SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

Update: 2024-02-07

Description

CISA's "Secure by Design" Initiative

The GNU C Library Flaw

Fastly CDN switches from OpenSSL to BoringSSL

Roskomnadzor asserts itself

Google updates Android's Password Manager

Firefox gets post-quantum crypto

Get your TOTP tokens from LastPass

Inflated iOS app data

LearnDMARC

Sync mobile app bug

SpinRite and Windows Defender

Crypto signing camera

Analog hole in digital camera authentication

iOS and Google's Topics

The gathering of the Stephvens

Programmable Logic Controllers

SpinRite update

Malware-infected Toothbrush

The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff

Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Melissa.com/twit

joindeleteme.com/twit promo code TWIT

GO.ACILEARNING.COM/TWIT

vanta.com/SECURITYNOW

Comments

In Channel

SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo

2024-04-2302:19:38

SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons

2024-04-1601:55:53

SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense

2024-04-0901:51:45

SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach

2024-04-0201:48:46

SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

2024-03-2602:02:17

SN 966: Morris The Second - Voyager 1, The Web Turns 35

2024-03-1902:14:40

SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

2024-03-1202:21:50

SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

2024-03-0602:19:01

SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted

2024-02-2802:05:23

SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

2024-02-2102:14:49

SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

2024-02-1402:09:47

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

2024-02-0702:07:29

SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

2024-01-3102:23:44

SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results

2024-01-2402:24:47

SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles

2024-01-1701:48:04

SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass

2024-01-1001:56:29

SN 955: The Mystery of CVE-2023-38606 - SpinRite Update, Nebula Mesh, Apple's Backdoor

2024-01-0301:53:24

SN 954: Best of 2023 - Security Now's Best Moments of 2023

2023-12-2601:42:21

SN 953: Active Listening - KOSA, Cloudflare's Numbers, SpinRite Update

2023-12-2002:04:06

SN 952: Quantum Computing Breakthrough - The Clear/Deep/Dark Web, Quad 9 victory, Telegram Flaw

2023-12-1302:19:33

Download from Google Play

Download from App Store

FAQs

United States

00:00

1.0x

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

#box-pro-ellipsis-171447997287656{-webkit-line-clamp:2;}SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

TWiT

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL