Security Now (MP3)

Follow Security Now (MP3)
Share on
Copy link to clipboard

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

TWiT

Donate to Security Now (MP3)

  • podcastawards.com
    2009 Technology

  • podcastawards.com
    2007 Technology


  • Jun 4, 2025 LATEST EPISODE
  • weekly NEW EPISODES
  • 2h 6m AVG DURATION
  • 271 EPISODES

4.6 from 1,832 ratings Listeners of Security Now (MP3) that love the show mention: computer security, security news, grc, steve also, firewall, netcasts, steve takes, twit podcasts, steve covers, security topics, trojans, technical topics, gibson's, great security, security related, viruses, certifications, good work steve, propeller, steve's knowledge.


Ivy Insights

The Security Now (MP3) podcast is an exceptional resource for individuals who are not in the security field but want to learn about security problems. Steve Gibson and Leo Laporte do an excellent job of explaining complex security concepts in a way that is accessible and understandable to listeners. One of the best aspects of this podcast is how each term is defined, ensuring that even those unfamiliar with security terminology can follow along. Additionally, common misunderstandings or misuses of terms are also explained, providing clarification and avoiding confusion.

The podcast stands out as the best online security podcast due to Leo and Steve's abilities as entertainers and consummate professionals in their field. They have a talent for distilling complex information into digestible portions that listeners can easily understand. Their chemistry and dynamic make for enjoyable listening while still imparting valuable knowledge.

One potential downside of this podcast is Leo's tendency to engage in sales pitches during episodes. While this might be off-putting for some listeners, others appreciate supporting the show's sponsors as it helps sustain the podcast itself. However, it's important to note that these sponsor endorsements do not detract from the overall quality of the content provided by Steve and Leo.

In conclusion, The Security Now (MP3) podcast is a reliable, consistent source of long-term security knowledge. With over 15 years on air and more than 800 episodes, it has proven itself as a valuable resource for staying informed about security issues. Whether you're new to IT or have decades of experience, this podcast offers something for everyone. If you're not already listening to Security Now, it's highly recommended that you give it a try.



More podcasts from TWiT

Search for episodes from Security Now (MP3) with a specific topic:

Latest episodes from Security Now (MP3)

SN 1028: AI Vulnerability Hunting - Jailbreaking is Over

Play Episode Listen Later Jun 4, 2025 188:02


Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT

SN 1027: Artificial Intelligence - The Status of Encrypted Client Hello

Play Episode Listen Later May 28, 2025 174:28


What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid bring the rest down? Where are we in the "AI Hype Cycle" and is this the first? Speaking of hype: An AI system resorted to blackmail? Why are we so quick to imbue AI with awareness? ChatGPT's latest o3 model ignored the order to shutdown. Copilot may not be making Windows core code any better. Venice.AI is an unfiltered and unrestrained LLM Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit threatlocker.com for Security Now canary.tools/twit - use code: TWIT hoxhunt.com/securitynow 1password.com/securitynow

SN 1026: Rogue Comms Tech Found in US Power Grid - Is AI Replicating Itself?

Play Episode Listen Later May 21, 2025 167:03


Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

SN 1025: Secure Conversation Records Retention - FBI Says to Toss Your Old Router

Play Episode Listen Later May 14, 2025 165:04


The state of Virginia passes an age-restriction law that has no chance. New Zealand also tries something similar, citing Australia's lead. A nasty Python package for Discord survived 3 years and 11K downloads. The FBI says it's a good idea to discard end-of-life consumer routers. What's in WhatsApp? Finding out was neither easy nor certain. The UK's Cyber Centre says AI promises to make things much worse. A bunch of great feedback from our great listeners, then: Is true end-to-end encryption possible when records must be retained? Show Notes - https://www.grc.com/sn/SN-1025-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now uscloud.com hoxhunt.com/securitynow canary.tools/twit - use code: TWIT

SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach

Play Episode Listen Later May 7, 2025 166:22 Transcription Available


Microsoft to officially abandon passwords and support their deletion. Meta's RayBan smart glasses weaken their privacy terms. 30% of Microsoft code is now being written by AI. Google says prying Chrome from it will damage its security. Nearly 1,000 six-year-old eCommerce backdoors spring to life. eM Client moves to version 10.3 A bunch of terrific listener feedback creates talking points. A little-known, insecure message archiving service comes to light. Show Notes - https://www.grc.com/sn/sn-1024-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT drata.com/securitynow material.security threatlocker.com/twit

SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"

Play Episode Listen Later Apr 30, 2025 164:49


Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. New information about data loss in unpowered SSD mass storage. Lots of terrific feedback from our listeners. How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com threatlocker.com for Security Now outsystems.com/twit hoxhunt.com/securitynow

SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats

Play Episode Listen Later Apr 23, 2025 173:22 Transcription Available


Enabling Firefox's Tab Grouping. Recalled Recall Re-Rolls out. The crucial CVE program nearly died. It's been given new life. China confesses to hacking the US (blames our stance on Taiwan). CISA says what Oracle still refuses to. Brute force attacks on the (rapid) rise. An AI/ML Python package rates a 9.8 (again!) The CA/Browser forum passed short-life certs. :( A wonderful crosswalk hack hits Silicon Valley. Android to add force restarting ahead of schedule. Maybe. The EFF is never happy. But especially now, about Florida. Interesting research into ransomware payouts. Windows Sandbox: The amazing gem hidden inside all Windows 10 & 11! Show Notesb - https://www.grc.com/sn/SN-1022-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT drata.com/securitynow bigid.com/securitynow 1password.com/securitynow material.security

SN 1021: Device Bound Session Credentials - Hotpatching in Win 11, Apple vs. UK

Play Episode Listen Later Apr 16, 2025 194:37 Transcription Available


Android to get "Lockdown Mode". What's in the new editions of Chrome and Firefox? Why did Apple silently re-enable automatic updates? My new iPhone 16, Chinese tariffs and electronics. Dynamic "hotpatching" coming to Win11 Enterprise & Edu. Why is it so difficult for Oracle to fess up? Another multi-year breach inside US Treasury. An Apple -vs- the UK update. "Thundermail" (Can't someone come up with a better name?) The (in)Security of Programmable Logic Controllers. When LLM's write code and hallucinate non-existent packages. Wordpress core security and PHP gets an important audit. Device-Bound Session Credentials update session cookie technology Show Notes - https://www.grc.com/sn/SN-1021-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow vanta.com/SECURITYNOW threatlocker.com for Security Now legatosecurity.com bitwarden.com/twit

SN 1020: Multi-Perspective Issuance Corroboration - IoT Done Right, France Phishes, Gmails E2EE

Play Episode Listen Later Apr 9, 2025 188:26 Transcription Available


Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

SN 1019: EU OS - Troy Hunt Phished, Ransomware List, InControl

Play Episode Listen Later Apr 2, 2025 185:04


Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard. A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site. Cloudflare completely pulls the plug on port 80 (HTTP) API access. Malware is switching to obscure languages to avoid detection. FORTH, anyone? Password reuse doesn't appear to be dropping. Cloudflare has numbers. A listener shares his log of malicious Microsoft login attempts. Why no geofencing? 23andMe down for the count (reminder). A sobering Ransomware attack & victim listing website. Gulp! "InControl" keeps VR planes aloft. And the European Union gets serious about a switch to Linux Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: drata.com/securitynow outsystems.com/twit bitwarden.com/twit threatlocker.com for Security Now legatosecurity.com

SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE

Play Episode Listen Later Mar 26, 2025 172:59


The dangers of doing things you don't understand. Espressif responds to the claims of an ESP32 backdoor. A widely leveraged mistake Microsoft stubbornly refuses to correct. A disturbingly simple remote takeover of Apache Tomcat servers. A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards. Google snapped up another cloud security firm but paid a price! RCS messaging to soon get full end-to-end encryption (done right!). How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot? Looks like Oracle may take stewardship of TikTok to keep it in-country. Whoops! 23andMe is sinking — don't let them take your genetics with them! The White House says "the cyber guys should stay!" AI project failure rates are on the rise. Anyone surprised? Listener feedback, and a very interesting update on just how looming is the threat from quantum computing? Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security legatosecurity.com joindeleteme.com/twit promo code TWIT

SN 1017: Is YOUR System Vulnerable to RowHammer? - Telegram's Crypto, Twitter Outage, FBI Warning

Play Episode Listen Later Mar 19, 2025 173:50 Transcription Available


An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com

SN 1016: The Bluetooth Backdoor - North Korean Texans, Apple Pushes Back

Play Episode Listen Later Mar 12, 2025 176:45


Utah passes age verification requirement for app stores. The inside story on fake North Korean employees. Is that a Texas accent? An update on the ongoing Bybit cryptoheist saga. The industry may be making some changes in the wake of the Bybit attack. Apple pushes back legally against the UK's secret order. Did someone crack Passkeys? The UK launches a legal salvo at an innocent security researcher. The old data breach we witnessed that just keeps on giving. A bit more Bybit postmortem forensic news. A lesson to learn from a clever and effective ransomware attack. And what about that Bluetooth Backdoor discovery everyone is talking about? Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow uscloud.com joindeleteme.com/twit promo code TWIT zscaler.com/security canary.tools/twit - use code: TWIT

SN 1015: Spatial-Domain Wireless Jamming - Firefox Privacy Policy, Signal Leaving Sweden?

Play Episode Listen Later Mar 5, 2025 172:47


Firefox amends their privacy policy -- the world melts down. Signal threatens to leave Sweden. Aftermath of the massive $1.5 billion Bybit ETH heist. It turns out that it wasn't actually Bybit's fault. "The Lazarus Bounty" monitoring and management site. Mozilla's commitment to Manifest V2 (and the uBlock Origin). What does the ACM's plea for memory-safe languages mean for developers? What exactly are memory-safe languages? Australia joins the Kaspersky ban. Gmail plans to switch from SMS to QR code authentication. A SpinRite success and some fun feedback. An astonishing new technology for targeted radio jamming Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com bitwarden.com/twit veeam.com threatlocker.com for Security Now

SN 1014: FREEDOM Administration Login - Apple's UK Privacy Showdown, $1.5 Billion Crypto Heist

Play Episode Listen Later Feb 26, 2025 159:37 Transcription Available


Apple disables Advanced Data Protection for new UK users. Paying ransoms is not as cut and dried as we might imagine. Elon Musk's "X" social media blocks "Signal.me" links. Spain's soccer league blocks Cloudflare and causes a mess. Two new (and rare) vulnerabilities discovered in OpenSSH. The U.S. seems unable to evict Chinese attackers from its Telecom systems. What are those Chinese "Salt Typhoon" hackers doing to get in? The largest (by far) cryptocurrency heist in history occurred Friday. Ex-NSA head says the U.S. is falling behind on the cyber front lines. We have the winner (and a good one) replacement term for "backdoor". A look at a pathetic access control system that begs to be hacked (and will be). Show Notes - https://www.grc.com/sn/SN-1014-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security joindeleteme.com/twit promo code TWIT uscloud.com canary.tools/twit - use code: TWIT

SN 1013: Chrome Web Store is a mess - Apple Encryption in the UK, Texas Vs. DeepSeek

Play Episode Listen Later Feb 19, 2025 151:28


US lawmakers respond to the UK's outrageous demand about Apple's encryption. What, exactly, is a "backdoor", and can a "backdoor" NOT be secret? Highlights from last week's Windows' Patch Tuesday. A look into RansomHub: The latest king of the Ransomware hill. "TOAD": Telephone-Oriented Attack Delivery. The state of Texas -versus- DeepSeek. Disabling Apple's "Restricted Mode". Where did I put that $800 million in Bitcoin? A Sci-Fi author update. And a deep dive into the misoperation of Chrome's critically important Web Extension Store Show Notes - https://www.grc.com/sn/SN-1013-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.com legatosecurity.com threatlocker.com for Security Now bitwarden.com/twit vanta.com/SECURITYNOW

SN 1012: Hiding School Cyberattacks - SparkCat, Decrypting ADP, AI Fuzzing

Play Episode Listen Later Feb 12, 2025 161:26


New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores. The UK demands that Apple does the impossible: decrypting ADP cloud data. France moves forward on legislation to require backdoors to encryption. Firefox moves to 135 with a bunch of useful new features. The Five Eyes alliance publishes edge-device security guidance. Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities. Sysinternals utilities allow malicious Windows DLL injection. Google removes restrictive do-gooder language from AI application policies. "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model. Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT zscaler.com/security uscloud.com 1password.com/securitynow

SN 1011: Jailbreaking AI - Deepseek, "ROUTERS" Act, Zyxel Vulnerability

Play Episode Listen Later Feb 5, 2025 181:18


Why was DeepSeek banned by Italian authorities? What internal proprietary DeepSeek data was found online? What is "DeepSeek" anyway? Why do we care, and what does it mean? Did Microsoft just make OpenAI's strong model available for free? Google explains how generative AI can be and is being misused. An actively exploited and unpatched Zyxel router vulnerability. The new US "ROUTERS" Act. Is pirate-site blocking legislation justified or is it censorship? Russia's blocked website count tops 400,000. Microsoft adds "scareware" warnings to Edge. Bitwarden improves account security. What's still my favorite disk imaging tool? And let's take a close look into the extraction of proscribed knowledge from today's AI Show Notes - https://www.grc.com/sn/SN-1011-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now veeam.com bitwarden.com/twit

SN 1010: DNS over TLS - Record DDoS, Hackers Get Hacked

Play Episode Listen Later Jan 29, 2025 160:40


eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

SN 1009: Attacking TOTP - Force-Installed Outlook, DJI Firmware Update

Play Episode Listen Later Jan 22, 2025 187:19


What do we learn from January's record breaking 0-day critical Patch Tuesday? Microsoft to "force-install" a new Outlook into all Windows 10 and 11 desktops? GoDaddy required to get much more serious about its hosting security. More age verification enforcement is coming, including globally. What another instance of a widely exposed management interface teaches us. DJI drone's official firmware update lifts geofencing for unrestricted flight. CISA's efforts pay off with MUCH improved critical infrastructure security. Listener feedback about TOTP, HOTP and age-verification. And we take a deep dive into cracking authenticator keys Show Notes - https://www.grc.com/sn/SN-1009-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com

SN 1008: HOTP and TOTP - SyncThing, Auto-Updates, Sci-Fi Recs

Play Episode Listen Later Jan 15, 2025 169:35


Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

SN 1007: AI Training & Inference - Unencrypted Email, Doom Captcha

Play Episode Listen Later Jan 8, 2025 166:51


The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

SN 1006: Best of 2024 - Apple's Secret Backdoor, CrowdStrike Catastrophe, Recall's Privacy Nightmare

Play Episode Listen Later Dec 23, 2024 152:48


Leo revisits some of the year's top Security Now segments of 2024. 956. Apple's Hardware Backdoor: Steve reflects on the previous week's 'The Mystery of CVE-2023-38606' deep-dive. Did Apple deliberately designed a secure backdoor? 960. Unforeseen Consequences of Google's 3rd-party Cookie Cutoff: As Google moves to phase out third-party cookies, the advertising industry scrambles to find new ways to track users, potentially leading to more intrusive methods like requiring users to create accounts on websites. 961. Bitlocker: Chipped or Cracked?: A clever hacker demonstrates how BitLocker-encrypted drives can be compromised on systems using separate TPM chips, highlighting the importance of integrating TPM functionality directly into the CPU. 964. So, What Is Apple's PQ3?: Steve analyzes Apple's new "PQ3" post-quantum safe iMessaging protocol, uestioning whether it truly offers superior security compared to Signal's existing solution. 976. Recall - The 50 Gigabyte Privacy Bomb: Examining Microsoft's new "Recall" feature that records users' screens every few seconds, raising significant privacy concerns. 984. CrowdStruck: A look at the disastrous global IT outage caused by a faulty CrowdStrike Falcon update, affecting airports, hospitals, banks, and more. 1000. Steve and Leo reflect on 1000 episodes of Security Now. 1001. Artificial General Intelligence: Steve and Leo discuss the challenges in achieving artificial general intelligence (AGI) and the debate surrounding its potential timeline and societal impact. Host: Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

SN 1005: 6-Day Certificates? Why? - Android Anti-Tracking, MFA lLogin Bypass, BIMI

Play Episode Listen Later Dec 18, 2024 144:42


Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

SN 1004: A Chat with GPT - China's Telecom Hack, Microsoft Activation Cracked, Coding with ChatGPT 4o

Play Episode Listen Later Dec 11, 2024 153:05 Transcription Available


This week, Steve and Leo discuss the recent 'Salt Typhoon' hack of U.S. telecom providers by China, TPM 2.0 requirement for Windows 11, Microsoft's newly hacked Windows activation system, Apple patenting AI facial and body recognition, and much more. Steve also shares an intriguing conversation he had with the ChatGPT 4o AI system while working on an update to GRC's DNS Benchmark tool. All telecom providers have been hacked and may still not be safe to use. So now the government is recommending that we use our own encrypted communications. The plan to obsolete all non-TPM 2.0 PCs remains well underway. Microsoft must be feeling the heat, so they're taking time to not apologize. Whoops. Microsoft's product activation system has been fully hacked. All Windows and Office products may now be easily activated without any licensing. Here come the AI patents. Apple patents AI recognizing people by what they're wearing after earlier seeing their faces and noting what they're wearing. Zoom wasn't encrypting their early video conferencing. They're still trying to get out from under the mess their lies created for them. AWS introduces physical data terminal locations where users can go to perform massive data transfers to and from the cloud. The FTC has set its sights on data brokers. Let's hope something comes of it. GRC's email finally gets BIMI. (Can you see the Ruby-G logo?) Lot's a terrific listener feedback about authenticator policy, a new and free point-to-point link service, Tor's "Snowflake", linking PCs and Smartphones, and even recharging spent SodaStream canisters. Then we look at a recent conversation Steve had with "ChatGPT 4o with canvas" and the new plan that resulted Show Notes - https://www.grc.com/sn/SN-1004-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT bitwarden.com/twit

SN 1003: A Light-Day Away - Digital Epileptic Seizures, Tor Needs You, Zello Password Panic, Wireguard's Open Port Debate

Play Episode Listen Later Dec 4, 2024 138:12 Transcription Available


Steve Gibson and Leo Laporte discuss Microsoft's clarification about AI training data usage, a fascinating breakthrough in understanding autonomous vehicle vulnerabilities, and an urgent call for help from the Tor Network. The show culminates in an in-depth exploration of NASA's incredible Voyager 1 mission, which continues to communicate with Earth from nearly a light-day away despite increasing technical challenges. • Microsoft clarifies they are NOT using customer data from Office apps to train AI models • "Digital epileptic seizures" caused by flashing emergency vehicle lights can confuse automated driving systems, posing crash risks • Tor Network issues urgent call for volunteers to run new WebTunnel bridges to circumvent censorship in Russia • Zello asks its 140 million users to change passwords as a precautionary measure, hinting at a possible data breach • FTC opens broad antitrust investigation into Microsoft's business practices across software, cloud, cybersecurity, and AI • New Android scareware tactic simulates a seriously cracked and malfunctioning smartphone screen • Steve argues it's likely safe to leave Wireguard VPN ports open, but he prefers not to out of an abundance of caution • Research shows AI training on AI-generated content can lead to homogeneity and loss of diversity in outputs • Australia passes world-first law banning children under 16 from social media, with hefty fines for non-compliant platforms • NASA's Voyager 1 probe, nearly a light-day from Earth, resumes operations after a communications scare but faces mounting technical challenges as it nears the end of its life Show Notes - https://www.grc.com/sn/SN-1003-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT bitwarden.com/twit

SN 1002: Disconnected Experiences - 'Nearest Neighbor' Attack, Repo Swatting, the Return of Recall

Play Episode Listen Later Nov 27, 2024 152:04


What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

SN 1001: Artificial General Intelligence (AGI) - Gmail Temp Addresses, Russia's Internet Off Switch

Play Episode Listen Later Nov 20, 2024 145:09


How Microsoft lured the US Government into a far deeper and expensive dependency upon its cybersecurity solutions. Gmail to offer native throwaway email aliases like Apple and Mozilla. Russia to ban several additional hosting companies and give its big Internet disconnect switch another test. Russia uses a diabolical Windows flaw to attack Ukrainians. The value of old Security Now episodes. TrueCrypt's successor. Using Cloudflare's Tunnel service for remote network access. How to make a local server appear to be on a remote public IP. How to share an 'impossible to type' password with someone. How to find obscure previous references in the Security Now podcast. What are the parameters for the expected and widely anticipated next generation Artificial General Intelligence (AGI)? What do those in the industry and academia expect? And is OpenAI's Sam Altman completely nuts for predicting it next year? Is it just a stock ploy? Show Notes - https://www.grc.com/sn/SN-1001-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bigid.com/securitynow joindeleteme.com/twit promo code TWIT 1password.com/securitynow canary.tools/twit - use code: TWIT

SN 1000: One Thousand - Windows Server 2025, Malicious Python Typos

Play Episode Listen Later Nov 13, 2024 137:43


Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

SN 999: AI Vulnerability Discovery - RT's AI TV Hosts, Windows 10 Updates

Play Episode Listen Later Nov 6, 2024 113:05


Google's record-breaking fine by Russia. (How many 0's is that?) RT's editor-in-chief admits that their TV hosts are AI-generated. Windows 10 security updates set to end next October... or are they? When a good Chrome extension goes bad. Windows .RDP launch config files. What could possibly go wrong? Firefox 132 just received some new features. Chinese security cameras being removed from the UK. I know YOU wouldn't fall for this social engineering attack. What's GRC's next semi-commercial product going to be? And what's the prospect for AI being used to analyze code to eliminate security vulnerabilities? Show Notes - https://www.grc.com/sn/SN-999-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow Melissa.com/twit

SN 998: The Endless Journey to IPv6 - AI-Driven Encryption, Session Messenger, IPv6

Play Episode Listen Later Oct 30, 2024 173:56 Transcription Available


Apple proposes 45-day maximum certificate life. SEC fines four companies for downplaying their SolarWinds attack severity. Google adds 5 new features to Messenger including inappropriate content. Does AI-driven local device-side filtering resolve the encryption dilemma forever? The very nice looking "Session" messenger leaves Australia for Switzerland. Another quick look at the question of the EU's software liability moves. Fake North Korean employees WERE found to install backdoor malware. How to speed up an SSD without using SpinRite. Using ChatGPT to review and suggest improvements in code. And Internet governance has been trying to move the Internet to IPv6 for the past 25 years, but the Internet just doesn't want to go. Why not? And will it ever? Show Notes - https://www.grc.com/sn/SN-998-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT e-e.com/twit threatlocker.com for Security Now 1password.com/securitynow

SN 997: Credential Exchange Protocol - DJI Sues DoD, Quantum Vs. RSA, Lost MS Logs

Play Episode Listen Later Oct 23, 2024 138:35


Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chinese drone company DJI has sued the DoJ over its ban on DJI's drones. The DoJ wishes to acquire "DeepFake" technology to create fake people. Microsoft has bots pretending to fall for phishing campaigns, then leading the bad guys to their honeypots. It's diabolical and brilliant. A bit of BIMI logo follow-up, then... A look at the operation of the FIDO Alliance's forthcoming Credential Exchange Protocol which promises to create passkey collection portability Show Notes - https://www.grc.com/sn/SN-997-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now flashpoint.io lookout.com bitwarden.com/twit

SN 996: BIMI (up Scotty) - NPD Goes Broke, Firefox Under Attack, .io

Play Episode Listen Later Oct 16, 2024 152:24


uBlock Origin to the rescue National Public Data files for bankruptcy Will the .IO top level domain be disappearing? Patch Tuesday Firefox under attack Miscellany Sci-Fi The Sequence uBlock Origin Eero Routers Pep Link Router BIMI (up Scotty) Show Notes - https://www.grc.com/sn/SN-996-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1password.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW

SN 995: uBlock Origin & Manifest V3 - DDoS Record, N. Korean Workers, Vitamin D

Play Episode Listen Later Oct 9, 2024 155:21


Facebook's parent Meta not hashing passwords A New, forthcoming PayPal default opts their users into merchant data sharing DDoS breaks another record Speaking of these ASUS routers Do you know who you're hiring? Vitamin D The CUPS vulnerablility Routers for normal people uBlock Origin & Manifest V3 Show Notes: https://www.grc.com/sn/SN-995-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit Melissa.com/twit threatlocker.com for Security Now flashpoint.io

SN 994: Recall's Re-Rollout - Domain Security, Tor + Tails, VLC Update

Play Episode Listen Later Oct 2, 2024 136:22


The Linux remote code execution flaw The CRUCIAL importance of Domain Control Security Roskomnadzor strikes a discordant note VLC gets a security update Tor and Tails Merge Telegram changes its long-standing "zero cooperation" policy Enshittification Bobiverse book 5 Windows 10 notifications Experian woes Nuevomailer SpinRite Peter F. Hamilton Recall's Re-Rollout Show Notes - https://www.grc.com/sn/SN-994-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit joindeleteme.com/twit promo code TWIT threatlocker.com for Security Now

SN 993: Kaspersky exits the U.S. - Exploding Pagers, Passkeys in Chrome

Play Episode Listen Later Sep 25, 2024 147:05


The case of the exploding pagers and walkie-talkies "Ford seeks patent for tech that listens to driver conversations to serve ads" Another large chunk of personal data exposed Passkeys takes a big step forward: Now supported by Chrome A nascent 9.9 Linux Unauthenticated RCE? Freezing Credit Credit Bureaus Drobo 5N SN email labeled as spam Public Wi-fi saftey SN for Certs Windows Defender Kaspersky exits the U.S. Show Notes - https://www.grc.com/sn/SN-993-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT code SN100 canary.tools/twit - use code: TWIT bigid.com/securitynow e-e.com/twit

SN 992: Password Manager Injection Attacks - Aging Media, Naval Starlink, adam:ONE

Play Episode Listen Later Sep 18, 2024 143:39


Windows Endpoint Security Ecosystem Summit Aging storage media does NOT last forever How Navy chiefs conspired to get themselves illegal warship Wi-Fi adam:ONE named the #1 best Secure Access Service Edge (SASE) solution AI Talk Password Manager Injection Attacks Show Notes - https://www.grc.com/sn/SN-992-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT 1password.com/securitynow vanta.com/SECURITYNOW

SN 991: RAMBO - Cloned YubiKeys, Telegram vs. Signal, French Elevators, Unix Time

Play Episode Listen Later Sep 11, 2024 139:31


Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-991-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: flashpoint.io bigid.com/securitynow Melissa.com/twit bitwarden.com/twit

SN 990: Is Telegram an Encrypted App? - CrowdStrike Exodus, DDoS-as-a-Service, 'Active Listening' Ad Tech?

Play Episode Listen Later Sep 4, 2024 129:19


Telegram puts End-to-End Privacy in the Crosshairs Free security logging is good for everyone CrowdStrike hemorrhaging customers Microsoft to meet privately with EDR (Endpoint Detection & Response) vendors Yelp's Unhappy with Google Telegram as the hotbed for DDoSass – DDoS as a Service Chrome grows more difficult to exploit Cox Media Group's "Active Listening" has apparently not ended Cascading Bloom Filter follow-up Closing the Loop Is Telegram an encrypted app? Show Notes - https://www.grc.com/sn/SN-990-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bigid.com/securitynow threatlocker.com for Security Now vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT

SN 989: Cascading Bloom Filters - Key Card Backdoors, Fake Cisco Gear

Play Episode Listen Later Aug 28, 2024 130:05 Transcription Available


CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

SN 988: National Public Data - Big Patch Tuesday, The Biggest Data Breach

Play Episode Listen Later Aug 21, 2024 134:24


Revocation Update GRC's next experiment Patch Tuesday "The Famous Computer Café" IsBootSecure GRC Email Working through WiFi Firewalls Transferring DNS OCSP attestation vs. TLS expiration Platform key expiration National Public Data Show Notes - https://www.grc.com/sn/SN-988-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit vanta.com/SECURITYNOW threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT

SN 987: Rethinking Revocation - SinkClose, IsBootSecure, Another Bad RCE

Play Episode Listen Later Aug 14, 2024


Sitting Ducks DNS attack A Bad RCE in another Microsoft server SinkClose The CLFS.SYS BSoD IsBootSecure Rethinking Revocation Show Notes - https://www.grc.com/sn/SN-987-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT bigid.com/securitynow vanta.com/SECURITYNOW 1password.com/securitynow

Claim Security Now (MP3)

In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

Claim Cancel