Security Now (Audio)

* Brave randomizes its fingerprints. * The next Brave will block Microsoft Recall by default. * Clorox sues its IT provider for $380 million in damages. * 6-month Win10 ESU offers are beginning to appear. * Warfare has significantly become cyber. * Allianz Life loses control of 125 million customers' data. * The CIA's Acquisition Research Center website was hacked. * The Pentagon says the SharePoint RCE didn't get them. * A look at a DPRK "laptop farm" to impersonate Americans. * FIDO's passkey was NOT bypassed by a MITM after all. * Is our data safe anywhere? * The UK is trying to back-pedal out of the Apple ADP mess. * Meanwhile, the EU resumes its push for "Chat Control". * Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf [https://www.grc.com/sn/SN-1036-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * canary.tools/twit - use code: TWIT [http://canary.tools/twit] * threatlocker.com for Security Now [https://www.threatlocker.com/pages/solutions?utm_medium=podcast&utm_source=twit&utm_campaign=securitynow] * bitwarden.com/twit [http://bitwarden.com/twit] * uscloud.com [http://uscloud.com]

* Bypassing all passkey protections. * The ransomware attacks just keep on coming. * Cloudflare capitulates to the MPA and starts blocking. * The need for online age verification is exploding. * Microsoft really wants Exchange Servers to subscribe. * Russia (further) clamps down on Internet usage. * The global trend toward more Internet restrictions. * China can inspect locked Android phones. Use a burner. * Web shells are the new buffer overflow. * An age verification protocol sketch. * What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf [https://www.grc.com/sn/SN-1035-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * zscaler.com/security [http://zscaler.com/security] * 1password.com/securitynow [http://1password.com/securitynow] * go.acronis.com/twit [http://go.acronis.com/twit]

* A glorious takedown of quantum factorization. * Notepad++ signs its own code signing certificate. * Dennis Taylor has Bobiverse Book 6 on his lap. * Crypto/ATM machines flat out outlawed. * Signal vs WhatsApp: Encryption in flight and at rest. * A close look at browser fingerprinting metrics. * Rewriting interpreters in memory-safe languages. * An introduction to zero-knowledge proofs Show Notes - https://www.grc.com/sn/SN-1034-Notes.pdf [https://www.grc.com/sn/SN-1034-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * bitwarden.com/twit [http://bitwarden.com/twit] * joindeleteme.com/twit promo code TWIT [http://joindeleteme.com/twit] * bigid.com/securitynow [http://bigid.com/securitynow] * threatlocker.com for Security Now [https://www.threatlocker.com/pages/solutions?utm_medium=podcast&utm_source=twit&utm_campaign=securitynow] * uscloud.com [http://uscloud.com]

* Another Israeli spyware vendor surfaces. * Win11 to delete restore points more quickly. * The EU accelerates its plans to abandon Microsoft Azure. * The EU sets timelines for Post-Quantum crypto adoption. * Russia to create a massive IMEI database. * Canada and the UK create the "Common Good Cyber Fund". * U.S. states crack down on Bitcoin ATMs amid growing scams. * Congressional staffers cannot use WhatsApp on gov devices. * LibXML2 and the problems with commercial use of OSS. * A(nother) remote code execution vulnerability in WinRAR. * Have-I-Been-Pwned gets a cool data visualization site. * How is ransomware getting in? * Windows to offer "safe" non-kernel endpoint security? * Proactive age verification coming to porn sites. How? * Canada (also) says "bye bye" to Hikvision. * Germany will be banning DeekSeek. The whole EU may follow. * Cloudflare throttled in Russia? * What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf [https://www.grc.com/sn/SN-1033-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * expressvpn.com/securitynow [http://expressvpn.com/securitynow] * Melissa.com/twit [http://Melissa.com/twit] * 1password.com/securitynow [http://1password.com/securitynow] * hoxhunt.com/securitynow [http://hoxhunt.com/securitynow] * canary.tools/twit - use code: TWIT [http://canary.tools/twit]

• Let's Encrypt drops its long-running email notifications. • Microsoft's new "Unexpected Restart Experience". • Microsoft's response to last year's massive CrowdStrike outage. • Windows 10's extended service updates will sort of be free. • Russia-sold iPhones MUST include the RuStore app. • Lyon, in France, says bye-bye to Windows. Hello to Linux. • The US Gov gets more serious about memory-safe languages. • A new unbelievable AI malware scanner evaSion technique. • A new pair of Cisco 9.8 and 10.0 vulnerabilities. • The current state of post-Elon government cybersecurity. • PNGv3, Swift on Android, and the Samsung email purge. • Andy Weir's "Hail Mary" movie trailer. • And a close look at the pervasiveness of web browser tracking fingerprinting. Show Notes - https://www.grc.com/sn/sn-1032-notes.pdf [https://www.grc.com/sn/sn-1032-notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * go.acronis.com/twit [http://go.acronis.com/twit] * bitwarden.com/twit [http://bitwarden.com/twit] * threatlocker.com/twit [http://threatlocker.com/twit] * joindeleteme.com/twit promo code TWIT [http://joindeleteme.com/twit]