Security Now
SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE
- The dangers of doing things you don't understand.
- Espressif responds to the claims of an ESP32 backdoor.
- A widely leveraged mistake Microsoft stubbornly refuses to correct.
- A disturbingly simple remote takeover of Apache Tomcat servers.
- A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards.
- Google snapped up another cloud security firm but paid a price!
- RCS messaging to soon get full end-to-end encryption (done right!).
- How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot?
- Looks like Oracle may take stewardship of TikTok to keep it in-country.
- Whoops! 23andMe is sinking — don't let them take your genetics with them!
- The White House says "the cyber guys should stay!"
- AI project failure rates are on the rise. Anyone surprised?
- Listener feedback, and a very interesting update on just how looming is the threat from quantum computing?
Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
SN 1017: Is YOUR System Vulnerable to RowHammer? - Telegram's Crypto, Twitter Outage, FBI Warning
- An analysis of Telegram Messenger's crypto.
- A beautiful statement of the goal of modern crypto design.
- Who was behind Twitter's recent outage trouble?
- An embedded Firefox root certificate expired. Who was surprised?
- AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day.
- The FBI warns of another novel attack vector that's seeing a lot of action.
- Google weighs in on the Age Verification controversy.
- In a vacuum, Kazakhstan comes up with their own solution.
- Was Google also served an order from the UK? Can they say?
- A serious PHP vulnerability you need to know you don't have.
- A bunch of great listener feedback, some Sci-Fi content reviews and...
- A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility
Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
SN 1016: The Bluetooth Backdoor - North Korean Texans, Apple Pushes Back
- Utah passes age verification requirement for app stores.
- The inside story on fake North Korean employees. Is that a Texas accent?
- An update on the ongoing Bybit cryptoheist saga.
- The industry may be making some changes in the wake of the Bybit attack.
- Apple pushes back legally against the UK's secret order.
- Did someone crack Passkeys?
- The UK launches a legal salvo at an innocent security researcher.
- The old data breach we witnessed that just keeps on giving.
- A bit more Bybit postmortem forensic news.
- A lesson to learn from a clever and effective ransomware attack.
- And what about that Bluetooth Backdoor discovery everyone is talking about?
Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
SN 1015: Spatial-Domain Wireless Jamming - Firefox Privacy Policy, Signal Leaving Sweden?
- Firefox amends their privacy policy -- the world melts down.
- Signal threatens to leave Sweden.
- Aftermath of the massive $1.5 billion Bybit ETH heist.
- It turns out that it wasn't actually Bybit's fault.
- "The Lazarus Bounty" monitoring and management site.
- Mozilla's commitment to Manifest V2 (and the uBlock Origin).
- What does the ACM's plea for memory-safe languages mean for developers?
- What exactly are memory-safe languages?
- Australia joins the Kaspersky ban.
- Gmail plans to switch from SMS to QR code authentication.
- A SpinRite success and some fun feedback.
- An astonishing new technology for targeted radio jamming
Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors: