• Picture of the Week.
• Multiple Exploitable Samsung 0-Days.
• A good idea for NPM.
• The TikTok Tick Tock.
• Google pushes for 90-day TLS certificate life.
• CHESS is safe.
• CISA has begun scanning!
• Flying Trojan Horses.

Show Notes: https://www.grc.com/sn/SN-915-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• drata.com/twit
• GO.ACILEARNING.COM/TWIT
• expressvpn.com/securitynow

• Picture of the Week.
• Another Malicious Chrome Extension.
• Germany to join the Huawei & ZTE ban.
• Putting "phishing" into perspective.
• The Polynonce attack.
• Plex's RCE now in CISA's KEV.
• Sci-Fi: Andor.
• Sony Sues Quad9.

Show Notes: https://www.grc.com/sn/SN-914-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• fortra.com
• bitwarden.com/twit
• plextrac.com/twit

• Picture of the Week.
• DDoS'ing Fosstodon.
• DDoS for Hire takedowns.
• TikTok Insanity.
• Illegal Warrantless Surveillance.
• Strategic Objective 3.3.
• GitHub Secret Scanning.
• CISA's Covert Red-Team.
• What's left?
• What's old is new again.
• TCG TPM vulnerabilities.
• WordPress "All In One SEO".
• Russia fines Wikipedia.
• A Fowl Incident.

Show Notes: https://www.grc.com/sn/SN-913-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• drata.com/twit
• kolide.com/securitynow

• Picture of the Week.
• Windows 11? ... anyone?
• As Plain as Ever.
• Edge's new built-in VPN?
• LastPass Incident Update.
• Signal says NO to the UK.
• More PyPI troubles.
• The QNAP bug bounty program.
• SpinRite.
• The NSA @ Home.

Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• kolide.com/securitynow

GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified

• Picture of the Week.
• GoneDaddy.
• Section 230.
• No Blue, No SMS-based 2FA.
• Bitwarden gets Argon.
• "Meta Verified".
• Emsisoft Fake Code Signing.
• Attacks breaking records.
• More Mirai.
• NPM malware.
• Patch Tuesday.
• Samsung announces "Message Guard".
• The Hyundai & Kia mess.
• A Clever Regurgitator.

Show Notes https://www.grc.com/sn/sn-911-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• drata.com/twit
• GO.ACILEARNING.COM/TWIT

• Picture of the Week.
• The European Union's Internet Surveillance Proposal.
• 30,000 patient records online?
• .DEV is always HTTPS!
• Google changes Chrome's release strategy.
• Russia shoots the messenger.
• A fool and his Crypto...
• QNAP is back.
• CVSS severity discrepancy.
• Closing the Loop.
• How ESXi Fell.

Show Notes: https://www.grc.com/sn/SN-909-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• drata.com/twit
• barracuda.com/securitynow
• canary.tools/twit - use code: TWIT

• Android to start blocking old and unsafe apps.
• Microsoft to block Internet sourced Excel add-ins.
• An example of saying "no" even when it may hurt.
• Hacked Wormhole funds on the move.
• Kevin Rose Hacked.
• Facebook will be moving more users into E2EE.
• iOS 6.3 and FIDO.
• Scan thy Citizenry.
• The Hive ransomware organization takedown.
• Errata.
• Closing the Loop.
• SpinRite.
• Data Operand Independent Timing.

Show Notes: https://www.grc.com/sn/SN-908-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Melissa.com/twit
• kolide.com/securitynow

• Picture of the Week.
• PayPal Credential Stuffing.
• iOS 16.3 : Cloud encryption for all.
• InfoSecurity Magazine: "ChatGPT Creates Polymorphic Malware".
• CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT.
• "Meta" fined for the third time.
• Bitwarden acquires "Passwordless.dev".
• Closing the Loop.
• SpinRite.
• Credential Reuse.

Show Notes: https://www.grc.com/sn/SN-907-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• GO.ACILEARNING.COM/TWIT
• expressvpn.com/securitynow
• drata.com/twit

• Picture of the Week
• About Password Iterations
• EBC or CB
• Norton Lifelock Troubles
• Chrome Follows Microsoft and Firefox
• Chromium is Beginning to Rust
• BYOVD and Windows Defender Failures
• Closing the Loop (feedback)
• The Rule of Two

Show notes: https://www.grc.com/sn/sn-906-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• plextrac.com/twit
• bitwarden.com/twit
• barracuda.com/securitynow

• Picture of the Week.
• LastPass Aftermath.
• LastPass Vault De-Obfuscator.
• What more do we know this week regarding LastPass?
• The most alarming discovery by listeners.
• Understanding the scale of GPU-enhanced password cracking.
• On the true strength of passwords.
• Feedback from listeners regarding LastPass.

Show Notes https://www.grc.com/sn/SN-905-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• tanium.com/twit
• drata.com/twit

• Picture of the Week.
• SpinRite.
• Leaving LastPass.
• Is there reason for concern?
• Well known password cracker Jeremi Gosney's LastPass rant.
• Steve shares his plan regarding LastPass.
• What is Steve's next password manager?
• What should LastPass users do to protect themselves?

Show Notes https://www.grc.com/sn/SN-904-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• fortra.com
• canary.tools/twit - use code: TWIT

• Anatomy of a Log4j Exploit.
• Will Russia Disconnect?
• FCC Says Kaspersky Labs is a National Security Threat.
• Lenovo UEFI Firmware Troubles.
• That "Passkeys" Thing.
• Dis-CONTI-nued: The End of Conti?
• Steve's Take on the LastPass Breach.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• kolide.com/securitynow

• Picture of the Week.
• A malware operation known as URSNIF.
• Pwn2Own Toronto 2022.
• Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities.
• Patch Tuesday.
• Another Uber breach?
• Elon Botches 'Bot Blockage.
• Vivaldi integrates Mastodon in its desktop browser.
• 5,200 Dutch government warnings.
• CIB: "Coordinated Inauthentic Behavior"
• GitHub to require 2FA by the end of next year.
• Bye bye SHA-1.
• WordFence's VERY useful looking WordPress add-on vulnerability database.
• Closing The Loop.
• SpinRite.
• A Generic WAF Bypass.

Show Notes https://www.grc.com/sn/SN-902-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• plextrac.com/twit

• Picture of the Week.
• Chrome does Passkeys.
• SYNC.COM suffered its first outage.
• Medibank reboot.
• Totally fake cryptocurrency trading platforms.
• Malware on Telegram.
• Texas gets in on the TikTok banning.
• The LastPass class action lawsuit.
• Rackspace had a big embarrassing problem.
• Rackspace is now facing at least three class action lawsuits.
• Another country goes on the offensive.
• Closing The Loop.
• SpinRite.
• Miscellany.
• Apple Encrypts the Cloud.

Show Notes https://www.grc.com/sn/SN-901-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• barracuda.com/securitynow
• bitwarden.com/twit
• expressvpn.com/securitynow

• Picture of the Week.
• Don't mess with Australia.
• Facebook / Meta fined by Ireland.
• REvil's full Medibank dump.
• Is nothing sacred?
• Mozilla yanks a (no longer) trusted root.
• Android Platform Certs Escape.
• South Dakota says: No more Tik-Tok.
• Albania blames its IT staff.
• Good news on the memory safe languages front.
• Black Hat USA 2022.
• Another Chrome 0-day bites the dust.
• Anker's Eufy Camera debacle.
• An amazing-looking WiFi-6 router... $119.
• Elon really said this.
• Closing the Loop.
• SpinRite.
• LastPass Again.

Show Notes https://www.grc.com/sn/SN-900-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• itpro.tv/securitynow
• canary.tools/twit - use code: TWIT
• plextrac.com/twit