Security Now (Audio)

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are).

• A look back at issue...

Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords.

• Germany may soon outlaw ad blockers
• What's happening in the courts over AI
• The U.K. drops its demands of Apple
• New Microsoft 365 tenants being throttled
• Is Russia preparing to block Google Meet?
...

• What AI website summaries mean for Internet economics.
• Time to urgently update Plex Servers (again).
• Allianz Life stolen data gets leaked.
• Chrome test Incognito-mode fingerprint script blocking.
• Chrome 140 additions coming in 2 weeks.
• Data brokers hide opt-out pages from search engines.
• Secure messaging changes in Russia.
• NIST rolls-out lightweight IoT crypto.
• SyncThing moves to v2.0 and beyond.
• Alien:Earth -- first...

• CISA's Emergency Directive to ALL Federal agencies re: SharePoint.
• NVIDIA firmly says "no" to any embedded chip gimmicks.
• Dashlane is terminating its (totally unusable) free tier.
• Malicious repository libraries are becoming even more hostile.
• The best web filter (uBlock Origin) comes to Safari.
• The very popular SonicWall firewall is being compromised.
• >100 models of Dell Latitude and Precision laptops are in danger.
...

• A follow-up to the SharePoint server patch mess.
• How Russia arranges to spy on other country's local embassies.
• "Dropbox Passwords" manager app is ending in October.
• Signal will leave Australia rather than help spy.
• YouTube deploys viewing history age-estimation heuristics.
• Chrome adds clever lightweight extension signing to prevent abuse.
• A domain registrar is coming close to losing its rights.
• A TP-Link router that ...

• Brave randomizes its fingerprints.
• The next Brave will block Microsoft Recall by default.
• Clorox sues its IT provider for $380 million in damages.
• 6-month Win10 ESU offers are beginning to appear.
• Warfare has significantly become cyber.
• Allianz Life loses control of 125 million customers' data.
• The CIA's Acquisition Research Center website was hacked.
• The Pentagon says the SharePoint RCE didn't get them.
• A look at a ...

• Bypassing all passkey protections.
• The ransomware attacks just keep on coming.
• Cloudflare capitulates to the MPA and starts blocking.
• The need for online age verification is exploding.
• Microsoft really wants Exchange Servers to subscribe.
• Russia (further) clamps down on Internet usage.
• The global trend toward more Internet restrictions.
• China can inspect locked Android phones. Use a burner.
• Web shells are the new buf...

• A glorious takedown of quantum factorization.
• Notepad++ signs its own code signing certificate.
• Dennis Taylor has Bobiverse Book 6 on his lap.
• Crypto/ATM machines flat out outlawed.
• Signal vs WhatsApp: Encryption in flight and at rest.
• A close look at browser fingerprinting metrics.
• Rewriting interpreters in memory-safe languages.
• An introduction to zero-knowledge proofs

Show Notes - https://www.grc.com/sn/SN-10...

• Another Israeli spyware vendor surfaces.
• Win11 to delete restore points more quickly.
• The EU accelerates its plans to abandon Microsoft Azure.
• The EU sets timelines for Post-Quantum crypto adoption.
• Russia to create a massive IMEI database.
• Canada and the UK create the "Common Good Cyber Fund".
• U.S. states crack down on Bitcoin ATMs amid growing scams.
• Congressional staffers cannot use WhatsApp on gov devices.
• LibXML...