Security Now!

SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

Dodany: 21 lutego 2024

Wyze breach
Microsoft patch Tuesday fixes 15 remote code execution flaws
Why are there password restrictions?
The Canadian Flipper Zero Ban
Security on the old internet
Using Old Passwords...

SN 961: Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

Dodany: 14 lutego 2024

Toothbrush Botnet
"There are too many damn Honeypots!"
Remotely accessing your home network securely
Going passwordless as an ecommerce site
Facebook "old password" reminders
Browsers on iOS...

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

Dodany: 7 lutego 2024

CISA's "Secure by Design" Initiative
The GNU C Library Flaw
Fastly CDN switches from OpenSSL to BoringSSL
Roskomnadzor asserts itself
Google updates Android's Password Manager
Firefox gets...

SN 959: Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

Dodany: 31 stycznia 2024

iOS to allow native Chromium and Firefox engines.
An OS immune to ransomware?
HP back in the doghouse over "anti-virus" printer bricking
The mother of all breaches
New "Thou shall not delete...

SN 958: A Week of News and Listener Views - HSS Breach, CISA's Policing Results

Dodany: 24 stycznia 2024

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
US Health and Human Services Breached
Firefox vs "The Competition"
Brave reduces its anti-fingerprinting...

SN 957: The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles

Dodany: 17 stycznia 2024

What would an IoT device look like that HAD been taken over?
And speaking of DDoS attacks
Trouble in the Quantum Crypto world
The Browser Monoculture
Question about the Apple backdoor
Getting...

SN 956: The Inside Tracks - 23andME Mess, Ukraine Telecom Hack, LastPass

Dodany: 10 stycznia 2024

More on Apple's hardware backdoor
Russian Hacking of Ukranian cameras
Russian hackers were inside Ukraine telecoms giant for months
Things are still a mess at 23andMe
CoinsPaid was the victim...

SN 955: The Mystery of CVE-2023-38606 - SpinRite Update, Nebula Mesh, Apple's Backdoor

Dodany: 3 stycznia 2024

SpinRite 6.1 update
Pruning Root Certificates
A solution to Schrodinger's Bowl
DNS Benchmark and anti-virus tools
Nebula Mesh
SpinRite 7 is coming
The Mystery of CVE-2023-38606
Show Notes -...

SN 954: Best of 2023 - Security Now's Best Moments of 2023

Dodany: 26 grudnia 2023

Leo looks back at the year's top security stories of 2023.
Steve's Next Password Manager After the LastPass Hack
CHESS is Safe
Here Come the Fake AI-generated "News" Sites
How Bad Guys Use...

SN 953: Active Listening - KOSA, Cloudflare's Numbers, SpinRite Update

Dodany: 20 grudnia 2023

Child protection legislation in the US
Meta pushes back on the $200 billion FTC fine for COPPA violation
Age verification on the internet
Google moving from 3rd party cookies to topics
A look...

SN 952: Quantum Computing Breakthrough - The Clear/Deep/Dark Web, Quad 9 victory, Telegram Flaw

Dodany: 13 grudnia 2023

The government collection of push notification metadata
Facebook Messenger sets end to end encryption as the default
Iran's Cyber Av3ngers
Cisco's Talos Top 10 cyber security exploits this year...

SN 951: Revisiting Browser Trust - ICANN RDRS, Beeper Mini, TikTok ban, .meme TLD

Dodany: 6 grudnia 2023

How masked domain owners can be unmasked through ICANN's new Registration Data Request Service (RDRS)
WhatsApp's addition of Secret Code for extra privacy protection in Chat Lock
Iranian hackers...

SN 950: Leo Turns 67 - Fingerprint Security, Do-Not-Track

Dodany: 29 listopada 2023

Adobe Flash Player Updater is (still) desperately trying to update
Veracrypt password security
Firefox moves to 120 with a bunch of very nice new features
Do-Not-Track is back on track...

SN 949: Ethernet Turned 50 - Signal funding, X (Twitter) ad fallout, RCS for iPhone, TETRA review

Dodany: 22 listopada 2023

Privacy and Funding Challenges Facing Signal Messaging App
Loss of Advertisers for Twitter After Controversial Tweet by Elon Musk
Ransomware Group Files SEC Complaint Against Breached Company...

SN 948: What if a Bit Flipped? - Privacy Badger, Downfall, OpenVPN, Windshield Barnacle, Article 45

Dodany: 15 listopada 2023

Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry...

SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

Dodany: 8 listopada 2023

Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key
A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to...

SN 946: CitrixBleed - iMessage Cotact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

Dodany: 1 listopada 2023

What caused last week's connection interruption? Router was rebooting intermittently, but why?
David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow...

SN 945: The Power of Privilege - New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

Dodany: 25 października 2023

How fake drives continue to be sold on Amazon despite negative reviews
Microsoft is discontinuing support for the VBScript language
The 30-year old NTLM authentication protocol will eventually be...

SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

Dodany: 18 października 2023

ValiDrive release follow-up
Passkeys exportability and phishing risk
Passkeys for device verification like SSH keys
Possibility of hobby browsers vs. production browsers
Availability of...

SN 943: The Top 10 Cybersecurity Misconfigurations - MACE Act Passed, Brave Layoffs, 23andMe Breached

Dodany: 11 października 2023

Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities.
23andMe claims a recent data breach exposed customer info due to credential stuffing attacks....