All the entries are in reverse cronological order. The list is meant to be read from bottom to top. So find the episode you are interested in and look at the tweets from Mr. Gibson above the episode title.
2020-02-18 21:26 - "The Internet of Troubles" Security Now #754 Show Notes: http://bit.ly/2P5R3Wt
Our regular round up of interesting news of the week, some SQRL and SpinRite news, and then we look at some new and quite worrisome IoT problems! [ Link to Twitter ]
2020-02-11 21:11 - "Promiscuous Cookies" Security Now #753 Show Notes: http://bit.ly/2w4B6cc
We're tightening up our browser's default handling of cross-site cookies... but not without consequences. And... lots of other fun security and privacy news of the week. [ Link to Twitter ]
2020-02-04 19:55 - "The Little Red Wagon" Security Now #752 Show Notes: http://bit.ly/37WLlxi
A week of varied and interesting news. Lots of fun discussion and the clever hack of the decade involving a little red wagon. :) [ Link to Twitter ]
2020-01-28 20:34 - "SHAmbles" Security Now #751 Show Notes: http://bit.ly/2tOrIZJ
A duo who have been methodically pounding on SHA-1 for years made a breakthrough in defeating its protections. SHA-1 is now a shambles. (And lots of other interesting news of the past week!) [ Link to Twitter ]
2020-01-23 17:11 - "Star Trek: Picard" Premieres Today.
It's annoying that it's "CBS All Access", so paid streaming. But just a heads-up for those who might have not caught the release date. :) [ Link to Twitter ]
2020-01-21 21:25 - "The CurveBall CryptoAPI" Security Now #750 Show Notes: http://bit.ly/2vblDqu
This week we cover a bunch of news, including another serious RDP remote code execution exploit that slipped under the radar due to all of the more pressing CurveBall news. [ Link to Twitter ]
2020-01-14 21:22 - "Windows 7 - R.I.P." Security Now! #749 Show Notes:
Too Much Hot News this week! The BIGGIE is the new Cable Haunt vulnerability affecting nearly all cable modems. There's the ease of SIM swap identity spoofing... and so much more! [ Link to Twitter ]
2020-01-07 20:29 - "Our Malware Lexicon" Security Now! #748 Show Notes:
For our first podcast of 2020, we cover the usual collection of interesting news and events, then we zip though the 7 classifications of malware. :) [ Link to Twitter ]
2019-12-29 03:41 - Danger Will Robinson!! Danger!!
A heads-up that Netflix released all of Season 2 of Lost in Space the day before Christmas. I haven't started into it yet since I JUST found out. Hope to make it last a few nights! :) Happy Holidays All! [ Link to Twitter ]
2019-12-23 21:04 - "A Decade of Hacks" Security Now #746 Show Notes: http://bit.ly/35POfCY
The week brought us more interesting news, so I'm hoping we'll have time to cram in our walk-through all of the events of the past decade! :) [ Link to Twitter ]
2019-12-17 20:58 - "PlunderVolt" Security Now #745 Show Notes: http://bit.ly/34zQQzn
An extra double good episode this week, I think. Several interesting math/science/tech pieces of news, and yet another way to compromize Intel processors. :) [ Link to Twitter ]
2019-12-10 18:49 - "VPN-geddon Denied" Security Now #744 Show Notes: http://bit.ly/2t32SEt
A bunch of interesting news, my first mention of the new WireGuard VPN (with much more on that to come) and a look at the "critical" trans-VPN problems in most OSes. [ Link to Twitter ]
2019-11-26 21:57 - "Pushing" DoH - Security Now #742 Show Notes: http://bit.ly/2XQqQhN
A nice helping of the past week's security news and events. Then we take a close look at DoH (DNS over HTTPS) and discover something unexpected! :) [ Link to Twitter ]
2019-11-19 20:08 - "TPM-FAIL" Security Now #741 Show Notes: http://bit.ly/2OvvVaX
Lots of interesting news and updates on stories we've been following. And then we examine newly discovered and revealed failures in TPM secret keeping. [ Link to Twitter ]
2019-11-12 21:24 - "Credential Delegation"
Security Now! #740 Show Notes:
LOTS of news of the past week, and then we examine a new emerging IETF standard for creating and managing ultra-short-lived TLS certificates. :) [ Link to Twitter ]
2019-11-05 20:01 - "DoH & BlueKeep" Security Now! #739 Show Notes: http://bit.ly/34ztY3I
Lots of interesting news of the week, including news on the mounting DoH controversy and the appearance (at long last) of active BlueKeep vulnerability exploitation. [ Link to Twitter ]
2019-10-22 20:22 - "Biometric Mess" Security Now #737 Show Notes: http://bit.ly/2Bx65wX
The most interesting news of the week and a bit of miscellany. Then Jason and I look at two recent high-profile failures of consumer biometric authentication and consider the implications. :) [ Link to Twitter ]
2019-10-15 20:32 - "CheckM8" - Security Now #736 Show Notes: http://bit.ly/2IRmReA
We cover a wide range of recent news ((no mention of ransomware!) and take a close look at the recently discovered and widely revealed unpatchable Apple Boot ROM exploit to Jailbreak most iDevices. [ Link to Twitter ]
2019-10-08 20:38 - "Makes Ya WannaCry" Security Now #735 Show Notes:
We cover the news of the past several weeks (more ransomware craziness), and we conclude by looking at a miracle that prevented the end of the world two years ago! [ Link to Twitter ]
2019-10-07 14:28 - The OWASP Gothenburg, Sweden chapter created a terrific video of my presentation there 10 days ago:
This video FULLY demonstrates and EXPLAINS SQRL to anyone who is interested. Share it with other techies! :) [ Link to Twitter ]
2019-10-03 16:45 - Back in the States from a great time talking about SQRL at OWASP groups in Dublin and Sweden. Now in Boston with Leo & Lisa for a fun panel discussion on the topic of Trends in Identity. [ Link to Twitter ]
2019-09-21 21:00 - "The Top 25 Bug Classes"
Security Now #733 Show Notes:
Another week of security craziness including some very interesting security findings from a summary of 4000 small businesses. :) [ Link to Twitter ]
2019-09-17 20:02 - "SIM Jacking" Security Now #732 Show Notes: http://bit.ly/2LyINNd
A surprising universal widespread privacy attack on all SIM-based phones, and a LOT of additional cool news of the week. :) [ Link to Twitter ]
2019-09-15 16:46 - It’s not clear to me what problem this solves. Yes, time of display & recording WOULD be verifiable. But an authentic pattern could simply be patched into any faked video by claiming the same time of recording. And false positive DeepFake verification would be worse than none. https://twitter.com/mcuban/status/1172627057081143297… [ Link to Twitter ]
2019-09-14 20:45 - Early Release of: "The Joy of Sync" Security Now #734, Show Notes: http://bit.ly/2LvFiXF
A bit of non-Sync discussion of the move toward DoH (DNS over HTTPS), then we look into the two terrific Sync solutions I have found and love! :) [ Link to Twitter ]
2019-09-09 19:51 - "DeepFakes" Security Now! #731
Show Notes: http://bit.ly/305jeXY
The most interesting news of the week followed by our first discussions on the podcast of the growing problem of "DeepFake" audio and video. :) [ Link to Twitter ]
2019-09-06 22:40 - Confirmed that the latest "Sync" client for Windows (v2.0.5), under Win7, no longer consumes excess RAM. Yay! "Sync" is my choice for the most cost effective client-side encrypted (TNO) cloud backup, with multi-machine directory sync & versioning. Full details in podcast #734. [ Link to Twitter ]
2019-09-06 15:32 - Excellent news from the @Sync guys at http://bit.ly/31MAgeO: The memory consumption I've been seeing on my Sync'd Win7 machines are/were caused by Win7's leaky old IE engine used for their UI. They're on it and should have it fixed shortly! Whew! [ Link to Twitter ]
2019-09-03 20:30 - "The Ransomware Epidemic"
Security Now! #730 Show Notes:
This week, rather than covering many small topics, we take some deeper dives into just a few topics... and most notably, the worrisome explosion of ransomware attacks. [ Link to Twitter ]
2019-09-03 18:52 - Thanks everyone. I'm settling on:
So dee' no kee bee
It's also fun to say. :) [ Link to Twitter ]
2019-09-03 16:46 - The latest ransomware to take off is known as "Sodinokibi" (aka REvil).
Does anyone have any idea how I should pronounce "Sodinokibi" for the podcast?
I have NO idea! <g> [ Link to Twitter ]
2019-08-30 19:42 - Update on secure file sync: I want to choose http://bit.ly/31MAgeO (@Sync) but it is badly leaking memory on all of my Win7 machines, so I'm unable to recommend it unless/until they fix this problem. I contacted them several days ago. Fingers crossed. [ Link to Twitter ]
2019-08-27 20:12 - "Next Gen Ad Privacy"
Security Now! #729 Show Notes:
We cover the week's most interesting and important news, check-in on SQRL and on my file sync journey, and then we examine a forthcoming formal, non-tracking, system for Internet advertising. [ Link to Twitter ]
2019-08-20 19:28 - "The KNOB is Broken" Security Now #728 Show Notes: https://www.grc.com/sn/SN-728-Notes.pdf…
Our usual round up of the past week's most significant security news. Lots of fun stuff for this first podcast of our 15th year, including coverage of the latest Bluetooth pairing security disaster. :| [ Link to Twitter ]
2019-08-19 22:06 - Slick trick for "native" folder syncing for http://Sync.com or DropBox: Move native folder under the cloud provider's folder, then use "mklink" command (or Mac/Linux equivalent) to create a Symlink to the original folder location. Works perfectly! :)
More details soon! [ Link to Twitter ]
2019-08-19 22:00 - RT @haral: Join us at OWASP OC's Thursday, Aug 22, dinner meeting. Steve Gibson from GRC is talking about SQRL - Secure Quick Reliable Logi… [ Link to Twitter ]
2019-08-19 21:53 - One problem with http://sync.com is no native Linux support. But I'm all Windows on the desktop. Everything else & mobile is covered. But that might be a deal breaker for some. [ Link to Twitter ]
2019-08-19 21:45 - So far I've experimented with Dropbox, ownCloud, nextcloud, SyncThing, http://sync.com and several others. (Got SyncThing to sync to the cloud, too!) I'll be doing a full feature and experience rundown for Security Now #734 on October 1st... after much more experimenting. [ Link to Twitter ]
2019-08-19 21:39 - Currently testing: 5GB free cloud folder/file instant sync with end-to-end TNO encryption, ability to securely share arbitrary file links, prior file version history (ransomware protection) optional offline storage to free up local space, transparent, using existing folders. [ Link to Twitter ]
2019-08-14 21:06 - FYI: I'm heading toward a hybrid solution with zero-cost or paid options, warrant-proof (TNO) cloud storage, optional archival non-local storage, file versioning, ransomware protection, fully cross-platform, and more. :) [ Link to Twitter ]
2019-08-13 20:04 - "Black Hat & Def Con" | Security Now! #727 Show Notes: https://www.grc.com/sn/SN-727-Notes.pdf…
Some of the news arising from the recently concluded annual Las Vegas hacking events, and a bunch of other interesting news, views and feedback. [ Link to Twitter ]
2019-08-06 20:20 - "Steve's File Sync Journey"
Security Now! #726 Show Notes: https://www.grc.com/SN/sn-726-notes.pdf…
Our typical grab bag of interesting security news. Then I share the result of my multi-month search for a reliable and transparent multi-site file-sync. [ Link to Twitter ]
2019-07-30 19:57 - "Urgent/11" Security Now #725 Show Notes: https://www.grc.com/sn/SN-725-Notes.pdf…
The episode =was= going to be titled "Your NAS is Grass!" ... until yesterday's news about 2 Billion VxWorks devices with CRITICAL Remote Code Execution flaws! Stay Tuned! :) [ Link to Twitter ]
2019-07-16 20:20 - "Encrypting DNS" Security Now! #723 Show Notes:
Our typical weekly roll-up of all the week's most interesting security and privacy news, and then a overview survey of the state of DNS Encryption for privacy and security. :) [ Link to Twitter ]
2019-07-09 20:07 - "Gem Hack & Ghost Protocol"
Security Now! #722 Show Notes: https://www.grc.com/SN/sn-722-notes.pdf…
This week we stumble over a number of instances where technology appears to be colliding with the status quo. How could DNS over HTTPS be controversial?? :-/ [ Link to Twitter ]
2019-06-18 20:11 - "Exim Under Siege" Security Now! #719 Show Notes: https://www.grc.com/sn/SN-719-Notes.pdf…
An extra-spiffy-good podcast today, I suspect, with lots of fun and interesting news. Exim, RAMBleed, Tavis Ormandy, BlueKeep, GandCrab, the new Linux SACK nightmare... and more! :) [ Link to Twitter ]
2019-06-04 20:18 - "The Nansh0u Campaign" Security Now #717 Show Notes: https://www.grc.com/sn/SN-717-Notes.pdf…
The anatomy of a powerful state-level attack, apparently now in the hands of amateurs. (And, of course, a bunch of additional interesting news.) [ Link to Twitter ]
2019-05-28 17:41 - How to obtain the new Windows 10 Feature Update 1903 without waiting:
This will download a small 5.9MB update trigger file from Microsoft. [ Link to Twitter ]
2019-05-14 20:13 - Android "Q" Security Now #715 Show Notes: http://bit.ly/2EbPX5T
We look at many significant Google I/O security and privacy announcements, the new "ZombiLoad" Intel Chip problem <sigh> and then the MAJOR progress Google is making with Android "Q". :) [ Link to Twitter ]
2019-05-07 21:05 - “Post-Coinhive Cryptojacking”
Security Now #713 Show Notes:
The way this podcast's topics came out, it might be called the web browser world update. Which is it say... lots of browser news! :) [ Link to Twitter ]
2019-04-30 19:59 - "Credential Stuffing Attacks"
Security Now! #712 Show Notes:
The strong economic incentives underlying the explosive growth of widespread automated username and password guessing... and the Dark Web. [ Link to Twitter ]
2019-04-23 19:52 - "DNSpionage" Security Now! #711 Show Notes: http://bit.ly/2VZNHFz
Lots of interesting news of the week and a look inside a multi-year sophisticated DNS hijacking campaign by a nation-state actor. [ Link to Twitter ]
2019-04-16 20:17 - "DragonBlood"
Security Now! #710 Show Notes:
The first (successful) attacks against the forthcoming WPA3 protocol which will be replacing our current WPA2. And a bunch of other news of the week. [ Link to Twitter ]
2019-04-09 20:13 - "URL "ping" Tracking" Show Notes: http://bit.ly/2D1f8Y7
The final browser capitulation to unblockable tracking of our actions and behavior across the Internet. But also lots of other less depressing news! :) [ Link to Twitter ]
2019-04-02 20:17 - "Android Security" (quotes not meant to demean: impressive results at Android's 10th birthday.) Security Now! #708 Show Notes: http://bit.ly/2CL6DR5
And a bunch of other news and follow-ups! :) [ Link to Twitter ]
2019-03-26 20:05 - "Tesla, Pwned" Security Now! #707
Show Notes: http://bit.ly/2CDMpII
Waaaay too much to talk about this week, including the results of last week's 3-day Pwn2Own competition. [ Link to Twitter ]
2019-03-19 19:50 - "Open Source eVoting" (DARPA)
Security Now #706 Show Notes:
A good assortment of interesting new and a few follow-ups on recent topics. Should be another useful couple of hours! :) [ Link to Twitter ]
2019-03-12 20:37 - "SPOILER"
Security Now #705 Show Notes:
Spectre meets RowHammer and the result is not good. And we also had a TON of interesting news this past week. So... another interesting podcast, I think. :) [ Link to Twitter ]
2019-03-05 21:32 - "Careers in Bug Hunting" Security Now! #704 Show Notes:
Looks like it's going to be another of our "how much can we cram into 2 hours" news-of-the-week podcast! :) [ Link to Twitter ]
2019-02-19 20:16 - "Authenticity on the Internet"
Security Now! #702 Show Notes:
An important topic this week: What happens when text generating AI bots roam the Internet freely posing and posting as humans? That day is closer than we think. [ Link to Twitter ]
2019-01-29 21:23 - "Browser Extension Security"
Security Now! #699, Show Notes:
A whole bunch of news and an urgent need to update two models of Cisco VPN router! [ Link to Twitter ]
2019-01-22 21:32 - Security Now! #698 "Which Mobile VPN Client?" Show Notes:
And lots of news, some errata, miscellany, listener feedback... and a fun main topic/question answered! [ Link to Twitter ]
2019-01-08 20:03 - Security Now! #695
"Here Comes 2019!" Show Notes:
A grab bag of the major news since our last podcast of 2018... with lots of fun and interesting stuff to discuss! [ Link to Twitter ]
2018-12-11 21:25 - "Internal Bug Discovery"
Security Now! #693 Show Notes:
Another very busy and interesting week of news, and some thoughts about how it matters who discovers a company's bugs. :) [ Link to Twitter ]
2018-12-04 21:02 - "GPU RAM Image Leakage"
Security Now! #692 Show Notes:
Residual web page textures left behind in GPU RAM leak where we're been... and... lots of additional interesting news of the week! :) [ Link to Twitter ]
2018-11-27 20:40 - "ECCploit" (pronounced "exploit" :)
Security Now! #691 Show Notes:
This was a light news week, but we have some interesting news, feedback, and a good topic to tear into. :) [ Link to Twitter ]
2018-11-20 20:26 - "Are Passwords Immortal?"
Security Now! #690 Show Notes:
Troy Hunt believes passwords are here to stay and I don't disagree. But at the same time I do think we need an alternative to be available and ready. :) [ Link to Twitter ]
2018-11-13 21:25 - "Self-Decrypting Drives"
Security Now! #689 Show Notes:
A deep dive into poor SSD Encryption implementation. And, as always, lots of other interesting news of the week. [ Link to Twitter ]
2018-11-08 23:24 - GRC'S DNS Spoofability Tests: Back online!
For any who have been missing those tests (which are unique in the world), the system is up and running once again. Sorry for the outage. I was unaware until recently. :) [ Link to Twitter ]
2018-11-06 21:37 - "PortSmash"
Security Now! #688 Show Notes:
A close look at this week's newly revealed troubles with a common processor feature... and much more! :) [ Link to Twitter ]
2018-10-30 20:10 - "Securing the Vending Machine"
Security Now! #687 Show Notes:
Following up on last week's crypto puzzler and, as always, plenty of other news of the past week. [ Link to Twitter ]
2018-10-23 20:16 - "Libssh's Big Whoopsie!"
Security Now! #686 Show Notes:
Lots of other interesting news and, at the end, a Security Now! design puzzler to think about until next week! :) [ Link to Twitter ]
2018-09-11 19:38 - (For those interested, the recent, now being exploited in the wild, local privilege elevation bug HAS been patched with today's patch Tuesday.) [ Link to Twitter ]
2018-09-11 19:20 - "Exploits & Updates" Security Now #680 Show Notes: http://bit.ly/2x3KkSV
Lots of interesting and engaging news. (No word on today's Patch Tuesday update details yet.) [ Link to Twitter ]
2018-09-04 02:21 - Remember last week's latest new Apache STRUTS vulnerability?
Well, the bar has been forever raised on vulnerability disclosure and demo sites:
http://bit.ly/2PWUXzH [ Link to Twitter ]
2018-08-14 20:34 - "The Mega FaxSploit" Show Notes: http://bit.ly/2vIOY9b
ALL HP Fax/Printers MUST be updated. Full coverage of this, and lots of other DEFCON / BlackHat conference news! [ Link to Twitter ]
2018-08-14 16:45 - CRITICAL HP Fax/Printer Vulnerability -- from the phone line! (Really) All such devices should be updated immediately, and it's blessedly simple:
Go here: http://bit.ly/2vHis7i
Select discovered device and go. [ Link to Twitter ]
2018-07-31 20:31 - "Attacking Bluetooth Pairing"
Show Notes: http://bit.ly/2v4Gl8j
And, as always, LOTS of other interesting news... including (surprise!) another new Spectre attack! :/ [ Link to Twitter ]
2018-07-24 20:23 - "The Data Transfer Project"
A =MAJOR= step forward in our industry's maturation.
Show Notes: http://bit.ly/2Of7gqf
And so much more interesting news this week. [ Link to Twitter ]
2018-07-24 18:19 - A "Venmo" privacy advocate researched all transactions during 2017:
Whacky website but some interesting details and examples. [ Link to Twitter ]
2018-07-24 17:41 - Photos of Venmo's money transfer participants: Bring up this page:
Then click on the various "picture" links. Wow. Very social media. [ Link to Twitter ]
2018-07-23 23:04 - (And if you then refresh your browser's page you'll get a newer one. Unbelievable.) [ Link to Twitter ]
2018-07-23 23:03 - Paypal's Venmo API defaults to publicly posting transaction details. What?!?!
This link will show you the most recent one: http://bit.ly/2NEixyZ [ Link to Twitter ]
2018-07-21 22:22 - GRC is back online.
It was a dead port on their switch.
But happy to be back online! [ Link to Twitter ]
2018-07-21 21:10 - Confirmed. They are rolling a tech to their data center to plug us into a different port on their equipment. They are seeing traffic =from= me (so they confirm that the link is up), but they are not sending any back out... so their switch's port must have simply died. [ Link to Twitter ]
2018-07-21 19:23 - GRC Update: Everything I can do is done. The upstream link to Level3's aggregation router is UP, but the other end does not respond to a ping from my end. So I suspect the port I'm plugged in to on the router died. And... it's Saturday. [ Link to Twitter ]
2018-07-21 17:40 - GRC is DOWN HARD.
No idea what happened yet.
Everything appears to be fine at the data centers.
Incoming link is up, but no bandwidth appears to be incoming. Looks like a routing problem at Level3/Century Link end. I'm on it! :) [ Link to Twitter ]
2018-07-17 20:21 - "All Up in Their Business"
Security Now! #672 Show Notes:
We catching up with a bunch of interesting news, then look at the detail U.S. law enforcement has about Russia's involvement in the 2016 US election. It's stunning. [ Link to Twitter ]
2018-07-10 20:05 - "STARTTLS Everywhere" Security Now #671 Show Notes:
Lots of interesting news this week, and a look at the challenge of back-fitting useful security onto our traditional Internet eMail system. [ Link to Twitter ]
2018-06-26 20:34 - "Cellular Location Privacy"
Security Now! #669 Show Notes:
Fewer topics this week, but deeper dives into each. (And sharing my recent machine resurrection adventure. :) [ Link to Twitter ]
2018-06-19 20:28 - "Lazy FP State Restore"
(Yet another speculative execution vulnerability for Intel!)
Security Now #668 Show Notes:
(And lots of other interesting stuff, of course!) [ Link to Twitter ]
2018-05-29 20:32 - Security Now! #665 "VPNFilter"
Show notes: http://bit.ly/2xozU3D
A deep dive into the operation and behavior of the VPNFilter botnet, ...and a bunch of the week's news! [ Link to Twitter ]
2018-05-15 20:32 - Security Now! #663 "Ultra-Clever Attacks"
Coverage of two new attacks "eFail" and "ThrowHammer"... And, of course, plenty of other interesting news from the past week! :) [ Link to Twitter ]
2018-05-01 20:15 - Security Now #661 Show Notes:
"Securing Connected Things"
More Microsoft focus upon IoT and industrial device (SCADA) security. What needs to be done for TRUE security? :) [ Link to Twitter ]
2018-04-24 20:26 - Security Now #600 "Azure Sphere"
Show Notes: http://bit.ly/2FehYaF
Microsoft designs and donates a highly secure hardware & software system for securing IoT devices. Nice!! [ Link to Twitter ]
2018-03-13 20:49 - The "AMD Chipset Disaster!"
Security Now! #654 Show Notes. Coverage of this morning's VERY worrisome AMD security news, plus lots more about malicious cryptocurrency mining and the explosion of MemCrashed DrDoS attacks! [ Link to Twitter ]
2018-03-08 01:13 - New release #7 of GRC's InSpectre app clearly displays the CPUID for comparison with Microsoft's forthcoming Intel & AMD processor microcode patches:
See the comments for release #7 for further details. /Steve. [ Link to Twitter ]
2018-03-06 21:24 - Security Now #653 Show Notes:
"MemCrashed" DDos Attacks
A BIG week of interesting news... plus the appearance of a new Internet-melting DDoS attack method. [ Link to Twitter ]
2018-02-20 21:18 - Security Now! #651 Show Notes:
"Russian Meddling Technology"
Lots of news this week and a look at the technology Russia employed to involve itself in the 2016 US election. [ Link to Twitter ]