 
Picture of the Week. 
Google's (newest) Open Source Software Vulnerability Rewards Program. 
Did TikTok leak 2.05 BILLION User Records? 
An urgent Chrome update patches new 0-day flaw. 
Permission-less Browser Clipboard Write. 
Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download. 
A Quantum Hype Bubble? 
All of the BlackHat 2022 Presentation Slides PDFs. 
Csurf NPM library mistake. 
SpinRite. 
Closing The Loop. 
Sci-Fi Discovery: "The Silver Ships" 
Embedding AWS Credentials. 
We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now! at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
itpro.tv/securitynow  promo code SN30
kolide.com/securitynow


SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Technology

Tech News

Podcasting

Gadgets

Software How-To

 
An update on the AT&T; data breach 
340,000 social security numbers leaked 
Cookie Notice Compliance 
The GDPR does enforce some transparency 
Physical router buttons 
Wifi enabled button pressers 
Netsecfish disclosure of Dlink NAS vulnerability 
Chrome bloat 
SpinRite update 
GhostRace 
Show Notes - https://www.grc.com/sn/SN-970-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
kolide.com/securitynow
bitwarden.com/twit
vanta.com/SECURITYNOW
1bigthink.com


SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons

Out-of-support DLink NAS devices contain hard coded backdoor credentials 
Privnote is not so "Priv" 
Crowdfense is willing to pay millions 
Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution 
SpinRite Update 
Minimum Viable Secure Product 
Show Notes - https://www.grc.com/sn/SN-969-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
business.eset.com/twit
lookout.com
joindeleteme.com/twit promo code TWIT


SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense

 
A near-Universal (Local) Linux Elevation of Privilege vulnerability 
TechCrunch informed AT&T; of a 5 year old data breach 
Signal to get very useful cloud backups 
Telegram to allow restricted incoming 
HP exits Russia ahead of schedule 
Advertisers are heavier users of Ad Blockers than average Americans! 
The Google Incognito Mode Lawsuit 
Canonical fights malicious Ubuntu store apps 
Spinrite update 
A Cautionary Tale 
Show Notes - https://www.grc.com/sn/SN-968-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
1bigthink.com
kolide.com/securitynow
Melissa.com/twit
vanta.com/SECURITYNOW


SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach

 
Apple vs U.S. DOJ 
G.M.'s Unbelievably Horrible Driver Data Sharing Ends 
Super Sushi Samurai 
Apple has effectively abandoned HomeKit Secure Routers 
The forthcoming ".INTERNAL" TLD 
The United Nations vs AI. 
Telegram now blocked throughout Spain 
Vancouver Pwn2Own 2024 
China warns of incoming hacks 
Annual Tax Season Phishing Deluge 
SpinRite update 
Authentication without a phone 
Are Passkeys quantum safe? 
GoFetch: The Unpatchable vulnerability in Apple chips 
Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf 
Hosts: Steve Gibson and Leo Laporte 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
bitwarden.com/twit
canary.tools/twit - use code: TWIT
panoptica.app
kolide.com/securitynow


SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

 
Voyager 1 update 
The Web turned 35 and Dad is disappointed 
Automakers sharing driving data with insurance companies 
A flaw in Passkey thinking 
Passkeys vs 2fa 
Sharing accounts with Passkeys 
Passkeys vs. Passwords/MFA 
Workaround to sites that block anonymous email addresses 
Open Bounty programs on HackerOne 
Steve on Twitter 
Ways to disclose bugs publicly 
Security by obscurity 
Something you have/know/are vs Passkeys 
Passkeys vs TOTP 
Inspecting Chrome extensions 
Passkey transportability 
Morris the Second 
Show Notes - https://www.grc.com/sn/SN-966-Notes.pdf 
Hosts: Steve Gibson and Mikah Sargent 
Download or subscribe to this show at https://twit.tv/shows/security-now. 
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit 
You can submit a question to Security Now at the GRC Feedback Page. 
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
zscaler.com/zerotrustAI
robinhood.com/boost
GO.ACILEARNING.COM/TWIT
joindeleteme.com/twit promo code TWIT
vanta.com/SECURITYNOW


SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

Download our free app to listen on your phone