Security Now 1054: "Bots in the Belfry" (December 3, 2025)

Hosted by Leo Laporte & Steve Gibson

Podcast Source: TWiT.tv
Date: December 3, 2025

Episode Overview

The week's Security Now dives into a major new weapon in the fight against botnets—GrayNoise Labs’ simple public service for checking if your IP is linked to bot activity. Steve and Leo unpack major security news, including a Christmas miracle from Cisco, controversy over Australia's nationwide social media blocking for minors, a deep listener Q&A session on passwords, passkeys, hardware keys, and more. Plus: the Stargate series returns, a parade of listener feedback, and practical security tips you can act on today.

Main Topics & Insights

1. Bots in the Belfry: GrayNoise Labs’ New IP Bot Checker

[03:00, 166:32]
Core News: GrayNoise Labs has launched a free tool that lets users check if their IP address has been flagged for malicious botnet or scanning behavior (grc.sc/botcheck).
How it Works: Simply visit the site, and it checks your current public IP against GrayNoise’s huge database. Possible responses: “Clean”, “Malicious/Suspicious”, or “Common Business Service”.
Why it Matters: With residential proxy and botnet networks growing, many people might unknowingly be contributing traffic to cybercrime.
NAT as Hidden Hero: NAT routers, often derided, actually help here by letting you check the collective behavior of all your home’s devices at once.
Steve’s Summary:

"Receiving a clean bill of health from GrayNoise’s check automatically means that you can be reasonably certain that not a single one of the myriad devices on your network has been misbehaving, or at least has been seen to be misbehaving." – Steve [167:55]
Action: Visit grc.sc/botcheck for an instant check. If flagged, investigate all devices behind your router.

2. Cisco's Security Awakening: "A Christmas Miracle"

[04:00, 44:06]
Big News: Cisco announces its "Resilient Infrastructure" initiative, overhauling decades-old insecure defaults—security will become the default in their gear.
Direct from Cisco’s Officer:

“We are doubling down on the model where security is the default and any reduction in security requires an explicit choice… Eventually, insecure options will be removed entirely.”
– Anthony Grieco, Cisco CISO [53:11]
What’s Changing:
- Secure configurations and protocols as default
- Aggressive deprecation of legacy, risky features
- Users will be alerted on insecure choices
- Real-time security "shields" for vulnerabilities (not just patch-and-pray)
Steve’s Reaction:

“I’m just speechless now except to say thank you Cisco… For the first time ever, actually taking full and direct responsibility for the in-field operational security of their products. That is a switch!” – Steve [57:41]

3. Australia’s Social Media Ban for Minors: Unintended Consequences?

[04:33, 66:00]
The Law: Starting December 10, every major social media platform (Twitch, Facebook, Instagram, Reddit, TikTok, YouTube, etc.) must block accounts for anyone under 16 years old—enforced nationwide.
How It’s Enforced: Everyone (not just kids) must verify their age.
Host Criticism:
- "It’s insane… legislators who don't really understand what they're talking about make these laws that are not in fact enforceable." – Leo [07:28]
- “The world lacks, as we know, any privacy preserving way to do that at the moment.” – Steve [71:03]
Practical Impact: Small sites with forums, even hobby and tech communities, may have to block all Australians or shut down user registration lest they be out of compliance.
Quote:

“Should I just block Australians?… We have a lot of Australian fans. I’m sorry, guys, but it’s not you, it’s your government.” – Leo [74:28]

4. Major Salesforce Breach Explored: The Perils of Outsourcing

[19:19]
Incident: Scattered Lapsus Hunters hackers stole data from 200 Salesforce customers via third-party apps like Gainsight.
API Weakness: The attack was not on Salesforce itself, but on sanctioned third-party integrations.
Steve’s Analysis:

“The bigger message… is the steadily growing consequences which we keep seeing arising from outsourcing… All the evidence suggests that this is the wrong way to think about them. This feels like, sort of like… the Internet in the days before the concept of a firewall was introduced… Now the industry needs to figure out how to reduce the blast radius when something evil manages to crawl into the network.” [37:50]
Lesson: Complex, interconnected cloud systems make our data both powerful and fragile. Vendors must rethink how deeply interlinked services are, and how to contain damage.

5. When to Use: Passwords, Passkeys, Hardware Keys (Listener Q&A)

[86:20]
Best Practices (Steve’s Recommendations):
- Use a Password Manager: Essential for cross-platform convenience and security.
- Passkeys: Always use them when available—more secure, phishing-resistant, future-proof. Store in your password manager.
- Hardware Keys (like YubiKey): Use for the most important accounts—bank, government, major data exposure risk. Not practical for all logins due to physical key requirements.
Notable Quote:

“The passkey option should be chosen whenever it's presented. Passkeys are clearly the future. Usernames and passwords are the past… Use a hardware token for the handful of sites that really matter.” [86:41]

6. Listener Feedback: Security, Coding, SSDs & AI

Highlights:

SSD Longevity Myths [95:07]: Keeping SSDs powered on does not prevent data fade. Store them cold for best retention; read-write cycles rejuvenate performance.
Coding Loneliness & Best Practices [101:38]: “Coding is kind of a solitary thing, isn’t it? … Some coders simply aren’t suited to being employees… only really dev as their own bosses. Hearing that, framed without judgment, was another relief.” – Listener Gorbash
XSLT Deprecation [112:27]: Even “old” web tech (like RSS feed previews or IIS logs) still rely on deprecated XML style sheets; the removal from browsers will be disruptive.
AI Limitations in Ops [146:05]:

“Today's AI doesn't actually understand anything that it is saying. ... It was an almost comical disaster.” – Steve, on ChatGPT writing assembly code

7. Europe Seeks US Tech Independence

[76:00]
**European lawmakers urge dropping US software (Microsoft, Dell, HP, etc.) for homegrown options—a push for digital sovereignty and less US dependency.

8. Miscellaneous

VPN Blocking Laws [122:28]: Skeptical that blanket bans can work—too many legitimate uses, too many workarounds.
VPN Usage & Detection [124:42]: “If anything on a website doesn’t seem to be working right, my first instinct is to cycle to another server… before I contact customer service, I’ll try dropping the VPN outright.” – Listener Ethan Stone
Passkeys in Multiple Roles [146:06]: Most password managers and sites support multiple passkeys (per account), but not all allow multiple users authenticating to the same account.
Fun Corner [143:19]: Try unflipgame.com – a logic puzzle perfect for fans of bit-flipping and puzzles without timers.

Notable Quotes & Moments

On Cisco’s Turnaround:

"It's like they've awoken to security, which while late, is certainly welcome." – Steve [53:30]
On Australia's Social Media Lockdown:

"This is the intention of the Australian legislators: to deliberately target what we all know as modern online social media." – Steve [72:33]

Timestamps for Key Segments

Bots in the Belfry / GrayNoise Bot Check: 03:00, 166:32
Salesforce / Gainsight Data Breach: 19:19
Cisco Security Overhaul: 44:06
Australia Social Ban Discussion: 66:00
Europe Ditching US Tech: 76:00
Passwords, Passkeys, Hardware Keys Q&A: 86:20
SSD Data Retention Realities: 95:07
Coding Musings/Advice: 101:38
AI Limitations in Practice: 146:05
Listener Corner & Puzzle: 143:19

Resources & Actions

Check your IP against GrayNoise's botnet DB: grc.sc/botcheck
Bitwarden and passkey best practices: Use password manager, prefer passkeys, use hardware keys for high-value targets only.
Keep SSDs cool for archiving.

Tone & Style

Engaging, witty, and detailed as always—balanced technical deep dives with relatable analogies and patience for less technical listeners. Steve’s delight at industry improvements (“Christmas for security!”) and dry critiques of policy follies add personality and warmth.

Summary prepared for those seeking the depth, news, and practical takeaways of Security Now, episode 1054—without the ads, fluff, or technical fatigue.

Security Now 1054: "Bots in the Belfry" (December 3, 2025)

Hosted by Leo Laporte & Steve Gibson

Podcast Source: TWiT.tv
Date: December 3, 2025

Episode Overview

Main Topics & Insights

1. Bots in the Belfry: GrayNoise Labs’ New IP Bot Checker

[03:00, 166:32]
Core News: GrayNoise Labs has launched a free tool that lets users check if their IP address has been flagged for malicious botnet or scanning behavior (grc.sc/botcheck).
How it Works: Simply visit the site, and it checks your current public IP against GrayNoise’s huge database. Possible responses: “Clean”, “Malicious/Suspicious”, or “Common Business Service”.
Why it Matters: With residential proxy and botnet networks growing, many people might unknowingly be contributing traffic to cybercrime.
NAT as Hidden Hero: NAT routers, often derided, actually help here by letting you check the collective behavior of all your home’s devices at once.
Steve’s Summary:

"Receiving a clean bill of health from GrayNoise’s check automatically means that you can be reasonably certain that not a single one of the myriad devices on your network has been misbehaving, or at least has been seen to be misbehaving." – Steve [167:55]
Action: Visit grc.sc/botcheck for an instant check. If flagged, investigate all devices behind your router.

2. Cisco's Security Awakening: "A Christmas Miracle"

[04:00, 44:06]
Big News: Cisco announces its "Resilient Infrastructure" initiative, overhauling decades-old insecure defaults—security will become the default in their gear.
Direct from Cisco’s Officer:

“We are doubling down on the model where security is the default and any reduction in security requires an explicit choice… Eventually, insecure options will be removed entirely.”
– Anthony Grieco, Cisco CISO [53:11]
What’s Changing:
- Secure configurations and protocols as default
- Aggressive deprecation of legacy, risky features
- Users will be alerted on insecure choices
- Real-time security "shields" for vulnerabilities (not just patch-and-pray)
Steve’s Reaction:

“I’m just speechless now except to say thank you Cisco… For the first time ever, actually taking full and direct responsibility for the in-field operational security of their products. That is a switch!” – Steve [57:41]

3. Australia’s Social Media Ban for Minors: Unintended Consequences?

[04:33, 66:00]
The Law: Starting December 10, every major social media platform (Twitch, Facebook, Instagram, Reddit, TikTok, YouTube, etc.) must block accounts for anyone under 16 years old—enforced nationwide.
How It’s Enforced: Everyone (not just kids) must verify their age.
Host Criticism:
- "It’s insane… legislators who don't really understand what they're talking about make these laws that are not in fact enforceable." – Leo [07:28]
- “The world lacks, as we know, any privacy preserving way to do that at the moment.” – Steve [71:03]
Practical Impact: Small sites with forums, even hobby and tech communities, may have to block all Australians or shut down user registration lest they be out of compliance.
Quote:

“Should I just block Australians?… We have a lot of Australian fans. I’m sorry, guys, but it’s not you, it’s your government.” – Leo [74:28]

4. Major Salesforce Breach Explored: The Perils of Outsourcing

[19:19]
Incident: Scattered Lapsus Hunters hackers stole data from 200 Salesforce customers via third-party apps like Gainsight.
API Weakness: The attack was not on Salesforce itself, but on sanctioned third-party integrations.
Steve’s Analysis:

“The bigger message… is the steadily growing consequences which we keep seeing arising from outsourcing… All the evidence suggests that this is the wrong way to think about them. This feels like, sort of like… the Internet in the days before the concept of a firewall was introduced… Now the industry needs to figure out how to reduce the blast radius when something evil manages to crawl into the network.” [37:50]
Lesson: Complex, interconnected cloud systems make our data both powerful and fragile. Vendors must rethink how deeply interlinked services are, and how to contain damage.

5. When to Use: Passwords, Passkeys, Hardware Keys (Listener Q&A)

[86:20]
Best Practices (Steve’s Recommendations):
- Use a Password Manager: Essential for cross-platform convenience and security.
- Passkeys: Always use them when available—more secure, phishing-resistant, future-proof. Store in your password manager.
- Hardware Keys (like YubiKey): Use for the most important accounts—bank, government, major data exposure risk. Not practical for all logins due to physical key requirements.
Notable Quote:

“The passkey option should be chosen whenever it's presented. Passkeys are clearly the future. Usernames and passwords are the past… Use a hardware token for the handful of sites that really matter.” [86:41]

6. Listener Feedback: Security, Coding, SSDs & AI

Highlights:

SSD Longevity Myths [95:07]: Keeping SSDs powered on does not prevent data fade. Store them cold for best retention; read-write cycles rejuvenate performance.
Coding Loneliness & Best Practices [101:38]: “Coding is kind of a solitary thing, isn’t it? … Some coders simply aren’t suited to being employees… only really dev as their own bosses. Hearing that, framed without judgment, was another relief.” – Listener Gorbash
XSLT Deprecation [112:27]: Even “old” web tech (like RSS feed previews or IIS logs) still rely on deprecated XML style sheets; the removal from browsers will be disruptive.
AI Limitations in Ops [146:05]:

“Today's AI doesn't actually understand anything that it is saying. ... It was an almost comical disaster.” – Steve, on ChatGPT writing assembly code

7. Europe Seeks US Tech Independence

[76:00]
**European lawmakers urge dropping US software (Microsoft, Dell, HP, etc.) for homegrown options—a push for digital sovereignty and less US dependency.

8. Miscellaneous

VPN Blocking Laws [122:28]: Skeptical that blanket bans can work—too many legitimate uses, too many workarounds.
VPN Usage & Detection [124:42]: “If anything on a website doesn’t seem to be working right, my first instinct is to cycle to another server… before I contact customer service, I’ll try dropping the VPN outright.” – Listener Ethan Stone
Passkeys in Multiple Roles [146:06]: Most password managers and sites support multiple passkeys (per account), but not all allow multiple users authenticating to the same account.
Fun Corner [143:19]: Try unflipgame.com – a logic puzzle perfect for fans of bit-flipping and puzzles without timers.

Notable Quotes & Moments

On Cisco’s Turnaround:

"It's like they've awoken to security, which while late, is certainly welcome." – Steve [53:30]
On Australia's Social Media Lockdown:

"This is the intention of the Australian legislators: to deliberately target what we all know as modern online social media." – Steve [72:33]

Timestamps for Key Segments

Bots in the Belfry / GrayNoise Bot Check: 03:00, 166:32
Salesforce / Gainsight Data Breach: 19:19
Cisco Security Overhaul: 44:06
Australia Social Ban Discussion: 66:00
Europe Ditching US Tech: 76:00
Passwords, Passkeys, Hardware Keys Q&A: 86:20
SSD Data Retention Realities: 95:07
Coding Musings/Advice: 101:38
AI Limitations in Practice: 146:05
Listener Corner & Puzzle: 143:19

Resources & Actions

Check your IP against GrayNoise's botnet DB: grc.sc/botcheck
Bitwarden and passkey best practices: Use password manager, prefer passkeys, use hardware keys for high-value targets only.
Keep SSDs cool for archiving.

Tone & Style

Summary prepared for those seeking the depth, news, and practical takeaways of Security Now, episode 1054—without the ads, fluff, or technical fatigue.

wavePod

Security Now 1054: Bots in the Belfry

Powered by Wave AI

Summary

Security Now 1054: "Bots in the Belfry" (December 3, 2025)

Hosted by Leo Laporte & Steve Gibson

Episode Overview

Main Topics & Insights

1. Bots in the Belfry: GrayNoise Labs’ New IP Bot Checker

2. Cisco's Security Awakening: "A Christmas Miracle"

3. Australia’s Social Media Ban for Minors: Unintended Consequences?

4. Major Salesforce Breach Explored: The Perils of Outsourcing

5. When to Use: Passwords, Passkeys, Hardware Keys (Listener Q&A)

6. Listener Feedback: Security, Coding, SSDs & AI

7. Europe Seeks US Tech Independence

8. Miscellaneous

Notable Quotes & Moments

Timestamps for Key Segments

Resources & Actions

Tone & Style

Summary

Security Now 1054: "Bots in the Belfry" (December 3, 2025)

Hosted by Leo Laporte & Steve Gibson

Episode Overview

Main Topics & Insights

1. Bots in the Belfry: GrayNoise Labs’ New IP Bot Checker

2. Cisco's Security Awakening: "A Christmas Miracle"

3. Australia’s Social Media Ban for Minors: Unintended Consequences?

4. Major Salesforce Breach Explored: The Perils of Outsourcing

5. When to Use: Passwords, Passkeys, Hardware Keys (Listener Q&A)

6. Listener Feedback: Security, Coding, SSDs & AI

7. Europe Seeks US Tech Independence

8. Miscellaneous

Notable Quotes & Moments

Timestamps for Key Segments

Resources & Actions

Tone & Style