Security Now (Video)

Picture of the Week. Most to least common 4-digit pins. Enhanced LORAN. Passkeys. Microsoft's Head in the Clouds. Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com zscaler.com/zerotrustAI kolide.com/securitynow joindeleteme.com/twit promo code TWIT

The vulnerability of GPS Is the sky falling on all VPN systems? Multi-user Passkeys, YubiKeys? The iCloud Keychain The UK and Google's Topics Show Notes - https://www.grc.com/sn/SN-973-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit kolide.com/securitynow lookout.com bitwarden.com/twit

GCHQ: No more default passwords for consumer IoT devices! What happened with Chrome and 3rd-party cookies? Race conditions and multi-threading GM "accidentally" enrolled millions into "OnStar Smart Driver +" program Steve recommends Ryk Brown's "Frontiers Saga" SpinRite update Passkeys: A Shattered Dream? Show Notes - https://www.grc.com/sn/SN-972-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit vanta.com/SECURITYNOW 1bigthink.com lookout.com

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

An update on the AT&T data breach 340,000 social security numbers leaked Cookie Notice Compliance The GDPR does enforce some transparency Physical router buttons Wifi enabled button pressers Netsecfish disclosure of Dlink NAS vulnerability Chrome bloat SpinRite update GhostRace Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow bitwarden.com/twit vanta.com/SECURITYNOW 1bigthink.com

Out-of-support DLink NAS devices contain hard coded backdoor credentials Privnote is not so "Priv" Crowdfense is willing to pay millions Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution SpinRite Update Minimum Viable Secure Product Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI business.eset.com/twit lookout.com joindeleteme.com/twit promo code TWIT

A near-Universal (Local) Linux Elevation of Privilege vulnerability TechCrunch informed AT&T of a 5 year old data breach Signal to get very useful cloud backups Telegram to allow restricted incoming HP exits Russia ahead of schedule Advertisers are heavier users of Ad Blockers than average Americans! The Google Incognito Mode Lawsuit Canonical fights malicious Ubuntu store apps Spinrite update A Cautionary Tale Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: 1bigthink.com kolide.com/securitynow Melissa.com/twit vanta.com/SECURITYNOW

Apple vs U.S. DOJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Voyager 1 update The Web turned 35 and Dad is disappointed Automakers sharing driving data with insurance companies A flaw in Passkey thinking Passkeys vs 2fa Sharing accounts with Passkeys Passkeys vs. Passwords/MFA Workaround to sites that block anonymous email addresses Open Bounty programs on HackerOne Steve on Twitter Ways to disclose bugs publicly Security by obscurity Something you have/know/are vs Passkeys Passkeys vs TOTP Inspecting Chrome extensions Passkey transportability Morris the Second Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI robinhood.com/boost GO.ACILEARNING.COM/TWIT joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW

VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit

"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer Cory Doctorow's Visions of the Future Humble Book Bundle CTRL-K shortcut for search on a browser Direct bootable image downloading for GRC's servers Closing the loop on compromised emails Taco Bell's passwordless app A solution for Bcrypt's password length limit of 72 bytes Data as the missing piece for law enforcement and privacy advocates The token solution for email-only login Apple's Password Manager Resources on Github The risk of long-term persistent cookies in browsers Why mainframe industries still require weak passwords A conundrum involving an exploitable Response Header error and a bounty payment. An inspection of Apple's new Post-Quantum Encryption upgrade Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT Melissa.com/twit bitwarden.com/twit kolide.com/securitynow

Nevada attempts to block Meta's end-to-end encryption for minors. A survey of security breaches Edge's Super-Duper Secure Mode moves into Chrome DoorDash dashes our privacy Avast charged $16.5 million for selling user browsing data No charge for extra logging! European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members LockBit RaaS group disrupted Firefox v123 The ScreenConnect Authentication Bypass SpinRite update Introducing BootAble Cox moving to Yahoo Mail for users Credit Card security Exploiting password complexity reqirements? Email only logins Flipper Zero in Canada German Router security More Flipper Zero in Canada Throwaway email addresses Shared email accounts Password quality enforcement Fingerprint tech and some future stories Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT vanta.com/SECURITYNOW robinhood.com/boost joindeleteme.com/twit promo code TWIT

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor German ISP using default router passwords Email encryption in transit pfSense Tailscale integration DuckDuckGo's email protection integration with Bitwarden The KeyTrap Vulnerability Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow vanta.com/SECURITYNOW GO.ACILEARNING.COM/TWIT

Toothbrush Botnet "There are too many damn Honeypots!" Remotely accessing your home network securely Going passwordless as an ecommerce site Facebook "old password" reminders Browsers on iOS More UPnP Issues A password for every website? "Free" accounts Keeping phones plugged in Running your own email server in 2024 iOS app sizes SpinRite 6.1 running on an iMac SpinRite update Bitlocker's encryption cracked in minutes Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit kolide.com/securitynow robinhood.com/boost

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW