Security Now

SN 688: PortSmash

Security Now (Audio)

  • A close look at the impact and implication of the new "PortSmash" attack against Intel (and almost certainly other) processors.
  • The new "BleedingBit" Bluetooth flaws
  • JavaScript is no longer optional with Google
  • A new Microsoft Edge browser 0-day
  • Windows Defender plays in its own sandbox
  • Microsoft and SysInternals news
  • The further evolution of the CAPTCHA
  • The 30th anniversary of the Internet's first worm
  • A bizarre requirement of Ransomware
  • A nice new bit of security non-tech from Apple

We invite you to read our show notes

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 687: Securing the Vending Machine

Security Now (Audio)

More Zero-day exploits in Windows 10, publicly exposed Docker Engine APIs, Google's plan to fix Android, the DoD is expanding its existing "Hack the Pentagon" bug-bounty program to include hardware assets, the going rate for DDoS-for-Hire, and Steve has the answer to our vending machine conundrum from last week.

We invite you to read our show notes.

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 686: Libssh's Big Whoopsie!

Security Now (Audio)

This week a widely used embedded OS (FreeRTOS) is in the doghouse, as are at least eight D-Link routers which have serious problems most of which D-Link has stated will never be patched. We look at five new problems in Drupal 7 and 8, two of which are rated critical, trouble with Live Networks RTSP streaming server, still more trouble with the now-infamous Windows 10 Build 1809 feature update, and a long standing 0-day in the widely used and most popular plugin for jQuery. We then look at what can only be described as an embarrassing mistake in the open source libssh library, and we conclude by examining a fun recent hack and pose its solution to our audience as our Security Now Puzzler of the Week!

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 685: Good Samaritans?

Security Now (Audio)

This week we observe the untimely death of Microsoft's co-founder Paul Allen, revisit the controversial Bloomberg China supply chain hacking report, catch up on Microsoft's October patching fiasco, follow-up on Facebook's privacy breach, look at the end of TLS v1.0 and 1.1, explore Google's addition of control flow integrity to Android 9, look at a GAO report about the state of US DOD weapons cybersecurity, consider the EOL of PHP 5.x chain, take a quick look at an A/V comparison test, entertain a few bits of feedback from our listeners, and then consider the implications of grey-hat vigilante hacking of others' routers.

We invite you to read our show notes

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 684: The Supply Chain

Security Now (Audio)

  • An October Surprise of a different sort - Windows 10 update deletes users' files
  • A security researcher has massively weaponzied the existing MicroTik vulnerability and released it as a proof-of-concept
  • A clever voicemail WhatsApp OTP bypass
  • What happened with that recent Google+ breach?
  • Google tightens up its Chrome extensions security policies
  • WiFi radio protocol designations finally switch to simple version numbering
  • Intel unwraps its 9th-generation processors
  • Head-spinning PDF updates from Adobe and Foxit (this isn't a competition, guys!)
  • Bloomberg's earth-shaking controversial report on Chinese hardware hacking

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 683: The Facebook Breach

Security Now (Audio)

This week we discuss yet another treat from Cloudflare, the growing legislative battle over Net Neutrality, the rise of Python malware, Cisco's update report on the VPNFilter malware, still more Chrome controversy and some placating, the rapid exploitation of 0-day vulnerabilities, the first UEFI rootkit found in the wild, another new Botnet discovery, the danger of the RDP protocol, a nasty website browser trick and how to thwart it, a quick update on recent non-fiction and science fiction, and then a look into the recent massive 50 million account Facebook security breach.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 682: SNI Encryption

Security Now (Audio)

This week we look at additional changes coming from Google's Chromium team, another powerful instance of newer cross-platform malware, the publication of a 0-day exploit after Microsoft missed its deadline, the return of Sabri Haddouche with browser crash attacks, the reasoning behind Matthew Green's decision to abandon Chrome after a change in release 69... and an "UnGoogled" Chromium alternative that Matthew might approve of, Western Digital's pathetic response to a very serious vulnerability, a cool device exploit collection website, a question about the future of the Internet, a sobering example of the aftermarket in unwiped hard drives, the Mirai Botnet creators are now working with and helping the FBI, another fine levied against Equifax, and a look at Cloudflare's quick move to encrypt a remaining piece of web metadata.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 681: The Browser Extension Ecosystem

Security Now (Audio)

This week we prepare for the first ever Presidential Alert unblockable nationwide text message, we examine Chrome's temporary "www" removal reversal, checkout Comodo's somewhat unsavory marketing, discuss a forthcoming solution to BGP hijacking, examine California's forthcoming IoT legislation, deal with the return of Cold Boot attacks, choose not to click on a link that promptly crashes any Safari OS, congratulate Twitter on adding some auditing, check in on the Mirai Botnet's steady evolution, look at the past year's explosion in DDoS number of size, note another new annoyance brought to us by Windows 10... Then we take a look at the state of the quietly evolving web browser extension ecosystem.

We invite you to read our show notes.

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 680: Exploits & Updates

Security Now (Audio)

This week we discuss Windows 7's additional three years of support life, MicroTik routers back in the news (and not in a good way), Google Chrome 69's new features, the hack of MEGA's cloud storage extension for Chrome, Week 3 of the Windows Task Scheduler 0-day, a new consequence of using '1234' as your password, Tesla makes their white hat hacking policies clear... just in time for a big new hack!, our PCs as the new malware battlefield, a dangerous OpenVPN feature is spotted, and Trend Micro, caught spying, gets kicked out of the MacOS store.

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:



SN 679: SonarSnoop

Security Now (Audio)

This week we cover the expected exploitation of the most recent Apache STRUTS vulnerability, a temporary interim patch for the Windows 0-day privilege elevation, an information disclosure vulnerability in all Android devices, Instagram's moves to tighten things up, another OpenSSH information disclosure problem, an unexpected outcome of the GDPR legislation and sky high fines, the return of the Misfortune Cookie, many thousands of Magneto commerce sites are being exploited, a fundamental design flaw in the TPM v2.0 spec, trouble with Mitre's CVE service, Mozilla's welcome plans to further control tracking, a gratuitous round of Win10 patches from Microsoft.... and then a working sonar system which tracks smartphone finger movements!

We invite you to read our show notes!

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:




Select a Feed

Boston Bruins News
Fred Langa at Information Week
Security Now
Deal Detective
Cheap Stingy Bargains
NY Times National Headlines
Boston Red Sox News
New Egg's Hottest Deals



Back To Top
© 1998 - 2018 psacake.com | My3C's

Version 7.2 | Advertise on this site