August 29, 2023

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Listen Later

2 hours 9 minutes

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.

WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.

HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.

Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.

Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.

Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.

Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.

Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.

Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.

Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.

Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

kolide.com/securitynow

canary.tools/twit - use code: TWIT

Building Cyber Resilience Podcast

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Now (Audio)

By TWiT

5

33 ratings

August 29, 2023

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Listen Later

2 hours 9 minutes

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.

WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.

HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.

Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.

Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.

Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.

Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.

Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.

Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.

Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.

Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

kolide.com/securitynow

canary.tools/twit - use code: TWIT

Building Cyber Resilience Podcast

...more

More shows like Security Now (Audio)

Global News Podcast by BBC World Service

Global News Podcast

7,681 Listeners

No Agenda Show by Adam Curry & John C. Dvorak

No Agenda Show

5,954 Listeners

Macworld Podcast by Foundry

Macworld Podcast

310 Listeners

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,057 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,001 Listeners

MacBreak Weekly (Audio) by TWiT

MacBreak Weekly (Audio)

2,015 Listeners

Intelligent Machines (Audio) by TWiT

Intelligent Machines (Audio)

777 Listeners

Accidental Tech Podcast by Marco Arment, Casey Liss, John Siracusa

Accidental Tech Podcast

2,126 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

266 Listeners

The Amp Hour Electronics Podcast by The Amp Hour (Chris Gammell and David L Jones)

The Amp Hour Electronics Podcast

232 Listeners

Smashing Security by Graham Cluley

Smashing Security

322 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,999 Listeners

Tech Brew Ride Home by Morning Brew

Tech Brew Ride Home

968 Listeners

This Week in Space (Audio) by TWiT

This Week in Space (Audio)

156 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners