Security Now

SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

Security Now - Tue, 03/12/2024 - 8:47pm
  • VMware needs immediate patching
  • Midnight Blizzard still on the offensive
  • China is quietly "de-American'ing" their networks
  • Signal Version 7.0, now in beta
  • Meta, WhatsApp, and Messenger -meets- the EU's DMA
  • The Change Healthcare cyberattack
  • SpinRite update
  • Telegram's end-to-end encryption
  • KepassXC now supports passkeys
  • Login accelerators
  • Sites start rejecting @duck.com emails
  • Tool to detect chrome extensions change owners
  • Sortest SN title
  • Passkeys vs 2FA

Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

Security Now - Tue, 03/05/2024 - 7:13pm
  • "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
  • Cory Doctorow's Visions of the Future Humble Book Bundle
  • CTRL-K shortcut for search on a browser
  • Direct bootable image downloading for GRC's servers
  • Closing the loop on compromised emails
  • Taco Bell's passwordless app
  • A solution for Bcrypt's password length limit of 72 bytes
  • Data as the missing piece for law enforcement and privacy advocates
  • The token solution for email-only login
  • Apple's Password Manager Resources on Github
  • The risk of long-term persistent cookies in browsers
  • Why mainframe industries still require weak passwords
  • A conundrum involving an exploitable Response Header error and a bounty payment.
  • An inspection of Apple's new Post-Quantum Encryption upgrade

Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf


Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted

Security Now - Tue, 02/27/2024 - 8:48pm
  • Nevada attempts to block Meta's end-to-end encryption for minors.
  • A survey of security breaches
  • Edge's Super-Duper Secure Mode moves into Chrome
  • DoorDash dashes our privacy
  • Avast charged $16.5 million for selling user browsing data
  • No charge for extra logging!
  • European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
  • LockBit RaaS group disrupted
  • Firefox v123
  • The ScreenConnect Authentication Bypass
  • SpinRite update
  • Introducing BootAble
  • Cox moving to Yahoo Mail for users
  • Credit Card security
  • Exploiting password complexity reqirements?
  • Email only logins
  • Flipper Zero in Canada
  • German Router security
  • More Flipper Zero in Canada
  • Throwaway email addresses
  • Shared email accounts
  • Password quality enforcement
  • Fingerprint tech and some future stories

Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

Security Now - Tue, 02/20/2024 - 9:02pm
  • Wyze breach
  • Microsoft patch Tuesday fixes 15 remote code execution flaws
  • Why are there password restrictions?
  • The Canadian Flipper Zero Ban
  • Security on the old internet
  • Using Old Passwords
  • Passwordless login
  • TOTP as a second factor
  • German ISP using default router passwords
  • Email encryption in transit
  • pfSense Tailscale integration
  • DuckDuckGo's email protection integration with Bitwarden
  • The KeyTrap Vulnerability

Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now