Security Now (Video HI)

Last Tuesday was another busy and important patch Tuesday And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again! Kaspersky facilitates independent web tracking So, what the heck is "CTF"? 23 Government agencies in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th RIP, EV: The coming demise of Extended Validation (EV) certificates And... So long FTP! HTTP/2 goes to the Movies "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR" We invite you to read our show notes at https://www.grc.com/sn/SN-728-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: thehelm.com/SECURITYNOW netscout.com

This Week's Stories BlackHat and Def Con 2019 Microsoft dangles $300,000 for Azure hacks at BlackHat... Hotel chaos from Germany's Chaos Computer Club 40 dangerous drivers Google's battle to allow its Incognito users' Incognitoness to be Incognito Microsoft ranks the industry's top bug hunters Apple bumps its bounties We invite you to read our show notes at https://www.grc.com/sn/SN-727-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: go.itpro.tv/securitynow promo code SN30 WWT.COM/TWIT canary.tools/twit - use code: TWIT

This week's stories• A widespread false alarm about Facebook's planned subversion of end-to-end encryption• Still more municipality Ransomware attacks• Anti-encryption saber rattling among the Five Eyes nations• Microsoft's discovery of Russian-backed IoT compromise• Chrome 76's changes• Black Hat and Def Con preview• The challenge of synchronizing a working set of files between two locations We invite you to read our show notes at https://www.grc.com/sn/SN-726-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com netscout.com

This Week's Stories Marcus Hutchins ... is Free! U.S. Attorney General Bill Barr on "warrant proof data encryption" What malware is the most popular underground? This Week in Ransomware Your NAS is Grass! 11 vulnerabilities in VxWorks' TCP/IP stack We invite you to read our show notes at https://www.grc.com/sn/SN-725-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Wasabi.com offer code SecurityNow netscout.com

This Week's Stories Welcome to Kazakhstan! Please check your privacy at the border. Mozilla marking all non-HTTPS pages as "not secure" Chrome Incognito Mode getting a bit more incognito A forthcoming "super Incognito mode" for Firefox Rust-TLS outperforms OpenSSL in nearly every way Microsoft announces "ElectionGuard" during last week's Aspen Security Forum ProFTPD Server is wide open to remote compromise Sophos: "RDP exposed: the wolves already at your door" We invite you to read our show notes at https://www.grc.com/sn/SN-724-Notes.pdf Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT expressvpn.com/securitynow

Bullet points from last Tuesday's monthly Windows patches as well Notes from the end of Windows 7 Laporte County Under Ransomware Attack The mixed blessing of fining companies for self-reporting A survey of enterprise malware headaches Some Mozilla/ Firefox news Another (kinda obvious) way of exfiltrating information from a PC DNS Encryption We invite you to read our show notes at https://www.grc.com/sn/SN-723-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: netscout.com go.itpro.tv/securitynow promo code SN30 thehelm.com/SECURITYNOW

This Week's Stories Mozilla's privacy-enhancing DNS over HTTPS support Facial recognition and automobile license plate scanners The future of satellite-based Internet services How a Ruby code repository was hacked The UK GCHQ's proposal for adding "ghost" participants into private conversations We invite you to read our show notes at https://www.grc.com/sn/SN-722-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: redhat.com/heroes canary.tools/twit - use code: TWIT WWT.COM/TWIT

Ransomware in Florida and elsewhere The "Going Dark" anti-encryption debate A BlueKeep Proof of Concept demo produced by the guys at SophosLabs Massive publicly-exposed databases Chinese IoT manufacturer logs a million+ customer devices into a 2+ billion record publicly-exposed database The dilemma we have with the utter lack of oversight and control over our own IoT devices We invite you to read our show notes at https://www.grc.com/sn/SN-721-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: LastPass.com/twit securitynow.cachefly.com Wasabi.com offer code SecurityNow

Update on the Linux TCP SACK Kernel panic Hackers exploit a Firefox flaw and attack Coinbase Google corrects a flaw with Nestcam An elegant solution to OpenSSH key theft via Rowhammer attacks Update on the BlueKeep RDP vulnerability Verizon's negligence caused a major Cloudflare and Amazon customer outage NASA was infected by an APT for more than a year Should you pay ransomware? Microsoft's Chromium-based Edge browser update The state of the commercial Bug Bounty Business We invite you to read our show notes at https://www.grc.com/sn/SN-720-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Atlassian.com/teams/it thehelm.com/SECURITYNOW expressvpn.com/securitynow

A new DRAM problem called "RAMBleed" A bad Linux TCP SACK server kernel crashing flaw Last week's patch Tuesday A Bluetooth surprise Another useless warning about the BlueKeep vulnerability Microsoft misses a 90-day Tavis Ormandy deadline Good news about GandCrab wrap up Yubico's entropy mistake Post-announce SQRL news Our favorite iOS security app Attacks on Exim mail servers and other pending disasters We invite you to read our show notes at https://www.grc.com/sn/SN-719-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: pulseway.com/twit Wasabi.com offer code SecurityNow canary.tools/twit - use code: TWIT

SandboxEscaper drops another 0-day The still-not-yet-widely-exploited BlueKeep vulnerability GoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep) The FBI issued an interesting advisory about not trusting secure sites just because they're secure VLC receives 33 security bug fixes Microsoft's Edge browser takes another step forward Mozilla reorganizes MUST HAVE utility of the week: DNS Query Sniffer The first formal full release of SQRL Anyone running an Exim mail server needs to update immediately! We invite you to read our show notes at https://www.grc.com/sn/SN-718-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT Atlassian.com/teams/it go.itpro.tv/securitynow promo code SN30

Checking in on the BlueKeep RDP vulnerability The planned shutdown of one of the most "successful" affiliate-based ransomware systems An update on the anti-Robocalling problem Russian and Chinese militaries plan to quit using Windows Apple's announcement yesterday of their forthcoming "Sign in with Apple" service The Nansh0u campaign, apparently sourced from China, has successfully compromised many tens of thousands of servers exposed to the Internet. We invite you to read our show notes at https://www.grc.com/sn/SN-717-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: securitynow.cachefly.com Jobs LastPass.com/twit

The Internet is Doomed: BlueKeep Attacks Windows Remote Desktop Protocol Google Stores Unhashed G Suite Passwords Sandbox Escaper Drops FIVE New Zero-Day Exploits Microsoft's Just-released Win10 Feature Update 1903 Security Enhancements in Firefox's Release 67 We invite you to read our show notes at https://www.grc.com/sn/SN-716-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Prilock.com/twit promo code LEO expressvpn.com/securitynow Atlassian.com/teams/it

This Week's Stories The next round of Intel processor information leakage problems: Microarchitectural Data Sampling vulnerabilities Last Tuesday's patches from Microsoft, Adobe and Apple includes one for Windows XP Security problem for Cisco that ever has stock analysts taking notice Ongoing troubles with the cryptocurrency market Trouble with Google's Titan Bluetooth dongle Another monthly problem with Windows 10 updates We invite you to read our show notes at https://www.grc.com/sn/SN-715-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT WordPress.com/securitynow pulseway.com/twit

This Week's Stories Update WhatsApp NOW! Security News from Google I/O 2019 conference A new exploitable flaw in all Linux kernels earlier than v5.0.8 A new set of flaws affecting all Intel processors known as "ZombieLoad" Security enhancements in Android Q. We invite you to read our show notes at https://www.grc.com/sn/SN-714-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: go.itpro.tv/securitynow promo code SN30 FreshBooks.com/securitynow Atlassian.com/teams/it