Security Now (Video LO) show

Security Now (Video LO)

Summary: Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.

Join Now to Subscribe to this Podcast
  • Visit Website
  • RSS
  • Artist: TWiT
  • Copyright: This work is licensed under a Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International -


 SN 772: Ripple20 | File Type: video/mp4 | Duration: 2:07:14

Zoom encryption, Windows 10 printer error. Ripple20: a set of 19 TCP/IP vulnerabilities that could let remote attackers gain control over your device Russian government lifts its failed ban on Telegram Zoom: everybody gets optional end to end encryption Google removed 106 malicious Chrome extensions collecting sensitive user data Windows 10 update breaks printing VLC Media Player 3.0.11 fixes severe remote code execution flaw Netgear in the doghouse DDoS is alive and well... and growing How to get the new Edge for Windows 7 We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: offer code SECURITYNOW

 SN 771: Lamphone | File Type: video/mp4 | Duration: 1:50:24

Windows update kills printers & SSDs. Lamphone: eavesdrop on a hanging lightbulb Brave Browser caught and chastised for tweaking user-entered URLs for its benefit Microsoft breaks its own record for Patch Tuesday patches TFW Windows 10 loses your printer port Last week's Patch Tuesday broke ALL PRINTING (even to PDFs) for many users. Fix won't come for a month Windows 10 2004 update is messing up SSDs and non-SSDs SMBleed Subject: Your Site Has Been Hacked Authentic database ransom attacks Another side-channel attack on Intel chips We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: - use code: TWIT WWT.COM/TWIT

 SN 770: Zoom's E2EE Debacle | File Type: video/mp4 | Duration: 1:48:16

Zoom's end-to-end encryption fail. Zoom will offer end-to-end encryption, but only if you pay for it IBM announces no more work on facial recognition The Odd Case of Mozilla's DoH DDoS Cisco's Talos group found two critical flaws in the Zoom client CallStranger UPnP bug has tech press in a tizzy Microsoft has started to replace old Edge with new Edge We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: promo code SN30

 SN 769: Zoom's E2EE Design | File Type: video/mp4 | Duration: 2:12:03

Zoom gets end-to-end encryption. ACLU takes Clearview to court, but maybe they should worry about their own website first The state of drive-by malvertising downloads Google will be bad listing notification abusing sites Who else is doing the eBay-like ThreatMetrix port scanning? Facebook to require identity verification for high impact posters Google Messaging is apparently heading toward E2EE The return of a much more worrisome StrandHogg The SHA-1 hash to finally be dropped from OpenSSH What happens when you fuzz USB? Zoom's end-to-end encryption design We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT

 SN 768: Contact Tracing Apps R.I.P. | File Type: video/mp4 | Duration: 1:50:34

Contact tracing apps are not going to work. Why contact tracing apps are never going to work Unc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice! Firefox 77 picks up a nifty new security trick New features in Chrome 83: cookie management, "Safety Check," blocking third-party cookies by default in Incognito mode, and "Tab Groups" Adobe rushes out four out-of-cycle emergency updates to fix security flaws Zerodium temporarily stops buying iOS remote code execution vulnerabilities The NXNS Attack: A group of cybersecurity researchers in Israeli have responsibly disclosed details about a new way they worked out of using the Internet's domain name resolution system to hugely amplify (by a factor of at least 1620 packets) a DDoS attack to take down targeted websites. BIAS - Bluetooth Impersonation AttackS is nothing less than a complete collapse of Bluetooth security. Is eBay port scanning its user's computers? Kinda. Security Now trivia: Steve Gibson helped develop the Speak & Spell! It did voice synthesis with only a 4K bits (0.5K bytes) processor. We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: offer code SECURITYNOW

 SN 767: WiFi 6 | File Type: video/mp4 | Duration: 2:00:03

WiFi 6, Apple vs. FBI, face masks. Last Tuesday's Windows patch Tuesday was not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were rated CRITICAL and all but one of which enabled Remote Code Execution by an attacker. The DOJ and FBI again criticize Apple over encryption When is a fix not a fix? Face masks have thwarted the London police's LFR rollout Utah chooses to roll their own contact tracing app Everything you need to know about WiFi 6 We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT - use code: TWIT

 SN 766: ThunderSpy | File Type: video/mp4 | Duration: 1:57:48

Thunderbolt security flaw, Zoom buys Keybase. Why the ThunderSpy Thunderbolt security flaw is such a big deal Zoom purchases Keybase to fix encryption Firefox 76 released with new features But Firefox 76 broke Amazon's Assistant! Hallelujah!! Edge moves to silence those annoying notification requests. Critical WordPress plugin bugs present on over one million sites Critical vBulletin patch Samsung has patched a CRITICAL bug affecting the past 6 years of Smartphones DefCon and Black Hat 2020 go virtual We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: code SECURITYNOW promo code SN30

 SN 765: An Authoritarian Internet? | File Type: video/mp4 | Duration: 1:58:10

China wants to rebuild the Internet. China's proposal to rebuild the internet is an authoritarian nightmare Bruce Schneier on COVID-19 Contact Tracing Apps Political Correctness hits cybersecurity DHS's CISA says no to 3rd-party DoH "POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers" An authorization bypass in SaltStack Adobe's Big Last Tuesday, Non-Patch Tuesday, Update Google has announced its impending clean-up of the Chrome Web Store Warning about RDP is not crying wolf We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT

 SN 764: RPKI | File Type: video/mp4 | Duration: 1:47:44

Apple/Google Contact Tracing, Best VPNs to protect you. Apple/Google Contact Tracing Update iOS 0-Day Alert! Update Apple Mail Best VPNs to protect you from the Five Eyes TypoSquatting attacks Vitamin D linked to COVID-19 mortality Resource Public Key Infrastructure How BGP can break the Internet We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: offer code SECURITYNOW

 SN 763: The COVID Effect | File Type: video/mp4 | Duration: 1:34:23

Zoom Fixes Security, EARN IT is Evil, Tor in Trouble Zoom gets big-name help with security fixes Google updates Chrome to v81.0.4044.113 to squash a critical flaw FTP in Chrome lives another day! Google "undepreciates" FTP. Windows Patch Tuesday for April 2020 fixes 113 vulnerabilities "Basic Authentication" lives another day! Due to COVID-19, Microsoft and Google will keep "Basic Authentication" around for a little while longer EARN IT Act: call your Senator before it is too late! Tor Project fires over 1/3 of its staff Cloudflare dumps Google's reCAPTCHA We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT

 SN 762: Virus Contact Tracking | File Type: video/mp4 | Duration: 1:50:49

Apple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of Life Apple & Google Virus Contact Tracing: secure and effective Zoom gets another Zoom-bombing mitigation... and a Class-Action Lawsuit Meanwhile, Zoom has enlisted the aid of Alex Stamos Zoom creates a CISO Council What's next for Zoom? Browser Security News: Chrome 81 and Firefox 75 Android Apps Again in the Crosshairs Sandboxie goes Open Source RIP John Conway, creator of Conway's Game of Life We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: promo code SN30 - use code: TWIT

 SN 761: Zoom Go Boom | File Type: video/mp4 | Duration: 1:40:55

Zoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative! Mozilla just patched a pair of CRITICAL 0-days Eight security bugs eliminated from Chrome last week Safari gets a bunch of very important fixes Chrome and Edge join Mozilla in postponing the deprecation of TLS v1.0 and v1.1 Chrome team reversing themselves on the enforcement of Same Site cookies Edge with Vertical Tabs and Smart Copy The return of STIR & SHAKEN Cloudflare has added Parental Control to their DNS service Cloudflare's new service accidentally blocks LGBTQIA+ sites We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: WWT.COM/TWIT

 SN 760: Folding Proteins | File Type: video/mp4 | Duration: 1:31:38

iOS VPN bug, Coronavirus Folding@Home VPN bug in iOS 13.4 Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19. RDP and VPN use skyrocketing To 'www' or not to 'www' Firefox 76 to finally stop assuming "HTTP" Google again revises its schedule for Chrome releases Microsoft moves to support "Shadow Stacks" Cloudflare's DNS is audited by KPMG We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor:

 SN 760: Folding Proteins | File Type: video/mp4 | Duration: 1:31:38

iOS VPN bug, Coronavirus Folding@Home VPN bug in iOS 13.4 Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19. RDP and VPN use skyrocketing To 'www' or not to 'www' Firefox 76 to finally stop assuming "HTTP" Google again revises its schedule for Chrome releases Microsoft moves to support "Shadow Stacks" Cloudflare's DNS is audited by KPMG We invite you to read our show notes at Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor:

 SN 759: TRRespass | File Type: video/mp4 | Duration: 1:54:01

This week's stories: Two new un-patched 0-days affecting billions of Windows users - here is the fix! Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirus A micropatch for Win7 and Server 2008 Chrome's release schedule has been impacted by the coronavirus Avast emergency-disables their internal JavaScript emulator CookieThief - "FireSheep evolves for the 21st century" PwnToOwn Spring 2020 winners Steve's coronavirus journey The fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: offer code SECURITYNOW


Login or signup comment.