Security Now 1054: Bots in the Belfry — Cisco Promises Real Security Fixes!
Podcast: Security Now (TWiT)
Date: December 3, 2025
Hosts: Steve Gibson, Leo Laporte
Overview
This episode delivers a content-rich journey across the state of enterprise and personal security as Steve Gibson and Leo Laporte tackle the latest high-profile cyber incidents, regulatory developments, and breakthrough industry news. The episode’s main theme is the growing threat landscape — particularly rampant botnet-driven network abuse — and the corresponding industry response, with Cisco’s publicly announced commitment to security at its core. The hosts also dive into news on Australia’s sweeping new social media restrictions, supply chain hacks, feedback on security tools, and practical advice for listeners, all topped off with a simple new tool for checking your network’s bot infection status.
Key Discussion Points & Insights
1. “Bots in the Belfry”: GrayNoise’s New Community Service
- [00:50, 166:33]
Title inspiration comes from GrayNoise Labs' just-launched tool that checks if your external IP has been involved in bot activity or scanning (GRC shortcut:grc.sc/botcheck). The hosts break down how this empowers individuals and small orgs to assess their exposure to botnet or residential proxy traffic. - NAT’s Hidden Benefit: Steve highlights how NAT routers mean a clean bill of health covers every device behind them, providing a nice, pragmatic win for the much-maligned network architecture.
Notable Quotes
- Steve Gibson [01:19]: “GrayNoise Labs’ compelling new service allows anyone to quickly check if their IP has ever been seen evidencing any bot activity.”
- Steve Gibson [166:16]: “Given this, it is a no brainer… everyone listening should go to grc.sc/botcheck and quickly confirm that none of the devices sharing their network’s IP have been seen misbehaving.”
2. Salesforce, Gainsight, and Cloud Supply Chain Risk
- [19:19]
A detailed account of a major supply chain attack: hackers breached Gainsight (via prior Drift/ Sales Loft compromise), stealing Salesforce-stored data from over 200 companies—an event Steve describes as an updated, larger-scale version of classic managed service provider incidents. - Outsourcing Risk Analysis: Steve warns that the drive for business process outsourcing (BPO) for efficiency and flexibility has expanded the “blast radius” when things go wrong and calls existing API trust models “far too crude to withstand the sort of scaling that demand is creating.”
- Paraphrase: The steady repetition of such breaches signals a fundamentally flawed architecture.
Notable Quotes
- Steve Gibson [36:12]: “The bigger message...is the steadily growing consequences we keep seeing arising from outsourcing. Risks which remain unseen and unappreciated cannot be hedged against nor planned for.”
- Steve Gibson [38:39]: “The evidence suggests this is the wrong way to think about them. This feels reminiscent of the Internet in the days before the concept of a firewall was introduced.”
3. Cisco’s “Resilient Infrastructure” — A Real Security Pivot
- [44:06, 54:03]
Steve shares genuine excitement and surprise at Cisco’s published, explicit commitment to making secure defaults the norm, deprecating insecure options, and providing real-time “shields” against emergent vulnerabilities—drawing direct parallels to criticisms he’s levied on the show for years. - Major Mindset Shifts: Commitment to informing customers when their configs are insecure, making reductions in security require explicit user action, and ultimately removing insecure legacy options altogether.
Notable Quotes
- Steve Gibson [49:15]: “Never before have I been hoping that somebody inside Cisco got wind of my thoughts about their problems with security...I could not have better expressed what they need to do.”
- Cisco statement (read by Steve) [54:03]: “We are doubling down on the model where security is the default and any reduction in security requires an explicit choice.”
- Steve Gibson [57:30]: “We will be designing features to deploy targeted real-time shields that protect against specific vulnerabilities soon after they are identified.”
4. Australia’s Social Media Youth Ban
- [04:33, 69:26]
Australia is implementing a nationwide restriction, requiring all users to prove they’re over 16 for services defined as “age-restricted social media platforms.” The logistics border on impossible, with real potential for wide collateral effects. - Technical Headaches: Almost no platforms or admins (including GRC and TWiT) are equipped to implement robust age verification, and simple opt-in tick boxes won’t suffice. Even Mastodon states they have “no way of doing this.”
Notable Quotes
- Steve Gibson [07:16]: “You have to prove you are over 16, which means everybody… It’s insane.”
- Leo Laporte [74:44]: “Should I just block Australians? … I don’t know what the answer is. I’m just going to pretend I didn’t know about it.”
5. Industry & Community Quick Hits
EU Tech Sovereignty Push
- [76:00]
European Parliament moving to phase out US-based software and hardware, citing security and strategic autonomy.
Listener Q&A: Passkeys vs Passwords vs YubiKeys
- [86:19]
Steve answers in detail:- Always use passkeys when available, especially within a password manager.
- YubiKeys are for the few critically sensitive accounts where you accept that kind of physical access tradeoff.
- Legacy passwords only where necessary.
SSD Longevity Myths
- [95:07]
Keeping SSDs powered on does not prevent data degradation; best to keep cooled if storing long term. No self-repairing drives.
AI Coding and LLM Pitfalls
- [146:05, 155:37]
LLMs excel only in areas with abundant, representative training data; for uncommon, nuanced tasks (like niche assembly code), results are unreliable and potentially dangerous.
Notable Quotes & Memorable Moments
-
Steve Gibson [166:58]: “Receiving a clean bill of health from GrayNoise’s check automatically means you can be reasonably certain not a single device on your network has been misbehaving.”
-
Leo Laporte [55:56]: “What are you going to talk about?”
-
Steve Gibson [181:15]: “We’re going to talk about vitamin D.”
(Reference to the classic episode planned for rebroadcast during the holiday break.) -
Brian in Deerfield, IL [117:53]: Uses AI to generate a Bitwarden password manager jingle to try to convert his family—Only to be met with "shaking heads and nearly audible eye rolls."
Timestamps for Major Segments
- 00:50 — Show/thematic overview; introduction of GrayNoise Labs service.
- 19:19 — Salesforce / Gainsight supply chain hack breakdown.
- 44:06 — Steve’s excitement at Cisco’s new security commitment.
- 69:26 — Australia’s national social media ban for under-16s.
- 74:44 — Reality check: impossible age-gating for web admins.
- 76:00 — EU moves toward technological sovereignty.
- 86:19 — Detailed advice: passwords, passkeys, and YubiKeys.
- 95:07 — Mythbusting SSD storage longevity.
- 117:53 — Listener AI-generated Bitwarden jingle.
- 146:05, 155:37 — ChatGPT/LLM AI limitations for nuanced technical work.
- 157:09 — Stargate TV series returning.
- 166:33 — Main topic: GrayNoise Labs and residential botnets.
- 177:02 — Outro; holiday programming note.
Conclusion
Security Now 1054 provides a multifaceted look at the rapidly evolving cybersecurity landscape, blending high-level analysis with practical tools and concrete advice for both enterprise and everyday listeners. The blend of technical dissection, regulatory critique, and positive industry news (especially regarding Cisco) makes this a standout episode for security professionals and tech enthusiasts. Whether you’re seeking big-picture trends, real-world defense tools, or simply the latest on your favorites in security and sci-fi, this episode delivers with authority, insight, and approachable wit.