This week we look at last week's Patch Tuesday and at the changing cyber insurance landscape. We visit and revisit a collection of major network breaches at Uber, Rockstar Games and LastPass. We look at another significant problem facing 280,000 WordPress users and at a recommended mitigation for the future. We examine the cost to processing performance of the most recent Retbleed security mitigations, and look at Google's very welcome use-after-free vulnerability technology. And after sharing a few pieces of feedback from our listeners, we examine a somewhat surprising consequence of enabling Chrome's enhanced spell check and provide some mitigations.

This week we look at an unusual and disturbing escalation of a cyberattack. I also note that cryptoheists have become so pervasive that I'm not mentioning them much anymore. The While House conducted a "Listening Session" to dump on today's powerful tech platforms, and a government regulator in The Netherlands quit his position and tells us why. There's another QNAP mess which is bad enough to exceed my already quite high QNAP mess threshold, and D-Link routers need to be sure they are running their very latest firmware. I have another comment about my latest Sci-Fi author discovery and two quick bits of feedback from our listeners. Then we're going to examine EvilProxy, the conceptual cousin to Ransomware as a Service.

This week we look at Google's just-announced and launched open source software vulnerability rewards program. We ask the question whether TikTok leaked more than 2 Billion of their user's records. We look at Chrome's urgent update to close its 6th 0-day of 2022 and at a worrisome "feature" -- I think it a bug! --in Chrome. A somewhat hidden autorun facility in PyPI's pip tool used for downloading and installing Python packages is being used to run malware. And we examine a recent anti-Quantum computing opinion from an Oxford university quantum physicist. Then I have two bits of miscellany, three pieces of listener feedback, a fun SpinRite video discovery, and my discovery of a wonderful and blessedly prolific science fiction author. And after all that, we look at the result of Symantec's recent research into their discovery of more than 1800 mobile apps which they found to be leaking critical AWS cloud credentials, primarily due to carelessness in the use of today's software supply chain.

This week we begin by discussing the implications of last week's LastPass breach disclosure. We look at some recent saber-rattling by the U.S.'s FTC and FCC over the disclosure of presumably private location data. We share pieces of a fascinating conversation with a Russian ransomware operator, gaining some insight into the way he conducts attacks and the way he views the world. We tell everyone about a new tracking-stripping and privacy-enforcing email forwarding service that's just come out of a yearlong beta from the DuckDuckGo people. We have another big and widespread IoT update mess to share. I have some welcome progress to report about my work on SpinRite, and some listener feedback. Finally, we're going to look at some recent goings on at the Ben-Gurion University of the Negev, which never fails to entertain.

This week we'll start off with a bit of fun over the most tweeted by far wacky tech news item. We then get serious with a very worrisome flaw which very likely exists in the WAN interface of the routers that many of us probably own. DDoS attacks have broken another record by a large margin, and both Chrome and Apple deal with, if not emergency then at least high priority software updates. We also have another major software repository tightening up its security against supply chain attacks. Then after sharing just a few, but powerful, bits of feedback, we're going to step through the blow-by-blow operation and actions of the newest and meanest kid on the block with the emergence of a powerful malware loader that gets its name from the DLL it first loads: Bumblebee.

This week we look back at last week's Patch Tuesday to learn how much better Microsoft various products are as a result. We look at Facebook's announced intention to creep further toward end-to-end encryption in Messenger, and at the puzzling result of a recent scan of the Internet for completely exposed VNC servers. I want to take a few minutes to talk about the importance of planning ahead for a domain name's future, share my tip for a terrific website cloning tool, and a few more updates. Then, after sharing some feedback from our ever-attentive listeners, we're going to address the question: Can a remote server's TLS private key be derived simply by monitoring a sufficient number of its connections? What?! We all know that everything has been designed so that's not possible. But edge cases turn out to be a surprising problem and the details of this research are quite interesting.

This week we examine the collapse of one of the four NIST-approved post-quantum crypto algorithms. We look at what VirusTotal has to tell us about what the malware miscreants have been up to, and at the conditions under which Windows 11 was corrupting its users' encrypted data. We also celebrate a terrific-looking new commercial service being offered by Microsoft, and we briefly tease next week's probable topic, which is cryptographer Daniel Bernstein's second lawsuit against the United States. I want to share a bunch of interesting feedback in Q&A style from our terrific listeners, then I want to share my discovery of a coder, serial entrepreneur, and writer by sharing something he wrote which I suspect will resonate profoundly with every one of our listeners.

This week we're going to note an urgent vulnerability created by an add-on to Atlassian's Confluence corporate workgroup server. Next week's Usenix security conference will be presenting TLS-Anvil for testing TLS libraries. Google has decided to again delay their removal of 3rd-party cookies from Chrome, and attackers were already switching away from using Office Macros before Microsoft actually did it. We have a bunch of listener feedback, some thoughts about computer science theory and bit lengths, and some interesting miscellany. Then we're going to look at the return of Rowhammer thanks to some new brilliant and clever research.

This week we start off by updating our follow-up to this month's Patch Tuesday. Things were more interesting than they originally seemed. Then we keep up with the evolving state of Microsoft Office's VBA macro foreign document execution. We also have a fabulous bit of news about some default security policy changes for Windows 11 announced by Microsoft. Then, with August rapidly approaching, we have a few calendar notes to mention; I have a welcome and long-awaited bit of SpinRite news to share; we have a bit of miscellany and some brief bits of listener feedback to cover. Then we take a deep dive into the poor-by-design security of a very popular and frightening widely used aftermarket GPS tracking device. You don't want one of these anywhere near you or your enterprise. Yet 1.5 million are.

This week we start with a quick update on last week's Rolling Pwn problem. Then we look at the state of IPv4 space depletion and the rising price of an IPv4 address. We have an interesting report on the Internet's failed promise, Facebook's response to URL-tracker trimming, Apple's record-breaking Lockdown Mode bounty, ClearView Ai's new headwinds, a new feature being offered by ransomware gangs, the return of Roskomnadzor, last Tuesday's patches and some feedback from our listeners. Then we look at the details of the latest way of exfiltrating secrets from operating system kernels thanks to insecurities in Intel and AMD micro-architecture implementations. Yes, some additional bleeding