Summary: <p>This week we discuss yesterday's further good privacy news from Apple, the continuation of VPNFilter, an extremely clever web browser cross-site information leakage side-channel attack, Microsoft Research's fork of OpenVPN for security in a post-quantum world, Microsoft drops the ball on a 0-day remote code execution vulnerability in JScript, Valve finally patches a longstanding and very potent RCE vulnerability, Redis caching servers continue to be in serious trouble, a previously patched IE 0-day continues to find victims, Google's latest Chrome browser has removed support for HTTP public key pinning (HPKP), and... what is "Certificate Transparency" and why do we need it?</p> <p>We invite you to read our <a href="https://www.grc.com/sn/SN-666-Notes.pdf">show notes</a>.</p> <p><strong>Hosts:</strong> <a href="https://twit.tv/people/steve-gibson">Steve Gibson</a> and <a href="https://twit.tv/people/leo-laporte">Leo Laporte</a></p> <p>Download or subscribe to this show at <a href="https://twit.tv/shows/security-now">https://twit.tv/shows/security-now</a>.</p> <p>You can submit a question to Security Now! at the <a href="https://www.grc.com/feedback.htm" target="_blank">GRC Feedback Page</a>.</p> <p>For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: <a href="https://www.grc.com/securitynow.htm" target="_blank">grc.com</a>, also the home of the best disk maintenance and recovery utility ever written <a href="https://www.grc.com/sr/spinrite.htm" target="_blank">Spinrite 6</a>.</p> <p>Bandwidth for Security Now is provided by <a href="https://www.cachefly.com/" target="_blank">CacheFly</a>.</p> <p><strong>Sponsors:</strong></p><ul> <li><a href="http://FreshBooks.com/securitynow">FreshBooks.com/securitynow</a></li> <li><a href="http://RocketMortgage.com/SecurityNow">RocketMortgage.com/SecurityNow</a></li> <li><a href="http://ITPro.TV/securitynow">ITPro.TV/securitynow - use code: SN30</a></li> </ul>
