Security Now (Audio)

This Week's Stories: Cryptomining makes a comeback The top three most attacked ports Small office/home office (SOHO) routers and wireless access points: "SOHOpelessly Broken" Chrome gets an emergency update, to 77.0.3865.90 2019 CWE Top 25 Most Dangerous Software Errors We invite you to read our show notes at https://www.grc.com/sn/SN-733-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: ZipRecruiter.com/securitynow Wasabi.com offer code SecurityNow expressvpn.com/securitynow

This Week's Stories SIMjacker allows attackers to hijack any phone just by sending it an SMS message. Here comes iOS "Lucky" 13! Chrome follows Mozilla to DoH with a twist. Want to enable DoH in Chrome right now? You can, right now, if you wish. Chrome stops showing Extended Validation certs in the URL bar. Mozilla launches 'Firefox Private Network' VPN service as a browser extension. Windows Patch Tuesday redux Chrome Remote Desktop EXIM eMail servers are in trouble again. We invite you to read our show notes at https://www.grc.com/sn/SN-732-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT thehelm.com/SECURITYNOW go.itpro.tv/securitynow promo code SN30

This week's stories: Get rich quick spotting deepfakes! A forced two-day recess of all schools in Flagstaff, Arizona The case of a ransomware operator being too greedy Apple's controversial response to Google's discovery of Chinese iOS hacks Zerodium's new payout schedule and what it might mean. The final full public disclosure of BlueKeep exploitation code Serious PHP flaws, some potentially serious flaws found We invite you to read our show notes at https://www.grc.com/sn/SN-731-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT FreshBooks.com/securitynow redhat.com/heroes

This Week's Stories: Google expands its bug bounty program New bug bounty millionaires Google's Project Zero group dropped a bomb on iOS Ransomware attacks on local governments and businesses are on the rise We invite you to read our show notes at https://www.grc.com/sn/SN-730-Notes.pdf If you're in Boston on October 3rd, join LastPass and TWiT.tv for the Cybersecurity & Identity Trends, Unlocked event. Sign up at http://twit.to/unlocked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securitynow.cachefly.com LastPass.com/twit ZipRecruiter.com/securitynow

• Texas Ransomware Update• Remember that Kazakhstan cert?• The mixed-blessing of "wide open" source projects• RubyGems is in trouble again• Chrome to add data breach notification• iOS v12.4 updated quickly to 12.4.1• Next-gen ad privacyWe invite you to read our show notes at https://www.grc.com/sn/SN-729-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow Wasabi.com offer code SecurityNow WWT.COM/TWIT

Last Tuesday was another busy and important patch Tuesday And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again! Kaspersky facilitates independent web tracking So, what the heck is "CTF"? 23 Government agencies in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th RIP, EV: The coming demise of Extended Validation (EV) certificates And... So long FTP! HTTP/2 goes to the Movies "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR" We invite you to read our show notes at https://www.grc.com/sn/SN-728-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: thehelm.com/SECURITYNOW netscout.com

This Week's Stories BlackHat and Def Con 2019 Microsoft dangles $300,000 for Azure hacks at BlackHat... Hotel chaos from Germany's Chaos Computer Club 40 dangerous drivers Google's battle to allow its Incognito users' Incognitoness to be Incognito Microsoft ranks the industry's top bug hunters Apple bumps its bounties We invite you to read our show notes at https://www.grc.com/sn/SN-727-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: go.itpro.tv/securitynow promo code SN30 WWT.COM/TWIT canary.tools/twit - use code: TWIT

This week's stories• A widespread false alarm about Facebook's planned subversion of end-to-end encryption• Still more municipality Ransomware attacks• Anti-encryption saber rattling among the Five Eyes nations• Microsoft's discovery of Russian-backed IoT compromise• Chrome 76's changes• Black Hat and Def Con preview• The challenge of synchronizing a working set of files between two locations We invite you to read our show notes at https://www.grc.com/sn/SN-726-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com netscout.com

This Week's Stories Marcus Hutchins ... is Free! U.S. Attorney General Bill Barr on "warrant proof data encryption" What malware is the most popular underground? This Week in Ransomware Your NAS is Grass! 11 vulnerabilities in VxWorks' TCP/IP stack We invite you to read our show notes at https://www.grc.com/sn/SN-725-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow netscout.com

This Week's Stories Welcome to Kazakhstan! Please check your privacy at the border. Mozilla marking all non-HTTPS pages as "not secure" Chrome Incognito Mode getting a bit more incognito A forthcoming "super Incognito mode" for Firefox Rust-TLS outperforms OpenSSL in nearly every way Microsoft announces "ElectionGuard" during last week's Aspen Security Forum ProFTPD Server is wide open to remote compromise Sophos: "RDP exposed: the wolves already at your door" We invite you to read our show notes at https://www.grc.com/sn/SN-724-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT expressvpn.com/securitynow

Bullet points from last Tuesday's monthly Windows patches as well Notes from the end of Windows 7 Laporte County Under Ransomware Attack The mixed blessing of fining companies for self-reporting A survey of enterprise malware headaches Some Mozilla/ Firefox news Another (kinda obvious) way of exfiltrating information from a PC DNS Encryption We invite you to read our show notes at https://www.grc.com/sn/SN-723-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: netscout.com go.itpro.tv/securitynow promo code SN30 thehelm.com/SECURITYNOW

This Week's Stories Mozilla's privacy-enhancing DNS over HTTPS support Facial recognition and automobile license plate scanners The future of satellite-based Internet services How a Ruby code repository was hacked The UK GCHQ's proposal for adding "ghost" participants into private conversations We invite you to read our show notes at https://www.grc.com/sn/SN-722-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: redhat.com/heroes canary.tools/twit - use code: TWIT WWT.COM/TWIT

Ransomware in Florida and elsewhere The "Going Dark" anti-encryption debate A BlueKeep Proof of Concept demo produced by the guys at SophosLabs Massive publicly-exposed databases Chinese IoT manufacturer logs a million+ customer devices into a 2+ billion record publicly-exposed database The dilemma we have with the utter lack of oversight and control over our own IoT devices We invite you to read our show notes at https://www.grc.com/sn/SN-721-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com Wasabi.com offer code SecurityNow

Update on the Linux TCP SACK Kernel panic Hackers exploit a Firefox flaw and attack Coinbase Google corrects a flaw with Nestcam An elegant solution to OpenSSH key theft via Rowhammer attacks Update on the BlueKeep RDP vulnerability Verizon's negligence caused a major Cloudflare and Amazon customer outage NASA was infected by an APT for more than a year Should you pay ransomware? Microsoft's Chromium-based Edge browser update The state of the commercial Bug Bounty Business We invite you to read our show notes at https://www.grc.com/sn/SN-720-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Atlassian.com/teams/it thehelm.com/SECURITYNOW expressvpn.com/securitynow

A new DRAM problem called "RAMBleed" A bad Linux TCP SACK server kernel crashing flaw Last week's patch Tuesday A Bluetooth surprise Another useless warning about the BlueKeep vulnerability Microsoft misses a 90-day Tavis Ormandy deadline Good news about GandCrab wrap up Yubico's entropy mistake Post-announce SQRL news Our favorite iOS security app Attacks on Exim mail servers and other pending disasters We invite you to read our show notes at https://www.grc.com/sn/SN-719-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: pulseway.com/twit Wasabi.com offer code SecurityNow canary.tools/twit - use code: TWIT