The regreSSHion Bug 50BTC moved Voyager 1 Update Email @ GRC SyncThing DNS queries Recall The End of Entrust Trust Show Notes - https://www.grc.com/sn/SN-981-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to th

The Mixed Blessing of Lousy PRNG - Kaspersky Ban, EU vs. Google's Privacy Sandbox

8 days ago 2h 3m

Expected follow-up on CVE-2024-30078 From Russia with Love An EU privacy agency complains about Google's Privacy Sandbox? Email @ GRC Security Now SPAM? Orange Tsai needs help! Recall and 3rd Party Leakage Errata The Mixed Blessing o

The Angle of the Dangle - "Recall" Recall, IT at the NYT, Private Cloud Compute

15 days ago 2h 14m

CVE-2024-30078 "Recall" has been recalled Matthew Green on Apple's Private Cloud Compute A WGET flaw with a CVSS of 10.0? Thou shall not Resolve! Email @ GRC Downloading email with MailStore Home IT at The New York Times ReMarkable

The Rise and Fall of code.microsoft.com - Apple Password Manager, AI Coding

22 days ago 2h 21m

MS on Recall changes Thanks for the "Memory" New York Times (and Wordle) leak Apple's own password manager app DJI drones on the defensive SlashData reveals some interesting developer statistics Are we going to turn programming over to

A Large Language Model in Every Pot - Problems With Recall, End of ICQ, Email @ GRC

29 days ago 1h 55m

"Tornado Notes" Email @ GRC Have I Been Pwned? A new "supply chain" attack vector Another CA in the DogHouse ICQ to shutter its service Steve reviews "Déjà vu" Hide my email Security in Windows SpinRite update A Large Language Mode

The 50 Gigabyte Privacy Bomb - Google AI Workarounds, Microsoft Recall

May 29th, 2024 2h 13m

The bigger problem with AI Overview https://udm14.com/ -and- https://tenbluelinks.org/ The horses have left the barn VPNs and Firewalls Email @ GRC Extension to fix Google search Passwords and SPAM Fixing motherboard components Verti

312 Scientists & Researchers Respond - 3 Chrome Zero-Days, Free Laundry

May 22nd, 2024 2h 14m

When you're the biggest target... Searching for Search How long will a Windows XP machine survive unprotected on the Internet? Free Laundry VPNs and Firewalls Netgate SG1100 Ad Industry vs. Google Privacy Sandbox Bitwarden and passkey

Microsoft's Head in the Clouds - 4-Digit Pins, Long Range Navigation, Microsoft

May 15th, 2024 1h 55m

Picture of the Week. Most to least common 4-digit pins. Enhanced LORAN. Passkeys. Microsoft's Head in the Clouds. Show Notes - https://www.grc.com/sn/SN-974-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this s

Not So Fast - GPS Vulnerabilites, VPN Flaw

May 8th, 2024 2h 24m

The vulnerability of GPS Is the sky falling on all VPN systems? Multi-user Passkeys, YubiKeys? The iCloud Keychain The UK and Google's Topics Show Notes - https://www.grc.com/sn/SN-973-Notes.pdf Hosts: Steve Gibson and Leo Laporte Dow

Passkeys: A Shattered Dream? - IoT Default Passwords, Passkeys

May 1st, 2024 2h 11m

GCHQ: No more default passwords for consumer IoT devices! What happened with Chrome and 3rd-party cookies? Race conditions and multi-threading GM "accidentally" enrolled millions into "OnStar Smart Driver +" program Steve recommends Ryk

Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo

Apr 24th, 2024 2h 16m

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your cred

GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons

Apr 17th, 2024 1h 53m

An update on the AT&T data breach 340,000 social security numbers leaked Cookie Notice Compliance The GDPR does enforce some transparency Physical router buttons Wifi enabled button pressers Netsecfish disclosure of Dlink NAS vulnerabi

Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense

Apr 10th, 2024 1h 51m

Out-of-support DLink NAS devices contain hard coded backdoor credentials Privnote is not so "Priv" Crowdfense is willing to pay millions Engineers Pinpoint Cause of Voyager 1 Issue, Are Working on Solution SpinRite Update Minimum Viable S

A Cautionary Tale - XZ Outbreak, AT&T Data Breach

Apr 3rd, 2024 1h 45m

A near-Universal (Local) Linux Elevation of Privilege vulnerability TechCrunch informed AT&T of a 5 year old data breach Signal to get very useful cloud backups Telegram to allow restricted incoming HP exits Russia ahead of schedule Adv

GoFetch - Apple vs. DOJ, ".INTERNAL" TLD

Mar 27th, 2024 2h 2m

Apple vs U.S. DOJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughou

Morris The Second - Voyager 1, The Web Turns 35

Mar 20th, 2024 2h 7m

Voyager 1 update The Web turned 35 and Dad is disappointed Automakers sharing driving data with insurance companies A flaw in Passkey thinking Passkeys vs 2fa Sharing accounts with Passkeys Passkeys vs. Passwords/MFA Workaround to sit

Passkeys vs. 2FA - Unhelpful CERT, VMware patch, Signal 7.0 Beta

Mar 13th, 2024 2h 23m

VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberatt

PQ3 - Voyager 1's fate, Apple's post-quantum iMessage protocol

Mar 6th, 2024 2h 12m

"Death, Lonely Death" by Doug Muir, about the decades-old Voyager 1 explorer Cory Doctorow's Visions of the Future Humble Book Bundle CTRL-K shortcut for search on a browser Direct bootable image downloading for GRC's servers Closing the

Web portal? Yes please! - Firefox v123, LockBit Disrupted

Feb 28th, 2024 2h 4m

Nevada attempts to block Meta's end-to-end encryption for minors. A survey of security breaches Edge's Super-Duper Secure Mode moves into Chrome DoorDash dashes our privacy Avast charged $16.5 million for selling user browsing data No c

The Internet Dodged a Bullet - Wyze Breach, Patch Tuesday, KeyTrap

Feb 21st, 2024 2h 14m

Wyze breach Microsoft patch Tuesday fixes 15 remote code execution flaws Why are there password restrictions? The Canadian Flipper Zero Ban Security on the old internet Using Old Passwords Passwordless login TOTP as a second factor G

Bitlocker: Chipped or Cracked? - Honeypots, Toothbrush Botnet, Bitlocker Cracked

Feb 14th, 2024 2h 3m

Toothbrush Botnet "There are too many damn Honeypots!" Remotely accessing your home network securely Going passwordless as an ecommerce site Facebook "old password" reminders Browsers on iOS More UPnP Issues A password for every websi

Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

Feb 7th, 2024 2h 4m

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from

Stamos on "Microsoft Security" - HP Printer Bricking, Mercedes Benz Source Code

Jan 31st, 2024 2h 17m

iOS to allow native Chromium and Firefox engines. An OS immune to ransomware? HP back in the doghouse over "anti-virus" printer bricking The mother of all breaches New "Thou shall not delete those chats" rules Fewer ransoms are being pa

A Week of News and Listener Views - HSS Breach, CISA's Policing Results

Jan 24th, 2024 2h 15m

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack US Health and Human Services Breached Firefox vs "The Competition" Brave reduces its anti-fingerprinting protections CISA's proactive policing results one y

The Protected Audience API - Hacked Washing Machine, Quantum Crypto Troubles

Jan 17th, 2024 1h 45m

What would an IoT device look like that HAD been taken over? And speaking of DDoS attacks Trouble in the Quantum Crypto world The Browser Monoculture Question about the Apple backdoor Getting into infosec proton drive vs sync SpinRite