Out-of-support DLink NAS devices contain hard coded backdoor credentials
Privnote is not so "Priv"
Crowdfense is willing to pay millions
Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution
SpinRite Update
Minimum Viable Secure Product
Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- A near-Universal (Local) Linux Elevation of Privilege vulnerability
- TechCrunch informed AT&T of a 5 year old data breach
- Signal to get very useful cloud backups
- Telegram to allow restricted incoming
- HP exits Russia ahead of schedule
- Advertisers are heavier users of Ad Blockers than average Americans!
- The Google Incognito Mode Lawsuit
- Canonical fights malicious Ubuntu store apps
- Spinrite update
- A Cautionary Tale
Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- Apple vs U.S. DOJ
- G.M.'s Unbelievably Horrible Driver Data Sharing Ends
- Super Sushi Samurai
- Apple has effectively abandoned HomeKit Secure Routers
- The forthcoming ".INTERNAL" TLD
- The United Nations vs AI.
- Telegram now blocked throughout Spain
- Vancouver Pwn2Own 2024
- China warns of incoming hacks
- Annual Tax Season Phishing Deluge
- SpinRite update
- Authentication without a phone
- Are Passkeys quantum safe?
- GoFetch: The Unpatchable vulnerability in Apple chips
Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- Voyager 1 update
- The Web turned 35 and Dad is disappointed
- Automakers sharing driving data with insurance companies
- A flaw in Passkey thinking
- Passkeys vs 2fa
- Sharing accounts with Passkeys
- Passkeys vs. Passwords/MFA
- Workaround to sites that block anonymous email addresses
- Open Bounty programs on HackerOne
- Steve on Twitter
- Ways to disclose bugs publicly
- Security by obscurity
- Something you have/know/are vs Passkeys
- Passkeys vs TOTP
- Inspecting Chrome extensions
- Passkey transportability
- Morris the Second
Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- VMware needs immediate patching
- Midnight Blizzard still on the offensive
- China is quietly "de-American'ing" their networks
- Signal Version 7.0, now in beta
- Meta, WhatsApp, and Messenger -meets- the EU's DMA
- The Change Healthcare cyberattack
- SpinRite update
- Telegram's end-to-end encryption
- KepassXC now supports passkeys
- Login accelerators
- Sites start rejecting @duck.com emails
- Tool to detect chrome extensions change owners
- Sortest SN title
- Passkeys vs 2FA
Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
- Cory Doctorow's Visions of the Future Humble Book Bundle
- CTRL-K shortcut for search on a browser
- Direct bootable image downloading for GRC's servers
- Closing the loop on compromised emails
- Taco Bell's passwordless app
- A solution for Bcrypt's password length limit of 72 bytes
- Data as the missing piece for law enforcement and privacy advocates
- The token solution for email-only login
- Apple's Password Manager Resources on Github
- The risk of long-term persistent cookies in browsers
- Why mainframe industries still require weak passwords
- A conundrum involving an exploitable Response Header error and a bounty payment.
- An inspection of Apple's new Post-Quantum Encryption upgrade
Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- Nevada attempts to block Meta's end-to-end encryption for minors.
- A survey of security breaches
- Edge's Super-Duper Secure Mode moves into Chrome
- DoorDash dashes our privacy
- Avast charged $16.5 million for selling user browsing data
- No charge for extra logging!
- European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
- LockBit RaaS group disrupted
- Firefox v123
- The ScreenConnect Authentication Bypass
- SpinRite update
- Introducing BootAble
- Cox moving to Yahoo Mail for users
- Credit Card security
- Exploiting password complexity reqirements?
- Email only logins
- Flipper Zero in Canada
- German Router security
- More Flipper Zero in Canada
- Throwaway email addresses
- Shared email accounts
- Password quality enforcement
- Fingerprint tech and some future stories
Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- Wyze breach
- Microsoft patch Tuesday fixes 15 remote code execution flaws
- Why are there password restrictions?
- The Canadian Flipper Zero Ban
- Security on the old internet
- Using Old Passwords
- Passwordless login
- TOTP as a second factor
- German ISP using default router passwords
- Email encryption in transit
- pfSense Tailscale integration
- DuckDuckGo's email protection integration with Bitwarden
- The KeyTrap Vulnerability
Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- Toothbrush Botnet
- "There are too many damn Honeypots!"
- Remotely accessing your home network securely
- Going passwordless as an ecommerce site
- Facebook "old password" reminders
- Browsers on iOS
- More UPnP Issues
- A password for every website?
- "Free" accounts
- Keeping phones plugged in
- Running your own email server in 2024
- iOS app sizes
- SpinRite 6.1 running on an iMac
- SpinRite update
- Bitlocker's encryption cracked in minutes
Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- CISA's "Secure by Design" Initiative
- The GNU C Library Flaw
- Fastly CDN switches from OpenSSL to BoringSSL
- Roskomnadzor asserts itself
- Google updates Android's Password Manager
- Firefox gets post-quantum crypto
- Get your TOTP tokens from LastPass
- Inflated iOS app data
- LearnDMARC
- Sync mobile app bug
- SpinRite and Windows Defender
- Crypto signing camera
- Analog hole in digital camera authentication
- iOS and Google's Topics
- The gathering of the Stephvens
- Programmable Logic Controllers
- SpinRite update
- Malware-infected Toothbrush
- The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff
Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors: