Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Security Now (Audio) - SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

10/31/23 • 121 min

Security Now (Audio)
  • What caused last week's connection interruption? Router was rebooting intermittently, but why?
  • David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
  • iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
  • Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
  • HackerOne breach bounties surpass $300M total payout.
  • CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
  • SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
  • Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
  • Open source projects struggle with costly code signing certificates.
  • Deep dive into CitrixBleed vulnerability allowing authentication bypass.

Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

plus icon
bookmark
  • What caused last week's connection interruption? Router was rebooting intermittently, but why?
  • David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
  • iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
  • Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
  • HackerOne breach bounties surpass $300M total payout.
  • CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
  • SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
  • Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
  • Open source projects struggle with costly code signing certificates.
  • Deep dive into CitrixBleed vulnerability allowing authentication bypass.

Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Previous Episode

undefined - SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

  • How fake drives continue to be sold on Amazon despite negative reviews
  • Microsoft is discontinuing support for the VBScript language
  • The 30-year old NTLM authentication protocol will eventually be removed from Windows
  • Two new vulnerabilities found in cURL
  • A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
  • Debate over whether "lib" should rhyme with "vibe" or "air"
  • Instructions for accessing the SpinRite 6.1 pre-release version
  • Feedback on passkey exportability and server IP address encryption
  • A listener asks if ransomware can encrypt already encrypted files
  • How Privacy Badger un-rewrites Google's search result links
  • The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts

Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Next Episode

undefined - SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

  • Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
  • A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
  • Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
  • Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
  • CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
  • Ace Hardware suffered a cyberattack impacting servers and systems
  • Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
  • Analysis of "BadCandy" malware infecting vulnerable Cisco routers
  • Bitwarden password manager adds support for FIDO2 passkeys in browser extension
  • Rescuing a severely degraded SSD and bringing it back to life with SpinRite
  • Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
  • The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic

Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

If you like this episode you’ll love
ITSPmagazine Podcasts

ITSPmagazine Podcasts

Aspen Ideas to Go

Aspen Ideas to Go

PRETEND

PRETEND

TED Talks Daily (SD video)

TED Talks Daily (SD video)

Endless Thread

Endless Thread

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/security-now-audio-297831/sn-946-citrixbleed-imessage-contact-key-verification-hackerone-bug-bou-39748780"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to sn 946: citrixbleed - imessage contact key verification, hackerone bug bounty news, cisa's logging made easy on goodpods" style="width: 225px" /> </a>

Copy