Security Now (Audio)

• Let's Encrypt drops its long-running email notifications. • Microsoft's new "Unexpected Restart Experience". • Microsoft's response to last year's massive CrowdStrike outage. • Windows 10's extended service updates will sort of be free. • Russia-sold iPhones MUST include the RuStore app. • Lyon, in France, says bye-bye to Windows. Hello to Linux. • The US Gov gets more serious about memory-safe languages. • A new unbelievable AI malware scanner evaSion technique. • A new pair of Cisco 9.8 and 10.0 vulnerabilities. • The current state of post-Elon government cybersecurity. • PNGv3, Swift on Android, and the Samsung email purge. • Andy Weir's "Hail Mary" movie trailer. • And a close look at the pervasiveness of web browser tracking fingerprinting. Show Notes - https://www.grc.com/sn/sn-1032-notes.pdf [https://www.grc.com/sn/sn-1032-notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * go.acronis.com/twit [http://go.acronis.com/twit] * bitwarden.com/twit [http://bitwarden.com/twit] * threatlocker.com/twit [http://threatlocker.com/twit] * joindeleteme.com/twit promo code TWIT [http://joindeleteme.com/twit]

* China's Salt Typhoon claims another victim (or two). * State healthcare portals are tracking and leaking. No kidding. * Apple adopts FIDO's Passkeys and other credentials transport. * Facebook gets Passkey logon. * TikTok continues ticking for at least another 90 days. * Canadian telco admits they were infiltrated by Salt Typhoon. * Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. * The Austrian government legislates court-warranted message decryption. * I (Steve) finally get full clarity on what today's "AI" means. * A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf [https://www.grc.com/sn/SN-1031-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * 1password.com/securitynow [http://1password.com/securitynow] * hoxhunt.com/securitynow [http://hoxhunt.com/securitynow] * outsystems.com/twit [http://outsystems.com/twit] * bigid.com/securitynow [http://bigid.com/securitynow] * zscaler.com/security [http://zscaler.com/security]

* An exploited iOS iMessage vulnerability Apple denies? * The NPM repository is under siege with no end in sight. * Were Comcast and Digital Realty compromised? Don't ask them. * Matthew Green agrees: XChat does not offer true security. * We may know how Russia is convicting Telegram users. * Microsoft finally decides to block two insane Outlook file types. * 40,000 openly available video camera are online. Who owns them? * Running SpinRite on encrypted drives. * An LLM describes Steve's (my) evolution on Microsoft security. * What do we know about the bots that are scanning the Internet? Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf [https://www.grc.com/sn/SN-1030-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * joindeleteme.com/twit promo code TWIT [http://joindeleteme.com/twit] * bitwarden.com/twit [http://bitwarden.com/twit] * material.security [https://material.security] * drata.com/securitynow [http://drata.com/securitynow] * bigid.com/securitynow [http://bigid.com/securitynow]

* In memoriam: Bill Atkinson * Meta native apps & JavaScript collude for a localhost local mess. * The EU rolls out its own DNS4EU filtered DNS service. * Ukraine DDoS's Russia's Railway DNS ... and... so what? * The Linux Foundation creates an alternative Wordpress package manager. * Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( * A CVSS 10.0 in Erlang/OTP's SSH library. * Can Russia intercept Telegram? Perhaps. * Spain's ISPs mistakenly block Google sites. * Reddit sues Anthropic. * Twitter's new encrypted DM's are as lame as the old ones. * The Login.gov site may not have any backups. * Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf [https://www.grc.com/sn/SN-1029-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * hoxhunt.com/securitynow [http://hoxhunt.com/securitynow] * threatlocker.com for Security Now [https://www.threatlocker.com/pages/solutions?utm_medium=podcast&utm_source=twit&utm_campaign=securitynow] * uscloud.com [http://uscloud.com] * canary.tools/twit - use code: TWIT [http://canary.tools/twit]

* Pwn2Own 2025, Berlin results. * PayPal seeks a "newly registered domains" patent. * An expert iOS jailbreak developer gives up. * The rising abuse of SVG images, via JavaScript. * Interesting feedback from our listeners. * Four classic science fiction movies not to miss. * How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf [https://www.grc.com/sn/SN-1028-Notes.pdf] Hosts: Steve Gibson [https://twit.tv/people/steve-gibson] and Leo Laporte [https://twit.tv/people/leo-laporte] Download or subscribe to Security Now at https://twit.tv/shows/security-now [https://twit.tv/shows/security-now]. You can submit a question to Security Now at the GRC Feedback Page [https://www.grc.com/feedback.htm]. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com [https://www.grc.com/securitynow.htm], also the home of the best disk maintenance and recovery utility ever written Spinrite 6 [https://www.grc.com/sr/spinrite.htm]. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit [https://twit.tv/clubtwit] Sponsors: * material.security [https://material.security] * outsystems.com/twit [http://outsystems.com/twit] * bigid.com/securitynow [http://bigid.com/securitynow] * bitwarden.com/twit [http://bitwarden.com/twit] * joindeleteme.com/twit promo code TWIT [http://joindeleteme.com/twit]