Security Now (Audio)
TWiT
Subscribe
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Available episodes
Newest first
Oldest first
3 days ago
SN 876: Microsoft's Patchy Patches - 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies
* Picture of the Week.
* Double Decryption (Last week's key-strength puzzler).
* 3rd Party Authenticators.
* Firefox: Total Cookie Protection.
* We keep breaking DDoS attack records.
* MS-DFSNM.
* An Apple Safari regression.
* One Million WordPress sites force-updated.
* High-Severity RCE in Fastjson Library.
* Miscellany.
* Closing The Loop.
* Microsoft's Patchy Patches.
We invite you to read our show notes at https://www.grc.com/sn/SN-876-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* privacy.com/securitynow
* newrelic.com/securitynow
* expressvpn.com/securitynow
playlist_add
Jun 14, 2022
SN 875: The PACMAN Attack - WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation
* Picture of the Week.
* Apple's Passkeys presentation at WWDC 2022.
* WebAuthn.
* FREE Penetration Testing course with Kali Linux.
* Proof of Simulation.
* A valid use for facial recognition: The Smart Pet Door!
* Closing The Loop.
* The PACMAN Attack.
We invite you to read our show notes at https://www.grc.com/sn/SN-875-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* plextrac.com/twit
* NetFoundry.io/TWIT
* canary.tools/twit - use code: TWIT
playlist_add
Jun 7, 2022
SN 874: Passkeys, Take 2 - ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability
* Picture of the Week.
* ServiceNSW Responds.
* ExpressVPN pulls the plug in India.
* And speaking of pulling the plug.
* "Follina" under active exploitation.
* And a Windows Search URL schema can be abused, too.
* "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones".
* Ransomware sanctions are causing trouble.
* Conti spotted compromising motherboard firmware.
* Errata.
* Closing the Loop.
* Passkeys, Take 2.
We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* itpro.tv/securitynow promo code SN30
* cloud.jumpcloud.com/securitynow
* bitwarden.com/twit
playlist_add
May 31, 2022
SN 873: DuckDuckGone? - Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD
* Picture of the Week.
* New South Wales DDL — Digital Driver's License.
* The latest Microsoft Office 0-day remote code execution vulnerability.
* GhostTouch.
* Vodafone's new TrustPiD.
* Closing the Loop.
* DuckDuckGone?
We invite you to read our show notes at https://www.grc.com/sn/SN-873-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* Melissa.com/twit
* zentrysecurity.com/twit
* kolide.com/securitynow
playlist_add
May 24, 2022
SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1
* Picture of the Week.
* Emergency mid-cycle update for Active Directory.
* Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}.
* Clearview AI in Ukraine.
* Pwn2Own Vancouver 2022.
* The DoJ takes a welcome step back.
* Sometimes, unlocking can be too convenient.
* Closing The Loop.
* Dis-CONTI-nued: The End of Conti?
We invite you to read our show notes at https://www.grc.com/sn/SN-872-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* barracuda.com/securitynow
* plextrac.com/twit
* NetFoundry.io/TWIT
playlist_add
May 17, 2022
SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes
* Picture of the Week.
* An "eventful" Patch Tuesday.
* Patch Tuesday.
* Apple patched a 0-day.
* Google's "Open Source Maintenance Crew".
* Conti suggests overthrowing the new Costa Rican government.
* Policing the Google Play Store.
* The situation has grown more dire for F5 systems' BIG-IP boxes.
* Errata.
* Closing The Loop.
* SpinRite.
* The New EU Surveillance State.
We invite you to read our show notes at https://www.grc.com/sn/SN-871-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* canary.tools/twit - use code: TWIT
* expressvpn.com/securitynow
* cloud.jumpcloud.com/securitynow
playlist_add
May 10, 2022
SN 870: That "Passkeys" Thing - White House and Quantum Computers, Android 0-day, Ransomware snapshot
* Picture of the Week.
* Google updates Android to patch an actively exploited vulnerability.
* Connecticut's recently passed data privacy bill became law last Wednesday.
* Ransomware victim snapshot.
* US State Department offering $10 million reward for information about Conti members.
* The worst threat the US faces...
* The White House and Quantum Computers.
* The ongoing threat from predictable DNS queries.
* F5 Networks Remote RCE warning and exploitation.
* Closing The Loop.
* Sci-Fi.
* That "Passkeys" Thing.
We invite you to read our show notes at https://www.grc.com/sn/SN-870-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* zentrysecurity.com/twit
* kolide.com/securitynow
* privacy.com/securitynow
playlist_add
May 3, 2022
SN 869: Global Privacy Control - DoD DIB-VDP, OpenSSF's Package Analysis Project, Connecticut Privacy
* Picture of the Week.
* DoD DIB-VDP Pilot Overview.
* The OpenSSF and the Package Analysis project.
* Connecticut moves toward state privacy protections.
* Closing The Loop.
* Global Privacy Control.
We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* plextrac.com/twit
* bitwarden.com/twit
* itpro.tv/securitynow promo code SN30
playlist_add
Apr 26, 2022
SN 868: The 0-Day Explosion - Lenovo EUFI Firmware, Everscale Blockchain Wallet, Major Java Update
* Picture of the Week.
* CISA's Known Exploited Vulnerabilities Catalog.
* Lenovo UEFI Firmware Troubles.
* Everscale Blockchain Wallet.
* Java 15, 16, 17, and 18 received MUST UPDATES last week.
* Closing The Loop.
* Sci-Fi.
* SpinRite.
* The 0-Day Explosion.
We invite you to read our show notes at https://www.grc.com/sn/SN-868-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* NetFoundry.io/TWIT
* barracuda.com/securitynow
* grammarly.com/twit
playlist_add
Apr 19, 2022
SN 867: A Critical Windows RPC RCE - Another Chrome 0-day, MS Patch-Fest, US Nuclear Systems Unhackable?
* Picture of the Week.
* Chrome's 3rd 0-day of 2022.
* Patch Tuesday Redux.
* WordPress once again...
* Apache Struts Framework needs a critical update.
* Are America's nuclear systems so old they're un-hackable?
* Closing The Loop.
* SpinRite.
* A Critical Windows RPC RCE.
We invite you to read our show notes at https://www.grc.com/sn/SN-867-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
* cloud.jumpcloud.com/securitynow
* canary.tools/twit - use code: TWIT
* zentrysecurity.com/twit
playlist_add