#securitynow — Public Fediverse posts

Security Now Podcast #1078 #securitynow #nebraska #xkcd

Security Now Podcast #1078 #securitynow #nebraska #xkcd

Security Now Podcast #1078 #securitynow #nebraska #xkcd

Security Now Podcast #1078 #securitynow #nebraska #xkcd

Security Now Podcast #1078 #securitynow #nebraska #xkcd

One way to control technology is to defund and prohibit education such that the technicians and technically adept people capable of operating the technology cannot do so unless explicitly trained through government approved schooling.

Then you have a shot at preventing 3D printers from making guns.

This is also an efficient way to hamstring your population, making you vulnerable militarily. #securitynow 1072.

@yifanlu Cool find 😎.

I learned about your disclosure this morning when it made it onto this week's #SecurityNow Ep1071 and then saw it go by here on mastodon not long after.

And yes, why are commercial bug reporting platforms such a PITA to deal with trying to get someone to actually listen. Having a public reporting mechanism feels like such a "box ticking exercise" from their end.

New Security Now! is live! 🎙️

🤖 LLMs are getting scary at de-anonymizing people — your aliases might not protect you anymore
🔒 Firefox privacy wins + Apple/Google testing RCS encryption
🚨 TikTok resisting encryption, OpenClaw vulnerabilities, Ubuntu SUDO critical boost

We're diving into mass surveillance implications. What's your take on the security risks?

https://twit.tv/shows/security-now/episodes/1069

#SecurityNow #Cybersecurity #TWiT

🎙️ New Security Now! is live: Internal threats are the real danger — perimeter defense isn't enough anymore.

🔑 Zero trust & least privilege aren't buzzwords, they're survival strategies
👤 Most damage comes from compromised accounts & legacy systems

Learn how to implement zero trust without destroying productivity. Recorded live at ThreatLocker's Zero Trust World 2026.

https://twit.tv/shows/security-now/episodes/1068

#SecurityNow #Cybersecurity #TWiT

🎯 ClickFix & CrashFix exploits are tricking users into running clipboard malware—Windows nightmare fuel

🤖 AI hacking campaigns targeting Mexican govt while Lapsus$ recruits fresh talent

⚠️ Cisco's rare 10.0 CVSS vulnerability has everyone scrambling + Meta's drowning in AI-generated CSAM false reports

New Security Now is live! https://twit.tv/shows/security-now/episodes/1067

#SecurityNow #Cybersecurity #TWiT

Steve, not taking a political position is a political position: specifically, a conservative one. #SecurityNow. SN1048.

As the years progress I feel like more and more of #SecurityNow is comprised of Steve reading primary source commercial puffery / press releases and less his own analysis.

Reading commercial press releases is a convenient way to pad runtime, but I am tempted more and more to either increase playback speed or just skim an automatic transcription.

So, I'm expecting to hear Steve Gibson explain ring signatures at some point in a future #SecurityNow episode with @leo regarding #AgeVerification and #privacy.

Your mouse might be "listening" in ways you didn't expect! 👀 @SGgrc & @leo delve into new optical vulnerabilities, satellite security issues, and what the AWS outage forewarns us about. 🎧 #SecurityNow https://twit.tv/shows/security-now/episodes/1048

Finished first #CyberSecurity class for #CollegeCreditPlus (college classes for high school students) certification. Got an A.

The reason is simple -- 15 years of #SecurityNow with Steve Gibson (@SGgrc) on #TWIT.

Also, it was summer break from #k12 work, so had time to do the work. We'll see what happens during the school year, when I'm busy with #ESOL (#ESL) stuff.

Next fall, I'll be teaching cyber security to high school students for college credit. And doing ESOL stuff.

#education

🔐 This week on Security Now:
Signal leaves Australia
SharePoint patch confusion continues
Dropbox Passwords ends
China’s early access to MS flaws?
🎧 Listen here: https://twit.tv/sn/1037
#InfoSec #SecurityNow #TechNews

🛡️ Security Now w/ @SGgrc & @leo
💥 Last week: Microsoft's SharePoint 0-day & a Pwn2Own patch fail
📅 Tomorrow: new episode drops
🎧 subscribe: https://twit.tv/sn
#SecurityNow #CyberSecurity

💥 Clorox sues its IT provider for $380M
🔐 SharePoint 0-day unpacked
🧑💻 North Korea’s fake laptop farms impersonate U.S. workers
🛡️ FIDO passkey NOT bypassed after all
@SGgrc & @leo have the full breakdown on Security Now.
🎧 https://twit.tv/shows/security-now/episodes/1036
#Cybersecurity #SecurityNow

🚨 Inside the SharePoint 0-day
🛡️ Brave randomizes fingerprints + blocks Recall
⚠️ Microsoft's failed Pwn2Own patch
🇬🇧 UK + 🇪🇺 EU privacy drama
@SGgrc & @leo cover it all on Security Now
🎧 https://twit.tv/shows/security-now/episodes/1036
#SecurityNow #CyberSecurity

⚠️ DNS outages at Cloudflare's 1.1.1.1
🔓 Passkey protections bypassed
💣 Ransomware surges again
And Cloudflare's move to block traffic at the MPA's request? @SGgrc explores it all on Security Now with @leo.
🎧 https://twit.tv/shows/security-now/episodes/1035
#InfoSec #SecurityNow

#k-12 school year for teachers ended last week. My year ends tomorrow. New term of #AdultESOL / #AdultESL starts (for me) on Saturday.

#CyberSecurity class started last week. So far, so good. Pretty interesting. For this #CollegeCreditPlus program, I have to do 1 class in the fall, 2 in the spring, and the final one next summer. While working 60 hours a week. Not looking forward to that spring term at all.

Luckily, I've listened to #SecurityNow with @SGgrc for over 10 years.

🎉 TWiT Turns 20: Iconic Moments
🔢 What's the Worst PIN Code?
@SGgrc breaks down the most (and least) secure 4-digit PINs.
Spoiler: 1234 is not it.
🔐 Security Now 974 ➜ https://twit.tv/sn/974
🎬 https://youtu.be/Qj85v2ca89E
#SecurityNow #Cybersecurity #TWiT20

Got accepted for a program to credential high school teachers to teach college classes (#Ohio's #CollegeCreditPlus program). Doing the paperwork stuff now - so much fun.

I'm an #ESOL teacher. I'll be taking classes to get credentialed to teach college-level #CyberSecurity. Have to take 4 or 5 graduate-level classes. Might have to do a pre-req or two.

Luckily, I've been listening to #TWiT and #SecurityNow for over 10 years at this point (maybe closer to 15?), so I feel pretty well prepared.

I wonder if @internetarchive uses #opentimestamps or a non-blockchain equivalent for its various snapshots. I would love to be able to independently verify the integrity of each page and/or asset against a merkle tree rooted in something reasonable, public, and obvious. #SecurityNow 996.

I prefer information spoken by humans, but if you're going to read a script in a plodding monotone, do both of us a favor and just have an AI read it at 2x speed. I find otherwise acceptable podcasters putting me to sleep when they include verbatim news reports or changelogs in their scripts.

#podcasting #audiobooks #ThisWeekInTech #UntitledLinuxShow #securitynow

Covered in #securitynow 995 I knew I had to watch this talk I did not catch at the venue.
https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers

Glad I listened to @SGgrc beforehand as he put it into more digestable language and a sober context.
The talk starts with low-level code deepdives out of the gate. Truetype fonts are turing complete?!

Thank you @oct0xor kucherin bzvr

#operationtriangulation #37c3

@leo and this weeks #SecurityNow podcast, Leo and Steve discuss the very annoying low battery alarms that occur around your home. these often go off in the middle of the night and can be difficult to locate. being #Blind., I employ audio direction finding techniques to track them down. Leo wants Steve to develop a chirp finder. I think this would be a great #Arduino project. #RaspberryPie. #ADC #Triangulation.

I liked this comment in last week's Security Now. Code things three times. Do it. Make it better. Make it right. The first time you lay down code for a solution, it's probably garbage. By the third iteration, it's probably about right. (Actually in my case, by the third iteration, it's still garbage, but who's counting.)

@SGgrc @leo

(Yes, similar to extreme programming. I'm a bit behind...)

#SecurityNow #ExtremeProgramming #CodingStandards

My year 2023 in podcasts. #AntennaPodEcho #linuxunplugged #securitynow #TechOverTea #GameMessMornings

I was recently listening to @SGgrc coverage of the EU’s QWAC proposal. There’s much debate regarding the EU’s role in the global PKI ecosystem, when it dawned on me there’s a far simpler solution that should (hopefully) address everyone’s concerns. Instead of operating a root CA, the EU should operate a Certificate Transparency Log.

Let me explain. The Certificate Transparency system was envisioned to countersign existing certificates, ensuring that the certificate’s issuance was included in a public log. The result is the body of the certificate (i.e. subject, public key, etc) is signed by both the CA and the CT Log. Certificate can (and often do) have multiple CT Log signatures.

What I’m proposing is the EU operate their own CT Log server. But unlike standard CT Log servers which will sign any certificate sent their way, the EU would only countersign certificates that meet the QWAC requirements. For example, ensuring that the subject fields (name, address, etc) are valid and the authenticity of the requestor is confirmed.

The basic flow would be: (1) User submits a CSR to their preferred CA; just like they always do. (2) The CA performs their standard domain name and OV/EV verification. (3) User is redirected to an EU-managed portal to further complete their QWAC verification. (4) Once both the CA and EU are satisfied, then the CSR is signed by the CA and a CT Log signature is added by the EU.

The benefits: The EU no longer operates a root CA that’s globally trusted, the EU’s approval of a certificate is as cryptographically secure as if they ran their own root CA, existing applications continue uninterrupted (since this is just another CT signature), the existing CT Log ecosystem also continues on (as they can still add additional countersignatures to QWAC certificates), and client-side QWAC verification can now be accomplished either by the browser natively or via a browser plugin (effectively offering an opt-in option).

Standard caveat, the above is my personal opinion and does not represent anyone else’s opinion/position.

#QWAC #EU #eIDAS #PKI #Certificate #CAB #SecurityNow

Are You On LastPass? Time To Look At Alternatives
LastPass was the first password manager I was aware of. The premise was simple: Using a LastPass account, you could store your website credentials in a "vault" on
https://medi-nerd.com/2023/01/08/are-you-on-lastpass-time-to-look-at-alternatives/
#Technology #1Password #AreYouOnLastPass?TimeToLookAtAlternatives #BitWarden #Dashlane #DonPezet #ITProTV #LastPass #LogMeIn #PasswordManager #SecurityNow #SteveGibson #Technado #Technology #TWiT

Been working with the #LastPass tool that Steve Gibson publicized on the latest #SecurityNow podcast (episode 905). But ran into an issue with shared folders, and covered it in this blog post.

https://www.boojit.com/blog/2023-01-13.1+LastPass+vaults+and+shared+folders

#LastPassBreach #LastPassHack

Steve's Next Password Manager After the LastPass Hack - On Security Now, Steve Gibson shares with Leo Laporte his plan in the shadow of the devastating LastPass hack and which password manager he plans to use next. - https://youtu.be/9XWHCF4pLmI #LastPass #twit #DashLane #BitWarden #1Password #PasswordVault #PasswordManager #AppleKeychain #SteveGibson #LeoLaporte #SecurityNow

Steve's Next Password Manager After the LastPass Hack - On Security Now, Steve Gibson shares with Leo Laporte his plan in the shadow of the devastating LastPass hack and which password manager he plans to use next. - https://youtu.be/9XWHCF4pLmI #LastPass #twit #DashLane #BitWarden #1Password #PasswordVault #PasswordManager #AppleKeychain #SteveGibson #LeoLaporte #SecurityNow

Steve's Next Password Manager After the LastPass Hack - On Security Now, Steve Gibson shares with Leo Laporte his plan in the shadow of the devastating LastPass hack and which password manager he plans to use next. - https://youtu.be/9XWHCF4pLmI #LastPass #twit #DashLane #BitWarden #1Password #PasswordVault #PasswordManager #AppleKeychain #SteveGibson #LeoLaporte #SecurityNow

Steve's Next Password Manager After the LastPass Hack - On Security Now, Steve Gibson shares with Leo Laporte his plan in the shadow of the devastating LastPass hack and which password manager he plans to use next. - https://youtu.be/9XWHCF4pLmI #LastPass #twit #DashLane #BitWarden #1Password #PasswordVault #PasswordManager #AppleKeychain #SteveGibson #LeoLaporte #SecurityNow

#applebackdoor #cve_2023_38606
#SecurityNow

Why did Apple have a backdoor into its devices for 5 years? Fixed once discovered by Kaspersky

https://twit.tv/posts/tech/mystery-cve-2023-38606-apples-secret-iphone-backdoor-exposed#:~:text=The%20vulnerability%2C%20labeled%20CVE-2023-38606%2C%20was%20discovered%20by%20researchers,allowed%20hackers%20to%20bypass%20iPhone%20security%20defenses%20altogether.

https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/

Interesting segment on #SecurityNow with Steve Gibson and @leo about freebie bots: bots that scour the Web for mistakenly underpriced items to buy up as many as possible before the mistake is caught. https://youtu.be/HiABizPScto While probably not “illegal” in the criminal sense, business owners could sue users of such scrapers and bots on various grounds (including one of my favorites, #TrespassToChattels). Also, this reminds me a little of #JerryAndMargeGoLarge.

Interesting segment on #SecurityNow with Steve Gibson and @leo about freebie bots: bots that scour the Web for mistakenly underpriced items to buy up as many as possible before the mistake is caught. https://youtu.be/HiABizPScto While probably not “illegal” in the criminal sense, business owners could sue users of such scrapers and bots on various grounds (including one of my favorites, #TrespassToChattels). Also, this reminds me a little of #JerryAndMargeGoLarge.

Interesting segment on #SecurityNow with Steve Gibson and @leo about freebie bots: bots that scour the Web for mistakenly underpriced items to buy up as many as possible before the mistake is caught. https://youtu.be/HiABizPScto While probably not “illegal” in the criminal sense, business owners could sue users of such scrapers and bots on various grounds (including one of my favorites, #TrespassToChattels). Also, this reminds me a little of #JerryAndMargeGoLarge.

Interesting segment on #SecurityNow with Steve Gibson and @leo about freebie bots: bots that scour the Web for mistakenly underpriced items to buy up as many as possible before the mistake is caught. https://youtu.be/HiABizPScto While probably not “illegal” in the criminal sense, business owners could sue users of such scrapers and bots on various grounds (including one of my favorites, #TrespassToChattels). Also, this reminds me a little of #JerryAndMargeGoLarge.

Interesting segment on #SecurityNow with Steve Gibson and @leo about freebie bots: bots that scour the Web for mistakenly underpriced items to buy up as many as possible before the mistake is caught. https://youtu.be/HiABizPScto While probably not “illegal” in the criminal sense, business owners could sue users of such scrapers and bots on various grounds (including one of my favorites, #TrespassToChattels). Also, this reminds me a little of #JerryAndMargeGoLarge.

Are You On LastPass? Time To Look At Alternatives
LastPass was the first password manager I was aware of. The premise was simple: Using a LastPass account, you could store your website credentials in a "vault" on
https://medi-nerd.com/2023/01/08/are-you-on-lastpass-time-to-look-at-alternatives/
#Technology #1Password #AreYouOnLastPass?TimeToLookAtAlternatives #BitWarden #Dashlane #DonPezet #ITProTV #LastPass #LogMeIn #PasswordManager #SecurityNow #SteveGibson #Technado #Technology #TWiT

Are You On LastPass? Time To Look At Alternatives
LastPass was the first password manager I was aware of. The premise was simple: Using a LastPass account, you could store your website credentials in a "vault" on
https://medi-nerd.com/2023/01/08/are-you-on-lastpass-time-to-look-at-alternatives/
#Technology #1Password #AreYouOnLastPass?TimeToLookAtAlternatives #BitWarden #Dashlane #DonPezet #ITProTV #LastPass #LogMeIn #PasswordManager #SecurityNow #SteveGibson #Technado #Technology #TWiT

Are You On LastPass? Time To Look At Alternatives
LastPass was the first password manager I was aware of. The premise was simple: Using a LastPass account, you could store your website credentials in a "vault" on
https://medi-nerd.com/2023/01/08/are-you-on-lastpass-time-to-look-at-alternatives/
#Technology #1Password #AreYouOnLastPass?TimeToLookAtAlternatives #BitWarden #Dashlane #DonPezet #ITProTV #LastPass #LogMeIn #PasswordManager #SecurityNow #SteveGibson #Technado #Technology #TWiT

Are You On LastPass? Time To Look At Alternatives
LastPass was the first password manager I was aware of. The premise was simple: Using a LastPass account, you could store your website credentials in a "vault" on
https://medi-nerd.com/2023/01/08/are-you-on-lastpass-time-to-look-at-alternatives/
#Technology #1Password #AreYouOnLastPass?TimeToLookAtAlternatives #BitWarden #Dashlane #DonPezet #ITProTV #LastPass #LogMeIn #PasswordManager #SecurityNow #SteveGibson #Technado #Technology #TWiT