Security Now

SN 689: Self-Decrypting Drives

Security Now - Tue, 11/13/2018 - 9:46pm
  • Last month's Patch Tuesday, this month
  • A GDPR-inspired lawsuit filed by Privacy International
  • Check these two router ports to protect against a new botnet that's making the rounds
  • Another irresponsibly disclosed zero-day, this time in Virtual Box
  • CloudFlare's release of a very cool 1.1.1.1 app for iOS and Android
  • Microsoft's caution about the in-RAM vulnerabilities of the BitLocker whole drive encryption
  • A deep dive into last week's worrisome revelation about the lack of true security being offered by today's Self-Encrypting SSD drives.

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 688: PortSmash

Security Now - Tue, 11/06/2018 - 6:36pm
  • A close look at the impact and implication of the new "PortSmash" attack against Intel (and almost certainly other) processors.
  • The new "BleedingBit" Bluetooth flaws
  • JavaScript is no longer optional with Google
  • A new Microsoft Edge browser 0-day
  • Windows Defender plays in its own sandbox
  • Microsoft and SysInternals news
  • The further evolution of the CAPTCHA
  • The 30th anniversary of the Internet's first worm
  • A bizarre requirement of Ransomware
  • A nice new bit of security non-tech from Apple

We invite you to read our show notes

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 687: Securing the Vending Machine

Security Now - Tue, 10/30/2018 - 8:36pm

More Zero-day exploits in Windows 10, publicly exposed Docker Engine APIs, Google's plan to fix Android, the DoD is expanding its existing "Hack the Pentagon" bug-bounty program to include hardware assets, the going rate for DDoS-for-Hire, and Steve has the answer to our vending machine conundrum from last week.

We invite you to read our show notes.

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now

SN 686: Libssh's Big Whoopsie!

Security Now - Tue, 10/23/2018 - 9:24pm

This week a widely used embedded OS (FreeRTOS) is in the doghouse, as are at least eight D-Link routers which have serious problems most of which D-Link has stated will never be patched. We look at five new problems in Drupal 7 and 8, two of which are rated critical, trouble with Live Networks RTSP streaming server, still more trouble with the now-infamous Windows 10 Build 1809 feature update, and a long standing 0-day in the widely used and most popular plugin for jQuery. We then look at what can only be described as an embarrassing mistake in the open source libssh library, and we conclude by examining a fun recent hack and pose its solution to our audience as our Security Now Puzzler of the Week!

We invite you to read our show notes.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Security Now