Security Now (Audio)

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Website : https://twit.tv/shows/security-now

IPFS Feed : https://ipfspodcasting.net/RSS/8/SecurityNowAudio.xml  

Last Episode : August 9, 2022 10:40pm

Last Scanned : 4.2 hours ago

Episodes

Episodes currently hosted on IPFS.

SN 883: The Maker's Schedule - VirusTotal, Daniel Bernstein sues the NSA, Win 11 might damage encrypted data
1
  • Picture of the Week.
  • Crypto is Hard.
  • VirusTotal: Deception at a scale.
  • Windows 11 might damage encrypted data.
  • Microsoft Defender External Attack Surface Management.
  • Closing The Loop.
  • Daniel Bernstein sues the NSA.
  • The Maker's Schedule.

We invite you to read our show notes at https://www.grc.com/sn/SN-883-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published Tuesday
SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack
1
  • Picture of the Week.
  • Atlassian's "Confluence" under attack.
  • LS-Anvil.
  • Google delays Chrome's cookie phase-out again.
  • Attacker responding to loss of Office Macros.
  • SpinRite.
  • Closing The Loop.
  • RIP: Nichelle Nichols.
  • "The Dropout" on Hulu and "WeCrashed" on AppleTV+.
  • Winamp releases new version after four years in development.
  • Rowhammer's Nine Lives.

We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 08/02
SN 881: The MV720 - MS Office VBA macros, Win 11 security changes, start button failure
1
  • Picture of the Week.
  • Patch Tuesday Redux Redux.
  • Windows 11 Start button failure.
  • The continuing saga of Windows VBA macros.
  • Windows 11 now blocks RDP brute-force attacks by default.
  • Black Hat and DefCon coming soon.
  • SpinRite.
  • pfSense and TailScale.
  • Closing The Loop.
  • The MV720.

We invite you to read our show notes at https://www.grc.com/sn/SN-881-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 07/26
SN 880: RetBleed - Facebook encrypted URLs, cracking Lockdown Mode, ClearView AI resistance, Roskomnadzor
1
  • Picture of the Week.
  • The Rolling Pwn, take II.
  • The great IPv4 Address Space Depletion.
  • Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet.
  • Facebook has started encrypting its link URLs.
  • Crack iOS 16's "Lockdown Mode", earn $2 million.
  • ClearView AI faces some new headwind.
  • Ransomware gangs are getting into the searchable database game, too...
  • Roskomnadzor strikes again!
  • Last Tuesday's Patches.
  • SpinRite.
  • Closing The Loop.
  • RetBleed.

We invite you to read our show notes at https://www.grc.com/sn/SN-880-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 07/19
SN 879: The Rolling Pwn - OpenSSL patch, iOS Lockdown Mode, Yubikey's to Ukraine, Office Macros re-enabled
1
  •  Picture of the Week. 
  •  OpenSSL's Patch For Heap Memory Corruption Vulnerability. 
  •  NIST Announces First Four Quantum-Resistant Cryptographic Algorithms. 
  •  Yubico donated 30,000 Yubikeys to Ukraine. 
  •  Apple's new extreme "Lockdown Mode". 
  •  Microsoft to re-enable Office Macros. 
  •  This Is the Code the FBI Used to Wiretap the World. 
  •  Closing The Loop. 
  •  The Rolling Pwn.

We invite you to read our show notes at https://www.grc.com/sn/SN-879-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 07/12
SN 878: The ZuoRAT - 0-Day Chrome, Firefox v102, HackerOne
1
  •  Picture of the week.
  •  Chrome's fourth zero-day of 2022.
  •  Mozilla's new Firefox privacy-enhancing feature.
  •  HackerOne discloses a malicious insider incident.
  •  Closing the loop.
  •  The ZuoRAT.

We invite you to read our show notes at https://www.grc.com/sn/SN-878-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 07/05
SN 877: The "Hertzbleed" Attack - 3rd Party FIDO2, Log4Shell, '311" Proposal
1
  • Picture of the Week.
  • Errata: Firefox's "Total Cookie Protection"
  • 3rd Party FIDO2 Authenticators
  • Germany's not buying the EU's proposal which subverts encryption
  • The Conti Gang have finally pulled the last plug
  • Log4J and Log4Shell is alive and well
  • The '311' emergency number proposal
  • 56 Insecure-By-Design Vulnerabilities
  • "Long Story Short"
  • Closing The Loop
  • The "Hertzbleed" Attack

We invite you to read our show notes at https://www.grc.com/sn/SN-877-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 06/28
SN 876: Microsoft's Patchy Patches - 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies
1
  • Picture of the Week.
  • Double Decryption (Last week's key-strength puzzler).
  • 3rd Party Authenticators.
  • Firefox: Total Cookie Protection.
  • We keep breaking DDoS attack records.
  • MS-DFSNM.
  • An Apple Safari regression.
  • One Million WordPress sites force-updated.
  • High-Severity RCE in Fastjson Library.
  • Miscellany.
  • Closing The Loop.
  • Microsoft's Patchy Patches.

We invite you to read our show notes at https://www.grc.com/sn/SN-876-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 06/21
SN 875: The PACMAN Attack - WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation
1
  • Picture of the Week.
  • Apple's Passkeys presentation at WWDC 2022.
  • WebAuthn.
  • FREE Penetration Testing course with Kali Linux.
  • Proof of Simulation.
  • A valid use for facial recognition: The Smart Pet Door!
  • Closing The Loop.
  • The PACMAN Attack.

We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 06/14
SN 874: Passkeys, Take 2 - ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability
1
  • Picture of the Week.
  • ServiceNSW Responds.
  • ExpressVPN pulls the plug in India.
  • And speaking of pulling the plug.
  • "Follina" under active exploitation.
  • And a Windows Search URL schema can be abused, too.
  • "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones".
  • Ransomware sanctions are causing trouble.
  • Conti spotted compromising motherboard firmware.
  • Errata.
  • Closing the Loop.
  • Passkeys, Take 2.

We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 06/07
SN 873: DuckDuckGone? - Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD
1
  • Picture of the Week.
  • New South Wales DDL — Digital Driver's License.
  • The latest Microsoft Office 0-day remote code execution vulnerability.
  • GhostTouch.
  • Vodafone's new TrustPiD.
  • Closing the Loop.
  • DuckDuckGone?

We invite you to read our show notes at https://www.grc.com/sn/SN-873-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 05/31
SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1
1
  • Picture of the Week.
  • Emergency mid-cycle update for Active Directory.
  • Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}.
  • Clearview AI in Ukraine.
  • Pwn2Own Vancouver 2022.
  • The DoJ takes a welcome step back.
  • Sometimes, unlocking can be too convenient.
  • Closing The Loop.
  • Dis-CONTI-nued: The End of Conti?

We invite you to read our show notes at https://www.grc.com/sn/SN-872-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 05/24
SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes
1
  • Picture of the Week.
  • An "eventful" Patch Tuesday.
  • Patch Tuesday.
  • Apple patched a 0-day.
  • Google's "Open Source Maintenance Crew".
  • Conti suggests overthrowing the new Costa Rican government.
  • Policing the Google Play Store.
  • The situation has grown more dire for F5 systems' BIG-IP boxes.
  • Errata.
  • Closing The Loop.
  • SpinRite.
  • The New EU Surveillance State.

We invite you to read our show notes at https://www.grc.com/sn/SN-871-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 05/17
SN 870: That "Passkeys" Thing - White House and Quantum Computers, Android 0-day, Ransomware snapshot
1
  • Picture of the Week. 
  • Google updates Android to patch an actively exploited vulnerability. 
  • Connecticut's recently passed data privacy bill became law last Wednesday. 
  • Ransomware victim snapshot. 
  • US State Department offering $10 million reward for information about Conti members. 
  • The worst threat the US faces... 
  • The White House and Quantum Computers. 
  • The ongoing threat from predictable DNS queries. 
  • F5 Networks Remote RCE warning and exploitation. 
  • Closing The Loop. 
  • Sci-Fi. 
  • That "Passkeys" Thing.

We invite you to read our show notes at https://www.grc.com/sn/SN-870-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 05/10
SN 869: Global Privacy Control - DoD DIB-VDP, OpenSSF's Package Analysis Project, Connecticut Privacy
1
  • Picture of the Week.
  • DoD DIB-VDP Pilot Overview.
  • The OpenSSF and the Package Analysis project.
  • Connecticut moves toward state privacy protections.
  • Closing The Loop.
  • Global Privacy Control.

We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 05/03