Security Now (Audio) Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what’s happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
- SN 970: GhostRace – AT&T Breach Update, Cookie Notices, Router Buttonsby TWiT on April 17, 2024 at 12:13 am
An update on the AT&T data breach 340,000 social security numbers leaked Cookie Notice Compliance The GDPR does enforce some transparency Physical router buttons Wifi enabled button pressers Netsecfish disclosure of Dlink NAS vulnerability Chrome bloat SpinRite update GhostRace Show Notes – https://www.grc.com/sn/SN-970-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit vanta.com/SECURITYNOW 1bigthink.com
- SN 969: Minimum Viable Secure Product – Dlink NAS Backdoor, Privnote, Crowdefenseby TWiT on April 10, 2024 at 12:18 am
Out-of-support DLink NAS devices contain hard coded backdoor credentials Privnote is not so “Priv” Crowdfense is willing to pay millions Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution SpinRite Update Minimum Viable Secure Product Show Notes – https://www.grc.com/sn/SN-969-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI business.eset.com/twit lookout.com joindeleteme.com/twit promo code TWIT
- SN 968: A Cautionary Tale – XZ Outbreak, AT&T Data Breachby TWiT on April 3, 2024 at 12:48 am
A near-Universal (Local) Linux Elevation of Privilege vulnerability TechCrunch informed AT&T of a 5 year old data breach Signal to get very useful cloud backups Telegram to allow restricted incoming HP exits Russia ahead of schedule Advertisers are heavier users of Ad Blockers than average Americans! The Google Incognito Mode Lawsuit Canonical fights malicious Ubuntu store apps Spinrite update A Cautionary Tale Show Notes – https://www.grc.com/sn/SN-968-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com kolide.com/securitynow Melissa.com/twit vanta.com/SECURITYNOW
- SN 967: GoFetch – Apple vs. DOJ, “.INTERNAL” TLDby TWiT on March 27, 2024 at 1:22 am
Apple vs U.S. DOJ G.M.’s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming “.INTERNAL” TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes – https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit – use code: TWIT panoptica.app kolide.com/securitynow
- SN 966: Morris The Second – Voyager 1, The Web Turns 35by TWiT on March 20, 2024 at 12:03 am
Voyager 1 update The Web turned 35 and Dad is disappointed Automakers sharing driving data with insurance companies A flaw in Passkey thinking Passkeys vs 2fa Sharing accounts with Passkeys Passkeys vs. Passwords/MFA Workaround to sites that block anonymous email addresses Open Bounty programs on HackerOne Steve on Twitter Ways to disclose bugs publicly Security by obscurity Something you have/know/are vs Passkeys Passkeys vs TOTP Inspecting Chrome extensions Passkey transportability Morris the Second Show Notes – https://www.grc.com/sn/SN-966-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI robinhood.com/boost GO.ACILEARNING.COM/TWIT joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW
- SN 965: Passkeys vs. 2FA – Unhelpful CERT, VMware patch, Signal 7.0 Betaby TWiT on March 13, 2024 at 12:47 am
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly “de-American’ing” their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU’s DMA The Change Healthcare cyberattack SpinRite update Telegram’s end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes – https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
- SN 964: PQ3 – Voyager 1’s fate, Apple’s post-quantum iMessage protocolby TWiT on March 6, 2024 at 12:13 am
“Death, Lonely Death” by Doug Muir, about the decades-old Voyager 1 explorer Cory Doctorow’s Visions of the Future Humble Book Bundle CTRL-K shortcut for search on a browser Direct bootable image downloading for GRC’s servers Closing the loop on compromised emails Taco Bell’s passwordless app A solution for Bcrypt’s password length limit of 72 bytes Data as the missing piece for law enforcement and privacy advocates The token solution for email-only login Apple’s Password Manager Resources on Github The risk of long-term persistent cookies in browsers Why mainframe industries still require weak passwords A conundrum involving an exploitable Response Header error and a bounty payment. An inspection of Apple’s new Post-Quantum Encryption upgrade Show Notes – https://www.grc.com/sn/SN-964-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT Melissa.com/twit bitwarden.com/twit kolide.com/securitynow
- SN 963: Web portal? Yes please! – Firefox v123, LockBit Disruptedby TWiT on February 28, 2024 at 1:48 am
Nevada attempts to block Meta’s end-to-end encryption for minors. A survey of security breaches Edge’s Super-Duper Secure Mode moves into Chrome DoorDash dashes our privacy Avast charged $16.5 million for selling user browsing data No charge for extra logging! European Parliament’s IT service has found traces of spyware on the smartphones of its security and defense subcommittee members LockBit RaaS group disrupted Firefox v123 The ScreenConnect Authentication Bypass SpinRite update Introducing BootAble Cox moving to Yahoo Mail for users Credit Card security Exploiting password complexity reqirements? Email only logins Flipper Zero in Canada German Router security More Flipper Zero in Canada Throwaway email addresses Shared email accounts Password quality enforcement Fingerprint tech and some future stories Show Notes – https://www.grc.com/sn/SN-963-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit – use code: TWIT vanta.com/SECURITYNOW robinhood.com/boost joindeleteme.com/twit promo code TWIT
- SN 962: The Internet Dodged a Bullet – Wyze Breach, Patch Tuesday, KeyTrapby TWiT on February 21, 2024 at 2:02 am
Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo’s email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes – https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT
- SN 961: Bitlocker: Chipped or Cracked? – Honeypots, Toothbrush Botnet, Bitlocker Crackedby TWiT on February 14, 2024 at 1:54 am
Toothbrush Botnet “There are too many damn Honeypots!” Remotely accessing your home network securely Going passwordless as an ecommerce site Facebook “old password” reminders Browsers on iOS More UPnP Issues A password for every website? “Free” accounts Keeping phones plugged in Running your own email server in 2024 iOS app sizes SpinRite 6.1 running on an iMac SpinRite update Bitlocker’s encryption cracked in minutes Show Notes – https://www.grc.com/sn/SN-961-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit kolide.com/securitynow robinhood.com/boost