Security Now (Audio)

F5 Networks "Big-IP" devices in Big-Trouble Twitter bitcoin hack update GnuTLS vs OpenSSL The Garmin outage then and now Cisco's latest trouble Surprising SpinRite results We invite you to read our show notes at https://www.grc.com/sn/SN-777-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow expressvpn.com/securitynow GetRoman.com/SECURITYNOW

Here's how Twitter was hacked. How can we prevent the next Twitter hack? Cloudflare outage takes out huge swath of American internet, including Down Detector. All internet got sent to Atlanta. Zoom's vanity URL flaw: when is a "zero day" not a zero day? Not all VPNs are created equal. Apple updated its iOS and macOS with a handful of useful security patches. SigRed: "This is not just another vulnerability." And speaking of last week's July Patch Tuesday... "Firefox Send" is still not receiving. A tale of two counterfeits. We invite you to read our show notes at https://www.grc.com/sn/SN-776-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT OpenShift.com/SecurityNow Wasabi.com offer code SECURITYNOW

EARN IT is still evil, Google tsunami. Mozilla suspends "Send" due to persistent malware abuse Zoom fixed a new RCE affecting Windows 7 and earlier systems The EARN IT bill, take II is still just as bad as the original Google bans ads on stalkerware A Chinese Internet equipment vendor in the hot seat Locating hidden drone operators Rampant Router Insecurities Tsunami: Google's open-source enterprise network vulnerability scanner We invite you to read our show notes at https://www.grc.com/sn/SN-775-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: OpenShift.com/SecurityNow canary.tools/twit - use code: TWIT itpro.tv/securitynow promo code SN30

Boston bans face recognition, bad passwords. Boston bans facial recognition 123456 is still the most popular password iOS 14 catches Linked-In, Tik Tok, and others red handed! US-CERT notes two Emergency Windows Updates HackerOne shares their top 10 public bug bounty programs Sony launches PlayStation bug bounty program with rewards of $50K+ F5 Networks patches a highest-severity vulnerability We invite you to read our show notes at https://www.grc.com/sn/SN-774-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT LastPass.com/twit barracuda.com/securitynow

Congress wants to kill encryption & face recognition. New information about Ripple20 The Facial Recognition and Biometric Technology Moratorium Act wants to kill face recognition The Lawful Access to Encrypted Data Act wants to kill encryption Michigan State's legislative House passed the "Microchip Protection Act" Apple forces the industry down to one-year web browser certificate lifespans Safari to eschew 16 new web API's for the sake of user privacy Apple also got on the DoH & DoT bandwagon Mozilla + Comcast + DoH: Strange Bedfellows Don't forget about VirusTotal We invite you to read our show notes at https://www.grc.com/sn/SN-773-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit OpenShift.com/SecurityNow expressvpn.com/securitynow

Zoom encryption, Windows 10 printer error. Ripple20: a set of 19 TCP/IP vulnerabilities that could let remote attackers gain control over your device Russian government lifts its failed ban on Telegram Zoom: everybody gets optional end to end encryption Google removed 106 malicious Chrome extensions collecting sensitive user data Windows 10 update breaks printing VLC Media Player 3.0.11 fixes severe remote code execution flaw Netgear in the doghouse DDoS is alive and well... and growing How to get the new Edge for Windows 7 We invite you to read our show notes at https://www.grc.com/sn/SN-772-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GetRoman.com/SECURITYNOW extrahop.com/SECURITYNOW Wasabi.com offer code SECURITYNOW

Windows update kills printers & SSDs. Lamphone: eavesdrop on a hanging lightbulb Brave Browser caught and chastised for tweaking user-entered URLs for its benefit Microsoft breaks its own record for Patch Tuesday patches TFW Windows 10 loses your printer port Last week's Patch Tuesday broke ALL PRINTING (even to PDFs) for many users. Fix won't come for a month Windows 10 2004 update is messing up SSDs and non-SSDs SMBleed Subject: Your Site Has Been Hacked Authentic database ransom attacks Another side-channel attack on Intel chips We invite you to read our show notes at https://www.grc.com/sn/SN-771-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow WWT.COM/TWIT

Zoom's end-to-end encryption fail. Zoom will offer end-to-end encryption, but only if you pay for it IBM announces no more work on facial recognition The Odd Case of Mozilla's DoH DDoS Cisco's Talos group found two critical flaws in the Zoom client CallStranger UPnP bug has tech press in a tizzy Microsoft has started to replace old Edge with new Edge We invite you to read our show notes at https://www.grc.com/sn/SN-770-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW

Zoom gets end-to-end encryption. ACLU takes Clearview to court, but maybe they should worry about their own website first The state of drive-by malvertising downloads Google will be bad listing notification abusing sites Who else is doing the eBay-like ThreatMetrix port scanning? Facebook to require identity verification for high impact posters Google Messaging is apparently heading toward E2EE The return of a much more worrisome StrandHogg The SHA-1 hash to finally be dropped from OpenSSH What happens when you fuzz USB? Zoom's end-to-end encryption design We invite you to read our show notes at https://www.grc.com/sn/SN-769-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow WWT.COM/TWIT LastPass.com/twit

Contact tracing apps are not going to work. Why contact tracing apps are never going to work Unc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice! Firefox 77 picks up a nifty new security trick New features in Chrome 83: cookie management, "Safety Check," blocking third-party cookies by default in Incognito mode, and "Tab Groups" Adobe rushes out four out-of-cycle emergency updates to fix security flaws Zerodium temporarily stops buying iOS remote code execution vulnerabilities The NXNS Attack: A group of cybersecurity researchers in Israeli have responsibly disclosed details about a new way they worked out of using the Internet's domain name resolution system to hugely amplify (by a factor of at least 1620 packets) a DDoS attack to take down targeted websites. BIAS - Bluetooth Impersonation AttackS is nothing less than a complete collapse of Bluetooth security. Is eBay port scanning its user's computers? Kinda. Security Now trivia: Steve Gibson helped develop the Speak & Spell! It did voice synthesis with only a 4K bits (0.5K bytes) processor. We invite you to read our show notes at https://www.grc.com/sn/SN-768-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow Wasabi.com offer code SECURITYNOW extrahop.com/SECURITYNOW

WiFi 6, Apple vs. FBI, face masks. Last Tuesday's Windows patch Tuesday was not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were rated CRITICAL and all but one of which enabled Remote Code Execution by an attacker. The DOJ and FBI again criticize Apple over encryption When is a fix not a fix? Face masks have thwarted the London police's LFR rollout Utah chooses to roll their own contact tracing app Everything you need to know about WiFi 6 We invite you to read our show notes at https://www.grc.com/sn/SN-767-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT canary.tools/twit - use code: TWIT

Thunderbolt security flaw, Zoom buys Keybase. Why the ThunderSpy Thunderbolt security flaw is such a big deal Zoom purchases Keybase to fix encryption Firefox 76 released with new features But Firefox 76 broke Amazon's Assistant! Hallelujah!! Edge moves to silence those annoying notification requests. Critical WordPress plugin bugs present on over one million sites Critical vBulletin patch Samsung has patched a CRITICAL bug affecting the past 6 years of Smartphones DefCon and Black Hat 2020 go virtual We invite you to read our show notes at https://www.grc.com/sn/SN-766-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: manscaped.com code SECURITYNOW itpro.tv/securitynow promo code SN30

China wants to rebuild the Internet. China's proposal to rebuild the internet is an authoritarian nightmare Bruce Schneier on COVID-19 Contact Tracing Apps Political Correctness hits cybersecurity DHS's CISA says no to 3rd-party DoH "POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers" An authorization bypass in SaltStack Adobe's Big Last Tuesday, Non-Patch Tuesday, Update Google has announced its impending clean-up of the Chrome Web Store Warning about RDP is not crying wolf We invite you to read our show notes at https://www.grc.com/sn/SN-765-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit WWT.COM/TWIT barracuda.com/securitynow

Apple/Google Contact Tracing, Best VPNs to protect you. Apple/Google Contact Tracing Update iOS 0-Day Alert! Update Apple Mail Best VPNs to protect you from the Five Eyes TypoSquatting attacks Vitamin D linked to COVID-19 mortality Resource Public Key Infrastructure How BGP can break the Internet We invite you to read our show notes at https://www.grc.com/sn/SN-764-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SECURITYNOW expressvpn.com/securitynow

Zoom Fixes Security, EARN IT is Evil, Tor in Trouble Zoom gets big-name help with security fixes Google updates Chrome to v81.0.4044.113 to squash a critical flaw FTP in Chrome lives another day! Google "undepreciates" FTP. Windows Patch Tuesday for April 2020 fixes 113 vulnerabilities "Basic Authentication" lives another day! Due to COVID-19, Microsoft and Google will keep "Basic Authentication" around for a little while longer EARN IT Act: call your Senator before it is too late! Tor Project fires over 1/3 of its staff Cloudflare dumps Google's reCAPTCHA We invite you to read our show notes at https://www.grc.com/sn/SN-763-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: extrahop.com/TWIT WWT.COM/TWIT