Security Now

SN 706: Open Source eVoting

Security Now - Tue, 03/19/2019 - 11:47pm
  • Last week's Patch Tuesday March Madness
  • Win7 SHA256 Windows Update... Update
  • Many attacks leveraging the recently discovered WinRAR vulnerability
  • What happens when Apple, Google, and GoDaddy all drop a bit?
  • A big recent jump in Mirai Botnet Capability
  • Compromised Counter-Strike gaming servers
  • Privacy enhancements coming in Android Q
  • A pair of very odd web browser extensions for Chrome and Firefox from Microsoft
  • A VERY exciting and encouraging project to create an entirely open eVoting system

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 705: SPOILER

Security Now - Tue, 03/12/2019 - 8:53pm
  • 0-day exploit bidding war
  • NSA releases Ghidra v9
  • Firefox's adds Tor privacy
  • A pair of nasty 0-days
  • A worrisome breach at Citrix
  • The risk of claiming to be an unhackable aftermarket car alarm
  • A new and interesting "Windows developers chatting with users" idea at Microsoft
  • A semi-solution to Windows updates crashing systems
  • Detailed news of the Marriott/Starwood breach, a bit of miscellany from
  • SPOILER: Another new and different consequence of speculation on Intel machines.

We invite you to read our show notes at https://www.grc.com/sn/SN-705-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 704: Careers in Bug Hunting

Security Now - Tue, 03/05/2019 - 5:56pm
  • The increasing feasibility of making a sustainable career out of hunting for software bugs
  • A newly available improvement in Spectre mitigation performance and who can try it now
  • Adobe's ColdFusion emergency and patch,
  • More problems with A/V and self-signed certs
  • A Docker vulnerability being exploited in the wild
  • The end of Coinhive
  • A new major Wireshark release
  • A nifty web browser website screenshot hack
  • Continuing troubles with the over-privileged Thunderbolt interface
  • Bot-based credential stuffing attacks

We invite you to read our show notes at https://www.grc.com/sn/SN-704-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 703: Out in the Wild

Security Now - Tue, 02/26/2019 - 8:28pm
  • A number of ongoing out-in-the-wild attacks
  • Another early-warned Drupal vulnerability
  • A 19-year old flaw in an obscure decompress for the "ACE" archive format
  • Microsoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.
  • Mozilla faces a dilemma about a wanna-be Certificate Authority and they also send a worried letter to Australia.
  • Microsoft's Edge browser is revealed to be secretly whitelisting 58 web domains which are allowed to bypass its "Click-To-Run" permission for Flash.
  • ICANN renews its plea for the Internet to adopt DNSSEC.
  • NVIDIA releases a handful of critical driver updates for Windows.
  • Apple increases the intelligence of it's Intelligent Tracking Prevention.

We invite you to read our show notes at https://www.grc.com/sn/SN-703-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now