Security Now
SN 965: Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta
- VMware needs immediate patching
- Midnight Blizzard still on the offensive
- China is quietly "de-American'ing" their networks
- Signal Version 7.0, now in beta
- Meta, WhatsApp, and Messenger -meets- the EU's DMA
- The Change Healthcare cyberattack
- SpinRite update
- Telegram's end-to-end encryption
- KepassXC now supports passkeys
- Login accelerators
- Sites start rejecting @duck.com emails
- Tool to detect chrome extensions change owners
- Sortest SN title
- Passkeys vs 2FA
Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 964: PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol
- "Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer
- Cory Doctorow's Visions of the Future Humble Book Bundle
- CTRL-K shortcut for search on a browser
- Direct bootable image downloading for GRC's servers
- Closing the loop on compromised emails
- Taco Bell's passwordless app
- A solution for Bcrypt's password length limit of 72 bytes
- Data as the missing piece for law enforcement and privacy advocates
- The token solution for email-only login
- Apple's Password Manager Resources on Github
- The risk of long-term persistent cookies in browsers
- Why mainframe industries still require weak passwords
- A conundrum involving an exploitable Response Header error and a bounty payment.
- An inspection of Apple's new Post-Quantum Encryption upgrade
Show Notes - https://www.grc.com/sn/SN-964-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 963: Web portal? Yes please! - Firefox v123, LockBit Disrupted
- Nevada attempts to block Meta's end-to-end encryption for minors.
- A survey of security breaches
- Edge's Super-Duper Secure Mode moves into Chrome
- DoorDash dashes our privacy
- Avast charged $16.5 million for selling user browsing data
- No charge for extra logging!
- European Parliament's IT service has found traces of spyware on the smartphones of its security and defense subcommittee members
- LockBit RaaS group disrupted
- Firefox v123
- The ScreenConnect Authentication Bypass
- SpinRite update
- Introducing BootAble
- Cox moving to Yahoo Mail for users
- Credit Card security
- Exploiting password complexity reqirements?
- Email only logins
- Flipper Zero in Canada
- German Router security
- More Flipper Zero in Canada
- Throwaway email addresses
- Shared email accounts
- Password quality enforcement
- Fingerprint tech and some future stories
Show Notes - https://www.grc.com/sn/SN-963-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 962: The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap
- Wyze breach
- Microsoft patch Tuesday fixes 15 remote code execution flaws
- Why are there password restrictions?
- The Canadian Flipper Zero Ban
- Security on the old internet
- Using Old Passwords
- Passwordless login
- TOTP as a second factor
- German ISP using default router passwords
- Email encryption in transit
- pfSense Tailscale integration
- DuckDuckGo's email protection integration with Bitwarden
- The KeyTrap Vulnerability
Show Notes - https://www.grc.com/sn/SN-962-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors: