SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45
11/14/23 • 132 min
- Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
- No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
- Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
- Decentralized finance platform Raft lost $3.3M due to an exploit.
- Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
- New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
- Russia moves to formally ban all VPN use in the country.
- Two new flaws found in OpenVPN software, one allowing memory access.
- SpinRite development paused as DOS and Windows versions are complete.
- Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
- Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
- EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
- "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
- Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
- 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.
Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
- Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
- No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
- Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
- Decentralized finance platform Raft lost $3.3M due to an exploit.
- Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
- New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
- Russia moves to formally ban all VPN use in the country.
- Two new flaws found in OpenVPN software, one allowing memory access.
- SpinRite development paused as DOS and Windows versions are complete.
- Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
- Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
- EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
- "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
- Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
- 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.
Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Previous Episode
SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys
- Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
- A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
- Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
- Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
- CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
- Ace Hardware suffered a cyberattack impacting servers and systems
- Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
- Analysis of "BadCandy" malware infecting vulnerable Cisco routers
- Bitwarden password manager adds support for FIDO2 passkeys in browser extension
- Rescuing a severely degraded SSD and bringing it back to life with SpinRite
- Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
- The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic
Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Next Episode
SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review
- Privacy and Funding Challenges Facing Signal Messaging App
- Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
- Ransomware Group Files SEC Complaint Against Breached Company
- Europe Opening Up Radio Encryption Standard TETRA for Public Review
- Apple Announcing Adoption of RCS Messaging for iPhones
- Steve's Progress on Dynamic Code Signing for SpinRite Releases
- Removing Suction Cup Barnacles from Windshields
- Recommendations for Benchmarking USB Drive Read/Write Speeds
- Concerns Over EU's Proposed eIDAS 2.0 QWACs Legislation
- Why Protectli Routers Are Preferred for pfSense Setups
- Credit Card Security Precautions for Ex-LastPass Users
- Origins and Evolution of Ethernet Networking Over 50 Years
Show Notes - https://www.grc.com/sn/SN-949-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/security-now-audio-297831/sn-948-what-if-a-bit-flipped-privacy-badger-downfall-openvpn-windshiel-39748778"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to sn 948: what if a bit flipped? - privacy badger, downfall, openvpn, windshield barnacle, article 45 on goodpods" style="width: 225px" /> </a>
Copy