual Tax Season Phishing Deluge
• SpinRite update
• Authentication without a phone
• Are Passkeys quantum safe?
• GoFetch: The Unpatchable vulnerability in Apple chips

Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• zscaler.com/zerotrustAI
• bitwarden.com/twit
• canary.tools/twit - use code: TWIT
• panoptica.app
• kolide.com/securitynow

• Voyager 1 update
• The Web turned 35 and Dad is disappointed
• Automakers sharing driving data with insurance companies
• A flaw in Passkey thinking
• Passkeys vs 2fa
• Sharing accounts with Passkeys
• Passkyes vs. Passwords/MFA
• Workaround to sites that block anonymous email addresses
• Open Bounty programs on HackerOne
• Steve on Twitter
• Ways to disclose bugs publicly
• Security by obscurity
• Something you have/know/are vs Passkeys
• Passkeys vs TOTP
• Inspecting Chrome extensions
• Passkey transportability
• Morris the Second

Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• zscaler.com/zerotrustAI
• robinhood.com/boost
• GO.ACILEARNING.COM/TWIT
• joindeleteme.com/twit promo code TWIT
• vanta.com/SECURITYNOW

• VMware needs immediate patching
• Midnight Blizzard still on the offensive
• China is quietly "de-American'ing" their networks
• Signal Version 7.0, now in beta
• Meta, WhatsApp, and Messenger -meets- the EU's DMA
• The Change Healthcare cyberattack
• SpinRite update
• Telegram's end-to-end encryption
• KepassXC now supports passkeys
• Login accelerators
• Sites start rejecting @duck.com emails
• Tool to detect chrome extensions change owners
• Sortest SN title
• Passkeys vs 2FA

Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• vanta.com/SECURITYNOW
• joindeleteme.com/twit promo code TWIT
• kolide.com/securitynow
• business.eset.com/twit

• "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
• Cory Doctorow's Visions of the Future Humble Book Bundle
• CTRL-K shortcut for search on a browser
• Direct bootable image downloading for GRC's servers
• Closing the loop on compromised emails
• Taco Bell's passwordless app
• A solution for Bcrypt's password length limit of 72 bytes
• Data as the missing piece for law enforcement and privacy advocates
• The token solution for email-only login
• Apple's Password Manager Resources on Github
• The risk of long-term persistent cookies in browsers
• Why mainframe industries still require weak passwords
• A conundrum involving an exploitable Response Header error and a bounty payment.
• An inspection of Apple's new Post-Quantum Encryption upgrade

Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• GO.ACILEARNING.COM/TWIT
• Melissa.com/twit
• bitwarden.com/twit
• kolide.com/securitynow

• Nevada attempts to block Meta's end-to-end encryption for minors.
• A survey of security breaches
• Edge's Super-Duper Secure Mode moves into Chrome
• DoorDash dashes our privacy
• Avast charged $16.5 million for selling user browsing data
• No charge for extra logging!
• European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
• LockBit RaaS group disrupted
• Firefox v123
• The ScreenConnect Authentication Bypass
• SpinRite update
• Introducing BootAble
• Cox moving to Yahoo Mail for users
• Credit Card security
• Exploiting password complexity reqirements?
• Email only logins
• Flipper Zero in Canada
• German Router security
• More Flipper Zero in Canada
• Throwaway email addresses
• Shared email accounts
• Password quality enforcement
• Fingerprint tech and some future stories

Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• vanta.com/SECURITYNOW
• robinhood.com/boost
• joindeleteme.com/twit promo code TWIT

• Wyze breach
• Microsoft patch Tuesday fixes 15 remote code execution flaws
• Why are there password restrictions?
• The Canadian Flipper Zero Ban
• Security on the old internet
• Using Old Passwords
• Passwordless login
• TOTP as a second factor
• German ISP using default router passwords
• Email encryption in transit
• pfSense Tailscale integration
• DuckDuckGo's email protection integration with Bitwarden
• The KeyTrap Vulnerability

Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• panoptica.app
• kolide.com/securitynow
• vanta.com/SECURITYNOW
• GO.ACILEARNING.COM/TWIT