Security Now 2020
Security Now 2020
TWiT
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Winner of the 2009 and 2007 people's choice award for best Technology/Science podcast. Records live at https://twit.tv/live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
SN 799: SunBurst & SuperNova
This week, as we end 2020, we look at Chrome's backing away from a security initiative, Firefox's move to further thwart tracking, all of the browsers once again saying “No!” to Kazakhstan, the formation of a new industry-wide Ransomware Task Force, this week's widespread WordPress security disaster, the return of Treck's insecure embedded TCP/IP stack, and yes... finally, the long awaited announcement of the release of the ReadSpeed benchmark which serves as a testbed and proof-of-operation for the next generation of SpinRite. And then we look at everything more that has come to light three weeks downstream from the first revelations of the SolarWinds-based massively widespread network intrusion and compromise.
Dec 29, 2020
1 hr 36 min
SN 798: The Best of 2020
This week is our annual holiday best of the year wrap up.
Dec 22, 2020
1 hr 13 min
SN 797: SolarWinds
This week is crammed with news leading up to our holiday break. Chrome is throttling ads. There's new cross-browser as insertion malware. We have a new term in the ransomware world. We have last week's Patch Tuesday, a jaw-dropping policy leak from Microsoft, trouble for Cisco's Jabber, an embarrassing vulnerability in many D-Link VPN servers, the brief Google outage, more horrific news of IoT network stack vulnerabilities, another WordPress mess, the 2020 Pwnie Awards, the welcome end-of-life of Flash, JavaScript's 25th birthday and free instruction classes, a bit of closing the loop, and SpinRite news. Then we take a full reconnaissance dive into what happened with the monumental and in so many ways horrific SolarWinds supply chain security breach.
Dec 15, 2020
1 hr 53 min
SN 796: Amazon Sidewalk
At the beginning of this podcast, you're going to receive some details about another update to Chrome, and news of a few new high-profile ransomware victims. You'll learn about a breathtaking, remotely exploitable zero-click complete iPhone security compromise, as well as another significant big step forward for DNS privacy beyond DoH. We'll explain the nature of another serious and probably lingering problem within many Android apps. I have a few interesting bits of miscellany and SpinRite news to share. And before this is over, you will have obtained a full working sense for exactly what it is that Amazon has created and why, with their Amazon Sidewalk neighborhood IoT network concept, coming soon to all of your Amazon devices.
Dec 8, 2020
1 hr 52 min
SN 795: DNS Consolidation
This week we look at a couple of new and forthcoming Chrome features. I'll quickly run though some new and notable ransomware casualties, including a couple of follow-ups. We'll look at a critical flaw in the Drupal content management system, the big trouble with generic smart doorbells, an interesting attack on Tesla Model X key fobs, CA's adaptation to single-year browser certs, several instances of leaked credential archives, a critical RCE in a major MDM server, a bit about the Salvation Trilogy, and some extremely promising news about SpinRite's future. Then we'll wrap up by taking a look at the consequences of the increasing consolidation of DNS service providers. It's not good if staying on the Internet is important to you.
Dec 1, 2020
1 hr 46 min
SN 794: Cicada
This week we have a bunch of news on both the Chrome and Firefox fronts with patches, updates, and new features. We have a comical bit of news from the ransomware front, and more troubling ongoing WordPress attack specifics, including a weird eCommerce site spoofing attack. We look at the future consequences of ongoing vulnerability announcements coupled with their very incomplete patching, and Android's bold move right into the middle of the unbreakable end-to-end encryption controversy. And then we'll conclude with a look at a large, multiyear (as in 11-year) advanced very-persistent threat state-based attack perpetrator known as "Cicada."
Nov 25, 2020
1 hr 33 min
SN 793: SAD DNS
This week the Chrome zero-days just keep on coming, and we contemplate what it means for the future. We have two interesting bits of ransomware meta news including a new tactic. We update after last week's Super Tuesday patch marathon, and examine new research into the most common source of Android malware to see where most unwanted apps come from and it's not what we would likely guess. We'll share a bit of listener feedback and an update on my work on SpinRite. Then we look at the new "SAD DNS" attack which successfully regresses us 12 years in DNS cache poisoning and spoofing attack prevention.
Nov 17, 2020
1 hr 40 min
SN 792: “Slipstream” NAT Firewall Bypass
This week we look at the dilemma of Let's Encrypt's coming root expiration, new Chrome and Apple zero-day vulnerabilities, some new high-profile ransomware victims, China's Tianfu Cup pwning competition, the retirement of a PC industry insider, the continuing Great Encryption Dilemma, police monitoring of consumers' video, more ongoing pain for WordPress, a note about a sci-fi book event one week from now, and Samy Kamkar's tricky Slipstream attack and its mitigations.
Nov 10, 2020
1 hr 38 min
SN 791: Chrome's Root Program
This week we examine a serious newly revealed Windows zero-day flaw, a public service reminder from Microsoft, Google's newly announced plan to get into the VPN service business, CERT's unappealing plan for automatic vulnerability naming, and a real mess that WordPress just made of an incremental security update to 455 million sites. Then we'll close a loop, I'll update about SpinRite, and we'll finish by examining Google's new plan to go their own way with a new Chromium browser certificate Root Store.
Nov 3, 2020
1 hr 29 min
SN 790: The 25 Most Attacked Vulnerabilities
This week we examine a recently patched zero-day in Chrome and a nice new feature in that browser. We look at the site isolation coming soon to Firefox, and Microsoft's announcement of Edge for Linux. We have some movement in the further deprecation of Internet Explorer, and a potentially massive SQL injection attack that was recently dodged by more than one million WordPress sites, despite the fact that some admins complained. Then we have a bit of miscellany, closing-the-loop feedback, and an update on my work on SpinRite. We end by looking at the NSA's recently published list of the top 25 network vulnerabilities being used by malicious Chinese state actors to attack U.S. assets.
Oct 27, 2020
1 hr 28 min
Load more