Security Now (Audio)Author: TWiT
09 Mar 2021

Security Now (Audio)

Download, listen or watch all podcasts

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

  • Listen

    SN 808: CNAME Collusion - Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password

    Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.

    • Chrome to default to trying HTTPS first when not specified.
    • Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies!
    • As easy as "SolarWinds123".
    • Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10.
    • VMware's vCenter troubles.
    • SpinRite update.
    • Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
    • CNAME Collusion.

    We invite you to read our show notes at https://www.grc.com/sn/SN-808-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 03 Mar 2021

    download
  • Listen

    SN 807: Dependency Confusion - SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"

    SHAREit's security update, Solorigate, Brave's "Private Window with Tor".

    • SHAREit Follow-up
    • This Week in Web Browser Tracking
    • Brave's "Private Window with Tor" was not so private
    • Tracking with eMail Beacons
    • Microsoft's final "Solorigate" update
    • "Good App goes Bad for Profit"
    • SpinRite: RS shows VERY obvious improvement after one pass of SR 6
    • Dependency Confusion

    We invite you to read our show notes at https://www.grc.com/sn/SN-807-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 24 Feb 2021

    download
  • Listen

    SN 806: C.O.M.B. - Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability

    Florida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability.

    • Pic of the week.
    • New info in the Oldsmar, Florida water supply attack.
    • Major Patch Tuesday update.
    • Adobe released critical updates to three versions each of its Acrobat and Reader.
    • Android SHAREit.
    • The Rise of The Web Shells.
    • This week's WordPress Mess: Responsive Menu plugin.
    • SpinRite drive discovery video.
    • What is C.O.M.B.?

    We invite you to read our show notes at https://www.grc.com/sn/SN-806-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 17 Feb 2021

    download
  • Listen

    SN 805: SCADA Scandal - Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks

    Defender thinks Chrome is malware, Plex Media Servers in DDoS attacks.

    • Picture of the Week.
    • Google has been busy with Chrome.
    • Google Chrome Heap Buffer Overflow Vulnerability Exploited.
    • A unique use of Chrome's "sync" feature for command & control and data exfiltration.
    • Defender thinks Chrome is Malware.
    • More Critical WordPress Plug-in Problems.
    • Plex Media servers SSDP protocol being used in DDoS attacks.
    • Three more NEW vulnerabilities discovered in SolarWinds' software.
    • Closing the Loop.
    • SpinRite: "Discovering System's Mass Storage Devices..."
    • SCADA Scandal: Hacker's attempts to adjust chemicals in Oldsmar water supply.

    We invite you to read our show notes at https://www.grc.com/sn/SN-805-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 10 Feb 2021

    download
  • Listen

    SN 804: NAT Slipstreaming 2.0 - SUDO Was Pseudo Secure, BigNox Supply-Chain Attack, iMessage in a Sandbox

    SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox.

    • Picture of the Week.
    • Chrome rescinding another CA's root cert.
    • An urgent update to the recently released GnuPG.
    • An interesting supply-chain attack "BigNox".
    • Apple quietly put iMessage in a sandbox in iOS 14.
    • For the past 10 years, "SUDO" was only pseudo secure.
    • SpinRite: February 1st Progress Report.
    • NAT Slipstreaming 2.0.

    We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to this show at https://twit.tv/shows/security-now.

    You can submit a question to Security Now! at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Sponsors:


  • Posted on 03 Feb 2021

    download

Follow Playlisto