Episodios

  • SN 1028: AI Vulnerability Hunting - Jailbreaking is Over
    Jun 4 2025
    • Pwn2Own 2025, Berlin results.
    • PayPal seeks a "newly registered domains" patent.
    • An expert iOS jailbreak developer gives up.
    • The rising abuse of SVG images, via JavaScript.
    • Interesting feedback from our listeners.
    • Four classic science fiction movies not to miss.
    • How OpenAI's o3 model discovered a 0-day in the Linux kernel

    Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • material.security
    • outsystems.com/twit
    • bigid.com/securitynow
    • bitwarden.com/twit
    • joindeleteme.com/twit promo code TWIT
    Más Menos
    3 h y 8 m
  • SN 1027: Artificial Intelligence - The Status of Encrypted Client Hello
    May 28 2025
    • What the status of Encrypted Client Hello (ECH)?
    • What radio technology would be best for remote inverter shutdown?
    • Some DNS providers already block newly listed domains.
    • Knowing when not to click a link can take true understanding.
    • Why can losing a small portion of a power grid bring the rest down?
    • Where are we in the "AI Hype Cycle" and is this the first?
    • Speaking of hype: An AI system resorted to blackmail?
    • Why are we so quick to imbue AI with awareness?
    • ChatGPT's latest o3 model ignored the order to shutdown.
    • Copilot may not be making Windows core code any better.
    • Venice.AI is an unfiltered and unrestrained LLM

    Show Notes - https://www.grc.com/sn/SN-1027-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • outsystems.com/twit
    • threatlocker.com for Security Now
    • canary.tools/twit - use code: TWIT
    • hoxhunt.com/securitynow
    • 1password.com/securitynow
    Más Menos
    2 h y 54 m
  • SN 1026: Rogue Comms Tech Found in US Power Grid - Is AI Replicating Itself?
    May 21 2025
    • Chrome to actively refuse admin privileges.
    • Android Messenger is getting manual key verification.
    • Pwn2Own to add AI "pwning" as in-scope attack targets.
    • AI has already been found to be replicating.
    • Microsoft not killing off Office on Win10 after October.
    • 23andMe's asset purchaser revealed.
    • Many fun talking points thanks to our listeners.
    • Steve's review of "Andor", season 2.
    • What's been discovered inside the U.S. power grid

    Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • bigid.com/securitynow
    • material.security
    • joindeleteme.com/twit promo code TWIT
    • bitwarden.com/twit
    • drata.com/securitynow
    Más Menos
    2 h y 47 m
  • SN 1025: Secure Conversation Records Retention - FBI Says to Toss Your Old Router
    May 14 2025
    • The state of Virginia passes an age-restriction law that has no chance.
    • New Zealand also tries something similar, citing Australia's lead.
    • A nasty Python package for Discord survived 3 years and 11K downloads.
    • The FBI says it's a good idea to discard end-of-life consumer routers.
    • What's in WhatsApp? Finding out was neither easy nor certain.
    • The UK's Cyber Centre says AI promises to make things much worse.
    • A bunch of great feedback from our great listeners, then:
    • Is true end-to-end encryption possible when records must be retained?

    Show Notes - https://www.grc.com/sn/SN-1025-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • threatlocker.com for Security Now
    • uscloud.com
    • hoxhunt.com/securitynow
    • canary.tools/twit - use code: TWIT
    Más Menos
    2 h y 44 m
  • SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach
    May 7 2025
    • Microsoft to officially abandon passwords and support their deletion.
    • Meta's RayBan smart glasses weaken their privacy terms.
    • 30% of Microsoft code is now being written by AI.
    • Google says prying Chrome from it will damage its security.
    • Nearly 1,000 six-year-old eCommerce backdoors spring to life.
    • eM Client moves to version 10.3
    • A bunch of terrific listener feedback creates talking points.
    • A little-known, insecure message archiving service comes to light.

    Show Notes - https://www.grc.com/sn/sn-1024-notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • bitwarden.com/twit
    • joindeleteme.com/twit promo code TWIT
    • drata.com/securitynow
    • material.security
    • threatlocker.com/twit
    Más Menos
    2 h y 46 m
  • SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"
    Apr 30 2025
    • Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday?
    • And what new Windows Update crashing hack did this also create?
    • North Korea is now creating fake US companies to lure would-be employees.
    • The "Inception" attack subverts all GPT conversational AIs.
    • New information about data loss in unpowered SSD mass storage.
    • Lots of terrific feedback from our listeners.
    • How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it

    Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • legatosecurity.com
    • threatlocker.com for Security Now
    • outsystems.com/twit
    • hoxhunt.com/securitynow
    Más Menos
    2 h y 45 m
  • SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats
    Apr 23 2025
    • Enabling Firefox's Tab Grouping.
    • Recalled Recall Re-Rolls out.
    • The crucial CVE program nearly died. It's been given new life.
    • China confesses to hacking the US (blames our stance on Taiwan).
    • CISA says what Oracle still refuses to.
    • Brute force attacks on the (rapid) rise.
    • An AI/ML Python package rates a 9.8 (again!)
    • The CA/Browser forum passed short-life certs. :(
    • A wonderful crosswalk hack hits Silicon Valley.
    • Android to add force restarting ahead of schedule. Maybe.
    • The EFF is never happy. But especially now, about Florida.
    • Interesting research into ransomware payouts.
    • Windows Sandbox: The amazing gem hidden inside all Windows 10 & 11!

    Show Notesb - https://www.grc.com/sn/SN-1022-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • joindeleteme.com/twit promo code TWIT
    • drata.com/securitynow
    • bigid.com/securitynow
    • 1password.com/securitynow
    • material.security
    Más Menos
    2 h y 53 m
  • SN 1021: Device Bound Session Credentials - Hotpatching in Win 11, Apple vs. UK
    Apr 16 2025
    • Android to get "Lockdown Mode".
    • What's in the new editions of Chrome and Firefox?
    • Why did Apple silently re-enable automatic updates?
    • My new iPhone 16, Chinese tariffs and electronics.
    • Dynamic "hotpatching" coming to Win11 Enterprise & Edu.
    • Why is it so difficult for Oracle to fess up?
    • Another multi-year breach inside US Treasury.
    • An Apple -vs- the UK update.
    • "Thundermail" (Can't someone come up with a better name?)
    • The (in)Security of Programmable Logic Controllers.
    • When LLM's write code and hallucinate non-existent packages.
    • Wordpress core security and PHP gets an important audit.
    • Device-Bound Session Credentials update session cookie technology

    Show Notes - https://www.grc.com/sn/SN-1021-Notes.pdf

    Hosts: Steve Gibson and Leo Laporte

    Download or subscribe to Security Now at https://twit.tv/shows/security-now.

    You can submit a question to Security Now at the GRC Feedback Page.

    For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

    Join Club TWiT for Ad-Free Podcasts!
    Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

    Sponsors:

    • expressvpn.com/securitynow
    • vanta.com/SECURITYNOW
    • threatlocker.com for Security Now
    • legatosecurity.com
    • bitwarden.com/twit
    Más Menos
    3 h y 15 m
adbl_web_global_use_to_activate_T1_webcro805_stickypopup