Security Now (MP3)

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

https://twit.tv/shows/security-now

subscribe
share


 
 

    SN 608: News & Feedback Potpurri


    This week Steve and Leo discuss another new side-channel attack on smartphone PIN entry (and much more), Smartphone fingerprint readers turn out to be far more spoofable that we had hoped. All Linux kernels prior to v4.5 are vulnerable to a serious remote network attack over UDP, a way to prevent Google from tracking the search links we click (and to allow us to copy the links from the search results), the latest NSA Vault7 data dump nightmare, the problem with punycode domains,...


    share





    2h21m
    Wednesday

    SN 607: Proactive Privacy, Really!


    This week Steve and Leo discuss Symantec finding 40 past attacks explained by the Vault7 document leaks, an incremental improvement coming to CA certificate issuance, Microsoft patches a 0-day Office vulnerability that was being exploited in the wild, what's a "BricketBot"?, why you need a secure DNS registrar, This Week in IoT Tantrums, a head shaker from our "You really can't make this stuff up" department, the present danger of fake VPN services, an older edition of Windows...


    share





    2h29m
    last week

    SN 606: Proactive Privacy


    This week Steve and Leo discuss another iOS Update update, more bad news and some good news on the IoT front, the readout on Tavis Ormandy's shower revelation, more worrisome anti-encryption saber rattling from the EU, a look at a recent Edward Snowden tweet, Samsung's S8 mistake, a questionable approach to online privacy, celebrating the 40th anniversary of Alice and Bob, some quickie feedback loops from our listeners, and an update on Steve's projects.

    We invite you to...


    share





    2h7m
    this month

    SN 605: Google -vs- Symantec


    This week Steve and Jason discuss... Google's Tavis Ormandy takes a shower, iOS gets a massive feature and security update, a new target for 'Bot money harvesting appears, Microsoft suffers a rather significant user-privacy fail, the UK increases its communications decryption rhetoric, a worrisome vote in the US senate, NEST fails to respond to a researcher's report, this week in IoT nonsense, a fun quote of the week, a bit of miscellany, some quickie questions from our listeners,...


    share





    2h32m
    this month

    SN 604: Taming Web Ads


    This week Steve and Leo discuss developments in the new windows on old hardware front, Cisco finds a surprise in the Vault7 docs, Ubiquity was caught with the PHPs down, CheckPoint discovered problems in WhatsApp and Telegram, some interesting details about the long-running Yahoo breaches, the death of the "eBay Football", the latest amazing IoT insanity, the incredible results of the CanSecWest Pwn2Own competition, a classic "you're doing it wrong" example, Tavis pokes LastPass...


    share





    2h4m
    last month

    SN 603: Vault 7


    This week Steve and Leo discuss March's long-awaited patch Tuesday, the release deployment of Google Invisible reCaptcha, getting more than you bargained for with a new Android smartphone, the new "Find my iPhone" phishing campaign, the failure of Wi-Fi anti-tracking, a nasty and significant new hard-to-fix web server 0-day vulnerability, what if your ISP decides to unilaterally block a service you depend upon? Shining some much-needed light onto a poorly conceived end-to-end...


    share





    1h57m
    last month

    SN 602: Let's Spoof!


    Countdown to March's patch Tuesday; what was behind Amazon's S3 outage? Why don't I have a cellular connectivity backup? Some additional Cloudflare perspective, Amazon to fight another day over their Voice Assistant's privacy, an examination of the top 9 Android password managers uncovers problems, another lifeless malware campaign found in the wild, security improvements in Chrome and Firefox, a proof of concept for BIOS ransomware, a how-to walk-through for return-oriented...


    share





    2h27m
    last month

    SN 601: The First SHA-1 Collision


    This week, Leo and Steve discuss the "CloudBleed" adventure, another project zero 90-day timer expires for Microsoft, this week's IoT head-shaker, a New York airport exposes critical server data for a year, another danger created by inline third party TLS-intercepting "middleboxes", more judicial thrashing over fingerprint warrants, Amazon says no to Echo data warrant, a fun drone-enabled proof on concept is widely misunderstood, another example of A/V attack surface expansion,...


    share





    1h49m
    last month

    SN 600: The MMU Side-Channel Attack


    The story behind Microsoft's Patch Tuesday security update disaster. CyberX discovered a new large-scale cyber-reconnaissance operation targeting Ukraine targets: using vulnerabilities in Dropbox data traffic, DDL malware injection. Find out how easy it is to hack and steal an internet connected car. Chrome 56 update that hides connection certificate info. The future of Firefox add-ons. The lock screen of Win 10 leaking Clipboard contents. Project Zero's Windows flaw and NVIDIA...


    share





    2h15m
    this year

    SN 599: TLS Interception INsecurity


    Patch Tuesday DELAYED (and we may know why!), our favorite ad-blocker embraces the last major browser, a university gets attacked by its own vending machines, PHP leaps into the future, a slick high-end Linux hack, the rise of fileless malware, some good advice for tax time, it's not only Android's pattern lock that's vulnerable to visual eavesdropping, what happens with you store a huge pile of Samsung Note 7's in one place?, some fun miscellany, a MUST NOT MISS science fiction...


    share





    1h52m
    this year