Security Now (Audio)

• Picture of the Week
• "Hack the Pentagon" with Log4j
• Open Source Software Security Summit
• Microsoft's January Patch Tuesday Review: The GOOD News
• Microsoft's January Patch Tuesday Review: The Not So Good News
• Check Your Router Firmware Updates
• Chrome to Implement PNA
• Three High Severity Flaws in WordPress Add-ons
• Closing the Loop: Listener feedback
• SpinRite
• Anatomy of a Log4j Exploit

We invite you to read our show notes at https://www.grc.com/sn/SN-854-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• newrelic.com/securitynow
• canary.tools/twit - use code: TWIT
• kolide.com/twit

• Picture of the Week.
• The US CISA Log4J status update.
• The H2 Database Console vulnerability.
• The Federal Trade Commission gets into the act!
• Chrome fixed 37 known problems last week.
• The Privacy-first Brave browser.
• WordPress 5.8.3 security update.
• What, exactly, is a "Pluton"?
• The first of Dennis Taylor's three Bobiverse novels.
• SpinRite.
• URL Parsing Vulnerabilities.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• go.acronis.com/twit-1
• barracuda.com/securitynow
• expressvpn.com/securitynow

• Picture of the Week.
• Log4j's 5th update.
• Microsoft's Log4j scanner triggers false positives.
• Chinese government is annoyed with Alibaba.
• "Hack the DHS" Bug Bounty Expanded.
• COVID postpones the RSA Conference.
• DuckDuckGo continues to grow.
• The cost of cyber insurance will likely be rising or perhaps terminated.
• "The Matrix Resurrections" what a disappointment!
• SpinRite.
• December 33rd.

We invite you to read our show notes at https://www.grc.com/sn/SN-852-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• progress.com/security-now
• bitwarden.com/twit
• itpro.tv/securitynow promo code SN30

Leo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include:

• SolarWinds Hack Detailed By Microsoft
• Crispy Subtitles from Lay's
• Remembering Dan Kaminsky
• REvil Hacks Apple Supplier Quanta Computer
• The "Doom" CAPTCHA
• How Colonial Pipeline Was Breached
• When John McAfee Called Steve Gibson
• T-Mobile Subscribers: Do This Now
• Internet Anonymity" is an Oxymoron

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• ZipRecruiter.com/securitynow

• Picture of the Week.
• Google's 16th exploited Chrome 0-day of the year.
• Firefox refuses to do Microsoft.com!
• Firefox disabled Microsoft's Cloud Clipboard.
• Weaknesses in all cellular networks since 2G.
• Cross Wi-Fi / Bluetooth leakage.
• "The Matrix Resurrections" aka "The Matrix 4".
• SpinRite.
• It's a Log4j Christmas.

We invite you to read our show notes at https://www.grc.com/sn/SN-850-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• andela.com/for-companies
• stripe.com
• UserWay.org/twit