August 29, 2023

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Listen Later

2 hours 9 minutes

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.

WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.

HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.

Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.

Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.

Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.

Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.

Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.

Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.

Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.

Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

kolide.com/securitynow

canary.tools/twit - use code: TWIT

Building Cyber Resilience Podcast

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Now (Audio)

By TWiT

4.6

19321,932 ratings

August 29, 2023

SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics

Listen Later

2 hours 9 minutes

Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.

WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.

HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.

Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.

Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.

Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.

Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.

Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.

Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.

Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.

Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

kolide.com/securitynow

canary.tools/twit - use code: TWIT

Building Cyber Resilience Podcast

...more

More shows like Security Now (Audio)

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,002 Listeners

Hands-On Tech (Audio) by TWiT

Hands-On Tech (Audio)

1,965 Listeners

MacBreak Weekly (Audio) by TWiT

MacBreak Weekly (Audio)

2,013 Listeners

Windows Weekly (Audio) by TWiT

Windows Weekly (Audio)

854 Listeners

Risky Business by Patrick Gray

Risky Business

362 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

633 Listeners

Intelligent Machines (Audio) by TWiT

Intelligent Machines (Audio)

680 Listeners

Tech News Weekly (Audio) by TWiT

Tech News Weekly (Audio)

1,064 Listeners

iOS Today (Audio) by TWiT

iOS Today (Audio)

547 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,008 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

314 Listeners

Malicious Life by Malicious Life

Malicious Life

926 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,812 Listeners

Hacking Humans by N2K Networks

Hacking Humans

312 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

120 Listeners