Security Now (Audio) podcast

Security Now (Audio)

·

  TWiT  

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

 

#10

SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

---Apple vs U.S. DoJ ---G.M.'s Unbelievably Horrible Driver Data Sharing Ends ---Super Sushi Samurai ---Apple has effectively abandoned HomeKit Secure Routers ---The forthcoming ".INTERNAL" TLD ---The United Nations vs AI. ---Telegram now blocked throughout Spain ---Vancouver Pwn2Own 2024 ---China warns of incoming hacks ---Annual Tax Season Phishing Deluge ---SpinRite update ---Authentication without a phone ---Are Passkeys quantum safe? ---GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - [https://www.grc.com/sn/SN-967-Notes.pdf] (https://www.grc.com/sn/SN-967-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [zscaler.com/zerotrustAI] (http://zscaler.com/zerotrustAI) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [canary.tools/twit - use code: TWIT] (http://canary.tools/twit) --- [panoptica.app] (http://panoptica.app) --- [kolide.com/securitynow] (https://kolide.com/securitynow) ... Read more

27 Mar 2024

2 HR 01 MINS

2:01:48

27 Mar 2024


#9

SN 966: Morris The Second - Voyager 1, The Web Turns 35

---Voyager 1 update ---The Web turned 35 and Dad is disappointed ---Automakers sharing driving data with insurance companies ---A flaw in Passkey thinking ---Passkeys vs 2fa ---Sharing accounts with Passkeys ---Passkeys vs. Passwords/MFA ---Workaround to sites that block anonymous email addresses ---Open Bounty programs on HackerOne ---Steve on Twitter ---Ways to disclose bugs publicly ---Security by obscurity ---Something you have/know/are vs Passkeys ---Passkeys vs TOTP ---Inspecting Chrome extensions ---Passkey transportability ---Morris the Second Show Notes - [https://www.grc.com/sn/SN-966-Notes.pdf] (https://www.grc.com/sn/SN-966-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Mikah Sargent] (https://twit.tv/people/mikah-sargent) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [zscaler.com/zerotrustAI] (http://zscaler.com/zerotrustAI) --- [robinhood.com/boost] (http://robinhood.com/boost) --- [GO.ACILEARNING.COM/TWIT] (http://GO.ACILEARNING.COM/TWIT) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) ... Read more

20 Mar 2024

2 HR 08 MINS

2:08:28

20 Mar 2024


#8

SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

---VMware needs immediate patching ---Midnight Blizzard still on the offensive ---China is quietly "de-American'ing" their networks ---Signal Version 7.0, now in beta ---Meta, WhatsApp, and Messenger -meets- the EU's DMA ---The Change Healthcare cyberattack ---SpinRite update ---Telegram's end-to-end encryption ---KepassXC now supports passkeys ---Login accelerators ---Sites start rejecting @duck.com emails ---Tool to detect chrome extensions change owners ---Sortest SN title ---Passkeys vs 2FA Show Notes - [https://www.grc.com/sn/SN-965-Notes.pdf] (https://www.grc.com/sn/SN-965-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Mikah Sargent] (https://twit.tv/people/mikah-sargent) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [business.eset.com/twit] (http://business.eset.com/twit) ... Read more

13 Mar 2024

2 HR 23 MINS

2:23:27

13 Mar 2024


#7

SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

---"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer ---Cory Doctorow's Visions of the Future Humble Book Bundle ---CTRL-K shortcut for search on a browser ---Direct bootable image downloading for GRC's servers ---Closing the loop on compromised emails ---Taco Bell's passwordless app ---A solution for Bcrypt's password length limit of 72 bytes ---Data as the missing piece for law enforcement and privacy advocates ---The token solution for email-only login ---Apple's Password Manager Resources on Github ---The risk of long-term persistent cookies in browsers ---Why mainframe industries still require weak passwords ---A conundrum involving an exploitable Response Header error and a bounty payment. ---An inspection of Apple's new Post-Quantum Encryption upgrade Show Notes - [https://www.grc.com/sn/SN-964-Notes.pdf] (https://www.grc.com/sn/sn-964-notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [GO.ACILEARNING.COM/TWIT] (http://GO.ACILEARNING.COM/TWIT) --- [Melissa.com/twit] (http://Melissa.com/twit) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [kolide.com/securitynow] (https://kolide.com/securitynow) ... Read more

06 Mar 2024

2 HR 12 MINS

2:12:18

06 Mar 2024


#6

SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted

---Nevada attempts to block Meta's end-to-end encryption for minors. ---A survey of security breaches ---Edge's Super-Duper Secure Mode moves into Chrome ---DoorDash dashes our privacy ---Avast charged $16.5 million for selling user browsing data ---No charge for extra logging! ---European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members ---LockBit RaaS group disrupted ---Firefox v123 ---The ScreenConnect Authentication Bypass ---SpinRite update ---Introducing BootAble ---Cox moving to Yahoo Mail for users ---Credit Card security ---Exploiting password complexity reqirements? ---Email only logins ---Flipper Zero in Canada ---German Router security ---More Flipper Zero in Canada ---Throwaway email addresses ---Shared email accounts ---Password quality enforcement ---Fingerprint tech and some future stories Show Notes - [https://www.grc.com/sn/SN-963-Notes.pdf] (https://www.grc.com/sn/SN-963-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [canary.tools/twit - use code: TWIT] (http://canary.tools/twit) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) --- [robinhood.com/boost] (http://robinhood.com/boost) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) ... Read more

28 Feb 2024

2 HR 04 MINS

2:04:53

28 Feb 2024


#5

SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

---Wyze breach ---Microsoft patch Tuesday fixes 15 remote code execution flaws ---Why are there password restrictions? ---The Canadian Flipper Zero Ban ---Security on the old internet ---Using Old Passwords ---Passwordless login ---TOTP as a second factor ---German ISP using default router passwords ---Email encryption in transit ---pfSense Tailscale integration ---DuckDuckGo's email protection integration with Bitwarden ---The KeyTrap Vulnerability Show Notes - [https://www.grc.com/sn/SN-962-Notes.pdf] (https://www.grc.com/sn/SN-962-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [panoptica.app] (http://panoptica.app) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) --- [GO.ACILEARNING.COM/TWIT] (http://GO.ACILEARNING.COM/TWIT) ... Read more

21 Feb 2024

2 HR 14 MINS

2:14:19

21 Feb 2024


#4

SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

---Toothbrush Botnet ---"There are too many damn Honeypots!" ---Remotely accessing your home network securely ---Going passwordless as an ecommerce site ---Facebook "old password" reminders ---Browsers on iOS ---More UPnP Issues ---A password for every website? ---"Free" accounts ---Keeping phones plugged in ---Running your own email server in 2024 ---iOS app sizes ---SpinRite 6.1 running on an iMac ---SpinRite update ---Bitlocker's encryption cracked in minutes Show Notes - [https://www.grc.com/sn/SN-961-Notes.pdf] (https://www.grc.com/sn/SN-961-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [robinhood.com/boost] (http://robinhood.com/boost) ... Read more

14 Feb 2024

2 HR 03 MINS

2:03:44

14 Feb 2024


#3

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

---CISA's "Secure by Design" Initiative ---The GNU C Library Flaw ---Fastly CDN switches from OpenSSL to BoringSSL ---Roskomnadzor asserts itself ---Google updates Android's Password Manager ---Firefox gets post-quantum crypto ---Get your TOTP tokens from LastPass ---Inflated iOS app data ---LearnDMARC ---Sync mobile app bug ---SpinRite and Windows Defender ---Crypto signing camera ---Analog hole in digital camera authentication ---iOS and Google's Topics ---The gathering of the Stephvens ---Programmable Logic Controllers ---SpinRite update ---Malware-infected Toothbrush ---The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - [https://www.grc.com/sn/SN-960-Notes.pdf] (https://www.grc.com/sn/SN-960-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [Melissa.com/twit] (http://Melissa.com/twit) --- [joindeleteme.com/twit promo code TWIT] (http://joindeleteme.com/twit) --- [GO.ACILEARNING.COM/TWIT] (http://GO.ACILEARNING.COM/TWIT) --- [vanta.com/SECURITYNOW] (http://vanta.com/SECURITYNOW) ... Read more

07 Feb 2024

2 HR 04 MINS

2:04:13

07 Feb 2024


#2

SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

---iOS to allow native Chromium and Firefox engines. ---An OS immune to ransomware? ---HP back in the doghouse over "anti-virus" printer bricking ---The mother of all breaches ---New "Thou shall not delete those chats" rules ---Fewer ransoms are being paid ---Verified Camera Images ---More on the $15/month flashlight app ---What happens when apps change publishers ---Microsoft hating on Firefox ---Credit Karma is storing 1GB of data on the iPhone ---Staying on Windows 7 ---Sci-Fi recommendations ---Windows 7 and HSTS sites ---TOTP codes/secrets and Bitwarden ---SpinRite on Mac ---SpinRite v6.1 is done! ---LearnDMARC.com ---Alex Stamos on "Microsoft Security" Show Notes - [https://www.grc.com/sn/SN-959-Notes.pdf] (https://www.grc.com/sn/SN-959-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [expressvpn.com/securitynow] (http://expressvpn.com/securitynow) --- [panoptica.app] (http://panoptica.app) --- [kolide.com/securitynow] (https://kolide.com/securitynow) --- [canary.tools/twit - use code: TWIT] (http://canary.tools/twit) ... Read more

31 Jan 2024

2 HR 17 MINS

2:17:02

31 Jan 2024


#1

SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results

---Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack ---US Health and Human Services Breached ---Firefox vs "The Competition" ---Brave reduces its anti-fingerprinting protections ---CISA's proactive policing results one year later ---Longer Life For Samsung Updates ---Google Incognito Mode "Misunderstanding" ---Show Doc Not showing images on iOS Safari ---Generated AI Media Authentication ---Which computer languages to learn? ---Flashlight app subscription ---Google's Privacy Sandbox system ---Malware and IoT devices ---Protected Audience API vs. Malvertising ---Defensive computing ---Why ISPs don't do anything about DDoS attacks ---SpinRite Update Show Notes - [https://www.grc.com/sn/SN-958-Notes.pdf] (https://www.grc.com/sn/SN-958-Notes.pdf) Hosts: [Steve Gibson] (https://twit.tv/people/steve-gibson) and [Leo Laporte] (https://twit.tv/people/leo-laporte) Download or subscribe to this show at [https://twit.tv/shows/security-now] (https://twit.tv/shows/security-now) . Get episodes ad-free with Club TWiT at [https://twit.tv/clubtwit] (https://twit.tv/clubtwit) You can submit a question to Security Now at the [GRC Feedback Page] (https://www.grc.com/feedback.htm) . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: [grc.com] (https://www.grc.com/securitynow.htm) , also the home of the best disk maintenance and recovery utility ever written [Spinrite 6] (https://www.grc.com/sr/spinrite.htm) . Sponsors: --- [paloaltonetworks.com/ot-security-tco] (https://www.paloaltonetworks.com/ot-security-tco) --- [bitwarden.com/twit] (http://bitwarden.com/twit) --- [drata.com/twit] (http://drata.com/twit) --- [kolide.com/securitynow] (https://kolide.com/securitynow) ... Read more

24 Jan 2024

2 HR 14 MINS

2:14:58

24 Jan 2024