Episodes
An update on the AT&T data breach
340,000 social security numbers leaked
Cookie Notice Compliance
The GDPR does enforce some transparency
Physical router buttons
Wifi enabled button pressers
Netsecfish disclosure of Dlink NAS vulnerability
Chrome bloat
SpinRite update
GhostRace
Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT...
Published 04/17/24
Out-of-support DLink NAS devices contain hard coded backdoor credentials
Privnote is not so "Priv"
Crowdfense is willing to pay millions
Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution
SpinRite Update
Minimum Viable Secure Product
Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
...
Published 04/10/24
A near-Universal (Local) Linux Elevation of Privilege vulnerability
TechCrunch informed AT&T of a 5 year old data breach
Signal to get very useful cloud backups
Telegram to allow restricted incoming
HP exits Russia ahead of schedule
Advertisers are heavier users of Ad Blockers than average Americans!
The Google Incognito Mode Lawsuit
Canonical fights malicious Ubuntu store apps
Spinrite update
A Cautionary Tale
Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf
Hosts: Steve...
Published 04/03/24
Apple vs U.S. DOJ
G.M.'s Unbelievably Horrible Driver Data Sharing Ends
Super Sushi Samurai
Apple has effectively abandoned HomeKit Secure Routers
The forthcoming ".INTERNAL" TLD
The United Nations vs AI.
Telegram now blocked throughout Spain
Vancouver Pwn2Own 2024
China warns of incoming hacks
Annual Tax Season Phishing Deluge
SpinRite update
Authentication without a phone
Are Passkeys quantum safe?
GoFetch: The Unpatchable vulnerability in Apple chips
Show Notes -...
Published 03/27/24
Voyager 1 update
The Web turned 35 and Dad is disappointed
Automakers sharing driving data with insurance companies
A flaw in Passkey thinking
Passkeys vs 2fa
Sharing accounts with Passkeys
Passkeys vs. Passwords/MFA
Workaround to sites that block anonymous email addresses
Open Bounty programs on HackerOne
Steve on Twitter
Ways to disclose bugs publicly
Security by obscurity
Something you have/know/are vs Passkeys
Passkeys vs TOTP
Inspecting Chrome extensions
Passkey...
Published 03/20/24
VMware needs immediate patching
Midnight Blizzard still on the offensive
China is quietly "de-American'ing" their networks
Signal Version 7.0, now in beta
Meta, WhatsApp, and Messenger -meets- the EU's DMA
The Change Healthcare cyberattack
SpinRite update
Telegram's end-to-end encryption
KepassXC now supports passkeys
Login accelerators
Sites start rejecting @duck.com emails
Tool to detect chrome extensions change owners
Sortest SN title
Passkeys vs 2FA
Show Notes -...
Published 03/13/24
"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
Cory Doctorow's Visions of the Future Humble Book Bundle
CTRL-K shortcut for search on a browser
Direct bootable image downloading for GRC's servers
Closing the loop on compromised emails
Taco Bell's passwordless app
A solution for Bcrypt's password length limit of 72 bytes
Data as the missing piece for law enforcement and privacy advocates
The token solution for email-only login
Apple's Password Manager...
Published 03/06/24
Nevada attempts to block Meta's end-to-end encryption for minors.
A survey of security breaches
Edge's Super-Duper Secure Mode moves into Chrome
DoorDash dashes our privacy
Avast charged $16.5 million for selling user browsing data
No charge for extra logging!
European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
LockBit RaaS group disrupted
Firefox v123
The ScreenConnect Authentication Bypass
SpinRite update...
Published 02/28/24
Wyze breach
Microsoft patch Tuesday fixes 15 remote code execution flaws
Why are there password restrictions?
The Canadian Flipper Zero Ban
Security on the old internet
Using Old Passwords
Passwordless login
TOTP as a second factor
German ISP using default router passwords
Email encryption in transit
pfSense Tailscale integration
DuckDuckGo's email protection integration with Bitwarden
The KeyTrap Vulnerability
Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf
Hosts: Steve...
Published 02/21/24
Toothbrush Botnet
"There are too many damn Honeypots!"
Remotely accessing your home network securely
Going passwordless as an ecommerce site
Facebook "old password" reminders
Browsers on iOS
More UPnP Issues
A password for every website?
"Free" accounts
Keeping phones plugged in
Running your own email server in 2024
iOS app sizes
SpinRite 6.1 running on an iMac
SpinRite update
Bitlocker's encryption cracked in minutes
Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf
...
Published 02/14/24
CISA's "Secure by Design" Initiative
The GNU C Library Flaw
Fastly CDN switches from OpenSSL to BoringSSL
Roskomnadzor asserts itself
Google updates Android's Password Manager
Firefox gets post-quantum crypto
Get your TOTP tokens from LastPass
Inflated iOS app data
LearnDMARC
Sync mobile app bug
SpinRite and Windows Defender
Crypto signing camera
Analog hole in digital camera authentication
iOS and Google's Topics
The gathering of the Stephvens
Programmable Logic Controllers...
Published 02/07/24
iOS to allow native Chromium and Firefox engines.
An OS immune to ransomware?
HP back in the doghouse over "anti-virus" printer bricking
The mother of all breaches
New "Thou shall not delete those chats" rules
Fewer ransoms are being paid
Verified Camera Images
More on the $15/month flashlight app
What happens when apps change publishers
Microsoft hating on Firefox
Credit Karma is storing 1GB of data on the iPhone
Staying on Windows 7
Sci-Fi recommendations
Windows 7 and HSTS...
Published 01/31/24
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
US Health and Human Services Breached
Firefox vs "The Competition"
Brave reduces its anti-fingerprinting protections
CISA's proactive policing results one year later
Longer Life For Samsung Updates
Google Incognito Mode "Misunderstanding"
Show Doc Not showing images on iOS Safari
Generated AI Media Authentication
Which computer languages to learn?
Flashlight app subscription
Google's Privacy Sandbox...
Published 01/24/24
What would an IoT device look like that HAD been taken over?
And speaking of DDoS attacks
Trouble in the Quantum Crypto world
The Browser Monoculture
Question about the Apple backdoor
Getting into infosec
proton drive vs sync
SpinRite update
The Protected Audience API
Show Notes - https://www.grc.com/sn/SN-957-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at...
Published 01/17/24
More on Apple's hardware backdoor
Russian Hacking of Ukranian cameras
Russian hackers were inside Ukraine telecoms giant for months
Things are still a mess at 23andMe
CoinsPaid was the victim of another cyberattack
Crypto Hacking in 2023
Mandiant Twitter scam
Defining "cyber warfare"
LastPass is making some changes
Windows Watch
Google settles $5 billion lawsuit
Return Oriented Programming
Shutting Down Edge
Root Certificates
Credit freezing
SpinRite Update
Show Notes -...
Published 01/10/24
SpinRite 6.1 update
Pruning Root Certificates
A solution to Schrodinger's Bowl
DNS Benchmark and anti-virus tools
Nebula Mesh
SpinRite 7 is coming
The Mystery of CVE-2023-38606
Show Notes - https://www.grc.com/sn/SN-955-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For...
Published 01/03/24
Leo looks back at the year's top security stories of 2023.
Steve's Next Password Manager After the LastPass Hack
CHESS is Safe
Here Come the Fake AI-generated "News" Sites
How Bad Guys Use Satellites
Microsoft's "Culture of Toxic Obfuscation"
Steve announces his commitment to SN
Apple Says No
NSA's Decade of Huawei Hacking
ValiDrive announcement
Host: Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at...
Published 12/26/23
Child protection legislation in the US
Meta pushes back on the $200 billion FTC fine for COPPA violation
Age verification on the internet
Google moving from 3rd party cookies to topics
A look at Cloudflare's metrics
SpinRite update
Cox Media admits that it spys on you
Show Notes - https://www.grc.com/sn/SN-953-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at...
Published 12/20/23
The government collection of push notification metadata
Facebook Messenger sets end to end encryption as the default
Iran's Cyber Av3ngers
Cisco's Talos Top 10 cyber security exploits this year
Over 30% of apps are still using a using a vulnerable version the Log4J library
Quad 9 speaks on their legal victory against Sony
What are the "Clear Web", "Dark Web", and "Deep Web"?
A Flaw in Telegram
Xfinity Mobile wants you to accept a root CA, DO NOT
Hardware VPN alternative
A...
Published 12/13/23
How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock
Iranian hackers exploited default passwords in programmable logic controllers at US water facilities
Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling
Over 1 billion Android devices now have RCS messaging enabled
EU Cyber Resilience Act will improve security of Internet of Things...
Published 12/06/23
Adobe Flash Player Updater is (still) desperately trying to update
Veracrypt password security
Firefox moves to 120 with a bunch of very nice new features
Do-Not-Track is back on track
"ownCloud" -or- "PwnCloud" ?
CrushFTP Critical Vulnerability
Bypassing fingerprint authentication
ApacheMQ
TransUnion & Experian both hacked
Show Notes - https://www.grc.com/sn/SN-950-Notes.pdf
Hosts: Steve Gibson and Ant Pruitt
Download or subscribe to this show at...
Published 11/29/23
Privacy and Funding Challenges Facing Signal Messaging App
Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
Ransomware Group Files SEC Complaint Against Breached Company
Europe Opening Up Radio Encryption Standard TETRA for Public Review
Apple Announcing Adoption of RCS Messaging for iPhones
Steve's Progress on Dynamic Code Signing for SpinRite Releases
Removing Suction Cup Barnacles from Windshields
Recommendations for Benchmarking USB Drive Read/Write Speeds...
Published 11/22/23
Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
Decentralized finance platform Raft lost $3.3M due to an exploit.
Crook operated website iotaseed.io to generate wallet seed phrases, then...
Published 11/15/23
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
CVSS version 4 released with new metrics for better granularity and...
Published 11/08/23