Security Now (Audio)

This Week's Stories The Deadly Seven top cybersecurity attacks Russia successfully cuts itself off from the rest of the internet. Love Wawa? Surprise! Your credit card has been stolen. Huge Point of Sale attack on all of Landry's restaurants, including Rainforest Cafe. Python 2.7 Reaches End of Life After 20 Years. HackerOne's 20 top bug bounty programs A proposed standard for making warrant canaries machine-readable Xiaomi IoT camera owners can watch other Xiaomi users' video feeds. Microsoft is wrong on RDP vulnerability. Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 LastPass.com/twit WWT.COM/TWIT

The best of Security Now from 2019. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

On this Eve of 2020, we look back over the hacks of the past decade: The big news of 2010 was Stuxnet -- Boy did THAT make an impression Operation Aurora - the hack that changed Google The Sony Playstation Hack And then we have... Diginotar Edward Snowden The Target hack The Adobe hack Silk Road takedown Have I Been Pwned? The hack of Sony Pictures The hack of Mt. Gox Heartbleed RowHammer Ashley Madison data breach SIM swapping The Ukraine power grid hacks DNC hack Yahoo hacks go public The Shadow Brokers The birth of IoT botnets WannaCry / Petya / NotPetya Vault7 leaks MongoDB exposed Equifax Coinhive & Cryptojacking Meltdown, Spectre, and the CPU side-channel attacks Marriott gets hacked 2019 - The Year of the Ransomware We invite you to read our show notes at https://www.grc.com/sn/SN-746-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

This Week's Stories: Google turns over 1500 users' location data to catch Milwaukee arsonist Android's Messenger app offers its users verified SMS messaging conversations with supporting companies US Senate Judiciary Committee threatens Apple and Facebook Apple's iOS v13.3 adds support for hardware key dongle authentication in Safari Patch Tuesday shuts down a widespread elevation of privilege vulnerability Researchers discover prime factor collisions in active RSA certificates New Orleans hit by a ransomware attack on Friday the 13th Chrome stops displaying "www." Google re-enables their Chrome's new code integrity protection feature Plundervolt: software-based fault injection attacks against Intel SGX We invite you to read our show notes at https://www.grc.com/sn/SN-745-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: brave.com/TWIT Wasabi.com offer code SecurityNow expressvpn.com/securitynow

This Week's Stories Microsoft has started forcing feature updates on people who don't want them. Bypass to continue obtaining Win7 updates created. Microsoft's Project Verona continues moving forward. Microsoft's RDP client for iOS is back. Avast / AVG in the doghouse. Making a mountain out of a VPN molehill. We invite you to read our show notes at https://www.grc.com/sn/SN-744-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT WWT.COM/TWIT itpro.tv/securitynow promo code SN30

This Week's Stories Everyone can still upgrade to Windows 10 for free with this trick HP SSDs fail after 32768 hours The EU is not happy about a possible US encryption ban US government's formal permission to hack 110 nursing homes have been crippled by a ransomware attack Firefox is seriously pushing back on tracking signal leakage New problems with Windows DLLs The StrandHogg vulnerability We invite you to read our show notes at https://www.grc.com/sn/SN-743-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com Melissa.com/twit

The future of the Linux kernel underneath the Android OS Inherent challenges presented by the nature of the Android ecosystem VNC users: Time to update! A welcome change to Twitter & SMS-based 2FA A "foregone conclusion" to law enforcement's strategy to force password divulgence Pre-announcement from Microsoft about DNS Details of the emerging DoH protocol We invite you to read our show notes at https://www.grc.com/sn/SN-742-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow ECHOSEC.NET/SECURITYNOW privacy.com/securitynow

November's Patch Tuesday is the antepenultimate free Windows 7 update CheckM8 & https://Checkra.in GitHub launches Security Lab to boost open-source security Warrantless searches of devices at US borders were just ruled unconstitutional Another WhatsApp bug lets hackers quietly install spyware on your device ZombieLoad v2 The ByteCode Alliance http://tpm.fail/ We invite you to read our show notes at https://www.grc.com/sn/SN-741-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 Melissa.com/twit Wasabi.com offer code SecurityNow

CheckM8 & Checkra.in moves to first public beta The case of the misbehaving transducer BlueKeep and Microsoft BlueKeep and BSODs BlueKeep and Marcus Hutchins Mozilla on DoH -vs- COMCAST Yet another approach for solving the problem of certificate revocation within a more limited scope. We invite you to read our show notes at https://www.grc.com/sn/SN-740-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT FreshBooks.com/securitynow canary.tools/twit - use code: TWIT

October's Windows Patch Tuesday BROKE Windows' ability to connect to a significant number of the Internet's websites. Here's how to fix it. Chrome 78 disables Code Integrity Check to mitigate "Aw Snap!" crashes. "Chrome 78 patches a Chrome 0-day which had been discovered by Kaspersky being exploited in the wild." News from the Edge: the first Chromium-based Microsoft Edge Stable Release Candidate. Microarchitectural Data Sampling Vulnerabilities. Trouble for QNAP NAS devices exposed to the Internet. MSP's -- Managed Service Providers -- are a major vector for ransomware delivery. Five months after returning a rental car, man still has the remote control. Chinese-made drones in the US are being grounded. The DNS-over-HTTPS (DoH) controversy. BlueKeep-based attacks have finally started, and what we predicted on this podcast has finally happened. We invite you to read our show notes at https://www.grc.com/sn/SN-739-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow LastPass.com/twit securitynow.cachefly.com

This Week's Stories 3rd-party antivirus strikes again Windows Defender offline scan Adobe databases hacked Johannesburg hit by ransomware Firefox's anti-tracking effectiveness Bad new PHP/NGINX RCE being exploited in the wild Goodbye SMS (maybe kinda) Hello RCS? Forced Password Disclosure We invite you to read our show notes: https://www.grc.com/sn/SN-738-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow WWT.COM/TWIT ECHOSEC.NET/SECURITYNOW

Pixel 4 Face Unlock is so easy you can do it with your eyes closed! Samsung Galaxy S10 and Note 10 fingerprint sensor can be foiled with a $3 screen protector. The frenzy to turn CheckM8 into a consumer-friendly iOS jailbreak. Steganography finds a new host file format. Security display changes are coming to Firefox 70. More on Microsoft's open source "ElectionGuard" election security system. A potentially serious flaw found in Realtek WiFi drivers. Yubikey for local Windows login has been officially released. We invite you to read our show notes at https://www.grc.com/sn/SN-737-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow expressvpn.com/securitynow

This week's stories A sobering reminder about supply chain attacks Facebook's stance on end-to-end encryption raises official protests UNIX's Co-Creator Ken Thompson's BSD UNIX Password Has Finally Been Cracked Japanese stalker finds idol using reflections in her eyes Americans and Digital Knowledge OpenPGP being built into Mozilla's Thunderbird eMail client Windows 10 Tamper Protection being enabled by default CheckM8We invite you to read our show notes at https://www.grc.com/sn/SN-736-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ECHOSEC.NET/SECURITYNOW go.itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT

Ransomware hits schools, hospitals, and hearing aid manufacturers Sodinokibi: the latest advances in Ransomware-as-a-Service Win7 Extended Security Updates are extended A new Nasty 0-Day RCE in vBulletin There's a new WannaCry in town We invite you to read our show notes at https://www.grc.com/sn/SN-735-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit WWT.COM/TWIT ZipRecruiter.com/securitynow

This Week's Stories The latest state-of-the-art secure solutions for cross-device, cross-location device synchronization Mozilla's recently announced plans to gradually and carefully bring DNS-over-HTTPS to all Firefox users in the US The EFF weighs in on DNS-over-HTTPS The 100% free VPN offering coming from our friends at Cloudflare We invite you to read our show notes at https://www.grc.com/sn/SN-734-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: FreshBooks.com/securitynow securitynow.cachefly.com LastPass.com/twit