Security Now (MP3)

By TWiT

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 1769
Reviews: 7

Matt Aguirre
 Mar 10, 2019


 Feb 13, 2019


 Dec 24, 2018

Sergey Baranov
 Oct 10, 2018

CargoVanKilla
 Sep 21, 2018
Steve is an InfoSec genius. SpinRite for life!

Description

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

Episode Date
SN 710: DragonBlood
2:12:13

Security Now (Audio)

• DragonBlood: the first effective attack on the new WPA3 protocol
• Malicious use of the URL tracking "ping" attribute
• The WinRAR Nightmare
• More 3rd-party A/V troubles with Microsoft
• What good did April's patch Tuesday accomplish?
• Adobe 's big patch Tuesday
• Google considering automatically blocking "high risk" downloads
• Russia's Roskomnadzor finally lowers the boom on Facebook
• The incredible Taj Mahal APT framework

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Apr 17, 2019
SN 709: URL "Ping" Tracking
2:15:04

Security Now (Audio)

This Week's Stories

  • Yet another capitulation in the (virtually lost) battle against tracking our behavior on the Internet with URL "ping" tracking.
  • UK government's plan to legislate, police and enforce online social media content
  • Microsoft's Chromium-based Edge browser's security
  • Improvements to Windows 10's update management
  • News from the "spoofing biometrics" department
  • The worrisome state of Android mobile financial apps
  • NSA's GHIDRA software reverse engineering tool suite
  • Perhaps the dumbest thing Facebook has done yet (and by policy, not by mistake)
  • An important change in Win10 1809 external storage caching policy

Hosts: Jason Howell and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Apr 10, 2019
SN 708: Android Security
2:20:16

Security Now (Audio)

  • Android Security, 10 Years Later
  • WinRAR, a 20+ Year Old Tool With 500M Users, Acknowledged Vulnerability
  • Russian GPS Hacking and What It Means For Us
  • Android's April Fools Day Patches
  • Tesla Autopilot Spoofing
  • The ASUS "ShadowHammer" Attack
  • Windows 10 (last) October 2018 Update
  • A VMware Update

We invite you to read our show notes at https://www.grc.com/sn/SN-708-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Apr 03, 2019
SN 707: Tesla, Pwned
2:25:49

Security Now (Audio)

Results of the much anticipated Mid-March Vancouver Pwn2Own competition

  • The return of "Clippy", Microsoft's much-loathed dancing paperclip
  • Operation "ShadowHammer" which reports say compromised ASUS (... but did it?)
  • The ransomware attack on Norsk Hydro aluminum
  • The surprise renaming of Windows Defender
  • A severe bug revealed in the most popular PDF generating PHP library
  • An early look at Microsoft's forthcoming Chromium-based web browser
  • Hope for preventing caller ID spoofing
  • A needed update for users of PuTTY
  • Mozilla's decision to conditionally rely upon Windows' root store
  • Microsoft to offer virtual Windows 7 and 10 desktops through Azure
  • Details of the Windows 7 End of Life warning dialogue

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Mar 27, 2019
SN 706: Open Source eVoting
2:11:43

Security Now (Audio)

  • Last week's Patch Tuesday March Madness
  • Win7 SHA256 Windows Update... Update
  • Many attacks leveraging the recently discovered WinRAR vulnerability
  • What happens when Apple, Google, and GoDaddy all drop a bit?
  • A big recent jump in Mirai Botnet Capability
  • Compromised Counter-Strike gaming servers
  • Privacy enhancements coming in Android Q
  • A pair of very odd web browser extensions for Chrome and Firefox from Microsoft
  • A VERY exciting and encouraging project to create an entirely open eVoting system

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Mar 20, 2019
SN 705: SPOILER
2:29:32

Security Now (Audio)

  • 0-day exploit bidding war
  • NSA releases Ghidra v9
  • Firefox adds Tor privacy
  • A pair of nasty 0-days
  • A worrisome breach at Citrix
  • The risk of claiming to be an unhackable aftermarket car alarm
  • A new and interesting "Windows developers chatting with users" idea at Microsoft
  • A semi-solution to Windows updates crashing systems
  • Detailed news of the Marriott/Starwood breach, a bit of miscellany from
  • SPOILER: Another new and different consequence of speculation on Intel machines.

We invite you to read our show notes at https://www.grc.com/sn/SN-705-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Mar 13, 2019
SN 704: Careers in Bug Hunting
2:25:41

Security Now (Audio)

  • The increasing feasibility of making a sustainable career out of hunting for software bugs
  • A newly available improvement in Spectre mitigation performance and who can try it now
  • Adobe's ColdFusion emergency and patch,
  • More problems with A/V and self-signed certs
  • A Docker vulnerability being exploited in the wild
  • The end of Coinhive
  • A new major Wireshark release
  • A nifty web browser website screenshot hack
  • Continuing troubles with the over-privileged Thunderbolt interface
  • Bot-based credential stuffing attacks

We invite you to read our show notes at https://www.grc.com/sn/SN-704-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Mar 05, 2019
SN 703: Out in the Wild
1:52:45

Security Now (Audio)

  • A number of ongoing out-in-the-wild attacks
  • Another early-warned Drupal vulnerability
  • A 19-year old flaw in an obscure decompress for the "ACE" archive format
  • Microsoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.
  • Mozilla faces a dilemma about a wanna-be Certificate Authority and they also send a worried letter to Australia.
  • Microsoft's Edge browser is revealed to be secretly whitelisting 58 web domains which are allowed to bypass its "Click-To-Run" permission for Flash.
  • ICANN renews its plea for the Internet to adopt DNSSEC.
  • NVIDIA releases a handful of critical driver updates for Windows.
  • Apple increases the intelligence of it's Intelligent Tracking Prevention.

We invite you to read our show notes at https://www.grc.com/sn/SN-703-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Feb 27, 2019
SN 702: Authenticity on the Internet
2:12:35

Security Now (Audio)

  • Last week's doozy of a patch Tuesday for both Microsoft and Adobe
  • An interesting twist coming to Windows 7 and Server 2008 security updates
  • Eight mining apps pulled from the Windows Store
  • Another positive security initiative from Google
  • Electric scooters being hacked
  • Chipping away at Tor's privacy guarantees
  • A year and a half after Equifax, and where's the data?
  • The beginnings of GDPR-like legislation for US
  • An extremely concerning new and emerging threat for the Internet

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Feb 20, 2019
SN 701: Adiantum
2:15:41

Security Now (Audio)

  • Apple's most recent v12.1.4 iOS update and the two 0-day vulnerabilities it closed
  • Worrisome new Android image-display vulnerability
  • An interesting "reverse RDP" attack
  • The new LibreOffice & OpenOffice vulnerability
  • Microsoft's research into the primary source of software vulnerabilities
  • MaryJo gets an early peek at enterprise pricing for extending Windows 7 support
  • China and Russia continue their work to take control of their countries' Internet
  • Firefox's resumption of its A/V warning in release 65.
  • How Google does the Cha-Cha with their new "Adiantum" ultra-high-performance cryptographic cipher.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Feb 13, 2019