81 episodes

Security Now could be the most important show you watch all week. Security guru Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, joins Leo Laporte every week to guide us through the minefield of ransomware, viruses, cyber espionage, hacking, etc.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

Security Now (Audio‪)‬ Security Now

    • Technology
    • 4.6 • 1.8K Ratings

Listen on Apple Podcasts
Requires subscription and macOS 11.4 or higher

Security Now could be the most important show you watch all week. Security guru Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, joins Leo Laporte every week to guide us through the minefield of ransomware, viruses, cyber espionage, hacking, etc.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

Listen on Apple Podcasts
Requires subscription and macOS 11.4 or higher

    Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD

    Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD

    How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
    WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock
    Iranian hackers exploited default passwords in programmable logic controllers at US water facilities
    Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling
    Over 1 billion Android devices now have RCS messaging enabled
    EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU
    Black Basta ransomware group has netted over $107 million since early 2022
    Google's new .meme top-level domain allowing meme-related web properties
    CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast
    France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead
    Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust
    Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    canary.tools/twit - use code: TWIT
    vanta.com/SECURITYNOW

    • 2 hr 10 min
    Leo Turns 67 - Fingerprint Security, Do-Not-Track

    Leo Turns 67 - Fingerprint Security, Do-Not-Track

    Adobe Flash Player Updater is (still) desperately trying to update
    Veracrypt password security
    Firefox moves to 120 with a bunch of very nice new features
    Do-Not-Track is back on track
    "ownCloud" -or- "PwnCloud" ?
    CrushFTP Critical Vulnerability
    Bypassing fingerprint authentication
    ApacheMQ
    TransUnion & Experian both hacked
    Show Notes - https://www.grc.com/sn/SN-950-Notes.pdf

    Hosts: Steve Gibson and Ant Pruitt

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    paloaltonetworks.com/ot-security-tco
    Melissa.com/twit
    GO.ACILEARNING.COM/TWIT

    • 2 hr 12 min
    Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review

    Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review

    Privacy and Funding Challenges Facing Signal Messaging App
    Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
    Ransomware Group Files SEC Complaint Against Breached Company
    Europe Opening Up Radio Encryption Standard TETRA for Public Review
    Apple Announcing Adoption of RCS Messaging for iPhones
    Steve's Progress on Dynamic Code Signing for SpinRite Releases
    Removing Suction Cup Barnacles from Windshields
    Recommendations for Benchmarking USB Drive Read/Write Speeds
    Concerns Over EU's Proposed eIDAS 2.0 QWACs Legislation
    Why Protectli Routers Are Preferred for pfSense Setups
    Credit Card Security Precautions for Ex-LastPass Users
    Origins and Evolution of Ethernet Networking Over 50 Years
    Show Notes - https://www.grc.com/sn/SN-949-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    vanta.com/SECURITYNOW
    kolide.com/securitynow
    securemyemail.com/twit Use Code TWIT

    • 2 hr 12 min
    What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

    What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

    Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
    No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
    Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
    Decentralized finance platform Raft lost $3.3M due to an exploit.
    Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
    New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
    Russia moves to formally ban all VPN use in the country.
    Two new flaws found in OpenVPN software, one allowing memory access.
    SpinRite development paused as DOS and Windows versions are complete.
    Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
    Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
    EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
    "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
    Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
    27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.
    Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    kolide.com/securitynow
    bitwarden.com/twit
    GO.ACILEARNING.COM/TWIT

    • 2 hr 12 min
    Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

    Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

    Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
    A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
    Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
    Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
    CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
    Ace Hardware suffered a cyberattack impacting servers and systems
    Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
    Analysis of "BadCandy" malware infecting vulnerable Cisco routers
    Bitwarden password manager adds support for FIDO2 passkeys in browser extension
    Rescuing a severely degraded SSD and bringing it back to life with SpinRite
    Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
    The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic
    Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf

     

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    lookout.com
    canary.tools/twit - use code: TWIT
    Melissa.com/twit

    • 2 hr 13 min
    CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

    CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

    What caused last week's connection interruption? Router was rebooting intermittently, but why?
    David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
    iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
    Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
    HackerOne breach bounties surpass $300M total payout.
    CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
    SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
    Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
    Open source projects struggle with costly code signing certificates.
    Deep dive into CitrixBleed vulnerability allowing authentication bypass.
    Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    cs.co/twit
    bitwarden.com/twit
    vanta.com/SECURITYNOW

    • 2 hr 1 min

Customer Reviews

4.6 out of 5
1.8K Ratings

1.8K Ratings

JapestheJester ,

Steve swears like a sailor!

Leo, you cracked me up so much at the end of this podcast while I was cooking up a new style of food I’ve never cooked before, i had to stop and pause because I was laughing so hard. I have been listening religiously since at least 2017, and every week, it’s not the worst stuff happening, things the majority of us aware of cybersecurity are capable of keeping up with. For example, your see it in the news, patch your system, etc. but nowadays, I really feel like the news out there isn’t really putting out the “news” like they used to. Not certain if that makes sense but I feel like even when it comes to pallet device security updates it’s maybe two or three days later until I even come across an article talking about it, then I go to settings>general>software update and lo and behold, boom we have a severely needed update just waiting for me to click start. What is the problem? It’s set to auto updates, which previously we would have never done, but now it’s acceptable. Anyways, love what y’all do, especially love listening to y’all. Y’all my brothas.

P.S. the fact the Steve agreed to not stopping at 1,000 episodes *chefs kiss*

Love y’all, peace out ♥️

J. P. Walker

markbyrn ,

The Show Notes Will Save Time

From my standpoint, Security Now is one of the few TWiT shows still worth watching. For the most part, Steve Gibson does a solid job explaining security matters that are typically complex. On the negative side, the show is overly long, Gibson can get too far in the weeds, and the host (Leo Laporte) is extraneous. Thankfully, you can the show notes Gibsons website and it’s essentially a transcription.

ICUSandman ,

Educational and Entertaining

I have learned so much from listening to this show! Steve Gibson has a unique ability to explain complex concepts in plain English. If you're new to the show and new to security I highly recommend listening to the earliest episodes!

Top Podcasts In Technology

Lex Fridman
Ben Gilbert and David Rosenthal
Jason Calacanis
The New York Times
Jack Rhysider
NPR

You Might Also Like

TWiT
TWiT
TWiT
Graham Cluley & Carole Theriault
Johannes B. Ullrich
N2K Networks

More by TWiT TV

TWiT
TWiT
TWiT
TWiT
TWiT
TWiT