Security Now

SN 693: Internal Bug Discovery

Security Now (Audio)

  • Australia's recently passed anti-encryption legislation
  • Details of a couple more mega-breaches including a bit of Marriott follow-up
  • A welcome call for legislation from Microsoft
  • A new twist on online advertising click fraud
  • The DHS is interested in deanonymizing cryptocurrencies beyond Bitcoin
  • The changing landscape of TOR funding
  • An entirely foreseeable disaster with a new Internet IoT-oriented protocol
  • Google finds bugs in Google+ and acts responsibly -- again -- what that suggests for everyone else

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 692: GPU RAM Image Leakage

Security Now (Audio)

  • Another Lenovo SuperFish-style local security certificate screw up
  • The Marriott breach and several other new, large and high-profile secure breach incidents
  • The inevitable evolution of exploitation of publicly exposed UPnP router services
  • The emergence of "Printer Spam"
  • How well does ransomware pay? We have an idea now.
  • The story of two iOS scam apps
  • Progress on the DNS over HTTPS front
  • Rumors that Microsoft is abandoning their EdgeHTML engine in favor of Chromium We also have a bit of
  • A Cyber Security related Humble Book Bundle just in time for Christmas
  • Some new research that reveals that it's possible to recover pieces of web browser page images that have been previously viewed.

We invite you to read our shown notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 691: ECCploit

Security Now (Audio)

  • Yesterday, the US Supreme Court heard Apple's argument about why a class action lawsuit against their monopoly App Store should not be allowed to proceed. How could this affect iOS security?
  • Google and Mozilla are looking to remove support for FTP from their browsers.
  • From our "what could possibly go wrong" department, we have browsers asking for explicit permission to leave their sandboxes.
  • The next step in the evolution of RowHammer attacks which do, as Bruce Schneier once opined, only get better... or in this case, worse!

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 690: Are Passwords Immortal?

Security Now (Audio)

  • All the action at last week's Pwn2Own Mobile hacking contest
  • The final word on processor mis-design in the Meltdown/Spectre era
  • A workable solution for unsupported Intel firmware upgrades for hostile environments
  • A forthcoming Firefox breach alert feature
  • The expected takeover of exposed Docker-offering servershe recently announced successor to recently ratified HTTP/2
  • 1.1.1.1 errata
  • The future of passwords: a thoughtful article written by Troy Hunt, the creator of the popular "Have I Been Pwned" web service

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 689: Self-Decrypting Drives

Security Now (Audio)

  • Last month's Patch Tuesday, this month
  • A GDPR-inspired lawsuit filed by Privacy International
  • Check these two router ports to protect against a new botnet that's making the rounds
  • Another irresponsibly disclosed zero-day, this time in Virtual Box
  • CloudFlare's release of a very cool 1.1.1.1 app for iOS and Android
  • Microsoft's caution about the in-RAM vulnerabilities of the BitLocker whole drive encryption
  • A deep dive into last week's worrisome revelation about the lack of true security being offered by today's Self-Encrypting SSD drives.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 688: PortSmash

Security Now (Audio)

  • A close look at the impact and implication of the new "PortSmash" attack against Intel (and almost certainly other) processors.
  • The new "BleedingBit" Bluetooth flaws
  • JavaScript is no longer optional with Google
  • A new Microsoft Edge browser 0-day
  • Windows Defender plays in its own sandbox
  • Microsoft and SysInternals news
  • The further evolution of the CAPTCHA
  • The 30th anniversary of the Internet's first worm
  • A bizarre requirement of Ransomware
  • A nice new bit of security non-tech from Apple

We invite you to read our show notes

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 687: Securing the Vending Machine

Security Now (Audio)

More Zero-day exploits in Windows 10, publicly exposed Docker Engine APIs, Google's plan to fix Android, the DoD is expanding its existing "Hack the Pentagon" bug-bounty program to include hardware assets, the going rate for DDoS-for-Hire, and Steve has the answer to our vending machine conundrum from last week.

We invite you to read our show notes.

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 686: Libssh's Big Whoopsie!

Security Now (Audio)

This week a widely used embedded OS (FreeRTOS) is in the doghouse, as are at least eight D-Link routers which have serious problems most of which D-Link has stated will never be patched. We look at five new problems in Drupal 7 and 8, two of which are rated critical, trouble with Live Networks RTSP streaming server, still more trouble with the now-infamous Windows 10 Build 1809 feature update, and a long standing 0-day in the widely used and most popular plugin for jQuery. We then look at what can only be described as an embarrassing mistake in the open source libssh library, and we conclude by examining a fun recent hack and pose its solution to our audience as our Security Now Puzzler of the Week!

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 685: Good Samaritans?

Security Now (Audio)

This week we observe the untimely death of Microsoft's co-founder Paul Allen, revisit the controversial Bloomberg China supply chain hacking report, catch up on Microsoft's October patching fiasco, follow-up on Facebook's privacy breach, look at the end of TLS v1.0 and 1.1, explore Google's addition of control flow integrity to Android 9, look at a GAO report about the state of US DOD weapons cybersecurity, consider the EOL of PHP 5.x chain, take a quick look at an A/V comparison test, entertain a few bits of feedback from our listeners, and then consider the implications of grey-hat vigilante hacking of others' routers.

We invite you to read our show notes

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 684: The Supply Chain

Security Now (Audio)

  • An October Surprise of a different sort - Windows 10 update deletes users' files
  • A security researcher has massively weaponzied the existing MicroTik vulnerability and released it as a proof-of-concept
  • A clever voicemail WhatsApp OTP bypass
  • What happened with that recent Google+ breach?
  • Google tightens up its Chrome extensions security policies
  • WiFi radio protocol designations finally switch to simple version numbering
  • Intel unwraps its 9th-generation processors
  • Head-spinning PDF updates from Adobe and Foxit (this isn't a competition, guys!)
  • Bloomberg's earth-shaking controversial report on Chinese hardware hacking

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:




Select a Feed

Boston Bruins News
Fred Langa at Information Week
Security Now
Deal Detective
Cheap Stingy Bargains
NY Times National Headlines
Boston Red Sox News
New Egg's Hottest Deals



Back To Top
© 1998 - 2018 psacake.com | My3C's

Version 7.2 | Advertise on this site