Detailed
Compact
Art
Reverse
July 1, 2020
Congress wants to kill encryption & face recognition.New information about Ripple20The Facial Recognition and Biometric Technology Moratorium Act wants to kill face recognitionThe Lawful Access to Encrypted Data Act wants to kill encryptionMichigan State's legislative House passed the "Microchip Protection Act"Apple forces the industry down to one-year web browser certificate lifespansSafari to eschew 16 new web API's for the sake of user privacyApple also got on the DoH & DoT bandwagonMozilla + Comcast + DoH: Strange BedfellowsDon't forget about VirusTotalWe invite you to read our show notes at https://www.grc.com/sn/SN-773-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit OpenShift.com/SecurityNow expressvpn.com/securitynow
June 24, 2020
Zoom encryption, Windows 10 printer error.Ripple20: a set of 19 TCP/IP vulnerabilities that could let remote attackers gain control over your deviceRussian government lifts its failed ban on TelegramZoom: everybody gets optional end to end encryptionGoogle removed 106 malicious Chrome extensions collecting sensitive user dataWindows 10 update breaks printingVLC Media Player 3.0.11 fixes severe remote code execution flawNetgear in the doghouseDDoS is alive and well... and growingHow to get the new Edge for Windows 7We invite you to read our show notes at https://www.grc.com/sn/SN-772-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GetRoman.com/SECURITYNOW extrahop.com/SECURITYNOW Wasabi.com offer code SECURITYNOW
June 17, 2020
Windows update kills printers & SSDs.Lamphone: eavesdrop on a hanging lightbulbBrave Browser caught and chastised for tweaking user-entered URLs for its benefitMicrosoft breaks its own record for Patch Tuesday patchesTFW Windows 10 loses your printer portLast week;s Patch Tuesday broke ALL PRINTING (even to PDFs) for many users. Fix won't come for a monthWindows 10 2004 update is messing up SSDs and non-SSDsSMBleedSubject: Your Site Has Been HackedAuthentic database ransom attacksAnother side-channel attack on Intel chipsWe invite you to read our show notes at https://www.grc.com/sn/SN-771-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow WWT.COM/TWIT
June 10, 2020
Zoom's end-to-end encryption fail.Zoom will offer end-to-end encryption, but only if you pay for itIBM announces no more work on facial recognitionThe Odd Case of Mozilla's DoH DDoSCisco's Talos group found two critical flaws in the Zoom clientCallStranger UPnP bug has tech press in a tizzyMicrosoft has started to replace old Edge with new EdgeWe invite you to read our show notes at https://www.grc.com/sn/SN-770-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
June 3, 2020
Zoom gets end-to-end encryption. ACLU takes Clearview to court, but maybe they should worry about their own website firstThe state of drive-by malvertising downloadsGoogle will be bad listing notification abusing sitesWho else is doing the eBay-like ThreatMetrix port scanning?Facebook to require identity verification for high impact postersGoogle Messaging is apparently heading toward E2EEThe return of a much more worrisome StrandHoggThe SHA-1 hash to finally be dropped from OpenSSHWhat happens when you fuzz USB?Zoom's end-to-end encryption designWe invite you to read our show notes at https://www.grc.com/sn/SN-769-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow WWT.COM/TWIT LastPass.com/twit
May 27, 2020
Contact tracing apps are not going to work.Why contact tracing apps are never going to workUnc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice!Firefox 77 picks up a nifty new security trickNew features in Chrome 83: cookie management, "Safety Check," blocking third-party cookies by default in Incognito mode, and "Tab Groups"Adobe rushes out four out-of-cycle emergency updates to fix security flawsZerodium temporarily stops buying iOS remote code execution vulnerabilitiesThe NXNS Attack: A group of cybersecurity researchers in Israeli have responsibly disclosed details about a new way they worked out of using the Internet's domain name resolution system to hugely amplify (by a factor of at least 1620 packets) a DDoS attack to take down targeted websites.BIAS - Bluetooth Impersonation AttackS is nothing less than a complete collapse of Bluetooth security.Is eBay port scanning its user's computers? Kinda.Security Now trivia: Steve Gibson helped develop the Speak & Spell! It did voice synthesis with only a 4K bits (0.5K bytes) processor.We invite you to read our show notes at https://www.grc.com/sn/SN-768-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow Wasabi.com offer code SECURITYNOW extrahop.com/SECURITYNOW
May 20, 2020
WiFI 6, Apple vs. FBI, face masks.Last Tuesday's Windows patch Tuesday was the not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were rated CRITICAL and all but one of which enabled Remote Code Execution by an attacker.The DOJ and FBI again criticize Apple over encryptionWhen is a fix not a fix?Face masks have thwarted the London police's LFR rolloutUtah chooses to roll their own contact tracing appEverything you need to know about WiFi 6We invite you to read our show notes at https://www.grc.com/sn/SN-767-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT canary.tools/twit - use code: TWIT
May 12, 2020
Thunderbolt security flaw, Zoom buys Keybase. Why the ThunderSpy Thunderbolt security flaw is such a big dealZoom purchases Keybase to fix encryptionFirefox 76 released with new featuresBut Firefox 76 broke Amazon's Assistant!Hallelujah!! Edge moves to silence those annoying notification requests.Critical WordPress plugin bugs present on over one million sitesCritical vBulletin patchSamsung has patched a CRITICAL bug affecting the past 6 years of SmartphonesDefCon and Black Hat 2020 go virtualWe invite you to read our show notes at https://www.grc.com/sn/SN-766-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: manscaped.com code SECURITYNOW itpro.tv/securitynow promo code SN30
May 6, 2020
China wants to rebuild the Internet.China's proposal to rebuild the internet is an authoritarian nightmareBruce Schneier on COVID-19 Contact Tracing AppsPolitical Correctness hits cybersecurityDHS's CISA says no to 3rd-party DoH"POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers"An authorization bypass in SaltStackAdobe's Big Last Tuesday, Non-Patch Tuesday, UpdateGoogle has announced its impending clean-up of the Chrome Web StoreWarning about RDP is not crying wolfWe invite you to read our show notes at https://www.grc.com/sn/SN-765-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit WWT.COM/TWIT barracuda.com/securitynow
May 6, 2020
China wants to rebuild the Internet.China's proposal to rebuild the internet is an authoritarian nightmareBruce Schneier on COVID-19 Contact Tracing AppsPolitical Correctness hits cybersecurityDHS's CISA says no to 3rd-party DoH"POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers"An authorization bypass in SaltStackAdobe's Big Last Tuesday, Non-Patch Tuesday, UpdateGoogle has announced its impending clean-up of the Chrome Web StoreWarning about RDP is not crying wolfWe invite you to read our show notes at https://www.grc.com/sn/SN-765-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit WWT.COM/TWIT barracuda.com/securitynow
April 28, 2020
Apple/Google Contact Tracing, Best VPNs to protect you.Apple/Google Contact Tracing UpdateiOS 0-Day Alert! Update Apple MailBest VPNs to protect you from the Five EyesTypoSquatting attacksVitamin D linked to COVID-19 mortalityResource Public Key InfrastructureHow BGP can break the InternetWe invite you to read our show notes at https://www.grc.com/sn/SN-764-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SECURITYNOW expressvpn.com/securitynow
April 28, 2020
Apple/Google Contact Tracing, Best VPNs to protect you.Apple/Google Contact Tracing UpdateiOS 0-Day Alert! Update Apple MailBest VPNs to protect you from the Five EyesTypoSquatting attacksVitamin D linked to COVID-19 mortalityResource Public Key InfrastructureHow BGP can break the InternetWe invite you to read our show notes at https://www.grc.com/sn/SN-764-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SECURITYNOW expressvpn.com/securitynow
April 22, 2020
Zoom Fixes Security, EARN IT is Evil, Tor in TroubleZoom gets big-name help with security fixesGoogle updates Chrome to v81.0.4044.113 to squash a critical flawFTP in Chrome lives another day! Google "undepreciates" FTP.Windows Patch Tuesday for April 2020 fixes 113 vulnerabilities"Basic Authentication" lives another day! Due to COVID-19, Microsoft and Google will keep "Basic Authentication" around for a little while longerEARN IT Act: call your Senator before it is too late!Tor Project fires over 1/3 of its staffCloudflare dumps Google's reCAPTCHAWe invite you to read our show notes at https://www.grc.com/sn/SN-763-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: extrahop.com/TWIT WWT.COM/TWIT
April 22, 2020
Zoom Fixes Security, EARN IT is Evil, Tor in TroubleZoom gets big-name help with security fixesGoogle updates Chrome to v81.0.4044.113 to squash a critical flawFTP in Chrome lives another day! Google "undepreciates" FTP.Windows Patch Tuesday for April 2020 fixes 113 vulnerabilities"Basic Authentication" lives another day! Due to COVID-19, Microsoft and Google will keep "Basic Authentication" around for a little while longerEARN IT Act: call your Senator before it is too late!Tor Project fires over 1/3 of its staffCloudflare dumps Google's reCAPTCHAWe invite you to read our show notes at https://www.grc.com/sn/SN-763-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: extrahop.com/TWIT WWT.COM/TWIT
April 15, 2020
Apple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of LifeApple & Google Virus Contact Tracing: secure and effectiveZoom gets another Zoom-bombing mitigation... and a Class-Action LawsuitMeanwhile, Zoom has enlisted the aid of Alex StamosZoom creates a CISO CouncilWhat's next for Zoom?Browser Security News: Chrome 81 and Firefox 75Android Apps Again in the CrosshairsSandboxie goes Open SourceRIP John Conway, creator of Conway's Game of LifeWe invite you to read our show notes at https://www.grc.com/sn/SN-762-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT
April 15, 2020
Apple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of LifeApple & Google Virus Contact Tracing: secure and effectiveZoom gets another Zoom-bombing mitigation... and a Class-Action LawsuitMeanwhile, Zoom has enlisted the aid of Alex StamosZoom creates a CISO CouncilWhat's next for Zoom?Browser Security News: Chrome 81 and Firefox 75Android Apps Again in the CrosshairsSandboxie goes Open SourceRIP John Conway, creator of Conway's Game of LifeWe invite you to read our show notes at https://www.grc.com/sn/SN-762-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT
April 8, 2020
Zoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative!Mozilla just patched a pair of CRITICAL 0-daysEight security bugs eliminated from Chrome last weekSafari gets a bunch of very important fixesChrome and Edge join Mozilla in postponing the deprecation of TLS v1.0 and v1.1Chrome team reversing themselves on the enforcement of Same Site cookiesEdge with Vertical Tabs and Smart CopyThe return of STIR & SHAKENCloudflare has added Parental Control to their 1.1.1.1 DNS serviceCloudflare's new service accidentally blocks LGBTQIA+ sitesWe invite you to read our show notes at https://www.grc.com/sn/SN-761-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT LastPass.com/twit
April 8, 2020
Zoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative!Mozilla just patched a pair of CRITICAL 0-daysEight security bugs eliminated from Chrome last weekSafari gets a bunch of very important fixesChrome and Edge join Mozilla in postponing the deprecation of TLS v1.0 and v1.1Chrome team reversing themselves on the enforcement of Same Site cookiesEdge with Vertical Tabs and Smart CopyThe return of STIR & SHAKENCloudflare has added Parental Control to their 1.1.1.1 DNS serviceCloudflare's new service accidentally blocks LGBTQIA+ sitesWe invite you to read our show notes at https://www.grc.com/sn/SN-761-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT LastPass.com/twit
April 1, 2020
iOS VPN bug, Coronavirus Folding@HomeVPN bug in iOS 13.4Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19.RDP and VPN use skyrocketingTo 'www' or not to 'www'Firefox 76 to finally stop assuming "HTTP"Google again revises its schedule for Chrome releasesMicrosoft moves to support "Shadow Stacks"Cloudflare's 1.1.1.1 DNS is audited by KPMGWe invite you to read our show notes at https://www.grc.com/sn/SN-760-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: expressvpn.com/securitynow
April 1, 2020
iOS VPN bug, Coronavirus Folding@HomeVPN bug in iOS 13.4Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19.RDP and VPN use skyrocketingTo 'www' or not to 'www'Firefox 76 to finally stop assuming "HTTP"Google again revises its schedule for Chrome releasesMicrosoft moves to support "Shadow Stacks"Cloudflare's 1.1.1.1 DNS is audited by KPMGWe invite you to read our show notes at https://www.grc.com/sn/SN-760-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: expressvpn.com/securitynow
March 24, 2020
This week's stories:Two new un-patched 0-days affecting billions of Windows users - here is the fix!Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirusA micropatch for Win7 and Server 2008Chrome's release schedule has been impacted by the coronavirusAvast emergency-disables their internal JavaScript emulatorCookieThief - "FireSheep evolves for the 21st century"PwnToOwn Spring 2020 winnersSteve's coronavirus journeyThe fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Wasabi.com offer code SECURITYNOW
March 24, 2020
This week's stories:Two new un-patched 0-days affecting billions of Windows users - here is the fix!Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirusA micropatch for Win7 and Server 2008Chrome's release schedule has been impacted by the coronavirusAvast emergency-disables their internal JavaScript emulatorCookieThief - "FireSheep evolves for the 21st century"PwnToOwn Spring 2020 winnersSteve's coronavirus journeyThe fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Wasabi.com offer code SecurityNow
March 18, 2020
This Week's Stories: Does Steve have coronavirus? Maybe? He got very sick over the weekend and is still coughing, but he couldn't get tested. Mayhem ensues after last week's Patch Tuesday List of free technology services during coronavirus, from Adobe to Zoom The state of open source vulnerabilities The "EARN IT" act is a despicable attack on encryption and freedom of speech. Please call your congressperson and tell them not to support it. The SMBGhost Fiasco Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT FreshBooks.com/securitynow WWT.COM/TWIT
March 11, 2020
This Week's Stories Microsoft, Google, LogMeIn & Cisco offer limited-time free use of telecommuting Tools Hack the Pentagon! The Android security dilemma AMD processors get some unwelcome but necessary side-channel attack scrutiny Intel also has some serious new trouble on its hands SETI@home shuts down its distributed computing project after 21 years Critical PPP daemon flaw opens most Linux systems to remote hackers FuzzBench: fuzzer benchmarking as a service Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit Melissa.com/twit itpro.tv/securitynow promo code SN30
March 11, 2020
This Week's Stories Microsoft, Google, LogMeIn & Cisco offer limited-time free use of telecommuting Tools Hack the Pentagon! The Android security dilemma AMD processors get some unwelcome but necessary side-channel attack scrutiny Intel also has some serious new trouble on its hands SETI@home shuts down its distributed computing project after 21 years Critical PPP daemon flaw opens most Linux systems to remote hackers FuzzBench: fuzzer benchmarking as a service Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit Melissa.com/twit itpro.tv/securitynow promo code SN30
March 4, 2020
This Week's Stories Lets Encrypt hits 1 BILLION certs Pakistan passes Internet censorship law Clearview AI breach: clients and searches stolen Swiss government submits criminal complaint over CIA Crypto spying scandal Ghostcat - (Apache) Tomcat Users: Update NOW! Revisiting OCSP Must Staple Kr00k: serious WiFi vulnerability affecting more than a billion devices Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit WWT.COM/TWIT expressvpn.com/securitynow
February 26, 2020
This Week's Security News: More Windows 10 lost profile pain A micropatch for the jscript.dll problem Coming in the next Feature Release (Win10 2004): optional device driver updates A new attack on 4G LTE and 5G Starting today: DoH by default on Firefox A new next-generation WebAssembly sandbox is coming first to Linux and Mac and then to Windows Chrome was just updated to close a 0-day attack Safari will only trust certificates with a validity of 398 days or less Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow plextrac.com/twit privacy.com/securitynow
February 19, 2020
TWiT Audience Survey- ENDS FEBRUARY 19TH!!!It's time for TWiT's annual audience survey and we want to hear from you! It only takes five minutes.Please visit twit.tv/survey and let us know what you think.There's no sign-up form and we don't track you. Your feedback helps us make TWiT even better."This Week's StoriesHow to fix the Windows 7 "You don't have permission to shut down this computer." errorWin10's "One Button PC Reset" fails after KB4524244.And, also... "The new disappearing User Profile problem" (Desktop and all user data) The popular "GDPR Cookie Consent" Wordpress plugin had a critical flawWhoa! The average tenure of a CISO is just 26 months due to high stress and burnoutMicrosoft's "ElectionGuard" being used for the first time today!IoT lightbulb vulnerabilities are not such a joke, after all.SweynTooth Vulnerabilities: a set of more than 12 newly discovered vulnerabilities across a wide range of Bluetooth devices, many of which will never be updated, which allow for, among other things, full device compromise.We invite you to read our show notes at https://www.grc.com/sn/SN-754-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT FreshBooks.com/securitynow canary.tools/twit - use code: TWIT
February 12, 2020
Twitter, Google, and Facebook tell Clearview AI to stop stealing your face to catch crooks The NIST is testing methods to recover data from smashed smartphones Whoa! We get to REMAIN with Security Essentials under Windows 7! Microsoft drops a fix for the wallpaper stretch black screen Windows 7 users are being told: "You don't have permission to shut down this computer." Win10 Firefox users being "reminded" about Edge Last week Google closed an Android RCE flaw in the BlueTooth daemon. Data Exfiltration Technique of the Week CIA Uses Crypto AG to spy on the world Chrome 80 appeared last week with its implementation of the updated handling of the optional "SameSite" enforcement cookie property Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 Melissa.com/twit
February 5, 2020
This Week's Stories:- L1D Eviction Sampling becomes "CacheOut"- Only one final version of Windows?- Windows 7 and the Free Software Foundation- Windows 7's final patch broke wallpaper stretching- RCE Exploit for Windows RDP Gateway Demoed by Researcher- Google more than doubles its own bug bounty record- The return of Roskomnadzor!- Facebook DID get fined, but not by Russia- who exactly owns our biometric data?- Avast Jumpshot missed the hoop- An Update on the WireGuard VPN in the Linux kernel- In this week's Best Hack of the New Decade... a little red wagon Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow WWT.COM/TWIT LastPass.com/twit
January 29, 2020
This Week's Stories:- Is Apple actually encrypting our iCloud storage backups?- 250 Million Microsoft Customer Support Records Exposed Online- New York state is aiming to ban the use of public funds for Ransomware- New Muhstik Botnet Attacks Target Tomato Routers- Chrome under attack from browser extensions- Firefox under attack from browser extensions- NIST publishes a new Privacy Framework- Hacker Leaks More Than 500K Telnet Credentials for IoT Devices- A Welcome "Micro Patch" for the Windows IE jscript.dll 0-day vulnerability- SHA-1 is a Shambles. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: privacy.com/securitynow
January 22, 2020
This Week's Stories:- iPhones join Android in being a Google account security key.- How much "substantive assistance" did Apple provide in the Pensacola investigation?- A brand new serious Internet Explorer 0-day- Giving Windows an additional Edge- FBI says nation-state actors breached a US city government and a US financial entity by exploiting Pulse Secure VPN servers.- Critical new Windows Remote Desktop Gateway (RD Gateway) remote code execution vulnerability- SQRL for Drupal- Microsoft issues security update to fix "CurveBall" vulnerability Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT Melissa.com/twit Wasabi.com offer code SecurityNow
January 15, 2020
This Week's Stories:- Windows 7 support dies today, but 1 in 7 PCs are still running it- Cablehaunt- the remote exploit with the catchy logo that works on ALL cable modems- US government still wants backdoor access to iPhones- CheckRain iPhone jailbreak keeps getting better- How Apple scans your photos for evidence of child abuse- The sim swapping threat- Anatomy/timeline of the exploitation of an unpatched VPN bug- And speaking of patching right away... patch your Firefox browser right now! Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
January 8, 2020
This Week's Stories The Deadly Seven top cybersecurity attacks Russia successfully cuts itself off from the rest of the internet. Love Wawa? Surprise! Your credit card has been stolen. Huge Point of Sale attack on all of Landry's restaurants, including Rainforest Cafe. Python 2.7 Reaches End of Life After 20 Years. HackerOne's 20 top bug bounty programs A proposed standard for making warrant canaries machine-readable Xiaomi IoT camera owners can watch other Xiaomi users' video feeds. Microsoft is wrong on RDP vulnerability. Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 LastPass.com/twit WWT.COM/TWIT
December 31, 2019
The best of Security Now from 2019. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
December 24, 2019
On this Eve of 2020, we look back over the hacks of the past decade:The big news of 2010 was Stuxnet -- Boy did THAT make an impressionOperation Aurora - the hack that changed GoogleThe Sony Playstation HackAnd then we have... DiginotarEdward SnowdenThe Target hackThe Adobe hackSilk Road takedownHave I Been Pwned?The hack of Sony PicturesThe hack of Mt. GoxHeartbleedRowHammerAshley Madison data breachSIM swappingThe Ukraine power grid hacksDNC hackYahoo hacks go publicThe Shadow BrokersThe birth of IoT botnetsWannaCry / Petya / NotPetyaVault7 leaksMongoDB exposedEquifaxCoinhive & CryptojackingMeltdown, Spectre, and the CPU side-channel attacksMarriott gets hacked2019 - The Year of the RansomwareWe invite you to read our show notes at https://www.grc.com/sn/SN-746-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
December 18, 2019
This Week's Stories: Google turns over 1500 users' location data to catch Milwaukee arsonist Android's Messenger app offers its users verified SMS messaging conversations with supporting companies US Senate Judiciary Committee threatens Apple and Facebook Apple's iOS v13.3 adds support for hardware key dongle authentication in Safari Patch Tuesday shuts down a widespread elevation of privilege vulnerability Researchers discover prime factor collisions in active RSA certificates New Orleans hit by a ransomware attack on Friday the 13th Chrome stops displaying "www." Google re-enables their Chrome's new code integrity protection feature Plundervolt: software-based fault injection attacks against Intel SGXWe invite you to read our show notes at https://www.grc.com/sn/SN-745-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: brave.com/TWIT Wasabi.com offer code SecurityNow expressvpn.com/securitynow
December 11, 2019
This Week's StoriesMicrosoft has started forcing feature updates on people who don't want them.Bypass to continue obtaining Win7 updates created.Microsoft's Project Verona continues moving forward.Microsoft's RDP client for iOS is back.Avast / AVG in the doghouse.Making a mountain out of a VPN molehill.We invite you to read our show notes at https://www.grc.com/sn/SN-744-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT WWT.COM/TWIT go.itpro.tv/securitynow promo code SN30
December 4, 2019
This Week's StoriesEveryone can still upgrade to Windows 10 for free with this trickHP SSDs fail after 32768 hoursThe EU is not happy about a possible US encryption banUS government's formal permission to hack110 nursing homes have been crippled by a ransomware attackFirefox is seriously pushing back on tracking signal leakageNew problems with Windows DLLsThe StrandHogg vulnerabilityWe invite you to read our show notes at https://www.grc.com/sn/SN-743-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com Melissa.com/twit
November 27, 2019
The future of the Linux kernel underneath the Android OSInherent challenges presented by the nature of the Android ecosystemVNC users: Time to update!A welcome change to Twitter & SMS-based 2FAA "foregone conclusion" to law enforcement's strategy to force password divulgencePre-announcement from Microsoft about DNSDetails of the emerging DoH protocolWe invite you to read our show notes at https://www.grc.com/sn/SN-742-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow ECHOSEC.NET/SECURITYNOW privacy.com/securitynow
November 20, 2019
November's Patch Tuesday is the antepenultimate free Windows 7 updateCheckM8 & https://Checkra.inGitHub launches Security Lab to boost open-source securityWarrantless searches of devices at US borders were just ruled unconstitutionalAnother WhatsApp bug lets hackers quietly install spyware on your deviceZombieLoad v2The ByteCode Alliancehttp://tpm.fail/We invite you to read our show notes at https://www.grc.com/sn/SN-741-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: go.itpro.tv/securitynow promo code SN30 Melissa.com/twit Wasabi.com offer code SecurityNow
November 13, 2019
CheckM8 & Checkra.in moves to first public betaThe case of the misbehaving transducerBlueKeep and MicrosoftBlueKeep and BSODsBlueKeep and Marcus HutchinsMozilla on DoH -vs- COMCASTYet another approach for solving the problem of certificate revocation within a more limited scope.We invite you to read our show notes at https://www.grc.com/sn/SN-740-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT FreshBooks.com/securitynow canary.tools/twit - use code: TWIT
November 6, 2019
October's Windows Patch Tuesday BROKE Windows' ability to connect to a significant number of the Internet's websites. Here's how to fix it.Chrome 78 disables Code Integrity Check to mitigate "Aw Snap!" crashes."Chrome 78 patches a Chrome 0-day which had been discovered by Kaspersky being exploited in the wild."News from the Edge: the first Chromium-based Microsoft Edge Stable Release Candidate.Microarchitectural Data Sampling Vulnerabilities.Trouble for QNAP NAS devices exposed to the Internet.MSP's -- Managed Service Providers -- are a major vector for ransomware delivery.Five months after returning a rental car, man still has the remote control.Chinese-made drones in the US are being grounded.The DNS-over-HTTPS (DoH) controversy.BlueKeep-based attacks have finally started, and what we predicted on this podcast has finally happened.We invite you to read our show notes at https://www.grc.com/sn/SN-739-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow LastPass.com/twit securitynow.cachefly.com
October 30, 2019
This Week's Stories3rd-party antivirus strikes againWindows Defender offline scanAdobe databases hackedJohannesburg hit by ransomwareFirefox's anti-tracking effectivenessBad new PHP/NGINX RCE being exploited in the wildGoodbye SMS (maybe kinda) Hello RCS?Forced Password DisclosureWe invite you to read our show notes: https://www.grc.com/sn/SN-738-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow WWT.COM/TWIT ECHOSEC.NET/SECURITYNOW
October 23, 2019
Pixel 4 Face Unlock is so easy you can do it with your eyes closed! Samsung Galaxy S10 and Note 10 fingerprint sensor can be foiled with a $3 screen protector. The frenzy to turn CheckM8 into a consumer-friendly iOS jailbreak. Steganography finds a new host file format. Security display changes are coming to Firefox 70. More on Microsoft's open source "ElectionGuard" election security system. A potentially serious flaw found in Realtek WiFi drivers. Yubikey for local Windows login has been officially released. We invite you to read our show notes at https://www.grc.com/sn/SN-737-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow expressvpn.com/securitynow
October 16, 2019
This week's storiesA sobering reminder about supply chain attacksFacebook's stance on end-to-end encryption raises official protestsUNIX's Co-Creator Ken Thompson's BSD UNIX Password Has Finally Been CrackedJapanese stalker finds idol using reflections in her eyesAmericans and Digital KnowledgeOpenPGP being built into Mozilla's Thunderbird eMail clientWindows 10 Tamper Protection being enabled by defaultCheckM8We invite you to read our show notes at https://www.grc.com/sn/SN-736-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ECHOSEC.NET/TWIT go.itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT
October 9, 2019
Ransomware hits schools, hospitals, and hearing aid manufacturers Sodinokibi: the latest advances in Ransomware-as-a-Service Win7 Extended Security Updates are extended A new Nasty 0-Day RCE in vBulletin There's a new WannaCry in townWe invite you to read our show notes at https://www.grc.com/sn/SN-735-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit WWT.COM/TWIT ZipRecruiter.com/securitynow
October 2, 2019
This Week's StoriesThe latest state-of-the-art secure solutions for cross-device, cross-location device synchronizationMozilla's recently announced plans to gradually and carefully bring DNS-over-HTTPS to all Firefox users in the USThe EFF weighs in on DNS-over-HTTPSThe 100% free VPN offering coming from our friends at CloudflareWe invite you to read our show notes at https://www.grc.com/sn/SN-734-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: FreshBooks.com/securitynow securitynow.cachefly.com LastPass.com/twit
September 25, 2019
This Week's Stories:Cryptomining makes a comebackThe top three most attacked portsSmall office/home office (SOHO) routers and wireless access points: "SOHOpelessly Broken"Chrome gets an emergency update, to 77.0.3865.902019 CWE Top 25 Most Dangerous Software ErrorsWe invite you to read our show notes at https://www.grc.com/sn/SN-733-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow Wasabi.com offer code SecurityNow expressvpn.com/securitynow
September 18, 2019
This Week's StoriesSIMjacker allows attackers to hijack any phone just by sending it an SMS message.Here comes iOS "Lucky" 13!Chrome follows Mozilla to DoH with a twist.Want to enable DoH in Chrome right now? You can, right now, if you wish.Chrome stops showing Extended Validation certs in the URL bar.Mozilla launches 'Firefox Private Network' VPN service as a browser extension.Windows Patch Tuesday reduxChrome Remote DesktopEXIM eMail servers are in trouble again.We invite you to read our show notes at https://www.grc.com/sn/SN-732-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT thehelm.com/SECURITYNOW go.itpro.tv/securitynow promo code SN30
September 10, 2019
This week's stories:Get rich quick spotting deepfakes!A forced two-day recess of all schools in Flagstaff, ArizonaThe case of a ransomware operator being too greedyApple's controversial response to Google's discovery of Chinese iOS hacksZerodium's new payout schedule and what it might mean.The final full public disclosure of BlueKeep exploitation codeSerious PHP flaws, some potentially serious flaws foundWe invite you to read our show notes at https://www.grc.com/sn/SN-731-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT FreshBooks.com/securitynow redhat.com/heroes
September 4, 2019
This Week's Stories:Google expands its bug bounty programNew bug bounty millionairesGoogle's Project Zero group dropped a bomb on iOSRansomware attacks on local governments and businesses are on the riseWe invite you to read our show notes at https://www.grc.com/sn/SN-730-Notes.pdf If you're in Boston on October 3rd, join LastPass and TWiT.tv for the Cybersecurity & Identity Trends, Unlocked event. Sign up at http://twit.to/unlocked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securitynow.cachefly.com LastPass.com/twit ZipRecruiter.com/securitynow
August 28, 2019
• Texas Ransomware Update• Remember that Kazakhstan cert?• The mixed-blessing of "wide open" source projects• RubyGems is in trouble again• Chrome to add data breach notification• iOS v12.4 updated quickly to 12.4.1• Next-gen ad privacyWe invite you to read our show notes at https://www.grc.com/sn/SN-729-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow Wasabi.com offer code SecurityNow WWT.COM/TWIT
August 21, 2019
• Last Tuesday was another busy and important patch Tuesday• And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again!• Kaspersky facilitates independent web tracking• So, what the heck is "CTF" ??• 23 Government agencies in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th• RIP, EV: The coming demise of Extended Validation (EV) certificates• And... So long FTP!• HTTP/2 goes to the Movies• "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR"We invite you to read our show notes at https://www.grc.com/sn/SN-728-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: thehelm.com/SECURITYNOW netscout.com
August 14, 2019
This Week's StoriesBlackHat and Def Con 2019Microsoft dangles $300,000 for Azure hacks at BlackHat...Hotel chaos from Germany's Chaos Computer Club40 dangerous driversGoogle's battle to allow its Incognito users' Incognitoness to be IncognitoMicrosoft ranks the industry's top bug huntersApple bumps its bountiesWe invite you to read our show notes at https://www.grc.com/sn/SN-727-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: go.itpro.tv/securitynow promo code SN30 WWT.COM/TWIT canary.tools/twit - use code: TWIT
August 7, 2019
This week's stories• A widespread false alarm about Facebook's planned subversion of end-to-end encryption• Still more municipality Ransomware attacks• Anti-encryption saber rattling among the Five Eyes nations• Microsoft's discovery of Russian-backed IoT compromise• Chrome 76's changes• Black Hat and Def Con preview• The challenge of synchronizing a working set of files between two locations We invite you to read our show notes at https://www.grc.com/sn/SN-726-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com netscout.com
July 31, 2019
This Week's StoriesMarcus Hutchins ... is Free!U.S. Attorney General Bill Barr on "warrant proof data encryption"What malware is the most popular underground?This Week in RansomwareYour NAS is Grass!11 vulnerabilities in VxWorks' TCP/IP stack We invite you to read our show notes at https://www.grc.com/sn/SN-725-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow netscout.com
July 24, 2019
This Week's StoriesWelcome to Kazakhstan! Please check your privacy at the border.Mozilla marking all non-HTTPS pages as "not secure"Chrome Incognito Mode getting a bit more incognitoA forthcoming "super Incognito mode" for FirefoxRust-TLS outperforms OpenSSL in nearly every wayMicrosoft announces "ElectionGuard" during last week's Aspen Security ForumProFTPD Server is wide open to remote compromiseSophos: "RDP exposed: the wolves already at your door"We invite you to read our show notes at https://www.grc.com/sn/SN-724-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT expressvpn.com/securitynow
July 17, 2019
Bullet points from last Tuesday's monthly Windows patches as wellNotes from the end of Windows 7Laporte County Under Ransomware AttackThe mixed blessing of fining companies for self-reportingA survey of enterprise malware headachesSome Mozilla/ Firefox newsAnother (kinda obvious) way of exfiltrating information from a PCDNS EncryptionWe invite you to read our show notes at https://www.grc.com/sn/SN-723-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: netscout.com go.itpro.tv/securitynow promo code SN30 thehelm.com/SECURITYNOW
July 10, 2019
This Week's StoriesMozilla's privacy-enhancing DNS over HTTPS supportFacial recognition and automobile license plate scannersThe future of satellite-based Internet servicesHow a Ruby code repository was hackedThe UK GCHQ's proposal for adding "ghost" participants into private conversationsWe invite you to read our show notes at https://www.grc.com/sn/SN-722-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: redhat.com/heroes canary.tools/twit - use code: TWIT WWT.COM/TWIT
July 3, 2019
Ransomware in Florida and elsewhereThe "Going Dark" anti-encryption debateA BlueKeep Proof of Concept demo produced by the guys at SophosLabsMassive publicly-exposed databasesChinese IoT manufacturer logs a million+ customer devices into a 2+ billion record publicly-exposed databaseThe dilemma we have with the utter lack of oversight and control over our own IoT devicesWe invite you to read our show notes at https://www.grc.com/sn/SN-721-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com Wasabi.com offer code SecurityNow
June 26, 2019
Update on the Linux TCP SACK Kernel panicHackers exploit a Firefox flaw and attack CoinbaseGoogle corrects a flaw with NestcamAn elegant solution to OpenSSH key theft via Rowhammer attacksUpdate on the BlueKeep RDP vulnerabilityVerizon's negligence caused a major Cloudflare and Amazon customer outageNASA was infected by an APT for more than a yearShould you pay ransomware?Microsoft's Chromium-based Edge browser updateThe state of the commercial Bug Bounty BusinessWe invite you to read our show notes at https://www.grc.com/sn/SN-720-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Atlassian.com/teams/it thehelm.com/SECURITYNOW expressvpn.com/securitynow
June 19, 2019
A new DRAM problem called "RAMBleed"A bad Linux TCP SACK server kernel crashing flawLast week's patch TuesdayA Bluetooth surpriseAnother useless warning about the BlueKeep vulnerabilityMicrosoft misses a 90-day Tavis Ormandy deadlineGood news about GandCrab wrap upYubico's entropy mistakePost-announce SQRL newsOur favorite iOS security appAttacks on Exim mail servers and other pending disastersWe invite you to read our show notes at https://www.grc.com/sn/SN-719-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: pulseway.com/twit Wasabi.com offer code SecurityNow canary.tools/twit - use code: TWIT
June 12, 2019
SandboxEscaper drops another 0-dayThe still-not-yet-widely-exploited BlueKeep vulnerabilityGoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep)The FBI issued an interesting advisory about not trusting secure sites just because they're secureVLC receives 33 security bug fixesMicrosoft's Edge browser takes another step forwardMozilla reorganizesMUST HAVE utility of the week: DNS Query SnifferThe first formal full release of SQRLAnyone running an Exim mail server needs to update immediately!We invite you to read our show notes at https://www.grc.com/sn/SN-718-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT Atlassian.com/teams/it go.itpro.tv/securitynow promo code SN30
June 5, 2019
Checking in on the BlueKeep RDP vulnerabilityThe planned shutdown of one of the most "successful" affiliate-based ransomware systemsAn update on the anti-Robocalling problemRussian and Chinese militaries plan to quit using WindowsApple's announcement yesterday of their forthcoming "Sign in with Apple" serviceThe Nansh0u campaign, apparently sourced from China, has successfully compromised many tens of thousands of servers exposed to the Internet.We invite you to read our show notes at https://www.grc.com/sn/SN-717-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securitynow.cachefly.com Jobs LastPass.com/twit
    15
    15
      0:00:00 / 0:00:00