Security Now 1037: Chinese Participation in MAPP
Released on August 6, 2025
Hosts: Leo Laporte and Steve Gibson
1. Show Anniversary and Reflections
As the podcast approaches its 20th anniversary, Steve Gibson and Leo Laporte reminisce about the show's humble beginnings. Steve humorously recalls a moment when he feared the show might run out of topics, but now, two decades later, Security Now remains a staple in tech discourse.
[01:24] Leo Laporte: "If you go to our Twit TV SN1, you can actually see the very first episode, which was August 9th, 2000... So that will be our birthday."
2. Microsoft SharePoint Patch Fiasco
The central discussion revolves around the recent SharePoint server vulnerability incident. Steve Gibson expresses deep concern over Microsoft's handling of patch releases, especially given their collaboration with Chinese engineers through the Microsoft Active Protections Program (MAPP).
[06:42] Leo Laporte: "I haven't looked at it. I haven't looked at it."
Steve elaborates on how Microsoft's reliance on Chinese developers may have inadvertently facilitated state-sponsored cyberattacks, questioning the integrity of Microsoft's patching process.
[27:35] Leo Laporte: "Well, by the way, did you read who these escorts are? They're not technical, they're military. They're just some guys."
3. ICANN and Webnick CC Registrar Misconduct
A significant portion of the episode highlights ICANN's breach notice to Webnick CC, an Asian domain registrar accused of neglecting DNS abuse mitigation. Steve underscores the severity of Webnick's non-compliance, emphasizing the potential risks posed by malicious actors exploiting their services.
[73:47] Leo Laporte: "Yeah, the ICANN logo is on here."
Steve details the exhaustive steps ICANN has taken to address Webnick's failures, illustrating the challenges in enforcing compliance within the domain registration industry.
4. Russian Espionage via SORM Systems
Steve presents a report from Microsoft's Threat Intelligence Group about Russia's sophisticated methods to monitor internet traffic of foreign embassies within its borders. Utilizing SORM (System for Operative Investigative Activities), Russian hackers install root certificates to perform man-in-the-middle attacks, effectively decrypting and surveilling embassy communications.
[40:49] Steve Gibson: "So Russia is able to freely impersonate any remote site the compromised target may visit... They get to see everything that's going on."
5. Dropbox Passwords Discontinuation
The hosts announce that Dropbox will discontinue its password manager service, urging listeners to switch to more secure alternatives like their sponsor, Bitwarden.
6. Signal's Potential Exit from Australia
Meredith Whitaker, President of the Signal Foundation, threatens to withdraw Signal from Australia in response to governmental demands for encryption backdoors. The discussion delves into the implications of such actions, emphasizing the importance of secure communications for individuals and government agencies alike.
[49:48] Leo Laporte: "Sounds like another Chinese ransomware gang, but okay, that's right."
7. YouTube’s Age Estimation Heuristics
YouTube is implementing machine learning-based age estimation to better tailor experiences for younger users. Steve critiques the use of heuristics but acknowledges their necessity in the absence of reliable age verification systems.
[57:12] Leo Laporte: "But okay, focus like a laser."
8. Chrome's Verified CRX Upload
Google introduces an optional Verified CRX Upload feature for Chrome extensions, enhancing security by ensuring extensions are signed with developers' private keys. Steve praises this move as a robust solution to prevent malicious code from unauthorized extensions.
9. Domain Registrar Compliance and Customer Impact
Returning to Webnick CC, Steve explains ICANN's process for transferring affected domains to reputable registrars if Webnick fails to comply. He underscores the potential disruption for hundreds of thousands of domain holders if Webnick's accreditation is terminated.
[100:43] Leo Laporte: "Did they write 'have a nice day' or did you add."
10. Listener Feedback and Age Verification Solutions
The episode addresses listener inquiries about age verification mechanisms. Steve discusses the TrueAge system integrated into state-issued digital driver's licenses, highlighting its limitations in ensuring minimal information disclosure online.
[131:28] Steve Gibson: "What happened to this."
He reflects on the balance between user privacy and effective age verification, acknowledging ongoing developments spearheaded by experts like Stina Aaron Fard.
11. Book Recommendation: "Artemis" by Andy Weir
Steve shares his enthusiasm for Andy Weir's novel "Artemis," praising its scientifically plausible and engaging narrative. Leo Laporte echoes the sentiment, appreciating the book's depth and character development.
[124:07] Leo Laporte: "Yeah, I'm really glad that she's taking this on. That's great."
12. TP-Link Archer C50 Vulnerability
Steve warns listeners about a critical security flaw (CVE-2025-6982) in TP-Link's Archer C50 routers, urging users to discontinue use and upgrade to more secure models.
[104:38] Leo Laporte: "A lot do that was recommended by Wirecutter for years as the best router."
13. Closing Remarks and Sponsorships
The episode concludes with acknowledgments of sponsors like BigID and Threat Locker, who provide data security and zero-trust solutions. Leo promotes the Club Twit membership, encouraging listeners to join for exclusive content and support of the show.
Notable Quotes:
- Steve Gibson [06:44]: "And our listeners are saying, oh, I can't wait to hear what happens when Leo sees this."
- Leo Laporte [161:56]: "So you have to constantly be vigilant. Fortunately, you don't have to do it for yourself. Delete Me will do it for you."
Conclusion: Security Now 1037 delves deep into the intricate web of cybersecurity, geopolitical tensions, and the evolving landscape of digital privacy. From Microsoft's controversial collaboration with Chinese engineers to the challenges of enforcing domain registrar compliance, the episode provides a comprehensive overview of current security issues. Additionally, discussions on age verification technologies and critical hardware vulnerabilities underscore the multifaceted nature of today's digital threats.
For full transcripts and additional resources, visit GRC.com