Steve Gibson and Leo Laporte discuss Microsoft's clarification about AI training data usage, a fascinating breakthrough in understanding autonomous vehicle vulnerabilities, and an urgent call for help from the Tor Network. The show culminates in an in-depth exploration of NASA's incredible Voyager ...
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swa...
How Microsoft lured the US Government into a far deeper and expensive dependency upon its cybersecurity solutions. Gmail to offer native throwaway email aliases like Apple and Mozilla. Russia to ban several additional hosting companies and give its big Internet disconnect switch another test. Russi...
Bitwarden reaffirms it's commitment to open source. The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South...
Google's record-breaking fine by Russia. (How many 0's is that?) RT's editor-in-chief admits that their TV hosts are AI-generated. Windows 10 security updates set to end next October... or are they? When a good Chrome extension goes bad. Windows .RDP launch config files. What could possibly go wron...
Apple proposes 45-day maximum certificate life. SEC fines four companies for downplaying their SolarWinds attack severity. Google adds 5 new features to Messenger including inappropriate content. Does AI-driven local device-side filtering resolve the encryption dilemma forever? The very nice lookin...
Did Chinese researchers really break RSA encryption? What did they do? What next-level terror extortion is being powered by the NPD breach data? The EU to hold software companies liable for software security? Microsoft lost weeks of security logs. How hard did the try to fix the problem? The Chines...
uBlock Origin to the rescue National Public Data files for bankruptcy Will the .IO top level domain be disappearing? Patch Tuesday Firefox under attack Miscellany Sci-Fi The Sequence uBlock Origin Eero Routers Pep Link Router BIMI (up Scotty) Show Notes - https://www.grc.com/sn/SN-996-Notes.pdf Hos...
Facebook's parent Meta not hashing passwords A New, forthcoming PayPal default opts their users into merchant data sharing DDoS breaks another record Speaking of these ASUS routers Do you know who you're hiring? Vitamin D The CUPS vulnerablility Routers for normal people uBlock Origin & Manifes...
The Linux remote code execution flaw The CRUCIAL importance of Domain Control Security Roskomnadzor strikes a discordant note VLC gets a security update Tor and Tails Merge Telegram changes its long-standing "zero cooperation" policy Enshittification Bobiverse book 5 Windows 10 notifications Experi...
The case of the exploding pagers and walkie-talkies "Ford seeks patent for tech that listens to driver conversations to serve ads" Another large chunk of personal data exposed Passkeys takes a big step forward: Now supported by Chrome A nascent 9.9 Linux Unauthenticated RCE? Freezing Credit Credit ...
Windows Endpoint Security Ecosystem Summit Aging storage media does NOT last forever How Navy chiefs conspired to get themselves illegal warship Wi-Fi adam:ONE named the #1 best Secure Access Service Edge (SASE) solution AI Talk Password Manager Injection Attacks Show Notes - https://www.grc.com/sn...
Offer to uninstall Recall was a bug, not a feature YubiKeys can be cloned Miscellany Is WhatsApp secure? Telegram vs Signal French elevators Freezing your credit The Quiet Canine Unix time Bobiverse book 5 Exodus: The Achemedes Engine Watching SpinRite RAMBO Show Notes - https://www.grc.com/sn/SN-9...
Telegram puts End-to-End Privacy in the Crosshairs Free security logging is good for everyone CrowdStrike hemorrhaging customers Microsoft to meet privately with EDR (Endpoint Detection & Response) vendors Yelp's Unhappy with Google Telegram as the hotbed for DDoSass – DDoS as a Service Chrome ...
CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: S...
Revocation Update GRC's next experiment Patch Tuesday "The Famous Computer Café" IsBootSecure GRC Email Working through WiFi Firewalls Transferring DNS OCSP attestation vs. TLS expiration Platform key expiration National Public Data Show Notes - https://www.grc.com/sn/SN-988-Notes.pdf Hosts: Steve ...
Sitting Ducks DNS attack A Bad RCE in another Microsoft server SinkClose The CLFS.SYS BSoD IsBootSecure Rethinking Revocation Show Notes - https://www.grc.com/sn/SN-987-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now . Get episo...
Platform Key Disclosure Firefox's 3rd-party Cookie mess The W3C Finally Weighs-in CrowdStrike Damages. GRC's Email How Revoking! Show Notes - https://www.grc.com/sn/SN-986-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now . Get ep...
Crowdstrike post-mortem PiDP-11 What Crowdstrike is fixing Marcus Hutchins on who is to blame Entrust's Updated Info 3rd-Party Cookie Surprise Security training firm mistakenly hires a North Korean attacker Google and 3rd party cookies Google's influence The auto industry and data brokers DNS Bench...
Cellebrite unlocks Trump's would-be assassin's phone. Cisco reported on a CVSS of 10.0 Entrust drops the other shoe Google gives up on removing 3rd-party cookies Miscellany Snowflake and data warehouse applications CDK auto dealership outage Polyfill.io and resource hashes MITM Blocking Copilot Blo...