Security Now (Audio) podcast

Security Now (Audio)

·

  TWiT  

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

 

#10

SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons

---An update on the AT&T data breach ---340,000 social security numbers leaked ---Cookie Notice Compliance ---The GDPR does enforce some transparency ---Physical router buttons ---Wifi enabled button pressers ---Netsecfish disclosure of Dlink NAS vulnerability ---Chrome bloat ---SpinRite update ---GhostRace Show Notes - [https://www.grc.com/sn/SN-970-Notes.pdf] (https://www.grc.com/sn/SN-970-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) --- [1bigthink.com] (http://1bigthink.com) ... Read more

17 Apr 2024

1 HR 52 MINS

1:52:46

17 Apr 2024


#9

SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense

Out-of-support DLink NAS devices contain hard coded backdoor credentials Privnote is not so "Priv" Crowdfense is willing to pay millions Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution SpinRite Update Minimum Viable Secure Product Show Notes - [https://www.grc.com/sn/SN-969-Notes.pdf] (https://www.grc.com/sn/SN-969-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [zscaler.com/zerotrustAI] (http://zscaler.com/zerotrustAI) --- [business.eset.com/twit] (http://business.eset.com/twit) --- [lookout.com] (http://lookout.com) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) ... Read more

10 Apr 2024

1 HR 51 MINS

1:51:22

10 Apr 2024


#8

SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach

---A near-Universal (Local) Linux Elevation of Privilege vulnerability ---TechCrunch informed AT&T of a 5 year old data breach ---Signal to get very useful cloud backups ---Telegram to allow restricted incoming ---HP exits Russia ahead of schedule ---Advertisers are heavier users of Ad Blockers than average Americans! ---The Google Incognito Mode Lawsuit ---Canonical fights malicious Ubuntu store apps ---Spinrite update ---A Cautionary Tale Show Notes - [https://www.grc.com/sn/SN-968-Notes.pdf] (https://www.grc.com/sn/SN-968-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [1bigthink.com] (http://1bigthink.com) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [Melissa.com/twit] (http://Melissa.com/twit) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) ... Read more

03 Apr 2024

1 HR 45 MINS

1:45:55

03 Apr 2024


#7

SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

---Apple vs U.S. DOJ ---G.M.'s Unbelievably Horrible Driver Data Sharing Ends ---Super Sushi Samurai ---Apple has effectively abandoned HomeKit Secure Routers ---The forthcoming ".INTERNAL" TLD ---The United Nations vs AI. ---Telegram now blocked throughout Spain ---Vancouver Pwn2Own 2024 ---China warns of incoming hacks ---Annual Tax Season Phishing Deluge ---SpinRite update ---Authentication without a phone ---Are Passkeys quantum safe? ---GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - [https://www.grc.com/sn/SN-967-Notes.pdf] (https://www.grc.com/sn/SN-967-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [zscaler.com/zerotrustAI] (http://zscaler.com/zerotrustAI) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [canary.tools/twit - use code: TWIT] (http://canary.tools/twit) --- [panoptica.app] (http://panoptica.app) --- [kolide.com/securitynow] (https://kolide.com/securitynow) ... Read more

27 Mar 2024

2 HR 01 MINS

2:01:48

27 Mar 2024


#6

SN 966: Morris The Second - Voyager 1, The Web Turns 35

---Voyager 1 update ---The Web turned 35 and Dad is disappointed ---Automakers sharing driving data with insurance companies ---A flaw in Passkey thinking ---Passkeys vs 2fa ---Sharing accounts with Passkeys ---Passkeys vs. Passwords/MFA ---Workaround to sites that block anonymous email addresses ---Open Bounty programs on HackerOne ---Steve on Twitter ---Ways to disclose bugs publicly ---Security by obscurity ---Something you have/know/are vs Passkeys ---Passkeys vs TOTP ---Inspecting Chrome extensions ---Passkey transportability ---Morris the Second Show Notes - [https://www.grc.com/sn/SN-966-Notes.pdf] (https://www.grc.com/sn/SN-966-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Mikah Sargent] (https://twit.tv/people/mikah-sargent) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [zscaler.com/zerotrustAI] (http://zscaler.com/zerotrustAI) --- [robinhood.com/boost] (http://robinhood.com/boost) --- [GO.ACILEARNING.COM/TWIT] (http://GO.ACILEARNING.COM/TWIT) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) ... Read more

20 Mar 2024

2 HR 08 MINS

2:08:28

20 Mar 2024


#5

SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

---VMware needs immediate patching ---Midnight Blizzard still on the offensive ---China is quietly "de-American'ing" their networks ---Signal Version 7.0, now in beta ---Meta, WhatsApp, and Messenger -meets- the EU's DMA ---The Change Healthcare cyberattack ---SpinRite update ---Telegram's end-to-end encryption ---KepassXC now supports passkeys ---Login accelerators ---Sites start rejecting @duck.com emails ---Tool to detect chrome extensions change owners ---Sortest SN title ---Passkeys vs 2FA Show Notes - [https://www.grc.com/sn/SN-965-Notes.pdf] (https://www.grc.com/sn/SN-965-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Mikah Sargent] (https://twit.tv/people/mikah-sargent) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [business.eset.com/twit] (http://business.eset.com/twit) ... Read more

13 Mar 2024

2 HR 23 MINS

2:23:27

13 Mar 2024


#4

SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

---"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer ---Cory Doctorow's Visions of the Future Humble Book Bundle ---CTRL-K shortcut for search on a browser ---Direct bootable image downloading for GRC's servers ---Closing the loop on compromised emails ---Taco Bell's passwordless app ---A solution for Bcrypt's password length limit of 72 bytes ---Data as the missing piece for law enforcement and privacy advocates ---The token solution for email-only login ---Apple's Password Manager Resources on Github ---The risk of long-term persistent cookies in browsers ---Why mainframe industries still require weak passwords ---A conundrum involving an exploitable Response Header error and a bounty payment. ---An inspection of Apple's new Post-Quantum Encryption upgrade Show Notes - [https://www.grc.com/sn/SN-964-Notes.pdf] (https://www.grc.com/sn/sn-964-notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [GO.ACILEARNING.COM/TWIT] (http://GO.ACILEARNING.COM/TWIT) --- [Melissa.com/twit] (http://Melissa.com/twit) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [kolide.com/securitynow] (https://kolide.com/securitynow) ... Read more

06 Mar 2024

2 HR 12 MINS

2:12:18

06 Mar 2024


#3

SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted

---Nevada attempts to block Meta's end-to-end encryption for minors. ---A survey of security breaches ---Edge's Super-Duper Secure Mode moves into Chrome ---DoorDash dashes our privacy ---Avast charged $16.5 million for selling user browsing data ---No charge for extra logging! ---European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members ---LockBit RaaS group disrupted ---Firefox v123 ---The ScreenConnect Authentication Bypass ---SpinRite update ---Introducing BootAble ---Cox moving to Yahoo Mail for users ---Credit Card security ---Exploiting password complexity reqirements? ---Email only logins ---Flipper Zero in Canada ---German Router security ---More Flipper Zero in Canada ---Throwaway email addresses ---Shared email accounts ---Password quality enforcement ---Fingerprint tech and some future stories Show Notes - [https://www.grc.com/sn/SN-963-Notes.pdf] (https://www.grc.com/sn/SN-963-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [canary.tools/twit - use code: TWIT] (http://canary.tools/twit) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) --- [robinhood.com/boost] (http://robinhood.com/boost) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) ... Read more

28 Feb 2024

2 HR 04 MINS

2:04:53

28 Feb 2024


#2

SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

---Wyze breach ---Microsoft patch Tuesday fixes 15 remote code execution flaws ---Why are there password restrictions? ---The Canadian Flipper Zero Ban ---Security on the old internet ---Using Old Passwords ---Passwordless login ---TOTP as a second factor ---German ISP using default router passwords ---Email encryption in transit ---pfSense Tailscale integration ---DuckDuckGo's email protection integration with Bitwarden ---The KeyTrap Vulnerability Show Notes - [https://www.grc.com/sn/SN-962-Notes.pdf] (https://www.grc.com/sn/SN-962-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [panoptica.app] (http://panoptica.app) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) --- [GO.ACILEARNING.COM/TWIT] (http://GO.ACILEARNING.COM/TWIT) ... Read more

21 Feb 2024

2 HR 14 MINS

2:14:19

21 Feb 2024


#1

SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

---Toothbrush Botnet ---"There are too many damn Honeypots!" ---Remotely accessing your home network securely ---Going passwordless as an ecommerce site ---Facebook "old password" reminders ---Browsers on iOS ---More UPnP Issues ---A password for every website? ---"Free" accounts ---Keeping phones plugged in ---Running your own email server in 2024 ---iOS app sizes ---SpinRite 6.1 running on an iMac ---SpinRite update ---Bitlocker's encryption cracked in minutes Show Notes - [https://www.grc.com/sn/SN-961-Notes.pdf] (https://www.grc.com/sn/SN-961-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [robinhood.com/boost] (http://robinhood.com/boost) ... Read more

14 Feb 2024

2 HR 03 MINS

2:03:44

14 Feb 2024