Security Now (MP3)

Security Now (MP3)

twit.tv/shows/security-now
Steve Gibson discusses the hot topics in security today with Leo Laporte.
693: Internal Bug Discovery
Dec 11 • 135 min
Australia’s recently passed anti-encryption legislationDetails of a couple more mega-breaches including a bit of Marriott follow-upA welcome call for legislation from MicrosoftA new twist on online advertising click fraudThe DHS is interested in…
692: GPU RAM Image Leakage
Dec 5 • 143 min
Another Lenovo SuperFish-style local security certificate screw upThe Marriott breach and several other new, large and high-profile secure breach incidentsThe inevitable evolution of exploitation of publicly exposed UPnP router servicesThe emergence of…
691: ECCploit
Nov 27 • 114 min
Yesterday, the US Supreme Court heard Apple’s argument about why a class action lawsuit against their monopoly App Store should not be allowed to proceed. How could this affect iOS security?Google and Mozilla are looking to remove support for FTP from…
690: Are Passwords Immortal?
Nov 20 • 148 min
All the action at last week’s Pwn2Own Mobile hacking contestThe final word on processor mis-design in the Meltdown/Spectre eraA workable solution for unsupported Intel firmware upgrades for hostile environmentsA forthcoming Firefox breach alert featureThe…
689: Self-Decrypting Drives
Nov 13 • 152 min
Last month’s Patch Tuesday, this monthA GDPR-inspired lawsuit filed by Privacy InternationalCheck these two router ports to protect against a new botnet that’s making the roundsAnother irresponsibly disclosed zero-day, this time in Virtual BoxCloudFlare’s…
688: PortSmash
Nov 6 • 126 min
A close look at the impact and implication of the new “PortSmash” attack against Intel (and almost certainly other) processors. The new “BleedingBit” Bluetooth flaws JavaScript is no longer optional with Google A new Microsoft Edge browser 0-dayWindows…
687: Securing the Vending Machine
Oct 30 • 129 min
More Zero-day exploits in Windows 10, publicly exposed Docker Engine APIs, Google’s plan to fix Android, the DoD is expanding its existing “Hack the Pentagon” bug-bounty program to include hardware assets, the going rate for DDoS-for-Hire, and Steve has…
686: Libssh’s Big Whoopsie!
Oct 23 • 131 min
This week a widely used embedded OS (FreeRTOS) is in the doghouse, as are at least eight D-Link routers which have serious problems most of which D-Link has stated will never be patched. We look at five new problems in Drupal 7 and 8, two of which are…
685: Good Samaritans?
Oct 16 • 136 min
This week we observe the untimely death of Microsoft’s co-founder Paul Allen, revisit the controversial Bloomberg China supply chain hacking report, catch up on Microsoft’s October patching fiasco, follow-up on Facebook’s privacy breach, look at the end…
684: The Supply Chain
Oct 9 • 128 min
An October Surprise of a different sort - Windows 10 update deletes users’ filesA security researcher has massively weaponzied the existing MicroTik vulnerability and released it as a proof-of-conceptA clever voicemail WhatsApp OTP bypassWhat happened…