Logo
    Search

    Security Now (Audio)

    Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
    enLeo Laporte10 Episodes

    Episodes (19)

    SN 974: Microsoft's Head in the Clouds - 4-Digit Pins, Long Range Navigation, Microsoft

    SN 974: Microsoft's Head in the Clouds - 4-Digit Pins, Long Range Navigation, Microsoft
    • Picture of the Week.
    • Most to least common 4-digit pins.
    • Enhanced LORAN.
    • Passkeys.
    • Microsoft's Head in the Clouds.

    Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 973: Not So Fast - GPS Vulnerabilites, VPN Flaw

    SN 973: Not So Fast - GPS Vulnerabilites, VPN Flaw
    • The vulnerability of GPS
    • Is the sky falling on all VPN systems?
    • Multi-user Passkeys, YubiKeys?
    • The iCloud Keychain
    • The UK and Google's Topics

    Show Notes - https://www.grc.com/sn/SN-973-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 972: Passkeys: A Shattered Dream? - IoT Default Passwords, Passkeys

    SN 972: Passkeys: A Shattered Dream? - IoT Default Passwords, Passkeys
    • GCHQ: No more default passwords for consumer IoT devices!
    • What happened with Chrome and 3rd-party cookies?
    • Race conditions and multi-threading
    • GM "accidentally" enrolled millions into "OnStar Smart Driver +" program
    • Steve recommends Ryk Brown's "Frontiers Saga"
    • SpinRite update
    • Passkeys: A Shattered Dream?

    Show Notes - https://www.grc.com/sn/SN-972-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo

    SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo
    • What do you call "Stuxnet on steroids"??
    • Voyager 1 update
    • Android 15 to quarantine apps
    • Thunderbird & Microsoft Exchange
    • China bans Western encrypted messaging apps
    • Gentoo says "no" to AI
    • Cars collecting diving data
    • Freezing your credit
    • Investopedia
    • Computer Science Abstractions
    • Lazy People vs. Secure Systems
    • Actalis issues free S/MIME certificates
    • PIN Encryption
    • DRAM and GhostRace
    • AT&T Phishing Scam
    • Race Conditions and Multi-core processors
    • An Alternative to the Current Credit System
    • SpinRite Updates
    • Chat (out of) Control

    Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons

    SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons
    • An update on the AT&T data breach
    • 340,000 social security numbers leaked
    • Cookie Notice Compliance
    • The GDPR does enforce some transparency
    • Physical router buttons
    • Wifi enabled button pressers
    • Netsecfish disclosure of Dlink NAS vulnerability
    • Chrome bloat
    • SpinRite update
    • GhostRace

    Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense

    SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense

    Out-of-support DLink NAS devices contain hard coded backdoor credentials

    Privnote is not so "Priv"

    Crowdfense is willing to pay millions

    Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution

    SpinRite Update

    Minimum Viable Secure Product

    Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach

    SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach
    • A near-Universal (Local) Linux Elevation of Privilege vulnerability
    • TechCrunch informed AT&T of a 5 year old data breach
    • Signal to get very useful cloud backups
    • Telegram to allow restricted incoming
    • HP exits Russia ahead of schedule
    • Advertisers are heavier users of Ad Blockers than average Americans!
    • The Google Incognito Mode Lawsuit
    • Canonical fights malicious Ubuntu store apps
    • Spinrite update
    • A Cautionary Tale

    Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

    SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD
    • Apple vs U.S. DOJ
    • G.M.'s Unbelievably Horrible Driver Data Sharing Ends
    • Super Sushi Samurai
    • Apple has effectively abandoned HomeKit Secure Routers
    • The forthcoming ".INTERNAL" TLD
    • The United Nations vs AI.
    • Telegram now blocked throughout Spain
    • Vancouver Pwn2Own 2024
    • China warns of incoming hacks
    • Annual Tax Season Phishing Deluge
    • SpinRite update
    • Authentication without a phone
    • Are Passkeys quantum safe?
    • GoFetch: The Unpatchable vulnerability in Apple chips

    Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 966: Morris The Second - Voyager 1, The Web Turns 35

    SN 966: Morris The Second - Voyager 1, The Web Turns 35
    • Voyager 1 update
    • The Web turned 35 and Dad is disappointed
    • Automakers sharing driving data with insurance companies
    • A flaw in Passkey thinking
    • Passkeys vs 2fa
    • Sharing accounts with Passkeys
    • Passkeys vs. Passwords/MFA
    • Workaround to sites that block anonymous email addresses
    • Open Bounty programs on HackerOne
    • Steve on Twitter
    • Ways to disclose bugs publicly
    • Security by obscurity
    • Something you have/know/are vs Passkeys
    • Passkeys vs TOTP
    • Inspecting Chrome extensions
    • Passkey transportability
    • Morris the Second

    Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf

    Hosts: Steve Gibson and Mikah Sargent

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

    SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta
    • VMware needs immediate patching
    • Midnight Blizzard still on the offensive
    • China is quietly "de-American'ing" their networks
    • Signal Version 7.0, now in beta
    • Meta, WhatsApp, and Messenger -meets- the EU's DMA
    • The Change Healthcare cyberattack
    • SpinRite update
    • Telegram's end-to-end encryption
    • KepassXC now supports passkeys
    • Login accelerators
    • Sites start rejecting @duck.com emails
    • Tool to detect chrome extensions change owners
    • Sortest SN title
    • Passkeys vs 2FA

    Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

    Hosts: Steve Gibson and Mikah Sargent

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

    SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol
    • "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
    • Cory Doctorow's Visions of the Future Humble Book Bundle
    • CTRL-K shortcut for search on a browser
    • Direct bootable image downloading for GRC's servers
    • Closing the loop on compromised emails
    • Taco Bell's passwordless app
    • A solution for Bcrypt's password length limit of 72 bytes
    • Data as the missing piece for law enforcement and privacy advocates
    • The token solution for email-only login
    • Apple's Password Manager Resources on Github
    • The risk of long-term persistent cookies in browsers
    • Why mainframe industries still require weak passwords
    • A conundrum involving an exploitable Response Header error and a bounty payment.
    • An inspection of Apple's new Post-Quantum Encryption upgrade

    Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf


    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted

    SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted
    • Nevada attempts to block Meta's end-to-end encryption for minors.
    • A survey of security breaches
    • Edge's Super-Duper Secure Mode moves into Chrome
    • DoorDash dashes our privacy
    • Avast charged $16.5 million for selling user browsing data
    • No charge for extra logging!
    • European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
    • LockBit RaaS group disrupted
    • Firefox v123
    • The ScreenConnect Authentication Bypass
    • SpinRite update
    • Introducing BootAble
    • Cox moving to Yahoo Mail for users
    • Credit Card security
    • Exploiting password complexity reqirements?
    • Email only logins
    • Flipper Zero in Canada
    • German Router security
    • More Flipper Zero in Canada
    • Throwaway email addresses
    • Shared email accounts
    • Password quality enforcement
    • Fingerprint tech and some future stories

    Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

    SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap
    • Wyze breach
    • Microsoft patch Tuesday fixes 15 remote code execution flaws
    • Why are there password restrictions?
    • The Canadian Flipper Zero Ban
    • Security on the old internet
    • Using Old Passwords
    • Passwordless login
    • TOTP as a second factor
    • German ISP using default router passwords
    • Email encryption in transit
    • pfSense Tailscale integration
    • DuckDuckGo's email protection integration with Bitwarden
    • The KeyTrap Vulnerability

    Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

    SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked
    • Toothbrush Botnet
    • "There are too many damn Honeypots!"
    • Remotely accessing your home network securely
    • Going passwordless as an ecommerce site
    • Facebook "old password" reminders
    • Browsers on iOS
    • More UPnP Issues
    • A password for every website?
    • "Free" accounts
    • Keeping phones plugged in
    • Running your own email server in 2024
    • iOS app sizes
    • SpinRite 6.1 running on an iMac
    • SpinRite update
    • Bitlocker's encryption cracked in minutes

    Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

    SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL
    • CISA's "Secure by Design" Initiative
    • The GNU C Library Flaw
    • Fastly CDN switches from OpenSSL to BoringSSL
    • Roskomnadzor asserts itself
    • Google updates Android's Password Manager
    • Firefox gets post-quantum crypto
    • Get your TOTP tokens from LastPass
    • Inflated iOS app data
    • LearnDMARC
    • Sync mobile app bug
    • SpinRite and Windows Defender
    • Crypto signing camera
    • Analog hole in digital camera authentication
    • iOS and Google's Topics
    • The gathering of the Stephvens
    • Programmable Logic Controllers
    • SpinRite update
    • Malware-infected Toothbrush
    • The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff

    Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

    SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code
    • iOS to allow native Chromium and Firefox engines.
    • An OS immune to ransomware?
    • HP back in the doghouse over "anti-virus" printer bricking
    • The mother of all breaches
    • New "Thou shall not delete those chats" rules
    • Fewer ransoms are being paid
    • Verified Camera Images
    • More on the $15/month flashlight app
    • What happens when apps change publishers
    • Microsoft hating on Firefox
    • Credit Karma is storing 1GB of data on the iPhone
    • Staying on Windows 7
    • Sci-Fi recommendations
    • Windows 7 and HSTS sites
    • TOTP codes/secrets and Bitwarden
    • SpinRite on Mac
    • SpinRite v6.1 is done!
    • LearnDMARC.com
    • Alex Stamos on "Microsoft Security"

    Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results

    SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results
    • Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
    • US Health and Human Services Breached
    • Firefox vs "The Competition"
    • Brave reduces its anti-fingerprinting protections
    • CISA's proactive policing results one year later
    • Longer Life For Samsung Updates
    • Google Incognito Mode "Misunderstanding"
    • Show Doc Not showing images on iOS Safari
    • Generated AI Media Authentication
    • Which computer languages to learn?
    • Flashlight app subscription
    • Google's Privacy Sandbox system
    • Malware and IoT devices
    • Protected Audience API vs. Malvertising
    • Defensive computing
    • Why ISPs don't do anything about DDoS attacks
    • SpinRite Update

    Show Notes - https://www.grc.com/sn/SN-958-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles

    SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles
    • What would an IoT device look like that HAD been taken over?
    • And speaking of DDoS attacks
    • Trouble in the Quantum Crypto world
    • The Browser Monoculture
    • Question about the Apple backdoor
    • Getting into infosec
    • proton drive vs sync
    • SpinRite update
    • The Protected Audience API

    Show Notes - https://www.grc.com/sn/SN-957-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass

    SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass
    • More on Apple's hardware backdoor
    • Russian Hacking of Ukranian cameras
    • Russian hackers were inside Ukraine telecoms giant for months
    • Things are still a mess at 23andMe
    • CoinsPaid was the victim of another cyberattack
    • Crypto Hacking in 2023
    • Mandiant Twitter scam
    • Defining "cyber warfare"
    • LastPass is making some changes
    • Windows Watch
    • Google settles $5 billion lawsuit
    • Return Oriented Programming
    • Shutting Down Edge
    • Root Certificates
    • Credit freezing
    • SpinRite Update

    Show Notes - https://www.grc.com/sn/SN-956-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:

    Related Podcasts

    Une codeuse Martiniquaise

    Une codeuse Martiniquaise
    Après plusieurs années dans le monde de l’informatique, j’ai pu vivre des expériences assez mémorables. J’ai choisi d’en parler, ainsi que de discuter des problématiques liées à ces différentes étapes. Mes origines sont importantes et définissent un angle particulier. Je discuterai également de mon travail actuel qui a bien changé depuis ma sortie d’école.

    assitan.substack.com

    By: Assitan Koné

    Total Episodes: 3

    Topics:educationtechnology

    BlackGo: Podcast

    BlackGo: Podcast
    BlackGo: Podcast is the subsidiary of BlackGo. It primarily focuses on producing weekly podcasts about tech, science, finance, etc, straight from the industry professionals or alumni. The aim is to guide you through the journey and also hear it from the professional`s mouth. Hosted by Nduduzo ( GeniusCodes )

    By: Nduduzo

    Total Episodes: 1

    Topics:technology