Security Now (Audio)

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

Website : https://twit.tv/shows/security-now

IPFS Feed : http://ipfspodcasting.com/RSS/8/SecurityNowAudio.xml  

Last Episode : December 6, 2022 10:08pm

Last Scanned : 3.4 hours ago

Episodes

Episodes currently hosted on IPFS.

SN 900: LastPass Again - South Dakota bans TikTok, Anker Eufy Camera debacle, Mozilla yanks trusted root
2
  • Picture of the Week.
  • Don't mess with Australia.
  • Facebook / Meta fined by Ireland.
  • REvil's full Medibank dump.
  • Is nothing sacred?
  • Mozilla yanks a (no longer) trusted root.
  • Android Platform Certs Escape.
  • South Dakota says: No more Tik-Tok.
  • Albania blames its IT staff.
  • Good news on the memory safe languages front.
  • Black Hat USA 2022.
  • Another Chrome 0-day bites the dust.
  • Anker's Eufy Camera debacle.
  • An amazing-looking WiFi-6 router... $119.
  • Elon really said this.
  • Closing the Loop.
  • SpinRite.
  • LastPass Again.

 

Show Notes https://www.grc.com/sn/SN-900-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published Tuesday
SN 899: Freebie Bots & Evil Cameras - iSpoofer no more, Boa server vulnerability, CISA on Mastodon
1
  • Picture of the Week.
  • iSpoof you no more.
  • Here come the Freebie Bots!
  • Anatomy of the real-time Cryptocurrency heist.
  • Lookin' for something to do?
  • Boa server vulnerability.
  • The dilemma of closed-source Chinese networking products.
  • The Cyber Defense Index.
  • Malicious Docker Hub images.
  • Since we've been tracking 0-days for a while.
  • CISA on Mastodon.
  • Miscellany.
  • Closing The Loop.
  • SpinRite.


Show Notes https://www.grc.com/sn/SN-899-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 11/29
SN 898: Wi-Peep - FBI purchased Pegasus, Passkey support directory, Quantum decryption deadline, Firefox 107
1
  • Picture of the Week.
  • Firefox v107 was released last Tuesday.
  • Google settles for a cool $391.5 million.
  • Red Hat Signing its ZIP file Packages.
  • The FBI purchased Pegasus for "research and development purposes".
  • Greece bought Predator for €7 million.
  • A passkeys support directory.
  • Quantum decryption deadline.
  • Attorneys General ask the FTC for online privacy regulation.
  • Closing The Loop.
  • SpinRite.
  • Wi-Peep.

Show Notes https://www.grc.com/sn/SN-898-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 11/22
SN 897: Memory-Safe Languages - Shennina Framework, Shufflecake, The Helm, LightSpeed vulnerabilities
1
  • Picture of the Week.
  • Patch Tuesday review.
  • Shennina Framework - Automating Host Exploitation with AI.
  • GitHub's welcome new feature.
  • Three LightSpeed vulnerabilities.
  • Shufflecake: Plausible deniability encrypted Linux volumes.
  • Australia has decided to get proactive!
  • Apple's iOS 16.1.1 everyone file sharing time-limits to 10 minutes in China.
  • A couple of Decentralized Finance notes because I can't help myself.
  • "The Helm" was unable to survive COVID-19.
  • Elon meets Twitter.
  • Closing The Loop.
  • SpinRite.
  • Memory-Safe Languages.

Show Notes - https://www.grc.com/sn/SN-897-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 11/15
SN 896: Something for Everyone - Dropbox breach, cyber bank heists, Russia goes Linux, OpenSSL flaw update
1
  • Picture of the Week.
  • A minor Dropbox breach.
  • OpenSSL follow-up.
  • FTC sued and settled with a repeated offender.
  • $1.2 billion in reported ransomware payments during 2021.
  • Akamai's Q3 Threat Report.
  • Initial Access Brokerages.
  • How do today's bank heists work?
  • De-Fi De-struction De-jour.
  • Russia moves to Linux.
  • We're The Red Cross. Don't attack us, please!
  • Where there's a will, there's a way.
  • From China with Love.
  • The UK's NCSC scan plan.
  • Miscellany.
  • Closing The Loop.
  • SpinRite.

We invite you to read our show notes at https://www.grc.com/sn/SN-896-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 11/08
SN 895: After 20 years in GCHQ - Stranger Strings, PayPal passkeys, new TCP/IP RCE in Windows
1
  • Picture of the Week.
  • Windows driver blocklist to be updated next Tuesday.
  • More Microsoft shenanigans.
  • An upcoming OpenSSL CRITICAL vulnerability update -- get ready!
  • A new TCP/IP RCE in Windows.
  • A study of malicious CVE proof of concept exploits in GitHub.
  • "Stranger Strings" : An exploitable flaw in SQLite.
  • PayPal to add support for Passkeys.
  • A browser exploitation tutorial!
  • Kathleen Booth: July 9th, 1922 – September 29, 2022.
  • Closing The Loop.
  • SpinRite.
  • After 20 years in GCHQ.

We invite you to read our show notes at https://www.grc.com/sn/SN-895-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 11/01
SN 894: Data Breach Responsibility - Firefox 106, KataOS and Sparrow, banking malware, CVSS 9.8 update
1
  • Picture of the Week.
  • Firefox 106 is out.
  • Google's Open Source IoT KataOS and Sparrow.
  • This Week in CryptoCurrency Craziness.
  • New Windows 0-day bypasses executable security checks.
  • Apple's 9th 0-day of the year bites the dust.
  • The evolutionary demise of banking malware.
  • VMWare's Critical CVSS 9.8 Update.
  • Closing The Loop.
  • Miscellany.
  • Data Breach Responsibility.

We invite you to read our show notes at https://www.grc.com/sn/SN-894-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 10/25
SN 893: Password Change Automation - Windows Update RSS, malicious kernal drivers, Signal SMS/MMS, ZimaBoard
1
  • Picture of the Week.
  • Microsoft "Won't Fix".
  • Malicious Kernel Drivers.
  • Microsoft has finally added an RSS feed for Windows Updates!
  • Passkeys [dot] Dev.
  • Largest DDoS attack.
  • Signal will be dropping its SMS/MMS support.
  • Brute-force protection for Windows local admin accounts.
  • Other than that...
  • SpinRite.
  • Closing The Loop.
  • xchg rax, rax and "xorpd"
  • ZimaBoard Goodness.
  • Password Change Automation.

We invite you to read our show notes at https://www.grc.com/sn/SN-893-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 10/18
SN 892: Source Port Randomization - Targeted Malware, Uber CSO Guilty
1
  • Picture of the Week.
  • Breach of Customer Information
  • Meta-targeted Malware
  • Uber's Chief Security Officer Found Guilty
  • More Cryptocurrency Chaos
  • The UK to drop GDPR
  • Summer Internship with the NSA
  • Many Incident Responders are Stressed Out
  • Microsoft's newest dual 0-day Exchange Fumbles
  • SpinRite news
  • ZimaBoard
  • Closing the Loop
  • Source Port Randomization

We invite you to read our show notes at https://www.grc.com/sn/SN-892-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 10/11
SN 891: Poisoning Akamai - Turnstile vs CAPTCHA, Microsoft Teams Under Attack
1
  • Picture of the Week. (What Could Possibly Go Wrong)
  • Microsoft Teams - Unecessarily Insecure
  • Roskomnadzor blocks Soundcloud
  • Microsoft Exchange Server Under Attack Again
  • I'm (Still) Not a Robot!
  • Google TAG History
  • Closing the Loop
  • Poisoning Akamai

We invite you to read our show notes at https://www.grc.com/sn/SN-891-Notes.pdf
 

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 10/04
SN 890: DarkNet Politics - EU and Google Analytics, Rockstar hacker busted, Mozilla says no fair
1
  • Picture of the Week.
  • Can't have it both ways.
  • Denmark has become the fourth EU member to rule that the use of Google Analytics is illegal.
  • Rockstar Games hacker is busted!
  • Mozilla says: No fair!
  • Vivaldi, Manifest V3, webRequest, and ad blockers.
  • Sticky Chrome vulnerabilities.
  • SMB authentication rate limiter now on by default in Windows Insider.
  • US bill to secure FOSS software.
  • Iran vs Albania.
  • Closing The Loop.
  • The Silver Ships.
  • SpinRite.
  • DarkNet Politics.

We invite you to read our show notes at https://www.grc.com/sn/SN-890-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 09/27
SN 889: Spell-Jacking - Cyber-Insurance, GTA 6 leak, MiraclePtr, CVSS9.8 for WordPress, Uber Oops!
1
  • Picture of the Week.
  • This is Patch News-Day.
  • Lloyd's of London backing away from Cyber-Insurance.
  • Uber Oops!
  • Rockstar Games: Grand Theft Auto 6 Massive Leak.
  • LastPass Breach Update.
  • A CVSS 9.8 for WordPress.
  • What cost, Security?
  • Use-after-freedom: Google's "MiraclePtr"
  • Closing The Loop.
  • Spell-Jacking.

We invite you to read our show notes at https://www.grc.com/sn/SN-889-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 09/20
SN 888: The EvilProxy Service - MooBot, Crypto Heist, Cyberwarfare, QNAP, The Silver Ships
1
  • Picture of the Week.
  • Cyberwarfare: Albania vs Iran.
  • Crypto Heist — this or that.
  • The White House "Tech Platform Accountability" Listening Session.
  • Changes to the Dutch Intelligence Law.
  • Another QNAP mess.
  • D-Link's being taken over by MooBot.
  • Sci-Fi Discovery: "The Silver Ships".
  • Closing The Loop.
  • The EvilProxy Service.

We invite you to read our show notes at https://www.grc.com/sn/SN-888-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 09/14
SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble
1
  • Picture of the Week.
  • Google's (newest) Open Source Software Vulnerability Rewards Program.
  • Did TikTok leak 2.05 BILLION User Records?
  • An urgent Chrome update patches new 0-day flaw.
  • Permission-less Browser Clipboard Write.
  • Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.
  • A Quantum Hype Bubble?
  • All of the BlackHat 2022 Presentation Slides PDFs.
  • Csurf NPM library mistake.
  • SpinRite.
  • Closing The Loop.
  • Sci-Fi Discovery: "The Silver Ships"
  • Embedding AWS Credentials.

We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 09/06
SN 886: Wacky Data Exfiltration - LastPass breach, FTC Kochava lawsuit, Hikvision IoT mess
1
  • Picture of the Week.
  • LastPass Breached.
  • The US Federal Trade Commission filed a lawsuit against data broker Kochava.
  • The US Federal Communications Commission launched an investigation into mobile carriers' geolocation data practices.
  • California, here I come!
  • A conversation with a Ransomware Attacker.
  • DuckDuckGo's Privacy-Enhanced eMail Forwarding.
  • Another IoT mess care of "Hikvision"
  • SpinRite.
  • Closing The Loop.
  • Wacky Data Exfiltration.

We invite you to read our show notes at https://www.grc.com/sn/SN-886-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Published 08/30