DiscoverSecurity Now (MP3)
Security Now (MP3)
Claim Ownership

Security Now (MP3)

Author: TWiT

Subscribed: 12,702Played: 236,073
Share

Description

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
181 Episodes
Reverse
CheckM8 & Checkra.in moves to first public betaThe case of the misbehaving transducerBlueKeep and MicrosoftBlueKeep and BSODsBlueKeep and Marcus HutchinsMozilla on DoH -vs- COMCASTYet another approach for solving the problem of certificate revocation within a more limited scope.We invite you to read our show notes at https://www.grc.com/sn/SN-740-Notes.pdfHosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:WWT.COM/TWITFreshBooks.com/securitynowcanary.tools/twit - use code: TWIT
SN 739: DOH and Bluekeep

SN 739: DOH and Bluekeep

2019-11-0601:58:261

October's Windows Patch Tuesday BROKE Windows' ability to connect to a significant number of the Internet's websites. Here's how to fix it.Chrome 78 disables Code Integrity Check to mitigate "Aw Snap!" crashes."Chrome 78 patches a Chrome 0-day which had been discovered by Kaspersky being exploited in the wild."News from the Edge: the first Chromium-based Microsoft Edge Stable Release Candidate.Microarchitectural Data Sampling Vulnerabilities.Trouble for QNAP NAS devices exposed to the Internet.MSP's -- Managed Service Providers -- are a major vector for ransomware delivery.Five months after returning a rental car, man still has the remote control.Chinese-made drones in the US are being grounded.The DNS-over-HTTPS (DoH) controversy.BlueKeep-based attacks have finally started, and what we predicted on this podcast has finally happened.We invite you to read our show notes at https://www.grc.com/sn/SN-739-Notes.pdfHosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:ZipRecruiter.com/securitynowLastPass.com/twitsecuritynow.cachefly.com
This Week's Stories3rd-party antivirus strikes againWindows Defender offline scanAdobe databases hackedJohannesburg hit by ransomwareFirefox's anti-tracking effectivenessBad new PHP/NGINX RCE being exploited in the wildGoodbye SMS (maybe kinda) Hello RCS?Forced Password DisclosureWe invite you to read our show notes: https://www.grc.com/sn/SN-738-Notes.pdfHosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:privacy.com/securitynowWWT.COM/TWITECHOSEC.NET/SECURITYNOW
SN 737: Biometric Mess

SN 737: Biometric Mess

2019-10-2202:06:242

Pixel 4 Face Unlock is so easy you can do it with your eyes closed! Samsung Galaxy S10 and Note 10 fingerprint sensor can be foiled with a $3 screen protector. The frenzy to turn CheckM8 into a consumer-friendly iOS jailbreak. Steganography finds a new host file format. Security display changes are coming to Firefox 70. More on Microsoft's open source "ElectionGuard" election security system. A potentially serious flaw found in Realtek WiFi drivers. Yubikey for local Windows login has been officially released. We invite you to read our show notes at https://www.grc.com/sn/SN-737-Notes.pdfHosts: Steve Gibson and Jason HowellDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:Wasabi.com offer code SecurityNowexpressvpn.com/securitynow
SN 736: CheckM8

SN 736: CheckM8

2019-10-1501:57:102

This week's storiesA sobering reminder about supply chain attacksFacebook's stance on end-to-end encryption raises official protestsUNIX's Co-Creator Ken Thompson's BSD UNIX Password Has Finally Been CrackedJapanese stalker finds idol using reflections in her eyesAmericans and Digital KnowledgeOpenPGP being built into Mozilla's Thunderbird eMail clientWindows 10 Tamper Protection being enabled by defaultCheckM8We invite you to read our show notes at https://www.grc.com/sn/SN-736-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:ECHOSEC.NET/SECURITYNOWgo.itpro.tv/securitynow promo code SN30canary.tools/twit - use code: TWIT
SN 735: Makes Ya WannaCry

SN 735: Makes Ya WannaCry

2019-10-0802:01:512

Ransomware hits schools, hospitals, and hearing aid manufacturers Sodinokibi: the latest advances in Ransomware-as-a-Service Win7 Extended Security Updates are extended A new Nasty 0-Day RCE in vBulletin There's a new WannaCry in townWe invite you to read our show notes at https://www.grc.com/sn/SN-735-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:Melissa.com/twitWWT.COM/TWITZipRecruiter.com/securitynow
SN 734: The Joy of Sync

SN 734: The Joy of Sync

2019-10-0102:02:214

This Week's StoriesThe latest state-of-the-art secure solutions for cross-device, cross-location device synchronizationMozilla's recently announced plans to gradually and carefully bring DNS-over-HTTPS to all Firefox users in the USThe EFF weighs in on DNS-over-HTTPSThe 100% free VPN offering coming from our friends at CloudflareWe invite you to read our show notes at https://www.grc.com/sn/SN-734-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:FreshBooks.com/securitynowsecuritynow.cachefly.comLastPass.com/twit
SN 733: Top 25 Bug Classes

SN 733: Top 25 Bug Classes

2019-09-2401:53:432

This Week's Stories:Cryptomining makes a comebackThe top three most attacked portsSmall office/home office (SOHO) routers and wireless access points: "SOHOpelessly Broken"Chrome gets an emergency update, to 77.0.3865.902019 CWE Top 25 Most Dangerous Software ErrorsWe invite you to read our show notes at https://www.grc.com/sn/SN-733-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:ZipRecruiter.com/securitynowWasabi.com offer code SecurityNowexpressvpn.com/securitynow
SN 732: SIM Jacking

SN 732: SIM Jacking

2019-09-1701:40:212

This Week's StoriesSIMjacker allows attackers to hijack any phone just by sending it an SMS message.Here comes iOS "Lucky" 13!Chrome follows Mozilla to DoH with a twist.Want to enable DoH in Chrome right now? You can, right now, if you wish.Chrome stops showing Extended Validation certs in the URL bar.Mozilla launches 'Firefox Private Network' VPN service as a browser extension.Windows Patch Tuesday reduxChrome Remote DesktopEXIM eMail servers are in trouble again.We invite you to read our show notes at https://www.grc.com/sn/SN-732-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:WWT.COM/TWITthehelm.com/SECURITYNOWgo.itpro.tv/securitynow promo code SN30
SN 731: DeepFakes

SN 731: DeepFakes

2019-09-0901:55:33

This week's stories:Get rich quick spotting deepfakes!A forced two-day recess of all schools in Flagstaff, ArizonaThe case of a ransomware operator being too greedyApple's controversial response to Google's discovery of Chinese iOS hacksZerodium's new payout schedule and what it might mean.The final full public disclosure of BlueKeep exploitation codeSerious PHP flaws, some potentially serious flaws foundWe invite you to read our show notes at https://www.grc.com/sn/SN-731-Notes.pdfHosts: Steve Gibson and Leo LaporteDownload or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Sponsors:canary.tools/twit - use code: TWITFreshBooks.com/securitynowredhat.com/heroes
loading
Comments (18)

Bryan

A great tech podcast thanks to Steve Gibson. Leo Laporte lets him speak in depth without getting in the way unlike some of the other TWIT podcasts.

Oct 10th
Reply

Fred Twigt

How about Syncthing?

Aug 11th
Reply

La Shaun Pearl

zoa

Jan 4th
Reply

Steven Dx

Another poorly done show discussing constitutional rights. The fifth amendment and right to remain silent is not affected by a judge issuing a warrant. Encryption is a right, and the movie `Breach' and historical events such as WWII demonstrate not all politicians or government employees can be trusted, establishing the need for such protections. This requires we do things like not have open borders, or limit the damage from crime like carry a concealed weapon. No encryption should be considered secure, as even so called heavily reviewed open source programs have existed for years with flaws. But conceptually, the 5th amendment affirms the fourth and adds another layer of protection. This is a serious concept to understand as it requires we label decrypted documents as violations of the fifth amendment, as the act of decryption is compelling a person to testify against one self. Par for course in an age of amnesia by so many public servants? Review of the facebook bug was fake news as Facebook claimed they did not know which users were affected when servers have logs? Steve just shoved that under the carpet? palm face. children photos are not poker cards.

Dec 23rd
Reply

Steve D

great show. no no no no google. If you want native apps that can read and write files, develop a native app. You can not remove the sandbox, in fact they need to fix Android shared spaces, especially sd cards. If you did try this, it would have to be a folder for each web site sand boxed to no execute, no wildcard or directory tranversal. folder www.google.com pic.jpg doc.pdf no system files no java script sub folder adsense.www.google.com So just like you delete cookies, poof! you can erase folders (they want cookies users can not delete). great show pointing this stuff out. also perms specific to not only web sites but web pages. you may not want softcondomsfakesite.com access to mail.google.com! why am i writing this, are we all that stupid now?

Dec 7th
Reply

Steve D

so if steve posts 1 gigabyte video on grc.com he should be forced to host to 4 billion ip addresses if they want it @ $5000 a day or would he want to 'throttle' that? Twisting fcc and doj rules as described in podcast demonstrate steve does not understand legal language. sad.

Oct 5th
Reply

Steve Xxx

I like the long format that allows a sense of humor and there is not someone screaming "abandon ship" every five minutes. Steve does a great foundation up approach, and that takes hand holding sometimes. The latest episode with Chrome (I am actually thinking banning that browser on my websites), highlights that auto updates can be more dangerous than traditional malware attacks. The autoupdate pushed malware into systems unkown to the attackers that were clean. Even worse, we dont know if or when malware is rolled back, horrors, if one not paying attention. So something like a password manager, that auto updates itself, could disable certificate protections, phone back to home base, then roll back changes, as even code signing, can be part of the vector for clever attacks. We need out of the box security, and a nice bon fire of all the published document "worse is better". Google is off the rails with subdomains and search bar formatting. None of their business, and created security problems, such as "what am I looking at". Years ago I not only deleted the executible for Google product updates on Windows, but other vendors too. I need to know when updates are done so I can do the backup of the system. Very sloppy practices by tech people who develop code in insecure environments, lack of training, etc. Stop expecting to update products, and dont package the entire C language in your interperters when all I need are simple graphics, text handling, and no object based, or network tools. A web browser should not have any scripting language in my opinion, as people are abusing that system, running up to 120 scripts per page ( especially support pages of Chinese firms)! I would rather have server overhead, then broken trust and crippled networks.

Sep 13th
Reply

David Magallon

These episodes are way too long. Needlessly so. Often it just seems like Steve is just rambling and you can picture Leo just going "uh huh" while watching a YouTube video.

Aug 31st
Reply

Steve D

If Martians were locking up Linux users and selling their organs, would we all still look the other way and just say if you want to do business on Mars, you got to follow the rules and use Microsoft? Don't worry, our lobbyists are holding the line, they confirm that if you can play checkers or chess, they have no plans to lock you up as a threat, at this time, as Martians are not currently at the pleasure level of ruining the lives of checker or chess players any time soon according to translators.

Aug 12th
Reply

Steve D

You are kidding right? You see no scenario where some one can target you using blue tooth? You go out to eat, then get back in your car, someone following you, is waiting for your phone to pair with audio system, in a car nearby.

Aug 11th
Reply

Steve D

The only way to break the cycle is to sell operating system chips on a monthly basis. Every month pop in a new chip, you are done. Sell it in stores so no one can be targeted.

Aug 11th
Reply

Steve D

Dept of Defense websites should not be under the possible control of private sector company certificates, who have dropped the ball in the past. Google refused way back when to spider https sites. No one wants to talk about unnecessary encryption as possibly weakening the entire system over time, which it most certainly does, I don't understand why they demand this, or why they should be trusted with safe browser integration tools, as censorship is raising its ugly head with nebulous terms and specific evidence discussed beyond a reasonable doubt. Google should not be the man in the middle by default with safe browsing 'features' as it gets in bed with violent authoritarians? Google will be broken up, writing is on the wall, in my opinion.

Aug 11th
Reply

Charlie DaBear

is there any company in the world that puts as much effort in to patching as Microsoft?

Aug 8th
Reply

dennis casteel

y inouz ith is he coming but unfortunate are on better go guess toly 😎😎uo not be be an

May 14th
Reply

iTunes User

Steve and Leo cover some very technical subjects with exactly the right amount of detail. If you are the person who your friends go to for computer advice this is a must hear show for you. If you are interested in improving your technical skills this is an excellent show. I wouldn't recomend this show to a novice computer user. If you know a firewall from a router from a switch, or can explain the difference between a worm and a virus you'll be just fine.

Aug 30th
Reply (1)

iTunes User

Steve Gibson is obsessed with computer security and it is really reflected in this show. This is a good thing as he presents the infomation in english and you can be a beginner to advanced user and still understand the topic. Keep up the great work.

Aug 30th
Reply

iTunes User

Besides having excellent audio quality (which is lacking is so many podcasts) this one offers information that would otherwise be difficult to find and understand. While Steve's lingo is often over my head, Leo makes sure that everything is explained in a way that many average users (me) can understand. The fact that the shows cover subjects that are useful to all operating systems is a plus, especially being a Mac user myself.

Aug 30th
Reply
loading
Download from Google Play
Download from App Store