Go offline with the Player FM app!
Security Now 941: We told you so!
Manage episode 378051985 series 2623987
- Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
- China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
- A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
- The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
- A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
- Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
- A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
- An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
- Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
- There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
- Listener questions whether all stolen LastPass vaults will eventually be decrypted.
Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf
Hosts: Steve Gibson and Ant Pruitt
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
27 episodes
Manage episode 378051985 series 2623987
- Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
- China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
- A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
- The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
- A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
- Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
- A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
- An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
- Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
- There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
- Listener questions whether all stolen LastPass vaults will eventually be decrypted.
Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf
Hosts: Steve Gibson and Ant Pruitt
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
27 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.