• Picture of the Week.
• Crypto is Hard.
• VirusTotal: Deception at a scale.
• Windows 11 might damage encrypted data.
• Microsoft Defender External Attack Surface Management.
• Closing The Loop.
• Daniel Bernstein sues the NSA.
• The Maker's Schedule.

We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• kolide.com/securitynow
• expressvpn.com/securitynow
• drata.com/twit

• Picture of the Week.
• Atlassian's "Confluence" under attack.
• LS-Anvil.
• Google delays Chrome's cookie phase-out again.
• Attacker responding to loss of Office Macros.
• SpinRite.
• Closing The Loop.
• RIP: Nichelle Nichols.
• "The Dropout" on Hulu and "WeCrashed" on AppleTV+.
• Winamp releases new version after four years in development.
• Rowhammer's Nine Lives.

We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• tanium.com/twit
• itpro.tv/securitynow use code: SN30
• grammarly.com/securitynow

• Picture of the Week.
• Patch Tuesday Redux Redux.
• Windows 11 Start button failure.
• The continuing saga of Windows VBA macros.
• Windows 11 now blocks RDP brute-force attacks by default.
• Black Hat and DefCon coming soon.
• SpinRite.
• pfSense and TailScale.
• Closing The Loop.
• The MV720.

We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Melissa.com/twit
• bitwarden.com/twit
• barracuda.com/securitynow

• Picture of the Week.
• The Rolling Pwn, take II.
• The great IPv4 Address Space Depletion.
• Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet.
• Facebook has started encrypting its link URLs.
• Crack iOS 16's "Lockdown Mode", earn $2 million.
• ClearView AI faces some new headwind.
• Ransomware gangs are getting into the searchable database game, too...
• Roskomnadzor strikes again!
• Last Tuesday's Patches.
• SpinRite.
• Closing The Loop.
• RetBleed.

We invite you to read our show notes at https://www.grc.com/sn/SN-880-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• newrelic.com/securitynow
• drata.com/twit
• wwt.com/twit

•  Picture of the Week. 
•  OpenSSL's Patch For Heap Memory Corruption Vulnerability. 
•  NIST Announces First Four Quantum-Resistant Cryptographic Algorithms. 
•  Yubico donated 30,000 Yubikeys to Ukraine. 
•  Apple's new extreme "Lockdown Mode". 
•  Microsoft to re-enable Office Macros. 
•  This Is the Code the FBI Used to Wiretap the World. 
•  Closing The Loop. 
•  The Rolling Pwn.

We invite you to read our show notes at https://www.grc.com/sn/SN-879-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• tanium.com/twit
• canary.tools/twit - use code: TWIT

•  Picture of the week.
•  Chrome's fourth zero-day of 2022.
•  Mozilla's new Firefox privacy-enhancing feature.
•  HackerOne discloses a malicious insider incident.
•  Closing the loop.
•  The ZuoRAT.

We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• ZipRecruiter.com/securitynow
• itpro.tv/securitynow promo code SN30
• tanium.com/twit

• Picture of the Week.
• Errata: Firefox's "Total Cookie Protection"
• 3rd Party FIDO2 Authenticators
• Germany's not buying the EU's proposal which subverts encryption
• The Conti Gang have finally pulled the last plug
• Log4J and Log4Shell is alive and well
• The '311' emergency number proposal
• 56 Insecure-By-Design Vulnerabilities
• "Long Story Short"
• Closing The Loop
• The "Hertzbleed" Attack

We invite you to read our show notes at https://www.grc.com/sn/SN-877-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• drata.com/twit
• barracuda.com/securitynow
• Melissa.com/twit

• Picture of the Week.
• Double Decryption (Last week's key-strength puzzler).
• 3rd Party Authenticators.
• Firefox: Total Cookie Protection.
• We keep breaking DDoS attack records.
• MS-DFSNM.
• An Apple Safari regression.
• One Million WordPress sites force-updated.
• High-Severity RCE in Fastjson Library.
• Miscellany.
• Closing The Loop.
• Microsoft's Patchy Patches.

We invite you to read our show notes at https://www.grc.com/sn/SN-876-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• privacy.com/securitynow
• newrelic.com/securitynow
• expressvpn.com/securitynow

• Picture of the Week.
• Apple's Passkeys presentation at WWDC 2022.
• WebAuthn.
• FREE Penetration Testing course with Kali Linux.
• Proof of Simulation.
• A valid use for facial recognition: The Smart Pet Door!
• Closing The Loop.
• The PACMAN Attack.

We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• plextrac.com/twit
• NetFoundry.io/TWIT
• canary.tools/twit - use code: TWIT

• Picture of the Week.
• ServiceNSW Responds.
• ExpressVPN pulls the plug in India.
• And speaking of pulling the plug.
• "Follina" under active exploitation.
• And a Windows Search URL schema can be abused, too.
• "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones".
• Ransomware sanctions are causing trouble.
• Conti spotted compromising motherboard firmware.
• Errata.
• Closing the Loop.
• Passkeys, Take 2.

We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• itpro.tv/securitynow promo code SN30
• cloud.jumpcloud.com/securitynow
• bitwarden.com/twit

• Picture of the Week.
• New South Wales DDL — Digital Driver's License.
• The latest Microsoft Office 0-day remote code execution vulnerability.
• GhostTouch.
• Vodafone's new TrustPiD.
• Closing the Loop.
• DuckDuckGone?

We invite you to read our show notes at https://www.grc.com/sn/SN-873-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Melissa.com/twit
• zentrysecurity.com/twit
• kolide.com/securitynow

• Picture of the Week.
• Emergency mid-cycle update for Active Directory.
• Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}.
• Clearview AI in Ukraine.
• Pwn2Own Vancouver 2022.
• The DoJ takes a welcome step back.
• Sometimes, unlocking can be too convenient.
• Closing The Loop.
• Dis-CONTI-nued: The End of Conti?

We invite you to read our show notes at https://www.grc.com/sn/SN-872-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• barracuda.com/securitynow
• plextrac.com/twit
• NetFoundry.io/TWIT

• Picture of the Week.
• An "eventful" Patch Tuesday.
• Patch Tuesday.
• Apple patched a 0-day.
• Google's "Open Source Maintenance Crew".
• Conti suggests overthrowing the new Costa Rican government.
• Policing the Google Play Store.
• The situation has grown more dire for F5 systems' BIG-IP boxes.
• Errata.
• Closing The Loop.
• SpinRite.
• The New EU Surveillance State.

We invite you to read our show notes at https://www.grc.com/sn/SN-871-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• expressvpn.com/securitynow
• cloud.jumpcloud.com/securitynow

• Picture of the Week. 
• Google updates Android to patch an actively exploited vulnerability. 
• Connecticut's recently passed data privacy bill became law last Wednesday. 
• Ransomware victim snapshot. 
• US State Department offering $10 million reward for information about Conti members. 
• The worst threat the US faces... 
• The White House and Quantum Computers. 
• The ongoing threat from predictable DNS queries. 
• F5 Networks Remote RCE warning and exploitation. 
• Closing The Loop. 
• Sci-Fi. 
• That "Passkeys" Thing.

We invite you to read our show notes at https://www.grc.com/sn/SN-870-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• zentrysecurity.com/twit
• kolide.com/securitynow
• privacy.com/securitynow

• Picture of the Week.
• DoD DIB-VDP Pilot Overview.
• The OpenSSF and the Package Analysis project.
• Connecticut moves toward state privacy protections.
• Closing The Loop.
• Global Privacy Control.

We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• plextrac.com/twit
• bitwarden.com/twit
• itpro.tv/securitynow promo code SN30