Security Now (Audio)
TWiT
1 Listener
All episodes
Best episodes
Top 10 Security Now (Audio) Episodes
Goodpods has curated a list of the 10 best Security Now (Audio) episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Security Now (Audio) for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Security Now (Audio) episode by adding your comments to the episode page.
SN 977: A Large Language Model in Every Pot - Problems With Recall, End of ICQ, Email @ GRC
Security Now (Audio)
06/04/24 • 115 min
- "Tornado Notes"
- Email @ GRC
- Have I Been Pwned?
- A new "supply chain" attack vector
- Another CA in the DogHouse
- ICQ to shutter its service
- Steve reviews "Déjà vu"
- Hide my email
- Security in Windows
- SpinRite update
- A Large Language Model in Every Pot
Show Notes - https://www.grc.com/sn/SN-977-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
1 Listener
SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy
Security Now (Audio)
10/31/23 • 121 min
- What caused last week's connection interruption? Router was rebooting intermittently, but why?
- David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
- iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
- Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
- HackerOne breach bounties surpass $300M total payout.
- CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
- SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
- Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
- Open source projects struggle with costly code signing certificates.
- Deep dive into CitrixBleed vulnerability allowing authentication bypass.
Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 951: Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD
Security Now (Audio)
12/05/23 • 130 min
- How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
- WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock
- Iranian hackers exploited default passwords in programmable logic controllers at US water facilities
- Attempt by Montana to ban TikTok statewide was stalled by a federal judge ruling
- Over 1 billion Android devices now have RCS messaging enabled
- EU Cyber Resilience Act will improve security of Internet of Things devices sold in the EU
- Black Basta ransomware group has netted over $107 million since early 2022
- Google's new .meme top-level domain allowing meme-related web properties
- CISA's Secure by Design initiative echoes security best practices frequently recommended on the podcast
- France plans to ban use of "foreign" end-to-end encrypted messaging apps like Telegram and require use of French app Olvid instead
- Concerns raised by industry experts Ivan Ristic and Ryan Hurst about EU's eIDAS 2.0 legislation undermining certificate authority trust
Show Notes - https://www.grc.com/sn/SN-951-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review
Security Now (Audio)
11/21/23 • 132 min
- Privacy and Funding Challenges Facing Signal Messaging App
- Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
- Ransomware Group Files SEC Complaint Against Breached Company
- Europe Opening Up Radio Encryption Standard TETRA for Public Review
- Apple Announcing Adoption of RCS Messaging for iPhones
- Steve's Progress on Dynamic Code Signing for SpinRite Releases
- Removing Suction Cup Barnacles from Windshields
- Recommendations for Benchmarking USB Drive Read/Write Speeds
- Concerns Over EU's Proposed eIDAS 2.0 QWACs Legislation
- Why Protectli Routers Are Preferred for pfSense Setups
- Credit Card Security Precautions for Ex-LastPass Users
- Origins and Evolution of Ethernet Networking Over 50 Years
Show Notes - https://www.grc.com/sn/SN-949-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys
Security Now (Audio)
11/07/23 • 133 min
- Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
- A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
- Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
- Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
- CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
- Ace Hardware suffered a cyberattack impacting servers and systems
- Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
- Analysis of "BadCandy" malware infecting vulnerable Cisco routers
- Bitwarden password manager adds support for FIDO2 passkeys in browser extension
- Rescuing a severely degraded SSD and bringing it back to life with SpinRite
- Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
- The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic
Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!
Security Now (Audio)
10/24/23 • 130 min
- How fake drives continue to be sold on Amazon despite negative reviews
- Microsoft is discontinuing support for the VBScript language
- The 30-year old NTLM authentication protocol will eventually be removed from Windows
- Two new vulnerabilities found in cURL
- A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
- Debate over whether "lib" should rhyme with "vibe" or "air"
- Instructions for accessing the SpinRite 6.1 pre-release version
- Feedback on passkey exportability and server IP address encryption
- A listener asks if ransomware can encrypt already encrypted files
- How Privacy Badger un-rewrites Google's search result links
- The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts
Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45
Security Now (Audio)
11/14/23 • 132 min
- Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
- No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
- Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
- Decentralized finance platform Raft lost $3.3M due to an exploit.
- Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
- New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
- Russia moves to formally ban all VPN use in the country.
- Two new flaws found in OpenVPN software, one allowing memory access.
- SpinRite development paused as DOS and Windows versions are complete.
- Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
- Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
- EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
- "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
- Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
- 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.
Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results
Security Now (Audio)
01/23/24 • 134 min
- Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
- US Health and Human Services Breached
- Firefox vs "The Competition"
- Brave reduces its anti-fingerprinting protections
- CISA's proactive policing results one year later
- Longer Life For Samsung Updates
- Google Incognito Mode "Misunderstanding"
- Show Doc Not showing images on iOS Safari
- Generated AI Media Authentication
- Which computer languages to learn?
- Flashlight app subscription
- Google's Privacy Sandbox system
- Malware and IoT devices
- Protected Audience API vs. Malvertising
- Defensive computing
- Why ISPs don't do anything about DDoS attacks
- SpinRite Update
Show Notes - https://www.grc.com/sn/SN-958-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 952: Quantum Computing Breakthrough - The Clear/Deep/Dark Web, Quad 9 victory, Telegram Flaw
Security Now (Audio)
12/12/23 • 124 min
- The government collection of push notification metadata
- Facebook Messenger sets end to end encryption as the default
- Iran's Cyber Av3ngers
- Cisco's Talos Top 10 cyber security exploits this year
- Over 30% of apps are still using a using a vulnerable version the Log4J library
- Quad 9 speaks on their legal victory against Sony
- What are the "Clear Web", "Dark Web", and "Deep Web"?
- A Flaw in Telegram
- Xfinity Mobile wants you to accept a root CA, DO NOT
- Hardware VPN alternative
- A breakthrough in quantum computing
Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass
Security Now (Audio)
01/09/24 • 113 min
- More on Apple's hardware backdoor
- Russian Hacking of Ukranian cameras
- Russian hackers were inside Ukraine telecoms giant for months
- Things are still a mess at 23andMe
- CoinsPaid was the victim of another cyberattack
- Crypto Hacking in 2023
- Mandiant Twitter scam
- Defining "cyber warfare"
- LastPass is making some changes
- Windows Watch
- Google settles $5 billion lawsuit
- Return Oriented Programming
- Shutting Down Edge
- Root Certificates
- Credit freezing
- SpinRite Update
Show Notes - https://www.grc.com/sn/SN-956-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Show more best episodes
Show more best episodes
FAQ
How many episodes does Security Now (Audio) have?
Security Now (Audio) currently has 55 episodes available.
What topics does Security Now (Audio) cover?
The podcast is about Security, Cyber Crime, Hacking, Podcasts and Technology.
What is the most popular episode on Security Now (Audio)?
The episode title 'SN 977: A Large Language Model in Every Pot - Problems With Recall, End of ICQ, Email @ GRC' is the most popular.
What is the average episode length on Security Now (Audio)?
The average episode length on Security Now (Audio) is 130 minutes.
How often are episodes of Security Now (Audio) released?
Episodes of Security Now (Audio) are typically released every 6 days, 23 hours.
When was the first episode of Security Now (Audio)?
The first episode of Security Now (Audio) was released on Oct 10, 2023.
Show more FAQ
Show more FAQ