Artwork

Content provided by Ant Pruitt. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Ant Pruitt or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Security Now 941: We told you so!

2:25:54
 
Share
 

Manage episode 378051985 series 2623987
Content provided by Ant Pruitt. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Ant Pruitt or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
  • Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
  • China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
  • A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
  • The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
  • A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
  • Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
  • A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
  • An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
  • Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
  • There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
  • Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Hosts: Steve Gibson and Ant Pruitt

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

  continue reading

27 episodes

Artwork

Security Now 941: We told you so!

Total Ant (Audio)

18 subscribers

published

iconShare
 
Manage episode 378051985 series 2623987
Content provided by Ant Pruitt. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Ant Pruitt or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
  • Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
  • China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
  • A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
  • The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
  • A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
  • Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
  • A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
  • An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
  • Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
  • There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
  • Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Hosts: Steve Gibson and Ant Pruitt

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

  continue reading

27 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide