Security Now-logo

Security Now

TWiT

Steve Gibson, the man who bitcoined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Steve Gibson, the man who bitcoined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.
More Information

Location:

United States

Networks:

TWiT

Description:

Steve Gibson, the man who bitcoined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Twitter:

@SecurityNow

Language:

English

Contact:

1–88–88 ASK LEO


Episodes

SN 664: SpectreNG Revealed

5/22/2018
More
This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threat of voice assistant spoofing attacks, the evolving security of HTTP, still more new trouble with GPON routers, Facebook's Android app mistake, BMW's 14 security flaws and some fun miscellany. Then we examine the news of the...

Duration:01:48:02

SN 663: Ultra-Clever Attacks

5/15/2018
More
This week we will examine two incredibly clever, new (and bad) attacks named eFail and Throwhammer. But first we catchup on the rest of the past week's security and privacy news, including the evolution of UPnProxy, a worrisome flaw discovered in a very popular web development platform, the 1st anniversary of EternalBlue, the exploitation of those GPON routers, this week's disgusting security head shaker, a summary of the RSA conference's security practices survey, the appearance of...

Duration:01:41:26

SN 662: Spectre - NextGen

5/8/2018
More
This week we begin by updating the status of several ongoing security stories: Russia vs Telegram, DrupalGeddon2, and the return of RowHammer. We will conclude with MAJOR new bad news related to Spectre. We also have a new cryptomalware, Twitter's in-the-clear passwords mistake, New Android 'P' security features, a crazy service for GDPR compliance, Firefox's sponsored content plan, another million routers being attacked, More deliberately compromised JavaScript found in the wild, a new...

Duration:01:54:41

SN 661: Securing Connected Things

5/1/2018
More
Windows 10 got a new spring in its step, Microsoft further patches Intel microcode, even the UK's NHS plans to update, another hack of modern connected autos, Oracle's botched WebLogic patch, an interesting BSOD-on-demand Windows hack, a PDF credentials theft hack (which Adobe won't fix), your Echo may be listening to you, a powerful Hotel keycard hack, a bit of errata and feedback, and a discussion of another Microsoft-driven security initiative. We invite you to read our show...

Duration:02:10:49

SN 660: Azure Sphere

4/24/2018
More
This week we discuss Drupalgeddon2 continuing to unfold right on plan, the Orangeworm takes aim at medical equipment and companies, the FDA moves forward on requiring device updates, Microsoft leads a new Cybersecurity Tech Accord, another instance of loud noises and hard drives not mixing, considerations for naming your WiFi network, the unappreciated needs of consumer routers, Google's new unencrypted messaging app push, Amazon pulls the trigger on "in-car" package delivery, the first...

Duration:02:09:44

SN 659: Never a Dull Moment

4/17/2018
More
This week we discuss AMD's release of their long-awaited Spectre variant 2 microcode patches, the end of Telegram messenger in Russia, the on-time arrival of Drupalgeddon2, Firefox and TLS v1.3, the new and widespread UPnProxy attacks, Microsoft's reversal on no longer providing Windows security updates without A/V installed, Google Chrome's decision to prematurely remove HTTP cookies, the Android "patch gap", renewed worries over old and insecure Bitcoin crypto, new attacks on old IIS,...

Duration:01:45:25

SN 658: Deprecating TLS 1.0 & 1.1

4/10/2018
More
This week we discuss Intel's big Spectre microcode announcement, Telegram is not long for Russia, the US law enforcement's continuing push for "lawful decryption", more state-level net neutrality news, Win10's replacement for "Disk Cleanup", a bug bounty policy update, some follow-up to last week's Quad-1 DNS conversation, why clocks had been running slow throughout Europe... then a look at the deprecation of earlier version of TLS and a big Cisco mistake. We invite you to read our show...

Duration:01:55:54

SN 657: ProtonMail

4/3/2018
More
This week we discuss "DrupalGeddon2", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at Google's Chrome store, another "please change your passwords" after another website breach, a bit of miscellany, a heart-warming SpinRite report, some closing...

Duration:01:59:02

SN 656: TLS v1.3 Happens

3/27/2018
More
The mess with US voting machines, technology's inherent security vs convenience tradeoff, the evolving 2018 global threat landscape, welcome news on the bug bounty front from Netflix and Dropbox, we have the interesting results of Stack Overflow's 8th annual survey of 101,592 developers, worrisome news on the US government data overreach front, some useful and important new web browser features, messenger app troubles, a CRITICAL Drupal updated coming tomorrow, some welcome news for DNS...

Duration:02:02:48

SN 655: Pwn2Own 2018

3/20/2018
More
This week we discuss the aftermath of CTS Labs' abrupt disclosure of flaws in AMD's outsourced chipsets, Intel's plans for the future and their recent microcode update news, several of Microsoft's recent announcements and actions, the importance of testing... in this case VPNs; the first self-driving automobile pedestrian death, a SQRL update, a bit of closing the loop feedback with our listeners, and a look a the outcome of last week's annual Pwn2Own hacking competition. Hosts: Steve...

Duration:01:51:30

SN 654: AMD Chipset Disaster

3/13/2018
More
This week we discuss the just-released news of major trouble for AMD's chipset security, ISPs actively spreading state-sponsored malware, Windows 10 S coming soon, a large pile of cryptocurrency mining-driven shenanigans, tomorrow's Pwn2Own competition start, surprising stats about Spam botnet penetration, and a week #2 update on the new Memcached DDoS attacks. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit...

Duration:02:06:58

SN 653: MemCrashed

3/6/2018
More
This week we discuss some very welcome microcode news from Microsoft, ten (yes, ten!) new 4G LTE network attacks, the battle over how secure TLS v1.3 will be allowed to be, the incredible Trustico certificate fiasco, the continually falling usage of Adobe Flash, a new and diabolical cryptocurrency-related malware, the best Sci-Fi news in a LONG time, some feedback from our terrific listeners... and a truly record smashing (and not in a good way) new family of DDoS attacks. We invite you...

Duration:02:03:16

SN 652: WebAssembly

2/27/2018
More
This week we discuss Intel's Spectre & Meltdown microcode update, this week in crypto jacking, Tavis strikes again, Georgia on my mind (and not in a good way), news from the iPhone hackers at Cellebrite, Apple to move its Chinese customer data, e-Passports? Not really, Firefox 60 loses a feature, the IRS, and cryptocurrencies, Android P enhances Privacy, malicious code signing news, a VERY cool Cloudfront/Troy Hunt hack, a bit of errata, miscellany, and closing the loop feedback from our...

Duration:02:20:18

SN 651: Russian Meddling Technology

2/20/2018
More
This week we examine and discuss the appearance of new forms of Meltdown and Spectre attacks, the legal response against Intel, the adoption of new cybersecurity responsibility in New York, some more on Salon and authorized crypto mining, more on software cheating auto emissions, a newly revealed instance of highly profitable mal-mining, checking in on Lets Encrypts steady growth, the first crack of Windows uncrackable UWP system, Apple' whacky Telugu Unicode attacks, a frightening...

Duration:01:57:51

SN 650: CryptoCurrency Antics

2/13/2018
More
This week we discuss today's preempted 2nd Tuesday of the month, slow progress on the Intel Spectre firmware update front, a worse-than-originally-thought Cisco firewall appliance vulnerability, the unsuspected threat of hovering hacking drones, hacking at the Winter Olympics, Kaspersky's continuing unhappiness, the historic leak of Apple's iOS boot source code, a critical WiFi update for some Lenovo laptop users, a glitch at Wordpress, a butt of miscellany -- including a passwords rap...

Duration:01:47:16

SN 649: Meltdown & Spectre Emerge

2/6/2018
More
This week we observe that the Net Neutrality battle is actually FAR from lost, ComputerWorld's Woody Leonard enumerates a crazy January of updates, "EternalBlue" is turning out to be far more eternal than we'd wish, will Flash EVER die? A new 0-day Flash exploit in the wild, what happens when you combine Shodan with Metasploit?, Firefox 59 takes another privacy enhancing step forward, a questionable means of sneaking data between systems, another fun SpinRite report from the field, some...

Duration:01:40:47

SN 648: Post Spectre?

1/30/2018
More
This week we discuss continuing Spectre updates, how not to treat Tavis Ormandy, a popular dating app where you'd really hope for HTTPS but be surprised to find it missing, the unintended consequences of global posting of fitness tracking data, gearing up (or not) for this year's voting machine hack'fest, another record broken by a cryptocurrency exchange heist, bad ads and fake ads, the unclear fate of the BSD operating systems, a caution about Dark Caracal's CrossRAT Trojan, another...

Duration:01:55:54

SN 647: The Dark Caracal

1/23/2018
More
The Meltdown and Spectre vulnerabilities continue to dominate the week's news. So we'll first catch up with what's new there, then discuss the new Net Neutrality violation detection apps that are starting to appear, a new app and browser plug from the search privacy provider DuckDuckGo, a bit of welcome news from Apple's Tim Cook about their planned response to the iPhone battery-life and performance debacle, a bit of errata and some feedback from our terrific listeners. Then we take a...

Duration:01:48:32

SN 646: The InSpectre

1/16/2018
More
This week we discuss more trouble with Intel's AMT, what does Skype's use of Signal really mean, the UK's data protection legislation gives researchers a bit of relief, the continuing winding down of HTTP, "progress" on the development of Meltdown attacks, Google successfully tackles the hardest-to-fix Spectre concern with a Return Trampoline, some closing the loop feedback with our terrific listeners, and the evolving landscape of Meltdown and Spectre, including Steve's just completed...

Duration:01:39:33

SN 645: The Speculation Meltdown

1/9/2018
More
This week, before we focus upon the industry-wide catastrophe enabled by precisely timing the instructed execution of all contemporary high-performance processor architectures... we examine a change in Microsoft's policy regarding non-Microsoft A/V systems, Firefox Quantum's performance when tracking protections are enabled, the very worrisome hard-coding backdoors in ten of Western Digital's MyCloud drives, and if at first (WEP) and at second (WPA) and at third (WPA2) and at forth...

Duration:02:09:09

Try Premium for 30 days

Live games for all NFL, MLB, NBA, & NHL teams
Commercial-Free Music
No Display Ads