Security Now!

SN 601: The First SHA-1 Collision

February 28, 2017109 min
This week, Leo and Steve discuss the "CloudBleed" adventure, another project zero 90-day timer expires for Microsoft, this week's IoT head-shaker, a New York airport exposes critical server data for a year, another danger created by inline third party TLS-intercepting "middleboxes", more judicial thrashing over fingerprint warrants, Amazon says no to Echo data warrant, a fun drone-enabled proof on concept is widely misunderstood, another example of A/V attack surface expansion, some additional Crypto education pointers and miscellany... and what does Google's deliberate creation of two SHA-1-colliding files actually mean?We invite you to read our show notes.
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at can submit a question to Security Now! at the GRC Feedback Page.For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.Bandwidth for Security Now is provided by CacheFly.

Chat About SN 601: The First SHA-1 Collision

For You