Security Now

• An analysis of Telegram Messenger's crypto.
• A beautiful statement of the goal of modern crypto design.
• Who was behind Twitter's recent outage trouble?
• An embedded Firefox root certificate expired. Who was surprised?
• AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day.
• The FBI warns of another novel attack vector that's seeing a lot of action.
• Google weighs in on the Age Verification controversy.
• In a vacuum, Kazakhstan comes up with their own solution.
• Was Google also served an order from the UK? Can they say?
• A serious PHP vulnerability you need to know you don't have.
• A bunch of great listener feedback, some Sci-Fi content reviews and...
• A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility

Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• vanta.com/SECURITYNOW
• bitwarden.com/twit
• threatlocker.com for Security Now
• veeam.com

• Utah passes age verification requirement for app stores.
• The inside story on fake North Korean employees. Is that a Texas accent?
• An update on the ongoing Bybit cryptoheist saga.
• The industry may be making some changes in the wake of the Bybit attack.
• Apple pushes back legally against the UK's secret order.
• Did someone crack Passkeys?
• The UK launches a legal salvo at an innocent security researcher.
• The old data breach we witnessed that just keeps on giving.
• A bit more Bybit postmortem forensic news.
• A lesson to learn from a clever and effective ransomware attack.
• And what about that Bluetooth Backdoor discovery everyone is talking about?

Show Notes - https://www.grc.com/sn/SN-1016-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• 1password.com/securitynow
• uscloud.com
• joindeleteme.com/twit promo code TWIT
• zscaler.com/security
• canary.tools/twit - use code: TWIT

• Firefox amends their privacy policy -- the world melts down.
• Signal threatens to leave Sweden.
• Aftermath of the massive $1.5 billion Bybit ETH heist.
• It turns out that it wasn't actually Bybit's fault.
• "The Lazarus Bounty" monitoring and management site.
• Mozilla's commitment to Manifest V2 (and the uBlock Origin).
• What does the ACM's plea for memory-safe languages mean for developers?
• What exactly are memory-safe languages?
• Australia joins the Kaspersky ban.
• Gmail plans to switch from SMS to QR code authentication.
• A SpinRite success and some fun feedback.
• An astonishing new technology for targeted radio jamming

Show Notes - https://www.grc.com/sn/SN-1015-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• legatosecurity.com
• bitwarden.com/twit
• veeam.com
• threatlocker.com for Security Now

• Apple disables Advanced Data Protection for new UK users.
• Paying ransoms is not as cut and dried as we might imagine.
• Elon Musk's "X" social media blocks "Signal.me" links.
• Spain's soccer league blocks Cloudflare and causes a mess.
• Two new (and rare) vulnerabilities discovered in OpenSSH.
• The U.S. seems unable to evict Chinese attackers from its Telecom systems.
• What are those Chinese "Salt Typhoon" hackers doing to get in?
• The largest (by far) cryptocurrency heist in history occurred Friday.
• Ex-NSA head says the U.S. is falling behind on the cyber front lines.
• We have the winner (and a good one) replacement term for "backdoor".
• A look at a pathetic access control system that begs to be hacked (and will be).

Show Notes - https://www.grc.com/sn/SN-1014-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• zscaler.com/security
• joindeleteme.com/twit promo code TWIT
• uscloud.com
• canary.tools/twit - use code: TWIT