Security Now (Audio)

The vulnerability of GPS Is the sky falling on all VPN systems? Multi-user Passkeys, YubiKeys? The iCloud Keychain The UK and Google's Topics

Show Notes - https://www.grc.com/sn/SN-973-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: Melissa.com/twit kolide.com/securitynow lookout.com bitwarden.com/twit

GCHQ: No more default passwords for consumer IoT devices! What happened with Chrome and 3rd-party cookies? Race conditions and multi-threading GM "accidentally" enrolled millions into "OnStar Smart Driver +" program Steve recommends Ryk Brown's "Frontiers Saga" SpinRite update Passkeys: A Shattered Dream?

Show Notes - https://www.grc.com/sn/SN-972-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: business.eset.com/twit vanta.com/SECURITYNOW 1bigthink.com lookout.com

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control

Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

An update on the AT&T data breach 340,000 social security numbers leaked Cookie Notice Compliance The GDPR does enforce some transparency Physical router buttons Wifi enabled button pressers Netsecfish disclosure of Dlink NAS vulnerability Chrome bloat SpinRite update GhostRace

Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: kolide.com/securitynow bitwarden.com/twit vanta.com/SECURITYNOW 1bigthink.com

Out-of-support DLink NAS devices contain hard coded backdoor credentials

Privnote is not so "Priv"

Crowdfense is willing to pay millions

Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution

SpinRite Update

Minimum Viable Secure Product

Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: zscaler.com/zerotrustAI business.eset.com/twit lookout.com joindeleteme.com/twit promo code TWIT

A near-Universal (Local) Linux Elevation of Privilege vulnerability TechCrunch informed AT&T of a 5 year old data breach Signal to get very useful cloud backups Telegram to allow restricted incoming HP exits Russia ahead of schedule Advertisers are heavier users of Ad Blockers than average Americans! The Google Incognito Mode Lawsuit Canonical fights malicious Ubuntu store apps Spinrite update A Cautionary Tale

Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: 1bigthink.com kolide.com/securitynow Melissa.com/twit vanta.com/SECURITYNOW

Apple vs U.S. DOJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips

Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Voyager 1 update The Web turned 35 and Dad is disappointed Automakers sharing driving data with insurance companies A flaw in Passkey thinking Passkeys vs 2fa Sharing accounts with Passkeys Passkeys vs. Passwords/MFA Workaround to sites that block anonymous email addresses Open Bounty programs on HackerOne Steve on Twitter Ways to disclose bugs publicly Security by obscurity Something you have/know/are vs Passkeys Passkeys vs TOTP Inspecting Chrome extensions Passkey transportability Morris the Second

Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: zscaler.com/zerotrustAI robinhood.com/boost GO.ACILEARNING.COM/TWIT joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW

VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA

Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf

Hosts: Steve Gibson and Mikah Sargent

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit

"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer Cory Doctorow's Visions of the Future Humble Book Bundle CTRL-K shortcut for search on a browser Direct bootable image downloading for GRC's servers Closing the loop on compromised emails Taco Bell's passwordless app A solution for Bcrypt's password length limit of 72 bytes Data as the missing piece for law enforcement and privacy advocates The token solution for email-only login Apple's Password Manager Resources on Github The risk of long-term persistent cookies in browsers Why mainframe industries still require weak passwords A conundrum involving an exploitable Response Header error and a bounty payment. An inspection of Apple's new Post-Quantum Encryption upgrade

Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors: GO.ACILEARNING.COM/TWIT Melissa.com/twit bitwarden.com/twit kolide.com/securitynow