Security Now (Video)

• Bypassing all passkey protections.
• The ransomware attacks just keep on coming.
• Cloudflare capitulates to the MPA and starts blocking.
• The need for online age verification is exploding.
• Microsoft really wants Exchange Servers to subscribe.
• Russia (further) clamps down on Internet usage.
• The global trend toward more Internet restrictions.
• China can inspect locked Android phones. Use a burner.
• Web shells are the new buf...

• A glorious takedown of quantum factorization.
• Notepad++ signs its own code signing certificate.
• Dennis Taylor has Bobiverse Book 6 on his lap.
• Crypto/ATM machines flat out outlawed.
• Signal vs WhatsApp: Encryption in flight and at rest.
• A close look at browser fingerprinting metrics.
• Rewriting interpreters in memory-safe languages.
• An introduction to zero-knowledge proofs

Show Notes - https://www.grc.com/sn/SN-10...

• Another Israeli spyware vendor surfaces.
• Win11 to delete restore points more quickly.
• The EU accelerates its plans to abandon Microsoft Azure.
• The EU sets timelines for Post-Quantum crypto adoption.
• Russia to create a massive IMEI database.
• Canada and the UK create the "Common Good Cyber Fund".
• U.S. states crack down on Bitcoin ATMs amid growing scams.
• Congressional staffers cannot use WhatsApp on gov devices.
• LibXML...

• Let's Encrypt drops its long-running email notifications.
• Microsoft's new "Unexpected Restart Experience".
• Microsoft's response to last year's massive CrowdStrike outage.
• Windows 10's extended service updates will sort of be free.
• Russia-sold iPhones MUST include the RuStore app.
• Lyon, in France, says bye-bye to Windows. Hello to Linux.
• The US Gov gets more serious about memory-safe languages.
• A new unbeliev...

• China's Salt Typhoon claims another victim (or two).
• State healthcare portals are tracking and leaking. No kidding.
• Apple adopts FIDO's Passkeys and other credentials transport.
• Facebook gets Passkey logon.
• TikTok continues ticking for at least another 90 days.
• Canadian telco admits they were infiltrated by Salt Typhoon.
• Microsoft to remove unwanted (and hopefully unneeded) hardware drivers.
• The Austrian government le...

• An exploited iOS iMessage vulnerability Apple denies?
• The NPM repository is under siege with no end in sight.
• Were Comcast and Digital Realty compromised? Don't ask them.
• Matthew Green agrees: XChat does not offer true security.
• We may know how Russia is convicting Telegram users.
• Microsoft finally decides to block two insane Outlook file types.
• 40,000 openly available video camera are online. Who owns them?
• Running S...

• In memoriam: Bill Atkinson
• Meta native apps & JavaScript collude for a localhost local mess.
• The EU rolls out its own DNS4EU filtered DNS service.
• Ukraine DDoS's Russia's Railway DNS ... and... so what?
• The Linux Foundation creates an alternative Wordpress package manager.
• Court tells OpenAI it must NOT delete ANYONE's chats. Period! :(
• A CVSS 10.0 in Erlang/OTP's SSH library.
• Can Russia intercept Telegram? Perhap...

• Pwn2Own 2025, Berlin results.
• PayPal seeks a "newly registered domains" patent.
• An expert iOS jailbreak developer gives up.
• The rising abuse of SVG images, via JavaScript.
• Interesting feedback from our listeners.
• Four classic science fiction movies not to miss.
• How OpenAI's o3 model discovered a 0-day in the Linux kernel

Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

D...

• What the status of Encrypted Client Hello (ECH)?
• What radio technology would be best for remote inverter shutdown?
• Some DNS providers already block newly listed domains.
• Knowing when not to click a link can take true understanding.
• Why can losing a small portion of a power grid bring the rest down?
• Where are we in the "AI Hype Cycle" and is this the first?
• Speaking of hype: An AI system resorted to blackmail?
• Why are ...