• Last Tuesday was another busy and important patch Tuesday
• And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again!
• Kaspersky facilitates independent web tracking
• So, what the heck is "CTF"?
• 23 Government agencies in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th
• RIP, EV: The coming demise of Extended Validation (EV) certificates
• And... So long FTP!
• HTTP/2 goes to the Movies
• "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR"

We invite you to read our show notes at https://www.grc.com/sn/SN-728-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• thehelm.com/SECURITYNOW
• netscout.com

This Week's Stories

• BlackHat and Def Con 2019
• Microsoft dangles $300,000 for Azure hacks at BlackHat...
• Hotel chaos from Germany's Chaos Computer Club
• 40 dangerous drivers
• Google's battle to allow its Incognito users' Incognitoness to be Incognito
• Microsoft ranks the industry's top bug hunters
• Apple bumps its bounties

We invite you to read our show notes at https://www.grc.com/sn/SN-727-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• go.itpro.tv/securitynow promo code SN30
• WWT.COM/TWIT
• canary.tools/twit - use code: TWIT

This week's stories
• A widespread false alarm about Facebook's planned subversion of end-to-end encryption
• Still more municipality Ransomware attacks
• Anti-encryption saber rattling among the Five Eyes nations
• Microsoft's discovery of Russian-backed IoT compromise
• Chrome 76's changes
• Black Hat and Def Con preview
• The challenge of synchronizing a working set of files between two locations

We invite you to read our show notes at https://www.grc.com/sn/SN-726-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• LastPass.com/twit
• securitynow.cachefly.com
• netscout.com

This Week's Stories

• Marcus Hutchins ... is Free!
• U.S. Attorney General Bill Barr on "warrant proof data encryption"
• What malware is the most popular underground?
• This Week in Ransomware
• Your NAS is Grass!
• 11 vulnerabilities in VxWorks' TCP/IP stack

We invite you to read our show notes at https://www.grc.com/sn/SN-725-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Wasabi.com offer code SecurityNow
• netscout.com

This Week's Stories

• Welcome to Kazakhstan! Please check your privacy at the border.
• Mozilla marking all non-HTTPS pages as "not secure"
• Chrome Incognito Mode getting a bit more incognito
• A forthcoming "super Incognito mode" for Firefox
• Rust-TLS outperforms OpenSSL in nearly every way
• Microsoft announces "ElectionGuard" during last week's Aspen Security Forum
• ProFTPD Server is wide open to remote compromise
• Sophos: "RDP exposed: the wolves already at your door"

We invite you to read our show notes at https://www.grc.com/sn/SN-724-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WWT.COM/TWIT
• expressvpn.com/securitynow

• Bullet points from last Tuesday's monthly Windows patches as well
• Notes from the end of Windows 7
• Laporte County Under Ransomware Attack
• The mixed blessing of fining companies for self-reporting
• A survey of enterprise malware headaches
• Some Mozilla/ Firefox news
• Another (kinda obvious) way of exfiltrating information from a PC
• DNS Encryption

We invite you to read our show notes at https://www.grc.com/sn/SN-723-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• netscout.com
• go.itpro.tv/securitynow promo code SN30
• thehelm.com/SECURITYNOW

This Week's Stories

• Mozilla's privacy-enhancing DNS over HTTPS support
• Facial recognition and automobile license plate scanners
• The future of satellite-based Internet services
• How a Ruby code repository was hacked
• The UK GCHQ's proposal for adding "ghost" participants into private conversations

We invite you to read our show notes at https://www.grc.com/sn/SN-722-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• redhat.com/heroes
• canary.tools/twit - use code: TWIT
• WWT.COM/TWIT

• Ransomware in Florida and elsewhere
• The "Going Dark" anti-encryption debate
• A BlueKeep Proof of Concept demo produced by the guys at SophosLabs
• Massive publicly-exposed databases
• Chinese IoT manufacturer logs a million+ customer devices into a 2+ billion record publicly-exposed database
• The dilemma we have with the utter lack of oversight and control over our own IoT devices

We invite you to read our show notes at https://www.grc.com/sn/SN-721-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• LastPass.com/twit
• securitynow.cachefly.com
• Wasabi.com offer code SecurityNow

• Update on the Linux TCP SACK Kernel panic
• Hackers exploit a Firefox flaw and attack Coinbase
• Google corrects a flaw with Nestcam
• An elegant solution to OpenSSH key theft via Rowhammer attacks
• Update on the BlueKeep RDP vulnerability
• Verizon's negligence caused a major Cloudflare and Amazon customer outage
• NASA was infected by an APT for more than a year
• Should you pay ransomware?
• Microsoft's Chromium-based Edge browser update
• The state of the commercial Bug Bounty Business

We invite you to read our show notes at https://www.grc.com/sn/SN-720-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Atlassian.com/teams/it
• thehelm.com/SECURITYNOW
• expressvpn.com/securitynow

• A new DRAM problem called "RAMBleed"
• A bad Linux TCP SACK server kernel crashing flaw
• Last week's patch Tuesday
• A Bluetooth surprise
• Another useless warning about the BlueKeep vulnerability
• Microsoft misses a 90-day Tavis Ormandy deadline
• Good news about GandCrab wrap up
• Yubico's entropy mistake
• Post-announce SQRL news
• Our favorite iOS security app
• Attacks on Exim mail servers and other pending disasters

We invite you to read our show notes at https://www.grc.com/sn/SN-719-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• pulseway.com/twit
• Wasabi.com offer code SecurityNow
• canary.tools/twit - use code: TWIT