Security Now (Audio)

Leo and Steve discuss last week's major attack on DNS, answering the question of whether the Internet is still working?, we look at Linux's worrisome "Dirty COW" bug rediscovered in the kernel after nine years, we address the worrisome average lifetime of Linux bugs, share a bit of errata and miscellany, and offer an in-depth analysis of DRAMMER, the new, largely unpatachable, Android mobile device Rowhammer 30-second exploit.We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Leo and Steve discuss some serious concerns raised over compelled biometric authentication, a detailed dive into the recently completed audit of VeraCrypt (the successor to TrueCrypt), more on web browsers fatiguing system main SSD storage, a bunch of interesting miscellany (including... are we living in a simulated reality?), and eleven questions and observations from our terrific listeners.We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Leo and Steve discuss today's Windows update changes for 7 and 8.1, an exploit purchaser offers a $1.5 million bounty for iOS hacks, WhisperSystems encounter first bug, an IEEE study reveals pervasive "Security Fatigue" among users, Firefox and Chrome news, following the WoSign Woes, Samsung Note 7 news, some errata, a bunch of miscellany... and a look into new Yahoo troubles and concerns over the possibility of hidden trapdoors in widely deployed prime numbers.We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

An "update" on Microsoft's GWX remover, an encouraging direction for the Windows 10 Edge browser, HP's "security update" blocks non-HP ink cartridges, a clarification about how to upgrade a site's password hashing, a really terrific DNS hack, another update on Windows update, our web browsers may be fatiguing our SSD's, and Steve answers your questions!We invite you to read our show notes. Hosts: Steve Gibson and Fr. Robert Ballecer, SJ Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Brian Krebs, Akamai and Google's Project Shield, Yahoo's record-breaking, massive 500 million user data breach, Apple's acknowledged iOS 10 backup PBKDF flaw, well known teen hacker jailbreaks his new iPhone 7 in 24 hours, Microsoft formally allows removal of "Get Windows 10", a new OpenSSL SERVER DoS flaw, more WoSign/StartCom woes (Mozilla prepares to pull the plug), Bittorrent Sync renamed and more deeply documented, and more!We invite you to read our show notes. Hosts: Steve Gibson and Fr. Robert Ballecer, SJ Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Concerns over a significant expansion in effectively warrantless intrusion into end-user computers, the forthcoming change in Internet governance, NTIA's contract with ICANN to handle IANA is expiring in ten days!  Google's next move in using Chrome to push for improved security, the interresting details emerging from a successful NAND memory cloning attack on the iPhone 5c and Steve shares the details and findings of a recent Cross-Site Scripting (XSS) problem on GRC and his recommendation for the best website security scanner!We invite you to read our show notes. Hosts: Steve Gibson and Fr. Robert Ballecer, SJ Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Flip Feng Shui follow-up, Apple's announcements, Android's rough week, a bank's data center shuts down due to noise, Bluetooth device privacy leakages, and Steve answers your questions!We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

The continuing woes of WoSign, autonomous micro-recon drones turn out to be real, a new crypto attack on short block ciphers prompts immediate changes oin OpenVPN and OpenSSL, introducing a new Security Now! Abbreviation: "YAWTTY": Yet Another Way To Track You, a discouraging social engineering experiment, another clever USB attack and a look at the weaponizing of RowHammer with "Flip Feng Shui" - the most incredibly righteous and sublime hack... ever!We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Dropbox and Opera handle incidents responsibly, while a Chinese certificate authority could not have been more irresponsible.  Facebook and WhatsApp announce an information sharing arrangement, the FBI discloses election site hacking, Tavis prepares DashLane and 1Password vulnerability disclosures, the threat of autonomous weapon systems and Wi-Fi router radio wave spying, the details behind Pegasus and Trident, the emergency Apple iOS v9.3.5 patch and more!We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Did the Shadow Brokers hack the NSA's Equation Group?  Apple's bug bounty gets quickly outbid, a critical flaw discovered in the RNG of GnuPG, the EFF weighs in on Windows 10, Chrome browser is frightening people unnecessarily, a Johns Hopkins team of cryptographers, including Matthew Green, disclose a weakness in Apple's iMessage technology, unused router hardware capabilities, what's a "Micro Kernel?" And more!We invite you to read our show notes. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now.You can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Hosts: Leo Laporte, Steve Gibson Did Microsoft lose control of their secure boot "Golden Key"? AdBlock, unblock, counter-unblock, and counter-counter-unblock is well underway, Leo's story from the field about Avast A/V, a "security is hard to do" mistake in an update to the Internet's TCP protocol, Microsoft's evolving Windows Update policies, an uber-cool way for developers to decrypt and inspect their Firefox and Chrome local TLS traffic, trouble with Windows Identity leak mitigation, and discussion of micro kernels and Intel's forthcoming memory breakthrough! We invite you to read our show notes. Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.

Hosts: Leo Laporte, Steve Gibson A distressing quantity of Win10 news, Apple's changing bug bounty policy, newly disclosed Android takeover flaws, yet another way to track web visitors, hackers spoof Tesla auto sensors, Firefox and LastPass news, a 19-year old stubborn decision by Microsoft comes home to roost, and a handful of new problems found with HTTP. We invite you to read our show notes. Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.

Hosts: Leo Laporte, Steve Gibson LastPass vulnerabilities, new wireless keyboard headaches, deprecating SMS as a second authentication factor, obtaining Windows 10 for free after July, the pervasive problem with website spoofing, and the power and application of multi-interface packet filtering. We invite you to read our show notes. Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.

Hosts: Leo Laporte, Steve Gibson Apple gets Stagefright, is Russia trying to influence the U.S. presidential election? Microsoft's battles and wins against U.S. privacy overreach, Grace Hopper (who coined the term "software bug") brilliantly demonstrates "a nanosecond", a bug-fix update to pfSense, a "doing it weird" look at the CUJO security appliance, and Steve answers your questions! We invite you to read our show notes. Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.

Leo and I catch up with a fun and interesting week of security happenings, including a bit of daylight on the password sharing question, the trouble with self reporting security breaches, trouble in TOR-land, what future AI assistants mean for our privacy, a terrific looking new piece of security monitoring freeware, a startlingly worrisome 20-year-old fundamental Windows architectural design flaw, a problem with Juniper router's OS certificate validation, some errata, a bunch of miscellany, and the promised follow-up dissection of Facebook Messenger's extra features, the anti-ransomware CryptoDrop, and MIT's "Riffle" anonymity enforcing networking solution. Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.