September 26, 2023

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Listen Later

2 hours 25 minutes

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.

China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.

A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.

The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.

A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.

Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.

A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.

An emailer claimed to have a mathematical algorithm that can generate truly random numbers.

Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.

There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.

Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Hosts: Steve Gibson and Ant Pruitt

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

joindeleteme.com/twit promo code TWIT

GO.ACILEARNING.COM/TWIT

Melissa.com/twit

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Now (Audio)

By TWiT

4.6

19321,932 ratings

September 26, 2023

SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Listen Later

2 hours 25 minutes

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.

China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.

A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.

The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.

A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.

Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.

A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.

An emailer claimed to have a mathematical algorithm that can generate truly random numbers.

Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.

There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.

Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Hosts: Steve Gibson and Ant Pruitt

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

joindeleteme.com/twit promo code TWIT

GO.ACILEARNING.COM/TWIT

Melissa.com/twit

...more

More shows like Security Now (Audio)

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,002 Listeners

Hands-On Tech (Audio) by TWiT

Hands-On Tech (Audio)

1,965 Listeners

MacBreak Weekly (Audio) by TWiT

MacBreak Weekly (Audio)

2,013 Listeners

Windows Weekly (Audio) by TWiT

Windows Weekly (Audio)

854 Listeners

Risky Business by Patrick Gray

Risky Business

362 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

633 Listeners

Intelligent Machines (Audio) by TWiT

Intelligent Machines (Audio)

680 Listeners

Tech News Weekly (Audio) by TWiT

Tech News Weekly (Audio)

1,064 Listeners

iOS Today (Audio) by TWiT

iOS Today (Audio)

547 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,008 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

314 Listeners

Malicious Life by Malicious Life

Malicious Life

926 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,812 Listeners

Hacking Humans by N2K Networks

Hacking Humans

312 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

120 Listeners