Security Now 1042: "Letters of Marque – 1.1.1.1 Certificate Snafu"

Date: September 9, 2025
Hosts: Steve Gibson, Leo Laporte
Main Theme:
Exploring the intersection of cybersecurity policy, trust and failures in Certificate Authorities, supply chain risk, AI's evolving interaction with malware and malware analysis, and the newly revived debate about “hacking back” – i.e., private or corporate cyber offense, under the old tradition of “letters of marque.”

Episode Overview

In this episode, Steve and Leo take a deep dive into several current and developing security stories:

The misissuance of TLS certificates for Cloudflare’s DNS service (1.1.1.1) by a questionable Certificate Authority, and why Microsoft’s root store is complicit.
A supply chain attack exploiting NPM’s ecosystem, affecting billions of package downloads.
The latest incident of artist blackmail, this time threatened with AI training on stolen artwork.
The evolution of “Vibe coding” (AI-generated malware), and its implications for cybersecurity.
US cybersecurity policy: the looming renewal (or not) of info-sharing protections, and a frank conversation about “hacking back” as a nation-state, corporation, or privateer.

The show includes notable moments of levity and reflection on internet history (including Byte Magazine and Microsoft’s Clippy), plus contextual speculation about the future of cyberwar.

Segment Highlights & Key Insights

[00:00] Opening Banter & Agenda

Topics Teased:
- Why Byte Magazine died.
- The "1.1.1.1 Certificate Snafu."
- Artists being blackmailed for AI-training on their art.
- The government allowing private companies to "go on the offense" – the “Letters of Marque.”
Tone: Friendly, nerdy, history-inflected.

[03:00] Security News in Brief

X vs. Email (Feedback Shift) – Steve’s Update

Steve: Describes how user feedback has shifted entirely off X (formerly Twitter) to direct email, praising the effectiveness, reach, and low cost of GRC’s email system.
Quote [13:14]:

"Since its inception, GRC's email system has proven to be a total success...sending weekly mass mailings has now free and effortless, cost me nothing."
— Steve Gibson
Discussion: Social interaction quality is higher over email ("StinkyBits" as an example of an X username he wouldn't reply to).

[20:31] Google Extortion Threat – "Scattered Lapsus Hunters"

Story:
A coalition of notable hacker groups (Scattered Spider, Lapsus, Shiny Hunters) threatens Google via Telegram, demanding the firing of two security researchers in their TIG (Threat Intelligence Group), or they’ll leak data.
Steve:
Describes the escalation in cyber threat actor collaboration ("pooling skills...not something we would like").
Leo [23:16]:

"They're not going to fire somebody because that is ridiculous."
Steve [23:20]:

"There's no way that they're going to put this group of, of malicious criminals in charge of their human resources..."

[24:08] The 1.1.1.1 Certificate Snafu

What Happened?

Multiple TLS certificates for 1.1.1.1, Cloudflare's DNS service, were misissued by an obscure CA named FINA.
- These certs could enable MITM (Man-in-the-Middle) decryption of DNS-over-HTTPS or TLS.
Immediate Reactions:
- Microsoft trusted FINA; Chrome, Firefox, and Apple never did.
- Cloudflare: “These certificates were improperly issued; Cloudflare did not authorize FINA...”
Key Problem:
- Any CA trusted by an OS/browser can issue a cert for any domain.

[39:59] Technical Deep Dive

Why Wasn't It Caught?
- No one was watching the Certificate Transparency logs in real time. It took four months for this to come to light, only after a post on a discussion forum.
Steve’s Theory & Analysis:
- The “malicious” certificates were likely the byproduct of a lazy internal testing practice—devs inside FINA needed a short/easy domain to test, used 1.1.1.1.
- BUT—they unwittingly signed test certs with a real, globally trusted key.
Quote [44:38]:

"I would bet a month's pay that the reason 1.1.1.1 appeared in any FINA issued test certificate is for the same reason Cloudflare chose it...It is super short, easy to enter and easy to remember." — Steve Gibson

[48:50] Certificate Transparency Failures

No one was watching the logs. Cloudflare and other domain owners should automate checking for rogue certs, but even they weren't.
Broader CA System Issue:
- Any CA trusted in a store is globally valid for any domain, not just those it operates.

[56:59] New Ransomware Tactic: Blackmailing Artists with AI Training

Story:
Ransomware group Lunalock hit an artists’ commission platform; threatened to leak user data and to train AI models on stolen artwork if not paid.
Leo [57:10]:

"Oh, that's hysterical."
Steve:
Notes the attackers didn’t pick a lucrative target (“wrong people to extort, buddy”), but highlights the exploitation of AI-anxiety in the art world.
Quote [57:12]:

"Blackmail with threats of training AI on their art because that would be bad..." — Steve Gibson

[59:26] Firefox Extends Windows 7, 8, 8.1 Support

Announcement:
Firefox ESR 115 security updates extended until March 2026 – good news for users stubbornly clinging to older OSes (including Steve on Win7).
Context:
Steve discusses the often-overblown OS support cutoffs, and his practical return from Brave to Firefox.

[68:54] Info Sharing Act at Risk / Policy Update

The Issue:
- The Cybersecurity and Information Sharing Act (2015) giving companies liability protection when sharing threat intel with the US Gov’t is expiring soon. Without renewal, the flow of intel would cease.
Barriers:
- Washington political gridlock, concerns about CISA and free speech.
Steve:
Calls for making such laws permanent, not 10-year cycles.

[77:50] AI "Vibe Coding": Malware Generation & Attribution

Trend Micro Experiment:
Used Claude 4 Opus (AI model) to generate malware via prompt engineering based on their own public threat reports (“vibe coding”).
Outcome:
- AI can create proto-malware, but still needs human expertise to work.
- Guardrails in official LLMs are weak; uncensored versions available.
Risks:
- Attribution becomes nearly impossible when prompt-driven code lacks unique “signatures.”
Quote [82:59]:

"The code is actually coming out of LLMs rather than out of specific coders… the habits of specific coders will… fingerprint me as the author… If code comes out of LLMs and then is tweaked, then you’re not going to have that same code signature showing." — Steve Gibson

[103:40] Massive NPM Supply Chain Attack

[104:39] The Discovery

Incident:
- Security researchers found that the ultra-popular, tiny Error-Ex package (47+ million downloads/wk) received a malicious update (v1.3.3). The code attempted to steal Ethereum wallet credentials (detected via a build failure).
Root cause:
- Package maintainers were phished, attackers gained commit access.
Downstream Impact:
- Eighteen major packages—comprising two billion downloads per week—were tainted, including chalk, debug, strip-ansi, and more.
Key Quote [121:33]:

"The fate of many hundreds of millions of users of this handful of 18 npm packages critically depends upon the package maintainers not falling for basic phishing attacks." — Steve Gibson

[117:53] Reflections

Steve:
Compares this to trusting CAs: the security of the ecosystem is only as strong as its weakest (often small, volunteer) maintainer. A single phish can impact nearly all commercial software.
Broader Point:
- The very open, hobbyist system that made npm (and open source) powerful is fundamentally fragile and open to catastrophic abuse.

[128:59] Byte Magazine: A Listener’s Memory, & a Post-Mortem

Listener story: SpinRite’s discovery via Byte.
Steve shares a link to the senior editor’s FAQ about why Byte ceased publication (1998), highlighting the pitfalls of tech publishing’s consolidation.

FEATURE TOPIC: "Letters of Marque" — Hacking Back & Private Cyber Offense

[132:56] Setting the Stage

Steve: Reminisces about the long-standing question: "Is it ever okay for good guys to remotely fix others' servers if they're vulnerable/hacked?" (DOJ: “No, still a crime.”)
Recent Developments:
- With the current US administration, the topic of “arming” private industry to go on the offensive – with historical precedent in “letters of marque” (i.e., legalized privateering) – is no longer science fiction.
- Google recently announced a new “Cyber Disruption Unit,” with wording invoking “legal and ethical disruption.”

[134:43] What Are Letters of Marque?

Historically, government-issued licenses to private vessels to attack enemy shipping (“privateers,” not pirates).
US Constitution: only Congress can issue them.
Modern cyber analog: Letting private companies legally “hack back” with government blessing.

[137:30] Policy Debates & Concerns

Cyberscoop/CCPL Reports:
- Renewed interest in more aggressive cyber offense (not just defense/honeypots, but actual takedowns, destruction of adversary infrastructure).
- Calls for “pre-emptive pardons” (in effect) for corporate actors.
Risks:
- Legal gray zone.
- Potential for escalation/collateral damage (imagine a private company borking a foreign power grid).
- Retaliation and "Wild West" scenarios if not tightly regulated.
Escalation Dilemma:
- Unlike nukes or bio-weapons, cyber capabilities can’t be “paraded” or used as visible deterrents—must be used to prove their existence/power.

[146:00+] Steve & Leo’s Reflections

Risks of Escalation

Leo [162:29]:

"Do you feel cyber warfare is that risky?"
Steve [162:53]:

"There’s a little bit of a problem with containment..."
Leo:
Notes that the Ukraine war is likely a cyber-warfare proxy lab for superpowers.

On Policy

Both:
Cautiously disagree with “letters of marque” for corporations; offensive cyber should be tightly government-controlled, like nuclear or biological weapons.
Quote [167:28]:

“We should not be giving letters of mark. Just as we don’t give private companies nuclear weapons and tanks. This is something the government should be responsible for.” — Leo Laporte

Big Picture Concerns

Steve:
Worries that the boundary between “demonstration” and outright act of war is thin. Retaliation, attribution, and escalation risks are profound.
Leo:
Predicts that in the coming years, a nation-state cyber attack will cause a loss of life and a geopolitical crisis:

“I suspect the next five years...there will be an incident created by a nation state that will be dramatic and very provocative and perhaps cause great loss of life. That will be considered an act of war, just as 9/11 was.”

Notable Quotes & Memorable Moments

On private cyber offense:
"The system blurred the line between the Navy and piracy. Without a letter, you were a pirate. With one, you were a lawful privateer." [134:48 – Steve Gibson via AI explanation]
On supply chain vulnerability:
"Two billion downloads per week...the fate of many hundreds of millions of users of these npm packages depends on the package maintainers not falling for basic phishing attacks." [121:33 – Steve]
On AI-generated malware:
"The AI provides a significant starting point, but technical expertise remains essential...But what’s true today won’t be true in 90 or 180 days." [78:03, 82:59 – Steve]
On CA trust:
"All of the CAs that we trust are trusted regardless of what they sign...any CA trusted in a store is globally valid for any domain." [39:59 – Steve]
Classic Steve:
"I’m much more comfortable exploring browser cookies, certificate revocations, and the mechanics of other tangible technologies." [160:17]

Timestamp Index of Important Segments

00:00 – Intro, agendas, big topics of the week
13:00 – X vs. Email: GRC feedback and outreach update
20:31 – Google being blackmailed by cybercriminal “supergroup”
24:08 – The 1.1.1.1 Certificate Snafu (Root CA failings, Microsoft vs. Chrome/Firefox)
44:38 – Analysis: Internal test keys, how CT logs failed
56:59 – New ransomware: Artists, AI, & extortion
59:26 – Firefox, Windows 7/8 support extension
68:54 – Info Sharing Act: Risk and renewal
77:50 – Trend Micro: AI “Vibe Coding,” malware generation & attribution crisis
103:40 – Massive npm supply chain attacks: How phished maintainers put billions at risk
128:59 – Byte Magazine post-mortem, nostalgia segment
132:56 – MAIN TOPIC: Letters of Marque, hacking back, and the future of US cyber offense
162:29–169:52 – Leo & Steve: Caution, escalation, analogies to WMD, and future cyberwar scenarios

Language, Tone, and Style

Reflective, technical, at times wry/humorous; deep skepticism of hype and “easy” cyberwar answers; “old school” pride in email and direct listener engagement. Serious warnings about real-world impacts, paired with genuine appreciation for the audience’s role in shaping the show.

Final Thoughts

This episode is an essential primer on several rapidly developing cyber policy, trust, and technical stories—including Microsoft’s root store maintainers, the persistent vulnerabilities in the modern open source supply chain, and the very real policy question of whether “hack back” is coming to the mainstream (and who should wield that power). Intertwined are stories of both ridiculous and consequential blackmail and a reminder that “cyber war” is no longer dystopian fiction.

For those who haven't listened:
This summary covers all the substantive ground, including direct technical explanation and policy nuance, with quotes and timestamps to enable quick navigation or deeper dive into any topic.

Security Now 1042: "Letters of Marque – 1.1.1.1 Certificate Snafu"

Episode Overview

In this episode, Steve and Leo take a deep dive into several current and developing security stories:

The misissuance of TLS certificates for Cloudflare’s DNS service (1.1.1.1) by a questionable Certificate Authority, and why Microsoft’s root store is complicit.
A supply chain attack exploiting NPM’s ecosystem, affecting billions of package downloads.
The latest incident of artist blackmail, this time threatened with AI training on stolen artwork.
The evolution of “Vibe coding” (AI-generated malware), and its implications for cybersecurity.
US cybersecurity policy: the looming renewal (or not) of info-sharing protections, and a frank conversation about “hacking back” as a nation-state, corporation, or privateer.

The show includes notable moments of levity and reflection on internet history (including Byte Magazine and Microsoft’s Clippy), plus contextual speculation about the future of cyberwar.

Segment Highlights & Key Insights

[00:00] Opening Banter & Agenda

Topics Teased:
- Why Byte Magazine died.
- The "1.1.1.1 Certificate Snafu."
- Artists being blackmailed for AI-training on their art.
- The government allowing private companies to "go on the offense" – the “Letters of Marque.”
Tone: Friendly, nerdy, history-inflected.

[03:00] Security News in Brief

X vs. Email (Feedback Shift) – Steve’s Update

Steve: Describes how user feedback has shifted entirely off X (formerly Twitter) to direct email, praising the effectiveness, reach, and low cost of GRC’s email system.
Quote [13:14]:

"Since its inception, GRC's email system has proven to be a total success...sending weekly mass mailings has now free and effortless, cost me nothing."
— Steve Gibson
Discussion: Social interaction quality is higher over email ("StinkyBits" as an example of an X username he wouldn't reply to).

[20:31] Google Extortion Threat – "Scattered Lapsus Hunters"

Story:
A coalition of notable hacker groups (Scattered Spider, Lapsus, Shiny Hunters) threatens Google via Telegram, demanding the firing of two security researchers in their TIG (Threat Intelligence Group), or they’ll leak data.
Steve:
Describes the escalation in cyber threat actor collaboration ("pooling skills...not something we would like").
Leo [23:16]:

"They're not going to fire somebody because that is ridiculous."
Steve [23:20]:

"There's no way that they're going to put this group of, of malicious criminals in charge of their human resources..."

[24:08] The 1.1.1.1 Certificate Snafu

What Happened?

Multiple TLS certificates for 1.1.1.1, Cloudflare's DNS service, were misissued by an obscure CA named FINA.
- These certs could enable MITM (Man-in-the-Middle) decryption of DNS-over-HTTPS or TLS.
Immediate Reactions:
- Microsoft trusted FINA; Chrome, Firefox, and Apple never did.
- Cloudflare: “These certificates were improperly issued; Cloudflare did not authorize FINA...”
Key Problem:
- Any CA trusted by an OS/browser can issue a cert for any domain.

[39:59] Technical Deep Dive

Why Wasn't It Caught?
- No one was watching the Certificate Transparency logs in real time. It took four months for this to come to light, only after a post on a discussion forum.
Steve’s Theory & Analysis:
- The “malicious” certificates were likely the byproduct of a lazy internal testing practice—devs inside FINA needed a short/easy domain to test, used 1.1.1.1.
- BUT—they unwittingly signed test certs with a real, globally trusted key.
Quote [44:38]:

"I would bet a month's pay that the reason 1.1.1.1 appeared in any FINA issued test certificate is for the same reason Cloudflare chose it...It is super short, easy to enter and easy to remember." — Steve Gibson

[48:50] Certificate Transparency Failures

No one was watching the logs. Cloudflare and other domain owners should automate checking for rogue certs, but even they weren't.
Broader CA System Issue:
- Any CA trusted in a store is globally valid for any domain, not just those it operates.

[56:59] New Ransomware Tactic: Blackmailing Artists with AI Training

Story:
Ransomware group Lunalock hit an artists’ commission platform; threatened to leak user data and to train AI models on stolen artwork if not paid.
Leo [57:10]:

"Oh, that's hysterical."
Steve:
Notes the attackers didn’t pick a lucrative target (“wrong people to extort, buddy”), but highlights the exploitation of AI-anxiety in the art world.
Quote [57:12]:

"Blackmail with threats of training AI on their art because that would be bad..." — Steve Gibson

[59:26] Firefox Extends Windows 7, 8, 8.1 Support

Announcement:
Firefox ESR 115 security updates extended until March 2026 – good news for users stubbornly clinging to older OSes (including Steve on Win7).
Context:
Steve discusses the often-overblown OS support cutoffs, and his practical return from Brave to Firefox.

[68:54] Info Sharing Act at Risk / Policy Update

The Issue:
- The Cybersecurity and Information Sharing Act (2015) giving companies liability protection when sharing threat intel with the US Gov’t is expiring soon. Without renewal, the flow of intel would cease.
Barriers:
- Washington political gridlock, concerns about CISA and free speech.
Steve:
Calls for making such laws permanent, not 10-year cycles.

[77:50] AI "Vibe Coding": Malware Generation & Attribution

Trend Micro Experiment:
Used Claude 4 Opus (AI model) to generate malware via prompt engineering based on their own public threat reports (“vibe coding”).
Outcome:
- AI can create proto-malware, but still needs human expertise to work.
- Guardrails in official LLMs are weak; uncensored versions available.
Risks:
- Attribution becomes nearly impossible when prompt-driven code lacks unique “signatures.”
Quote [82:59]:

"The code is actually coming out of LLMs rather than out of specific coders… the habits of specific coders will… fingerprint me as the author… If code comes out of LLMs and then is tweaked, then you’re not going to have that same code signature showing." — Steve Gibson

[103:40] Massive NPM Supply Chain Attack

[104:39] The Discovery

Incident:
- Security researchers found that the ultra-popular, tiny Error-Ex package (47+ million downloads/wk) received a malicious update (v1.3.3). The code attempted to steal Ethereum wallet credentials (detected via a build failure).
Root cause:
- Package maintainers were phished, attackers gained commit access.
Downstream Impact:
- Eighteen major packages—comprising two billion downloads per week—were tainted, including chalk, debug, strip-ansi, and more.
Key Quote [121:33]:

"The fate of many hundreds of millions of users of this handful of 18 npm packages critically depends upon the package maintainers not falling for basic phishing attacks." — Steve Gibson

[117:53] Reflections

Steve:
Compares this to trusting CAs: the security of the ecosystem is only as strong as its weakest (often small, volunteer) maintainer. A single phish can impact nearly all commercial software.
Broader Point:
- The very open, hobbyist system that made npm (and open source) powerful is fundamentally fragile and open to catastrophic abuse.

[128:59] Byte Magazine: A Listener’s Memory, & a Post-Mortem

Listener story: SpinRite’s discovery via Byte.
Steve shares a link to the senior editor’s FAQ about why Byte ceased publication (1998), highlighting the pitfalls of tech publishing’s consolidation.

FEATURE TOPIC: "Letters of Marque" — Hacking Back & Private Cyber Offense

[132:56] Setting the Stage

Steve: Reminisces about the long-standing question: "Is it ever okay for good guys to remotely fix others' servers if they're vulnerable/hacked?" (DOJ: “No, still a crime.”)
Recent Developments:
- With the current US administration, the topic of “arming” private industry to go on the offensive – with historical precedent in “letters of marque” (i.e., legalized privateering) – is no longer science fiction.
- Google recently announced a new “Cyber Disruption Unit,” with wording invoking “legal and ethical disruption.”

[134:43] What Are Letters of Marque?

Historically, government-issued licenses to private vessels to attack enemy shipping (“privateers,” not pirates).
US Constitution: only Congress can issue them.
Modern cyber analog: Letting private companies legally “hack back” with government blessing.

[137:30] Policy Debates & Concerns

Cyberscoop/CCPL Reports:
- Renewed interest in more aggressive cyber offense (not just defense/honeypots, but actual takedowns, destruction of adversary infrastructure).
- Calls for “pre-emptive pardons” (in effect) for corporate actors.
Risks:
- Legal gray zone.
- Potential for escalation/collateral damage (imagine a private company borking a foreign power grid).
- Retaliation and "Wild West" scenarios if not tightly regulated.
Escalation Dilemma:
- Unlike nukes or bio-weapons, cyber capabilities can’t be “paraded” or used as visible deterrents—must be used to prove their existence/power.

[146:00+] Steve & Leo’s Reflections

Risks of Escalation

Leo [162:29]:

"Do you feel cyber warfare is that risky?"
Steve [162:53]:

"There’s a little bit of a problem with containment..."
Leo:
Notes that the Ukraine war is likely a cyber-warfare proxy lab for superpowers.

On Policy

Both:
Cautiously disagree with “letters of marque” for corporations; offensive cyber should be tightly government-controlled, like nuclear or biological weapons.
Quote [167:28]:

“We should not be giving letters of mark. Just as we don’t give private companies nuclear weapons and tanks. This is something the government should be responsible for.” — Leo Laporte

Big Picture Concerns

Steve:
Worries that the boundary between “demonstration” and outright act of war is thin. Retaliation, attribution, and escalation risks are profound.
Leo:
Predicts that in the coming years, a nation-state cyber attack will cause a loss of life and a geopolitical crisis:

“I suspect the next five years...there will be an incident created by a nation state that will be dramatic and very provocative and perhaps cause great loss of life. That will be considered an act of war, just as 9/11 was.”

Notable Quotes & Memorable Moments

On private cyber offense:
"The system blurred the line between the Navy and piracy. Without a letter, you were a pirate. With one, you were a lawful privateer." [134:48 – Steve Gibson via AI explanation]
On supply chain vulnerability:
"Two billion downloads per week...the fate of many hundreds of millions of users of these npm packages depends on the package maintainers not falling for basic phishing attacks." [121:33 – Steve]
On AI-generated malware:
"The AI provides a significant starting point, but technical expertise remains essential...But what’s true today won’t be true in 90 or 180 days." [78:03, 82:59 – Steve]
On CA trust:
"All of the CAs that we trust are trusted regardless of what they sign...any CA trusted in a store is globally valid for any domain." [39:59 – Steve]
Classic Steve:
"I’m much more comfortable exploring browser cookies, certificate revocations, and the mechanics of other tangible technologies." [160:17]

Timestamp Index of Important Segments

00:00 – Intro, agendas, big topics of the week
13:00 – X vs. Email: GRC feedback and outreach update
20:31 – Google being blackmailed by cybercriminal “supergroup”
24:08 – The 1.1.1.1 Certificate Snafu (Root CA failings, Microsoft vs. Chrome/Firefox)
44:38 – Analysis: Internal test keys, how CT logs failed
56:59 – New ransomware: Artists, AI, & extortion
59:26 – Firefox, Windows 7/8 support extension
68:54 – Info Sharing Act: Risk and renewal
77:50 – Trend Micro: AI “Vibe Coding,” malware generation & attribution crisis
103:40 – Massive npm supply chain attacks: How phished maintainers put billions at risk
128:59 – Byte Magazine post-mortem, nostalgia segment
132:56 – MAIN TOPIC: Letters of Marque, hacking back, and the future of US cyber offense
162:29–169:52 – Leo & Steve: Caution, escalation, analogies to WMD, and future cyberwar scenarios

SN 1042: Letters of Marque - 1.1.1.1 Certificate Snafu

Powered by Wave AI

Summary

Security Now 1042: "Letters of Marque – 1.1.1.1 Certificate Snafu"

Episode Overview

Segment Highlights & Key Insights

[00:00] Opening Banter & Agenda

[03:00] Security News in Brief

X vs. Email (Feedback Shift) – Steve’s Update

[20:31] Google Extortion Threat – "Scattered Lapsus Hunters"

[24:08] The 1.1.1.1 Certificate Snafu

What Happened?

[39:59] Technical Deep Dive

[48:50] Certificate Transparency Failures

[56:59] New Ransomware Tactic: Blackmailing Artists with AI Training

[59:26] Firefox Extends Windows 7, 8, 8.1 Support

[68:54] Info Sharing Act at Risk / Policy Update

[77:50] AI "Vibe Coding": Malware Generation & Attribution

[103:40] Massive NPM Supply Chain Attack

[104:39] The Discovery

[117:53] Reflections

[128:59] Byte Magazine: A Listener’s Memory, & a Post-Mortem

FEATURE TOPIC: "Letters of Marque" — Hacking Back & Private Cyber Offense

[132:56] Setting the Stage

[134:43] What Are Letters of Marque?

[137:30] Policy Debates & Concerns

[146:00+] Steve & Leo’s Reflections

Risks of Escalation

On Policy

Big Picture Concerns

Notable Quotes & Memorable Moments

Timestamp Index of Important Segments

Language, Tone, and Style

Final Thoughts

Summary

Security Now 1042: "Letters of Marque – 1.1.1.1 Certificate Snafu"

Episode Overview

Segment Highlights & Key Insights

[00:00] Opening Banter & Agenda

[03:00] Security News in Brief

X vs. Email (Feedback Shift) – Steve’s Update

[20:31] Google Extortion Threat – "Scattered Lapsus Hunters"

[24:08] The 1.1.1.1 Certificate Snafu

What Happened?

[39:59] Technical Deep Dive

[48:50] Certificate Transparency Failures

[56:59] New Ransomware Tactic: Blackmailing Artists with AI Training

[59:26] Firefox Extends Windows 7, 8, 8.1 Support

[68:54] Info Sharing Act at Risk / Policy Update

[77:50] AI "Vibe Coding": Malware Generation & Attribution

[103:40] Massive NPM Supply Chain Attack

[104:39] The Discovery

[117:53] Reflections

[128:59] Byte Magazine: A Listener’s Memory, & a Post-Mortem

FEATURE TOPIC: "Letters of Marque" — Hacking Back & Private Cyber Offense

[132:56] Setting the Stage

[134:43] What Are Letters of Marque?

[137:30] Policy Debates & Concerns

[146:00+] Steve & Leo’s Reflections

Risks of Escalation

On Policy

Big Picture Concerns

Notable Quotes & Memorable Moments

Timestamp Index of Important Segments

Language, Tone, and Style

Final Thoughts