 
ValiDrive release follow-up 
Passkeys exportability and phishing risk 
Passkeys for device verification like SSH keys 
Possibility of hobby browsers vs. production browsers 
Availability of SpinRite 6.1 pre-release 
Filling drives with crypto noise using VeraCrypt 
Steve and Leo's favorite OTP apps 
Google Docs link rewriting could be to prevent referrer leakage 
Abusing HTTP/2 Rapid Reset 
Show notes: https://www.grc.com/sn/SN-944-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Melissa.com/twit
cs.co/twit
bitwarden.com/twit


SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Technology

Tech News

Podcasting

Gadgets

Software How-To

 
The vulnerability of GPS 
Is the sky falling on all VPN systems? 
Multi-user Passkeys, YubiKeys? 
The iCloud Keychain 
The UK and Google's Topics 
Show Notes - https://www.grc.com/sn/SN-973-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Melissa.com/twit
kolide.com/securitynow
lookout.com
bitwarden.com/twit


SN 973: Not So Fast - GPS Vulnerabilites, VPN Flaw

 
GCHQ: No more default passwords for consumer IoT devices! 
What happened with Chrome and 3rd-party cookies? 
Race conditions and multi-threading 
GM "accidentally" enrolled millions into "OnStar Smart Driver +" program 
Steve recommends Ryk Brown's "Frontiers Saga" 
SpinRite update 
Passkeys: A Shattered Dream? 
Show Notes - https://www.grc.com/sn/SN-972-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
business.eset.com/twit
vanta.com/SECURITYNOW
1bigthink.com
lookout.com


SN 972: Passkeys: A Shattered Dream? - IoT Default Passwords, Passkeys

 
What do you call "Stuxnet on steroids"?? 
Voyager 1 update 
Android 15 to quarantine apps 
Thunderbird & Microsoft Exchange 
China bans Western encrypted messaging apps 
Gentoo says "no" to AI 
Cars collecting diving data 
Freezing your credit 
Investopedia 
Computer Science Abstractions 
Lazy People vs. Secure Systems 
Actalis issues free S/MIME certificates 
PIN Encryption 
DRAM and GhostRace 
AT&T; Phishing Scam 
Race Conditions and Multi-core processors 
An Alternative to the Current Credit System 
SpinRite Updates 
Chat (out of) Control 
Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
canary.tools/twit - use code: TWIT
lookout.com
kolide.com/securitynow
zscaler.com/zerotrustAI


SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo

 
An update on the AT&T; data breach 
340,000 social security numbers leaked 
Cookie Notice Compliance 
The GDPR does enforce some transparency 
Physical router buttons 
Wifi enabled button pressers 
Netsecfish disclosure of Dlink NAS vulnerability 
Chrome bloat 
SpinRite update 
GhostRace 
Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
kolide.com/securitynow
bitwarden.com/twit
vanta.com/SECURITYNOW
1bigthink.com


SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons

Out-of-support DLink NAS devices contain hard coded backdoor credentials 
Privnote is not so "Priv" 
Crowdfense is willing to pay millions 
Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution 
SpinRite Update 
Minimum Viable Secure Product 
Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
business.eset.com/twit
lookout.com
joindeleteme.com/twit promo code TWIT


SN 944: Abusing HTTP/2 Rapid Reset - Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite

Download our free app to listen on your phone