Subscribe: Security Now!
http://leo.am/podcasts/sn
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
feedback page  grc  notes  security grc  security submit  security  show  shows security  steve gibson  steve  submit question 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Security Now!

Security Now (MP3)



Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific /



Published: Tue, 14 Nov 2017 20:50:50 PST

Last Build Date: Tue, 14 Nov 2017 20:50:50 PST

Copyright: This work is licensed under a Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International - http://creativecommons.org/licenses/by-nc-nd/4.0/
 



SN 637: Schneier on EquifaxSN 637: Schneier on Equifax

Tue, 14 Nov 2017 15:14:58 PST

(image)

This week we discuss why Steve won't be relying upon Face ID for security, a clever new hack of longstanding NTFS and Windows behavior, the Vault8 WikiLeaks news, the predictable resurgence of the consumer device encryption battle, a new and clever data ex-filtration technique, new anti-Malware features coming to Chrome, an unbelievable discovery about access to the IME in Skylake and subsequent Intel chipsets, a look at who's doing the unauthorized cryptomining, WebAssembly is ready for prime time, a bit of miscellany, some closing the loop feedback with our listeners... and then we share Bruce Schneier's congressional testimony about the Equifax breach.

We invite you to read the show notes

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Mr. Schneier Goes to Washington


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0637/sn0637.mp3




SN 636: ROCA PainSN 636: ROCA Pain

Tue, 07 Nov 2017 18:22:32 PST

(image)

This week we discuss the inevitable dilution in the value of code signing, a new worrisome cross-site privacy leakage, is Unix embedded in all our motherboards? The ongoing application spoofing problem, a critical IP address leakage vulnerability in TOR and the pending major v3 upgrade to TOR, a Signal app for ALL our desktops, an embarrassing and revealing glitch in Google Docs, bad behavior by an audio driver installer, a pending RFC for IoT updating, two reactions to Win10 Controlled Folder Access, a bit of miscellany, some closing the loop with our listeners, and, three weeks after the initial ROCA disclosure I'm reminded of two lines from the movie "Serenity": Assassin:"It's worse than you know." Mal:"It usually is."

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

ROCA Crypto Key Flaw Even Worse


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0636/sn0636.mp3




SN 635: Reaper ReduxSN 635: Reaper Redux

Tue, 31 Oct 2017 16:57:37 PST

(image)

This week we examine the source of WannaCry, a new privacy feature for Firefox, Google's planned removal of HPKP, the idea of visual objects as a second factor, an iOS camera privacy concern, the CAPTCHA wars, a horrifying glimpse into a non-Net Neutrality world, the CoinHive DNS hijack, the new Bad Rabbit crypto malware, a Win10 anti-crypto malware security tip, spying vacuum cleaners, a new Amazon service, some loopback Q&A with our listeners and another look at the Reaper botnet.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

An update on the Reaper botnet.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0635/sn0635.mp3




SN 634: IoT Flash BotnetsSN 634: IoT Flash Botnets

Tue, 24 Oct 2017 17:33:31 PST

(image)

This week we discuss some ROCA fallout specifics, an example of PRNG misuse, the Kaspersky Lab controversy, a DNS security initiative for Android, another compromised download occurrence, a browser-based cryptocurrency miner for us to play with... and Google considering blocking them natively, other new protections coming to Chrome, an update on Marcus Hutchins, Microsoft's "TruePlay" being added to the Win10 fall creators update, some interesting "Loopback" from our terrific listeners... and then we take a closer look at the rapidly growing threat of IoT-based "Flash Botnets."

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

The Next Big IoT Botnet.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0634/sn0634.mp3




SN 633: KRACKing WiFiSN 633: KRACKing WiFi

Tue, 17 Oct 2017 17:01:11 PST

(image)

This week, we examine ROCA's easily factorable public keys, the surprising prevalence of web-based cryptocurrency mining, some interesting work in iOS password dialog spoofing, Google's Advanced Protection Program, some good "Loopback" comments from our listeners... and then we take a close look at KRACK - the Key Reinstallation AttaCK against ALL unpatched WiFi systems.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

KRACK and ROCA.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0633/sn0633.mp3




SN 632: The DNSSEC ChallengeSN 632: The DNSSEC Challenge

Tue, 10 Oct 2017 17:58:57 PST

(image)

This week we take a look at a well-handled breach-response at Disqus, a rather horrifying mistake Apple made in the implementation of their APFS encryption (and the difficulty to the user of fully cleaning up after it), the famous "robots.txt" file gets a brilliant new companion, somewhat shocking news about Windows XP... or is it? Firefox EOL for Windows XP support coming next summer, the sage security thought for the day, an update on "The Orville", some closing the loop comments, including a recommendation of the best Security Now series we did in the past... and finally, a look at the challenge of DNSSEC.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Domain Name System SECurity Extensions


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0632/sn0632.mp3




SN 631: Private Contact DiscoverySN 631: Private Contact Discovery

Tue, 03 Oct 2017 19:03:25 PST

(image)

This week we discuss some aspects of iOS v11, the emergence of browser hijack cryptocurrency mining, new information about the Equifax hack, Google security research and Gmail improvements, breaking DKIM without breaking it, concerns over many servers in small routers and aging unpatched motherboard EFI firmware, a new privacy leakage bug in IE, a bit of miscellany, some long-awaited closing the loop feedback from our listeners, and a close look at a beautiful piece of work by Moxie & Co on Signal.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Moxie Marlinspike and Signal


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0631/sn0631.mp3




SN 630: The Great DOM Fuzz-OffSN 630: The Great DOM Fuzz-Off

Tue, 26 Sep 2017 13:57:31 PST

(image)

This week, Father Robert and Steve follow more Equifax breach fallout, look at encryption standards blowback from the Edward Snowden revelations, examine more worrisome news of the CCleaner breach, see that ISPs may be deliberately infecting their own customers, warn that turning off iOS radios doesn't, look at the first news of the FTC's suit against D-Link's poor security, examine a forthcoming Broadcom GPS chip features, warn of the hidden dangers of high-density barcodes, discuss Adobe's disclosure of their own private key, close the loop with our listeners, and examine the results of DOM fuzzing at Google's Project Zero.

We invite you to read our show notes.

Hosts: Fr. Robert Ballecer, SJ and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Did China Attack Equifax? CCleaner breach, DOM fuzzing at Google's Project Zero.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0630/sn0630.mp3




SN 629: Apple Bakes CookiesSN 629: Apple Bakes Cookies

Tue, 19 Sep 2017 15:57:23 PST

(image)

This week Padre and Steve discuss what was up with Security Now's recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on forthcoming browser encrypted media extensions (EME), an emerging browser-based payment standard, when 2-factor is not 2-factor, the CCleaner breach and what it means, a new Bluetooth-based attack, an incredibly welcome and brilliant cookie privacy feature in iOS 11, and a heads-up caution about the volatility of Google's Android smartphone cloud backups.

We invite you to read our show notes.

Hosts: Steve Gibson and Fr. Robert Ballecer, SJ

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Equifax, EFF vs WC3, CCleaner.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0629/sn0629.mp3




SN 628: Equifax FiascoSN 628: Equifax Fiasco

Tue, 12 Sep 2017 20:09:17 PST

(image)

This week we discuss last Friday's passing of our dear friend and colleague Jerry Pournelle, when AI is turned to evil purpose, whether and when Google's Chrome browser will warn of man in the middle attacks, why Google is apparently attempting to patent pieces of a compression technology they did not invent, another horrifying router vulnerability disclosure -- including ten 0-day vulnerabilities, an update on the sunsetting of Symantec's CA business unit, another worrying failure at Comodo, a few quick bits, an update on my one commercial product SpinRite, answering a closing the loop question from a listener, and a look at the Equifax fiasco.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Biggest. Security Leak. Ever.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0628/sn0628.mp3