Security Now!

SN 1008: HOTP and TOTP - SyncThing, Auto-Updates, Sci-Fi Recs

Hinzugefügt: 15. Januar 2025

Meta winds down 3rd-party content filtering. Is encryption soon to follow?
Taking over abandoned Command & Control server domains (strictly for research purposes only).
IoT devices to get the...

SN 1007: AI Training & Inference - Unencrypted Email, Doom Captcha

Hinzugefügt: 8. Januar 2025

The consequences of Internet content restriction.
The measured risks of 3rd-party browser extensions.
The consequences of SonicWall's unpatched 9.8 firewall severity.
The incredible number of...

SN 1006: Best of 2024 - Apple's Secret Backdoor, CrowdStrike Catastrophe, Recall's Privacy Nightmare

Hinzugefügt: 23. Dezember 2024

Leo revisits some of the year's top Security Now segments of 2024.
956. Apple's Hardware Backdoor: Steve reflects on the previous week's 'The Mystery of CVE-2023-38606' deep-dive. Did Apple...

SN 1005: 6-Day Certificates? Why? - Android Anti-Tracking, MFA lLogin Bypass, BIMI

Hinzugefügt: 18. Dezember 2024

Is AI the Wizard of Oz? Or is it more?
Microsoft's long standing effective MFA login bypass.
Is TPM 2.0 not required after all for Windows 11?
Meet 14 North Korean IT workers who made $88...

SN 1004: A Chat with GPT - China's Telecom Hack, Microsoft Activation Cracked, Coding with ChatGPT 4o

Hinzugefügt: 11. Dezember 2024

This week, Steve and Leo discuss the recent 'Salt Typhoon' hack of U.S. telecom providers by China, TPM 2.0 requirement for Windows 11, Microsoft's newly hacked Windows activation system, Apple...

SN 1003: A Light-Day Away - Digital Epileptic Seizures, Tor Needs You, Zello Password Panic, Wireguard's Open Port Debate

Hinzugefügt: 4. Dezember 2024

Steve Gibson and Leo Laporte discuss Microsoft's clarification about AI training data usage, a fascinating breakthrough in understanding autonomous vehicle vulnerabilities, and an urgent call for...

SN 1002: Disconnected Experiences - 'Nearest Neighbor' Attack, Repo Swatting, the Return of Recall

Hinzugefügt: 27. November 2024

What's the new "nearest neighbor" attack and how do you defend against it?
Let's Encrypt just turned 10. What changes has it wrought?
Now the Coast Guard is worried about Chinese built...

SN 1001: Artificial General Intelligence (AGI) - Gmail Temp Addresses, Russia's Internet Off Switch

Hinzugefügt: 20. November 2024

How Microsoft lured the US Government into a far deeper and expensive dependency upon its cybersecurity solutions.
Gmail to offer native throwaway email aliases like Apple and Mozilla.
Russia to...

SN 1001: Artificial General Intelligence (AGI) - Gmail Temp Addresses, Russia's Internet Off Switch

Hinzugefügt: 20. November 2024

How Microsoft lured the US Government into a far deeper and expensive dependency upon its cybersecurity solutions.
Gmail to offer native throwaway email aliases like Apple and Mozilla.
Russia to...

SN 1000: One Thousand - Windows Server 2025, Malicious Python Typos

Hinzugefügt: 13. November 2024

Did Bitwarden go closed-source?
The rights of German security researchers are clarified.
Australia to impose age limits on social media.
Free Windows Server 2025 anyone?
UAC wasn't getting in...

SN 999: AI Vulnerability Discovery - RT's AI TV Hosts, Windows 10 Updates

Hinzugefügt: 6. November 2024

Google's record-breaking fine by Russia. (How many 0's is that?)
RT's editor-in-chief admits that their TV hosts are AI-generated.
Windows 10 security updates set to end next October... or are...

SN 998: The Endless Journey to IPv6 - AI-Driven Encryption, Session Messenger, IPv6

Hinzugefügt: 30. Oktober 2024

Apple proposes 45-day maximum certificate life.
SEC fines four companies for downplaying their SolarWinds attack severity.
Google adds 5 new features to Messenger including inappropriate content....

SN 997: Credential Exchange Protocol - DJI Sues DoD, Quantum Vs. RSA, Lost MS Logs

Hinzugefügt: 23. Oktober 2024

Did Chinese researchers really break RSA encryption? What did they do?
What next-level terror extortion is being powered by the NPD breach data?
The EU to hold software companies liable for...

SN 996: BIMI (up Scotty) - NPD Goes Broke, Firefox Under Attack, .io

Hinzugefügt: 16. Oktober 2024

uBlock Origin to the rescue
National Public Data files for bankruptcy
Will the .IO top level domain be disappearing?
Patch Tuesday
Firefox under attack
Miscellany
Sci-Fi
The Sequence
uBlock...

SN 995: uBlock Origin & Manifest V3 - DDoS Record, N. Korean Workers, Vitamin D

Hinzugefügt: 9. Oktober 2024

Facebook's parent Meta not hashing passwords
A New, forthcoming PayPal default opts their users into merchant data sharing
DDoS breaks another record
Speaking of these ASUS routers
Do you know...

SN 994: Recall's Re-Rollout - Domain Security, Tor + Tails, VLC Update

Hinzugefügt: 2. Oktober 2024

The Linux remote code execution flaw
The CRUCIAL importance of Domain Control Security
Roskomnadzor strikes a discordant note
VLC gets a security update
Tor and Tails Merge
Telegram changes...

SN 993: Kaspersky exits the U.S. - Exploding Pagers, Passkeys in Chrome

Hinzugefügt: 25. September 2024

The case of the exploding pagers and walkie-talkies
"Ford seeks patent for tech that listens to driver conversations to serve ads"
Another large chunk of personal data exposed
Passkeys takes a...

SN 992: Password Manager Injection Attacks - Aging Media, Naval Starlink, adam:ONE

Hinzugefügt: 18. September 2024

Windows Endpoint Security Ecosystem Summit
Aging storage media does NOT last forever
How Navy chiefs conspired to get themselves illegal warship Wi-Fi
adam:ONE named the #1 best Secure Access...

SN 991: RAMBO - Cloned YubiKeys, Telegram vs. Signal, French Elevators, Unix Time

Hinzugefügt: 11. September 2024

Offer to uninstall Recall was a bug, not a feature
YubiKeys can be cloned
Miscellany
Is WhatsApp secure?
Telegram vs Signal
French elevators
Freezing your credit
The Quiet Canine
Unix time...

SN 990: Is Telegram an Encrypted App? - CrowdStrike Exodus, DDoS-as-a-Service, 'Active Listening' Ad Tech?

Hinzugefügt: 4. September 2024

Telegram puts End-to-End Privacy in the Crosshairs
Free security logging is good for everyone
CrowdStrike hemorrhaging customers
Microsoft to meet privately with EDR (Endpoint Detection &...