What changes will the EU's soon-to-be-in-force Digital Markets Act be bringing to Apple's traditional iOS policies? What OS is ransomware unable to infect? What has HP done now with their printer ink policy? How many stolen user database records will fit in 12 terabytes? Can't you just delete that incriminating chat stream? Did Mercedes-Benz leave their doors unlocked? What's a latest on ransom payments rates? And after entertaining some questions from our terrific listeners and a long-awaited announcement from me, we're going to take a look at Alex Stamos' reaction to Microsoft's most recent security incident response.

What mistake did Microsoft make that allowed Russians to access their top executive's eMail? What does the breach of US Health & Human Services teach us? What does Firefox's complaint about Apple, Google & Microsoft mean? Why has the Brave browser just reduced the strength of its anti-fingerprinting measures? Last year CISA started proactively scanning. How'd that go? What new feature of smartphones has become a competitive advantage? And just how Incognito is that mode? Then we'll wrap up the week by looking at some of the best feedback from our listeners, including what's the future of fraudulent media creation?, how should a high school listener of our gets started with computing?, why did a popular Android app suddenly become sketchy?, does Google's Privacy Sandbox allow websites to customize their presentations to their visitors?, how might last week's LG smart washing machine have become infected?, does the Protected Audience API also protect its audience from malvertising?, and why do big ISPs just pull the plug on DDoSed sites rather than attempt to protect them?

What would an IoT device that had been taken over, do? And what would happen to the target of attacks it might participate in? What serious problem was recently discovered in a new post-quantum algorithm and what does this mean? What does a global map of web browser usage reveal? And after entertaining some thoughts and feedback from our listeners and describing the final touch I'm putting on SpinRite, we're going to rock everyone's world (and I'm not kidding) by explaining what Google has been up to for the past three years, why it is going to truly change everything we know about the way advertisements are served to web browser users, and what it all means for the future.

I want to start off this week by following-up on last week's podcast about the hardware backdoor discovered in Apple's silicon, to support the conclusion I've reached since then, that this was deliberate on Apple's part, that they always knew about this, and why. Then we're going to wonder whether everyone is as cyber-vulnerable as Ukraine appears to be? And if so, why and just how serious could cyberattacks become? What's the latest on the mess over at 23andMe? How's cryptocurrency been faring, and are things getting better, staying the same, or getting worse? What Google Mandiant account got hacked? Just how seriously, and legally, do we take the term "war" in "cyberwar", and what are the implications of that? LastPass recently announced some policy changes; even if they are about two years late, what lessons should the rest of the 'Net take away? During 2023, how did Windows 11 fare against Windows 10? What happens when users discover that Chrome's Incognito mode is still tracking them? And then, after exploring some questions from our terrific listeners, I want to share the result of some interesting research I conducted last week during the final days of the work on SpinRite 6.1 for this week's podcast, titled: ‘The Inside Tracks’.

After everyone is updated with the state of my still-continuing work on SpinRite 6.1, and after I've shared a bit of feedback from our listeners, the entire balance of this first podcast of 2024 will be invested in the close and careful examination of the technical details surrounding something that has never before been found in Apple's custom proprietary silicon. As we will all see and understand by the time we're finished here today, it is something that can only be characterized as a deliberately designed, implemented and protected backdoor that was intended to be, and was, let loose and present in the wild. After we all understand what Apple has done through five successive generations of their silicon, today's podcast ends, as it must, by posing a single one-word question: Why?

Leo looks back at the year's top security stories of 2023: Steve's Next Password Manager After the LastPass Hack / CHESS is Safe / Here Come the Fake AI-generated "News" Sites / How Bad Guys Use Satellites / Microsoft's "Culture of Toxic Obfuscation" / Steve announces his commitment to SN / Apple Says No / NSA's Decade of Huawei Hacking / ValiDrive announcement

Is the U.S. ever going to be able to introduce new child protection legislation or are we going to continue punting to the U.S. constitution? 2024 means the beginning of the end of traditional 3rd-party cookies in Chrome. What's the plan for that? How much did the Internet grow during 2023? and why? What's the most used browser-based query language? What's the updated ranking of sites by popularity? What percentage of total Internet traffic is generated by automation? Those and many other interesting stats have been shared by Cloudflare. Then, after catching up with a bit of SpinRite news and some feedback from our listeners, we're going to examine the content of some very disturbing webpages that Cox Media Group originally posted then quickly removed.

Why is metadata such a problem? What massive new audience just got end-to-end encryption by default? What's the latest on Iran's Cyber Av3ngers? What were the most exploited vulnerabilities of 2023? How are things looking two years after the discovery of the Log4J flaw? Whatever happened with Sony's attempt to force Quad9 to block a music pirate's domain? What exactly is the Dark Web, anyway? And where is it? And after closing the loop with some of our listeners, we're going to examine last week's surprising news of a significant breakthrough in quantum computing!

How can masked domain owners be unmasked? What new and very useful feature has WhatsApp just added? How did Iranian hackers compromise multiple U.S. water facilities across multiple states? Did Montana successfully ban all use of TikTok statewide?, and is that even possible? How many Android devices are RCS-equipped? What's the EU's Cyber Resilience Act?, and is it good or bad? Is ransomware finally beginning to lose steam? What's the deal with all of these new top level DNS domains? Do they make any sense? Has CISA been listening to this podcast, or have they just been paying attention to the same things we have? What's up with France's ban on all "foreign" messaging apps?, and did the Prime Minister's nephew come up with an alternative? And I want to share two final insights from independent industry veterans regarding the EU's proposal to forcibly require our browsers and operating systems to trust any certificates signed by their member countries.

Since last week's podcast was titled "Ethernet turned 50" it only seemed right to title this one "Leo turns 67" - I'll have more to say about that at the end. Until then, Ant and I will examine the answers to various interesting questions, including: How many of us still have Adobe Flash Player lurking in our machines? What can you do if you lose your Veracrypt password? Firefox is now at release 120, what did it add? What just happened to give Do Not Track new hope? Why might you need to rename your "ownCloud" to "PwnCloud"? How might using the CrushFTP enterprise suite crush your spirits? Just how safe is biometric fingerprint authentication? How's that going with Apache's MQ vulnerability, and have you locked your credit bureau access yet? Should Passkeys be stored alongside regular passwords? What's the best way to prevent techie youngsters from accessing the Internet?, and is that even possible? What could possibly go wrong with a camera that digitally authenticates and signs its photos? Could we just remove the EU's unwanted country certificates if that happens? What's the best domain registrar, and what was Apple's true motivation for announcing RCS messaging for their iProducts?