Security Now

• In memoriam: Bill Atkinson
• Meta native apps & JavaScript collude for a localhost local mess.
• The EU rolls out its own DNS4EU filtered DNS service.
• Ukraine DDoS's Russia's Railway DNS ... and... so what?
• The Linux Foundation creates an alternative Wordpress package manager.
• Court tells OpenAI it must NOT delete ANYONE's chats. Period! :(
• A CVSS 10.0 in Erlang/OTP's SSH library.
• Can Russia intercept Telegram? Perhaps.
• Spain's ISPs mistakenly block Google sites.
• Reddit sues Anthropic.
• Twitter's new encrypted DM's are as lame as the old ones.
• The Login.gov site may not have any backups.
• Apple explores the question of recent Large Reasoning Models "thinking"

Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• hoxhunt.com/securitynow
• threatlocker.com for Security Now
• uscloud.com
• canary.tools/twit - use code: TWIT

• Pwn2Own 2025, Berlin results.
• PayPal seeks a "newly registered domains" patent.
• An expert iOS jailbreak developer gives up.
• The rising abuse of SVG images, via JavaScript.
• Interesting feedback from our listeners.
• Four classic science fiction movies not to miss.
• How OpenAI's o3 model discovered a 0-day in the Linux kernel

Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• material.security
• outsystems.com/twit
• bigid.com/securitynow
• bitwarden.com/twit
• joindeleteme.com/twit promo code TWIT

• What the status of Encrypted Client Hello (ECH)?
• What radio technology would be best for remote inverter shutdown?
• Some DNS providers already block newly listed domains.
• Knowing when not to click a link can take true understanding.
• Why can losing a small portion of a power grid bring the rest down?
• Where are we in the "AI Hype Cycle" and is this the first?
• Speaking of hype: An AI system resorted to blackmail?
• Why are we so quick to imbue AI with awareness?
• ChatGPT's latest o3 model ignored the order to shutdown.
• Copilot may not be making Windows core code any better.
• Venice.AI is an unfiltered and unrestrained LLM

Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• outsystems.com/twit
• threatlocker.com for Security Now
• canary.tools/twit - use code: TWIT
• hoxhunt.com/securitynow
• 1password.com/securitynow

• Chrome to actively refuse admin privileges.
• Android Messenger is getting manual key verification.
• Pwn2Own to add AI "pwning" as in-scope attack targets.
• AI has already been found to be replicating.
• Microsoft not killing off Office on Win10 after October.
• 23andMe's asset purchaser revealed.
• Many fun talking points thanks to our listeners.
• Steve's review of "Andor", season 2.
• What's been discovered inside the U.S. power grid

Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• bigid.com/securitynow
• material.security
• joindeleteme.com/twit promo code TWIT
• bitwarden.com/twit
• drata.com/securitynow