DiscoverSecurity Now (Video)
Claim Ownership
Security Now (Video)
Author: TWiT
Subscribed: 2,307Played: 43,691Subscribe
Share
© This work is licensed under a Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International - http://creativecommons.org/licenses/by-nc-nd/4.0/
Description
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
219 Episodes
Reverse
An update on the AT&T data breach
340,000 social security numbers leaked
Cookie Notice Compliance
The GDPR does enforce some transparency
Physical router buttons
Wifi enabled button pressers
Netsecfish disclosure of Dlink NAS vulnerability
Chrome bloat
SpinRite update
GhostRace
Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
kolide.com/securitynow
bitwarden.com/twit
vanta.com/SECURITYNOW
1bigthink.com
Out-of-support DLink NAS devices contain hard coded backdoor credentials
Privnote is not so "Priv"
Crowdfense is willing to pay millions
Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution
SpinRite Update
Minimum Viable Secure Product
Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
business.eset.com/twit
lookout.com
joindeleteme.com/twit promo code TWIT
A near-Universal (Local) Linux Elevation of Privilege vulnerability
TechCrunch informed AT&T of a 5 year old data breach
Signal to get very useful cloud backups
Telegram to allow restricted incoming
HP exits Russia ahead of schedule
Advertisers are heavier users of Ad Blockers than average Americans!
The Google Incognito Mode Lawsuit
Canonical fights malicious Ubuntu store apps
Spinrite update
A Cautionary Tale
Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
1bigthink.com
kolide.com/securitynow
Melissa.com/twit
vanta.com/SECURITYNOW
Apple vs U.S. DOJ
G.M.'s Unbelievably Horrible Driver Data Sharing Ends
Super Sushi Samurai
Apple has effectively abandoned HomeKit Secure Routers
The forthcoming ".INTERNAL" TLD
The United Nations vs AI.
Telegram now blocked throughout Spain
Vancouver Pwn2Own 2024
China warns of incoming hacks
Annual Tax Season Phishing Deluge
SpinRite update
Authentication without a phone
Are Passkeys quantum safe?
GoFetch: The Unpatchable vulnerability in Apple chips
Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
bitwarden.com/twit
canary.tools/twit - use code: TWIT
panoptica.app
kolide.com/securitynow
Voyager 1 update
The Web turned 35 and Dad is disappointed
Automakers sharing driving data with insurance companies
A flaw in Passkey thinking
Passkeys vs 2fa
Sharing accounts with Passkeys
Passkeys vs. Passwords/MFA
Workaround to sites that block anonymous email addresses
Open Bounty programs on HackerOne
Steve on Twitter
Ways to disclose bugs publicly
Security by obscurity
Something you have/know/are vs Passkeys
Passkeys vs TOTP
Inspecting Chrome extensions
Passkey transportability
Morris the Second
Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
robinhood.com/boost
GO.ACILEARNING.COM/TWIT
joindeleteme.com/twit promo code TWIT
vanta.com/SECURITYNOW
VMware needs immediate patching
Midnight Blizzard still on the offensive
China is quietly "de-American'ing" their networks
Signal Version 7.0, now in beta
Meta, WhatsApp, and Messenger -meets- the EU's DMA
The Change Healthcare cyberattack
SpinRite update
Telegram's end-to-end encryption
KepassXC now supports passkeys
Login accelerators
Sites start rejecting @duck.com emails
Tool to detect chrome extensions change owners
Sortest SN title
Passkeys vs 2FA
Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
vanta.com/SECURITYNOW
joindeleteme.com/twit promo code TWIT
kolide.com/securitynow
business.eset.com/twit
"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
Cory Doctorow's Visions of the Future Humble Book Bundle
CTRL-K shortcut for search on a browser
Direct bootable image downloading for GRC's servers
Closing the loop on compromised emails
Taco Bell's passwordless app
A solution for Bcrypt's password length limit of 72 bytes
Data as the missing piece for law enforcement and privacy advocates
The token solution for email-only login
Apple's Password Manager Resources on Github
The risk of long-term persistent cookies in browsers
Why mainframe industries still require weak passwords
A conundrum involving an exploitable Response Header error and a bounty payment.
An inspection of Apple's new Post-Quantum Encryption upgrade
Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
GO.ACILEARNING.COM/TWIT
Melissa.com/twit
bitwarden.com/twit
kolide.com/securitynow
Nevada attempts to block Meta's end-to-end encryption for minors.
A survey of security breaches
Edge's Super-Duper Secure Mode moves into Chrome
DoorDash dashes our privacy
Avast charged $16.5 million for selling user browsing data
No charge for extra logging!
European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
LockBit RaaS group disrupted
Firefox v123
The ScreenConnect Authentication Bypass
SpinRite update
Introducing BootAble
Cox moving to Yahoo Mail for users
Credit Card security
Exploiting password complexity reqirements?
Email only logins
Flipper Zero in Canada
German Router security
More Flipper Zero in Canada
Throwaway email addresses
Shared email accounts
Password quality enforcement
Fingerprint tech and some future stories
Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
canary.tools/twit - use code: TWIT
vanta.com/SECURITYNOW
robinhood.com/boost
joindeleteme.com/twit promo code TWIT
Wyze breach
Microsoft patch Tuesday fixes 15 remote code execution flaws
Why are there password restrictions?
The Canadian Flipper Zero Ban
Security on the old internet
Using Old Passwords
Passwordless login
TOTP as a second factor
German ISP using default router passwords
Email encryption in transit
pfSense Tailscale integration
DuckDuckGo's email protection integration with Bitwarden
The KeyTrap Vulnerability
Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
panoptica.app
kolide.com/securitynow
vanta.com/SECURITYNOW
GO.ACILEARNING.COM/TWIT
Toothbrush Botnet
"There are too many damn Honeypots!"
Remotely accessing your home network securely
Going passwordless as an ecommerce site
Facebook "old password" reminders
Browsers on iOS
More UPnP Issues
A password for every website?
"Free" accounts
Keeping phones plugged in
Running your own email server in 2024
iOS app sizes
SpinRite 6.1 running on an iMac
SpinRite update
Bitlocker's encryption cracked in minutes
Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
joindeleteme.com/twit promo code TWIT
bitwarden.com/twit
kolide.com/securitynow
robinhood.com/boost
CISA's "Secure by Design" Initiative
The GNU C Library Flaw
Fastly CDN switches from OpenSSL to BoringSSL
Roskomnadzor asserts itself
Google updates Android's Password Manager
Firefox gets post-quantum crypto
Get your TOTP tokens from LastPass
Inflated iOS app data
LearnDMARC
Sync mobile app bug
SpinRite and Windows Defender
Crypto signing camera
Analog hole in digital camera authentication
iOS and Google's Topics
The gathering of the Stephvens
Programmable Logic Controllers
SpinRite update
Malware-infected Toothbrush
The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff
Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Melissa.com/twit
joindeleteme.com/twit promo code TWIT
GO.ACILEARNING.COM/TWIT
vanta.com/SECURITYNOW
iOS to allow native Chromium and Firefox engines.
An OS immune to ransomware?
HP back in the doghouse over "anti-virus" printer bricking
The mother of all breaches
New "Thou shall not delete those chats" rules
Fewer ransoms are being paid
Verified Camera Images
More on the $15/month flashlight app
What happens when apps change publishers
Microsoft hating on Firefox
Credit Karma is storing 1GB of data on the iPhone
Staying on Windows 7
Sci-Fi recommendations
Windows 7 and HSTS sites
TOTP codes/secrets and Bitwarden
SpinRite on Mac
SpinRite v6.1 is done!
LearnDMARC.com
Alex Stamos on "Microsoft Security"
Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
expressvpn.com/securitynow
panoptica.app
kolide.com/securitynow
canary.tools/twit - use code: TWIT
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
US Health and Human Services Breached
Firefox vs "The Competition"
Brave reduces its anti-fingerprinting protections
CISA's proactive policing results one year later
Longer Life For Samsung Updates
Google Incognito Mode "Misunderstanding"
Show Doc Not showing images on iOS Safari
Generated AI Media Authentication
Which computer languages to learn?
Flashlight app subscription
Google's Privacy Sandbox system
Malware and IoT devices
Protected Audience API vs. Malvertising
Defensive computing
Why ISPs don't do anything about DDoS attacks
SpinRite Update
Show Notes - https://www.grc.com/sn/SN-958-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
paloaltonetworks.com/ot-security-tco
bitwarden.com/twit
drata.com/twit
kolide.com/securitynow
What would an IoT device look like that HAD been taken over?
And speaking of DDoS attacks
Trouble in the Quantum Crypto world
The Browser Monoculture
Question about the Apple backdoor
Getting into infosec
proton drive vs sync
SpinRite update
The Protected Audience API
Show Notes - https://www.grc.com/sn/SN-957-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
meraki.cisco.com/twit
kolide.com/securitynow
lookout.com
bitwarden.com/twit
joindeleteme.com/twit promo code TWIT
More on Apple's hardware backdoor
Russian Hacking of Ukranian cameras
Russian hackers were inside Ukraine telecoms giant for months
Things are still a mess at 23andMe
CoinsPaid was the victim of another cyberattack
Crypto Hacking in 2023
Mandiant Twitter scam
Defining "cyber warfare"
LastPass is making some changes
Windows Watch
Google settles $5 billion lawsuit
Return Oriented Programming
Shutting Down Edge
Root Certificates
Credit freezing
SpinRite Update
Show Notes - https://www.grc.com/sn/SN-956-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
lookout.com
paloaltonetworks.com/ot-security-tco
kolide.com/securitynow
bitwarden.com/twit
SpinRite 6.1 update
Pruning Root Certificates
A solution to Schrodinger's Bowl
DNS Benchmark and anti-virus tools
Nebula Mesh
SpinRite 7 is coming
The Mystery of CVE-2023-38606
Show Notes - https://www.grc.com/sn/SN-955-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
bitwarden.com/twit
kolide.com/securitynow
Melissa.com/twit
drata.com/twit
Leo looks back at the year's top security stories of 2023.
Steve's Next Password Manager After the LastPass Hack
CHESS is Safe
Here Come the Fake AI-generated "News" Sites
How Bad Guys Use Satellites
Microsoft's "Culture of Toxic Obfuscation"
Steve announces his commitment to SN
Apple Says No
NSA's Decade of Huawei Hacking
ValiDrive announcement
Host: Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Child protection legislation in the US
Meta pushes back on the $200 billion FTC fine for COPPA violation
Age verification on the internet
Google moving from 3rd party cookies to topics
A look at Cloudflare's metrics
SpinRite update
Cox Media admits that it spys on you
Show Notes - https://www.grc.com/sn/SN-953-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
securemyemail.com/twit Use Code TWIT
drata.com/twit
The government collection of push notification metadata
Facebook Messenger sets end to end encryption as the default
Iran's Cyber Av3ngers
Cisco's Talos Top 10 cyber security exploits this year
Over 30% of apps are still using a using a vulnerable version the Log4J library
Quad 9 speaks on their legal victory against Sony
What are the "Clear Web", "Dark Web", and "Deep Web"?
A Flaw in Telegram
Xfinity Mobile wants you to accept a root CA, DO NOT
Hardware VPN alternative
A breakthrough in quantum computing
Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
GO.ACILEARNING.COM/TWIT
lookout.com
bitwarden.com/twit
How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock
Iranian hackers exploited default passwords in programmable logic controllers at US water facilities
Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling
Over 1 billion Android devices now have RCS messaging enabled
EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU
Black Basta ransomware group has netted over $107 million since early 2022
Google's new .meme top-level domain allowing meme-related web properties
CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast
France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead
Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust
Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
canary.tools/twit - use code: TWIT
vanta.com/SECURITYNOW
Essential cybersecurity insights with Steve Gibson and Leo Laporte weekly. https://www.alphagroupsvcs.com/corporate-security/
thank u
Love the show. Looking forward to catching a live show.