September 26, 2023

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Listen Later

2 hours 25 minutes

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.

China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.

A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.

The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.

A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.

Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.

A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.

An emailer claimed to have a mathematical algorithm that can generate truly random numbers.

Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.

There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.

Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Hosts: Steve Gibson and Ant Pruitt

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

joindeleteme.com/twit promo code TWIT

GO.ACILEARNING.COM/TWIT

Melissa.com/twit

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Now (Audio)

By TWiT

5

22 ratings

September 26, 2023

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Listen Later

2 hours 25 minutes

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.

China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.

A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.

The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.

A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.

Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.

A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.

An emailer claimed to have a mathematical algorithm that can generate truly random numbers.

Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.

There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.

Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Hosts: Steve Gibson and Ant Pruitt

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

joindeleteme.com/twit promo code TWIT

GO.ACILEARNING.COM/TWIT

Melissa.com/twit

...more

More shows like Security Now (Audio)

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,001 Listeners

Hands-On Tech (Audio) by TWiT

Hands-On Tech (Audio)

1,965 Listeners

WSJ Tech News Briefing by The Wall Street Journal

WSJ Tech News Briefing

1,633 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

1,962 Listeners

MacBreak Weekly (Audio) by TWiT

MacBreak Weekly (Audio)

2,012 Listeners

Windows Weekly (Audio) by TWiT

Windows Weekly (Audio)

854 Listeners

Risky Business by Patrick Gray

Risky Business

362 Listeners

No Agenda Show by Adam Curry & John C. Dvorak

No Agenda Show

5,927 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

632 Listeners

Tech News Weekly (Audio) by TWiT

Tech News Weekly (Audio)

1,064 Listeners

Accidental Tech Podcast by Marco Arment, Casey Liss, John Siracusa

Accidental Tech Podcast

2,092 Listeners

Windows Weekly (Audio) by TWiT

Windows Weekly (Audio)

2 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

119 Listeners

Human Events Daily with Jack Posobiec by Human Events with Jack Posobiec

Human Events Daily with Jack Posobiec

5,886 Listeners