Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Security Now (Audio) - SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

11/14/23 • 132 min

Security Now (Audio)
  • Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
  • No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
  • Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
  • Decentralized finance platform Raft lost $3.3M due to an exploit.
  • Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
  • New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
  • Russia moves to formally ban all VPN use in the country.
  • Two new flaws found in OpenVPN software, one allowing memory access.
  • SpinRite development paused as DOS and Windows versions are complete.
  • Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
  • Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
  • EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
  • "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
  • Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
  • 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.

Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

plus icon
bookmark
  • Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
  • No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
  • Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
  • Decentralized finance platform Raft lost $3.3M due to an exploit.
  • Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
  • New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
  • Russia moves to formally ban all VPN use in the country.
  • Two new flaws found in OpenVPN software, one allowing memory access.
  • SpinRite development paused as DOS and Windows versions are complete.
  • Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
  • Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
  • EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
  • "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
  • Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
  • 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.

Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Previous Episode

undefined - SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

  • Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
  • A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix
  • Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable
  • Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity
  • CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores
  • Ace Hardware suffered a cyberattack impacting servers and systems
  • Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions
  • Analysis of "BadCandy" malware infecting vulnerable Cisco routers
  • Bitwarden password manager adds support for FIDO2 passkeys in browser extension
  • Rescuing a severely degraded SSD and bringing it back to life with SpinRite
  • Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more
  • The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic

Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Next Episode

undefined - SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review

SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review

  • Privacy and Funding Challenges Facing Signal Messaging App
  • Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
  • Ransomware Group Files SEC Complaint Against Breached Company
  • Europe Opening Up Radio Encryption Standard TETRA for Public Review
  • Apple Announcing Adoption of RCS Messaging for iPhones
  • Steve's Progress on Dynamic Code Signing for SpinRite Releases
  • Removing Suction Cup Barnacles from Windshields
  • Recommendations for Benchmarking USB Drive Read/Write Speeds
  • Concerns Over EU's Proposed eIDAS 2.0 QWACs Legislation
  • Why Protectli Routers Are Preferred for pfSense Setups
  • Credit Card Security Precautions for Ex-LastPass Users
  • Origins and Evolution of Ethernet Networking Over 50 Years

Show Notes - https://www.grc.com/sn/SN-949-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/security-now-audio-297831/sn-948-what-if-a-bit-flipped-privacy-badger-downfall-openvpn-windshiel-39748778"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to sn 948: what if a bit flipped? - privacy badger, downfall, openvpn, windshield barnacle, article 45 on goodpods" style="width: 225px" /> </a>

Copy