95 episodes

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Security Now (Audio‪)‬ Security Now

    • Technology
    • 4.6 • 1.9K Ratings

Listen on Apple Podcasts
Requires subscription and macOS 11.4 or higher

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Listen on Apple Podcasts
Requires subscription and macOS 11.4 or higher

    Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

    Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

    VMware needs immediate patching
    Midnight Blizzard still on the offensive
    China is quietly "de-American'ing" their networks
    Signal Version 7.0, now in beta
    Meta, WhatsApp, and Messenger -meets- the EU's DMA
    The Change Healthcare cyberattack
    SpinRite update
    Telegram's end-to-end encryption
    KepassXC now supports passkeys
    Login accelerators
    Sites start rejecting @duck.com emails
    Tool to detect chrome extensions change owners
    Sortest SN title
    Passkeys vs 2FA
    Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

    Hosts: Steve Gibson and Mikah Sargent

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    vanta.com/SECURITYNOW
    joindeleteme.com/twit promo code TWIT
    kolide.com/securitynow
    business.eset.com/twit

    • 2 hr 23 min
    PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

    PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

    "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
    Cory Doctorow's Visions of the Future Humble Book Bundle
    CTRL-K shortcut for search on a browser
    Direct bootable image downloading for GRC's servers
    Closing the loop on compromised emails
    Taco Bell's passwordless app
    A solution for Bcrypt's password length limit of 72 bytes
    Data as the missing piece for law enforcement and privacy advocates
    The token solution for email-only login
    Apple's Password Manager Resources on Github
    The risk of long-term persistent cookies in browsers
    Why mainframe industries still require weak passwords
    A conundrum involving an exploitable Response Header error and a bounty payment.
    An inspection of Apple's new Post-Quantum Encryption upgrade
    Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf





    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    GO.ACILEARNING.COM/TWIT
    Melissa.com/twit
    bitwarden.com/twit
    kolide.com/securitynow

    • 2 hr 12 min
    Web portal? Yes please! - Firefox v123, LockBit Disrupted

    Web portal? Yes please! - Firefox v123, LockBit Disrupted

    Nevada attempts to block Meta's end-to-end encryption for minors.
    A survey of security breaches
    Edge's Super-Duper Secure Mode moves into Chrome
    DoorDash dashes our privacy
    Avast charged $16.5 million for selling user browsing data
    No charge for extra logging!
    European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
    LockBit RaaS group disrupted
    Firefox v123
    The ScreenConnect Authentication Bypass
    SpinRite update
    Introducing BootAble
    Cox moving to Yahoo Mail for users
    Credit Card security
    Exploiting password complexity reqirements?
    Email only logins
    Flipper Zero in Canada
    German Router security
    More Flipper Zero in Canada
    Throwaway email addresses
    Shared email accounts
    Password quality enforcement
    Fingerprint tech and some future stories
    Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    canary.tools/twit - use code: TWIT
    vanta.com/SECURITYNOW
    robinhood.com/boost
    joindeleteme.com/twit promo code TWIT

    • 2 hr 4 min
    The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

    The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

    Wyze breach
    Microsoft patch Tuesday fixes 15 remote code execution flaws
    Why are there password restrictions?
    The Canadian Flipper Zero Ban
    Security on the old internet
    Using Old Passwords
    Passwordless login
    TOTP as a second factor
    German ISP using default router passwords
    Email encryption in transit
    pfSense Tailscale integration
    DuckDuckGo's email protection integration with Bitwarden
    The KeyTrap Vulnerability
    Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    panoptica.app
    kolide.com/securitynow
    vanta.com/SECURITYNOW
    GO.ACILEARNING.COM/TWIT

    • 2 hr 14 min
    Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

    Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

    Toothbrush Botnet
    "There are too many damn Honeypots!"
    Remotely accessing your home network securely
    Going passwordless as an ecommerce site
    Facebook "old password" reminders
    Browsers on iOS
    More UPnP Issues
    A password for every website?
    "Free" accounts
    Keeping phones plugged in
    Running your own email server in 2024
    iOS app sizes
    SpinRite 6.1 running on an iMac
    SpinRite update
    Bitlocker's encryption cracked in minutes
    Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    joindeleteme.com/twit promo code TWIT
    bitwarden.com/twit
    kolide.com/securitynow
    robinhood.com/boost

    • 2 hr 3 min
    Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

    Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

    CISA's "Secure by Design" Initiative
    The GNU C Library Flaw
    Fastly CDN switches from OpenSSL to BoringSSL
    Roskomnadzor asserts itself
    Google updates Android's Password Manager
    Firefox gets post-quantum crypto
    Get your TOTP tokens from LastPass
    Inflated iOS app data
    LearnDMARC
    Sync mobile app bug
    SpinRite and Windows Defender
    Crypto signing camera
    Analog hole in digital camera authentication
    iOS and Google's Topics
    The gathering of the Stephvens
    Programmable Logic Controllers
    SpinRite update
    Malware-infected Toothbrush
    The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff
    Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:
    Melissa.com/twit
    joindeleteme.com/twit promo code TWIT
    GO.ACILEARNING.COM/TWIT
    vanta.com/SECURITYNOW

    • 2 hr 4 min

Customer Reviews

4.6 out of 5
1.9K Ratings

1.9K Ratings

Alex6464 ,

The last TWIT podcast I enjoy.

I used to listen to/ subscribe to 5-6 TWIT shows. I’m down to two, and MBW is on the chopping block.

But Security Now remains stellar. Steve Gibson is a treasure.

FellowGEEK ,

Glad this show exists

Security Now has been informative and fun throughout the years.

I love the Leo & Steve duo.

Keep up the good work.

Dennis_Linux ,

Love Leo, love his politics even more!

Love Leo, love his politics even more!

Top Podcasts In Technology

All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Lex Fridman Podcast
Lex Fridman
Hard Fork
The New York Times
No Priors: Artificial Intelligence | Machine Learning | Technology | Startups
Conviction | Pod People
TED Radio Hour
NPR
Acquired
Ben Gilbert and David Rosenthal

You Might Also Like

Windows Weekly (Audio)
TWiT
This Week in Tech (Audio)
TWiT
MacBreak Weekly (Audio)
TWiT
Smashing Security
Graham Cluley & Carole Theriault
Tech News Weekly (Audio)
TWiT
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich

More by TWiT TV

This Week in Tech (Audio)
TWiT
MacBreak Weekly (Audio)
TWiT
Ask The Tech Guys (Audio)
TWiT
Windows Weekly (Audio)
TWiT
iOS Today (Audio)
TWiT
MacBreak Weekly (Video)
TWiT