Detailed
Compact
Art
Reverse
November 13, 2019
CheckM8 & Checkra.in moves to first public betaThe case of the misbehaving transducerBlueKeep and MicrosoftBlueKeep and BSODsBlueKeep and Marcus HutchinsMozilla on DoH -vs- COMCASTYet another approach for solving the problem of certificate revocation within a more limited scope.We invite you to read our show notes at https://www.grc.com/sn/SN-740-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT FreshBooks.com/securitynow canary.tools/twit - use code: TWIT
November 6, 2019
October's Windows Patch Tuesday BROKE Windows' ability to connect to a significant number of the Internet's websites. Here's how to fix it.Chrome 78 disables Code Integrity Check to mitigate "Aw Snap!" crashes."Chrome 78 patches a Chrome 0-day which had been discovered by Kaspersky being exploited in the wild."News from the Edge: the first Chromium-based Microsoft Edge Stable Release Candidate.Microarchitectural Data Sampling Vulnerabilities.Trouble for QNAP NAS devices exposed to the Internet.MSP's -- Managed Service Providers -- are a major vector for ransomware delivery.Five months after returning a rental car, man still has the remote control.Chinese-made drones in the US are being grounded.The DNS-over-HTTPS (DoH) controversy.BlueKeep-based attacks have finally started, and what we predicted on this podcast has finally happened.We invite you to read our show notes at https://www.grc.com/sn/SN-739-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow LastPass.com/twit securitynow.cachefly.com
October 30, 2019
This Week's Stories3rd-party antivirus strikes againWindows Defender offline scanAdobe databases hackedJohannesburg hit by ransomwareFirefox's anti-tracking effectivenessBad new PHP/NGINX RCE being exploited in the wildGoodbye SMS (maybe kinda) Hello RCS?Forced Password DisclosureWe invite you to read our show notes: https://www.grc.com/sn/SN-738-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow WWT.COM/TWIT ECHOSEC.NET/SECURITYNOW
October 23, 2019
Pixel 4 Face Unlock is so easy you can do it with your eyes closed! Samsung Galaxy S10 and Note 10 fingerprint sensor can be foiled with a $3 screen protector. The frenzy to turn CheckM8 into a consumer-friendly iOS jailbreak. Steganography finds a new host file format. Security display changes are coming to Firefox 70. More on Microsoft's open source "ElectionGuard" election security system. A potentially serious flaw found in Realtek WiFi drivers. Yubikey for local Windows login has been officially released. We invite you to read our show notes at https://www.grc.com/sn/SN-737-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow expressvpn.com/securitynow
October 16, 2019
This week's storiesA sobering reminder about supply chain attacksFacebook's stance on end-to-end encryption raises official protestsUNIX's Co-Creator Ken Thompson's BSD UNIX Password Has Finally Been CrackedJapanese stalker finds idol using reflections in her eyesAmericans and Digital KnowledgeOpenPGP being built into Mozilla's Thunderbird eMail clientWindows 10 Tamper Protection being enabled by defaultCheckM8We invite you to read our show notes at https://www.grc.com/sn/SN-736-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ECHOSEC.NET/TWIT go.itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT
October 9, 2019
Ransomware hits schools, hospitals, and hearing aid manufacturers Sodinokibi: the latest advances in Ransomware-as-a-Service Win7 Extended Security Updates are extended A new Nasty 0-Day RCE in vBulletin There's a new WannaCry in townWe invite you to read our show notes at https://www.grc.com/sn/SN-735-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit WWT.COM/TWIT ZipRecruiter.com/securitynow
October 2, 2019
This Week's StoriesThe latest state-of-the-art secure solutions for cross-device, cross-location device synchronizationMozilla's recently announced plans to gradually and carefully bring DNS-over-HTTPS to all Firefox users in the USThe EFF weighs in on DNS-over-HTTPSThe 100% free VPN offering coming from our friends at CloudflareWe invite you to read our show notes at https://www.grc.com/sn/SN-734-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: FreshBooks.com/securitynow securitynow.cachefly.com LastPass.com/twit
September 25, 2019
This Week's Stories:Cryptomining makes a comebackThe top three most attacked portsSmall office/home office (SOHO) routers and wireless access points: "SOHOpelessly Broken"Chrome gets an emergency update, to 77.0.3865.902019 CWE Top 25 Most Dangerous Software ErrorsWe invite you to read our show notes at https://www.grc.com/sn/SN-733-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow Wasabi.com offer code SecurityNow expressvpn.com/securitynow
September 18, 2019
This Week's StoriesSIMjacker allows attackers to hijack any phone just by sending it an SMS message.Here comes iOS "Lucky" 13!Chrome follows Mozilla to DoH with a twist.Want to enable DoH in Chrome right now? You can, right now, if you wish.Chrome stops showing Extended Validation certs in the URL bar.Mozilla launches 'Firefox Private Network' VPN service as a browser extension.Windows Patch Tuesday reduxChrome Remote DesktopEXIM eMail servers are in trouble again.We invite you to read our show notes at https://www.grc.com/sn/SN-732-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT thehelm.com/SECURITYNOW go.itpro.tv/securitynow promo code SN30
September 10, 2019
This week's stories:Get rich quick spotting deepfakes!A forced two-day recess of all schools in Flagstaff, ArizonaThe case of a ransomware operator being too greedyApple's controversial response to Google's discovery of Chinese iOS hacksZerodium's new payout schedule and what it might mean.The final full public disclosure of BlueKeep exploitation codeSerious PHP flaws, some potentially serious flaws foundWe invite you to read our show notes at https://www.grc.com/sn/SN-731-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT FreshBooks.com/securitynow redhat.com/heroes
September 4, 2019
This Week's Stories:Google expands its bug bounty programNew bug bounty millionairesGoogle's Project Zero group dropped a bomb on iOSRansomware attacks on local governments and businesses are on the riseWe invite you to read our show notes at https://www.grc.com/sn/SN-730-Notes.pdf If you're in Boston on October 3rd, join LastPass and TWiT.tv for the Cybersecurity & Identity Trends, Unlocked event. Sign up at http://twit.to/unlocked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securitynow.cachefly.com LastPass.com/twit ZipRecruiter.com/securitynow
August 28, 2019
• Texas Ransomware Update• Remember that Kazakhstan cert?• The mixed-blessing of "wide open" source projects• RubyGems is in trouble again• Chrome to add data breach notification• iOS v12.4 updated quickly to 12.4.1• Next-gen ad privacyWe invite you to read our show notes at https://www.grc.com/sn/SN-729-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow Wasabi.com offer code SecurityNow WWT.COM/TWIT
August 21, 2019
• Last Tuesday was another busy and important patch Tuesday• And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again!• Kaspersky facilitates independent web tracking• So, what the heck is "CTF" ??• 23 Government agencies in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th• RIP, EV: The coming demise of Extended Validation (EV) certificates• And... So long FTP!• HTTP/2 goes to the Movies• "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR"We invite you to read our show notes at https://www.grc.com/sn/SN-728-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: thehelm.com/SECURITYNOW netscout.com
August 14, 2019
This Week's StoriesBlackHat and Def Con 2019Microsoft dangles $300,000 for Azure hacks at BlackHat...Hotel chaos from Germany's Chaos Computer Club40 dangerous driversGoogle's battle to allow its Incognito users' Incognitoness to be IncognitoMicrosoft ranks the industry's top bug huntersApple bumps its bountiesWe invite you to read our show notes at https://www.grc.com/sn/SN-727-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: go.itpro.tv/securitynow promo code SN30 WWT.COM/TWIT canary.tools/twit - use code: TWIT
August 7, 2019
This week's stories• A widespread false alarm about Facebook's planned subversion of end-to-end encryption• Still more municipality Ransomware attacks• Anti-encryption saber rattling among the Five Eyes nations• Microsoft's discovery of Russian-backed IoT compromise• Chrome 76's changes• Black Hat and Def Con preview• The challenge of synchronizing a working set of files between two locations We invite you to read our show notes at https://www.grc.com/sn/SN-726-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com netscout.com
July 31, 2019
This Week's StoriesMarcus Hutchins ... is Free!U.S. Attorney General Bill Barr on "warrant proof data encryption"What malware is the most popular underground?This Week in RansomwareYour NAS is Grass!11 vulnerabilities in VxWorks' TCP/IP stack We invite you to read our show notes at https://www.grc.com/sn/SN-725-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow netscout.com
July 24, 2019
This Week's StoriesWelcome to Kazakhstan! Please check your privacy at the border.Mozilla marking all non-HTTPS pages as "not secure"Chrome Incognito Mode getting a bit more incognitoA forthcoming "super Incognito mode" for FirefoxRust-TLS outperforms OpenSSL in nearly every wayMicrosoft announces "ElectionGuard" during last week's Aspen Security ForumProFTPD Server is wide open to remote compromiseSophos: "RDP exposed: the wolves already at your door"We invite you to read our show notes at https://www.grc.com/sn/SN-724-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT expressvpn.com/securitynow
July 17, 2019
Bullet points from last Tuesday's monthly Windows patches as wellNotes from the end of Windows 7Laporte County Under Ransomware AttackThe mixed blessing of fining companies for self-reportingA survey of enterprise malware headachesSome Mozilla/ Firefox newsAnother (kinda obvious) way of exfiltrating information from a PCDNS EncryptionWe invite you to read our show notes at https://www.grc.com/sn/SN-723-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: netscout.com go.itpro.tv/securitynow promo code SN30 thehelm.com/SECURITYNOW
July 10, 2019
This Week's StoriesMozilla's privacy-enhancing DNS over HTTPS supportFacial recognition and automobile license plate scannersThe future of satellite-based Internet servicesHow a Ruby code repository was hackedThe UK GCHQ's proposal for adding "ghost" participants into private conversationsWe invite you to read our show notes at https://www.grc.com/sn/SN-722-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: redhat.com/heroes canary.tools/twit - use code: TWIT WWT.COM/TWIT
July 3, 2019
Ransomware in Florida and elsewhereThe "Going Dark" anti-encryption debateA BlueKeep Proof of Concept demo produced by the guys at SophosLabsMassive publicly-exposed databasesChinese IoT manufacturer logs a million+ customer devices into a 2+ billion record publicly-exposed databaseThe dilemma we have with the utter lack of oversight and control over our own IoT devicesWe invite you to read our show notes at https://www.grc.com/sn/SN-721-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com Wasabi.com offer code SecurityNow
June 26, 2019
Update on the Linux TCP SACK Kernel panicHackers exploit a Firefox flaw and attack CoinbaseGoogle corrects a flaw with NestcamAn elegant solution to OpenSSH key theft via Rowhammer attacksUpdate on the BlueKeep RDP vulnerabilityVerizon's negligence caused a major Cloudflare and Amazon customer outageNASA was infected by an APT for more than a yearShould you pay ransomware?Microsoft's Chromium-based Edge browser updateThe state of the commercial Bug Bounty BusinessWe invite you to read our show notes at https://www.grc.com/sn/SN-720-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Atlassian.com/teams/it thehelm.com/SECURITYNOW expressvpn.com/securitynow
June 19, 2019
A new DRAM problem called "RAMBleed"A bad Linux TCP SACK server kernel crashing flawLast week's patch TuesdayA Bluetooth surpriseAnother useless warning about the BlueKeep vulnerabilityMicrosoft misses a 90-day Tavis Ormandy deadlineGood news about GandCrab wrap upYubico's entropy mistakePost-announce SQRL newsOur favorite iOS security appAttacks on Exim mail servers and other pending disastersWe invite you to read our show notes at https://www.grc.com/sn/SN-719-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: pulseway.com/twit Wasabi.com offer code SecurityNow canary.tools/twit - use code: TWIT
June 12, 2019
SandboxEscaper drops another 0-dayThe still-not-yet-widely-exploited BlueKeep vulnerabilityGoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep)The FBI issued an interesting advisory about not trusting secure sites just because they're secureVLC receives 33 security bug fixesMicrosoft's Edge browser takes another step forwardMozilla reorganizesMUST HAVE utility of the week: DNS Query SnifferThe first formal full release of SQRLAnyone running an Exim mail server needs to update immediately!We invite you to read our show notes at https://www.grc.com/sn/SN-718-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT Atlassian.com/teams/it go.itpro.tv/securitynow promo code SN30
June 5, 2019
Checking in on the BlueKeep RDP vulnerabilityThe planned shutdown of one of the most "successful" affiliate-based ransomware systemsAn update on the anti-Robocalling problemRussian and Chinese militaries plan to quit using WindowsApple's announcement yesterday of their forthcoming "Sign in with Apple" serviceThe Nansh0u campaign, apparently sourced from China, has successfully compromised many tens of thousands of servers exposed to the Internet.We invite you to read our show notes at https://www.grc.com/sn/SN-717-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securitynow.cachefly.com Jobs LastPass.com/twit
    15
    15
      0:00:00 / 0:00:00