Security Now (Video)

• VMware needs immediate patching
• Midnight Blizzard still on the offensive
• China is quietly "de-American'ing" their networks
• Signal Version 7.0, now in beta
• Meta, WhatsApp, and Messenger -meets- the EU's DMA
• The Change Healthcare cyberattack
• SpinRite update
• Telegram's end-to-end encryption
• KepassXC now supports passkeys
• Login accelerators
• Sites start rejecting @duck.com emails
• Tool to detect chrome extensions change owners
• Sortest SN title
• Passkeys vs 2FA

Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• vanta.com/SECURITYNOW
• joindeleteme.com/twit promo code TWIT
• kolide.com/securitynow
• business.eset.com/twit

• "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
• Cory Doctorow's Visions of the Future Humble Book Bundle
• CTRL-K shortcut for search on a browser
• Direct bootable image downloading for GRC's servers
• Closing the loop on compromised emails
• Taco Bell's passwordless app
• A solution for Bcrypt's password length limit of 72 bytes
• Data as the missing piece for law enforcement and privacy advocates
• The token solution for email-only login
• Apple's Password Manager Resources on Github
• The risk of long-term persistent cookies in browsers
• Why mainframe industries still require weak passwords
• A conundrum involving an exploitable Response Header error and a bounty payment.
• An inspection of Apple's new Post-Quantum Encryption upgrade

Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• GO.ACILEARNING.COM/TWIT
• Melissa.com/twit
• bitwarden.com/twit
• kolide.com/securitynow

• Nevada attempts to block Meta's end-to-end encryption for minors.
• A survey of security breaches
• Edge's Super-Duper Secure Mode moves into Chrome
• DoorDash dashes our privacy
• Avast charged $16.5 million for selling user browsing data
• No charge for extra logging!
• European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
• LockBit RaaS group disrupted
• Firefox v123
• The ScreenConnect Authentication Bypass
• SpinRite update
• Introducing BootAble
• Cox moving to Yahoo Mail for users
• Credit Card security
• Exploiting password complexity reqirements?
• Email only logins
• Flipper Zero in Canada
• German Router security
• More Flipper Zero in Canada
• Throwaway email addresses
• Shared email accounts
• Password quality enforcement
• Fingerprint tech and some future stories

Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• vanta.com/SECURITYNOW
• robinhood.com/boost
• joindeleteme.com/twit promo code TWIT

• Wyze breach
• Microsoft patch Tuesday fixes 15 remote code execution flaws
• Why are there password restrictions?
• The Canadian Flipper Zero Ban
• Security on the old internet
• Using Old Passwords
• Passwordless login
• TOTP as a second factor
• German ISP using default router passwords
• Email encryption in transit
• pfSense Tailscale integration
• DuckDuckGo's email protection integration with Bitwarden
• The KeyTrap Vulnerability

Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• panoptica.app
• kolide.com/securitynow
• vanta.com/SECURITYNOW
• GO.ACILEARNING.COM/TWIT

• Toothbrush Botnet
• "There are too many damn Honeypots!"
• Remotely accessing your home network securely
• Going passwordless as an ecommerce site
• Facebook "old password" reminders
• Browsers on iOS
• More UPnP Issues
• A password for every website?
• "Free" accounts
• Keeping phones plugged in
• Running your own email server in 2024
• iOS app sizes
• SpinRite 6.1 running on an iMac
• SpinRite update
• Bitlocker's encryption cracked in minutes

Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• joindeleteme.com/twit promo code TWIT
• bitwarden.com/twit
• kolide.com/securitynow
• robinhood.com/boost

• CISA's "Secure by Design" Initiative
• The GNU C Library Flaw
• Fastly CDN switches from OpenSSL to BoringSSL
• Roskomnadzor asserts itself
• Google updates Android's Password Manager
• Firefox gets post-quantum crypto
• Get your TOTP tokens from LastPass
• Inflated iOS app data
• LearnDMARC
• Sync mobile app bug
• SpinRite and Windows Defender
• Crypto signing camera
• Analog hole in digital camera authentication
• iOS and Google's Topics
• The gathering of the Stephvens
• Programmable Logic Controllers
• SpinRite update
• Malware-infected Toothbrush
• The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff

Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Melissa.com/twit
• joindeleteme.com/twit promo code TWIT
• GO.ACILEARNING.COM/TWIT
• vanta.com/SECURITYNOW

• iOS to allow native Chromium and Firefox engines.
• An OS immune to ransomware?
• HP back in the doghouse over "anti-virus" printer bricking
• The mother of all breaches
• New "Thou shall not delete those chats" rules
• Fewer ransoms are being paid
• Verified Camera Images
• More on the $15/month flashlight app
• What happens when apps change publishers
• Microsoft hating on Firefox
• Credit Karma is storing 1GB of data on the iPhone
• Staying on Windows 7
• Sci-Fi recommendations
• Windows 7 and HSTS sites
• TOTP codes/secrets and Bitwarden
• SpinRite on Mac
• SpinRite v6.1 is done!
• LearnDMARC.com
• Alex Stamos on "Microsoft Security"

Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• panoptica.app
• kolide.com/securitynow
• canary.tools/twit - use code: TWIT

• Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
• US Health and Human Services Breached
• Firefox vs "The Competition"
• Brave reduces its anti-fingerprinting protections
• CISA's proactive policing results one year later
• Longer Life For Samsung Updates
• Google Incognito Mode "Misunderstanding"
• Show Doc Not showing images on iOS Safari
• Generated AI Media Authentication
• Which computer languages to learn?
• Flashlight app subscription
• Google's Privacy Sandbox system
• Malware and IoT devices
• Protected Audience API vs. Malvertising
• Defensive computing
• Why ISPs don't do anything about DDoS attacks
• SpinRite Update

Show Notes - https://www.grc.com/sn/SN-958-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• paloaltonetworks.com/ot-security-tco
• bitwarden.com/twit
• drata.com/twit
• kolide.com/securitynow

• What would an IoT device look like that HAD been taken over?
• And speaking of DDoS attacks
• Trouble in the Quantum Crypto world
• The Browser Monoculture
• Question about the Apple backdoor
• Getting into infosec
• proton drive vs sync
• SpinRite update
• The Protected Audience API

Show Notes - https://www.grc.com/sn/SN-957-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• meraki.cisco.com/twit
• kolide.com/securitynow
• lookout.com
• bitwarden.com/twit
• joindeleteme.com/twit promo code TWIT

• More on Apple's hardware backdoor
• Russian Hacking of Ukranian cameras
• Russian hackers were inside Ukraine telecoms giant for months
• Things are still a mess at 23andMe
• CoinsPaid was the victim of another cyberattack
• Crypto Hacking in 2023
• Mandiant Twitter scam
• Defining "cyber warfare"
• LastPass is making some changes
• Windows Watch
• Google settles $5 billion lawsuit
• Return Oriented Programming
• Shutting Down Edge
• Root Certificates
• Credit freezing
• SpinRite Update

Show Notes - https://www.grc.com/sn/SN-956-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• lookout.com
• paloaltonetworks.com/ot-security-tco
• kolide.com/securitynow
• bitwarden.com/twit