Security Now (Audio)

Apple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of Life Apple & Google Virus Contact Tracing: secure and effective Zoom gets another Zoom-bombing mitigation... and a Class-Action Lawsuit Meanwhile, Zoom has enlisted the aid of Alex Stamos Zoom creates a CISO Council What's next for Zoom? Browser Security News: Chrome 81 and Firefox 75 Android Apps Again in the Crosshairs Sandboxie goes Open Source RIP John Conway, creator of Conway's Game of Life We invite you to read our show notes at https://www.grc.com/sn/SN-762-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT

Zoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative! Mozilla just patched a pair of CRITICAL 0-days Eight security bugs eliminated from Chrome last week Safari gets a bunch of very important fixes Chrome and Edge join Mozilla in postponing the deprecation of TLS v1.0 and v1.1 Chrome team reversing themselves on the enforcement of Same Site cookies Edge with Vertical Tabs and Smart Copy The return of STIR & SHAKEN Cloudflare has added Parental Control to their 1.1.1.1 DNS service Cloudflare's new service accidentally blocks LGBTQIA+ sites We invite you to read our show notes at https://www.grc.com/sn/SN-761-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT LastPass.com/twit

iOS VPN bug, Coronavirus Folding@Home VPN bug in iOS 13.4 Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19. RDP and VPN use skyrocketing To 'www' or not to 'www' Firefox 76 to finally stop assuming "HTTP" Google again revises its schedule for Chrome releases Microsoft moves to support "Shadow Stacks" Cloudflare's 1.1.1.1 DNS is audited by KPMG We invite you to read our show notes at https://www.grc.com/sn/SN-760-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: expressvpn.com/securitynow

iOS VPN bug, Coronavirus Folding@Home VPN bug in iOS 13.4 Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19. RDP and VPN use skyrocketing To 'www' or not to 'www' Firefox 76 to finally stop assuming "HTTP" Google again revises its schedule for Chrome releases Microsoft moves to support "Shadow Stacks" Cloudflare's 1.1.1.1 DNS is audited by KPMG We invite you to read our show notes at https://www.grc.com/sn/SN-760-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: expressvpn.com/securitynow

This week's stories: Two new un-patched 0-days affecting billions of Windows users - here is the fix! Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirus A micropatch for Win7 and Server 2008 Chrome's release schedule has been impacted by the coronavirus Avast emergency-disables their internal JavaScript emulator CookieThief - "FireSheep evolves for the 21st century" PwnToOwn Spring 2020 winners Steve's coronavirus journey The fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Wasabi.com offer code SECURITYNOW

This Week's Stories: Does Steve have coronavirus? Maybe? He got very sick over the weekend and is still coughing, but he couldn't get tested. Mayhem ensues after last week's Patch Tuesday List of free technology services during coronavirus, from Adobe to Zoom The state of open source vulnerabilities The "EARN IT" act is a despicable attack on encryption and freedom of speech. Please call your congressperson and tell them not to support it. The SMBGhost Fiasco Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT FreshBooks.com/securitynow WWT.COM/TWIT

This Week's Stories Microsoft, Google, LogMeIn & Cisco offer limited-time free use of telecommuting Tools Hack the Pentagon! The Android security dilemma AMD processors get some unwelcome but necessary side-channel attack scrutiny Intel also has some serious new trouble on its hands SETI@home shuts down its distributed computing project after 21 years Critical PPP daemon flaw opens most Linux systems to remote hackers FuzzBench: fuzzer benchmarking as a service Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit Melissa.com/twit itpro.tv/securitynow promo code SN30

This Week's Stories Lets Encrypt hits 1 BILLION certs Pakistan passes Internet censorship law Clearview AI breach: clients and searches stolen Swiss government submits criminal complaint over CIA Crypto spying scandal Ghostcat - (Apache) Tomcat Users: Update NOW! Revisiting OCSP Must Staple Kr00k: serious WiFi vulnerability affecting more than a billion devices Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit WWT.COM/TWIT expressvpn.com/securitynow

This Week's Security News: More Windows 10 lost profile pain A micropatch for the jscript.dll problem Coming in the next Feature Release (Win10 2004): optional device driver updates A new attack on 4G LTE and 5G Starting today: DoH by default on Firefox A new next-generation WebAssembly sandbox is coming first to Linux and Mac and then to Windows Chrome was just updated to close a 0-day attack Safari will only trust certificates with a validity of 398 days or less Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SECURITYNOW plextrac.com/twit privacy.com/securitynow

TWiT Audience Survey- ENDS FEBRUARY 19TH!!! It's time for TWiT's annual audience survey and we want to hear from you! It only takes five minutes. Please visit twit.tv/survey and let us know what you think. There's no sign-up form and we don't track you. Your feedback helps us make TWiT even better." This Week's Stories How to fix the Windows 7 "You don't have permission to shut down this computer." error Win10's "One Button PC Reset" fails after KB4524244. And, also... "The new disappearing User Profile problem" (Desktop and all user data) The popular "GDPR Cookie Consent" Wordpress plugin had a critical flaw Whoa! The average tenure of a CISO is just 26 months due to high stress and burnout Microsoft's "ElectionGuard" being used for the first time today! IoT lightbulb vulnerabilities are not such a joke, after all. SweynTooth Vulnerabilities: a set of more than 12 newly discovered vulnerabilities across a wide range of Bluetooth devices, many of which will never be updated, which allow for, among other things, full device compromise. We invite you to read our show notes at https://www.grc.com/sn/SN-754-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT FreshBooks.com/securitynow canary.tools/twit - use code: TWIT

Twitter, Google, and Facebook tell Clearview AI to stop stealing your face to catch crooks The NIST is testing methods to recover data from smashed smartphones Whoa! We get to REMAIN with Security Essentials under Windows 7! Microsoft drops a fix for the wallpaper stretch black screen Windows 7 users are being told: "You don't have permission to shut down this computer." Win10 Firefox users being "reminded" about Edge Last week Google closed an Android RCE flaw in the BlueTooth daemon. Data Exfiltration Technique of the Week CIA Uses Crypto AG to spy on the world Chrome 80 appeared last week with its implementation of the updated handling of the optional "SameSite" enforcement cookie property We invite you to read our show notes at https://www.grc.com/sn/SN-753-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 Melissa.com/twit

This Week's Stories: - L1D Eviction Sampling becomes "CacheOut" - Only one final version of Windows? - Windows 7 and the Free Software Foundation - Windows 7's final patch broke wallpaper stretching - RCE Exploit for Windows RDP Gateway Demoed by Researcher - Google more than doubles its own bug bounty record - The return of Roskomnadzor! - Facebook DID get fined, but not by Russia - who exactly owns our biometric data? - Avast Jumpshot missed the hoop - An Update on the WireGuard VPN in the Linux kernel - In this week's Best Hack of the New Decade... a little red wagon Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow WWT.COM/TWIT LastPass.com/twit

This Week's Stories: Is Apple actually encrypting our iCloud storage backups? 250 Million Microsoft Customer Support Records Exposed Online New York state is aiming to ban the use of public funds for Ransomware New Muhstik Botnet Attacks Target Tomato Routers Chrome under attack from browser extensions Firefox under attack from browser extensions NIST publishes a new Privacy Framework Hacker Leaks More Than 500K Telnet Credentials for IoT Devices A Welcome "Micro Patch" for the Windows IE jscript.dll 0-day vulnerability SHA-1 is a Shambles. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: privacy.com/securitynow

This Week's Stories: iPhones join Android in being a Google account security key. How much "substantive assistance" did Apple provide in the Pensacola investigation? A brand new serious Internet Explorer 0-day Giving Windows an additional Edge FBI says nation-state actors breached a US city government and a US financial entity by exploiting Pulse Secure VPN servers. Critical new Windows Remote Desktop Gateway (RD Gateway) remote code execution vulnerability SQRL for Drupal Microsoft issues security update to fix "CurveBall" vulnerability Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT Melissa.com/twit Wasabi.com offer code SecurityNow

This Week's Stories: Windows 7 support dies today, but 1 in 7 PCs are still running it Cablehaunt- the remote exploit with the catchy logo that works on ALL cable modems US government still wants backdoor access to iPhones CheckRain iPhone jailbreak keeps getting better How Apple scans your photos for evidence of child abuse The sim swapping threat Anatomy/timeline of the exploitation of an unpatched VPN bug And speaking of patching right away... patch your Firefox browser right now! Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: FreshBooks.com/securitynow canary.tools/twit - use code: TWIT expressvpn.com/securitynow