
81 episodes

Security Now (Audio) Security Now
-
- Technology
-
-
4.6 • 1.8K Ratings
-
Security Now could be the most important show you watch all week. Security guru Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, joins Leo Laporte every week to guide us through the minefield of ransomware, viruses, cyber espionage, hacking, etc.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
-
Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD
How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock
Iranian hackers exploited default passwords in programmable logic controllers at US water facilities
Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling
Over 1 billion Android devices now have RCS messaging enabled
EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU
Black Basta ransomware group has netted over $107 million since early 2022
Google's new .meme top-level domain allowing meme-related web properties
CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast
France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead
Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust
Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
canary.tools/twit - use code: TWIT
vanta.com/SECURITYNOW -
Leo Turns 67 - Fingerprint Security, Do-Not-Track
Adobe Flash Player Updater is (still) desperately trying to update
Veracrypt password security
Firefox moves to 120 with a bunch of very nice new features
Do-Not-Track is back on track
"ownCloud" -or- "PwnCloud" ?
CrushFTP Critical Vulnerability
Bypassing fingerprint authentication
ApacheMQ
TransUnion & Experian both hacked
Show Notes - https://www.grc.com/sn/SN-950-Notes.pdf
Hosts: Steve Gibson and Ant Pruitt
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
paloaltonetworks.com/ot-security-tco
Melissa.com/twit
GO.ACILEARNING.COM/TWIT -
Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review
Privacy and Funding Challenges Facing Signal Messaging App
Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
Ransomware Group Files SEC Complaint Against Breached Company
Europe Opening Up Radio Encryption Standard TETRA for Public Review
Apple Announcing Adoption of RCS Messaging for iPhones
Steve's Progress on Dynamic Code Signing for SpinRite Releases
Removing Suction Cup Barnacles from Windshields
Recommendations for Benchmarking USB Drive Read/Write Speeds
Concerns Over EU's Proposed eIDAS 2.0 QWACs Legislation
Why Protectli Routers Are Preferred for pfSense Setups
Credit Card Security Precautions for Ex-LastPass Users
Origins and Evolution of Ethernet Networking Over 50 Years
Show Notes - https://www.grc.com/sn/SN-949-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
vanta.com/SECURITYNOW
kolide.com/securitynow
securemyemail.com/twit Use Code TWIT -
What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45
Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
Decentralized finance platform Raft lost $3.3M due to an exploit.
Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
Russia moves to formally ban all VPN use in the country.
Two new flaws found in OpenVPN software, one allowing memory access.
SpinRite development paused as DOS and Windows versions are complete.
Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
"Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.
Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
kolide.com/securitynow
bitwarden.com/twit
GO.ACILEARNING.COM/TWIT -
Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
Ace Hardware suffered a cyberattack impacting servers and systems
Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
Analysis of "BadCandy" malware infecting vulnerable Cisco routers
Bitwarden password manager adds support for FIDO2 passkeys in browser extension
Rescuing a severely degraded SSD and bringing it back to life with SpinRite
Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic
Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
lookout.com
canary.tools/twit - use code: TWIT
Melissa.com/twit -
CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy
What caused last week's connection interruption? Router was rebooting intermittently, but why?
David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
HackerOne breach bounties surpass $300M total payout.
CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
Open source projects struggle with costly code signing certificates.
Deep dive into CitrixBleed vulnerability allowing authentication bypass.
Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
cs.co/twit
bitwarden.com/twit
vanta.com/SECURITYNOW
Customer Reviews
Steve swears like a sailor!
Leo, you cracked me up so much at the end of this podcast while I was cooking up a new style of food I’ve never cooked before, i had to stop and pause because I was laughing so hard. I have been listening religiously since at least 2017, and every week, it’s not the worst stuff happening, things the majority of us aware of cybersecurity are capable of keeping up with. For example, your see it in the news, patch your system, etc. but nowadays, I really feel like the news out there isn’t really putting out the “news” like they used to. Not certain if that makes sense but I feel like even when it comes to pallet device security updates it’s maybe two or three days later until I even come across an article talking about it, then I go to settings>general>software update and lo and behold, boom we have a severely needed update just waiting for me to click start. What is the problem? It’s set to auto updates, which previously we would have never done, but now it’s acceptable. Anyways, love what y’all do, especially love listening to y’all. Y’all my brothas.
P.S. the fact the Steve agreed to not stopping at 1,000 episodes *chefs kiss*
Love y’all, peace out ♥️
J. P. Walker
The Show Notes Will Save Time
From my standpoint, Security Now is one of the few TWiT shows still worth watching. For the most part, Steve Gibson does a solid job explaining security matters that are typically complex. On the negative side, the show is overly long, Gibson can get too far in the weeds, and the host (Leo Laporte) is extraneous. Thankfully, you can the show notes Gibsons website and it’s essentially a transcription.
Educational and Entertaining
I have learned so much from listening to this show! Steve Gibson has a unique ability to explain complex concepts in plain English. If you're new to the show and new to security I highly recommend listening to the earliest episodes!