Try Premium for 30 days

Live games for all NFL, MLB, NBA, & NHL teams
Commercial-Free Music
No Display Ads
Security Now-logo

Security Now

TWiT

Steve Gibson, the man who bitcoined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Steve Gibson, the man who bitcoined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.
More Information

Location:

United States

Networks:

TWiT

Description:

Steve Gibson, the man who bitcoined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Twitter:

@SecurityNow

Language:

English

Contact:

1–88–88 ASK LEO


Episodes

SN 646: The InSpectre

1/16/2018
More
This week we discuss more trouble with Intel's AMT, what does Skype's use of Signal really mean, the UK's data protection legislation gives researchers a bit of relief, the continuing winding down of HTTP, "progress" on the development of Meltdown attacks, Google successfully tackles the hardest-to-fix Spectre concern with a Return Trampoline, some closing the loop feedback with our terrific listeners, and the evolving landscape of Meltdown and Spectre, including Steve's just completed...

Duration: 01:39:33


SN 645: The Speculation Meltdown

1/9/2018
More
This week, before we focus upon the industry-wide catastrophe enabled by precisely timing the instructed execution of all contemporary high-performance processor architectures... we examine a change in Microsoft's policy regarding non-Microsoft A/V systems, Firefox Quantum's performance when tracking protections are enabled, the very worrisome hard-coding backdoors in ten of Western Digital's MyCloud drives, and if at first (WEP) and at second (WPA) and at third (WPA2) and at forth (WPS),...

Duration: 02:09:09


SN 644: NSA Fingerprints

1/2/2018
More
This week we discuss a new clever and disheartening abuse of our browser's handy-dandy username and password autofill, some recent and frantic scurrying around by many OS kernel developers, a just-released MacOS 0 day allowing full local system compromise, another massively popular router falls to the IoT botnets, even high-quality IoT devices have problems, the evolution of adblocking and countermeasures, an important update for Mozilla's Thunderbird, a bit of miscellany, listener...

Duration: 02:07:49


SN 643: The Story of Bitcoin

12/26/2017
More
In this special rebroadcast of Security Now from February 9, 2011, Steve Gibson explains, in detail, exactly how Bitcoin works. Hosts: Steve Gibson and Leo Laporte Guest: Tom Merritt Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever...

Duration: 00:57:34


SN 642: BGP

12/19/2017
More
This week we examine how Estonia handled the Infineon crypto bug, two additional consequences of the pressure to maliciously mine cryptocurrency, 0-day exploits in the popular vBulletin forum system, Mozilla in the doghouse over Mr. Robot, Win10's insecure password manager mistake, when legacy protocol comes back to bite us, hole to bulk-steal any Chrome user's entire stored password vault... and we finally know where and why the uber-potent Mirai botnet was created, and by whom. We also...

Duration: 02:11:34


SN 641: The iOS Security Trade-off

12/12/2017
More
This week we discuss the details behind the "USB / JTAG takeover" of Intel's Management Engine, a rare Project Zero discovery, Microsoft's well-meaning but ill-tested IoT security project, troubles with EV certs, various Cryptocurrency woes, a clever DNS spoofing detection system, a terrific guide to setting up the EdgeRouterX for network segmentation, last week's emergency out-of-cycle patch from Microsoft, a mitigated vulnerability in Apple's Homekit, Valve's ending of Bitcoin for...

Duration: 02:12:44


SN 640: More News & Feedback

12/5/2017
More
This week we discuss the long-awaited end of StartCom & StartSSL, inside last week's macOS passwordless root account access and problems with Apple's patches, the question of Apple allowing 3D facial data access to apps, Facebook's new and controversial use of camera images, in-the-wild exploitation of one of last month's patched Windows vulnerabilities, an annoying evolution in browser-based cryptocurrency mining, exploitation of Unicode in email headers, Google's advancing protection...

Duration: 01:56:42


SN 639: News & Feedback

11/28/2017
More
This week we discuss a new bad bug found in the majority of SMTP mailing agents, 54 high-end HP printers found to be remotely exploitable, more than 3/4ths of 433,000 websites are using vulnerable JavaScript libraries, horrible free security software, some additional welcome Firefox news, a bit of errata, some fun miscellany, and a BUNCH of feedback from our listeners including reactions to last week's Quad 9 recommendation. Hosts: Steve Gibson and Fr. Robert Ballecer, SJ Download or...

Duration: 02:19:17


SN 638: Quad Nine

11/21/2017
More
This week we discuss Windows having a birthday, Net Neutrality about to succumb to big business despite a valiant battle, Intel's response to the horrifying JTAG over USB discovery, another surprising AWS public bucket discovery, Android phones caught sending position data when all permissions are denied, many websites found to be watching their visitors' actions, more Infineon ID card upset, the return of BlueBorne, a new arrival to our "Well... THAT didn't take long" department, speedy...

Duration: 01:50:10


SN 637: Schneier on Equifax

11/14/2017
More
This week we discuss why Steve won't be relying upon Face ID for security, a clever new hack of longstanding NTFS and Windows behavior, the Vault8 WikiLeaks news, the predictable resurgence of the consumer device encryption battle, a new and clever data ex-filtration technique, new anti-Malware features coming to Chrome, an unbelievable discovery about access to the IME in Skylake and subsequent Intel chipsets, a look at who's doing the unauthorized cryptomining, WebAssembly is ready for...

Duration: 02:23:45


SN 636: ROCA Pain

11/7/2017
More
This week we discuss the inevitable dilution in the value of code signing, a new worrisome cross-site privacy leakage, is Unix embedded in all our motherboards? The ongoing application spoofing problem, a critical IP address leakage vulnerability in TOR and the pending major v3 upgrade to TOR, a Signal app for ALL our desktops, an embarrassing and revealing glitch in Google Docs, bad behavior by an audio driver installer, a pending RFC for IoT updating, two reactions to Win10 Controlled...

Duration: 01:49:33


SN 635: Reaper Redux

10/31/2017
More
This week we examine the source of WannaCry, a new privacy feature for Firefox, Google's planned removal of HPKP, the idea of visual objects as a second factor, an iOS camera privacy concern, the CAPTCHA wars, a horrifying glimpse into a non-Net Neutrality world, the CoinHive DNS hijack, the new Bad Rabbit crypto malware, a Win10 anti-crypto malware security tip, spying vacuum cleaners, a new Amazon service, some loopback Q&A with our listeners and another look at the Reaper...

Duration: 02:20:07


SN 634: IoT Flash Botnets

10/24/2017
More
This week we discuss some ROCA fallout specifics, an example of PRNG misuse, the Kaspersky Lab controversy, a DNS security initiative for Android, another compromised download occurrence, a browser-based cryptocurrency miner for us to play with... and Google considering blocking them natively, other new protections coming to Chrome, an update on Marcus Hutchins, Microsoft's "TruePlay" being added to the Win10 fall creators update, some interesting "Loopback" from our terrific...

Duration: 02:16:38


SN 633: KRACKing WiFi

10/17/2017
More
This week, we examine ROCA's easily factorable public keys, the surprising prevalence of web-based cryptocurrency mining, some interesting work in iOS password dialog spoofing, Google's Advanced Protection Program, some good "Loopback" comments from our listeners... and then we take a close look at KRACK - the Key Reinstallation AttaCK against ALL unpatched WiFi systems. Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You...

Duration: 02:14:37


SN 632: The​ ​DNSSEC​ ​Challenge

10/10/2017
More
This week we take a look at a well-handled breach-response at Disqus, a rather horrifying mistake Apple made in the implementation of their APFS encryption (and the difficulty to the user of fully cleaning up after it), the famous "robots.txt" file gets a brilliant new companion, somewhat shocking news about Windows XP... or is it? Firefox EOL for Windows XP support coming next summer, the sage security thought for the day, an update on "The Orville", some closing the loop comments,...

Duration: 01:58:42


SN 631: Private Contact Discovery

10/3/2017
More
This week we discuss some aspects of iOS v11, the emergence of browser hijack cryptocurrency mining, new information about the Equifax hack, Google security research and Gmail improvements, breaking DKIM without breaking it, concerns over many servers in small routers and aging unpatched motherboard EFI firmware, a new privacy leakage bug in IE, a bit of miscellany, some long-awaited closing the loop feedback from our listeners, and a close look at a beautiful piece of work by Moxie & Co...

Duration: 02:14:27


SN 630: The Great DOM Fuzz-Off

9/26/2017
More
This week, Father Robert and Steve follow more Equifax breach fallout, look at encryption standards blowback from the Edward Snowden revelations, examine more worrisome news of the CCleaner breach, see that ISPs may be deliberately infecting their own customers, warn that turning off iOS radios doesn't, look at the first news of the FTC's suit against D-Link's poor security, examine a forthcoming Broadcom GPS chip features, warn of the hidden dangers of high-density barcodes, discuss...

Duration: 02:09:18


SN 629: Apple Bakes Cookies

9/19/2017
More
This week Padre and Steve discuss what was up with Security Now's recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on forthcoming browser encrypted media extensions (EME), an emerging browser-based payment standard, when 2-factor is not 2-factor, the CCleaner breach and what it means, a new Bluetooth-based attack, an incredibly welcome and brilliant cookie privacy feature in iOS 11, and a heads-up caution about the volatility of Google's Android...

Duration: 02:09:33


SN 628: Equifax Fiasco

9/13/2017
More
This week we discuss last Friday's passing of our dear friend and colleague Jerry Pournelle, when AI is turned to evil purpose, whether and when Google's Chrome browser will warn of man in the middle attacks, why Google is apparently attempting to patent pieces of a compression technology they did not invent, another horrifying router vulnerability disclosure -- including ten 0-day vulnerabilities, an update on the sunsetting of Symantec's CA business unit, another worrying failure at...

Duration: 01:59:13


SN 627: Sharknado

9/6/2017
More
(Although there are an unbelievable FIVE Sharknado movies, this will be the first and last time we use that title for a podcast!) This week we have another update on Marcus Hutchins, we discuss the validity of Wikileaks documents, the feasibility of rigorously proving software correctness, nearly half a million people need to get their body's firmware updated, another controversial CIA project exposed by Wikileaks, a careful analysis of the FCC's Title II Net Neutrality public comments...

Duration: 02:09:09

See More