This week we look at a new unpatched zero-day attack affecting billions of Windows users, Mozilla's reversal on TLS 1.0 and 1.1 deprecation due to the coronavirus, a welcome micropatch for Win7 and Server 2008, Chrome's altered release schedule during the coronavirus, Avast's latest screw-up, a new threat affecting Android users, the results from last week's Pwn2Own competition, and a few observations about the coronavirus math and some worthwhile explainer videos. Then we look at where we are with Rowhammer after six years.

This week we take a deep dive into the many repercussions preceding and following last week's Patch Tuesday. Wouldn't it be nice to have a quiet one for a change? But first, we look at a nice list of free services being maintained by BleepingComputer's Lawrence Abrams. We look at a recent report into the state of open source software vulnerabilities, and at new and truly despicable legislation aimed at forcing social media companies to provide "lawful access" to their customers' encrypted content.

This week we consider the new time-limited offers being made for free telecommuting tools, the continuing success of the DOD's "please come hack us" program, another take on the dilemma and reality of Android device security, some unwelcome news about AMD processor side-channel vulnerabilities, a new potentially serious and uncorrectable flaw in Intel processors, a 9.8-rated critical vulnerability in Linux system networking, a "stand back and watch the fireworks" forced termination of TLS v1.0 and v1.1, and the evolution of the SETI@home project after 19 years of distributed radio signal number crunching. We then touch on a bit of miscellany, and finish by looking at a new and open initiative launched by Google to uniformly benchmark the performance of security fuzzers.

This week we look at a significant milestone for Let's Encrypt; the uncertain future of Facebook, Google, Twitter and others in Pakistan; some revealing information about the facial image scraping and recognition company Clearview AI; the Swiss government's reaction to the Crypto AG revelations; a "must patch now" emergency for Apache Tomcat servers; a revisit of OCSP stapling; a tried and true means of increasing your immunity to viruses; an update on SpinRite; and the latest serious vulnerability in our WiFi infrastructure, known as Kr00k.

This week we reexamine the Windows 10 lost profiles problem, and also a consequence of the need to roll back (or avoid in the first place) the Patch Tuesday disaster. We look at a new feature to arrive with the next Windows 10 feature release, unfortunately named the 2004 release. We also examine the details of a new attack on the 4G LTE and 5G cellular technology, the full default rollout of Firefox's support for DoH, and also the availability of a powerful new sandboxing technology for Firefox. We also check in with Chrome's fix earlier today of a zero-day that was found being exploited in the wild. And, finally, before turning our attention to the bomb that Apple dropped in the lap of the entire certificate industry last week, I'm going to update our listeners about the things I've learned after returning to the work on SpinRite's next iteration.

This week we continue following the continuing agony surrounding this month's increasingly troubled Window Update. We examine several significant failures which have befallen Windows 10 users after applying the month's "fixes," which have had the tendency of breaking things that weren't broken in the first place. We look at the danger presented by a very popular GDPR-compliance add-in for WordPress sites. We look at an eye-opening report about the stresses that CISOs are being subjected to, and also today's pilot test of Microsoft's new ElectionGuard voting system. We then touch on some SQRL and SpinRite news before taking a close look at two newly revealed IoT - Internet of Troubles - security worries.

This week we offer some welcome news about Microsoft A/V under Windows 7, we follow even more blow-by-blow consequences of January's final updates for Windows 7, we look at a worrisome exploitable Bluetooth bug Google just fixed in Android and what it means for those not fixed, we update on the ClearView AI face scanning saga, we take a peak into data recovery from physically destroyed phones, we entertain yet another whacky data exfiltration channel, and we conclude by looking at the consequences of the recent changes to make cookies mess promiscuous.

This week we examine the most recent flaw found in Intel's processors and what it means. We look at the continually moving target that is Windows 10. We consider the Free Software Foundation's suggestion that Microsoft open source Windows 7 and the fact that last month's was apparently NOT the last update of Windows 7 for all non-ESU users. We look at the evolution of exploitation of the Remote Desktop Gateway flaw, Google's record breaking vulnerability bounty payouts, the return of Roskomnadzor, the size of fines, the question of who owns our biometrics, an update on Avast/AVG spying, the future of third-party AV, a major milestone for the WireGuard VPN, and the wonderful Little Red Wagon hack of the decade which titled this podcast.

This week we look at some surprising revelations of Apple's cloud storage encryption (or lack thereof). We also cover a Microsoft cloud database mistake, some interesting legislation under consideration in New York, new attacks against a consumer router firmware, a rise of new attacks against our browsers, a welcome new publication from NIST on Privacy, a massive leakage of telnet usernames and passwords, a welcome micropatch for this month's IE zero-day, a bit of miscellany and SpinRite news, and then some coverage of the final nail that was recently pounded into SHA-1's coffin.

This week we look at Google's addition of iOS devices as full Google account logon hardware security keys, as update on Apple vs Attorney General Barr, a serious new Internet Explorer 0-day and how the vulnerability can be mitigated, the release of Microsoft's Chromium-based Edge browser, the FBI's reaction to the Pulse Secure VPN vulnerability, another new and CRITICAL RDP remote code execution vulnerability that has slipped under the radar, a bit of miscellany, and then we examine the the headline grabbing CryptoAPI vulnerability that's been dubbed "CurveBall."