Security Now (MP3)

Security Now (MP3)

United States

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Winner of the 2009 and 2007 people's choice award for best Technology/Science podcast. Records live at https://twit.tv/live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Episodes

SN 588: Your Questions, Steve's Answers 243  

A wonderful quote about random numbers, our standard interesting mix of security do's and dont's, new exploits (WordPress dodged a big bullet!), planned changes, tips & tricks, things to patch, a new puzzle/game discovery, some other fun miscellany... and, finally! Ten comments, thoughts and questions from our terrific listeners!

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 587: Mobile & IoT Nightmares  

Samy Kamkar is back with a weaponized $5 RaspberryPI. "El Cheapo" Android phones bring new meaning to "Phoning it in". Watching a webcam getting taken over. Bruce Schneier speaks to Congress about the Internet. A(nother) iPhone Lockscreen Bypass and another iPhone lockup link. Ransomware author asks a security researcher for help fixing their broken crypto. Britain finally passed that very extreme surveillance law. Some more fun miscellany... and more!

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 586: The BlackNurse Attack  

Results from our listener's informal CAIDA spoofing testing. LessPass turned out to be even less than it appeared. Steve's day at Yubico. News from PwnFest & Mobile Pwn2Own. The probable elimination of Dark Matter. A new Wi-Fi field disturbance attack. A wacky Kickstarter "fingerprint" glove. The "BlackNurse" reduced-bandwidth DoS attack.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 585: The Windows AtomBomb  

Leo and I discuss the answer to last week’s security & privacy puzzler, Let's Encrypt Squarespace, the new open source "LessPass" app, LastPass goes mobile-free, many problems with OAuth, popular Internet services' privacy concerns, news from the IP spoofing front, Microsoft clarifies Win10 update settings and winds down EMET, a hacker finds a serious flaw in Gmail, MySQL patches need to be installed now, a tweet from Paul Thurrott, a bit of errata and... and the Windows AtomBomb attack.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 584: Your Questions, Steve's Answers 242  

Leo and Steve discuss an oh-so-subtle side-channel attack on Intel processors, the quest for verifiable hacker-proof code (which oh-so-subtle side-channel attacks on processors can exploit anyway!), another compiler optimization security gotcha, the challenge of adding new web features without opening routes of exploitation, some good news about the DMCA, Matthew Green and the DMCA, the relentless MPAA and RIAA still pushing the limits and threatening the Internet, the secure ProtonMail service feels the frightening power of skewed search results, regaining control over Windows 10 upgrade insistence, a new 0-day vulnerability Google revealed before Microsoft has patched it, a bit of errata, miscellany and as many listener feedback questions and comments as we have time for.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 583: DRAMMER  

Leo and Steve discuss last week's major attack on DNS, answering the question of whether the Internet is still working?, we look at Linux's worrisome "Dirty COW" bug rediscovered in the kernel after nine years, we address the worrisome average lifetime of Linux bugs, share a bit of errata and miscellany, and offer an in-depth analysis of DRAMMER, the new, largely unpatachable, Android mobile device Rowhammer 30-second exploit.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 582: Your Questions, Steve's Answers 241  

Hosts: Leo Laporte, Steve Gibson

Leo and Steve discuss some serious concerns raised over compelled biometric authentication, a detailed dive into the recently completed audit of VeraCrypt (the successor to TrueCrypt), more on web browsers fatiguing system main SSD storage, a bunch of interesting miscellany (including... are we living in a simulated reality?), and eleven questions and observations from our terrific listeners.

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 581: Yahoo and Primal Worries  

Hosts: Leo Laporte, Steve Gibson

Leo and Steve discuss today's Windows update changes for 7 and 8.1, an exploit purchaser offers a $1.5 million bounty for iOS hacks, WhisperSystems encounter first bug, an IEEE study reveals pervasive "Security Fatigue" among users, Firefox and Chrome news, following the WoSign Woes, Samsung Note 7 news, some errata, a bunch of miscellany... and a look into new Yahoo troubles and concerns over the possibility of hidden trapdoors in widely deployed prime numbers.

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

SN 580: Your Questions, Steve's Answers 240  

Hosts: Steve Gibson, Fr. Robert Ballecer, SJ

An "update" on Microsoft's GWX remover, an encouraging direction for the Windows 10 Edge browser, HP's "security update" blocks non-HP ink cartridges, a clarification about how to upgrade a site's password hashing, a really terrific DNS hack, another update on Windows update, our web browsers may be fatiguing oru SSD's, and Steve answers your questions!

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 579: DDoS, Breaches and Other Records To Be Broken  

Hosts: Steve Gibson, Fr. Robert Ballecer, SJ

Brian Krebs forced to move from Akamai to Google's Project Shield, Yahoo's record-breaking, massive 500 million user data breach, Apple's acknowledged iOS 10 backup PBKDF flaw, well known teen hacker jailbreaks his new iPhone 7 in 24 hours, Microsoft formally allows removal of "Get Windows 10", a new OpenSSL SERVER DoS flaw, more WoSign/StartCom woes (Mozilla prepares to pull the plug), Bittorrent Sync renamed and more deeply documented, and more!

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 578: GRC’s XSS Adventure  

Hosts: Steve Gibson, Fr. Robert Ballecer, SJ

Concerns over a significant expansion in effectively warrantless intrusion into end-user computers, the forthcoming change in Internet governance, NTIA's contract with ICANN to handle IANA is expiring in ten days! Google's next move in using Chrome to push for improved security, the interresting details emerging from a successful NAND memory cloning attack on the iPhone 5c and Steve shares the details and findings of a recent Cross-Site Scripting (XSS) problem on GRC and his recommendation for the best website security scanner!

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 577: Your Questions, Steve's Answers 239  

Flip Feng Shui follow-up, Apple's announcements, Android's rough week, a bank's data center shuts down due to noise, Bluetooth device privacy leakages, and Steve answers your questions! We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 576: Flip Feng Shui  

Hosts: Leo Laporte, Steve Gibson

The continuing woes of WoSign, autonomous micro-recon drones turn out to be real, a new crypto attack on short block ciphers prompts immediate changes oin OpenVPN and OpenSSL, introducing a new Security Now! Abbreviation: "YAWTTY": Yet Another Way To Track You, a discouraging social engineering experiment, another clever USB attack and a look at the weaponizing of RowHammer with "Flip Feng Shui" - the most incredibly righteous and sublime hack... ever!

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 575: Pegasus & Trident  

Hosts: Leo Laporte, Steve Gibson

Dropbox and Opera handle incidents responsibly, while a Chinese certificate authority could not have been more irresponsible. Facebook and WhatsApp announce an information sharing arrangement, the FBI discloses election site hacking, Tavis prepares DashLane and 1Password vulnerability disclosures, the threat of autonomous weapon systems and Wi-Fi router radio wave spying, the details behind Pegasus and Trident, the emergency Apple iOS v9.3.5 patch and more!

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 574: Routers & Micro Kernels  

Hosts: Leo Laporte, Steve Gibson

Did the Shadow Brokers hack the NSA's Equation Group? Apple's bug bounty gets quickly outbid, a critical flaw discovered in the RNG of GnuPG, the EFF weighs in on Windows 10, Chrome browser is frightening people unnecessarily, a Johns Hopkins team of cryptographers, including Matthew Green, disclose a weakness in Apple's iMessage technology, unused router hardware capabilities, what's a "Micro Kernel?" And more!

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 573: Memory & Micro Kernels  

Hosts: Leo Laporte, Steve Gibson

Did Microsoft lose control of their secure boot "Golden Key"? AdBlock, unblock, counter-unblock, and counter-counter-unblock is well underway, Leo's story from the field about Avast A/V, a "security is hard to do" mistake in an update to the Internet's TCP protocol, Microsoft's evolving Windows Update policies, an uber-cool way for developers to decrypt and inspect their Firefox and Chrome local TLS traffic, trouble with Windows Identity leak mitigation, and discussion of micro kernels and Intel's forthcoming memory breakthrough!

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 572: Defcon & Blackhat, Part 1  

Hosts: Leo Laporte, Steve Gibson

A distressing quantity of Win10 news, Apple's changing bug bounty policy, newly disclosed Android takeover flaws, yet another way to track web visitors, hackers spoof Tesla auto sensors, Firefox and LastPass news, a19-year old stubborn decision by Microsoft comes home to roost, and a handful of new problems found with HTTP.

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 571: Phishing & Filtering  

Hosts: Leo Laporte, Steve Gibson

LastPass vulnerabilities, new wireless keyboard headaches, deprecating SMS as a second authentication factor, obtaining Windows 10 for free after July, the pervasive problem with website spoofing, and the power and application of multi-interface packet filtering.

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 570: Your Questions, Steve's Answers 238  

Hosts: Leo Laporte, Steve Gibson

Apple gets Stagefright, is Russia trying to influence the U.S. presidential election? Microsoft's battles and wins against U.S. privacy overreach, Grace Hopper (who coined the term "software bug") brilliantly demonstrates "a nanosecond", a bug-fix update to pfSense, a "doing it weird" look at the CUJO security appliance, and Steve answers your questions!

We invite you to read our show notes.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

SN 569: Messenger, CryptoDrop & Riffle  

Leo and I catch up with a fun and interesting week of security happenings, including a bit of daylight on the password sharing question, the trouble with self reporting security breaches, trouble in TOR-land, what future AI assistants mean for our privacy, a terrific looking new piece of security monitoring freeware, a startlingly worrisome 20-year-old fundamental Windows architectural design flaw, a problem with Juniper router's OS certificate validation, some errata, a bunch of miscellany, and the promised follow-up dissection of Facebook Messenger's extra features, the anti-ransomware CryptoDrop, and MIT's "Riffle" anonymity enforcing networking solution.

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by Cachefly.

0:00/0:00
Video player is in betaClose