Security Now
SN 1021: Device Bound Session Credentials - Hotpatching in Win 11, Apple vs. UK
- Android to get "Lockdown Mode".
- What's in the new editions of Chrome and Firefox?
- Why did Apple silently re-enable automatic updates?
- My new iPhone 16, Chinese tariffs and electronics.
- Dynamic "hotpatching" coming to Win11 Enterprise & Edu.
- Why is it so difficult for Oracle to fess up?
- Another multi-year breach inside US Treasury.
- An Apple -vs- the UK update.
- "Thundermail" (Can't someone come up with a better name?)
- The (in)Security of Programmable Logic Controllers.
- When LLM's write code and hallucinate non-existent packages.
- Wordpress core security and PHP gets an important audit.
- Device-Bound Session Credentials update session cookie technology
Show Notes - https://www.grc.com/sn/SN-1021-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
SN 1020: Multi-Perspective Issuance Corroboration - IoT Done Right, France Phishes, Gmails E2EE
- Canon printer driver vulnerabilities enable Windows kernel exploitation.
- Astonishing cyber-security awareness from a household appliance manufacturer.
- France tries to hook 2.5 million school children with a Phishing test.
- Wordpress added an abuse prone feature in 2022. Guess what happened?
- Oracle? Is there something you'd like to tell us?
- Utah's governor just signed the App Store Accountability Act. Now what?
- AI bots hungry for new data are DDoSing FOSS projects.
- No Microsoft Account? No Microsoft Windows 11.
- Gmail claims it now offers E2EE. It kinda sorta does. Somewhat.
- A dreaded CVSS 10.0 was discovered in Apache Parquet.
- A bunch of terrific listener feedback.
- What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it?
Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
SN 1019: EU OS - Troy Hunt Phished, Ransomware List, InControl
- Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
- A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
- Cloudflare completely pulls the plug on port 80 (HTTP) API access.
- Malware is switching to obscure languages to avoid detection. FORTH, anyone?
- Password reuse doesn't appear to be dropping. Cloudflare has numbers.
- A listener shares his log of malicious Microsoft login attempts. Why no geofencing?
- 23andMe down for the count (reminder).
- A sobering Ransomware attack & victim listing website. Gulp!
- "InControl" keeps VR planes aloft.
- And the European Union gets serious about a switch to Linux
Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE
- The dangers of doing things you don't understand.
- Espressif responds to the claims of an ESP32 backdoor.
- A widely leveraged mistake Microsoft stubbornly refuses to correct.
- A disturbingly simple remote takeover of Apache Tomcat servers.
- A 10/10 vulnerability affecting some ASUS, ASRock and HPE motherboards.
- Google snapped up another cloud security firm but paid a price!
- RCS messaging to soon get full end-to-end encryption (done right!).
- How did an AI Crypto Chatbot lose $105,000? ...and what is an AI Crypto Chatbot?
- Looks like Oracle may take stewardship of TikTok to keep it in-country.
- Whoops! 23andMe is sinking — don't let them take your genetics with them!
- The White House says "the cyber guys should stay!"
- AI project failure rates are on the rise. Anyone surprised?
- Listener feedback, and a very interesting update on just how looming is the threat from quantum computing?
Show Notes - https://www.grc.com/sn/SN-1018-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors: