Security Now (MP3)

• Last week's Patch Tuesday March Madness
• Win7 SHA256 Windows Update... Update
• Many attacks leveraging the recently discovered WinRAR vulnerability
• What happens when Apple, Google, and GoDaddy all drop a bit?
• A big recent jump in Mirai Botnet Capability
• Compromised Counter-Strike gaming servers
• Privacy enhancements coming in Android Q
• A pair of very odd web browser extensions for Chrome and Firefox from Microsoft
• A VERY exciting and encouraging project to create an entirely open eVoting system

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• ZipRecruiter.com/securitynow
• Sophos.com
• canary.tools/twit - use code: TWIT

• 0-day exploit bidding war
• NSA releases Ghidra v9
• Firefox adds Tor privacy
• A pair of nasty 0-days
• A worrisome breach at Citrix
• The risk of claiming to be an unhackable aftermarket car alarm
• A new and interesting "Windows developers chatting with users" idea at Microsoft
• A semi-solution to Windows updates crashing systems
• Detailed news of the Marriott/Starwood breach, a bit of miscellany from
• SPOILER: Another new and different consequence of speculation on Intel machines.

We invite you to read our show notes at https://www.grc.com/sn/SN-705-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• FreshBooks.com/securitynow
• Atlassian.com/IT
• go.itpro.tv/securitynow promo code SN30

• The increasing feasibility of making a sustainable career out of hunting for software bugs
• A newly available improvement in Spectre mitigation performance and who can try it now
• Adobe's ColdFusion emergency and patch,
• More problems with A/V and self-signed certs
• A Docker vulnerability being exploited in the wild
• The end of Coinhive
• A new major Wireshark release
• A nifty web browser website screenshot hack
• Continuing troubles with the over-privileged Thunderbolt interface
• Bot-based credential stuffing attacks

We invite you to read our show notes at https://www.grc.com/sn/SN-704-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• securitynow.cachefly.com
• ZipRecruiter.com/securitynow
• LastPass.com/twit

• A number of ongoing out-in-the-wild attacks
• Another early-warned Drupal vulnerability
• A 19-year old flaw in an obscure decompress for the "ACE" archive format
• Microsoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.
• Mozilla faces a dilemma about a wanna-be Certificate Authority and they also send a worried letter to Australia.
• Microsoft's Edge browser is revealed to be secretly whitelisting 58 web domains which are allowed to bypass its "Click-To-Run" permission for Flash.
• ICANN renews its plea for the Internet to adopt DNSSEC.
• NVIDIA releases a handful of critical driver updates for Windows.
• Apple increases the intelligence of it's Intelligent Tracking Prevention.

We invite you to read our show notes at https://www.grc.com/sn/SN-703-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• thehelm.com/SECURITYNOW
• expressvpn.com/securitynow
• Atlassian.com/IT

• Last week's doozy of a patch Tuesday for both Microsoft and Adobe
• An interesting twist coming to Windows 7 and Server 2008 security updates
• Eight mining apps pulled from the Windows Store
• Another positive security initiative from Google
• Electric scooters being hacked
• Chipping away at Tor's privacy guarantees
• A year and a half after Equifax, and where's the data?
• The beginnings of GDPR-like legislation for US
• An extremely concerning new and emerging threat for the Internet

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WordPress.com/securitynow
• canary.tools/twit - use code: TWIT
• Wasabi.com offer code SecurityNow