Security Now-logo

Security Now

9.4K Favorites

More Information

Location:

United States

Networks:

TWiT

Description:

Steve Gibson, the man who bitcoined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Twitter:

@SecurityNow

Language:

English

Contact:

1–88–88 ASK LEO


Episodes

SN 629: Apple Bakes Cookies

9/19/2017
More
This week Padre and Steve discuss what was up with Security Now's recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on forthcoming browser encrypted media extensions (EME), an emerging browser-based payment standard, when 2-factor is not 2-factor, the CCleaner breach and what it means, a new Bluetooth-based attack, an incredibly welcome and brilliant cookie privacy feature in iOS 11, and a heads-up caution about the volatility of Google's Android...

Duration: 02:09:33


SN 628: Equifax Fiasco

9/13/2017
More
This week we discuss last Friday's passing of our dear friend and colleague Jerry Pournelle, when AI is turned to evil purpose, whether and when Google's Chrome browser will warn of man in the middle attacks, why Google is apparently attempting to patent pieces of a compression technology they did not invent, another horrifying router vulnerability disclosure -- including ten 0-day vulnerabilities, an update on the sunsetting of Symantec's CA business unit, another worrying failure at...

Duration: 01:59:13


SN 627: Sharknado

9/6/2017
More
(Although there are an unbelievable FIVE Sharknado movies, this will be the first and last time we use that title for a podcast!) This week we have another update on Marcus Hutchins, we discuss the validity of Wikileaks documents, the feasibility of rigorously proving software correctness, nearly half a million people need to get their body's firmware updated, another controversial CIA project exposed by Wikileaks, a careful analysis of the FCC's Title II Net Neutrality public comments...

Duration: 02:09:09


SN 626: Shattering Trust

8/29/2017
More
This week we cover a bit of the ongoing drama surrounding Marcus Hutchins, examine a reported instance of interagency hacking, follow the evolving market for 0-day exploits, examine trouble arising from the continued use of a deprecated Apple security API, discover that Intel's controversial platform management engine can , after all, be disabled, look into another SMS attack, bring note to a nice looking TOTP authenticator, recommend an alternative to the shutting-down CrashPlan, deal...

Duration: 02:11:09


SN 625: Security Politics

8/22/2017
More
This week we discuss the continuing Marcus Hutchins drama, the disclosure of a potentially important Apple secret, a super-cool website and browser extension our listeners are going to appreciate, trouble with extension developers being targeted, a problem with the communication bus standard in every car, an important correction from Elcomsoft, two 0-days in Foxit's PDF products, Lava lamps for entropy, the forthcoming iOS 11 TouchID kill switch, very welcome Libsodium audit results, a...

Duration: 02:18:54


SN 624: Twelve and Counting

8/16/2017
More
This week we have a Marcus Hutchins update, the backstory on the NIST's rewrite of their 15-year-old password guidance, can DNA be used to hack a computer? Can stop sign graffiti be used to misdirect autonomous vehicles?, the final nail in the WoSign/StartCom coffin, why we need global Internet policy treaties, this week in "researchers need protection", a VPN provider who is doing everything right, Elcomsoft's password manager cracker, a bit of errata and miscellany... and some closing...

Duration: 02:22:15


SN 623: Inching Forward

8/8/2017
More
This week we discuss and look into DigiCert's acquisition of Symantec's certificate authority business unit, LogMeIn's LastPass Premium price hike, the troubling case of Marcus Hutchins' post-Defcon arrest, another instance of WannaCry-style SMBv1 propagation, this week's horrific IoT example, some hopeful IoT legislation, the consequences of rooting early Amazon Echoes, the drip drip drip of Wikileaks Vault 7 drips again, Mozilla's VERY interesting easy-to-use secure large file...

Duration: 02:17:41


SN 622: Hack the Vote

8/1/2017
More
This week we look at the expected DEF CON fallout including the hacking of US election voting machines, Microsoft's enhanced bug bounty program, the wormification of the Broadcom WiFi firmware flaw, the worries when autonomous AI agents begin speaking in their own language which we cannot understand, Apple's pulling VPN clients from its Chinese app store, a follow-up on iRobot's floor plan mapping intentions, some new on the Chrome browser front, the 18th Vault-7 Wikileaks dump, and some...

Duration: 01:53:09


SN 621: Crypto Tension

7/25/2017
More
We start off this week with a fabulous picture of the week and for the first time in this podcast's 12-year history, our first quote of the week. Then we'll be discussing the chilling effects of arresting ethical hackers, the upcoming neutrality debate congressional hearing, something troubling encountered at McAfee.com, an entirely new IoT nightmare you couldn't have seen coming and just won't believe, the long-awaited Adobe Flash end-of-life schedule, welcome performance news for...

Duration: 02:16:27


SN 620: Calm Before the Storm

7/18/2017
More
This week, while waiting for news from the upcoming BlackHat & DefCon conventions, we discuss another terrific security eBook bundle offer, a Net Neutrality follow-up, a MySpace account recovery surprise, another new feature coming to Win10, the wrongheadedness of paste-blocking web forms, Australia versus the laws of math, does an implanted pacemaker meet the self-incrimination exemption?, an updated worse-case crypto-future model, it's surprising what you can find at a flea market,...

Duration: 02:01:46


SN 619: All the Usual Suspects

7/11/2017
More
This week we have all the usual suspects: Governments regulating their citizenry, evolving Internet standards, some brilliant new attack mitigations and some new side-channel attacks, browsers responding to negligent certificate authorities, specious tracking lawsuits, flying device jailbreaking, more IoT tomfoolery, this week's horrifying Android vulnerability, more Vault7 CIA Wikileaks, a great tip about controlling the Internet through DNS... and even more! In other words, all of the...

Duration: 02:06:39


SN 618: Research: Useful and Otherwise

6/27/2017
More
This week we discuss another terrific NIST initiative, RSA crypto in a quantum computing world, Cisco's specious malware detection claims, the meaning of post-audit OpenVPN bug findings, worrisome bugs revealed in Intel's recent Skylake and KabyLake processors, the commercialization of a malware technique, WannyCry keeps resurfacing, LinkSys responds to the CIA's Vault7 CherryBomb firmware, another government reacts to encryption, the NSA's amazing Github repository, more news about HP...

Duration: 02:01:32


SN 617: When Governments React

6/20/2017
More
This week we discuss France, Britain, Japan, Germany & Russia each veering around in their Crypto Crash Cars, Wikileaks' Vault7 reveals widespread CIA WiFi router penetration, why we can no longer travel with laptops, HP printer security insanity, how long are typical passwords?, Microsoft to kill off SMBv1, the all-time mega ransomware payout, Google to get into the whole-system backup business, hacking PCs with "Vape Pens", a bit of miscellany, and a bunch of Closing the Loop feedback...

Duration: 02:05:07


SN 616: Things Are Getting Worse

6/13/2017
More
This week we discuss clever malware hiding its social media communications, the NSA documents the Russian election hacking two-factor authentication bypass, meanwhile, other Russian attackers leverage Google's own infrastructure to hide their spoofing, Tavis finds more problems in Microsoft's anti-malware protection, a cryptocurrency-stealing malware, more concerns over widespread Internet-connected camera design, malware found to be exploiting Intel's AMT motherboard features, the new...

Duration: 02:12:50


SN 615: Legacy's Long Tail

6/6/2017
More
This week we discuss an embarrassing high-profile breach of an online identity company, an over-hyped problem found in Linux's sudo command, the frightening software used by the UK's Trident nuclear missile submarine launch platforms, how emerging nations prevent high school test cheating, another lesson about the danger of SMS authentication codes, another worrisome SHODAN search result, high-penetration dangerous adware from a Chinese marketer, another "that's not a bug" bug in Chrome...

Duration: 02:08:47


SN 614: Vulnerabilities Galore!

5/30/2017
More
This week we discuss a new non-eMail medium for spear phishing, Chipotle can't catch a break, social engineering WannaCry exploits on Android, video subtitling now able to take over our machines, a serious Android UI design flaw that Google appears to be stubbornly refusing to address, Linux gets its own version of WannaCry, another dangerous NSA exploit remains unpatched and publicly exploitable on WinXP and Server 2003 machines, a look at 1Password's brilliant and perfect new "Travel...

Duration: 02:13:46


SN 613: WannaCry Aftermath

5/23/2017
More
This week we examine a bunch of WannaCry follow-ups, including some new background, reports of abilities to decrypt drives, attacks on the Killswitch, and more. We also look at what the large StackOverflow site had to do to do HTTPS, the Wi-Fi security of various properties owned by the US president, more worrisome news coming from the UK's Teresa May, the still sorry state of certificate revocation, are SSDs also subject to RowHammer-like attacks? Some miscellany, and closing the loop...

Duration: 02:21:13


SN 612: Makes You WannaCry

5/16/2017
More
This week Steve and Leo discuss an update on the FCC's Net Neutrality comments, the discovery of an active keystroke logger on dozens of HP computer models, the continuing loss of web browser platform heterogeneity, the OSTIF's just-completed OpenVPN security and practices audit, more on the dangers of using smartphones as authentication tokens, some extremely welcome news on the Android security front, long-awaited updated password recommendations from NIST, some follow-up errata, a bit...

Duration: 02:11:28


SN 611: Go FCC Yourself

5/9/2017
More
This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft's built-in malware scanning technology, Patch Tuesday, Google's Android patches, SMS 2-factor authentication breached, Google goes phishing, the emergence of ultrasonic device tracking, lots of additional privacy news, some errata and miscellany, actions US citizens can take to express their dismay over recent Net Neutrality legislation, and some quick...

Duration: 02:25:12


SN 610: Intel's Mismanagement Engine

5/2/2017
More
This week Steve and Leo discuss the long-expected remote vulnerability in Intel's super-secret motherboard Management Engine technology, exploitable open ports in Android apps, another IoT blows a suspect's timeline, newly discovered problems in the Ghostscript interpreter, yet another way for ISPs and others to see where we go, a new bad problem in the Edge browser, Chrome changes its certificate policy, an interesting new "Vigilante Botnet" is growing fast, a proposed solution to...

Duration: 02:28:14

See More