A

It's time for Security Now. Steve Gibson is here. FFMPEG says you ought to be using assembly language. Steve says, right on. Why would Chrome, the Chrome browser, start to offer to fill in your driver's licenses? Steve has a theory. Microsoft discovers a wild way you can get information out of LLMs. And finally, Steve takes a look at the fact that Amazon is suing Perplexity because they're using their agentic browser to buy things on Amazon. What's that all about? That and a whole lot more coming up next on Security Now.

B

Podcasts you love from people you Trust.

A

This is TWiT. This is Security now with Steve Gibson. Episode 1051, recorded Tuesday, November 11, 2025. Amazon sues perplexity. It's time once again for Security now the show.

B

You wait.

A

I wait all week for every Tuesday. We get together with this guy right here, Mr. Steve Gibson, to find out what's new in the world of security. More than 100,000 people listen every week. Steve and I wait for it as.

B

Much as they do. What is going to happen? What is going to happen this week?

A

Well, let me guess. Ransomware, security flaws? Actually, you've got a story. Your big story is a little different than the usual, but I'll let you.

B

Tease what's coming up. Well, it is because it's sort of the. Well, if you had three feet, it would be the other shoe.

A

It would be the shoe after the other shoe.

B

Yeah, yeah. After you run out of your two feet, there's. You're still holding this shoe and then you dropped it because why do I have a third shoe? I only have two feet.

A

The third shoe will drop later in the show. What else?

B

Yes, it will. We have not yet looked at the whole different issue of agency as regards what our browsers may do for us. And it turns out that's different than the robots txt file controversy that we got into with Cloudflare earlier or the. The AI browser getting confused with text from the Internet versus text from its commander in the prompt injection issue. This is different. Today's podcast I just titled and actually, Leo, this started out as just the first topic of news for the week, but as I fleshed out all the other news, it stayed big. And I thought, okay, let's just, let's focus on that as our, as our main issue. So today's title is Amazon Sues Perplexity, which is, well, first of all, boy, if you Google that, your browser explodes with hits. I mean, the, the whole Internet went nuts over this because everyone recognizes that this is a big issue which we're going to get to for our 11112025 Veterans Day episode of Security Now 1051 but what we got more stuff to talk about. We've got FFMPEG surprising everyone by deciding they they need to teach people assembly language in order to get FFmpeg's performance up where it needs to be.

A

Okay.

B

And they made some claims that that some some notable industry people said what? I don't think that's right. We'll talk about that. We've got the state of Nevada bragging, boasting about their recovery after not paying any ransom. Also oh, a rounding error netted a very clever attacker 128 plus million dollars in some defi. Who knows what the hell is going on. But we'll talk about that. Also, why would Chrome decide to start auto filling driver's license numbers? That's an interesting question.

A

Don't want.

B

The UK's six major telecom providers have decided that they're going to block number spoofing within the uk. Why didn't we think of that? XSLT is a feature that is being removed from all the browsers. But not tomorrow. Soon. But the question is will anyone notice? And if it's something that you depend upon, well you need to stop depending upon it. Kind of like Flash was once upon a time. Also, Firefox has decided to introduce paid support options for organizations. What Russia continues to fight against the run the non Russian Internet. Okay. I sad for Russian citizens. I guess Google has acquired another Internet security company. We'll talk about that. That. Oh Leo. The EU looks like they're gonna fix this whole cookie pop up banner nonsense.

A

Oh my God. No.

B

Yes.

A

Be still my heart.

B

I know it's gonna go away. You know it took them a few what? Years? Many years. Decades. But it's yes, it's coming. Yes. Also more countries are dropping Microsoft Office in favor of open alternatives. We've got more countries worrying about Chinese made buses phoning home. Microsoft had came up with a really interesting at first it looks like what? Yeah, what? Leakage from LLM by looking at encrypted LLM conversation TLS packets. But the darn thing actually works. And then we're going to look at what Amazon's lawsuit against perplexities agents mean for our next generation browsers. So lots of good stuff to talk about. I got a little update. I have a nice bit of feedback from one of our listeners about Spinrite an update on my DNS project at one year we're done and There was a third thing, I don't remember, but we'll get to it. And of course a great picture of the week. So I think maybe, you know, a good podcast once in a while you.

A

You gotta, you know, keep making them, some of them will turn out. I'm just joking. They're always great. And we are excited about the security now. Now, now. Security now. Now, now it's, it's security now, but first it'll be security in a minute. So sort of now, but first now.

B

Insecurity in a minute.

A

Insecurity temporarily. Actually, this is a solution you're going to want to know about if you are worried about ransomware. I often wonder how is it that these companies don't have some sort of data resiliency plan? You know, how is it that they are so vulnerable? Maybe they haven't heard about Veeam, our sponsor for this section of security now. When your data goes dark, Veeam turns the lights back on. Veeam keeps enterprise businesses running when digital disruptions like ransomware strike. How do they do it? By giving businesses powerful data recovery options. And that ensure you have the right tool for any scenario, even the worst case scenario. Broad, flexible workload coverage from clouds to containers and everything in between. That's, I think, one of the reasons it's challenging these days to have data resiliency. Your data is living in a lot of different places. With Veeam, you get full visibility into the security readiness of every single part of your data ecosystem. It's tested, it's documented and it's proven. In fact, you're going to use Veeam to make provable recovery plans that can be deployed with the click of a button. Verified recovery plans, plans you know will work. That's why Veeam is the number one global market leader in data resilience. Look, just call them the global leader in helping you stay calm under pressure. With Veeam, it's all good. Keep your business running@veeam.com that's V E E A M dot com. And if you know ransomware has brought your business down and you're. And you're looking at paying millions of dollars in ransomware. Don't look at me. I told you. Veeam.com. all right, Mr. Gibson, picture of the week. Time.

B

Picture of the week. So yes, sir, I gave this one the headline. An important consideration when you're able to decide where you should have your emergency.

A

Okay, let's take a look. Emergency phone not installed. That is absurd. Please do not have an emergency at this location. Okay.

B

Again, an important consideration when you're able to decide where you should have your emergency. Okay. So for those who are not seeing the video, we have a partially installed emergency phone kiosk, but only the external framework is there. The phone equipment has, you know, I mean, obviously that mechanical structure has to go in first. Then the phone installers come along and put the guts in. So this has no guts at this point. So somebody who didn't want the appearance of this bright yellow emergency kiosk, which is probably familiar to those in the area from other similar bright yellow emergency kiosk, didn't want anyone to believe that they could actually rely on this to report their emergency.

A

Don't run over there. No.

B

Yeah, right there. There's a sign that's posted where the phone equipment would be, handset and keypad and things saying, as Leo said, emergency phone not installed. Please do not have an emergency at this location.

A

No.

B

So, and many I. The mailing went out yesterday afternoon to our subscribers, about 19,261, I think we're at now. And many of them noted that there was a strange droid with a lightsaber in the background.

A

It's a fire hydrant, folks.

B

Come on. Yeah, and so I guess this must be like a heavy snow area. Don't you normally have, like, those things to indicate where the curbs are? And in this case, I guess if. If there was a fire and there was a lot of snow that was covering up the fire hydrant, which looks kind of stubby actually, this is not. This is like.

A

I'm wondering about this picture. It looks too much like a droid with a lightsaber to. I'm starting to think this is. There's some. A little tongue firmly planted in cheese.

B

I do think that that is a. That is a pole. Bright red pole sticking up from a fire hydrant. So that the fire equipment, you know, people I've also known as firemen are able. Will know where the buried, not very tall fire hydrant is if it would take about, what, 2ft. About 2ft of snowfall to. To cover up that hydrant. And then you'd think, I know there's. We know that there's no emergency phone service in this location, but there's got to be a fire hydrant around here somewhere. Fortunately, if there's a red post sticking up out of the snow, you go, ah, that's the. The fire droid that we could use to hook our hoses up to. So, yes, anyway, at this point, we're exhausted and it's time for another sponsor break. No, just kidding. All right, the news is But Assembly Language lives, which of course is a topic near and dear to me. Last Wednesday on the 5th, the official FFmpeg X account tweeted FFMPEG makes extensive use of handwritten assembly code for huge and they have in parens 10 to 50x speed increases and so we are providing assembly lessons to teach a new generation of assembly language. Programmers learn more here and they have a link to a GitHub account and page and then a big picture in in their their tweet FFMPEG assemblessons and it generated a lot of interest. This was November 4th early in the morning. So okay. People who posted to that thread which this FFMPEG posting started questioned that 10 to 50x speed improvement could possibly arise from coding in assembly versus an efficient high level language. And much as I love assembly and choose it for all of my own work, I agree what I suspect must be going on is a very unfair comparison. All modern processor instruction sets have extremely powerful and fast special purpose vector and array handling streaming instructions which are heavily pipelined and designed to do the kinds of things that FFMPEG needs to do with audio and video and those can be used when the entire solution has been deliberately designed around using them. So by comparison, any sort of more generic solution that did not use those super special purpose, you really can't do anything else with them. But this instructions would be massively handicapped by comparison. So any naive implementation which did accomplish the same function, which was written in a high level language but did not also take advantage of those special purposes, you know, like special purpose processor acceleration features would absolutely not have a chance. But you don't have to not take advantage of those instructions. If you're using high level language you can use those, you have to sometimes, you know, drop down briefly and manually request that instruction. But the current high level languages all allow you to drop down and hand code some things because it is recognized that there are some places where assembly language still can be the right way to solve a problem when it isn't explicit. When there isn't some explicit special casing that was done in the high level language for a given processor architecture. So anyway, I wanted to share this X posting from the FFMPEG group because those tutorials posted over on GitHub, both of all available in French, Spanish and English, might be of interest to anyone who's curious about assembly language. Since our listeners know that assembler is my preference, I'm often asked by our listeners and others how they should get started in pursuing, you know, some, you know, if if nothing else, just sort of, you know, dipping their toes into the water of assembly. So it might be that these FFMPEG assemblessons would be worth looking at and they do offer a discord server for asking and receiving questions that might arise. So you I have the link there in the show notes on page at the bottom of page two and I just wanted to put it on everybody's radar. Last May, an employee with the state of Nevada made the mistake of clicking on a malicious search engine ad which installed a malicious sysadmin tool from a spoofed website. Employee didn't know any better and this was back in May. Three months later Nevada received ransomware demands which it declined to pay, having finally recovered in full last Wednesday. The state's press release carried the headline Nevada completes 28 day recovery from statewide Cyber Incident, Refuses Ransom and Releases After Action Report. What they said was the Following Carson City, Nevada November 5, 2025 the Governor's Technology Office the GTO today released the 2025 Statewide Cyber Incident After Action Report detailing Nevada's 28 day recovery from an August ransomware attack. Guided by pre established incident playbooks and vendor agreements. The state did not pay a ransom, restored statewide services within four weeks and actually they they initially restored much more quickly. Well I want to cover this in detail because this is there's a template here that is useful and actually kind of impressive and recovered approximately 90% of impacted data that the other 20 they're not trusting yet so they want to be careful with that. The remaining items while still in control of the state will were not required for service restoration and are undergoing risk based review with continued monitoring. The state will take appropriate notification or remediation actions if new information emerges, they said. Governor Joe Lombardo said quote, Nevada's teams protected core services, paid our employees on time and recovered quickly without paying criminals. This is what disciplined planning, talented public servants and strong participants deliver for Nevadans, state CIO Timothy D. Galluzzi said. We executed then communicated our staff and agency partners worked around the clock and expert vendors with expert vendors to contain the threat, rebuild securely and bring services back online in measured phases. The numbers are 28 days to full service restoration across affected platforms. Around 90% of impacted data recovered residual items under risk based review with enhanced monitoring, no ransom paid response executed under cyber insurance and pre negotiated vendor agreements. 4212 overtime hours by 50 state employees at 210,000 600,000 I mean $210,600 direct overtime wages fully loaded estimated at $259,000 $1.314 million obligated to specialized partners forensic recovery, legal engineering to accelerate containment and rebuild and they said how Nevada stepped up continuity of operations payroll processed on schedule high impact public safety and citizen facing systems were restored in phased order speed and discipline around the clock. State teams executed 24. 7 playbooks alongside partners enabling a 28 day full restoration faster than many public sector timelines for incidents of similar scope. Fiscal responsibility surge work was led by state by state staff. Even using conservative fully loaded overtime costs the state avoided hundreds of thousands of dollars versus an contractor model meaning they kept it in in house largely while retaining institutional knowledge and tighter change control. Within hours Nevada engaged and I have a timeline I'll go over in a second but they wrote engaged pre positioned experts for forensics recovery and legal privacy support including Mandiant, Microsoft, Dart, Dell, shi, Palo Alto, Baker, Hostetler, that's the law firm and local engineering support from ERIS under cyber insurance and statewide contracts. The complete after action report outlines next phase hardening and modernization including the pursuit of a centrally managed security operations center, an SOC unified endpoint detection and response EDR identity hardening OS and application control and expanded workforce training to sustain resilience against evolving threats. In other words they as a consequence of their direct hands on involvement in this rather than just throwing up their hands and bringing in outside people, they got a bunch of takeaways which are informing them how to do better next time. Acknowledging that these threats are evolving.

A

I.

B

Cut out a lot of the glad handing that was in that announcement. They seem rather pleased with themselves over this. I was unable to find any indication of the size of the ransom demand they declined. I think it was never made public but given the reporting of the event at the end of August I imagine that the demand was hefty because the bad guys did knock the entire state off its knees. I mean they were down the all of the automated services went offline. I mean it was a sweeping attack. The Associated Press's headline at the time was Cyber attack shuts down Nevada State offices and websites. Governor's off office says and Reuters headline read at the time Nevada state offices close after wide ranging quote network security event. You betcha unquote. So the most interesting data comes from their complete 30 page after action report which I'm not going to dig everyone you know, drag everyone through. But among that there were a couple interesting tidbits we learn on on August 24, 2025, get this, at 1:50am Pacific Daylight Time, the State of Nevada Governor's technology office identified a system outage that resulted in multiple virtual machines going offline. Okay, 1:50am PDT on August 24th, guess what day of the week August 24th is? If you said Friday, Saturday, yes, Sunday, Sunday morning, 1:50am because you want nobody around. You want to, you want to take, you want to, to surprise as much as possible. You want to get as much dastardly deeds done during as much time as you have before anybody is able to, you know, wake up to this. So, you know, very much like the, you know, New Year's Eve or Christmas Eve sort of thing. So they, they wrote. Initially locked out of the systems, the GTO team successfully, that's the Governor's technology office team successfully regained access using backup credentials and discovered encrypted files alongside a ransom note. They isolated the affected VMS to prevent further spread of the ransomware. Legal counsel from Baker Hostetler LLP was engaged and promptly brought in Mandiant, a leader cybersecurity firm under Google Cloud there. Remember we talked about the Google's purchase of Mandiant a while ago to conduct a privileged forensic investigation. The investigation revealed that the threat actor had infiltrated the system as early as May 14th of that year of, of this year, 2025, when a state employee unknowingly downloaded a malware laced system admin tool from a spoofed website. This tool installed a hidden back door which remained active despite Symantec endpoint protection quarantining the tool. On June 26, the attacker escalated their access by installing a commercial remote monitoring software on multiple systems, compromising both standard and privileged user accounts. By mid August, the attacker had established encrypted tunnels and used remote desktop protocol RDP to move laterally across critical systems, accessing sensitive directories including the Password Vault server. On August 24, the attacker deleted backup volumes and deployed ransomware, encrypting VMs and disrupting critical services. And elsewhere. The report says between August 16 and August 24, the threat actor accessed multiple critical servers, including the Password Vault server, and retrieved credentials from 26 accounts. They meticulously cleared event logs to obscure their activities. On the day of the ransomware deployment, the attacker deleted backup volumes and altered security settings to facilitate the execution of unauthorized code. At 1:30am PDT, ransomware was deployed, encrypting VMs and disrupting critical services. And as I said, not surprisingly, August 24th was a Sunday. So very deliberately at 1:30am on a Sunday morning, the attackers uncloaked and attacked. They relied upon no one being around and minimal if any crew even later in the morning on a Sunday to enable their active attack to go unnoticed for as long as possible. This report, as I said, pats themselves on the back frequently and I've removed most of that since. It's not informative and it's frankly somewhat nauseating because they're like, okay, we get it guys. But in all fairness, Nevada's IT response was very impressive on that Sunday morning. At 1:52am the VMs that run the state were encrypted and went offline, crippling Systems statewide. By 7:37am on that same Sunday morning, the incident had been escalated to the CIO and governor's office only a little over two hours later. By 9:51am the credential lockout was lifted. Using backup credentials and access to the internal systems was obtained encrypted files and that ransom note than were discovered two and a half hours after that. By 12:37 in the early Sunday afternoon, the affected VMs had been isolated to prevent further malware spread. Four hours later. By 4:44pm Nevada's legal counsel was added and they added Google's mandiant forensic group to the effort. And 50 minutes after that, at 5:03pm on that same Sunday, recovery protocols were initiated and post attack recovery had begun. State government employees took an unplanned two day vacation that following Monday and Tuesday, by which time systems were beginning to come back up and online and they were able to return to work on Wednesday. So we're talking about a full rallying response by dinner time of the day it happened. The full recovery did take four weeks. It seems as though, you know, that might have been a bit faster. We don't know the details of where that time went, but it does sound like, you know, they didn't overpower their response. They didn't bring in outside people who actually, you know, would need to be brought up to speed because they paid, you know, a ton of overtime, $1.3 million in overtime to their own people in order to get this, you know, get back up on an online quickly. But overall Nevada is saying they spent $1.5 million rather than whatever the ransom was. And you could imagine it was yeah, oh yeah, 10, easily $10 million for a state to be, you know, you know, decrypted and, and you know, the, the decryption keys possessed. Obviously Nevada had good backups and they were offline and they did not get encrypted because they paid no ransom, which means they never got any keys from any bad guys.

A

Good.

B

So, you know, overall I would say this is quite an impressive response. This is what you would expect. And you'd have to imagine that they also showed their cyber security insurance firm that they were worth insuring, that you know, that they were going to be responsible, that they were not going to spend a ton of money. And so I would say that Nevada taxpayers should be impressed with this. This is the way it. I mean you'd rather not had that guy click the link, but as we've said before, this is now the low hanging fruit. I sent a note out to a bunch of, of my. Actually it's, it's the group I've talked about before. The, my, my, my group of high school buddies that I'm still in, in touch with because Ars Technica had a piece this morning about a threat that we've discussed several times already, but it's still so unknown and that was Ars Technicus Point was this, this very little known. They're calling it the click fix attack. It's where you are, you believe you're trying to prove that you're human through a new style of captcha. And of course captchas change from time to time. And so you're instructed to press the button to copy something from your browser onto your clipboard, then to open the run field down in windows and paste that command. Well, again, none of our. Hopefully no one listening to this podcast would do this but, but it turns out this is becoming extremely effective because it, you are. And the way I explained it to my group who are non technical, I said our contemporary browsers are all about containment. They are con. They are doing a very good job of containing all of the horrors and crap and malicious intent that is out on the Internet within the browser, within the browser's boundaries. But if you copy something out of the browser into Windows, you've violated that content, that containment and nothing prevents that from happening. Unfortunately at the moment if, you know, if the, the browser assumes, if you, that you, you want to copy something that you've seen online. Oh, okay. A URL or, or some text.

A

You know what you're doing? Yeah, it's your machine. Go ahead.

B

So it's, you know, so what, what we're going to need to have is some sort of, of. I'm, I'm blanking on the word something.

A

We're going to need something. That's for sure.

B

Yeah, that's definitely the case you copy something to your clipboard. Clipboard is the word I was looking for. We're going to need a, A clipboard source identification.

A

Yes.

B

So that if something is pasted from a browser, it's tagged as. As, like, like special caution. And so that for example, you just can't drop it into the run field of Windows and say paste without all kinds of warning sirens and stuff going off to prevent this kind of problem. So, you know, the, the, the, the. The where the clipboard got its contents is going to start is gonna. We're going to need to start tracking rather than, as you said, Leo, just assuming that the user knows what they're doing because. No, yeah, no, we.

A

Clearly, that's not too much asking way too much.

B

But anyway, you know, props for Nevada. They.

A

Yeah.

B

You know, you don't want to, you don't want to get hit by malware, but if you do, you want to be able to recover. You don't want to have to trust bad guys to, to give you your, your keys back. And we've seen that even when you get the keys from the bad guys, as they pointed out, and they weren't wrong, private sector firms still take months to recover. So look, look at Jaguar. You know, what a disaster.

A

Yeah.

B

So good job. Okay, now this is really interesting and, and wow. Okay. Last week, Checkpoint Research published an incident report describing an arcane attack on a defi. A decentralized finance platform called Balancer. And it, it occurs to me that saying arcane attack on a Defi platform is an oxymoron. I mean, is like, or, or, or redundant. I, I don't know. I mean, because it's like the, I mean, we have seen dumb like authentication mistakes being made where a third party system was attached to the API and so that credential got abused which allowed them to sneak code into the devs of the Defi platform. We talked about all that. That's not this. I'm not going to expend any great amount of effort in either me understanding the details or expecting anyone listening to this too. My strongest advice to everyone listening would be not, don't worry about the details. And after you hear why, I imagine that you'll agree. But what happened here is still so very cool, even if it's borderline incomprehensible that I, I wanted to share it. Okay. So Checkpoint titled they report how an attacker drained and I would argue earned, but we'll see. Drained $128 million from Balancer through a rounding Error exploit. Leo, this is just. This is so cool. Okay, again, I don't even understand. I can't begin to understand the details, but I'm going to share them so everyone can not understand them with me. Apparently, some attackers did understand this, and they literally leveraged. Because this is somehow about leverage. They leveraged the crap out of it. So here's what. Check.

A

Here's a technical term.

B

I believe that's a technical term. Yes. Checkpoint said on November 3rd. Right. So this just happened. 2025. Checkpoint Research's blockchain monitoring systems. Cool that they're even. We even have such things now. Detected a sophisticated exploit targeting Balancer V2's composable stable pool contracts, whatever that is. The attacker exploited arithmetic precision loss in pool invariant calculations.

A

Okay, yeah, you know when you're gonna.

B

Have some invariant pool leakage right there, I guess that's not good, right? To drain $128.64 million across six blockchain networks in under 30 minutes. They wrote the attack leveraged a rounding error vulnerability in the underscore upscale array function that, when combined with carefully crafted batch swap operations, allowed the attacker to artificially suppress bpt, the balancer pool token prices and extract value through repeated arbitrage cycles. The exploitation occurred primarily during attacker smart contract deployment, with the constructor executing 65 micro swaps that compounded precision loss to devastating effect. Yes, that was just the overview, folks.

A

The fact that they even figured this out is amazing. Amazing, right?

B

That's why I would say, arguably, they earned this money.

A

They earned it, like.

B

Yeah, okay, okay, so they said Balancer V2. Just to add insult to injury, I'll. I'll give you a little more. Balancer V2 uses a centralized vault contract that holds all tokens across all pools. Sep, of course, separating token storage from. From pool logic to reduce gas costs. It's like, what is that a typo?

A

It's reducing gas costs. That's the reason, of course. Yeah, that's right.

B

And enable capital efficiency, which you would want. This shared liquidity design meant a single vulnerability in pool math could affect all composable stable pools simultaneously. Of course. Which is exactly what happened in this attack. Balancer V2's internal balance system allows users to deposit tokens once and use them across multiple operations without repeated ERC20 transfers. Oh, naturally.

A

This sounds like the decombobulator thing. This is crazy.

B

I know. And it's true. This system became critical to the attack. The exploit contract accumulated stolen funds in its internal balance during deployment, then withdrew them to the Final recipient address in subsequent transactions. Composable stable pools use Curves Stable swap invariant formula to maintain price stability between similar assets. The invariant D, that's capital D for those who are following along represents total pool value and BPT price is calculated as D divided by total supply. However, the scaling operations that prepare balances for invariant calculations introduce rounding errors. Wouldn't you know though, the model roll down function performs integer division that rounds down when balances are small in the eight to nine way range. That's wei. We'll get to that in a second. This rounding creates significant relative errors, but relative is important here. Up to 10% precision loss per operation. Okay, now the term Wei W E I is important. A way is the smallest possible unit of Ethereum 1. Get this one. Ethereum is 10 to the 18th way. So one way is far less than 1 trillionth of a cent in value. So some super clever individual realized that by using these incredibly small balances, the rounding error, which would normally be utterly insignificant, would result in up to a 10% precision loss per operation down at the 8 to 9 way range. I'm sure not giving these people any of my money. Checkpoint then finishes their explanation by writing this precision error propagates to the invariant D calculation, causing abnormal reduction in the calculated value. Since BPT price equals D divided by total supply, the reduced D directly lowers BPT price, creating arbitrage opportunities for the attacker. Individual swaps produce negligible precision loss, but within a single batch Swap transaction containing 65 operations, these losses compound dramatically. I'll say the lack of invariant change validation allowed the attacker to systematically suppress BPT price through accumulated precision errors, extracting millions in value per pool. Okay, I'm. Wow. As I. As I said, I'm not sure that I would call this an attack at all. I mean, technically, maybe an extremely clever bad guy understood enough of the inner workings of this system and apparently we're the minority. Or maybe not. Leo, I wouldn't call us a minority, but there are others. Obviously Checkpoint has some people who understand this gobbly gook. So. Okay, but this guy understood the inner workings of the system to design an exploit of its inherent rounding error. And I and doing some other background research, it turns out this is understood that the fact that there's this rounding error down there has been known for quite a while. No one had figured out how to exploit it. He clearly started with a purely theoretical concept and made it work. And for his trouble, he's now slightly more than $128 million richer, whoever he is. And Wherever he is. So I'm not completely certain that he didn't earn it. What I am certain of is that none of my money, nor any money belonging to anyone I care about and have any influence over is ever going to get anywhere near any of that wacky arcane technology. It all gives me the heebie jeebies, which is another technical term. So, no, thank you. You know, I suppose I'm old fashioned, but I want to understand where I put my money, you know, even if it's under a mattress, because, wow, you know, where did it go? We don't know.

A

What do you mean, you know?

B

What do you mean you don't know? Well, you know, it was a rounding error. A rounding error worth $128 million. Where's my money? Well, we don't know. It crazy drained out. It's gone. So people paid for some monkey icons or something, and now Kevin is a lot richer than he used to be. I don't know what I do know, Leo.

A

Oh, I suspect I know, too.

B

I suspect you do.

A

Oh, you say that.

B

Stay tuned because after that we're going to find out why Chrome thinks it's a good idea to begin auto filling people's driver's license numbers and states where they obtain them.

A

Nuts. Just we know why, don't we? Yes, we do. Do we? I don't know. I'm going to find out.

B

I don't know if I'm going to find out. It's not good.

A

And I have some good news, Anthony. Nielsen came over and, and said, well, you got to turn that on. And then now I can. You can see my screen. So I'll show your chart later on. I made Anthony drive all the way here to flip a switch. I'm sorry, Anthony, but I appreciate it. And I could have sworn I flipped that switch myself earlier. But anyway, probably in the other direction. Yeah, probably. You know, they need big buttons to say on and off. Good, bad, good, bad for me. And the people work in the fine state of Nevada government offices. Actually, here's an ad for somebody who might be in the IT department in the state of Nevada. There is something you ought to know about Hawks Hunt, our sponsor for this segment. Security. Now, Hawks Hunt, as a security leader, your job, you get paid to protect your company against cyber attacks. I know, and you have our sympathy. I mean, if you listen to the show, we know it's getting harder and harder with more cyber attacks than ever. And here's the real problem. These phishing emails, they're generated with AI. Now, and they are letter perfect. You can't look at one and say, oh, that's a fake. Look at the English grammar or whatever. No, they duplicate a real email and they fool people. Here's the problem. Legacy. These traditional one size fits all awareness programs you're probably using, they don't stand a chance against today's phishing attacks. At most, they're going to send four kind of generic trainings every year. And most employees hate them. I mean, just ask your team. They ignore them. You know what they really hate? When somebody clicks on a, you know, on a training email thinking it's, oh, if they fall for it, then they're forced into embarrassing training programs. They feel like punishment and nobody ever learns from punishment. That's why more and more organizations are trying HOX Hunt. H O X H U N T Hox Hunt goes way beyond traditional security awareness. They, they actually change behaviors by gamifying it. They reward good clicks. They coach away the bad clicks. When an employee suspects an email might be a scam, Hox Hunt will tell them instantly, they highlight it. They, they practically set off bells and whistles and boom, you get a dopamine rush that gets your people like they, they're happy. They go, I did it. To learn to click to protect your company. This is the secret is to make it fun. People learn when they're having fun. As an admin, fun's not the right word, but they, they learn when they're engaged, right? And they're not going to be engaged and they feel like they're being spanked. As an admin, you'll love Hawkshunt too. You're not being spanked either. It makes it easy to automatically deliver phishing simulations and not just email, but slack teams. You can use the same AI the bad guys are using to mimic the latest real world attacks. You can make perfect phishing emails. And by the way, Hawkshunt lets you personalize the simulations to each employee based on department location, things you already know. So that makes these, it makes these. By the way, the hackers know all this stuff too, right? It makes these really effective. And then the instant micro trainings, little trainings, little fun things, solidify understanding and drive lasting, safe behaviors. You can trigger gamified security awareness training that awards employees with stars and badges, boosting completion rates and ensuring compliance. It may sound silly, but think about it. We are all motivated by that. You feel good when you're protecting your company. You did the right thing. You found the bad guy getting that reward. That acknowledgement goes a long way. You'll be able to choose from a huge library of customizable training packages. Or as I said, you can use their AI to generate your own hox, hut it has everything you need to run effective security training in one platform, meaning it's easy to measurably reduce your human cyber risk at scale. But you don't have to take my word for it. There are over 3,000 user reviews on G2, making HoxHunt the top rated security training platform for enterprise. Hox Hunt's number one and easiest to use. Best results Also recognized as a customer's choice by Gartner. And it's used by thousands of companies. Big ones like Qualcomm, AES, Nokia. They're using it to train millions of employees all over the globe. It really works. Visit hoxhunt.com securitynow right now to learn why modern secure companies are making the switch to Hawkshunt. Hoxhunt.com Security now. We thank them so much for supporting the good works Steve does and is doing here at Security Now. All right, Steve, on.

B

A little blurb from Google about a new feature in Chrome caught my eye and not in a good way. Get get a load of this one. Google wrote Chrome now helps you fill in passport, driver's license, vehicle information and more. No, they said Chrome already saves you. Huh? Saves you time every day by securely filling in your addresses, passwords and payment information. Today we're making it even more helpful for desktop users. With enhanced Autofill enabled, Chrome can now also fill in your passport and driver's license number, vehicle info like license plate or vin, and more. It can also better understand complex forms and varied formatting requirements, improving accuracy across the web. We've designed Enhanced autofill to be private and secure. When you enter relevant info into a form, Chrome will save this data only with your permission and protect it through encryption. And before filling in saved info on your behalf, Chrome will also ask you to confirm, keeping you in full control of your data. Starting today, these updates are available globally in all languages and we plan to support even more data types over the coming months. Okay, and then their little sample screenshot shows a form being filled in with fields for driver's license number and issuing state.

A

Huh?

B

Gee, you know, we've all gotten along so well until now without that.

A

How often so much work, Steve.

B

How often do we see websites asking us to provide them with our state issued identification, such as a driver's license number and the issuing state? It does kind of make you wonder why the Chrome devs might all of a sudden be thinking that making government identification data easier to fill out for websites might suddenly be useful and convenient when it has never come up before. Anyone around here have any sudden need to prove who they are and how old they are. There's one other thing about this recall that Google wrote we've designed enhanced autofill to be private and secure. When you enter relevant info into a form, Chrome will save this data only with your permission and protect it through encryption. And before filling in saved info on your behalf, Chrome will ask you to confirm, keeping you in full control of your data. Now, there's no doubt that they mean that even if the application for this information may be a concern, there's no doubt that Google will do their best to keep that data from leaking. The problem is leaking is what data does. It leaks. Right?

A

I mean, that's right.

B

That's what it does.

A

That's what it does.

B

Chrome is a good browser with excellent security, but it's still being constantly exploited and receiving patches to close zero day vulnerabilities that have been discovered being used in the wild. This is not any criticism of Chrome and its Chromium engine. Firefox and Safari are in the same boat. Today's web browsers have grown so complex and are also never being left alone. They're being constantly updated with the latest features that they can never, probably ever become completely impervious. So to me, you know, it's a convenience for my password manager to be able to fill out my credit card number and mailing delivery address information that comes in handy. But I memorized my California driver's license number 54 years ago and Right, yeah, aside, aside from having to add a zero to in front of its most significant digit when California ran out of numbers, it has never changed. So I've had no problem entering it. The perhaps what, maybe five or six times I've ever needed to provide my identity online, such as when I froze my credit reporting at the various agencies or when I signed up for Social Security. Other than that, it doesn't come up very often. But consider this. We're entering a very different universe. If the world's most popular web browser designers for some reason believe that in the future we're going to be needing to provide our government identification information with sufficient regularity that enabling our web browser to do that for us, we will be a benefit. And here's the other problem. Even if we trust Google to have done everything right about keeping that personally identifiable information secure and to never leak how can we possibly trust all of the many individual websites that are presumably all going to be asking for this information often enough for Google to have added this feature to Chrome? We all know that websites cannot keep secrets. They don't. Just ask Troy Hunt's have I been pwned site. And don't forget that massive database leak, Leo. You and I and hundreds of thousands of others all discovered had our searchable credit, our Social Security numbers searchable online. Further demonstration that websites leak. So this brings to mind that old adage about how to keep a secret. Don't tell anyone. I don't plan to tell Chrome or Firefox or Safari or even my trusted password manager anything more about me than they really require knowing for my own convenience. And I don't need to give my driver's license number out like, ever. With a few exceptions, if we get to a place where we're needing to frequently provide our driver's license numbers to random websites, then the Internet will have entered an entirely new era. And not a good one.

A

No.

B

So I don't know what Google knows, but I hope they're busy implementing, you know, identity protecting age assertion technologies rather than storing my driver's license number in an encrypted secure format so it can be given off, given out more easily. Because I don't ever want to be in a position where that's happening.

A

Yeah. Yeah. Wow. I didn't think of that till you said it. And then I realized, oi, yeah.

B

Why we haven't needed it until now. Now all of a sudden, what's changed?

A

Well, we know I turn off all of that stuff. Password, autofill, address, even address autofill, and credit card autofill. I don't, I don't think the browser is the right place for that stuff to be.

B

Well, it's, you know, and as we know, it's not multiplatform. It's. They, they don't do. As you know, they're not all as focused on it as our password managers are. And if it's on, then you end up with a collision of the autofill. Everybody's trying to fill a thing out. It's like, whoa, wait, whoa, right, hold on there.

A

No, yeah, and that's. I do keep it in bit Warden, and I keep all that other stuff in bit warden. I presume that's relatively safe if I need to fill it in, but like you, I never consciously memorize my driver's license number, but you enter it enough, it sticks.

B

I know. I don't know why? But I can run through it. I know, exactly.

A

It's not that long for one thing.

B

No, exactly. Yeah. And Minecraft has a little rhyme to it, so it's good. Oh. Oh, nice. Okay, so it's not often that I find myself envious of life in the uk. Not that there's anything wrong with the uk, it's just kind of hard to beat Southern California is all I'm saying. Yeah, but. But this next, Believe me, they envy you. I'm just gonna say this next bit of news would certainly be welcomed by our UK based listeners, and I wouldn't mind having some of it myself to go along with Southern California's sunshine. Last Wednesday, the Official Gov UK website posted this update under the headline Spoofed Numbers Blocked In Crackdown on Scammers. The Govern the the the UK Government wrote scammers hiding behind fake numbers will be unmasked under a new partnership with Britain's biggest There's six of them phone companies to protect the public from fraud A landmark new agreement between government and industry signed at the BT Tower today will see a raft of new measures to safeguard the UK's mobile network from fraud. It will make it harder than ever for criminals to trick people through scam calls, using cutting edge technology to expose fraudsters and bring them to justice. Scam calls and texts are a daily frustration for many, with criminals based abroad, often impersonating trusted organizations like banks and government departments to deceive people to steal money or personal information. Britain's six largest mobile networks have committed to upgrade their network within the next year to eliminate the ability to for foreign call centers to spoof UK numbers, making it clear that calls are originating from abroad. Exposing scammers Lies Data shows that 96% of mobile users decide whether to answer a call based on the number displayed on their screen, with three quarters unlikely to pick up if it's from an unknown international number. Advanced call tracing technology will also be rolled out across mobile networks to give police the intelligence to track down scammers operating across the country and dismantle their operations. New commitments to boost data sharing with the police will shine a light on the mobile networks that let scam calls slip through their net, empowering customers and making it harder for scams to go undetected. So in this regard, I could easily wish that the US would be as proactive as the uk. When you think about it, this is such a simple solution. Simply examine the telephone calls entering the uk. Just watch your national borders. It's trivial to know when a call coming in from outside the UK is is carrying a spoofed originating UK phone number. UK citizens traveling abroad who actually do have valid UK originating numbers will need to be admitted. But the agreement specifically talked about foreign call centers spoofing known UK numbers, so presumably there's some way to handle them separately. And yay to the uk. I. You know, this would be something we could all use.

A

Lord, we've said this. You've said this for years with regard to ISPs, but if the phone companies.

B

Did the same thing, it's exactly like ISPs who are saying, wait a minute, you know these packets do not have rip. And they're saying that they do, so let's drop them. Yeah, like what's.

A

How hard is that? And the phone company should do that. These this phone call is pretending to come from 707 area code, but it's not. Why should I allow it? Because they make money is why.

B

I'm sure. I know.

A

Yes.

B

Well, it's good that they stepped up.

A

Yeah.

B

Okay, so this is really interesting. Something that makes a lot of sense is pruning old and aging technologies from our web browsers. Browser bloat is is a very real thing. Not every idea that the Internet community comes up with gains or maintains a solid foothold. But unless, I mean, think Flash, right?

A

Yep.

B

But unless proactive measures are taken to deliberately scrape the dead bits out of our browsers, they just don't go away on their own. And the last thing anyone wants is having zombie code taking up space and polluting browsers with old, unmaintained and potentially exploitable code. So it was in that spirit that Google recently announced the planned deprecation and eventual total removal of a feature that hopefully no one listening to this podcast is using and needs, nor knows anyone who is or does. And if you or your enterprise do, you have at most one year to replace it with some other solution because it is going away. And I should mention that moving to Firefox or Safari probably won't help because both of them are hopeful that Google will succeed in this. Okay, so what's going away? Something that I suspect matters so little that most people listening have never even heard of it. It's called xslt, which is the official abbreviation for Extensible Style Sheet Language Transformations. XSLT is a declarative template based language that's used for transforming convenient to code, but difficult to view XML formatted data into other forms such as HTML. Here's what Mozilla posted about this just a few months ago Back in August, Mozilla wrote, our position is that it would be good for the long term health of the web platform and good for user security to remove xslt. And we support Chromium's effort to find out if it would be web compatible to remove support, which is an interesting way to phrase it. If it would be web compatible to remove support, meaning I think if it how badly it breaks things, if it turns out that it's not possible to remove support, then we think browsers should make an effort to improve the fundamental security properties of xslt, even at the cost of performance. While it's important to not break existing web content, it's also important to prevent security vulnerabilities. Thank you. Xslt, they wrote, has been in maintenance mode in browsers and has been an ongoing source of security issues. Features and technology are sometimes removed from browsers for this reason, even when doing so breaks some existing content. Examples include mutation events, window show, modal dialog function, keygen, and plugins. The usage of XSLT is lower than that of mutation events at the time of their removal, and Flash was very commonly used. If it turns out not to be possible to remove the feature, we'd like to replace our current implementation, says Mozilla. The main requirements would be compatibility with existing web content, addressing memory safety, security issues, and not regressing performance on non XSLT content. We've seen some interest in sandboxing live xslt, and if something with that shape satisfied our normal production requirements, we would ship it. Okay, so that was August Wednesday before last Google's Chrome group posted the headline Removing XSLT for a more secure browser and they wrote Chrome intends to deprecate and remove XSLT from the browser. This document details how you can migrate your code before the removal in late 2026. In other words, we're currently in late 2025, so you got a year. Actually, things start getting a little dicey in March as we'll see, they wrote Chromium has officially deprecated XSLT. Chromium has XSLT including the XSLT processor, JavaScript API and the XML style sheet processing instruction. We intend to remove support from from version 155 that's of Chrome November 17, 2026. So a year. The Firefox and WebKit projects have also indicated their plans to remove XSLT from their browser engines. This document provides some history context, explains how we're removing XSLT to make Chrome safer, and provides a path from migrating before These features are removed from the browser. Okay. Then Google then provides a timeline for this removal where starting next March, they cautiously tiptoe forward, disabling first by default, but not fully removing it yet, increasing portions of Chrome's XLT XSLT support. But the more interesting part of this event, since I really hope no one cares about the loss of XSLT itself, is what we learn about the feature and code support evolution of the web through the lens of this event. Here's what Google shared about the past and present of xslt since we now pretty much know its future. They wrote XSLT was recommended by the World Wide Web consortium our W3C on November 16th. Funny how these these November timelines line up. So around the same time 1999 end of the year 1999. So 26 years ago as a language for transforming XML documents into other formats, most commonly HTML for display in web browsers. In other words, it would be possible for a website to lit for a web browser to retrieve an undisplayable XML format document and and for the for the code in the browser to have xslt, which is like a declarative, non procedural, non explicitly executed template oriented language, kind of like CSS is to declaratively translate an XML document into HTML, which you would then stick into the dom, the document object model and render on the screen for the user. So that's a thing for 26 years. Before the official 1.0 recommendation, Microsoft took an early initiative by shipping a proprietary implementation based on the W3C working draft in get this, Internet Explorer 5. So yeah, released in March of 1999 following the official standard, Mozilla implemented native XSLT 1.0 support in Netscape 6 before we had Firefox Netscape 6 in late 2000, other major browsers, including Safari, Opera and later Chrome, also incorporated native XSLT 1.0 processors, making client side XML to HTML transformations a viable web technology in the early 2000s. So W3 the the W3C standardized on it produced a specification, and by the early 2000s all the browser community had it, meaning anybody could reasonably use it for presentation of information through a web browser where the source of that was an XML document, which is anything but presentable, Google said. The XSLT language itself continued to evolve with the release of XSLT 2.0 in 2007 and XSLT 3.0 in 2017. These updates introduce powerful features like regular expressions, improved data types, and the ability to process JSON, not just XML browser support however, this is interesting never followed today. Today, all major browser engines only provide native support for the original XSLT 1.0 from 199926 years ago. In other words, it wasn't important enough for them even to go to 2.0 in 07 or 3.0 in 2017. Stayed at 1.0, Google wrote. This lack of advancement, coupled with the rise of the use of JSON as a on the Wire format and JavaScript libraries and frameworks like jQuery, React and Vue JS that offer more flexible and powerful document object model manipulation and templating has led to a significant decline in the use of client side xslt. Its role within the web browser has been largely superseded by these JavaScript based technologies. So why does XSLT need to be removed? The continued inclusion of XSLT 1.0 in web browsers presents a significant and unnecessary security risk. The underlying libraries that process these transformations, such as Lib XSLT used by Chromium browsers and Firefox, are complex aging C C code bases. This type of code is notoriously susceptible to memory safety vulnerabilities like buffer overflows, which can lead to arbitrary code execution, for example, security audits and bug trackers have repeatedly identified high severity vulnerabilities in these parsers, and they cite two CVEs 20257425 and 2022 2834, both in LIB XSLT. And I just misspoke by the way a moment ago. As far as I know, Mozilla does not use the Lib. They implemented their own native code back in the early days back in Netscape 6. So because client side XSLT is now a niche, rarely used feature, these libraries, this is Google saying, receive far less maintenance and security scrutiny than the core JavaScript engines. Yet they represent a direct, potent attack surface for processing untrusted web content. Indeed, XSLT is is the source of several recent high profile security exploits that continue to put browser users at risk. The security risks of maintaining this brittle legacy functionality far outweighs its limited modern utility. Furthermore, the original purpose of client side XSLT transforming data into renderable HTML, has been superseded by safer, more ergonomic and better maintained JavaScript APIs. Modern web development relies on things like the Fetch API to retrieve data, typically JSON, and the DOM Parser API to safely parse XML or HTML strings into DOM structure within the browser's secure JavaScript sandbox. Frameworks like React Vue and Svelte Then manage the rendering of this data efficiently and securely. This modern toolchain is actively developed, benefits from the massive security investment in JavaScript engines, and is what virtually all web developers use today. Indeed, only about 0.02% of web page loads today actually use XSLT at all, with less than 0.001% using XSLT processing instructions. Okay, so, okay. To me, it sure sounds like they're doing an awful lot of apologizing for something that really just needs to die. On the other hand, even the end of the horrific Flash plugin. Remember those nightmares, Leo? I mean, we. We dined out on Flash so often on this podcast. Oh my God. Lord. I mean, it was just such a problem. And even that it took forever to finally say goodbye, which was painful. And it's true that for those vanishingly rare websites that, that are built in some fashion around XSLT, and who will stop functioning without it, XSLT's complete disappearance from the web could prove to be a significant inconvenience. So Google continued apologizing by writing, this is not a Chrome or Chromium only action. The other two major browser engines also support the removal of XSLT from. From. From the web platform WebKit and Gecko. For these reasons, deprecating and removing XSLT reduced the browser's attack surface for all users, simplify the web platform, and allow engineering resources to be focused on securing the technologies that actually power the modern web, with no practical loss of capability for developers. So what I love about this as a lesson is it's a perfect textbook example of the way all this should work. The web ecosystem needs to evolve to meet the evolving uses to which our web browsers are being put. But evolution doesn't only mean continually tacking on new feature after new feature without end. It necessarily also means trimming off the dead limbs so that the organism as a whole can remain as healthy as possible. This is never an easy thing to do, because someone, somewhere is going to see their website die through no fault of theirs. They will have been early adopters of an interesting technology that all browsers at the time built in and have supported ever since. Unfortunately, their use of that technology has left them being such a minuscule minority of the world that the sane decision on the part of the web browsers is to discontinue their support and to say they're sincerely sorry, which Google clearly is. If XSLT could be left in there without compromising all Internet users, it would be left in there. It would be left alone. But this old code, which still requires maintenance, sees so little use that it makes much more sense to just remove it than it does to expose everyone to its dangers, which require continual repair to deal with. So that's the way the web ecosystem goes. And, you know, it is the way it should go.

A

Yeah.

B

And speaking of the way it should go, Leo, the way I think this podcast should go.

A

Yes.

B

Is for me to have a sip of coffee while we take a break.

A

You know, coffee doesn't keep you up at night.

B

I don't drink it late in the day. I drink it. Okay. That doesn't keep me up. No. And I do drink espresso, which has a strong flavor, but it's. The caffeine is burned off by the additional roasting, Right.

A

I don't know. I can't. I have one cup in the morning and if I have another one, I won't sleep well. And I'm just jealous because I would love to drink coffee all day. Maybe I'll get some decaf. Although that seems like it should be anathema. But anyway, we will get back to the highly caffeinated Steve Gibson.

B

I like the. I like the caffeine bite. There is a. Yeah, I know you do? Yeah.

A

Yeah. Is that from the caffeine?

B

Yeah.

A

Oh, so decaf doesn't have that, huh?

B

No.

A

Oh, well. Oh, well. This portion of security now brought to you by Zscaler, the world's largest cloud security platform. The potential rewards of AI, I don't know if they outweigh the risks. They're both right. The rewards are probably too good to ignore, but you can't ignore the risks. Loss of sensitive data, attacks against enterprise managed AI. And of course, generative AI helps threat actors, helping them to, you know, create. We just were talking about phishing lures to write malicious code to automate data extraction. AI is a double edged sword. That's pretty clear. There were 1.3 million instances of Social Security numbers leaked. Well, we know that, you know, they leak for a variety of reasons, but 1.3 million instances of them leaked to AI applications, people using AI and giving that information to AI. ChatGPT and Microsoft Copilot alone saw nearly 3.2 million data violations. I think, you know, it's a variety of reasons. Employees use these, you know, SaaS, AI apps, kind of without thinking. Maybe you're giving it access without your knowledge to data on your system. Maybe it's time to rethink. For all of us, your organization's safe use of public and private AI. Just talk to Jeff Simon. He's Senior Vice President and Chief Security Officer at T Mobile. What a job they use Zscaler. He said, quote, Zscaler's fundamental difference in the technologies and SaaS space is it was built from the ground up to be a zero trust network access solution, which is the main outcome we were looking to drive. End quote. With Zscaler Zero Trust plus AI you could safely adopt generative AI and private AI to boost productivity across the business without risking exfiltrating private data. Zscaler Zero Trust architecture plus AI helps you reduce the risks of AI related data loss, protects against AI attacks. It does both to guarantee greater productivity and compliance. Maybe you ought to learn more About Zscaler@Zscaler.com Security that's Zscaler.com/Security. Thank you Zscaler for the work you do and for supporting Steve and the work he does. Now fully caffeinated, I give you Steve.

B

Gibson okay, so while we're on the subject of web browsers which we will be looking at again for today's main topic, I wanted to share Mozilla's posting last Friday which carried the headline Introducing Early Access for Firefox Support for Organizations. The pointer to this announcement described it as Paid Firefox Support for Corporate Customers, which made me curious. So this is what Mozilla said. They said Increasingly businesses, schools and government institutions deploy Firefox at scale for meaning everywhere for security, resilience and data sovereignty. Organizations have fine grained administrative and orchestration control of the browser's behavior using policies. With Firefox and the extended support release today we're opening Early Access to Firefox Support for Organizations. That's its official title, a new program that begins operation in January of 2026. So in a month or a month and a half, what Firefox Support for Organizations offers they said Support for Organizations is a dedicated offering for teams who need private issue triage and escalation, defined response times, custom deployment options and close collaboration with Mozilla's engineering and product teams. So they said Private Support channel accesses a dedicated support system where you can open private help tickets directly with expert support engineers. Issues are triaged at by severity level with defined response times and clear escalation paths to ensure timely resolution. Discounts on custom deployment Paid support customers get discounts on custom deployment work for integration projects, compatibility testing or or environment specific needs with custom development as a paid add on to support plans. Firefox can adapt with your infrastructure and third party updates and finally strategic collaboration gain early insight into upcoming development and help shape the Firefox Enterprise Roadmap through direct collaboration with Mozilla's team. So some opportunity to steer Firefox's future. They said support for organizations adds a new layer of help for teams and businesses that need confidential, reliable and customized levels of support. All Firefox users will continue to have full access to existing public resources, including documentation, the knowledge base and community forums. So they're saying none of that's changing and we'll keep improving those for everyone in the future. Support plans will help us better serve users who rely on Firefox for business critical and sensitive operations. If these levels of support are interesting for your organization, get in touch using our inquiry form and we'll get back to you with more information. So that's new and interesting to me. At first blush, this sounded like a bit of the result of a brainstorming meeting whose goal was to cook up new sources of revenue for Mozilla to, you know, help support Firefox. But I can also easily imagine that there has probably been some true demand for these services for which Mozilla had no such program. So organizations that wish to be able to depend upon Firefox and Mozilla will now have a way of being assured that they can do so while paying for the privilege. I dropped a link to this announcement into the show notes. It's here in the middle of page 12 and for anyone who's interested. And that blog posting contains links that allow you to follow up and get your organization listed. So, you know, it's Firefox has been just, you know, free and open source and it will continue to be so. But, you know, if there are organizations that have decided that they want to go fully Firefox, I can imagine if the price is right, saying, yeah, you know, we'd like to have access to Firefox's developers on a shorter leash so that we're able to get attention where we need it, where and when we need it. So I can see that that makes sense. Meanwhile, Russia's policy continues to starve their own citizens of Western services. Now, Akamai has reported service disruptions throughout Russia after the Russian government started filtering Akamai's traffic. This has led to disruptions for some Russian Akamai customers. Akamai says, yeah, it's aware of the government's actions, but it's unable to do anything about it. Right. It's mean, it's, you know, the, it's, it's Russian bandwidth on Russian wires. And so if they, you know, Akamai has a known block of, of IP presence. So if Russia wants to say no Akamai, they can. This may just be, you know, Russia issuing a, we're serious about this warning because they have not yet implemented a full blanket block. And Russia now requires foreign cloud providers, among which would be Akamai, to open local offices in country and register themselves with the state. So that may just be like, you know, a little bit of saber rattling on Russia's part saying, hey, you know, we told you, if you want to be bringing bandwidth into Russia, you've got to have a local office. And, and so far most organizations are saying we don't think we want to do it that much. And in some cases, if, if, if, if there, if the west is, is sanctioning, then it may not be legally possible for Western corporations to be running offices in, in Russia. And we know there's been a, a great exodus of that so far. A number of times in the past year, we've looked at the fine security work being performed by a company called Wiz and I've been forced to say, you know, Wiz, as in wizard, just to be clear. Another security firm, Mandiant, was also once independent and we often covered their work. They were then gobbled up by Google to become a division of that ever growing behemoth. So it's now time to report that Google's $32 billion acquisition of Wiz Security just passed U.S. regulatory approval. Although there are some other jurisdictions in which approval is still pending, it appears certain that Wiz will be joining Mandiant as a new Google property, an Alphabet property. And so Google increases their Internet security offering group and, you know, mandate's still doing great work. I imagine Wiz will be too. It's just, you know, Google has so much money, they're just, they're spending some of it and. Leo.

A

Yes?

B

Believe it or not. Please, please, I know.

A

Please tell me it's true. Don't tease me.

B

A recently obtained leaked copy of proposed changes to the EU's comically horrific GDPR regulation, which forced, among other things, all websites everywhere to constantly request their visitors. Cookie preferences will finally change the requirements to work oh my God. The way they always should have. It's hard to believe I've read the language. The new regulations allow web browser users to configure their browsers, their browsers once and for all to subsequently transmit their cookie tracking and direct marketing preferences to every website they visit.

A

Omg.

B

This would, this would be a formalized variant of The DNT do not track header or the gpc, the Global Privacy Control Signal header. But it would be done by, you know, by GDPR regulations EU wide which as we know has a, has a global effect. Because I'm in Southern California and I'm still getting cookie banners, thank you very much. The regulations also legally require every website, which is the part that matters, to silently comply with and obey any such preference transmission from a browser's headers. Once adopted and following a six month implementation grace period to give websites a chance to. Com to get up to speed, these amended requirements would be backed by the full weight, force and effect of the EU's GDPR which as we know originally was involved in these cookie pop ups on the entire world. So the constantly annoying cookie request banners would finally disappear and users who care will be able to set and forget their preference and in their browsers once and for all.

A

Of course I just use UBlock origin to block them, but still. Yeah, yeah, it'd be nice.

B

This will be. Well, I mean but. And this will be built into the browser. So much higher traction we could expect over time. Right, right. You know, and I'll do things like, you know, have GRC display a banner when people don't have these set just to let them know, hey, you know, you've got a browser that supports this, maybe you want to think about turning it on. You bet. Last week we also saw another pair of migrations away from dependence upon Microsoft's closed proprietary solutions. The International Criminal Court. I got a kick out of this one, Leo. They dropped their use of Microsoft Office in favor of Open Desk in response to the US sanctioning some of its judges. So the US sanctioned some judges over something that we didn't like that the. You. The International Criminal Court did I, I saw it go by at the time. I don't remember now what it was. And so the, the ICC said okay, we're going to switch over to Open Desk. Thanks very much. Also. Oh yeah. Austria's armed forces abandoned Office for Libre Office while the Austrian Ministry of Economy has moved from Microsoft's Azure over to nextcloud. So you know, the non domestic dependence on Microsoft proprietary solutions is really changing and I hope Microsoft, somebody there is paying attention because you know, they've certainly been enriched by their, the global dominance they had. And it's, I'm sure it's still there but it's waning. You know, there's handwriting on the wall. Speaking of handwriting, recall that last week we noted that officials in Oslo, Norway became worried about the hidden and undocumented cellular radios they found scattered throughout their Chinese made electric buses. So out of an abundance of caution, they pulled the SIM chips out of all of them to shut those radios down. Because, you know, why not tell us why they're here at least if you're going to have them. I just want to follow up this week by noting that Norway's discovery has shaken assumptions so that investigations are now underway in several other countries including Australia, Denmark, the UK and the Netherlands. All of them are driving their buses into large bus sized Faraday cages.

A

That's why.

B

Okay, what's up with you? What's going on here? Yeah, okay, so this is extremely cool, this next piece and at first I like what are you what? Microsoft's claim in the introduction of what they named their whisper leak attack brought me up short because what it was claiming to do seemed far from plausible. They proved otherwise. They wrote. Microsoft has discovered a new type of side channel attack. Oh, and this is for our listeners who have not been listening for long. This is probably the best example of a side channel attack on cryptography on encryption that we will ever see. I mean this is, this is so good. So if you've been wondering what side channel is and you haven't gone back to earlier episodes, we know that, that our truck driving friend is, is catching up. He's probably, you know, up to episode 100 now. He was on 52 or something when we last checked in with him. This is a perfect classic example of a side channel attack. So they wrote Microsoft discovered a new type of side channel attack on remote language models. This type of side channel attack could allow a cyber attacker a position to observe your network traffic to. Oh, sorry. And actually they, they meant in the position to observe your network traffic to conclude language model conversation topics. Despite being end to end encrypted via transport layer security, we've worked with multiple vendors to get the risk mitigated. In other words, this has been fixed now as well as made sure Microsoft owned language model frameworks are protected. Okay, so now what Microsoft is saying here that they've discovered some sort of side channel attack on a fully encrypted TLS connection which can reveal large language model conversation topics. They then tell us why we should care Writing in the last couple of years, AI powered chatbots have become rapidly an integral part of our daily lives, assisting with everything from answering questions and generating content to coding and personal productivity. As these AI systems continue to evolve, they're increasingly used in sensitive contexts including healthcare, legal advice and personal conversations. This makes it crucial to ensure that the data exchange between humans and language models remains anonymous and secure. Without strong privacy protections, users may be targeted or hesitate to share information, limiting the chatbox usefulness and raising ethical concerns. Implementing robust anonymization techniques, encryption and strict data retention policies is essential to trust and safeguarding user privacy in an era where AI powered interactions are becoming the norm. In this blog post we present a novel side channel attack against streaming mode language models that uses packet network sizes and timings. Okay, uses packet sizes and timings. This puts the privacy of user and enterprise communications with chatbots at risk despite having end to end encryption. So okay, it can't. It's not claiming to determine what they're saying, but it appears to be able to determine if the discussion is about a specific topic. Okay, so this is certainly not nothing. I'll let them finish. They wrote cyber attackers in a position to observe the encrypted traffic. For example a nation state actor at the Internet Service Provider layer, someone on the local network or someone connected to the same WI FI router could use this cyber attack to infer if the user's prompt is on a specific topic. This especially poses real world risks to users by oppressive governments who where they may be targeting topics such as protesting, banned material, election process or journalism. Finally, we discuss mitigations implemented by cloud providers of language models to reduce the privacy attack risks against their users. Through this process, we have successfully worked with multiple vendors to get these privacy issues addressed. Okay, so Microsoft's post then reminds us that packet length depends upon packet content. Less content means smaller packets, and also that the cipher text that's encrypted from plain text will have the same approximate length as the plain text it encrypts. Next we have the fact that users of cloud based AI prefer watching the AI generating and sending tokens of text as they're generated sequentially. Right? It's in streaming mode, as it's called it, you know, as if the AI was busily typing on its computer on its end. This means that rather than waiting to receive the entire output all at once, the AI models are deliberately dribbling it out as it's being determined. That also means that the TLS protocol is similarly dribbling out individual encrypted packets one by one as they're being sent to the user, containing in many cases individual encrypted words. And finally, the timing of the individual dribbles contains some information about what the model went through in order to produce that next bit of Dribble. It turns out that Microsoft did indeed discover and implement a successful side channel attack without ever having any access to the to the decrypted content, only using the individual sizes and timing of the TLS packets which were seen to be going back and forth. This attack does not allow an eavesdropper to broadly determine what's being discussed. But in the example they gave, they pre trained their system their attack cyber attacking system with 100 examples of LLM prompt transaction. Regarding money laundering, they asked about money laundering 100 different ways and they trained their recognizer on the LLMs replies only by examining the individual TLS packet timings and lengths that replies about money laundering generated from the LLM. And it worked. Once they had set everything up, they allowed their system to monitor the individual packet lengths and timings of 10,000 separate conversations, with 100% of the time it successfully identifying the the one conversation out of those 10,000 that was about money laundering. Microsoft summed the thread up as follows. For many of the test bed models, a cyber attacker that is that that many of the test bed models that Microsoft implemented so they saw this happen. A cyber attacker could achieve 100% precision. All conversations it flags as related to the target topic are correct, while still catching 5 to 50% of target conversations. In plain terms, nearly every conversation the cyber attacker flags as suspicious would actually be about the sensitive topic. No false alarms. This level of accuracy means a cyber attacker could operate with high confidence, knowing they're not wasting resources on for on false positives. To put this in perspective, if a government agency, they wrote, or Internet service provider were monitoring traffic to a popular AI chatbot, they could reliably identify users asking questions about specific sensitive topics, whether that's money laundering, political dissent or other monitored subjects. Even though all the traffic is encrypted, they said. Important caveat. These precision estimates are projections based on our test data and are inherently limited by the volume and diversity of our collected data. Real world performance would depend on actual traffic patterns, but the results strongly suggest this is a practical threat, not just a theoretical one. So this seems academically interesting, but not something that we would need to worry about. But when we recall Bruce Schneier's reminder, attacks never get weaker, they only ever get stronger. You know, it seems like what it might be a curiosity today could have the tendency to mature over time. So how to fix this? They wrote, we've engaged in responsible disclosure with affected vendors and are pleased to report successful collaboration in implementing mitigations, notably OpenAI, Mistral, Microsoft and XAI have deployed protections at the time of writing. This industry wide response demonstrates the commitment to user privacy across the AI ecosystem. OpenAI and later mirrored by Microsoft Azure implemented an additional field in the streaming responses under the key obfuscation, where a random sequence of text of variable length is added to each response. This notably masks the length of each token and we observed it mitigates the cyber attack effectiveness substantially. We've directly verified that Microsoft's Azure mitigation successfully reduces attack effectiveness to levels we consider no longer a practical risk. So as I said here we have a beautiful example of a surprisingly effective side channel attack and a classic perfect example of a side channel attack in general where the data being leaked is never seen but, you know, never seen directly, but some indirect consequences of the specific data are observable and can allow a sufficiently clever attacker to infer what that data must have been for that that that inference to be true of the data. So just, you know, nice work on Microsoft's part and you know, not something we would ever think to protect or that or that needed protecting, but indeed it did. Leo, break time. We're going to talk about a few miscellaneous bits and then we'll tackle our topic.

A

Indeed we will. And I want to tell you about Zapier right now, our sponsor sponsor for this segment on security. Now, Zapier is something I use to prepare. Not this show because you do your own thing, but all the other shows. When I make bookmarks, I use a very clever system that I set up many years ago with Zapier to automatically take the bookmark and prepare the rundowns and all that stuff. I don't need to go into the details, but one of the things I'm very excited about, as you know, I'm also kind of dedicated AI user in a variety of places is being able to use something new from Zapier that'll let me add AI to my existing workflows. We talk about AI a lot on this show. On all, all our shows over the last few months, everybody's been talking about AI. We even made a show all about it, Intelligent Machines on Wednesdays. But I think that it's pretty clear just talking about a trend doesn't help you use it or be more efficient at work. How many times have you sat down with an AI or Claude code or something and said now what? To make AI part of your workflow, you need the right tools. And that's where Zapier is such a great partner. I'm so thrilled Zapier is How you break the hype cycle on AI and put AI to work across your company. You're probably already using Zapier. If you're not, maybe I can explain it to you. Zapier is a way to automate workflows. Doesn't. You don't need to be a coder to do it. It's very easy to use. I've been using it for years to do everything from turn on my Hue lights at sunset to send automatic emails, and I can go on and on. Zapier, though now can help you deliver on your AI strategy, not just talk about it. Zapier is now an AI orchestration platform. So you do all the things you used to do. Zapier has literally, I think, more than 3,000 connections to apps you already use. But now you can also insert some AI into any workflow so you can get more done. You can be more effective. You can get a little help. And they support all the top AI models, ChatGPT and Claude. You can add them to the tools, those 3,000 other tools your team is already using. So you can actually, you know, sprinkle a little magic, a little AI exactly where you need it, whether it's AI powered workflows, an autonomous agent, a customer chatbot. There's so many things I've dreamed of doing that AI now enables it. And being able to orchestrate it with Zapier makes it so much easier, so much better. Zapier is for everyone. Don't need to be a tech expert. Teams have already automated over 300 million AI tasks using Zapier. Join the millions of businesses transforming how they work with Zapier and AI. Get started for free by visiting zapier.comsecurity now that's Z A P I E R.comsecuritynow in my opinion, this is exactly where AI can shine. Not by, you know, letting it take over your job, but by using it to help you in your existing workflows and hack and then creating new workflows. The sky's the limit. Zapier.com Security now. And now back to Steve.

B

A word from a listener. David Wright wrote. Hi, Steve, I've bought numerous copies of spinrite over the years, really, to support you. A he's moved around from company to company.

A

Oh, okay.

B

And that makes sense. You know, we need, we need a corporate site license for spin, right? He says, yeah, but I've, I loved it. He said, but I've never actually needed to use it in anger. He said, I've had problems over the years, but they all turn out to have other causes until last week. Now this is a fresh email. So this just happened. He said my predecessor set up a NAS for the documentation of our measuring and control department. And he said installation and programming of the PL of the PLCs and associated technology, their documentation drive. He had driving quotes, meaning, you know, a NAS drive, it was connected by ISCSI to a server disappeared. Looking at the nas, one of the drives was blinking red, checking the NASH ui. The drive was also showing a fault there. But he who shall not be named had set up the nas, which was the main storage for all the department's documentation with drive spanning zero redundancy RAID zero. So meaning the entire volume was at risk because of one drive, he said. I grabbed my copy of Spinrite, a USB drive adapter, and plugged it in. 24 hours later the drive was back in its NAS and we were busily busily copying their documentation over to our nas. A new drive has been ordered and I will be completely rebuilding their NAS with Raid 5 this time. He said with so much kit it was one of those pieces that hadn't been checked. So since I took over. But at being a NAS with four large drives in raid, you assume the person setting it up wasn't so idiotic as to use RAID 0. Needless to say, once the dust is settled and I have time to breathe, I'll be putting in an order for another corporate license. Best regards, David Wright. So first of all, David, thank you. I wanted to share David's story since the perfect Contemporary example of Spinrite61 still coming to the rescue to of, you know, of those who need it with with RAID configured so that any one of its four drives having a problem would endanger the entire storage volume. I'm unsure what someone would do if not for spin right? There are many data recovery specialist services and if a drive has failed electrically or mechanically so that it requires a PC board swap or God help you, a head replacement, you know, then there's no alternative. Software is not going to be able to help you there. But that sort of catastrophe is exceedingly rare. Usually they'll have a drive for a week or more so you're down for that period of time and then charge several thousand dollars. They take advantage of people's desperation to have their data back, of course. And we've heard from, you know, many times from ex employees of these services who learned about spin right from their employer or their ex employer that the first thing those companies do is run SPIN right over the drive themselves. So you know, many days and dollars can usually be saved, as Dave here just reported he did, by giving spinrite a try yourself and you know, save thousands and save a week and get your data back. So anyway, thank you Dave. I appreciate the feedback. While I'm on the topic of GRC software, I'll mention that Saturday evening I dropped the 62nd development release of our forthcoming commercial version of the Benchmark and I am so pleased with the way it has turned out. As is so often the case when I begin one of these journeys, I only ever have some rough idea of what the end result will be. And this is one reason I learned long ago actually it was with Spinrite3one to never guess when that will be. I I. You know, people say when, when, when, when I go. I, I would tell you if I knew, but I I don't know because I don't know what it's going to be in this case. As we know, I mostly set out with the goal of adding the three newer protocols that the freeware benchmark doesn't support IPv6, DNS over TLS and DNS over HTTPs. But what we have wound up with after a year of work, because it was it was November last year, is a far more advanced and enhanced result. It now does things like quickly and automatically sidelining resolvers right from the get go, which it determines quickly will be unable to compete. So this allows it to spend its time more accurately, much more accurately actually, much more accurately, measuring the performance of the DNS resolvers at the head of the package, rather than giving equal time and wasting time on the stragglers at the end. And this behavior can be tuned since there are also several new expert level knobs that can be turned on the software. Through statistical analysis of the spread of timing results, we also learned that the original single pass timing of 150 queries, which are made up of the top 50 domains on the Internet, which is what the freeware the freeware version has always done. Turns out that was unable to yield sufficient certainty due to packet timing variations. It's easy to obtain an average, you know, four readings will do that, but it's surprising to see how many queries must be made to obtain the 95% statistical certainty of of like of what that average value actually is, rather than by chance it being higher than it actually would be in practice. So the new version of the Benchmark makes five passes by default, though that can be set to any number you want. And if someone for example, wished to measure collect and process timing data over a much larger time span. Like for example, run the benchmark for two days. The benchmark's actual running speed can now be set so that a run which would, for example, normally take 30 minutes could be set to take 50 hours with each resolver queried 750 times over a much wider span, which allows you to then get that average. So and even so, it's you can still do a benchmark in three minutes. So anyway, there are many, many more features and I am so pleased with the outcome of this past year's work. The gang in the news group has now had the benchmark for several days. Nobody's found a problem. It's working perfectly for everyone. We're done. So I'll be working on the documentation to get that ready for the release, which should be, you know, a week or two from now. So I'm very excited. And while we're on the subject of GRC projects, recall that about a month ago, near the start of October, there was a time when all of GRC's weekly security now podcast email suddenly went to Gmail's spam folders. Our list, our, our listeners, I don't know how they even sound know saw them or found them. They must maybe they they in fact Leo, you said that you check your Gmail spam folder once a week to see if anything important has gone there. So obviously Gmail makes mistakes. I was horrified because I had done nothing different. But suddenly all like all of the Gmail from our listeners and we have a huge percentage of listeners who either use Gmail as their domain or have their own personal domain that that that Google handles for them. It all went into junk. It was all routed that way. So we soon learned that Gmail had apparently suffered some sort of internal glitch because many other people's email which was bound for Gmail which had never had any trouble, was also going into its recipients spam folders. So it wasn't anything that I did nor really anything that Google was doing deliberately. I think that there was some just internal glitch inside of of Google for a few days and the the, the weekly security now mailing happened to hit then. But since I'm planning GRC's second ever full mass mailing to our more than 150,000 subscribers once the commercial version of GRC's DNS benchmark that I was just talking about is ready, the possibility that, you know, Gmail recipients among those 150,000 plus might get routed into spam scared the you know what out of me. So even though I was certain I had originally gotten all of the spam stuff fixed correctly, I returned my focus to our spf, DKIM and DMARC DNS records. All of the various test sites said that everything I had set up was all working correctly. It was a hunky dory that the records restricting the spoofing of email from GRC were all correct. Yet a look at Google's user reported spam history and chart told a very different story. You know, users apparently could, could be annoyed by, by, by email pretending to come from GRC spoofed GRC. So GRC.com email was being sent by spammers because GRC's been around a long time. I suppose so. So what I discovered was that even though my anti spam DNS records were well locked down, there were two optional parameters missing from our DMARC DNS record. The bits that were missing are named or are called alignment modes. And those can either be relaxed or strict. And what I discovered was that if they're not specified, they default to being relaxed, as in none because spam was getting through. So I added two additional values. AD KIM equals S and ASPF equals S both for strict. And it took a while, it, it took Google a while to, for, for, for the, for the records to propagate probably get. Google is caching them internally because it doesn't want to be constantly checking all of the DNS for incoming email sources. So I was like on pins and needles for a while. But I have in the show notes and Leo, you were showing it. Thank you. The recent chart from Google showing that. I think that's the last 90 days. September. October. November, yes. So basically through September and October there were, you know, instances of users reporting incoming spam that was pretending to be grc. It had nothing to do with grc. I never sent it. No one at GRC ever sent it. It was, it was bad guys thinking that maybe if we pretend to be Gibson Research Corporation that has a, a spotless email reputation will be able to get through. And they were. And I was, as a consequence Google was saying to me, you know, we're not so sure about GRC email. Well, the good news is adding those last two specifications finally locked it down tight. And as we can see in that chart, it's been flatline at zero ever since early October. So there have been periods in the past where it was also a flatline for a while. So I've been holding my breath, but at this point it Looks like we've exceeded the length of time that anyone else that we've ever not had any spam problem. So anyway, I just wanted to share this. If there are listeners, and I know there are because I've heard from you who are running your own email servers, it turns out this is important those two records, which, you know, I managed to, to spend a lot of time a long time ago with SPF and dkim and getting it all right. And in that I never discovered those two fields had to be specified in order to get true protection. Apparently you get some, but not what Google needs.

A

So, so you have, you have to say strict AD ADIM and strict aspf.

B

Yes.

A

And then you'll get through and.

B

Yes, and then, and then when a, when a, when a, an email comes into a provider who has previously probably obtained that record from GRC, they'll see that, that our instructions, GRC's instructions are if this doesn't strictly align with SPF, then reject it. Absolutely. It is not valid. And so it was relaxed until I said treat that as strict. And, and the spf, I mean it's so SPF is sender policy framework. It just says, it's so simple. It says These are the IPs that are allowed that would. That will ever generate valid email from GRC. And actually it's just one IP. It's something201client.grc.com and I've said this is the only IP that will ever generate valid email from GRC. And I've been saying it for years, but without also saying. And I'm serious about it, strict.

A

I'm being strict.

B

Yeah, I'm being strict. Darn it. Don't you know, I mean, and to me it's crazy that, that if. Why would I. What value is having an SPF record and a DKIM record if they're being treated in a relaxed fashion?

A

Well, so somebody could use different subdomains probably. Right. So mail grc.

B

No, there are mechanisms for having, for, for like specifying ranges of ips or subdomains. And even so you can still be strict. Yeah, I think, I mean, I actually kind of know the, the reason is that you want, before you lock this down, you want to be in a reporting mode where you can monitor bounces. Yes. To make sure that you got it all right. So that, so that you don't get email that is, that is rejected when it shouldn't be like you valid mail you're sending, that gets sent to spam. That wasn't the problem. It was invalid mail that bad guys were sending as. As GRC were being seen as legitimate. So, you know, false positives instead of false negatives. So, anyway, problem solved. Yay. And when we get this, I'm now confident, increasingly confident again. I. I've seen weird spells where we've not been spoofed, but I, given that I made this change, and after waiting a little bit, it's gone absolutely to zero with not a single exception. Where before it was like, looks like the Rocky Mountains in the graph.

A

Yeah.

B

It's like, okay, I think maybe. Think maybe we got it.

A

So the whole point of this is that somebody does not spoof you to send their spam.

B

Correct.

A

And Google was assuming that mail coming from you was in fact spam.

B

Yes. And the problem is they have a very low tolerance, and it's 0.3%. If. If it's over 0.3% of users saying, I don't want this, you. You get in trouble with Google. So 0.3% is 3 out of a thousand.

A

Right.

B

If I said so, somebody must have.

A

Done that though, right? They must have clicked. You could do that by accident, though. It's very easy to click that button. Spam.

B

That's what I was. That's what I was thinking, except that now it's gone to zero. And we've had many of our mass mailings. Not a single recipient has said, this is spam. So, so what was happening was bad guys, spam. I mean, it was spam. It was. It wasn't from you.

A

Yeah, yeah, yeah.

B

How to stay hard Longer from GRC Doc from GRC.com I haven't gotten that email. And it's like, no, we didn't send this. And so, so people were saying, this is spam. And. And unfortunately, I was being blamed for.

A

Other people getting associated with your domain.

B

Yes. Yeah. And. And. And again, it was like 20%. Well, the reason it was 20 was I'm not sending any email at all. And so if. If, you know. So one out of five people were. Were of. Were clicking on SP spam saying, this is spam.

A

Makes sense.

B

Yeah. Turns out it's a, you know, spam is a problem.

A

It's a little bit of a problem. Yeah.

B

Who knew?

A

Yeah, I wouldn't mind except that I still get tons of spam in my Gmail account, so.

B

Oh, Gmail is. It's entertaining, actually, to look at the spam folder in Gmail.

A

Oh, my God.

B

Because, I mean, you. You can look in the morning and just since, like, earlier in the Morning. You've got like just a torrent of spam. The good news is that Google has this ability to view across all their subscribers. So it's very apparent when all these people are getting the. The same, you know, come on email.

A

Well, that's the theory is this kind of community spam filtering is the best way to do it. But I. Maybe because I've had Laporta Gmail forever, I get so much spam. Spam even not into my spam box. Yeah, most of it's in French. Maybe that's why I don't.

B

Yeah. Yeah. Well, so for. Anyway, so my. My message is. It really does look like it is possible. No matter how popular your domain is to spammers to abuse. If you get this SPF and dkim and DMARC all set up correctly with. With everything set for the strictest enforcement possible, then no valid re recipient provider will think that spam that is being spoofed as coming from you will get through. It'll go into people's spam folder.

A

So you want to see. Just. Just to show you how much spam I is not being filtered. This is my laportemail primary inbox. Let's see. I get a request for something. It's all in French. Just missed your call. Says Jen. Here's invoice for your account from Airtel. I mean, I don't know if it's. It's gotta be spam. I don't know what it is. It's why I don't use this address anymore, which is why I'm willing to tell people what it is.

B

And I do think that like some of this is. Is typos.

A

It's people trying to send to a real French person.

B

Yeah.

A

Bonjour. Your personal training account has been updated. Notice Google translated it. Thank you. Join us at the Indigenous Speakers Universe at Vancouver Island University. But see, this is a CC to all of these people whose names are visible in here. I mean, this is crazy. Roof inspections for N Street. I don't live on M Street. Okay. I love all the French stuff too.

B

I noticed that Kimberly wrote you. I think she wrote to me too.

A

Yeah, Kimberly, you know, she gets around. Hey, Laporte. It's my email. I think she doesn't know my first name because it's just Laporte at Gmail. All right, I'm sorry.

B

Okay.

A

I'm glad you're fixing.

B

We're gonna. Oh, I am too. I feel very relieved. I just wanted to spread the. The news so that if any of Our listeners have any problem like that. It turns out it can be. I. It appears again I'm. I'm couching everything in a so far and I'm crossing my fingers, but. And boy, I'll know when I send out 150000 pieces of email.

A

Man. Holy cow.

B

Yeah, it's gonna be good. Oh, okay. We are at two hours. Let's take our final break and then we're gonna look at the question which is entirely gray. I have. I don't normally have a gray area feeling about things, but in this case. Yeah, I don't know. This is a, you know, an interesting issue.

A

We talked about it on Sunday. I'm very curious what you think about has to do with agentic browsers doing your shopping on Amazon. Yeah, we'll talk about it in just a minute. Yeah, I don't. I mean, I think I'm great too. I, I was not. I understand from both points of view, but anyway, we'll get to that in a moment. But first let's talk about Vanta, our sponsor. What's your 2am Security worry? What keeps you up at night? Is it do I have the right controls in place or are my vendors secure? Or the really scary one? How do I get out from under these old tools and manual processes? Enter Vanta. V A N T A Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence, filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. Banta also fits right into your workflows, using AI to streamline evidence collection, to flag risks, and to keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and get back to sleep. Get started@vanta.com security now. That's V-A-N-T A.com security now. Thank you, Vanda, for supporting Security now and the important work Steve does. Thank you for the important work you do for all of our IT professionals out there. Okay, Steve, let's talk about this. I think it's a very interesting story.

B

Yeah, yeah, yeah. Okay, so some time ago we examined the robots. Txt file, which is sort of where this controversy began. And as we know, they were originally provided by sites as an aid to help keep web search spiders out of trouble. Controversy arose when Cloudflare decided to become much more proactive on behalf of their users when they believe robot AI agents will, whether scraping for content or browsing on behalf of their users were being deliberately deceptive and were also deliberately disobeying the clearly expressed wishes of those users. Then last week's podcast was Here Come the AI Browsers, which looked at the vulnerabilities that could arise when AI browsers encountered remote website content which might conf which it might confuse for user instructions. Today we have a third aspect of the AI web browser amalgam, which is AI browsers acting on behalf of their users. The Guardian's headline read, Amazon sues AI startup. I thought that was interesting. Call it a startup, I guess over browsers, automated shopping and buying features, which it follows with the tease. Amazon accuses Perplexity of covertly accessing customer accounts and disguising AI activity as human browsing okay, now the idea that Perplexity almost certainly does this is not news, although questions were raised over Cloudflare's possible misinterpretation of perplexities automated agent actions. As a web technology developer, I was left with no questions there. It seemed obvious to me that the evidence revealed deliberate shenanigans on Perplexity's part. So let's see what the Guardian's reporting adds to this. They wrote Amazon sued a prominent artificial intelligence startup Tuesday over a shopping feature in the company's browser, which can automate placing orders for users. Amazon accused Perplexity AI of covertly accessing customer accounts and disguising AI activity as human browsing. Okay, so you know, duh, it's the Internet. Amazon and Amazon has done quite well thanks to the Internet, right? In fact, they owe their entire existence to the Internet. So what's wrong with having a browser working on our behalf? That's the real question and that's what we're going to examine today. The Guardian continued writing, Amazon's lawyers wrote, quote, perplexity's misconduct must end. Perplexity is not allowed to go where it has been expressly told it cannot. That Perplexities trespass involves code rather than a lock pick makes it no less unlawful. Whoa. Okay, so expressly told it cannot certainly sounds as though someone has been caught ignoring and bypassing those pesky robots Txt files again, but this time we don't have some bridge toll gate analogy. This time we're talking about the content owner becoming very upset. Where the Guardian continues, Perplexity, which has grown rapidly amid the boom in AI assistance, has previously rejected the U S Shopping company's claims, accusing Amazon of using its market dominance to stifle competition. Perplexity wrote in their blog post, bullying is when large Corporations use legal threats and intimidation to block innovation and make life worse for people, unquote. The class highlights an emerging debate, and it is a debate over regulation of the growing use of AI agents, autonomous digital secretaries powered by AI and their interaction with websites. In the lawsuit, Amazon accused Perplexity of covertly accessing private Amazon customer accounts through its Comet browser, an associated AI agent, and of disguising automated activity as human browsing. Perplexity's system posed security risk to consumer data, Amazon alleged, and the startup had ignored repeated requests to stop, Amazon said. Rather than being transparent, Perplexity has purposely configured its Comet AI software to not identify the Comet AI agents activities in the Amazon store. Well, imagine that. In the complaint, Amazon accused Perplexity's Comet AI agent of degrading customers shopping experience and interfering with its ability to ensure customers who use the agent and benefit from the tailored shopping experience Amazon curated over decades. Third party apps making purchases for users should operate openly and respect businesses decisions on whether to participate, Amazon said in an earlier statement. Perplexity earlier said it had received a legal threat from Amazon demanding that it blocked the Comet AI agent from from shopping on the platform, calling the move a broader threat to user choice and the future of AI assistance. Perplexity is among many AI startups seeking to reorient the web browser around artificial intelligence, aiming to make it more autonomous and capable of handling everyday online activities, from drafting emails to completing purchases. And Amazon is also developing similar tools such as Buy for Me, which lets users shop across brands within its app, and Rufus, an AI assistant to recommend items and manage carts. The AI agent on Perplexity's Comet browser acts as an as an assistant that can make purchases and comparisons for users, the startup said. User credentials remain stored locally just like they do on for us now and never on its servers. The startup said users had the right to choose their own AI assistance. Portraying Amazon's move as an attempt to protect its business model, Perplexity added easier shopping means more transactions and happier customers, but Amazon doesn't care. They're more interested in serving you ads.

A

I think that's true. I hate to say it.

B

I do too. Leo the reason we were just saying last week the reason we're not using Alexa and yes, I'm I just said the a word, the word or the.

A

Fire TV or the Fire tablets or any of the Amazon stuff. It's that they're ads. It's all ads.

B

And I was going to, I was going to do that initially because in researching it's it looked like it had the best voice recognition technology available and I want that. The good news is Apple is really gung ho on Homekit and, and pushing forward into that market in the future. And I trust Apple more than any other organization in the world to, to do the right thing. And we're, you know, we're an Apple shop, except for Windows. So.

A

Yeah, anyway, makes more money on advertising than it does on product sales. That's the fact.

B

Yeah. Yeah. So guess what? You know, not Google and not Amazon, thank you very much. So using the Comet AI browser to shop is a much more pleasant experience for its user because they won't be exposed to Amazon's constant visual bullying and repeated appeals to purchase stuff. I'm a heavy Amazon user and I'm quite familiar with a need to often decline. There are multiple come ons along the way to the final purchase. Conclusion. I mean, what about this? And how about that? Oh, you left this and you were looking at this before. What about that? It's like I just, like, just let me have the am I, am I done yet button, please. So this question of the agency of AI agents I think is very interesting and it's not at all cut and dried. For example, what if rather than using Perplexity's Comet AI browser, we used an AI Chrome browser extension to do the same thing? In that scenario we would be using an authentic Chrome browser, but an add on AI agent would, would be viewing the pages and clicking the links and pressing the buttons on our behalf. So Amazon is attempting to tell the world that we're unable to make our lives better and easier while purchasing stuff from them. You know, they certainly wouldn't like that scenario, the Chrome AI add on, because it's going to do the same thing that Perplexity's Comet AI has built in since the entire Internet pretty much blew up over this new battle last week. I mean, it was something just to, to, to see the, the coverage of this. And since the rights and roles of AI agents promises to be one of the critically important issues of our near future, I want to spend a bit more time on it today before we move on. TechCrunch weighed in on this with their coverage last week titled Amazon Sends Legal Threats to Perplexity over Agentic browsing. Here's what TechCrunch reported. They said Amazon has told Perplexity to get its Agentic browser out of its online store. The companies both confirmed publicly on Tuesday after warning Perplexity multiple times that Comet, its AI powered shopping assistant, was violating Amazon's terms of service by not identifying itself as an agent. The E commerce giant sent the AI search engine startup a sternly worded cease and desist letter, Perplexity wrote in a blog post entitled Bullying is not Innovation. Perplexity lamented in the blog post, quote this week, Perplexity received an aggressive legal threat from Amazon demanding we prohibit Comet users from using their AI assistance on Amazon. This is Amazon's first legal salvo against an AI company and it is a threat to all Internet users. And I of course I completely agree this is important. As I noted above, the AI add on to Chrome thought experiment demonstrates that this is a question with a very soft border. Where exactly does the AI agency begin and end? Does Amazon like refuse to allow us to do anything? TechCrunch continues perplexity's argument is that since its agent is acting on behalf of a human user's direction, the agent automatically has the same permissions as the human user. The implication is that it doesn't have to identify itself as an agent. Amazon's response points out that other third party agents working at the behest of human users do identify themselves. Amazon's statement explains, quote it's how others operate, including food delivery apps and the restaurants they take orders for, delivery service apps and the stores they shop from, and online travel agencies and the airlines they book tickets with for customers. If Amazon is to be believed, then Perplexity could simply identify its agent and start shopping. Of course, the risk is that Amazon, which has its own shopping bot called Rufus, could block Comet or any other third party agentic shopper from its site. Amazon suggests as much in its statement, which also says, quote we we think it's fairly straightforward that third party applications that offer to make purchases on behalf of customers from other businesses should operate openly and respect service provider decisions, whether or not to participate. Unquote. Perplexity claims that Amazon would block the shopping bot, and I'm sure they would, because, I mean, they already said cease and desist. Amazon wants to sell advertising and product placements, unlike human shoppers. A bot tasked with buying a new laundry basket presumably wouldn't find itself buying a more expensive one, or getting lured into buying the latest Brandon Sanderson novel and a new set of earphones on sale. If all this sounds a bit familiar, that's because it is. A few months ago, Cloudflare published research accusing Perplexity of scraping websites while specifically defying requests from websites blocking AI bots. Interestingly, many people came to Perplexity's defense that time because this wasn't a clear cut case of web crawler bad behavior, Cloudflare documented how the AI was accessing a specific public website when its user. Asked about that specific website, Perplexity fans argued that this is exactly what every human operated web browser does. On the other hand, Perplexity was using some questionable methods to do that accessing When a website opted out of bots hiding, like hiding its identity. As TechCrunch reported at the time, the Cloudflare incident foreshadowed the challenges to come if the agentic world materializes as Silicon Valley predicts it will. If consumers and companies outsource their shopping, travel bookings and restaurant reservations to bots, will it be in the best interest of websites to block bots entirely? How will they allow and work with them? Perplexity may be right in that Amazon is selling is setting a precedent. As the 800 pound gorilla in E commerce, Amazon is clearly saying that the way this should work is for an agent to identify itself and let the website decide. So I think that what makes this such an interesting debate is that the issue is anything but black and white. What has evolved is being called the attention economy. But the commandeering of our attention comes at a cost to us, a cost that we often have no control over and and might prefer not to pay. So one reading of what is happening is that new AI agency tools are appearing which promise to return to us some of the control that's been deliberately taken away. When we visit a web page, we're its captive audience. We're subjected to whatever it wishes to do to us. It's true that we could leave, nothing is forcing us to remain. But there might be something there we want if we would be. If it would be possible to avoid the nonsense and get only the bits we want. That seems like a clearly pro user thing. It's no wonder that the agent concept is appealing to people. I believe that this is critically important because the way this shakes out will determine the shape of our future. My feeling is that user rights will ultimately prevail and that Amazon and others will be forced to grin and bear it, much as websites have had to tolerate the presence of ad blockers.

A

I mean, should a website be able to say, you can't use this browser to visit me? No, no. I mean they. Technically they can. They could. But should they be? I mean, it seems unreasonable. And then the next step is should a website be able to say, you can visit us, but not with an ad blocker? Websites do that all the time. Yeah, you would think Amazon would Want if I go to Amazon using a Gentec browser to buy something, you would think Amazon would want me as a customer, but apparently not.

B

And as you said, if they're actually generating more revenue from advertising than sales and what.

A

They're not quite yet, but I, but I suspect that that's, I mean, they made. Their ad sales went up 24% last quarter. I mean they're making a lot of money in ad sales.

B

And it, it's, it's product placement. Right. It's like I'm searching for this. Exactly. And there's four other things in front of the thing I want.

A

Yeah. It's the Amazon picks. It's the.

B

And it's what Google used to do. Remember when Google's page came up and it was a beautiful white page with 10 links that were actually all good and that's all that was there and now it's all sponsored crap.

A

Yeah. And so that's why people want. And the other reason people use an agentic browser is I know what I want. Just go get it and look for the best price. For me, it's just. It automates something that they, you know, could do by themselves, but it's a lot easier.

B

And Amazon's also worried because when I wanted to get that inexpensive Samsung phone, I ended up buying it from Best Buy where I never go. But if I told an agent that I'm looking for this Samsung, whatever it is, get me the best price because that's all I care about.

A

Right.

B

My, my default is Amazon. And it broke. It would have broken that default.

A

Yeah. Yeah. Isn't that interesting?

B

And suddenly created competition where there wasn't any for Amazon.

A

Right. It's a fascinating story. I'm glad you brought it up. And I, Yeah, I'm still kind of. It's such a different world that we're living in and our rules, our value systems don't really extend to this kind of new world we're living in.

B

And we're not sure talking about automating much of what the user does. There was a beautiful article in Vox this morning. Oh, I don't have it on the tip of my tongue, but it was, it was basically, it was, it was well written and fun about the probable form of the coming AI apocalypse and. But basically, you know, we're gonna have our experience with computers automated for us. And yes, I'm sorry, Amazon, but you're a target. You know, you have been living off of human eyeballs and humans are deciding they want to sub that out.

A

Yeah. And you kind of you kind of made it that way by making it so unpleasant.

B

Yes, exactly. Exactly. We, yeah, we were a captive audience.

A

Right.

B

And now we found out a way. We found a way to get greedy. And you've become dependent upon our captivity. Yep, Yep.

A

That's what Cory Doctorow has been writing about. Mr. Gibson, you're amazing. Thank you so much for doing what you do. We really appreciate it. Steve's here every Tuesday. That's when we do security now, right after Mac break weekly. Supposed to be and usually is around 1:30pm Pacific, 4:30 Eastern, 21:30 UTC. We stream live on YouTube, Twitch, X.com, facebook, LinkedIn and Kik. We also stream live in the club Twit Discord. So if you're a club member, you get special behind the rope access. And please do become a club Twitter member. That helps us out a lot. It's becoming more and more important now. One quarter of our operating expenses are paid by the club and I think that number is going to go up a lot in the next year. I'm just guessing, but I think it will. So please, you know, join the club. Ten bucks a month, you get ad free versions of this show and all the other shows we do. You get access to the Discord. You get all the special stuff we do like the AI User group. And coming up Friday, it's our photo time segment with Chris Marquardt. Next week, Micah's Crafting Corner, Twit TV Club Twit after the fact. You can get this show in a variety of places. Go to Steve's site, GRC.com he has three or four unique versions of the show. He has a 16 kilobit audio version, the impoverished audio version for people with no bandwidth.

B

None at all.

A

He also has a 64 kilobit audio version. That's just fine. He has the show notes, which he really crafts beautifully. The best show notes I've ever seen. It's how many pages? 18 pages. I don't know what it is.

B

22 today.

A

22. So it's a book you get for free every week. And he also has transcripts written by Elaine Ferris that takes a few days after the show. Great way to search. Great way to read along as you listen or just read. If sometimes you know, it's easier to understand if you read it, that's fine too. Grc.com now, while you're there, pick up a copy of Spin, right? You never know when somebody's gonna set your NAS for RAID zero. You gotta have Spin. Why? I don't know. Why do we have five disks in there? Oh, that way they're faster, right? Spinrite, GRC.com Another thing you can do this whole, we were talking about this whole spam thing is because Steve has a newsletter. He has sends out the show notes every week. So you don't have to go to the website to get those. You could just go to grc.com email provide your email address. The primary reason for that is to whitelist it so you can correspond with Steve. Send him your picture of the week, your comments, your suggestions, your questions, that kind of thing. But there are two boxes below it unchecked. One for the show notes and one that you're going to want to subscribe to. He's only sent out one email in the entire. The entire time this has existed. But he promises he will only use it when there is a new product to announce. And I think we're getting close. Sounds like we're getting close to the DNS benchmark. If you've done. What is it?

B

62 versions, 62 releases over the course of a year.

A

That's a lot of testing. It's going to work. That's Steve's. His motto is it's going to ship without bugs and it's going to be soon, I think. So if you want to know, check both those boxes and you'll get those emails.

B

I'm a little annoyed too. It's a little over 200k now.

A

How will we ever survive? I haven't made a picture that's less than 200 megabytes. I don't know what you're talking about.

B

That is the one gift of assembler is. I mean, it is. It astonishes me how. How compact.

A

You can't get smaller than that. You can't. No, that's the. That's literally the smallest way you could make a program. What else? Oh, you can go to our website and get the show TWIT TV SN. We have our own unique versions, 128 kilobit audio, so don't ask. We also have video there. There's a YouTube channel dedicated to security.

B

Now.

A

You'll find a link@Twitt TV SN. There's also of course, your favorite podcast client. If you subscribe in that you can get it automatically the minute it's available, audio or video, or both. Encourage you to do that. That's the best way to keep up on what's going on with security now. Happy Veterans Day, Steve. And a thank you to all the veterans in our audience. There are quite a few. We appreciate your service to our country.

B

We'll see everyone back here on the 18th.

A

The 18th. Thanks, Steve. Take care.

B

Bye.

A

Introducing Family Freedom from T Mobile.

B

We'll pay off four phones up to.

A

$3200 and give you four free phones, all on America's largest 5G network. Visit t mobile.com family freedom.

B

Up to.

A

$800 per line via virtual prepaid card.

B

Typically takes 15 days.

A

Free phone via 24 monthly bill credits with finance agreement. Example Apple iPhone 16128 gigs $829.99 eligible trade in example iPhone 11 Pro for well qualified credits end and balance due. If you pay off early or cancel, contact us.