Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Security Now (Audio) - SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

10/31/23 • 121 min

Security Now (Audio)
  • What caused last week's connection interruption? Router was rebooting intermittently, but why?
  • David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
  • iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
  • Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
  • HackerOne breach bounties surpass $300M total payout.
  • CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
  • SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
  • Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
  • Open source projects struggle with costly code signing certificates.
  • Deep dive into CitrixBleed vulnerability allowing authentication bypass.

Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

plus icon
bookmark
  • What caused last week's connection interruption? Router was rebooting intermittently, but why?
  • David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
  • iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
  • Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
  • HackerOne breach bounties surpass $300M total payout.
  • CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
  • SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
  • Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
  • Open source projects struggle with costly code signing certificates.
  • Deep dive into CitrixBleed vulnerability allowing authentication bypass.

Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Previous Episode

undefined - SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

  • How fake drives continue to be sold on Amazon despite negative reviews
  • Microsoft is discontinuing support for the VBScript language
  • The 30-year old NTLM authentication protocol will eventually be removed from Windows
  • Two new vulnerabilities found in cURL
  • A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
  • Debate over whether "lib" should rhyme with "vibe" or "air"
  • Instructions for accessing the SpinRite 6.1 pre-release version
  • Feedback on passkey exportability and server IP address encryption
  • A listener asks if ransomware can encrypt already encrypted files
  • How Privacy Badger un-rewrites Google's search result links
  • The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts

Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Next Episode

undefined - SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

  • Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
  • A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
  • Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
  • Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
  • CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
  • Ace Hardware suffered a cyberattack impacting servers and systems
  • Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
  • Analysis of "BadCandy" malware infecting vulnerable Cisco routers
  • Bitwarden password manager adds support for FIDO2 passkeys in browser extension
  • Rescuing a severely degraded SSD and bringing it back to life with SpinRite
  • Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
  • The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic

Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/security-now-audio-297831/sn-946-citrixbleed-imessage-contact-key-verification-hackerone-bug-bou-39748780"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to sn 946: citrixbleed - imessage contact key verification, hackerone bug bounty news, cisa's logging made easy on goodpods" style="width: 225px" /> </a>

Copy