Security Now (MP3)

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.


  • SN 769: Zoom's E2EE Design

    Jun 03 2020

    Zoom gets end-to-end encryption. ACLU takes Clearview to court, but maybe they should worry about their own website firstThe state of drive-by malvertising downloadsGoogle will be bad listing notification abusing sitesWho else is doing the eBay-like ThreatMetrix port scanning?Facebook to require identity verification for high impact postersGoogle Messaging is apparently heading toward E2EEThe return of a much more worrisome StrandHoggThe SHA-1 hash to finally be dropped from OpenSSHWhat happens ...more

  • SN 768: Contact Tracing Apps R.I.P.

    May 27 2020

    Contact tracing apps are not going to work.Why contact tracing apps are never going to workUnc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice!Firefox 77 picks up a nifty new security trickNew features in Chrome 83: cookie management, "Safety Check," blocking third-party cookies by default in Incognito mode, and "Tab Groups"Adobe rushes out four out-of-cycle emergency updates to fix security flawsZerodium temporarily stops buying iOS remote code execution vulne...more

  • SN 767: WiFi 6

    May 20 2020

    WiFi 6, Apple vs. FBI, face masks.Last Tuesday's Windows patch Tuesday was not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were rated CRITICAL and all but one of which enabled Remote Code Execution by an attacker.The DOJ and FBI again criticize Apple over encryptionWhen is a fix not a fix?Face masks have thwarted the London police's LFR rolloutUtah chooses to roll their own contact tracing appEverything y...more

  • SN 766: ThunderSpy

    May 12 2020

    Thunderbolt security flaw, Zoom buys Keybase. Why the ThunderSpy Thunderbolt security flaw is such a big dealZoom purchases Keybase to fix encryptionFirefox 76 released with new featuresBut Firefox 76 broke Amazon's Assistant!Hallelujah!! Edge moves to silence those annoying notification requests.Critical WordPress plugin bugs present on over one million sitesCritical vBulletin patchSamsung has patched a CRITICAL bug affecting the past 6 years of SmartphonesDefCon and Black Hat 2020 go virtualWe...more

  • SN 765: An Authoritarian Internet?

    May 06 2020

    China wants to rebuild the Internet.China's proposal to rebuild the internet is an authoritarian nightmareBruce Schneier on COVID-19 Contact Tracing AppsPolitical Correctness hits cybersecurityDHS's CISA says no to 3rd-party DoH"POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers"An authorization bypass in SaltStackAdobe's Big Last Tuesday, Non-Patch Tuesday, UpdateGoogle has announced its impending clean-up of the Chrome Web StoreWarning about RDP is ...more

  • SN 764: RPKI

    Apr 28 2020

    Apple/Google Contact Tracing, Best VPNs to protect you.Apple/Google Contact Tracing UpdateiOS 0-Day Alert! Update Apple MailBest VPNs to protect you from the Five EyesTypoSquatting attacksVitamin D linked to COVID-19 mortalityResource Public Key InfrastructureHow BGP can break the InternetWe invite you to read our show notes at https://www.grc.com/sn/SN-764-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit...more

  • SN 763: The COVID Effect

    Apr 22 2020

    Zoom Fixes Security, EARN IT is Evil, Tor in TroubleZoom gets big-name help with security fixesGoogle updates Chrome to v81.0.4044.113 to squash a critical flawFTP in Chrome lives another day! Google "undepreciates" FTP.Windows Patch Tuesday for April 2020 fixes 113 vulnerabilities"Basic Authentication" lives another day! Due to COVID-19, Microsoft and Google will keep "Basic Authentication" around for a little while longerEARN IT Act: call your Senator before it is too late!Tor Project fires ov...more

  • SN 762: Virus Contact Tracking

    Apr 15 2020

    Apple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of LifeApple & Google Virus Contact Tracing: secure and effectiveZoom gets another Zoom-bombing mitigation... and a Class-Action LawsuitMeanwhile, Zoom has enlisted the aid of Alex StamosZoom creates a CISO CouncilWhat's next for Zoom?Browser Security News: Chrome 81 and Firefox 75Android Apps Again in the CrosshairsSandboxie goes Open SourceRIP John Conway, creator of Conway's Game of LifeWe invite you to read our...more

  • SN 761: Zoom Go Boom

    Apr 08 2020

    Zoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative!Mozilla just patched a pair of CRITICAL 0-daysEight security bugs eliminated from Chrome last weekSafari gets a bunch of very important fixesChrome and Edge join Mozilla in postponing the deprecation of TLS v1.0 and v1.1Chrome team reversing themselves on the enforcement of Same Site cookiesEdge with Vertical Tabs and Smart CopyThe return of ST...more

  • SN 760: Folding Proteins

    Apr 01 2020

    iOS VPN bug, Coronavirus Folding@HomeVPN bug in iOS 13.4Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19.RDP and VPN use skyrocketingTo 'www' or not to 'www'Firefox 76 to finally stop assuming "HTTP"Google again revises its schedule for Chrome releasesMicrosoft moves to support "Shadow Stacks"Cloudflare's DNS is audited by KPMGWe invite you to read our show notes at https://www.grc.com/sn/SN-760-Notes.pdf Hosts: Steve Gibson and Leo Laporte Down...more