Security Now
SN 706: Open Source eVoting
- Last week's Patch Tuesday March Madness
- Win7 SHA256 Windows Update... Update
- Many attacks leveraging the recently discovered WinRAR vulnerability
- What happens when Apple, Google, and GoDaddy all drop a bit?
- A big recent jump in Mirai Botnet Capability
- Compromised Counter-Strike gaming servers
- Privacy enhancements coming in Android Q
- A pair of very odd web browser extensions for Chrome and Firefox from Microsoft
- A VERY exciting and encouraging project to create an entirely open eVoting system
Hosts: Leo Laporte and Steve Gibson
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 705: SPOILER
- 0-day exploit bidding war
- NSA releases Ghidra v9
- Firefox's adds Tor privacy
- A pair of nasty 0-days
- A worrisome breach at Citrix
- The risk of claiming to be an unhackable aftermarket car alarm
- A new and interesting "Windows developers chatting with users" idea at Microsoft
- A semi-solution to Windows updates crashing systems
- Detailed news of the Marriott/Starwood breach, a bit of miscellany from
- SPOILER: Another new and different consequence of speculation on Intel machines.
We invite you to read our show notes at https://www.grc.com/sn/SN-705-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 704: Careers in Bug Hunting
- The increasing feasibility of making a sustainable career out of hunting for software bugs
- A newly available improvement in Spectre mitigation performance and who can try it now
- Adobe's ColdFusion emergency and patch,
- More problems with A/V and self-signed certs
- A Docker vulnerability being exploited in the wild
- The end of Coinhive
- A new major Wireshark release
- A nifty web browser website screenshot hack
- Continuing troubles with the over-privileged Thunderbolt interface
- Bot-based credential stuffing attacks
We invite you to read our show notes at https://www.grc.com/sn/SN-704-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
SN 703: Out in the Wild
- A number of ongoing out-in-the-wild attacks
- Another early-warned Drupal vulnerability
- A 19-year old flaw in an obscure decompress for the "ACE" archive format
- Microsoft reveals an abuse of HTTP/2 protocol which is DoSing its IIS servers.
- Mozilla faces a dilemma about a wanna-be Certificate Authority and they also send a worried letter to Australia.
- Microsoft's Edge browser is revealed to be secretly whitelisting 58 web domains which are allowed to bypass its "Click-To-Run" permission for Flash.
- ICANN renews its plea for the Internet to adopt DNSSEC.
- NVIDIA releases a handful of critical driver updates for Windows.
- Apple increases the intelligence of it's Intelligent Tracking Prevention.
We invite you to read our show notes at https://www.grc.com/sn/SN-703-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors: