SN 1036: Inside the SharePoint 0-day - Is Our Data Safe Anywhere?
Brave randomizes its fingerprints.
The next Brave will block Microsoft Recall by default.
Clorox sues its IT provider for $380 million in damages.
6-month Win10 ESU offers are beginning to appear.
Warfare has significantly become cyber.
Allianz Life loses control of 125 million customers' data.
The CIA's Acquisition Research Center website was hacked.
The Pentagon says the SharePoint RCE didn't get them.
A look at a DPRK "laptop farm" to impersonate Americans.
FIDO's passkey was NOT bypassed by a MITM after all.
Is our data safe anywhere?
The UK is trying to back-pedal out of the Apple ADP mess.
Meanwhile, the EU resumes its push for "Chat Control".
Microsoft fumbled the patch of a powerful Pwn2Own exploit
Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
canary.tools/twit - use code: TWIT
threatlocker.com for Security Now
bitwarden.com/twit
uscloud.com
--------
2:58:21
--------
2:58:21
SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections
Bypassing all passkey protections.
The ransomware attacks just keep on coming.
Cloudflare capitulates to the MPA and starts blocking.
The need for online age verification is exploding.
Microsoft really wants Exchange Servers to subscribe.
Russia (further) clamps down on Internet usage.
The global trend toward more Internet restrictions.
China can inspect locked Android phones. Use a burner.
Web shells are the new buffer overflow.
An age verification protocol sketch.
What Cloudflare did to create an outage of 1.1.1.1
Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
zscaler.com/security
1password.com/securitynow
go.acronis.com/twit
--------
2:48:02
--------
2:48:02
SN 1034: Introduction to Zero-Knowledge Proofs - Taking Down Quantum Factorization
A glorious takedown of quantum factorization.
Notepad++ signs its own code signing certificate.
Dennis Taylor has Bobiverse Book 6 on his lap.
Crypto/ATM machines flat out outlawed.
Signal vs WhatsApp: Encryption in flight and at rest.
A close look at browser fingerprinting metrics.
Rewriting interpreters in memory-safe languages.
An introduction to zero-knowledge proofs
Show Notes - https://www.grc.com/sn/SN-1034-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
bitwarden.com/twit
joindeleteme.com/twit promo code TWIT
bigid.com/securitynow
threatlocker.com for Security Now
uscloud.com
--------
2:55:37
--------
2:55:37
SN 1032: Pervasive Web Fingerprinting - How Websites Tracks You Despite Cookie Blocks
• Let's Encrypt drops its long-running email notifications.
• Microsoft's new "Unexpected Restart Experience".
• Microsoft's response to last year's massive CrowdStrike outage.
• Windows 10's extended service updates will sort of be free.
• Russia-sold iPhones MUST include the RuStore app.
• Lyon, in France, says bye-bye to Windows. Hello to Linux.
• The US Gov gets more serious about memory-safe languages.
• A new unbelievable AI malware scanner evaSion technique.
• A new pair of Cisco 9.8 and 10.0 vulnerabilities.
• The current state of post-Elon government cybersecurity.
• PNGv3, Swift on Android, and the Samsung email purge.
• Andy Weir's "Hail Mary" movie trailer.
• And a close look at the pervasiveness of web browser tracking fingerprinting.
Show Notes - https://www.grc.com/sn/sn-1032-notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
go.acronis.com/twit
bitwarden.com/twit
threatlocker.com/twit
joindeleteme.com/twit promo code TWIT
--------
2:57:52
--------
2:57:52
SN 1031: How Salt Typhoon Gets In - What "AI" Really Means
China's Salt Typhoon claims another victim (or two).
State healthcare portals are tracking and leaking. No kidding.
Apple adopts FIDO's Passkeys and other credentials transport.
Facebook gets Passkey logon.
TikTok continues ticking for at least another 90 days.
Canadian telco admits they were infiltrated by Salt Typhoon.
Microsoft to remove unwanted (and hopefully unneeded) hardware drivers.
The Austrian government legislates court-warranted message decryption.
I (Steve) finally get full clarity on what today's "AI" means.
A deep dive into the Salt Typhoon's operation and how they got in
Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
1password.com/securitynow
hoxhunt.com/securitynow
outsystems.com/twit
bigid.com/securitynow
zscaler.com/security
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Polska