Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I spend somewhat shy of two hours each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

SteveAndLeoAsPicardAndRiker
(This was not our idea. It was created by a fan of the podcast using GIMP (similar to
Photoshop). But as a work of extreme image manipulation, it came out surprisingly well.)

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A PDF file containing Steve's show notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #609 | 25 Apr 2017 | 107 min.
The Double Pulsar

This week Steve and Leo discuss how one of the NSA's Vault7 vulnerabilities has gotten loose, a clever hacker removes Microsoft deliberate (and apparently unnecessary) block on Win7/8.1 updates for newer processors, Microsoft refactors multifactor authentication, Google to add native ad-blocking to Chrome… and what exactly *are* abusive ads?, Mastercard to build a questionable fingerprint sensor into their cards, are Bose headphones spying on their listeners?, 10 worrisome security holes discovered in Linksys routers, MIT cashes out half of its IPv4 space, and the return of two meaner BrickerBots. Then some Errata, a bit of Miscellany, and, time permitting, some "Closing the Loop" feedback from our podcast's terrific listeners.
51 MB 13 MB 270 KB   <-- Show Notes 129 KB 82 KB 151 KB

Episode #608 | 18 Apr 2017 | 127 min.
News & Feedback Potpourri

This week Steve and Leo discuss another new side-channel attack on smartphone PIN entry (and much more), Smartphone fingerprint readers turn out to be far more spoofable that we had hoped. All Linux kernels prior to v4.5 are vulnerable to a serious remote network attack over UDP, a way to prevent Google from tracking the search links we click (and to allow us to copy the links from the search results), the latest NSA Vault7 data dump nightmare, the problem with punycode domains, four years after the public UPnP router exposure, looking closely at the mixed blessing of hiding WiFi access point SSID broadcasts, some miscellany, and then a collection of quick "Closing The Loop" follow-ups from last week's "Proactive Privacy" podcast.
61 MB 15 MB 265 KB   <-- Show Notes 122 KB 90 KB 155 KB

Episode #607 | 11 Apr 2017 | 139 min.
Proactive Privacy  (Really, this time!)

This week Steve and Leo discuss Symantec finding 40 past attacks explained by the Vault 7 document leaks, an incremental improvement coming to CA certificate issuance, and Microsoft’s patching of a zero-day Office vulnerability that was being exploited in the wild. They ask, “What’s a Brickerbot?” They cover why you need a secure DNS registrar, This Week in IoT Tantrums, a headshaker from our “You really can’t make this stuff up” department, the present danger of fake VPN services, and an older edition of Windows reaching end of patch life. They continue with some “closing the loop” feedback from their listeners and a bit of miscellany, then close with a comprehensive survey of privacy-encroaching technologies and what can be done to limit their grasp.
67 MB 17 MB 225 KB   <-- Show Notes 150 KB 102 KB 178 KB

Episode #606 | 04 Apr 2017 | 115 min.
Proactive Privacy

This week Steve and Leo discuss another iOS update update, more bad news and some good news on the IoT front, the readout on Tavis Ormandy's shower revelation, more worrisome anti-encryption saber rattling from the EU, a look at a recent Edward Snowden tweet, Samsung's S8 mistake, an questionable approach to online privacy, celebrating the 40th anniversary of Alice and Bob, some quickie feedback loops from our listeners, an update on my projects, and a comprehensive examination of proactive steps users can take to enhance their online privacy.
54 MB 14 MB 210 KB   <-- Show Notes 148 KB 87 KB 160 KB

Episode #605 | 28 Mar 2017 | 142 min.
Google -vs- Symantec

This week Jason and I discuss Google’s Tavis Ormandy taking an inspiration shower, iOS gets a massive feature and security update, a new target for ‘Bot money harvesting appears, Microsoft suffers a rather significant user-privacy fail, the UK increases its communications decryption rhetoric, a worrisome vote in the US senate, NEST fails to respond to a researcher's report, this week in IoT nonsense, a fun quote of the week, a bit of miscellany, some quickie questions from our listeners, and a close look at the developing drama surrounding Google's enforcement of the Certificate Authority Baseline rules with Symantec.
68 MB 17 MB 416 KB   <-- Show Notes 123 KB 106 KB 175 KB

Episode #604 | 21 Mar 2017 | 117 min.
Taming Web Ads

This week Leo and I discuss developments in the New Windows on Old Hardware front, Cisco finds a surprise in the Vault 7 docs, Ubiquiti was caught with their PHPs down, Check Point discovered problems in WhatsApp and Telegram, some interesting details about the long-running Yahoo breaches, the death of the “eBay Football,” the latest amazing IoT insanity, the incredible results of the CanSecWest Pwn2Own competition, a classic “you’re doing it wrong” example, Tavis pokes LastPass again, some miscellany, and an interesting proposal about controlling web advertising abuse.
56 MB 14 MB 248 KB   <-- Show Notes 126 KB 85 KB 153 KB

Episode #603 | 14 Mar 2017 | 108 min.
Vault 7

This week Leo and I discuss March's long-awaited patch Tuesday, the release deployment of Google Invisible reCaptcha, getting more than you bargained for with a new Android smartphone, the new "Find my iPhone" phishing campaign, the failure of WiFi anti-tracking, a nasty and significant new hard-to-fix web server 0-day vulnerability, what if your ISP decides to unilaterally block a service you depend upon?, shining some much-needed light onto a poorly conceived end-to-end messaging application, two quick takes, a bit of errata and miscellany... and a look into what Wikileaks revealed about the CIA's data collection capabilities and practices.
51 MB 13 MB 176 KB   <-- Show Notes 131 KB 83 KB 153 KB

Episode #602 | 07 Mar 2017 | 138 min.
Let's Spoof

This week, Leo and I discuss the countdown to March’s Patch Tuesday. What was behind Amazon’s S3 outage? Why don’t I have a cellular connectivity backup? We share some additional Cloudflare perspective. Amazon will fight another day over their Voice Assistant’s privacy. An examination of the top nine Android password managers uncovers problems. We’ll cover another fileless malware campaign found in the wild; security improvements in Chrome and Firefox; a proof of concept for BIOS ransomware; a how-to walk-through for return-oriented programming; a nifty new site-scanning service.
66 MB 17 MB 360 KB   <-- Show Notes 140 KB 103 KB 177 KB

Episode #601 | 28 Feb 2017 | 101 min.
The First SHA-1 Collision

This week, Leo and I discuss the “CloudBleed” incident; another project zero 90-day timer expires for Microsoft; this week's IoT head-shaker; a New York airport exposes critical server data for a year; another danger created by inline third party TLS-intercepting "middleboxes"; more judicial thrashing over fingerprint warrants; Amazon says no to Echo data warrant; a fun drone-enabled proof on concept is widely misunderstood; another example of A/V attack surface expansion; some additional Crypto education pointers and miscellany... and, finally, what does Google's deliberate creation of two SHA-1-colliding files actually mean?
48 MB 12 MB 220 KB   <-- Show Notes 133 KB 80 KB 148 KB

Episode #600 | 21 Feb 2017 | 124 min.
The MMU Side-Channel Attack

This week, Leo and I discuss the completely cancelled February patch Tuesday amid a flurry of serious problems; it's not only laptop webcams that we need to worry about; the perils of purchasing a previously-owned Internet connected auto; Chrome changes its UI making certificate inspection trickier; the future of Firefox Add-Ons; Win10's lock screen is leaking the system’s clipboard; a collection of new problems for Windows; a amazing free Crypto book online from Stanford and New York University; pfSense and Ubiquity follows-ups; a bit of geek humor and miscellany… And a deep dive into yet another sublime hack from our ever-clever friends, led by professor Herbert Bos at the University of Amsterdam.
59 MB 15 MB 206 KB   <-- Show Notes 127 KB 89 KB 155 KB

Episode #599 | 14 Feb 2017 | 102 min.
TLS Interception INsecurity

This week, Leo and I discuss the delay in this month's Patch Tuesday (we may know why!), our favorite ad-blocker embraces the last major browser, a university gets attacked by its own vending machines, PHP leaps into the future, a slick high-end Linux hack, the rise of fileless malware, some good advice for tax time, it's not only Android's pattern lock that's vulnerable to visual eavesdropping, what happens with you store a huge pile of Samsung Note 7's in one place?, some fun miscellany, a MUST NOT MISS science fiction TV series, a look at the growing worrisome security implications of uncontrolled TLS interception.
48 MB 12 MB 260 KB   <-- Show Notes 110 KB 72 KB 133 KB

Episode #598 | 07 Feb 2017 | 115 min.
Two Armed Bandits

This week, Leo and I discuss printers around the world getting hacked!, Vizio's TVs really were watching their watchers, Windows has a new 0-day problem, Android's easy-to-hack pattern lock, an arsonist's pacemaker rats him out, a survey finds that many iOS apps are not checking TLS certificates, the courts create continuing confusion over eMail search warrants, a blast from the past: SQL Slammer appears to return, Cellebrite's stolen cell phone cracking data begins to surface, some worrisome events in the Encrypted Web Extensions debate, Non-Windows 10 users are not alone, a couple of questions answered, my report of a terrific Sci-Fi series, a bit of other miscellany... and a fun story about one armed bandits being hacked by two armed bandits..
54 MB 14 MB 257 KB   <-- Show Notes 116 KB 85 KB 150 KB

Episode #597 | 31 Jan 2017 | 107 min.
Traitors in our Midst

This week, Leo and I discuss the best “I'm not a Robot” video ever; Cisco's WebEx problem being far more pervasive than first believed; More bad news (and maybe some good news) for Netgear; Gmail adds .js to the no-no list; a hotel finally decides to abandon electronic room keying; more arguments against the use of modern AV; another clever exploitable CSS browser hack; some (hopefully final) password complexity follow-ups; a bit of errata and miscellany; a SQRL status update; a “Luke... trust the SpinRite” story; and a very nice analysis of a little-suspected threat hiding among us.
51 MB 13 MB 322 KB   <-- Show Notes 115 KB 80 KB 143 KB

Episode #596 | 24 Jan 2017 | 119 min.
Password Complexity Calculations

This week, Leo and I discuss how, while still on probation Symantec issues additional invalid certificates, Tavis Ormandy finds a very troubling problem in Cisco's Web conferencing extension for Chrome, yesterday's more-important-than-usual update to iOS, renewed concerns about LastPass metadata leakage, the SEC looks askance at what's left of Yahoo, a troubling browser form auto-fill information leakage, Tor further hides its hidden services, China orbits a source of entangles photons?, Heartbleed three years later, a new take on compelling fingerprints, approaching the biggest Pwn2Own ever, some miscellany... and some tricks for computing password digit and bit complexity equivalence.
56 MB 14 MB 207 KB   <-- Show Notes 112 KB 84 KB 146 KB

Episode #595 | 17 Jan 2017 | 113 min.
Whats up with WhatsApp?

This week, Leo and I discuss a classic bug at GoDaddy which bypassed domain validation for 8850 issued certificates; could flashing a peace sign compromise your biometric data?; it's not only new IoT devices that may tattle on you: many autos have been able to for the past 15 years; McDonalds gets caught in a web security bypass; more famous hackers have been hacked; Google uses AI to increase image resolution; more on the value or danger of password tricks; and... does WhatsApp incorporate a deliberate crypto backdoor?
54 MB 14 MB 234 KB   <-- Show Notes 120 KB 85 KB 150 KB

Episode #594 | 10 Jan 2017 | 112 min.
A look into PHP malware

This week, Leo and I discuss the US Federal Trade Commission's step into the IoT and home networking malpractice world, a radio station learning a lesson about what words NOT to repeat, Google's plan to even eliminate the "checkbox", a crucial caveat to the "passwords are long enough" argument, more cause to be wary of third-party software downloads, a few follow-ups to last week's topics, a bit of miscellany and a close look at the government's Russian hacking disclosure and a well-known piece of (related?) PHP malware.
53 MB 13 MB 224 KB 126 KB 86 KB 152 KB

Episode #593 | 03 Jan 2017 | 107 min.
I'm NOT a Robot! (Really)

This week, Leo and I discuss law enforcement and the Internet of Tattling things, a very worrisome new and widespread PHP eMail vulnerability, Paul and MaryJo score a big concession from Microsoft, a six year old "hacker" makes the news, Apple discovers how difficult it is to make developers change, hyperventilation over Russian malware found on a power utility's laptop, the required length of high entropy passwords, more pain for Netgear, an update on the just finalized v1.3 of TLS, the EFF's growing "Secure" messaging scorecard, a bunch of fun miscellany... and how does that "I'm not a Robot" non-CAPTCHA checkbox CAPTCHA work?
50 MB 13 MB 379 KB 137 KB 83 KB 153 KB

Episode #592 | 27 Dec 2016
Holiday Special: “The Portable Dog Killer”

For this holiday special week we revisit one of Security Now's all time fan favorite episodes... “The Portable Dog Killer.”

Episode #591 | 20 Dec 2016 | 131 min.
Law Meets Internet

This week, Leo and I discuss Russia’s hacking involvement in the US Election; that, incredibly, it gets even worse for Yahoo!; misguided anti-porn legislation in South Carolina; troubling legislation from Australia; legal confusion from the Florida appellate court; some good news from the U.S. Supreme Court; Linux security stumbling; why Mac OS X got an important fix last week; the Steganography malvertising attack that targets home routers; news of a forthcoming inter-vehicle communications mandate; professional cameras being called upon to provide built-in encryption; LetsEncrypt gets a worrisome extension; additional news, errata, miscellany… and how exactly DOES that “I really really promise I'm not a robot (really!)” non-CAPTCHA checkbox CAPTCHA work?
63 MB 16 MB 478 KB 156 KB 98 KB 175 KB

Episode #590 | 13 Dec 2016 | 134 min.
Listener Feedback #245

This week, Leo and I discuss ticket-buying bots getting their hand slapped (do they have hands?), a truly nasty new addition to encrypting ransomware operation, a really dumb old problem returns to many recent Netgear routers, Yahoo!'s being too pleased with their bug bounty program, Steganometric advertising malware that went undetected for two years, uBlock Origin readies for a big new platform, what exactly is the BitDefender "BOX"? (We wish we knew!), VeraCrypt was audited... next up is OpenVPN! (Yay!), the definitive answer to the question of where Spock's thumb should be, Steve's new relaxing and endless puzzler, and... questions from our listeners!
63 MB 16 MB 375 KB 161 KB 101 KB 179 KB

Episode #589 | 06 Dec 2016 | 117 min.
Listener Feedback #244

Leo and I discuss Android meeting Gooligan, Windows Upgrades bypass Bitlocker, nearly one million UK routers taken down by a Mirai variant, the popular AirDroid app is "Doing it wrong", researchers invent a clever credit card disclosure hack, Cloudflare reports a new emerging botnet threat, deliberate backdoors discovered in 80 different models of Sony IP cameras, we get some closure on our SanFran MUNI hacker, a fun hack with Amazon's Echo and Google's Home, How to kill a USB port in seconds, a caution about keyless entry (and exit), too-easy-to-spoof fingerprint readers, an extremely troubling report from the UK, and finally some good news: the open-source covert USB hack defeating “BeamGun”!... plus a bunch of fun miscellany, some great Sci-Fi reader/listener book news, and... however many questions we're able to get to by the end of two hours!
55 MB 14 MB 176 KB 134 KB 88 KB 157 KB

Episode #588 | 29 Nov 2016 | 117 min.
Listener Feedback #243

Leo and I discuss share a wonderful quote about random numbers, our standard interesting mix of security do's and dont's, new exploits (WordPress dodged a big bullet!), planned changes, tips & tricks, things to patch, a new puzzle/game discovery, some other fun miscellany... and ten comments, thoughts and questions from our terrific listeners!
55 MB 14 MB 270 KB 147 KB 90 KB 163 KB

Episode #587 | 22 Nov 2016 | 124 min.
Mobile & IoT Nightmares

Leo and I discuss this week's major dynamic duo stories: Samy Kamkar is back with a weaponized $5 Raspberry Pi, and el cheapo Android phones bring new meaning to "phoning it in." Another big unrelated Android problem; watching a webcam getting taken over; Bruce Schneier speaks to Congress about the Internet; another iPhone lock screen bypass and another iPhone lockup link; ransomware author asks a security researcher for help fixing their broken crypto; Britain finally passed that very extreme surveillance law; some more fun miscellany, and more.
59 MB 15 MB 190 KB 141 KB 93 KB 166 KB

Episode #586 | 15 Nov 2016 | 134 min.
The BlackNurse Attack

Leo and I discuss the results from our listener’s informal CAIDA spoofing testing; how “LessPass” turned out to be even less than it appeared; my great day at Yubico; a whole bunch of IoT news; updates from PwnFest and Mobile Pwn2Own; a bit of miscellany, including the probable elimination of the need for Dark Matter; a new WiFi field disturbance attack; a wacky Kickstarter “fingerprint” glove; and the “BlackNurse” reduced-bandwidth DoS attack.
63 MB 16 MB 218 KB 158 KB 101 KB 176 KB

Episode #585 | 08 Nov 2016 | 121 min.
The Windows AtomBomb

Leo and I discuss the answer to last week’s security & privacy puzzler, Let's Encrypt Squarespace, the new open source “LessPass” app, LastPass goes mobile-free, many problems with OAuth, popular Internet services' privacy concerns, news from the IP spoofing front, Microsoft clarifies Win10 update settings and winds down EMET, a hacker finds a serious flaw in Gmail, MySQL patches need to be installed now, a tweet from Paul Thurrott, a bit of errata and... and the Windows AtomBomb attack.
58 MB 15 MB 341 KB 136 KB 91 KB 163 KB

Episode #584 | 01 Nov 2016 | 117 min.
Listener Feedback #242

Leo and I discuss an oh-so-subtle side-channel attack on Intel processors, the quest for verifiable hacker-proof code (which oh-so-subtle side-channel attacks on processors can exploit anyway), another compiler optimization security gotcha, the challenge of adding new web features without opening routes of exploitation, some good news about the DMCA, Matthew Green and the DMCA, and how the relentless MPAA and RIAA are still pushing limits and threatening the Internet.
55 MB 14 MB 674 KB 137 KB 89 KB 159 KB

Episode #583 | 25 Oct 2016 | 114 min.
Drammer

Leo and I discuss last week’s major attack on DNS, answering the question of whether or not the Internet is still working. We look at Linux’s worrisome “Dirty COW” bug, rediscovered in the kernel after nine years. We address the worrisome average lifetime of Linux bugs; share a bit of errata and miscellany; and offer an in-depth analysis of Drammer, the new, largely unpatchable, Android mobile device Rowhammer 30second exploit.
54 MB 14 MB 269 KB 145 KB 86 KB 156 KB

Episode #582 | 18 Oct 2016 | 126 min.
Listener Feedback #241

Leo and I discuss some serious concerns raised over compelled biometric authentication, then do a detailed dive into the recently completed audit of VeraCrypt, the successor to TrueCrypt. We’ve got more on web browsers fatiguing system main SSD storage and a bunch of interesting miscellany, including a question asked of Elon Musk: “Are we living within a simulated reality?” We conclude with 11 questions and observations from our terrific listeners.
60 MB 15 MB 199 KB 170 KB 97 KB 175 KB

Episode #581 | 11 Oct 2016 | 121 min.
Yahoo & Primal Worries

Leo and I discuss today’s Windows Update changes for 7 and 8.1. An exploit purchaser offers a $1.5 million bounty for iOS hacks. WhisperSystems encounters its first bug. An IEEE study reveals pervasive “security fatigue” among users. We’ve got Firefox and Chrome news, WoSign Woes, Samsung Note 7 news, some errata, a bunch of miscellany, and a look into new Yahoo troubles and concerns over the possibility of hidden trapdoors in widely deployed prime numbers.
58 MB 15 MB 132 KB 163 KB 93 KB 170 KB

Episode #580 | 04 Oct 2016 | 112 min.
Listener Feedback #240

Father Robert and I discuss an “update” on Microsoft’s GWX remover; an encouraging direction for the Windows 10 Edge browser; HP in the doghouse; “Oh, yeah, that’s what I meant to say about how to upgrade a site’s password hashing”; a really terrific Dynamic DNS hack; another update on Windows Update; a distressing heads-up about how some unseen behavior of our web browsers is fatiguing our SSDs; a bit of errata and miscellany; and then a discussion of feedback from our terrific listeners.
54 MB 13 MB 154 KB 107 KB 88 KB 148 KB

Episode #579 | 27 Sep 2016 | 120 min.
A Very Busy Week

Father Robert and I discuss Brian Krebs’ forced move from Akamai to Google’s Project Shield, Yahoo’s record-breaking, massive 500-million-user data breach, and Apple’s acknowledged iOS 10 backup PBKDF flaw. A well-known teen hacker jailbreaks his new iPhone 7 in 24 hours. Microsoft formally allows removal of GWX. There’s a new OpenSSL server DoS flaw, also more WoSign/StartCom woes as Mozilla prepares to pull the plug. BitTorrent Sync is renamed and more deeply documented. Then we have a bit of errata, some miscellany, and 10 questions and comments from our terrific listeners.
57 MB 14 MB 144 KB 115 KB 96 KB 161 KB

Episode #578 | 20 Sep 2016 | 142 min.
GRC’s XSS Adventure

Father Robert and I discuss concerns over a significant expansion in effectively warrantless intrusion into end-user computers; the forthcoming change in Internet governance; generation of a shiny new (and bigger) DNSSEC root signing key; Google’s next move in using Chrome to push for improved security; the interesting details emerging from a successful NAND memory cloning attack on the iPhone 5c; some fun miscellany. Then I share the details and findings of a recent Cross-Site Scripting (XSS) problem on GRC, including the best website security scanner I found and now recommend!
67 MB 17 MB 119 KB 125 KB 108 KB 177 KB

Episode #577 | 13 Sep 2016 | 105 min.
Listener Feedback #239

Leo and I discuss a bit of Flip Feng Shui follow-up; Apple’s announcements; Android’s rough week; wireless device privacy leakages; some fun miscellany; and 10 questions, comments, and observations from our terrific listeners.
49 MB 13 MB 169 KB 150 KB 85 KB 158 KB

Episode #576 | 06 Sep 2016 | 129 min.
Flip Feng Shui

Leo and I discuss the continuing woes of WoSign. Autonomous micro-recon drones turn out to be real. A new crypto attack on short block ciphers prompts immediate changes in OpenVPN and OpenSSL. We introduce a new Security Now! Abbreviation, “YAWTTY,” Yet Another Way To Track You. We continue with discouraging social engineering experiment, another clever USB attack, a bunch of fun miscellany, and a look at the weaponizing of Rowhammer with “Flip Feng Shui,” the most incredibly righteous and sublime hack ever, ending with our follow-up to last week's Security Now! Puzzler.
62 MB 15 MB 244 KB 156 KB 97 KB 172 KB

Episode #575 | 30 Aug 2016 | 122 min.
Pegasus & Trident

This week, Leo and I catch up with the past week’s news including the Dropbox and Opera incidents; a Chinese certificate authority who could not have been more irresponsible; the changing Facebook and WhatsApp information sharing arrangement; the FBI’s disclosure of election site hacking; Tavis Ormandy’s Dashlane and 1Password vulnerability disclosures, the threat of autonomous weapon systems; WiFi router radio wave spying; and the details behind Pegasus and Trident, the emergency Apple iOS v9.3.5 patch.
57 MB 15 MB 283 KB 150 KB 92 KB 167 KB

Episode #574 | 23 Aug 2016 | 105 min.
Routers & Micro Kernels

This week, Leo and I catch up with the past week’s news.  Did the Shadow Brokers hack the NSA’s Equation Group? Apple’s Bug Bounty gets quickly outbid. A critical flaw is discovered in the RNG of GnuPG. The EFF weighs in on Windows 10. The Chrome browser is frightening people unnecessarily. A Johns Hopkins team of cryptographers, including Matthew Green, disclose a weakness in Apple’s iMessage technology. We discuss surprisingly and sadly unused router hardware capabilities and then answer the question: “What’s a microkernel?”
51 MB 13 MB 222 KB 118 KB 80 KB 143 KB

Episode #573 | 16 Aug 2016 | 128 min.
News & Memory

This week, Leo and I catch up with the past week’s news. Did Microsoft lose control of its secure boot Golden Key? We discuss AdBlock, unblock, counter-unblock, and that counter-counter-unblock is well underway. Leo tells a story from the field about Avast A/V. A “security is hard to do” mistake is found in an update to the Internet’s TCP protocol. We talk about Microsoft’s evolving Windows Update policies, an über-cool way for developers to decrypt and inspect their Firefox and Chrome local TLS traffic, a nice write-up of our “three dumb routers” solution, trouble with Windows Identity leak mitigation, yet another way of exfiltrating data from an air-gapped PC, and some fun miscellany. We wrap up with a discussion of Intel’s forthcoming memory breakthrough.
62 MB 15 MB 386 KB 149 KB 97 KB 172 KB

Episode #572 | 09 Aug 2016 | 135 min.
DEF CON & Black Hat, Part 1

This week, following the DEF CON and Black Hat conferences, Leo and I catch up with the past week’s crazy news, including a distressing quantity of distressing Win10 news, Apple’s changing bug bounty policy, newly disclosed Android takeover flaws, yet another way to track web visitors, hackers spoofing Tesla auto sensors, Firefox and LastPass news, and some miscellany. Then a 19-year-old stubborn decision by Microsoft comes home to roost, and a handful of new problems are found with HTTP.
64 MB 16 MB 212 KB 171 KB 104 KB 184 KB

Episode #571 | 02 Aug 2016 | 112 min.
Phishing & Filtering

Leo and I catch up with the past week’s security happenings, including LastPass vulnerabilities, new wireless keyboard headaches, deprecating SMS as a second authentication factor, obtaining Windows 10 for free after July, and a bit of errata and miscellany. Then we discuss RAID storage redundancy, the pervasive problem with website spoofing, and the power and application of multi-interface packet filtering.
54 MB 13 MB 315 KB 124 KB 83 KB 149 KB

Episode #570 | 26 Jul 2016 | 124 min.
Listener Feedback #238

Leo and I first catch up with the past week’s security happenings, including Apple getting Stagefright and speculation as to whether Russia is trying to influence the U.S. presidential election. Microsoft battles and wins against U.S. privacy overreach. Grace Hopper, who coined the term “software bug,” brilliantly demonstrates a nanosecond. We’ve got a bug-fix update to pfSense, a “doing it weird” look at the CUJO security appliance, a bunch of errata, a bit of miscellany, and a dozen notes and questions from our terrific listeners.
58 MB 15 MB 289 KB 171 KB 99 KB 181 KB

Episode #569 | 19 Jul 2016 | 124 min.
Messenger, CryptoDrop, & Riffle

Leo and I catch up with a fun and interesting week of security happenings, including a bit of daylight on the password sharing question; the trouble with self-reporting security breaches; trouble in TOR-land; what future AI assistants mean for our privacy; a terrific-looking new piece of security monitoring freeware; a startlingly worrisome 20-year-old fundamental Windows architectural design flaw; a problem with Juniper routers’ OS certificate validation; some errata; a bunch of miscellany; and the promised follow-up dissection of Facebook Messenger’s extra features, the anti-ransomware CryptoDrop, and MIT’s “Riffle” anonymity-enforcing networking solution.
59 MB 15 MB 474 KB 145 KB 93 KB 165 KB

Episode #568 | 12 Jul 2016 | 120 min.
Listener Feedback #237

Leo and I catch up with a fun and interesting week of security happenings including Facebook Messenger’s end-to-end encryption, Russia’s President Putin, the fate of Russian-based VPN endpoints, Russian hackers compromising iOS devices, my promised follow-up on that Lenovo SMM hack which suddenly looked a lot more worrisome, the apparent illegality of password sharing, post-quantum crypto testing in Chrome, reconsidering antivirus add-ons, Pokemon Go woes, a possible defense against cryptomalware, news from the “of course someone had to try this” department, miscellany including the return of “Mr. Robot,” Leo moves to FreeBSD, a recent pfSense facelift, Apollo assembly language source, even more – and, time permitting, five questions from Twitter.
57 MB 14 MB 460 KB 176 KB 98 KB 179 KB

Episode #567 | 05 Jul 2016 | 115 min.
Hacking Certificates

Leo and I catch up with another packed week of security news, including an update on mobile ransomware; the successful extraction of Android's full disk encryption (FDE) master keys; Google's Tavis Ormandy finds horrific flaws in all Symantec traffic analyzing software; a Brazilian judge is at it again with WhatsApp; this week's IoT horror story; some miscellany and errata; and, finally, a look at a horribly flawed attempt to copy Let's Encrypt automation of free SSL certificate issuance.
55 MB 14 MB 491 KB 133 KB 85 KB 154 KB

Episode #566 | 28 Jun 2016 | 128 min.
Listener Feedback #236

Leo and I catch up with a fun and interesting week of security happenings, including an expensive Windows update, a worrisome FBI hacking court decision, a fix for slow Windows 7 updating, more Comodo slime, JavaScript cryptomalware, yet another way to exfiltrate data from an air-gapped computer, a worrisome Netgear router flaw, the COOLEST brilliant new idea of the year, some miscellany, and questions and comments from our terrific listeners.
60 MB 15 MB 253 KB 189 KB 106 KB 192 KB

Episode #565 | 21 Jun 2016 | 138 min.
Control-Flow Enforcement Technology (CET)

Father Robert and I begin by catching up with a week of mostly clickbait stories and case studies of real-world insecurity. Then we take a very deep dive into the operation of Intel’s forthcoming anti-hacking chip enhancement known as “Control-Flow Enforcement Technology.”
65 MB 17 MB 267 KB 126 KB 105 KB 174 KB

Episode #564 | 14 Jun 2016 | 110 min.
Listener Feedback #235

Leo and I catch up with a busy week of security happenings including Symantec’s worrisome purchase of Blue Coat Systems, a bad bug in Chrome, more news from the hacker Peace, Let’s Encrypt’s email glitch, more Microsoft telemetry concerns, some sci-fi updates, and questions and comments from our terrific listeners.
52 MB 13 MB 246 KB 124 KB 84 KB 152 KB

Episode #563 | 07 Jun 2016 | 99 min.
IoT Infancy (pt.2)

After I rant a bit about the reality of OS versions and security, Leo and I cover the past week’s security events, including a new zero-day vulnerability affecting all previous versions of Windows; a truly horrifying and clever chip-level exploit; yesterday’s Android Security Update; a sad side-effect of Microsoft’s GWX pressure; Mark Zuckerberg’s old LinkedIn password; Facebook’s plans for optionally encrypting Facebook Messenger; five things that challenge self-driving cars; and some miscellany. Then we conclude our look at the horrifying problems with our infantile Internet of Things.
47 MB 12 MB 339 KB 100 KB 70 KB 128 KB

Episode #562 | 31 May 2016 | 136 min.
IoT Infancy (pt.1)

Leo and I first cover the past week’s security events, including the collapse of the Feinstein-Burr encryption bill, the result of the Oracle/Google trial, Google’s attempts to keep Android in the field up-to-date, an intermediate certificate issued to an Internet appliance maker, lots of bad news about laptop add-on bloatware, and an update on SQRL’s development. Then we take the first of two weeks’ look at the many problems with our infantile Internet of Things.
64 MB 16 MB 458 KB 149 KB 98 KB 173 KB

Episode #561 | 24 May 2016 | 115 min.
Listener Feedback #234

Leo and I catch up with a busy week of security happenings, including a surprising end to the TeslaCrypt file encrypting malware, Google’s increasing squeeze on Flash, 117 million old LinkedIn account email and hashed passwords for sale, the encryption technology Google is using in their new Allo messaging app, Cory Doctorow keeps fighting for our rights, some fun miscellany, and questions and comments from our terrific listeners.
55 MB 13 MB 233 KB 157 KB 94 KB 173 KB

Episode #560 | 17 May 2016 | 102 min.
Z-Wave Goodbye

Leo and I catch up with a busy week of security happenings, including Steve’s true feelings about Windows, the Oracle/Google Java API battle, the end of “burner” phones, public audio surveillance, more John McAfee entertainment, a Ring Doorbell glitch, a loony Kickstarter security product campaign, some miscellany, and a look at the closed proprietary Z-Wave IoT home automation system and some hidden problems with one of its door locks.
49 MB 12 MB 539 KB 147 KB 80 KB 151 KB

Episode #559 | 10 May 2016 | 115 min.
Dumb SmartThings

Leo and I discuss an interesting week packed with security news, including Microsoft's Mega Patch Tuesday; the final word from Dr. Craig Wright; Lenovo, Microsoft, and Qualcomm each in separate doghouses; more Curl Bashing; terrorist math; lots more - and a look at the insecurity of the most popular home automation system, Samsung's SmartThings.
55 MB 14 MB 392 KB 139 KB 85 KB 155 KB

Episode #558 | 03 May 2016 | 115 min.
Listener Feedback #233

Leo and I discuss another interesting week of security news including the U.S. Congress’s passage of the Email Privacy Act, the Snowden/Zakaria encryption debate, the still unresolved question of compelling fingerprint unlocking, more Android trouble with Stagefright, WhatsApp going dark in Brazil again, the return of Who Is Satoshi, Steve’s fabulous new puzzle discovery, and more. Plus some more questions from Security Now! listeners if we have any time left.
54 MB 14 MB 304 KB 179 KB 94 KB 175 KB

Episode #557 | 26 Apr 2016 | 121 min.
Listener Feedback #232

Leo and I discuss an interesting week of security news, including an update on Let’s Encrypt’s growth, the advance in encryption thanks to Edward Snowden, a clever bypass for Windows AppLocker, Opera’s built-in VPN that isn’t, more crypto ransomware evolution, fake DDoS extortionists, some DNSSEC follow-up, and 10 great questions and talking points from our 200,000-plus weekly listeners!
57 MB 14 MB 666 KB 197 KB 98 KB 186 KB

Episode #556 | 19 Apr 2016 | 102 min.
SMTP STS

Leo and I discuss the outcry following the “60 Minutes” high-visibility demonstration of real-time cellular phone hacking. We also cover the news of the Canadian RCMP having BlackBerry’s master decryption key; the end of Apple’s QuickTime; what the FBI found (or didn’t) on the San Bernardino attacker’s phone; and a revisit of Threema, WhatsApp, and Signal. Then, after a bit of miscellany, we take a look at a newly proposed specification for increasing eMail security known as “SMTP STS.”
49 MB 12 MB 267 KB 130 KB 76 KB 142 KB

Episode #555 | 12 Apr 2016 | 135 min.
WhatsApp

Leo and I try to cover all of an insanely busy week's security events and news. A draft of the much-anticipated Burr-Feinstein encryption bill has appeared; news from the FBI on hacking iPhones; browser and Let's Encrypt news; several CCTV malware bits; a bunch of new ransomware; an amazing "You're Doing It Wrong"; and the result of my deep dive into the Open Whisper Systems "Signal" communications protocol that's finally been fully integrated into the world's #1 multiplatform messaging system, WhatsApp, along with two things that MUST be done to get true security.
65 MB 16 MB 485 KB 174 KB 102 KB 185 KB

Episode #554 | 05 Apr 2016 | 107 min.
Listener Feedback #231

Leo and I discuss a quiet week’s few security events, sharing some thoughts about Internet of Things (IoT) security, Bruce Schneier on Apple and the FBI, and some miscellany. Then we open the Security Now! mailbag to hear from our listeners their experiences and thoughts, and answer their questions.
50 MB 13 MB 234 KB 157 KB 88 KB 164 KB

Episode #553 | 29 Mar 2016 | 127 min.
Too Much News

Leo and I discuss a VERY interesting week of news: The FBI dropping its case against Apple, claiming not to need them any longer; a distressing possible smartphone encryption law for California; TrueCrypt's origins; a Certificate Authority horror; more hospitals hit with ransomware; a bad flaw in the SMB protocol; finally some good news on the IoT front; GRC's new Never10 freeware; and a discussion of the monster PC I just built.
60 MB 15 MB 944 KB 186 KB 100 KB 183 KB

Episode #552 | 22 Mar 2016 | 148 min.
D.R.O.W.N.

Padre and I discuss the week’s major security events, including the FBI’s hearing delay, Matthew Green’s iMessage attack, a side-channel attack on phones, a massive malvertising campaign affecting many major sites, the 2016 Pwn2Own contest, a new Android Stagefright vulnerability and attack, and some other miscellany. We then describe the DROWN attack against up-to-date TLS servers using still-present SSLv2 protocol.
71 MB 18 MB 358 KB 135 KB 112 KB 183 KB

Episode #551 | 15 Mar 2016 | 122 min.
Listener Feedback #230

Leo and I discuss the week's major security events - including lots of new fur flying over the escalating Apple v. FBI/DoJ encryption battle - and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 184 KB 188 KB 100 KB 184 KB

Episode #550 | 08 Mar 2016 | 119 min.
CacheBleed

Leo and I discuss an event-filled week of security news (with some comic relief courtesy of John McAfee on the Apple conflict), after which we examine the latest side-channel attack, which is effective even against carefully written crypto code designed to thwart side-channel attacks.
57 MB 14 MB 402 KB 179 KB 93 KB 172 KB

Episode #549 | 01 Mar 2016 | 126 min.
Listener Feedback #229

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
60 MB 15 MB 249 KB 174 KB 102 KB 183 KB

Episode #548 | 23 Feb 2016 | 113 min.
DDoS Attack Mitigation

Steve and Leo discuss Apple's response to the FBI's court order, the hack of the Linux Mint distribution, more Comodo bad news, a major cryptoware ransom paid, and follow-ups on the glibc and Apple Error 53 stories. Then Steve details everything that has transpired since last week's "GRC Is Down" episode.
54 MB 14 MB 409 KB 135 KB 83 KB 152 KB

Episode #547 | 16 Feb 2016 | 122 min.
GRC is DOWN

Leo and I discuss the overzealous DDoS attack ongoing against GRC.com, an ECDH key-stealing exploit, a buffer overflow problem in glibc, innovations in data storage, and Bruce Schneier’s Worldwide Survey of Encryption Products.
58 MB 15 MB 361 KB 150 KB 92 KB 166 KB

Episode #546 | 09 Feb 2016 | 114 min.
Router Q&A Follow-up

After catching up with the most interesting security news of the past week, Leo and I address three representative questions posed by listeners regarding last week's “Three Dumb Routers” episode.
55 MB 14 MB 275 KB 152 KB 87 KB 160 KB

Episode #545 | 02 Feb 2016 | 117 min.
Three Dumb Routers

Leo and I catch up with the past week's small amount of security news, then they talk a bit about Steve's discovery of a rare and wonderful true EEG sleep monitor and various other miscellany. Then Steve digs deep into home consumer router operation to explain why no fewer than "three dumb routers" are required for full, true, securely isolated network operation.
56 MB 14 MB 244 KB 147 KB 88 KB 160 KB

Episode #544 | 26 Jan 2016 | 117 min.
Listener Feedback #228

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
55 MB 14 MB 214 KB 153 KB 92 KB 168 KB

Episode #543 | 19 Jan 2016 | 111 min.
LostPass

Leo and I cover another busy week of security news. Then we focus upon the recent "LostPass" phishing hack of LastPass, revealed at ShmooCon, and discuss the Internet's serious problem with phishing of all kinds.
53 MB 13 MB 592 KB 140 KB 85 KB 155 KB

Episode #542 | 12 Jan 2016 | 133 min.
Listener Feedback #227

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
63 MB 16 MB 368 KB 189 KB 106 KB 190 KB

Episode #541 | 05 Jan 2016 | 97 min.
New Year's News

The last two weeks of 2015 generated so much news that this first podcast of 2016 catches us up on everything that happened since our last podcast of 2015.
46 MB 12 MB 440 KB 149 KB 81 KB 153 KB

Episode #539 | 22 Dec 2015 | 134 min.
Listener Feedback #226

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
63 MB 15 MB 380 KB 15 KB 102 KB 178 KB

Episode #538 | 15 Dec 2015 | 123 min.
Listener Feedback #225

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 342 KB 163 KB 98 KB 175 KB

Episode #537 | 08 Dec 2015 | 121 min.
A Mega News Week

This first week of December brought us the early Christmas present of an amazing amount of interesting and important news. This entire episode is chockful of reports and discussion of everything that has happened during the past busy week in security and privacy.
58 MB 15 MB 500 KB 168 KB 95 KB 175 KB

Episode #536 | 01 Dec 2015 | 99 min.
Listener Feedback #224

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 312 KB 136 KB 80 KB 149 KB

Episode #535 | 24 Nov 2015 | 114 min.
Listener Feedback #223

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
54 MB 14 MB 365 KB 157 KB 92 KB 167 KB

Episode #534 | 17 Nov 2015 | 109 min.
Encryption: Law Enforcement's Whipping Boy

Leo and I discuss a wide range of security news, Steve's feelings about the new iPad Pro, and lots of interesting bits of miscellany. We then revisit the newly controversial question of Internet encryption which has been raised with great emphasis after last week's terrorist attacks in Paris.
52 MB 13 MB 434 KB 155 KB 84 KB 160 KB

Episode #533 | 10 Nov 2015 | 131 min.
Listener Feedback #222

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
62 MB 16 MB 330 KB 189 KB 107 KB 192 KB

Episode #532 | 03 Nov 2015 | 124 min.
Verifying iOS App Conduct

Leo and I discuss a very busy week of interesting - and somewhat distressing - security and privacy news. Then we explore the fundamental problem with iOS application security enforcement which is going to take Apple some time to resolve.
59 MB 15 MB 391 KB 159 KB 94 KB 170 KB

Episode #531 | 27 Oct 2015 | 104 min.
Listener Feedback #221

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
49 MB 13 MB 263 KB 146 KB 83 KB 155 KB

Episode #530 | 20 Oct 2015 | 81 min.
Doing It Wrong

This week's podcast is titled "Doing It Wrong" because the week's news happened to include four unrelated examples of companies really getting security wrong. So Leo and I first catch up on the week's other news and miscellany. Then we take a look at four examples of security being done wrong.
39 MB 10 MB 316 KB 118 KB 66 KB 129 KB

Episode #529 | 13 Oct 2015 | 123 min.
Listener Feedback #220

In the wake of the news that LogMeIn is acquiring LastPass, Joe Siegrist, founder and CEO of LastPass, joins us to talk about the acquisition and what he hopes it means for the future of our favorite password manager. We then catch up with the week's news, and share and discuss 10 questions and comments from our listeners.
59 MB 15 MB 225 KB 154 KB 101 KB 179 KB

Episode #528 | 06 Oct 2015 | 99 min.
Breaches & Vigilante Worms9

With many massive Internet data breaches, and a prolific vigilante worm loose on the Internet, Leo and I spend a fun- and fact-filled podcast covering the past week's multitude of news.
47 MB 12 MB 381 KB 125 KB 76 KB 141 KB

Episode #527 | 29 Sep 2015 | 115 min.
Listener Feedback #219

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
54 MB 14 MB 278 KB 185 KB 97 KB 182 KB

Episode #526 | 22 Sep 2015 | 120 min.
iOS Content Blockers

Leo and I cover a busy past week of security news, then discuss the first week of iOS mobile web content filtering made possible by Wednesday's release of iOS v9. We take a close look at the initial set of content blocking apps available for iOS and Safari.
57 MB 14 MB 355 KB 153 KB 94 KB 170 KB

Episode #525 | 15 Sep 2015 | 92 min.
Disconnect

Leo and I cover a relatively small bit of news of the week, including dispelling an unwarranted concern about LastPass being hacked. Then we converse with Patrick Jackson, co-founder and chief technology officer (CTO) of Disconnect, about his company's view of the web-tracking industry, its past and probable future.
43 MB 11 MB 175 KB 116 KB 76 KB 139 KB

Episode #524 | 08 Sep 2015 | 111 min.
Listener Feedback #218

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 317 KB 157 KB 92 KB 168 KB

Episode #523 | 01 Sep 2015 | 94 min.
uBlock Origin

Leo and I catch up with the week's major security events. We then examine the ecosystem of web page advertising by comparing it to other "opportunistic advertising" such as that appearing on public transportation, highway billboards, broadcast television commercials and other public venues - which consumers have no obligation to consume. I eschew the implication that visitors to a web page have an obligation to retrieve third-party content, over which the website has little or no control, which consumes bandwidth, reduces online privacy, hinders performance, and potentially exposes visitors to malicious exploitation. And I believe this remains true even when a visitor's retrieval of such despicable third-party content would generate much-needed revenue for the visited site. Finally, I review the many operational features of uBlock Origin, my chosen HTML firewall, which effectively returns control to web users.
44 MB 11 MB 370 KB 112 KB 73 KB 135 KB

Episode #522 | 25 Aug 2015 | 111 min.
Listener Feedback #217

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 178 KB 144 KB 92 KB 166 KB

Episode #521 | 18 Aug 2015 | 136 min.
Security Is Difficult

Leo and I catch up on another in a series of very busy weeks of security news. Then we discuss several recently written commentaries about the distressing state of online web advertising.
64 MB 16 MB 478 KB 203 KB 109 KB 198 KB

Episode #520 | 11 Aug 2015 | 99 min.
The Quest for Surfing Safety

Leo and I catch up on a busy week of security news, and then we follow my ongoing search for a low-hassle solution for safely browsing the danger-filled World Wide Web.
48 MB 12 MB 266 KB 144 KB 76 KB 146 KB

Episode #519 | 04 Aug 2015 | 120 min.
The Win10 Privacy Tradeoff

While Leo and I await the revelations from the ongoing annual Black Hat and DefCon conferences, the fallout from which we will doubtless be dissecting during upcoming weeks, we keep current with other security news and events. We then examine the change of philosophy embodied by Microsoft's Windows 10 and its many controversial spying "features."
57 MB 14 MB 213 KB 180 KB 100 KB 183 KB

Episode #518 | 28 Jul 2015 | 104 min.
HORNET: A fix for TOR?

August’s annual DefCon and Black Hat conferences never fail to surprise, worry, and entertain. This year is no different. Though still two weeks off, reports of interesting security troubles are beginning to surface. This week Leo and I examine the week’s news and take a close look at a topic the Internet press got completely wrong: HORNET, a new design for an Internet Anonymity network.
50 MB 12 MB 277 KB 131 KB 81 KB 150 KB

Episode #517 | 21 Jul 2015 | 108 min.
Listener Feedback #216

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 184 KB 178 KB 92 KB 172 KB

Episode #516 | 14 Jul 2015 | 133 min.
SQRL Revisited

Security and privacy-related news keeps coming! So this week Father Robert and I will cover the past week's many interesting events. Then we revisit the much evolved and nearly finalized SQRL protocol to see how it has grown and matured during the 92 weeks since I first disclosed its concept during Podcast 424 with Tom.
64 MB 16 MB 284 KB 112 KB 95 KB 162 KB

Episode #515 | 07 Jul 2015 | 122 min.
A Crazy News Week!

So much happened in the security and privacy worlds this past week that it will be everything Father Robert and I can do just to cover and discuss it all during a single podcast. So this is one of our pure news coverage and catch-up episodes. I'm sure it's going to be a blast!
58 MB 15 MB 306 KB 117 KB 96 KB 162 KB

Episode #514 | 30 Jun 2015 | 145 min.
Tor's Astoria Client

After catching up with a lot of interesting security news, Father Robert and I take a look at recent research into improving the privacy delivered to users of the Tor network. Our conclusions are somewhat distressing.
68 MB 17 MB 326 KB 137 KB 117 KB 192 KB

Episode #513 | 23 Jun 2015 | 129 min.
Listener Feedback #215

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
62 MB 15 MB 368 KB 183 KB 107 KB 192 KB

Episode #512 | 16 Jun 2015 | 132 min.
Mozilla's Tracking Protection

Leo and I discuss the week's most interesting recent security events and a bit of miscellany. Then we examine the revelations about the current state of Internet user tracking arising from Mozilla's Firefox tracking protection instrumentation.
64 MB 16 MB 517 KB 205 KB 111 KB 199 KB

Episode #511 | 09 Jun 2015 | 113 min.
Listener Feedback #214

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
54 MB 14 MB 1.1 MB 170 KB 95 KB 176 KB

Episode #510 | 02 Jun 2015 | 114 min.
Listener Feedback #213

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
55 MB 14 MB 327 KB 208 KB 100 KB 190 KB

Episode #509 | 26 May 2015 | 97 min.
LOGJAM: Imperfect Forward Secrecy

After covering the week's most significant security news, Leo and I closely examine the week's most significant news, a major new vulnerability in the Internet's TLS protocol known as “Logjam.”
46 MB 12 MB 359 KB 144 KB 77 KB 147 KB

Episode #508 | 19 May 2015 | 117 min.
Exploiting (Automobile) Keyless Entry

After catching up with a busy week of security news, Leo and I take a close look at the surprisingly weak and insecure technology used for today's modern automotive keyless entry and engine start systems. We show how easily it may be bypassed... perhaps for as little as $17 on eBay.
56 MB 14 MB 385 KB 184 KB 97 KB 178 KB

Episode #507 | 12 May 2015 | 104 min.
Listener Feedback #212

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 463 KB 175 KB 92 KB 172 KB

Episode #506 | 05 May 2015 | 106 min.
Law Enforcement Backdoors

Leo and I catch up with the past week's most interesting security events and cover some miscellaneous tidbits. We then examine the carefully written testimony of two leading computer scientists who argue against the feasibility of incorporating encryption backdoors into commercial mobile and other device technologies.
51 MB 13 MB 1.5 MB 134 KB 84 KB 152 KB

Episode #505 | 28 Apr 2015 | 143 min.
Listener Feedback #211

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
69 MB 17 MB 915 KB 225 KB 123 KB 220 KB

Episode #504 | 21 Apr 2015 | 108 min.
Great Firewalls & Cannons

Leo and I catch up with the most interesting and significant security and privacy news of the week. Then we take a close look at what's known of the mechanisms China has developed - both filtering and offensive weaponry - to provide for their censorship needs and to potentially attack external Internet targets.
52 MB 13 MB 261 KB 134 KB 83 KB 150 KB

Episode #503 | 14 Apr 2015 | 123 min.
Listener Feedback #210

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 890 KB 114 KB 100 KB 166 KB

Episode #502 | 07 Apr 2015 | 107 min.
The TrueCrypt Audit

Leo and I catch up on a busy and interesting week of security events. Then we take a close look at the results of the just-completed second phase of the TrueCrypt audit, which focused upon the implementation of TrueCrypt's security and privacy guarantees.
51 MB 13 MB 707 KB 130 KB 83 KB 152 KB

Episode #501 | 31 Mar 2015 | 122 min.
Listener Feedback #209

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 213 KB 178 KB 99 KB 181 KB

Episode #500 | 24 Mar 2015 | 94 min.
Windows Secure Boot

Leo and I discuss the recent Pwn2Own hacking competition. We examine another serious breach of the Internet's certificate trust system and marvel at a very clever hack to crack the iPhone four-digit PIN lock. Then we take a close look at the evolution of booting from BIOS to UEFI and how Microsoft has leveraged this into their “Windows Secure Boot” system. We also examine what it might mean for the future of non-Windows operating systems.
45 MB 11 MB 348 KB 126 KB 73 KB 138 KB

Episode #499 | 17 Mar 2015 | 118 min.
Listener Feedback #208

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
57 MB 14 MB 343 KB 195 KB 107 KB 195 KB

Episode #498 | 10 Mar 2015 | 100 min.
FREAK & RowHammer

Leo and I catch up with several VERY interesting security events and stories of the week. Then we take a deep dive into two of the week's big security stories: FREAK and RowHammer.
48 MB 12 MB 209 KB 156 KB 81 KB 152 KB

Episode #497 | 03 Mar 2015 | 122 min.
Vehicle Hacking

Leo and I discuss the week’s tamer-than-usual news; then we host a terrific interview of the team (recently featured on Sunday’s “60 Minutes”) who have been working with DARPA to address the challenge of hardening high-tech networked vehicles – autos and UAVs – against malicious hacking attacks.
48 MB 12 MB 196 KB 148 KB 88 KB 165 KB

Episode #496 | 24 Feb 2015 | 122 min.
Listener Feedback #207

Leo and I discuss the week's major security events, including the revelation of the Lenovo Crapware and the joint GCHQ/NSA Gemalto attack which rendered cellular phones insecure. Then we discuss questions and comments from listeners of previous episodes to tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 385 KB 197 KB 103 KB 190 KB

Episode #495 | 17 Feb 2015 | 105 min.
HTTP/2

Leo and I catch up with several VERY interesting security events and stories of the week. Then we take a close look and a deep dive into the operation of the industry's first change in the official HTTP protocol in 15 years - the finalization and emergence of the HTTP/2 IETF specification which significantly streamlines web browser and web server interaction.
51 MB 13 MB 925 KB 107 KB 79 KB 139 KB

Episode #494 | 10 Feb 2015 | 112 min.
Listener Feedback #206

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
54 MB 13 MB 721 KB 166 KB 93 KB 167 KB

Episode #493 | 03 Feb 2015 | 71 min.
Tor: Not so Anonymous

After catching up with a few important security events of the week, Leo and I revisit and dissect the anonymity promises of TOR in light of scores of academic papers which have questioned its anonymity guarantees.
34 MB 8.5 MB 501 KB 75 KB 51 KB 98 KB

Episode #492 | 27 Jan 2015 | 91 min.
Listener Feedback #205

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 91 KB 126 KB 76 KB 140 KB

Episode #491 | 20 Jan 2015 | 62 min.
Cryptographic Backdoors

Following this slow week of security news, Leo and I first discuss the news surrounding how and why the U.S. was so sure that North Korea was behind the attack on Sony. Then we examine the cryptographic consequences of the British and U.S. governments' recent pronouncements that terrorist communications should not be allowed to remain secret.
30 MB 7.4 MB 1.2 MB 78 KB 50 KB 102 KB

Episode #490 | 13 Jan 2015 | 115 min.
The Enigma

Leo and I first discuss a surprisingly busy week of security news; then, we take a careful walk through the history (it's not what you may think) and the detailed operation of “The Enigma Machine” which Germany used to encrypt their sensitive radio traffic during the Second World War.
55 MB 14 MB 519 KB 126 KB 85 KB 150 KB

Episode #489 | 06 Jan 2015 | 107 min.
Listener Feedback #204

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 1.3 MB 173 KB 92 KB 171 KB

• Current Podcast Page
• Security Now 2014
• Security Now 2013
• Security Now 2012
• Security Now 2011
• Security Now 2010
• Security Now 2009
• Security Now 2008
• Security Now 2007
• Security Now 2006
• Security Now 2005



You can receive an eMail reminder whenever this page is updated with a new Security Now! episode. Click the "Monitor Changes" button to have the highly-regarded "Change Detection" web site monitor this page and send you a note when it changes.

Monitor this page for changes: (it's private by ChangeDetection)
Security Now!, SpinRite Testimonials, and other Feedback:
Please use GRC's Visitor & Listener FEEDBACK Page where you may easily submit any feedback for Security Now, SpinRite testimonials, suggestions for future Security Now topics or questions & comments for future Listener Feedback episodes. Thank you!


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Apr 27, 2017 at 10:20 (1.75 days ago)Viewed 3,249 times per day