• UK government appears to back down on demands to break encryption in Online Safety Bill
• Microsoft reveals how China-based hackers acquired secret key used to breach Outlook accounts
• Multiple flaws allowed key to improperly leave highly secure environment
• Mozilla research finds all major auto brands fail on privacy protection
• Evidence suggests LastPass encrypted vault data is being decrypted
• Researchers tie $35M in crypto thefts to compromised LastPass accounts
• Brute force feasible on old low iteration count passwords

Show Notes - https://www.grc.com/sn/SN-939-Notes.pdf

Hosts: Steve Gibson and Jason Howell

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.