This week, Leo and Steve discuss the "CloudBleed" adventure, another project zero 90-day timer expires for Microsoft, this week's IoT head-shaker, a New York airport exposes critical server data for a year, another danger created by inline third party TLS-intercepting "middleboxes", more judicial thrashing over fingerprint warrants, Amazon says no to Echo data warrant, a fun drone-enabled proof on concept is widely misunderstood, another example of A/V attack surface expansion, some additional Crypto education pointers and miscellany... and what does Google's deliberate creation of two SHA-1-colliding files actually mean?

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.