SN 1026: Rogue Comms Tech Found in US Power Grid - Is AI Replicating Itself?
Chrome to actively refuse admin privileges.
Android Messenger is getting manual key verification.
Pwn2Own to add AI "pwning" as in-scope attack targets.
AI has already been found to be replicating.
Microsoft not killing off Office on Win10 after October.
23andMe's asset purchaser revealed.
Many fun talking points thanks to our listeners.
Steve's review of "Andor", season 2.
What's been discovered inside the U.S. power grid
Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
bigid.com/securitynow
material.security
joindeleteme.com/twit promo code TWIT
bitwarden.com/twit
drata.com/securitynow
--------
2:47:03
SN 1025: Secure Conversation Records Retention - FBI Says to Toss Your Old Router
The state of Virginia passes an age-restriction law that has no chance.
New Zealand also tries something similar, citing Australia's lead.
A nasty Python package for Discord survived 3 years and 11K downloads.
The FBI says it's a good idea to discard end-of-life consumer routers.
What's in WhatsApp? Finding out was neither easy nor certain.
The UK's Cyber Centre says AI promises to make things much worse.
A bunch of great feedback from our great listeners, then:
Is true end-to-end encryption possible when records must be retained?
Show Notes - https://www.grc.com/sn/SN-1025-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
threatlocker.com for Security Now
uscloud.com
hoxhunt.com/securitynow
canary.tools/twit - use code: TWIT
--------
2:44:17
SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach
Microsoft to officially abandon passwords and support their deletion.
Meta's RayBan smart glasses weaken their privacy terms.
30% of Microsoft code is now being written by AI.
Google says prying Chrome from it will damage its security.
Nearly 1,000 six-year-old eCommerce backdoors spring to life.
eM Client moves to version 10.3
A bunch of terrific listener feedback creates talking points.
A little-known, insecure message archiving service comes to light.
Show Notes - https://www.grc.com/sn/sn-1024-notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
bitwarden.com/twit
joindeleteme.com/twit promo code TWIT
drata.com/securitynow
material.security
threatlocker.com/twit
--------
2:46:22
SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"
Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday?
And what new Windows Update crashing hack did this also create?
North Korea is now creating fake US companies to lure would-be employees.
The "Inception" attack subverts all GPT conversational AIs.
New information about data loss in unpowered SSD mass storage.
Lots of terrific feedback from our listeners.
How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it
Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
legatosecurity.com
threatlocker.com for Security Now
outsystems.com/twit
hoxhunt.com/securitynow
--------
2:44:49
SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats
Enabling Firefox's Tab Grouping.
Recalled Recall Re-Rolls out.
The crucial CVE program nearly died. It's been given new life.
China confesses to hacking the US (blames our stance on Taiwan).
CISA says what Oracle still refuses to.
Brute force attacks on the (rapid) rise.
An AI/ML Python package rates a 9.8 (again!)
The CA/Browser forum passed short-life certs. :(
A wonderful crosswalk hack hits Silicon Valley.
Android to add force restarting ahead of schedule. Maybe.
The EFF is never happy. But especially now, about Florida.
Interesting research into ransomware payouts.
Windows Sandbox: The amazing gem hidden inside all Windows 10 & 11!
Show Notesb - https://www.grc.com/sn/SN-1022-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
joindeleteme.com/twit promo code TWIT
drata.com/securitynow
bigid.com/securitynow
1password.com/securitynow
material.security
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Canada - english