Security Now!

Is AI the Wizard of Oz? Or is it more?
Microsoft's long standing effective MFA login bypass.
Is TPM 2.0 not required after all for Windows 11?
Meet 14 North Korean IT workers who made $88...

This week, Steve and Leo discuss the recent 'Salt Typhoon' hack of U.S. telecom providers by China, TPM 2.0 requirement for Windows 11, Microsoft's newly hacked Windows activation system, Apple...

Steve Gibson and Leo Laporte discuss Microsoft's clarification about AI training data usage, a fascinating breakthrough in understanding autonomous vehicle vulnerabilities, and an urgent call for...

What's the new "nearest neighbor" attack and how do you defend against it?
Let's Encrypt just turned 10. What changes has it wrought?
Now the Coast Guard is worried about Chinese built...

How Microsoft lured the US Government into a far deeper and expensive dependency upon its cybersecurity solutions.
Gmail to offer native throwaway email aliases like Apple and Mozilla.
Russia to...

How Microsoft lured the US Government into a far deeper and expensive dependency upon its cybersecurity solutions.
Gmail to offer native throwaway email aliases like Apple and Mozilla.
Russia to...

Did Bitwarden go closed-source?
The rights of German security researchers are clarified.
Australia to impose age limits on social media.
Free Windows Server 2025 anyone?
UAC wasn't getting in...

Google's record-breaking fine by Russia. (How many 0's is that?)
RT's editor-in-chief admits that their TV hosts are AI-generated.
Windows 10 security updates set to end next October... or are...

Apple proposes 45-day maximum certificate life.
SEC fines four companies for downplaying their SolarWinds attack severity.
Google adds 5 new features to Messenger including inappropriate content....

Did Chinese researchers really break RSA encryption? What did they do?
What next-level terror extortion is being powered by the NPD breach data?
The EU to hold software companies liable for...

uBlock Origin to the rescue
National Public Data files for bankruptcy
Will the .IO top level domain be disappearing?
Patch Tuesday
Firefox under attack
Miscellany
Sci-Fi
The Sequence
uBlock...

Facebook's parent Meta not hashing passwords
A New, forthcoming PayPal default opts their users into merchant data sharing
DDoS breaks another record
Speaking of these ASUS routers
Do you know...

The Linux remote code execution flaw
The CRUCIAL importance of Domain Control Security
Roskomnadzor strikes a discordant note
VLC gets a security update
Tor and Tails Merge
Telegram changes...

The case of the exploding pagers and walkie-talkies
"Ford seeks patent for tech that listens to driver conversations to serve ads"
Another large chunk of personal data exposed
Passkeys takes a...

Windows Endpoint Security Ecosystem Summit
Aging storage media does NOT last forever
How Navy chiefs conspired to get themselves illegal warship Wi-Fi
adam:ONE named the #1 best Secure Access...

Offer to uninstall Recall was a bug, not a feature
YubiKeys can be cloned
Miscellany
Is WhatsApp secure?
Telegram vs Signal
French elevators
Freezing your credit
The Quiet Canine
Unix time...

Telegram puts End-to-End Privacy in the Crosshairs
Free security logging is good for everyone
CrowdStrike hemorrhaging customers
Microsoft to meet privately with EDR (Endpoint Detection &...

CrowdStrike Exec's "Most Epic Fail" Award
Hardware backdoors discovered in Chinese-made key cards
Counterfeit CISCO networking gear
SpinRite
Errata
NPD breach updates from listeners
Looking...

Revocation Update
GRC's next experiment
Patch Tuesday
"The Famous Computer Café"
IsBootSecure
GRC Email
Working through WiFi Firewalls
Transferring DNS
OCSP attestation vs. TLS expiration...

Sitting Ducks DNS attack
A Bad RCE in another Microsoft server
SinkClose
The CLFS.SYS BSoD
IsBootSecure
Rethinking Revocation
Show Notes - https://www.grc.com/sn/SN-987-Notes.pdf
Hosts:...