Subscribe: Security Now!
http://leo.am/podcasts/sn
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
feedback page  feedback  grc  notes  question security  security submit  security  show  steve gibson  steve  submit question 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Security Now!

Security Now (Audio)



Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific /



Published: Tue, 16 Jan 2018 20:25:47 PST

Last Build Date: Tue, 16 Jan 2018 20:25:47 PST

Copyright: This work is licensed under a Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International - http://creativecommons.org/licenses/by-nc-nd/4.0/
 



SN 646: The InSpectreSN 646: The InSpectre

Tue, 16 Jan 2018 19:26:46 PST

(image)

This week we discuss more trouble with Intel's AMT, what does Skype's use of Signal really mean, the UK's data protection legislation gives researchers a bit of relief, the continuing winding down of HTTP, "progress" on the development of Meltdown attacks, Google successfully tackles the hardest-to-fix Spectre concern with a Return Trampoline, some closing the loop feedback with our terrific listeners, and the evolving landscape of Meltdown and Spectre, including Steve's just completed "InSpectre" test & explanation utility.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Steve Gibson explains his "Inspectre" utility for Meltdown and Spectre.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0646/sn0646.mp3




SN 645: The Speculation MeltdownSN 645: The Speculation Meltdown

Tue, 09 Jan 2018 18:14:46 PST

(image)

This week, before we focus upon the industry-wide catastrophe enabled by precisely timing the instructed execution of all contemporary high-performance processor architectures... we examine a change in Microsoft's policy regarding non-Microsoft A/V systems, Firefox Quantum's performance when tracking protections are enabled, the very worrisome hard-coding backdoors in ten of Western Digital's MyCloud drives, and if at first (WEP) and at second (WPA) and at third (WPA2) and at forth (WPS), you don't succeed... try, try, try, try, try yet again... with WPA3... another crucial cryptographic system being developed by a closed, members-only, committee.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Meltdown and Spectre Explained


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0645/sn0645.mp3




SN 644: NSA FingerprintsSN 644: NSA Fingerprints

Tue, 02 Jan 2018 17:36:34 PST

(image)

This week we discuss a new clever and disheartening abuse of our browser's handy-dandy username and password autofill, some recent and frantic scurrying around by many OS kernel developers, a just-released MacOS 0 day allowing full local system compromise, another massively popular router falls to the IoT botnets, even high-quality IoT devices have problems, the evolution of adblocking and countermeasures, an important update for Mozilla's Thunderbird, a bit of miscellany, listener feedback, and an update on the NSA's possible intervention into secure encryption standards.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Betrayed by Our Browser's AutoFill.


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0644/sn0644.mp3




SN 643: The Story of BitcoinSN 643: The Story of Bitcoin

Tue, 26 Dec 2017 10:00:00 PST

(image)

In this special rebroadcast of Security Now from February 9, 2011, Steve Gibson explains, in detail, exactly how Bitcoin works.

Hosts: Steve Gibson and Leo Laporte

Guest: Tom Merritt

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsor:

How Bitcoin works


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0643/sn0643.mp3




SN 642: BGPSN 642: BGP

Tue, 19 Dec 2017 18:47:35 PST

(image)

This week we examine how Estonia handled the Infineon crypto bug, two additional consequences of the pressure to maliciously mine cryptocurrency, 0-day exploits in the popular vBulletin forum system, Mozilla in the doghouse over Mr. Robot, Win10's insecure password manager mistake, when legacy protocol comes back to bite us, hole to bulk-steal any Chrome user's entire stored password vault... and we finally know where and why the uber-potent Mirai botnet was created, and by whom. We also have a bit of errata and some fun miscellany.. then we're going to take a look at BGP, another creaky yet crucial -- and vulnerable -- protocol that glues the global Internet together.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Border Gateway Protocol Security


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0642/sn0642.mp3




SN 641: The iOS Security Trade-offSN 641: The iOS Security Trade-off

Tue, 12 Dec 2017 18:14:51 PST

(image)

This week we discuss the details behind the "USB / JTAG takeover" of Intel's Management Engine, a rare Project Zero discovery, Microsoft's well-meaning but ill-tested IoT security project, troubles with EV certs, various Cryptocurrency woes, a clever DNS spoofing detection system, a terrific guide to setting up the EdgeRouterX for network segmentation, last week's emergency out-of-cycle patch from Microsoft, a mitigated vulnerability in Apple's Homekit, Valve's ending of Bitcoin for Steam purchases, finally some REALLY GOOD news in the elusive quest for encrypted eMail, a bit of miscellany, some closing the loop feedback with our listeners, and a look at the security sacrifice Apple made in the name of convenience... and what it means.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

iOS Jailbreak, Cryptocurrency Woes


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0641/sn0641.mp3




SN 640: More News & FeedbackSN 640: More News & Feedback

Tue, 05 Dec 2017 18:33:55 PST

(image)

This week we discuss the long-awaited end of StartCom & StartSSL, inside last week's macOS passwordless root account access and problems with Apple's patches, the question of Apple allowing 3D facial data access to apps, Facebook's new and controversial use of camera images, in-the-wild exploitation of one of last month's patched Windows vulnerabilities, an annoying evolution in browser-based cryptocurrency mining, exploitation of Unicode in email headers, Google's advancing protection for Android users, a terrific list of authentication dongle-supporting sites and services, Mirai finds another 100,000 exposed ZyXEL routers, Google moves to reduce system crashes, a bit of miscellany including another security-related Humble Bundle offering and some closing the loop feedback from our terrific listeners.

We invite you to read the show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Apple Snafu, FB Wants Your Pix


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0640/sn0640.mp3




SN 639: News & FeedbackSN 639: News & Feedback

Tue, 28 Nov 2017 17:11:28 PST

(image)

This week we discuss a new bad bug found in the majority of SMTP mailing agents, 54 high-end HP printers found to be remotely exploitable, more than 3/4ths of 433,000 websites are using vulnerable JavaScript libraries, horrible free security software, some additional welcome Firefox news, a bit of errata, some fun miscellany, and a BUNCH of feedback from our listeners including reactions to last week's Quad 9 recommendation.

We invite you to read the show notes.

Hosts: Steve Gibson and Fr. Robert Ballecer, SJ

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Hide Your Mac!


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0639/sn0639.mp3




SN 638: Quad NineSN 638: Quad Nine

Tue, 21 Nov 2017 18:15:51 PST

(image)

This week we discuss Windows having a birthday, Net Neutrality about to succumb to big business despite a valiant battle, Intel's response to the horrifying JTAG over USB discovery, another surprising AWS public bucket discovery, Android phones caught sending position data when all permissions are denied, many websites found to be watching their visitors' actions, more Infineon ID card upset, the return of BlueBorne, a new arrival to our "Well... THAT didn't take long" department, speedy news for Firefox 57, some miscellany, listener feedback, and a look at the very appealing and speedy new "Quad9" alternative DNS service.

We invite you to read the show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Quad 9 is the New DNS Hotness


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0638/sn0638.mp3




SN 637: Schneier on EquifaxSN 637: Schneier on Equifax

Tue, 14 Nov 2017 15:14:58 PST

(image)

This week we discuss why Steve won't be relying upon Face ID for security, a clever new hack of longstanding NTFS and Windows behavior, the Vault8 WikiLeaks news, the predictable resurgence of the consumer device encryption battle, a new and clever data ex-filtration technique, new anti-Malware features coming to Chrome, an unbelievable discovery about access to the IME in Skylake and subsequent Intel chipsets, a look at who's doing the unauthorized cryptomining, WebAssembly is ready for prime time, a bit of miscellany, some closing the loop feedback with our listeners... and then we share Bruce Schneier's congressional testimony about the Equifax breach.

We invite you to read the show notes

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Mr. Schneier Goes to Washington


Media Files:
http://www.podtrac.com/pts/redirect.mp3/cdn.twit.tv/audio/sn/sn0637/sn0637.mp3