Podcast Episode · Security Now (Audio) · 04/02/2025 · 2h 43m

I had a nice little surprise while listening to this week's episode of the "Security Now" podcast.

Microsoft to officially abandon passwords and support their deletion.Meta's RayBan smart glasses weaken their privacy terms.30% of Microsoft code is now being written by

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protec...

A follow-up to the SharePoint server patch mess.How Russia arranges to spy on other country's local embassies.'Dropbox Passwords' manager app is ending in October.Signal will

Brave randomizes its fingerprints.The next Brave will block Microsoft Recall by default.Clorox sues its IT provider for $380 million in damages.6-month Win10 ESU offers are

A follow-up to the SharePoint server patch mess.How Russia arranges to spy on other country's local embassies.'Dropbox Passwords' manager app is ending in October.Signal will

YouTube video by Security Now

The dangers of doing things you don't understand.Espressif responds to the claims of an ESP32 backdoor.A widely leveraged mistake Microsoft stubbornly refuses to correct.A

In this episode of Security Now, Steve Gibson and Leo Laporte address several crucial topics related to cybersecurity. One of the highlights of the episode is the discussion on age verification, a complex issue that requires a balanced solution between protecting minors and respecting users' privacy. Steve proposes a solution based on an Internet specification that would allow browsers to handle age verification requests in a uniform and secure manner. This solution would involve users being able to disclose their age voluntarily and in a controlled manner, while minimizing the personal information shared. Another fascinating topic is the story of fictitious North Korean employees attempting to infiltrate Western companies. Steve shares details of a hiring attempt where North Koreans used stolen identities and intermediaries to pass interviews and secure positions. This sophisticated tactic shows how elaborate cyberattacks can be and requires increased vigilance from employers. The episode also addresses the recent Bluetooth security flaw, which has garnered much attention. Steve clarifies that, contrary to alarmist headlines, this flaw is not a true "backdoor" allowing remote access. In reality, the undocumented commands discovered in the ESP32 microcontroller can only be exploited by someone with physical access to the hardware, significantly limiting the threat. The podcast also covers the implications of the British government's demand for Apple to provide decrypted access to user data. Steve emphasizes that this demand raises important questions about the balance between national security and privacy protection. He hopes that Apple's challenge will result in a solution that preserves user confidentiality. Finally, the episode discusses recent ransomware attacks and vulnerabilities in IoT devices. Steve explains how attackers can exploit unsecured IoT devices to launch ransomware attacks, highlighting the importance of segmenting networks and monitoring IoT device communications. In conclusion, this episode of Security Now offers an in-depth analysis of current cybersecurity challenges while proposing practical and realistic solutions to protect users and businesses.

Brave randomizes its fingerprints.The next Brave will block Microsoft Recall by default.Clorox sues its IT provider for $380 million in damages.6-month Win10 ESU offers are

Stephanie K. Pell examines how dismantling oversight boards under Trump's second term threatens privacy, national security, and governance.

Chrome to actively refuse admin privileges.Android Messenger is getting manual key verification.Pwn2Own to add AI 'pwning' as in-scope attack targets.AI has already been found

Podcast Episode · Security Now (Audio) · 02/05/2025 · 2h 47m

An exploited iOS iMessage vulnerability Apple denies?The NPM repository is under siege with no end in sight.Were Comcast and Digital Realty compromised? Don't ask them.Matthew