Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Security Now (Audio) - SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

10/24/23 • 130 min

Security Now (Audio)
  • How fake drives continue to be sold on Amazon despite negative reviews
  • Microsoft is discontinuing support for the VBScript language
  • The 30-year old NTLM authentication protocol will eventually be removed from Windows
  • Two new vulnerabilities found in cURL
  • A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
  • Debate over whether "lib" should rhyme with "vibe" or "air"
  • Instructions for accessing the SpinRite 6.1 pre-release version
  • Feedback on passkey exportability and server IP address encryption
  • A listener asks if ransomware can encrypt already encrypted files
  • How Privacy Badger un-rewrites Google's search result links
  • The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts

Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

plus icon
bookmark
  • How fake drives continue to be sold on Amazon despite negative reviews
  • Microsoft is discontinuing support for the VBScript language
  • The 30-year old NTLM authentication protocol will eventually be removed from Windows
  • Two new vulnerabilities found in cURL
  • A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
  • Debate over whether "lib" should rhyme with "vibe" or "air"
  • Instructions for accessing the SpinRite 6.1 pre-release version
  • Feedback on passkey exportability and server IP address encryption
  • A listener asks if ransomware can encrypt already encrypted files
  • How Privacy Badger un-rewrites Google's search result links
  • The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts

Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Previous Episode

undefined - SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

  • ValiDrive release follow-up
  • Passkeys exportability and phishing risk
  • Passkeys for device verification like SSH keys
  • Possibility of hobby browsers vs. production browsers
  • Availability of SpinRite 6.1 pre-release
  • Filling drives with crypto noise using VeraCrypt
  • Steve and Leo's favorite OTP apps
  • Google Docs link rewriting could be to prevent referrer leakage
  • Abusing HTTP/2 Rapid Reset

Show notes: https://www.grc.com/sn/SN-944-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Next Episode

undefined - SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

  • What caused last week's connection interruption? Router was rebooting intermittently, but why?
  • David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
  • iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
  • Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
  • HackerOne breach bounties surpass $300M total payout.
  • CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
  • SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
  • Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
  • Open source projects struggle with costly code signing certificates.
  • Deep dive into CitrixBleed vulnerability allowing authentication bypass.

Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/security-now-audio-297831/sn-945-the-power-of-privilege-new-curl-vulnerabilities-cvss-100-cisco-39748781"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to sn 945: the power of privilege - new curl vulnerabilities, cvss 10.0 cisco nightmare, so long vbscript! on goodpods" style="width: 225px" /> </a>

Copy