Podcast
Security Now - 16k MP3
Hosted by TWiT · EN
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program,
creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.
Records live at https://twit.tv/live every Tuesday.
11episodes
Episodes
Newest firstAll episodes
SN1040: Clickjacking "Whac-A-Mole"
Aug 27Tap to summarize/ Germany may soon outlaw ad blockers. / What's happening in the courts over AI. / The U.K. drops its demands of Apple. / New Microsoft 365 tenants being throttled. / Is Russia preparing to block Google Meet. / Bluesky suspends its service in Mississippi. / How to throttle AI / A tricky SSH-busting Go library. / Here comes the Linux desktop malware. / Apple just patched a doozy of a vulnerability. / A trivial Docker escape was found and fixed. / Why the recent browser 0-day clickjacking is really just whac-a-mole.
Transcribe →SN1039: The Sad Case of ScriptCase
Aug 20Tap to summarize/ What AI website summaries mean for Internet economics. / Time to urgently update Plex Servers (again). / Allianz Life stolen data gets leaked. / Chrome test Incognito-mode fingerprint script blocking. / Chrome 140 additions coming in two weeks. / Data brokers hide opt-out pages from search engines. / Secure messaging changes in Russia. / NIST rolls-out lightweight IoT crypto. / SyncThing moves to v2.0 and beyond. / Alien:Earth -- first take. / What can we learn from another critical vulnerability?
Transcribe →SN1038: Perplexity's Duplicity
Aug 13Tap to summarize/ CISA's Emergency Directive to ALL Federal agencies re: SharePoint. / NVIDIA firmly says "no" to any embedded chip gimmicks. / Dashlane is terminating its (totally unusable) free tier. / Malicious repository libraries are becoming even more hostile. / The best web filter (uBlock Origin) comes to Safari. / The very popular SonicWall firewall is being compromised. / >100 models of Dell Latitude and Precision laptops are in danger. / The significant challenge of patching SharePoint (for example). / A quick look at my DNS Benchmark progress. / Does InControl prevent an important update. / An venerable Sci-Fi franchise may be getting a great new series. / What to do about the problem of AI "website sucking".
Transcribe →SN1037: Chinese Participation in MAPP
Aug 6Tap to summarize/ A follow-up to the SharePoint server patch mess. / How Russia arranges to spy on other country's local embassies. / "Dropbox Passwords" manager app is ending in October. / Signal will leave Australia rather than help spy. / YouTube deploys viewing history age-estimation heuristics. / Chrome adds clever lightweight extension signing to prevent abuse. / A domain registrar is coming close to losing its rights. / A TP-Link router that doesn't encrypt its configuration. / What is "TruAge" and might it be useful for age verification. / An update on "Artemis". / With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches?
Transcribe →SN1036: Inside the SharePoint 0-day RCE
Jul 30Tap to summarize/ Brave randomizes its fingerprints. / The next Brave will block Microsoft Recall by default. / Clorox sues its IT provider for $380 million in damages. / 6-month Win10 ESU offers are beginning to appear. / Warfare has significantly become cyber. / Allianz Life loses control of 125 million customers' data. / The CIA's Acquisition Research Center website was hacked. / The Pentagon says the SharePoint RCE didn't get them. / A look at a DPRK "laptop farm" to impersonate Americans. / FIDO's passkey was NOT bypassed by a MITM after all. / Is our data safe anywhere? / The UK is trying to back-pedal out of the Apple ADP mess. / Meanwhile, the EU resumes its push for "Chat Control". / What happened after Microsoft fumbled the patch of a powerful Pwn2Own exploit?
Transcribe →SN1035: Cloudflare's 1.1.1.1 Outage
Jul 23Tap to summarize/ Bypassing all passkey protections. / The ransomware attacks just keep on coming. / Cloudflare capitulates to the MPA and starts blocking. / The need for online age verification is exploding. / Microsoft really wants Exchange Servers to subscribe. / Russia (further) clamps down on Internet usage. / The global trend toward more Internet restrictions. / China can inspect locked Android phones. Use a burner. / Web shells are the new buffer overflow. / An age verification protocol sketch. / What Cloudflare did to create an outage of 1.1.1.1.
Transcribe →SN1034: Introduction to Zero Knowledge Proofs
Jul 16Tap to summarize/ A glorious takedown of quantum factorization. / Notepad++ signs its own code signing certificate. / Dennis Taylor has Bobiverse Book 6 on his lap. / Crypto/ATM machines flat out outlawed. / Signal vs WhatsApp: Encryption in flight and at rest. / A close look at browser fingerprinting metrics. / Rewriting interpreters in memory-safe languages. / An introduction to zero-knowledge proofs.
Transcribe →SN1033: Going on the Offensive
Jul 9Tap to summarize/ Another Israeli spyware vendor surfaces. / Win11 to delete restore points more quickly. / The EU accelerates its plans to abandon Microsoft Azure. / The EU sets timelines for Post-Quantum crypto adoption. / Russia to create a massive IMEI database. / Canada and the UK create the "Common Good Cyber Fund". / U.S. states crack down on Bitcoin ATMs amid growing scams. / Congressional staffers cannot use WhatsApp on gov devices. / LibXML2 and the problems with commercial use of OSS. / A(nother) remote code execution vulnerability in WinRAR. / Have-I-Been-Pwned gets a cool data visualization site. / How is ransomware getting in? / Windows to offer "safe" non-kernel endpoint security? / Proactive age verification coming to porn sites. How? / Canada (also) says "bye bye" to Hikvision. / Germany will be banning DeekSeek. The whole EU may follow. / Cloudflare throttled in Russia? / What must the U.S. do to compete in global exploit acquisition?
Transcribe →SN1032: Pervasive Web Fingerprinting
Jul 2Tap to summarize/ Let's Encrypt drops its long-running email notifications. / Microsoft's new "Unexpected Restart Experience". / Microsoft's response to last year's massive CrowdStrike outage. / Windows 10's extended service updates will sort of be free. / Russia-sold iPhones MUST include the RuStore app. / Lyon, in France, says bye-bye to Windows. Hello to Linux. / The US Gov gets more serious about memory-safe languages. / A new unbelievable AI malware scanner evasion technique. / A new pair of Cisco 9.8 and 10.0 vulnerabilities. / The current state of post-Elon government cybersecurity. / PNGv3, Swift on Android, and the Samsung email purge. / Andy Weir's "Project Hail Mary" movie trailer. / And a close look at the pervasiveness of web browser tracking fingerprinting.
Transcribe →SN1031: How Salt Typhoon gets in
Jun 25Tap to summarizeNo description available
Transcribe →