August 29, 2023

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Listen Later

2 hours 9 minutes

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.

WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.

HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.

Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.

Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.

Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.

Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.

Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.

Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.

Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.

Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

kolide.com/securitynow

canary.tools/twit - use code: TWIT

Building Cyber Resilience Podcast

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Now (Audio)

By TWiT

5

22 ratings

August 29, 2023

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Listen Later

2 hours 9 minutes

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.

WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.

HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.

Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.

Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.

Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.

Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.

Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.

Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.

Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.

Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

kolide.com/securitynow

canary.tools/twit - use code: TWIT

Building Cyber Resilience Podcast

...more

More shows like Security Now (Audio)

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,002 Listeners

Hands-On Tech (Audio) by TWiT

Hands-On Tech (Audio)

1,965 Listeners

WSJ Tech News Briefing by The Wall Street Journal

WSJ Tech News Briefing

1,633 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

1,963 Listeners

MacBreak Weekly (Audio) by TWiT

MacBreak Weekly (Audio)

2,013 Listeners

Windows Weekly (Audio) by TWiT

Windows Weekly (Audio)

854 Listeners

Risky Business by Patrick Gray

Risky Business

362 Listeners

No Agenda Show by Adam Curry & John C. Dvorak

No Agenda Show

5,924 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

633 Listeners

Tech News Weekly (Audio) by TWiT

Tech News Weekly (Audio)

1,064 Listeners

Accidental Tech Podcast by Marco Arment, Casey Liss, John Siracusa

Accidental Tech Podcast

2,092 Listeners

Windows Weekly (Audio) by TWiT

Windows Weekly (Audio)

2 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

120 Listeners

Human Events Daily with Jack Posobiec by Human Events with Jack Posobiec

Human Events Daily with Jack Posobiec

5,886 Listeners