Security Now!

Security Now!

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Winner of the 2009 and 2007 people's choice award for best Technology/Science podcast. Records live at http://live.twit.tv/ every Tuesday at 1:30pm PT/4:30pm ET.... Show More

Episodes

July 16, 2019 131 min

Bullet points from last Tuesday's monthly Windows patches as wellNotes from the end of Windows 7Laporte County Under Ransomware AttackThe mixed blessing of fining companies for self-reportingA survey of enterprise malware headachesSome Mozilla/ Firefox newsAnother (kinda obvious) way of exfiltrating information from a PCDNS EncryptionWe invite you to read our show notes at https://www.grc.com/sn/SN-723-Notes.pdf Hosts: Steve Gibso... Read more

Share
Mark as Played
June 18, 2019 131 min

A new DRAM problem called "RAMBleed"A bad Linux TCP SACK server kernel crashing flawLast week's patch TuesdayA Bluetooth surpriseAnother useless warning about the BlueKeep vulnerabilityMicrosoft misses a 90-day Tavis Ormandy deadlineGood news about GandCrab wrap upYubico's entropy mistakePost-announce SQRL newsOur favorite iOS security appAttacks on Exim mail servers and other pending disastersWe invite you to read our show notes a... Read more

Share
Mark as Played
June 11, 2019 126 min

• SandboxEscaper drops another 0-day• The still-not-yet-widely-exploited BlueKeep vulnerability• GoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep)• The FBI issued an interesting advisory about not trusting secure sites just because they're secure• VLC receives 33 security bug fixes• Microsoft's Edge browser takes another step forward• Mozilla reorganizes• MUST HAVE utility of the week: DNS Query Sniffer• The fir... Read more

Share
Mark as Played
May 28, 2019 121 min

• The Internet is Doomed: BlueKeep Attacks Windows Remote Desktop Protocol• Google Stores Unhashed G Suite Passwords• Sandbox Escaper Drops FIVE New Zero-Day Exploits• Microsoft's Just-released Win10 Feature Update 1903• Security Enhancements in Firefox's Release 67We invite you to read our show notes at https://www.grc.com/sn/SN-716-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.... Read more

Share
Mark as Played
May 14, 2019 109 min

This Week's Stories• Update WhatsApp NOW!• Security News from Google I/O 2019 conference• A new exploitable flaw in all Linux kernels earlier than v5.0.8• A new set of flaws affecting all Intel processors known as "ZombieLoad"• Security enhancements in Android Q.We invite you to read our show notes at https://www.grc.com/sn/SN-714-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv... Read more

Share
Mark as Played

This Week's StoriesThe continuing and changing world of cryptojacking after Coinhive closed their doors last month.Google's announcement of self-expiring data retentionThe mess arising from Mozilla's intermediate certificate expirationAnother wrinkle in the exploit marketplaceMozilla's announcement about deliberate code obfuscationA hacker who hacked at least 29 other botnet hackersA warning about a very popular D-Link netcamWho's ... Read more

Share
Mark as Played
April 30, 2019 117 min

The large and emerging threat of website credential stuffing attacks.Privacy fallout from our recent coverage of Facebook and GoogleThe uptake rate of recent Windows 10 feature releasesThe source of the A/V troubles with the April patch Tuesday updatesThe NIST's formal fuzzing developmentA massive and ongoing database data leak involving more than half of all American householdsWindows Insiders are already finding that their system... Read more

Share
Mark as Played
April 23, 2019 141 min

Top Security Stories this Week:Google uses its "sensorvault" to help catch the bad guys.Time to update Drupal again.Facebook steals users' email contact lists, logs plaintext Instagram passwordsRussia moves closer to adopting "Internet Master Cutoff Switch" legislation.A reminder that "USB Killers" are a real thing.Marcus Hutchins' plea dealA new(ish) actively exploited Windows 0-dayA bunch of Microsoft Edge newsWindows 7 end-of-li... Read more

Share
Mark as Played
April 16, 2019 132 min

DragonBlood: the first effective attack on the new WPA3 protocolMalicious use of the URL tracking "ping" attributeThe WinRAR NightmareMore 3rd-party A/V troubles with MicrosoftWhat good did April's patch Tuesday accomplish?Adobe 's big patch TuesdayGoogle considering automatically blocking "high risk" downloadsRussia's Roskomnadzor finally lowers the boom on FacebookThe incredible Taj Mahal APT framework Hosts: Steve Gibson and Le... Read more

Share
Mark as Played
April 9, 2019 135 min

This Week's StoriesYet another capitulation in the (virtually lost) battle against tracking our behavior on the Internet with URL "ping" tracking.UK government's plan to legislate, police and enforce online social media contentMicrosoft's Chromium-based Edge browser's securityImprovements to Windows 10's update managementNews from the "spoofing biometrics" departmentThe worrisome state of Android mobile financial appsNSA's GHIDRA s... Read more

Share
Mark as Played
March 26, 2019 145 min

Results of the much anticipated Mid-March Vancouver Pwn2Own competitionThe return of "Clippy", Microsoft's much-loathed dancing paperclipOperation "ShadowHammer" which reports say compromised ASUS (... but did it?)The ransomware attack on Norsk Hydro aluminumThe surprise renaming of Windows DefenderA severe bug revealed in the most popular PDF generating PHP libraryAn early look at Microsoft's forthcoming Chromium-based web browser... Read more

Share
Mark as Played
March 19, 2019 131 min

Last week's Patch Tuesday March MadnessWin7 SHA256 Windows Update... UpdateMany attacks leveraging the recently discovered WinRAR vulnerabilityWhat happens when Apple, Google, and GoDaddy all drop a bit?A big recent jump in Mirai Botnet CapabilityCompromised Counter-Strike gaming serversPrivacy enhancements coming in Android QA pair of very odd web browser extensions for Chrome and Firefox from MicrosoftA VERY exciting and encourag... Read more

Share
Mark as Played
March 12, 2019 149 min

0-day exploit bidding warNSA releases Ghidra v9Firefox adds Tor privacyA pair of nasty 0-daysA worrisome breach at CitrixThe risk of claiming to be an unhackable aftermarket car alarmA new and interesting "Windows developers chatting with users" idea at MicrosoftA semi-solution to Windows updates crashing systemsDetailed news of the Marriott/Starwood breach, a bit of miscellany fromSPOILER: Another new and different consequence of ... Read more

Share
Mark as Played
March 5, 2019 145 min

The increasing feasibility of making a sustainable career out of hunting for software bugsA newly available improvement in Spectre mitigation performance and who can try it nowAdobe's ColdFusion emergency and patch,More problems with A/V and self-signed certsA Docker vulnerability being exploited in the wildThe end of CoinhiveA new major Wireshark releaseA nifty web browser website screenshot hackContinuing troubles with the over-p... Read more

Share
Mark as Played
February 26, 2019 112 min

A number of ongoing out-in-the-wild attacks Another early-warned Drupal vulnerability A 19-year old flaw in an obscure decompress for the "ACE" archive formatMicrosoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.Mozilla faces a dilemma about a wanna-be Certificate Authority and they also send a worried letter to Australia. Microsoft's Edge browser is revealed to be secretly whitelisting 58 web domains which ... Read more

Share
Mark as Played
February 19, 2019 132 min

Last week's doozy of a patch Tuesday for both Microsoft and AdobeAn interesting twist coming to Windows 7 and Server 2008 security updates Eight mining apps pulled from the Windows StoreAnother positive security initiative from GoogleElectric scooters being hackedChipping away at Tor's privacy guaranteesA year and a half after Equifax, and where's the data?The beginnings of GDPR-like legislation for USAn extremely concerning new an... Read more

Share
Mark as Played
February 12, 2019 135 min

Apple's most recent v12.1.4 iOS update and the two 0-day vulnerabilities it closedWorrisome new Android image-display vulnerabilityAn interesting "reverse RDP" attackThe new LibreOffice & OpenOffice vulnerabilityMicrosoft's research into the primary source of software vulnerabilitiesMaryJo gets an early peek at enterprise pricing for extending Windows 7 supportChina and Russia continue their work to take control of their countr... Read more

Share
Mark as Played
February 5, 2019 127 min

Chrome gets "spell-check for URLs"Catch up on your Linux patch up!Performance enhancements for Chrome and FireFox.Facebook must really like being in the doghouse. The Japanese government takes on IoT security. Ubiquity routers are in trouble again.Chrome "Never Slow" mode in the works. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Securi... Read more

Share
Mark as Played
January 29, 2019 135 min

The expressive power of the social media friends we keepThe persistent DNS hijacking campaign which has the US Government quite concernedLast week's iOS and macOS updates (and doubtless another one very soon!)A valiant effort to take down malware distribution domainsChrome catching up to IE and Firefox with drive-by file downloadsTwo particularly worrisome vulnerabilities in two Cisco router models publicly disclosed last FridayThe... Read more

Share
Mark as Played
January 22, 2019 131 min

Which is the right VPN client for Android, and which should you avoid at all costs?A very worrisome WiFi bug affecting billions of devicesHack a Tesla Model 3 at Pwn2OwnRussia's ongoing, failing and flailing efforts to control the InternetThe return of the Anubis Android banking malwareGoogle's changing policy for phone and SMS App accessTim Cook's note in TIME MagazineNews of a nice Facebook Ad auditing pageAnother Cisco default p... Read more

Share
Mark as Played

Chat About Security Now!

Popular Podcasts

The Ron Burgundy Podcast
The Ron Burgundy Podcast
Will Ferrell reprises his role as Ron Burgundy in his brand new Ron Burgundy Podcast! Each episode has a different theme in which Ron engages in conversation with another notable person on the topic at hand.
Atlanta Monster / Monster: The Zodiac Killer
Atlanta Monster / Monster: The Zodiac Killer
Atlanta Monster / Monster: The Zodiac KillerFrom Tenderfoot TV and HowStuffWorks, 'Monster: The Zodiac Killer' dives into one of the most notorious, unsolved serial killing sprees in history.
The Joe Rogan Experience
The Joe Rogan Experience
Joe Rogan's Weekly Podcast