Security Now (Video HI)

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.



      episode 659: Never a Dull Moment

      This week we discuss AMD's release of their long-awaited Spectre variant 2 microcode patches, the end of Telegram messenger in Russia, the on-time arrival of Drupalgeddon2, Firefox and TLS v1.3, the new and widespread UPnProxy attacks, Microsoft's reversal on no longer providing Windows security updates without A/V installed, Google Chrome's decision to prematurely remove HTTP cookies, the Android "patch gap", renewed worries over old and insecure Bitcoin crypto, new attacks on old IIS,...



      episode 658: Deprecating TLS 1.0 & 1.1

      This week we discuss Intel's big Spectre microcode announcement, Telegram is not long for Russia, the US law enforcement's continuing push for "lawful decryption", more state-level net neutrality news, Win10's replacement for "Disk Cleanup", a bug bounty policy update, some follow-up to last week's Quad-1 DNS conversation, why clocks had been running slow throughout Europe... then a look at the deprecation of earlier version of TLS and a big Cisco mistake.

      We invite you to read...



      episode 657: ProtonMail

      This week we discuss "DrupalGeddon2", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at Google's Chrome store, another "please change your passwords" after another website breach, a bit of miscellany, a heart-warming SpinRite report, some closing...



      episode 656: TLS v1.3 Happens

      The mess with US voting machines, technology's inherent security vs convenience tradeoff, the evolving 2018 global threat landscape, welcome news on the bug bounty front from Netflix and Dropbox, we have the interesting results of Stack Overflow's 8th annual survey of 101,592 developers, worrisome news on the US government data overreach front, some useful and important new web browser features, messenger app troubles, a CRITICAL Drupal updated coming tomorrow, some welcome news for DNS...



      episode 655: Pwn2Own 2018

      This week we discuss the aftermath of CTS Labs' abrupt disclosure of flaws in AMD's outsourced chipsets, Intel's plans for the future and their recent microcode update news, several of Microsoft's recent announcements and actions, the importance of testing... in this case VPNs; the first self-driving automobile pedestrian death, a SQRL update, a bit of closing the loop feedback with our listeners, and a look a the outcome of last week's annual Pwn2Own hacking competition.



       2018-03-20  1h51m

      episode 654: AMD Chipset Disaster

      This week we discuss the just-released news of major trouble for AMD's chipset security, ISPs actively spreading state-sponsored malware, Windows 10 S coming soon, a large pile of cryptocurrency mining-driven shenanigans, tomorrow's Pwn2Own competition start, surprising stats about Spam botnet penetration, and a week #2 update on the new Memcached DDoS attacks.

      Hosts: Steve Gibson and Leo Laporte

      Download or subscribe to this show at...


       2018-03-14  2h6m

      episode 653: MemCrashed

      This week we discuss some very welcome microcode news from Microsoft, ten (yes, ten!) new 4G LTE network attacks, the battle over how secure TLS v1.3 will be allowed to be, the incredible Trustico certificate fiasco, the continually falling usage of Adobe Flash, a new and diabolical cryptocurrency-related malware, the best Sci-Fi news in a LONG time, some feedback from our terrific listeners... and a truly record smashing (and not in a good way) new family of DDoS attacks.



       2018-03-07  2h3m

      episode 652: WebAssembly

      This week we discuss Intel's Spectre & Meltdown microcode update, this week in crypto jacking, Tavis strikes again, Georgia on my mind (and not in a good way), news from the iPhone hackers at Cellebrite, Apple to move its Chinese customer data, e-Passports? Not really, Firefox 60 loses a feature, the IRS, and cryptocurrencies, Android P enhances Privacy, malicious code signing news, a VERY cool Cloudfront/Troy Hunt hack, a bit of errata, miscellany, and closing the loop feedback from...


       2018-02-28  2h20m

      episode 651: Russian Meddling Technology

      This week we examine and discuss the appearance of new forms of Meltdown and Spectre attacks, the legal response against Intel, the adoption of new cybersecurity responsibility in New York, some more on Salon and authorized crypto mining, more on software cheating auto emissions, a newly revealed instance of highly profitable mal-mining, checking in on Lets Encrypts steady growth, the first crack of Windows uncrackable UWP system, Apple' whacky Telugu Unicode attacks, a frightening...


       2018-02-21  1h57m

      episode 650: CryptoCurrency Antics

      This week we discuss today's preempted 2nd Tuesday of the month, slow progress on the Intel Spectre firmware update front, a worse-than-originally-thought Cisco firewall appliance vulnerability, the unsuspected threat of hovering hacking drones, hacking at the Winter Olympics, Kaspersky's continuing unhappiness, the historic leak of Apple's iOS boot source code, a critical WiFi update for some Lenovo laptop users, a glitch at Wordpress, a butt of miscellany -- including a passwords rap...


       2018-02-14  1h47m