Podcasts

Is the U.S. on the verge of legalizing "hack back" missions, turning private companies into sanctioned cyber warriors? Steve and Leo unpack Google's plan for a cyber disruption unit and why the lines between defense and digital retaliation are suddenly blurring.

• My experience with 'X' vs email.
• Google TIG blackmailed to fire two security researchers.
• 1.1.1.1 DNS TLS certificate mis-issued.
• Artists blackmailed with threats of training AI on their art.
• Firefox extended end-of-life for Windows 7 to next March.
• Is the renewal of cybersecurity info sharing coming soon.
• Should security analysis be censored due to vibe-coding.
• UK versus Apple may not be settled after all.
• Another very serious supply chain attack.
• Can the software supply-chain ever be trustworthy.
• Why did BYTE Magazine die.
• What happens if Google and others go on the attack

Show Notes - https://www.grc.com/sn/SN-1042-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• uscloud.com
• canary.tools/twit - use code: TWIT
• bigid.com/securitynow
• zscaler.com/security
• expressvpn.com/securitynow

Google walks away from another monopoly ruling with barely a scratch, while tech giants gather at the White House to praise a president who holds their futures in the balance. Inside, our panel questions whether "playing the game on the field" is killing tech innovation and U.S. privacy for good.

• Google avoids harshest penalties in landmark search monopoly ruling
• Google fined $3.5 billion by EU over ad-tech business
• Probe finds Houston police using surveillance tool like a search engine
• iPhone 17 specifications leak, 'Air' model rumors, and what to expect at Apple's Awe Dropping' event
• Instagram coming to iPad after 15 years
• Anthropic to pay $1.5 billion to settle author copyright claims
• Apple accused of training AI models on pirated books
• Trump hosts tech CEOs at first event in newly renovated Rose Garden
• Postal traffic to the US down over 80% amid tariffs, UN says
• Satellite companies like SpaceX ignore astronomers' calls to save the night sky
• Microsoft says Azure service affected by damaged Red Sea cables
• Meta still hasn't given up on the Facebook poke after 21 years
• Fake celebrity chatbots send risqué messages to teens on top AI app
• First brain-wide map of decision-making charted in mice
• NVIDIA's sale-and-leaseback chip schemes raise questions about AI bubble
• Tesla changes meaning of 'full self-driving' and gives up on autonomy promise
• Atlassian agrees to acquire The Browser Co. for $610 million
• Warner Bros. Discovery sues AI company Midjourney for copyright infringement in major legal battle

Host: Leo Laporte

Guests: Alex Wilhelm and Harry McCracken

Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• zscaler.com/security
• miro.com
• smarty.com/twit
• ZipRecruiter.com/twit
• canary.tools/twit - use code: TWIT

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are).

• A look back at issue #1 of BYTE magazine exactly 50 years ago
• The enforcement of the SHAKEN & STIR Telecom protocols
• Breaking: Judge rules against forced Google divestitures in monopoly case
• The inherent danger of consolidating authentication
• Can AI be controlled?
• Vivaldi says a big "no" to AI-enhanced web browsers
• How WhatsApp figured into Apple's recent 0-day attacks
• Leveraging AI as an attack aid
• The latest TransUnion data breach
• Two scummy websites sue the UK over age requirements
• OpenSSH reminds its users to adopt post-quantum crypto
• The DOD uses open source maintained by a Russian national
• Much great feedback from our terrific listeners
• Sci-Fi news from "The Frontiers Saga" Ryk Brown

Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• go.acronis.com/twit
• threatlocker.com/twit
• bitwarden.com/twit
• bigid.com/securitynow
• joindeleteme.com/twit promo code TWIT

Cloudflare's latest moves to police who can access the internet and governments' push for age verification set off alarms for the future of the open web, as panelists debate the hidden costs of centralization and regulation.

• Microsoft fires four workers for on-site protests over company's ties to Israe
• Taco Bell rethinks AI drive-through after man orders 18,000 water
• Nvidia says two mystery customers accounted for 39% of Q2 revenu
• FBI cyber cop: Salt Typhoon pwned 'nearly every American
• Mastodon says it doesn't 'have the means' to comply with age verification law
• UK's Online Safety Act censors the internet — a preview of US proposal
• Meta updates chatbot rules to avoid inappropriate topics with teen user
• Meta reportedly allowed unauthorized celebrity AI chatbots on its service
• UK's demand for Apple backdoor may have been broader than previously though
• Bluesky now platform of choice for science communit
• SpaceX's giant Starship Mars rocket nails critical 10th test flight in stunning comeback
• FCC rejects calls for cable-like fees on broadband providers
• The web does not need gatekeepers
• Intel warns a US equity stake could trigger "adverse reactions"
• US firms are racing through a $1 trillion buyback spree in record time
• Microsoft reveals two in-house AI models
• Authors celebrate "historic" settlement coming soon in Anthropic class action
• A rule exempting small packages from tariffs is ending today
• Framework is working on a giant haptic touchpad, Trackpoint nub, and eGPU for its laptops
• Germany fines economist Thomas Vierhaus €16,100 for sarcastic X posts1
• Google wants to make sideloading Android apps safer by verifying developers' identities
• South Korea bans smartphones in all middle and elementary school classrooms

Host: Leo Laporte

Guests: Shoshana Weissmann, Cory Doctorow, and Louis Maresca

Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• shopify.com/twit
• ZipRecruiter.com/twit
• NetSuite.com/TWIT
• zscaler.com/security
• smarty.com/twit

Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords.

• Germany may soon outlaw ad blockers
• What's happening in the courts over AI
• The U.K. drops its demands of Apple
• New Microsoft 365 tenants being throttled
• Is Russia preparing to block Google Meet?
• Bluesky suspends its service in Mississippi
• How to throttle AI
• A tricky SSH-busting Go library
• Here comes the Linux desktop malware
• Apple just patched a doozy of a vulnerability
• A trivial Docker escape was found and fixed
• Why the recent browser 0-day clickjacking is really just whac-a-mole

Show Notes - https://www.grc.com/sn/sn-1040-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• 1password.com/securitynow
• zscaler.com/security
• bigid.com/securitynow
• uscloud.com

• You should buy a faster CPU
• The Trump-Intel deal is official
• Trump signals fourth delay of TikTok ban
• Trump to tap Airbnb co-founder as first government design chief
• Meet Macrohard, Elon Musk's AI simulation of Microsoft
• Google announces Pixel 10 lineup with heavy AI integration
• Gemini for Home is Google's biggest smart home play in years
• Copilot app gets a glowup, new features, for Windows 11
• Apple explores using Google Gemini AI to power revamped Siri
• Bluesky blocks service in Mississippi over age assurance law
• 4chan will refuse to pay daily online safety fines, lawyer tells BBC
• Sports streaming enters a bold new era
• Waymo can now test its self-driving vehicles in New York City
• Oura secures decisive legal victory with ITC patent ruling
• T-Mobile claimed selling location data without consent is legal—judges disagree
• Developer gets prison time for sabotaging former employer's network with a 'kill switch'
• Nonprofit search engine Ecosia offers $0 for control of Chrome
• Perplexity's Comet AI browser tricked into buying fake items online
• Agentic browser security: indirect prompt injection in Perplexity Comet
• New zero-day startup offers $20 million for tools that can hack any smartphone
• YouTuber Mark Rober is getting a Netflix series
• German court revives case that could threaten ad blockers
• Satya Nadella says Microsoft must move beyond Bill Gates' software factory vision
• More frozen shrimp recalled for possible radioactive contamination

Host: Leo Laporte

Guests: Daniel Rubino and Paris Martineau

Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• zscaler.com/security
• expressvpn.com/twit
• canary.tools/twit - use code: TWIT
• smarty.com/twit
• helixsleep.com/twit

• What AI website summaries mean for Internet economics.
• Time to urgently update Plex Servers (again).
• Allianz Life stolen data gets leaked.
• Chrome test Incognito-mode fingerprint script blocking.
• Chrome 140 additions coming in 2 weeks.
• Data brokers hide opt-out pages from search engines.
• Secure messaging changes in Russia.
• NIST rolls-out lightweight IoT crypto.
• SyncThing moves to v2.0 and beyond.
• Alien:Earth -- first take.
• What can we learn from another critical vulnerability?

Show Notes - https://www.grc.com/sn/SN-1039-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• threatlocker.com for Security Now
• bitwarden.com/twit
• go.acronis.com/twit
• joindeleteme.com/twit promo code TWIT
• vanta.com/SECURITYNOW

• Privacy preserving age verification is bullsh!t
• The Supreme Court lets Mississippi's social media age-verification law go into effect
• Meta's flirty AI chatbot invited a retiree to New York.
• AI data centers made Americans' electricity bills 30% higher
• AI experts return from China stunned: The U.S. grid is so weak, the race may already be over
• Ford reveals breakthrough process for lower priced EVs
• More thoughts from Sam on the Ford EV platform
• Popular car brand wants you to pay monthly to unlock more horsepower
• Apple Plots Expansion Into AI Robots, Home Security and Smart Displays
• Elli-q
• After researchers unmasked a prolific SMS scammer, a new operation has emerged in its wake
• Starlink tries to block Virginia's plan to bring fiber Internet to residents
• China Launches Three-Day Robot Olympics Featuring Football and Table Tennis
• The Key to Crack the CIA's Mysterious 'Kryptos' Sculpture Is Up for Sale
• PACER Hacked By Malicious Entities, Briefly Turning It Into A Useful Source For Federal Court Documents
• Court blocks FTC investigation into Media Matters' alleged scheme against X
• Google AI Overviews linked to 25% drop in publisher referral traffic, new data shows

Host: Leo Laporte

Guests: Jennifer Pattison Tuohy, Sam Abuelsamid, and Lisa Schmeiser

Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• miro.com
• storyblok.com/twittv-25 code TWIT25
• ZipRecruiter.com/Twit
• expressvpn.com/twit
• zscaler.com/security