Home / Series / Security Now / Official Order /

All Seasons

Season 1

  • S01E01 As the Worm Turns — the first Internet worms of 2005

    • August 18, 2005

    How a never-disclosed Windows vulnerability was quickly reverse-engineered from the patches to fix it and turned into more than 12 potent and damaging Internet worms in three days. What does this mean for the future of Internet security?

  • S01E02 HoneyMonkeys

    • August 25, 2005

    How Microsoft's "HoneyMonkey" system works, how it finds malicious web sites before they find you, and what Microsoft is doing (and NOT doing) with this valuable security information it is now collecting.

  • S01E03 NAT Routers as Firewalls

    • September 1, 2005

    Most people don't think of common NAT routers as hardware firewalls, but ANY NAT router inherently provides terrific security and protection against incoming malicious traffic. Learn how and why this is, and which default settings MUST be changed to lock down the security of your NAT router.

  • S01E04 Personal Password Policy (1)

    • September 8, 2005

    Everyone who uses web-based services such as eBay, Amazon, and Yahoo, needs to authenticate their identity with passwords. Password quality is important since easily guessable passwords can be easily defeated. Leo and I recap a bit from last week's program, then discuss passwords. We suggest an approach that anyone can use to easily create unbreakable passwords.

  • S01E05 Personal Password Policy (2)

    • September 15, 2005

    Our previous episode (#4), which discussed personal password policies, generated so much great listener feedback, thoughts, ideas, and reminders about things we didn't mention, that we decided to wrap up this important topic with a final episode to share listeners' ideas and to clarify some things we left unsaid.

  • S01E06 Mechanical & Electromagnetic Information Leakage

    • September 22, 2005

    Triggered by a recent report of three UC Berkeley researchers recovering text typed at a keyboard (any keyboard) after simply listening to ten minutes of typing, Leo and I discuss the weird realm of "alternative information leakage" — from CRT glowing, to radio emissions, to LEDs lamps on the front of network equipment . . . to a microphone listening to anyone typing.

  • S01E07 SPYaWAREness

    • September 29, 2005

    Any contemporary discussion of threats to Internet security must discuss the history, current situation, and future of spyware. Leo and I spend a little more time than usual covering many aspects of this important topic. DON'T MISS the Episode Notes Page for this episode!

  • S01E08 Denial of Service (DoS) Attacks

    • October 6, 2005

    Distributed Denial of Service (DDoS) attacks are occurring with ever-greater frequency every day. Although these damaging attacks are often used to extort high-profile gaming and gambling sites before major gambling events, attacks are also launched against individual users who do something to annoy "zombie fleet masters" while they are online. Some router and firewall vendors claim that their devices prevent DDoS attacks. Is that possible? What can be done to dodge the bullet of a DDoS attack launched against you while you're online?

  • S01E09 Rootkits

    • October 13, 2005

    This week we discuss "rootkit technology". We examine what rootkits are, why they have suddenly become a problem, and how that problem is rapidly growing in severity. We also discuss their detection and removal and point listeners to some very effective free rootkit detection solutions.

  • S01E10 Open Wireless Access Points

    • October 20, 2005

    Leo and I examine the security and privacy considerations of using non-encrypted (i.e. 'Open') wireless access points at home and in public locations. We discuss the various ways of protecting privacy when untrusted strangers can 'sniff' the data traffic flowing to and from your online PC.

  • S01E11 Bad WiFi Security (WEP and MAC address filtering)

    • October 27, 2005

    Leo and I answer some questions arising from last week's episode, then plow into a detailed discussion of the lack of security value of MAC address filtering, the futility of disabling SSID's for security, and the extremely poor security offered by the first-generation WEP encryption system.

  • S01E12 Sony's

    • November 3, 2005

    Leo and I discuss details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme. This poorly written software unnecessarily employs classic rootkit technology (see episode #9) to hide from its users after installation. It can not be uninstalled easily, it can be easily misused for malicious purposes, and it has been implicated in many repeated BSOD "blue screen of death" PC crashes.

  • S01E13 Unbreakable WiFi Security

    • November 10, 2005

    Leo and I follow-up on last week's discussion of the Sony Rootkit debacle with the distressing news of "phoning home" (spyware) behavior from the Sony DRM software, and the rootkit's exploitation by a new malicious backdoor Trojan. We then return to complete our discussion of WiFi security, demystifying the many confusing flavors of WPA encryption and presenting several critical MUST DO tips for WPA users.

  • S01E14 Virtual Private Networks (VPN): Theory

    • November 17, 2005

    Leo and I first follow-up on the past two episodes, discussing new developments in the continuing Sony Rootkit DRM drama, and clearing up some confusion over the crackability of WPA passphrases. Then, in this first of our two-part series on VPNs, we discuss the theory of VPN connections and tunnels, explaining how they work and why they represent such a terrific solution for anyone who needs security while they're away from home.

  • S01E15 VPN Secure Tunneling Solutions

    • November 24, 2005

    Leo and I discuss the use of SSL and SSH encrypted tunneling for providing privacy and security whenever an insecure local network is being used — such as at an open WiFi hotspot or when using a hotel's network. These solutions are not transparent and tend to be configuration intensive. They also require the use of a "server" of some sort at the user's home or office. This makes these approaches less suitable for casual users, but offers a solution for the more technically inclined road warriors.

  • S01E16 Listener feedback Q&A #1

    • December 1, 2005

    Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies we have previously discussed.

  • S01E17 PPTP and IPSec VPN Technology

    • December 8, 2005

    In our continuing exploration of VPN technology for protecting network users on networks they don't control, Leo and I discuss the oldest "original" VPN protocols: Industry standard IPSec, and Microsoft's own PPTP and L2TP/IPSec. We examine and explain the trouble with interconnecting Windows machines to third-party VPN routers and examine the many reasons these older technologies are probably not optimal for on-the-go road warriors.

  • S01E18 Hamachi Rocks!

    • December 15, 2005

    This week Leo and I discuss and describe the brand new, ready to emerge from a its long development beta phase, ultra-secure, lightweight, high-performance, highly-polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system known as "Hamachi". After two solid weeks of testing and intense dialog with Hamachi's lead developer and designer, I have fully vetted the system's security architecture and have it running on many of my systems. While I am travelling to Toronto this week, Hamachi is keeping my roaming laptop securely and directly connected to all of my machines back home. Don't miss this one!

  • S01E19 VPNs Three: Hamachi, iPig, and OpenVPN

    • December 22, 2005

    Leo and I wrap up our multi-week, in-depth coverage of PC VPN solutions by discussing some aftermath of the zero-configuration Hamachi system; introducing "iPig," a very appealing new zero-configuration VPN contender; and describing the many faces of OpenVPN, the "Swiss army knife" of VPN solutions.

  • S01E20 A SERIOUS new Windows vulnerability — and Listener Q&A

    • December 29, 2005

    On December 28th a serious new Windows vulnerability has appeared and been immediately exploited by a growing number of malicious web sites to install malware. Many worse viruses and worms are expected soon. We start off discussing this and our show notes provides a quick necesary workaround until Microsoft provides a patch. Then we spend the next 45 minutes answering and discussing interesting listener questions.

  • S01E21 The Windows MetaFile (WMF) Vulnerability

    • January 5, 2006

    Leo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular -- and very necessary -- temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond.

  • S01E22 The Windows MetaFile Backdoor?

    • January 12, 2006

    Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

  • S01E23 GRC's

    • January 19, 2006

    Leo and I "close the backdoor" on the controversial Windows WMF Metafile image code execution (MICE) vulnerability. We discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware: MouseTrap which determines whether any Windows or Linux/WINE system has 'MICE'.

  • S01E24 Listener Feedback Q&A #3

    • January 26, 2006

    Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.

  • S01E25 How the Internet Works (1)

    • February 2, 2006

    Steve talks about the Kama Sutra virus, scheduled to strike tomorrow, and PC World's anti-virus roundup. Then we delve into How the Internet Works, part 1. We'll wrap things up next week.

  • S01E26 How the Internet Works (2)

    • February 9, 2006

    Part 2 of Steve's discussion of how the fundamental Internet technologies work. This and the previous episode will provide the foundation for our future podcasts on Internet security issues.

  • S01E27 How Local Area Networks Work, Part 1

    • February 16, 2006

    Steve continues to lay a foundation on understanding networking. This week, part one of how LANs work. We cover DHCP, Subnet Masks, Routers, and hubs. We'll conclude with part two on episode 29.

  • S01E28 Listener Feedback Q&A #4

    • February 23, 2006

    Steve answers your questions on this episide. With further clarification on VPN security, Hamachi, and the answer to the eternal question, which operating system is the most secure.

  • S01E29 Ethernet Insecurity

    • March 2, 2006

    In this week's marathon edition Steve tackles security issues inherent to Ethernet, including ARP spoofing.

  • S01E30 Cryptographic Issues

    • March 10, 2006

    This week Steve takes a look at how cryptography is used and the difficult issues strong crypto raises.

  • S01E31 Symmetric Stream Ciphers

    • March 16, 2006

    This week Steve continues his discussion of crypto with a look at secret decoder rings and one-time pads.

  • S01E32 Listener Feedback Q&A #5

    • March 23, 2006

    Episode 32 is our monthly question and answer session.

  • S01E33 Symmetric Block Ciphers

    • March 30, 2006

    Part three of Steve's overview of cryptography looks at symmetric block ciphers.

  • S01E34 Public Key Cryptography

    • April 6, 2006

    This week Steve explains how public key cryptography works, and we welcome our new sponsor, Astaro! Thanks so much for the support guys.

  • S01E35 Cryptographic Hashes

    • April 13, 2006

    This week Steve talks about how cryptographic hashes work and are used to verify the integrity of files and email. We also talk about email signing and recommend the Gnu Privacy Guard.

  • S01E36 Listener Feedback Q&A #6

    • April 20, 2006

    As usual on every fourth episode, Steve answers listener questions.

  • S01E37 Crypto Series Wrap-up

    • April 27, 2006

    We wrap up our talk about cryptography with a discussion of prime number generation, key recovery, and digital certificates.

  • S01E38 Browser Security

    • May 4, 2006

    Why is Internet Explorer so insecure? What can you do to secure it? And why is it so hard to make a secure browser? Steve talks about security policy vs. browser flaws, how he uses IE safely, and why Java and Javascript are inherently more secure than ActiveScript and ActiveX.

  • S01E39 Buffer Overruns

    • May 11, 2006

    Buffer overflows... they're the most common kind of security flaw, but what are they and how do they happen? Finally, how can we protect ourselves from them? Steve explains all.

  • S01E40 Listener Feedback Q&A #7

    • May 18, 2006

    As he does every fourth episode, Steve answers your questions. But first, an update on some recent security news...

  • S01E41 TrueCrypt

    • May 25, 2006

    The ultimate encryption program, free, open source, strong, and flexible: Truecrypt.

  • S01E42 NAT Traversal

    • June 1, 2006

    Steve explains the clever technique that Skype and other programs use to end around NAT routers.

  • S01E43 Open Ports

    • June 8, 2006

    Ever wonder what a port is? Steve explains what they are and what terms like "stealth ports" and "port sniffing mean." Leo reads a little poetry.

  • S01E44 Listener Feedback Q&A #8

    • June 15, 2006

    On this episode, one dozen questons and answers

  • S01E45 The 'Hosts' File

    • June 22, 2006

    This week Steve explains the mysterious HOSTS file - part of Windows, OS X, Linux, and many other operating systems. He talks about how malicious programs may misuse it, and how you can use it to protect yourself.

  • S01E46 Router Logs

    • June 29, 2006

    This week Steve tells us what to do with the router logs. What a router can (and can't) tell you about your security situation?

  • S01E47 Internet Weaponry

    • July 6, 2006

    This week Steve tells us about distributed denial of service attacks and how hackers use IRC botnets to create them.

  • S01E48 Listener Feedback Q&A #9

    • July 13, 2006

    How big can a HOSTS file get? Does a firewall slow you down? A plan to fight phishers. All on this week's edition of Security Now! with Steve Gibson.

  • S01E49 The NETSTAT Command

    • July 20, 2006

    How can you tell what your computer is doing on the net? Netstat. This handy program comes with almost all operating systems. On Windows, click Start, then select Command Prompt from the Programs->Accessories menu. To run Netstat, type netstat at the command prompt. For more readable output type netstat -ab.

  • S01E50 Virtual Machine History & Technology

    • July 27, 2006

    Virtualization, its history and uses in security.

  • S01E51 Vista's Virgin Stack

    • August 3, 2006

    Will Windows Vista be secure? According to a new study from Symantec, the decision to re-write the networking stack from the ground up means it will be much less secure than XP.

  • S01E52 A Busy Week for Security Troubles

    • August 10, 2006

    Steve normally answers questions on shows divisible by four, but not this week. There's just too much security news including javascript exploits, Ebay gaming, and the sale of Hamachi.

  • S01E53 VMware

    • August 17, 2006

    More on Virtualization technology, with a special focus on VMWare's Virtual Appliances.

  • S01E54 Blue Pill

    • August 24, 2006

    The Blue Pill demonstrates a serious security concern with the Hypervisor mode in Windows Vista. Steve discusses the threat and arguments against it.

  • S01E55 Application Sandboxes

    • August 31, 2006

    Sandboxing your browser to keep your system secure.

  • S01E56 Listener Feedback Q&A #10

    • September 7, 2006

    Our regular session of questions and answers deals with Vista security, remote access, the HOSTS files, and Zone Alarm.

  • S01E57 Virtual PC versus VMware

    • September 14, 2006

    Steve wraps up his rundown of Virtualization programs with a look at Microsoft's free Virtual PC.

  • S01E58 Two New Critical Windows Problems

    • September 21, 2006

    Guest: Eric Sites, VP R&D Sunbelt Software Two serious Windows flaws have surfaced today. One, a zero-day exploit, makes it possible for any web site (or HTML email) to take over a Windows machine, even if it's been fully patched. The other is a file corruption error on Windows 2000 NTFS systems introduced by a Microsoft patch.

  • S01E59 Comparing

    • September 28, 2006

    We conclude our coverage of virtual machine software with a review of Parallels - the fastest of the VM programs.

  • S01E60 Listener Feedback Q&A #11

    • October 5, 2006

    Your questions, Steve's answers.

  • S01E61 ISP Privacy and Security

    • October 12, 2006

    First a review of three more zero day exploits in Windows XP, then a look at what your ISP knows about you and how to protect your privacy.

  • S01E62 Internet Proxies

    • October 19, 2006

    How proxy servers work to both speed up access and protect users.

  • S01E63 MojoPac

    • October 26, 2006

    MojoPac software lets you put your entire Windows configuration on a thumbdrive or portable disk and take it with you anywhere. It works surprisingly well, but there are some caveats. Steve reviews.

  • S01E64 Listener Feedback Q&A #12

    • November 2, 2006

    Your questions, Steve's answers.

  • S01E65 Why Is Security So Difficult?

    • November 9, 2006

    What makes it so hard to secure Windows? Steve says ultimate security is ultimately impossible.

  • S01E66 Windows Vista Security

    • November 16, 2006

    Why the 64-bit version of Windows is both more secure and less compatible. Steve explains why.

  • S01E67 Kernel Patch Protection

    • November 23, 2006

    Microsoft is touting PatchGuard, a new security feature in 64-bit versions of XP and Vista. Steve explains how easy it is to hack, and what it's really for if it's not for deterring hackers.

  • S01E68 Listener Feedback Q&A #13

    • November 30, 2006

    Our monthly question and answer session goes long - but there's lots of good information.

  • S01E69 The Social Implications of Internet Anonymity

    • December 7, 2006

    Is there such a thing as anonymity on the Internet? How important is it?

  • S01E70 Achieving Internet Anonymity

    • December 14, 2006

    Two interesting implementations of Internet anonymization: The Freenet Project for anonymously storing and transmitting files, and Tor, "the onion router" which can anonymize all your Internet accesses.

  • S01E71 SecurAble

    • December 21, 2006

    Steve's latest free security application is called Securable. It's not quite ready yet, but Steve gives us a preview in this episode.

  • S01E72 Listener Feedback Q&A #14

    • December 28, 2006

    Our monthly question and answer segment covers TOR details, overheating hard drives, and what happens to your data when you die...

  • S01E73 Digital Rights Management (DRM)

    • January 4, 2007

    Steve and Leo survey the history and evolution of media property rights and the technologies used to enforce them as they prepare for next week's show: a look at AACS, the most pervasive and invasive system for digital rights management ever created.

  • S01E74 Peter Gutmann on Vista DRM

    • January 12, 2007

    Steve and Leo interview Peter Gutmann about his paper A Cost Analysis of Windows Vista Content Protection.

  • S01E75 Vista DRM Wrap-Up & Announcing “SecurAble”

    • January 12, 2007

    We wrap up our discussion of the premium content protection features in Vista and announce Steve's newest free security utility: Securable.

  • S01E76 Listener Feedback Q&A #15

    • January 25, 2007

    Our monthly question and answer segment covers DEP on the Mac, HD-DVD decryption, and email privacy...

  • S01E77 Microsoft on Vista DRM

    • January 31, 2007

    Steve and Leo discuss Dave Marsh's response on behalf of Microsoft to Peter Gutmann's paper about Windows Vista Content Protection.

  • S01E78 DEP in Depth

    • February 7, 2007

    Hardware Data Execution Protection is one of the best ways to protect your PC from hackers. Steve discusses how it works, how to turn it on, and the possible pitfalls of using it.

  • S01E79 Backtracking Spoofed Spam eMail

    • February 15, 2007

    How do spambots work, why do spammers need them, and the best way to block them and prevent spam.

  • S01E80 Listener Feedback Q&A #16

    • February 22, 2007

    Our monthly question and answer segment covers spam spoofing, VPN mysteries, and online backup security...

  • S01E81 Hard Drive Unreliability

    • March 1, 2007

    Google's massive study of hard drive reliability yields some surprising results. Read more at http://www.grc.com/sn/notes-081.htm

  • S01E82 Cyber Warfare

    • March 8, 2007

    Steve comments on the Federal Computer Week article Cyber officials: Chinese hackers attack 'anything and everything'.

  • S01E83 UAC in Depth

    • March 15, 2007

    A closer look at Vista's User Access Control.

  • S01E84 Listener Feedback Q&A #17

    • March 22, 2007

    Our monthly question and answer show.

  • S01E85 Intro to Web Code Injection

    • March 29, 2007

    Jikto is a Javascript tool that can take over your computer and use it to find sites with vulnerabilities. We describe it and the cross-site scripting flaws it looks for.

  • S01E86 Cross-Site Scripting

    • April 5, 2007

    Updates on the Animated Cursor Vulnerability, a recommendation for security software from eEye, and how the Sony Reader works, plus an in depth discussion of scripting vulnerabilities.

  • S01E87 SQL Injection Exploits

    • April 12, 2007

    Another common attack vector in web software is the SQL injection. Steve explains what it is and how it happens.

  • S01E88 Listener Feedback Q&A #18

    • April 19, 2007

    Our monthly question and answer show.

  • S01E89 Even More Badly Broken WEP

    • April 26, 2007

    WEP gets even more insecure with a new cracking technique that's 1000 times faster.

  • S01E90 Multifactor Authentication

    • May 3, 2007

    Steve explains the theory and practice of multifactor authentication which uses combinations of "something you know," "something you have," and "something you are" to provide stronger remote authentication than traditional, unreliable single-factor username and password authentication.

  • S01E91 Marc Maiffret

    • May 10, 2007

    Guest: Marc Maiffret of eEye Digital Security Marc talks about Windows and Mac security, the coming threat from web applications, and eEye's free, all-in-one protection program, Blink Personal Edition.

  • S01E92 Listener Feedback Q&A #19

    • May 17, 2007

    Our monthly question and answer show.

  • S01E93 Microsoft Patent Wars

    • May 24, 2007

    Steve looks at software patents and the Microsoft challenge to open source software from the point of view of a developer, patent holder, and expert witness in patent cases.

  • S01E94 The Fourth Factor

    • May 31, 2007

    We've already talked about the three factors of authentication: something you know (e.g. a password), something you have (a passcard), and something you are (a fingerprint). Now Steve talks about the fourth factor of authentication: someone you know, or who knows you.

  • S01E95 OpenID

    • June 7, 2007

    Open ID, how it works and what it means to you (not having to remember so many passwords for starters).

  • S01E96 Listener Feedback Q&A #20

    • June 15, 2007

    Steve answers listener mail on subjects like authentication and more...

  • S01E97 Operation: Bot Roast

    • June 22, 2007

    The FBI says it has uncovered one million computers that are being used by hackers without their owners' knowledge. Today Steve talks about BotNets and the FBI's Operation Bot Roast.

  • S01E98 Internet Identity Metasystems

    • June 28, 2007

    Steve continues our discussion of authentication with a look at Internet identity metasystems.

  • S01E99 Trusted Platform Module (TPM)

    • July 5, 2007

    The Trusted Platform Module - a hardware solution to security now shipping on many computers.

  • S01E100 Listener Feedback Q&A #21

    • July 12, 2007

    Your questions, Steve's answers as we complete 100 consecutive weeks of shows!

  • S01E101 Are You Human?

    • July 19, 2007

    Steve looks at Captcha and Re-Captcha - the pros and cons of trying to distinguish humans from robots, with a side look at Alan Turing and Jeff Hawkins's On Intelligence.

  • S01E102 Listener Mailbag #1

    • July 26, 2007

    Our first mailbag episode with 20 questions and comments from our listeners.

  • S01E103 PayPal Security Key

    • August 2, 2007

    A closer look at the Paypal Security Key with Michael Vergara, Director of Account Protections at Paypal.

  • S01E104 Listener Feedback Q&A #22

    • August 9, 2007

    For 16Kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written - Spinrite 6.

  • S01E105 Firewall LeakTesting

    • August 16, 2007

    Steve, the creator of the original leak test program, talks about leak testing and how hackers work to get around them.

  • S01E106 Listener Mailbag #2

    • August 23, 2007

    Our second mailbag episode with a dozen questions and comments from our listeners.

  • S01E107 PIP & Even More Perfect Passwords

    • August 30, 2007

    Steve looks at Verisign's Personal Identity Provider, an OpenID service that works with the Paypal token, and talks about updates to his Perfect Password page.

  • S01E108 Listener Feedback #23

    • September 6, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners.

  • S01E109 GRC's eCommerce System

    • September 13, 2007

    Steve talks about developing his in-house E-Commerce system, and how he solved some issues other e-commerce system handle poorly. We also talk about the pleasures of assembly language programming.

  • S01E110 Listener Feedback #24

    • September 20, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners, plus an extra one for fun.

  • S01E111 OpenID Precautions

    • September 27, 2007

    Steve responds to criticisms of the OpenID system and offers some issues to consider when you use it.

  • S01E112 Listener Feedback #25

    • October 4, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners.

  • S01E113 Roaming Authentication

    • October 11, 2007

    How do you solve the problem of secure access to data on the road? Steve shows how he tackled roaming authentication at grc.com and proposes a general solution for everyone.

  • S01E114 Listener Feedback #26

    • October 18, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners including our Great Idea of the Week...

  • S01E115 Perfect Paper Passwords

    • October 25, 2007

    Following up on Episode 113, Roaming Authentication, Steve proposes a great way to strengthen remote access using Perfect Paper Passwords.

  • S01E116 Listener Feedback #27

    • November 1, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners.

  • S01E117 Even More Perfect paper Passwords

    • November 8, 2007

    Perfect Paper Passwords version two!

  • S01E118 Listener Feedback #28

    • November 15, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners.

  • S01E119 PayPal and DoubleClick

    • November 22, 2007

    Why does Paypal secretly send you through Doubleclick to get to some of its web pages? Steve explains how third-party cookies can violate your privacy and what to do about it.

  • S01E120 Listener Feedback #29

    • November 29, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners.

  • S01E121 Is Privacy Dead?

    • December 6, 2007

    Is it possible to preserve your privacy in the digital age? It's certainly worth trying.

  • S01E122 Listener Feedback #30

    • December 13, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners...

  • S01E123 Jungle Disk

    • December 20, 2007

    Steve interviews Dave Wright of JungleDisk, a data storage optimization product for Amazon's S3...

  • S01E124 Listener Feedback #31

    • December 27, 2007

    Our regular mailbag episode with a dozen questions and comments from our listeners.

  • S01E125 Symmetric Ciphers

    • January 3, 2008

    Steve further elaborates on symmetric ciphers, the workhorses of encryption.

  • S01E126 Listener Feedback #32

    • January 10, 2008

    Steve discusses Treewalkdns.com, OpenDNS, Rijndael encryption Flash animation, Ironkey, and Opera mini security FAQ.

  • S01E127 Corporate Security

    • January 17, 2008

    Steve talks about the challenges of corporate IT security policy and enforcement and the inherent tension between IT security staff and employees.

  • S01E128 Listener Feedback #33

    • January 24, 2008

    Steve talks about the remote code execution exploit of the Microsoft Windows TCP/IP vulnerability and answers your questions.

  • S01E129 Windows SteadyState

    • January 31, 2008

    Steve discusses how network administrators can protect their systems using Windows SteadyState.

  • S01E130 Listener Feedback #34

    • February 7, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E131 FREE CompuSec

    • February 14, 2008

    Microsoft's Super Patch Tuesday, Macintosh updates, Adobe Acrobat exploit, Firefox patch, Vista SP-1, and more.

  • S01E132 Listener Feedback #35

    • February 21, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E133 TrueCrypt v5.0

    • February 28, 2008

    Steve explores whole-drive encryption and details the release of TrueCrypt 5.0.

  • S01E134 Listener Feedback #36

    • March 6, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E135 IronKey

    • March 13, 2008

    Guest: Dave Jevans, CEO of IronKey Steve interviews Dave Jevans of IronKey.

  • S01E136 Listener Feedback #37

    • March 20, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E137 RAM Hijacks

    • March 27, 2008

    Steve breaks down the concept of dynamic RAM hijacking raised by the recent Princeton study.

  • S01E138 Listener Feedback #38

    • April 3, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E139 Network Congestion

    • April 10, 2008

    The logistics of network congestion, network neutrality and prioritized packets.

  • S01E140 Listener Feedback #39

    • April 17, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E141 RSA Conference 2008

    • April 24, 2008

    ClamAV security flaw, ICQ vulnerability, Opera and more.

  • S01E142 Listener Feedback #40

    • May 1, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E143 YubiKey

    • May 8, 2008

    Leo and I delve into the detailed operation of the YubiKey, the coolest new secure authentication device I discovered at the recent RSA Security Conference. Our special guest during the episode is Stina Ehrensvrd, CEO and Founder of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for this cool new technology.

  • S01E144 Listener Feedback #41

    • May 15, 2008

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E145 Secunia's PSI

    • May 22, 2008

    The free vulnerability scanner and update management tool Secunia PSI.

  • S01E146 Listener Feedback #42

    • May 29, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E147 Microsoft's Baseline Security Analyzer

    • June 5, 2008

    Two useful but lesser-known Microsoft security utilities.

  • S01E148 Listener Feedback #43

    • June 12, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E149 ISP Betrayal

    • June 19, 2008

    An overview of next-generation behavioral tracking and profiling systems.

  • S01E150 Listener Feedback #44

    • June 26, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E151 Phracking Phorm

    • July 3, 2008

    How third parties are gaining footholds in ISP facilities in order to access your data.

  • S01E152 Listener Feedback #45

    • July 10, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E153 DePhormed Politics

    • July 17, 2008

    More on the privacy threat from the Phorm system.

  • S01E154 Listener Feedback #46

    • July 24, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E155 Bailiwicked Domain Attack

    • July 31, 2008

    The nuts and bolts of DNS and the DNS cache poisoning attacks.

  • S01E156 Listener Feedback #47

    • August 7, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E157 DNS — After the Patch

    • August 14, 2008

    A follow-up on the serious, and somewhat still present, DNS protocol spoofability flaw.

  • S01E158 Listener Feedback #48

    • August 21, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E159 Vista Security Bypass

    • August 28, 2008

    Black Hat Conference revelations, where Vista's security improvements fall short, and more.

  • S01E160 Listener Feedback #49

    • September 4, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E161 Google's Chrome

    • September 11, 2008

    Steve drills down to determine the security levels offered by Google Chrome.

  • S01E162 Listener Feedback #50

    • September 18, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E163 GoogleUpdate & DNS Security

    • September 25, 2008

    The benefits, challenges, and nuances of secure DNS.

  • S01E164 SockStress

    • October 2, 2008

    Steve explains yet another security flaw in the TCP stack.

  • S01E165 Listener Feedback #51

    • October 9, 2008

    Airport security checks and balances, white knuckle Disney adventures, and the limits of spyware infestations?

  • S01E166 Cross-Site Request Forgery

    • October 16, 2008

    Steve tells you why you must always explicitly log out from banking and other important sites.

  • S01E167 Listener Feedback #52

    • October 23, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E168 ClickJacking

    • October 30, 2008

    Steve discusses clickjacking, aka UI redressing, which tricks users into unintended web-based actions.

  • S01E169 Listener Feedback #53

    • November 6, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E170 The TKIP Hack

    • November 13, 2008

    Why you shouldn't worry about the TKIP crack.

  • S01E171 Listener Feedback #54

    • November 20, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E172 Sandboxie

    • November 27, 2008

    Steve and Leo return to take a much closer look at "Sandboxie", an extremely useful, powerful, and highly recommended Windows security tool they first mentioned two years ago. This time, after interviewing Sandboxie's creator, Ronen Tzur, Steve explains why he is totally hooked and why Leo is wishing it was available for his Macs.

  • S01E173 Listener Feedback #55

    • December 4, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E174 Sandbox Limitations

    • December 11, 2008

    The limitations of sandboxing in preventing the negative impacts of malware.

  • S01E175 Listener Feedback #56

    • December 18, 2008

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E176 Drop My Rights

    • December 25, 2008

    How to use Microsoft's little-known DropMyRights utility for safer browsing.

  • S01E177 Breaking SSL, PDP-8's & UltraCapacitors

    • January 1, 2009

    Breaking SSL, PDP-8s, and Ultracapacitors. Full show notes are available at grc.com.

  • S01E178 Listener Feedback #57

    • January 8, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E179 Cracking Security Certificates

    • January 15, 2009

    How security certificates are created and signed, what they do for us, and the MD5 hash.

  • S01E180 Listener Feedback #58

    • January 22, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E181 Crypto Rehash

    • January 29, 2009

    Steve gives an overview of the major concepts and components of encryption.

  • S01E182 Listener Feedback #59

    • February 5, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E183 Modes of Encryption

    • February 12, 2009

    Windows Update, IE7 Problems, ActiveX and Windows 7 issues, SQL attacks, and more.

  • S01E184 Listener Feedback #60

    • February 19, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E185 Cryptographic HMACs

    • February 26, 2009

    MSFT Autorun updates, FreeBSD telnetd, IE7 critical exploit, Acrobat Reader, and more.

  • S01E186 Listener Feedback #61

    • March 5, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E187 Windows Autorun-around

    • March 12, 2009

    Past and recent problems with Windows Autorun.

  • S01E188 Listener Feedback #62

    • March 19, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E189 Internet Explorer 8

    • March 26, 2009

    Internet Explorer 8 speed benchmarks, cookies, Compatibly Mode, Smart Screen filter, DEP, and more.

  • S01E190 Listener Feedback #63

    • April 2, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E191 GhostNet

    • April 9, 2009

    A look into GhostNet, the alleged Chinese cyber-spying network.

  • S01E192 Listener Feedback #64

    • April 16, 2009

    This mailbag episode discusses new Firefox plugins, Conficker, buffer overflow, and more.

  • S01E193 Conficker

    • April 23, 2009

    Steve analyzes Conficker, the sophisticated worm that has spread to more than 10 million PCs worldwide.

  • S01E194 Listener Feedback #65

    • April 30, 2009

    This mailbag episode covers Conficker, Windows process control, NeXT, Ironkey, and more.

  • S01E195 The SSL/TLS Protocol

    • May 7, 2009

    Steve describes the Internet's most-used security protocol, SSL, now evolved into TLS.

  • S01E196 Listener Feedback #66

    • May 14, 2009

    This mailbag episode includes SSL/TLS, worms-resistant NATs, PDF JavaScript, nuclear power stations running Windows, and more.

  • S01E197 Windows 7 Security

    • May 21, 2009

    Security changes, additions and enhancements to Microsoft Windows 7.

  • S01E198 Listener Feedback #67

    • May 28, 2009

    This mailbag episode includes FASM, scripts, sockets, SSL/TLS, HTTPS, Windows 7's XP mode, and more.

  • S01E199 The Geek Atlas, IPv6 & a non-VPN

    • June 4, 2009

    A good book, the IPv6 protocol, and Steve's secure TCP idea that doesn't use a VPN tunnel.

  • S01E200 Listener Feedback #68

    • June 11, 2009

    In this mailbag episode we discuss IPv6, Non-VPNs, Microsoft ClickOnce, expired SSL certificates, and more.

  • S01E201 SecureZIP

    • June 18, 2009

    The operation, features, and security of PKWARE?s free SecureZIP file archiving and encrypting utility.

  • S01E202 Listener Feedback #69

    • June 25, 2009

    In this mailbag episode we discuss SecureZip, WPA/WPA2, home-grown VPNs, foreign ATMs, and more.

  • S01E203 Boyer & Moore

    • July 2, 2009

    Steve tells of the Bob Boyer and J Strother Moore algorithm for finding a substring in a buffer.

  • S01E204 Listener Feedback #70

    • July 9, 2009

    Our regular mailbag episode with questions and comments from our listeners.

  • S01E205 Lempel & Ziv

    • July 16, 2009

    An examination of Lempel-Ziv data compression, one of the most prevalent computer algorithms of all time.

  • S01E206 Mega Security News Update

    • July 23, 2009

    Security updates in Windows Office, IAS, Virtual PC, Virtual Server, msvid control, and more.

  • S01E207 Listener Feedback #71

    • July 30, 2009

    Steve answers questions on AES-256, iPhone security, TrueCrypt, Firefox privacy, and more.

  • S01E208 Listener Feedback #72

    • August 6, 2009

    Steve answers questions on SSL encryption, 3g security, Trojans, VPNs as infection vectors, and more.

  • S01E209 Vitamin D

    • August 13, 2009

    A rare off-topic discussion about Steve's research into vitamin D.

  • S01E210 Listener Feedback #73

    • August 20, 2009

    Security news and listeners' questions...

  • S01E211 Voting Machine Hacking

    • August 27, 2009

    Steve covers the security implications of electronic voting machines.

  • S01E212 Listener Feedback #74

    • September 3, 2009

    Steve answers questions on iPIG VPN, Flash cookies, firewalls, parents' passwords, and more.

  • S01E213 Cracking GSM Cellphones

    • September 10, 2009

    The inherent insecurities of GSM, the pseudo-random bitstream cipher protecting data on billions of phones.

  • S01E214 Listener Feedback #75

    • September 17, 2009

    Steve addresses feedback on GSM security, cookies, router admin passwords, proxy servers, and more.

  • S01E215 Security Maxims

    • September 24, 2009

    Steve and Leo talk about various security maxims, what they mean, why you should follow them, and more.

  • S01E216 Listener Feedback #76

    • October 1, 2009

    Leo and Steve talk about Microsoft Security Essentials, your questions, and more.

  • S01E217 The Fundamentally Broken Browser Model

    • October 8, 2009

    How SSLs can be spoofed in man-in-the-middle attacks.

  • S01E218 Listener Feedback #77

    • October 15, 2009

    Microsoft ships its biggest update ever, Comcast has its eyes on you, and Steve answers your questions.

  • S01E219 Badly Broken Browsing

    • October 22, 2009

    Why patches are impossible, the Total (In)security virus, and why writing software shouldn't be too easy.

  • S01E220 Listener Feedback #78

    • October 29, 2009

    Microsoft ships its biggest update ever, Comcast has its eyes on you, and Steve answers your questions.

  • S01E221 The Oxymoron of “JavaScript Security”

    • November 5, 2009

    The problem with Javascript and security. Guest John Graham-Cumming says it's the "elephant in your browser."

  • S01E222 Listener Feedback #79

    • November 12, 2009

    We've got the latest security news, including an SSL hack, plus eight great questions from you and Steve's answers...

  • S01E223 A security vulnerability in SSL

    • November 19, 2009

    Steve explains how a serious exploit in SSL works.

  • S01E224 Listener Feedback #80

    • November 26, 2009

    Security news, including the NSA's contributions to Windows 7, iPhone bot nets, plus Steve answers your questions.

  • S01E225 “Same Origin” Troubles

    • December 3, 2009

    Apple fixes security flaws, Ford SYNC SDK, black screen of death, same origin troubles, and more.

  • S01E226 Listener Feedback #130

    • December 10, 2009

    Digital voting goes open source, patch Tuesday news, and Steve answers your questions.

  • S01E227 Cyberwarfare

    • December 17, 2009

    Steve covers what may be the future of conflict, Cyberwarfare.

  • S01E228 Listener Feedback #82

    • December 24, 2009

    Steve responds to questions covering Skype spam, SSL cracking, unencrypted UAV video feeds, free SSL certificates, and more.

  • S01E229 The Rational Rejection of Security Advice

    • December 31, 2009

    A hard look at the costs and benefits of following all security advice.

  • S01E230 Listener Feedback #83

    • January 7, 2010

    This week's questions cover packet flow, hijacking DNS queries, router DNS, Patch Tuesday, and more.

  • S01E231 Mega Security Update & CES Observations

    • January 14, 2010

    Steve catches up with a mega security update, then gives us some of his favorite (wacky) products from CES.

  • S01E232 Listener Feedback #84

    • January 21, 2010

    Steve answers listener questions about live Linux CDs, TrueCrypt RAM encryption, resetting Thomson modem passwords, and more.

  • S01E233 Let's Design a Computer (part 1)

    • January 28, 2010

    Steve explains how computers work by designing one from first principles.

  • S01E234 Listener Feedback #85

    • February 4, 2010

    Internet Explorer as a file system, using Live CDs for security, and Steve takes on the iPad...

  • S01E235 Machine Language

    • February 11, 2010

    For 16kpbs versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

  • S01E236 Listener Feedback #86

    • February 18, 2010

    More flash vulnerabilities, security updates, fake security software, Steve answers your questions, and more.

  • S01E237 Indirection: The Power of Pointers

    • February 25, 2010

    An introduction to the use of "indirection" in computer science, security news, and more.

  • S01E238 Listener Feedback #87

    • March 4, 2010

    Steve answers your questions about webcam privacy, unencrypted data in ram, and more.

  • S01E239 Stacks, Registers & Recursion

    • March 11, 2010

    How stacks, registers and recursion are interrelated, the latest security news, and more.

  • S01E240 Listener Feedback #88

    • March 18, 2010

    Patch Tuesday, Opera vulnerabilities, the RSA conference, RealDVD, and more.

  • S01E241 Hardware Interrupts

    • March 25, 2010

    Steve continues his talk on the foundational technologies of computing. This week: how computers do more than one thing at a time using interrupts.

  • S01E242 Listener Feedback #89

    • April 1, 2010

    Critical updates from Microsoft and Apple, good news for Gmail security, and a warning for nudists...

  • S01E243 State Subversion of SSL

    • April 8, 2010

    Firefox updates, vulnerabilities in .PDFs, Steve's iPad review, SSL/TLS, and more.

  • S01E244 Listener Feedback #90

    • April 15, 2010

    Microsoft security updates, the FCC's jurisdiction on bandwidth shaping, Java flaws, iPhone OS security, the state of SSL security, and more.

  • S01E245 The Security of Open vs CLosed

    • April 22, 2010

    Steve and Leo seriously examine the proven comparative security of open versus closed source and development software, and open versus closed execution platforms.

  • S01E246 Listener Feedback #91

    • April 29, 2010

    Stolen Google source code, GSM hacked, photocopy machine hard drive security, your questions, and more.

  • S01E247 The “Multi”-verse

    • May 6, 2010

    Opera vulnerabilities, Adobe PDF insecurities, malware from the US Treasury, Steve joins Twitter, and more.

  • S01E248 The Portable Dog Killer

    • May 13, 2010

    Patch tuesday, laptop camera surveillance, Yahoo! messenger worm, and more.

  • S01E249 Listener Feedback #92

    • May 20, 2010

    Shockwave issues, Mozilla's plug-in check, weaponized email, hacking cars, your questions, and more.

  • S01E250 Operating Systems

    • May 27, 2010

    Manually updating IrfanView and Free Download Manager, Google wifi litigation, how operating systems work, and more.

  • S01E251 Listener Feedback #93

    • June 3, 2010

    Tabnabbing, Adobe security rumors, iPad data plan changes, your questions, and more.

  • S01E252 RISCy Business

    • June 10, 2010

    Adobe zero-day, overwrought iPad security news, the evolution of computing architectures, and more.

  • S01E253 Listener Feedback #94

    • June 17, 2010

    Mac update, AT&T hijinks, another zero-day vulnerability from Microsoft, Adobe delays pdf fix, your questions, and more.

  • S01E254 What We'll Do for Speed

    • June 24, 2010

    The 25 year legacy of unbelievably complex technologies used in microprocessors to maximize performance.

  • S01E255 Listener Feedback #95

    • July 1, 2010

    Out of cycle Acrobat and Reader updates, Firefox improvements, flawed SSL study, internet kill switch, your questions, and more.

  • S01E256 LastPass

    • July 8, 2010

    Steve thoroughly evaluates LastPass, explains why high-security passwords are necessary, and tells us how LastPass makes storing those passwords secure.

  • S01E257 Listener Feedback #96

    • July 15, 2010

    Chrome update, ClearCloud DNS, Microsoft and Russian camaraderie, LastPass, your questions, and more.

  • S01E258 Five Years of Vulnerabilities

    • July 22, 2010

    Windows shell worm in the wild, Security Essentials 2.0 beta, Secunia's 5-year analysis, and more.

  • S01E259 Listener Feedback #97

    • July 29, 2010

    Firefox mega security update, WPA2 broken?, .LNK viruses in the wild, infected Dell motherboards, your questions and more.

  • S01E260 DNS Rebinding

    • August 5, 2010

    Windows .LNK vulnerability fixed, Google's WiFi "overcollection" in the UK, news from Blackhat, DNS rebinding, and more.

  • S01E261 Listener Feedback #98

    • August 12, 2010

    PayPal discontinues their virtual credit card service, RIM placing servers in Saudi Arabia, Firefox v4 updates silently, your questions and more.

  • S01E262 Strict Transport Security

    • August 19, 2010

    Apple fixes the jailbreak hole, trojans on Android, Strict Transport Security (STS), and more.

  • S01E263 Listener Feedback #99

    • August 26, 2010

    Out-Of-Cycle update from Adobe, Apple security update, binary planting, Spanair 2008 crash, your questions, and more.

  • S01E264 Side-Channel Privacy Leakage

    • September 2, 2010

    Consequences of the web not being designed for privacy, including non-consensual user tracking.

  • S01E265 Listener Feedback #100

    • September 9, 2010

    Fix-It for .dll hijack, danger from applications changing the working directory, first successful 64-bit Windows root kit, your questions, and more.

  • S01E266 Inside OAuth

    • September 16, 2010

    Microsoft's 2nd Tuesday update, new 0-day vulnerabilities in Adobe, Firefox fixes, "Stuxnet" worm, delegated access through OAuth, and more.

  • S01E267 Listener Feedback #101

    • September 23, 2010

    Flash update, Microsoft ASP .NET problem, HDCP master key leak, Twitter "OnMouseover" XSS flaw, your questions, and more.

  • S01E268 CryptoSystem Backdoors

    • September 30, 2010

    New 0-day for Windows, HDCP decryption software, Stuxnet & Iran, COICA, cryptography systems and backdoors for law enforcement, and more.

  • S01E269 Listener Feedback #102

    • October 7, 2010

    Adobe Acrobat patched, RIM and India going 'round & 'round, Comcast VS. Bot, and more.

  • S01E270 The Evercookie

    • October 14, 2010

    Microsoft breaks Patch Tuesday update record, Facebook adds OTPs and remote signout, What is The Evercookie?, and more.

  • S01E271 Listener Feedback #103

    • October 21, 2010

    Microsoft reports on Java exploits, new Adobe Reader will sandbox, feedback from MSRT, your questions, and more.

  • S01E272 Firesheep

    • October 28, 2010

    Mozilla and Real Player updates, Firefox 0-day, Wall Street Journal tracking and privacy series, session hijacking for the rest of us, and more.

  • S01E273 Listener Feedback #104 & The FireStorm

    • November 4, 2010

    Firesheep firestorm, Flash 0-day exploit in the wild, another iPhone lock screen bypass, your questions, and more.

  • S01E274 Benchmarking DNS

    • November 11, 2010

    Second Tuesday updates, critical Outlook fix, Android risks, Google expands "bug bounty", GRC's DNS Benchmark, and more.

  • S01E275 Listener Feedback #105

    • November 18, 2010

    Big Apple update, IE6/7 0-day unpatched, infected Chinese cell phones, Stuxnet's probable target, your questions, and more.

  • S01E276 Testing DNS Spoofability

    • November 25, 2010

    Safari update, HTTPS Everywhere, FBI wants to wiretap the Internet, comprehensive DNS spoofability test, and more.

  • S01E277 Listener Feedback #106

    • December 2, 2010

    New WIndows kernel vulnerability, Wikileaks siprnet, Vitamin D findings, your questions, and more.

  • S01E278 Tag Me (with RFID)

    • December 9, 2010

    Windows 7 SP1 reaches RC level, Google Chrome v8.0 released, What is SHIELD?, How to keep track of people using RFID tags, and more.

  • S01E279 Listener Feedback #107

    • December 16, 2010

    Microsoft's December security updates, backdoor in BSD, WikiLeaks DDoS, your questions, and more.

  • S01E280 Bluetooth

    • December 23, 2010

    OpenBSD discredits backdoor, weak net neutrality, compromised site warnings from Google, Bluetooth in depth, and more.

  • S01E281 The Portable Dog Killer, Encore

    • December 30, 2010

    An encore presentation of an enlightening story from Steve's past.

  • S01E282 Listener Feedback #108

    • January 6, 2011

    Microsoft acknowledges IE problem, hacking GSM phones, Stuxnet update, your questions, and more.

  • S01E283 Bluetooth Hacking

    • January 13, 2011

    Cross Fuzz, warrantless cell phone searches, Obama's "Unified Internet Identity", flavors of bluetooth hacking, and more.

  • S01E284 Listener Feedback #109

    • January 20, 2011

    Israel and US teamed up on Stuxnet, global IPv6 test coming, your questions, and more.

  • S01E285 Fuzzy Browsers

    • January 27, 2011

    Google awards first "Elite" security award, Facebook SSL and HTTPS, unprivileged work e-mail, stress testing browsers, and more.

  • S01E286 Listener Feedback #110

    • February 3, 2011

    Gingerbread data disclosure vulnerability, SourceForge hack, IPv4 depletion, zero-day attacks no more, your questions, and more.

  • S01E287 BitCoin CryptoCurrency

    • February 9, 2011

    Firefox adds "Do Not Track", Verizon alters web content, McAfee on Mobile Malware, BitCoin, and more.

  • S01E288 Listener Feedback #111

    • February 17, 2011

    A critical Microsoft vulnerability, The differences between open and closed source software, A number of questions around BitCoin, and more.

  • S01E289 Proxied Surfing

    • March 17, 2011

    After catching up with the week's security updates and other security-related news, Steve and Leo discuss the many modes of operation of "Proxied Web Surfing" which are used to bypass firewalls and Internet filters, aid free speech, and alter the contents of web pages retrieved from the Internet.

  • S01E290 Listener Feedback #112

    • March 3, 2011

    Windows 7 service pack 1 is out, Apple's Thunderbolt security, Facebook's HTTPS security turns itself off, and more.

  • S01E291 Stuxnet

    • March 10, 2011

    The anatomy of Stuxnet, plus Pwn2Own is underway meaning updates from Apple, Google, Microsoft, and more.

  • S01E292 Listener Feedback #113

    • March 17, 2011

    The consequences of Pwn2Own, Issues around the Japanese earthquake, reverse DNS, and more.

  • S01E293 IE9

    • March 24, 2011

    Internet Explorer 9, RSA Security comprimised, India versus Blackberry, and more.

  • S01E294 Listener Feedback #114

    • March 31, 2011

    Fraudulent SSL certificates, RSA SecurID breach update, Real Player vulnerability, your questions, and more.

  • S01E295 The Comodo SSL Breach

    • April 7, 2011

    RSA SecurID Break-in, YubiHSM, Epsilon security breach, DNT gets traction, and more.

  • S01E296 Listener Feedback #115

    • April 14, 2011

    64 fixes from Microsoft, Another Flash exploit, Wordpress hacked, your questions, and more.

  • S01E297 Pass-Sentences??

    • April 21, 2011

    iOS location tracking, Pass phrase security, Dropbox authentication, and more.

  • S01E298 Listener Feedback #116

    • April 28, 2011

    Sony Playstation Network breach, Mobile tracking, Disc Drive steganography, your emails, and more.

  • S01E299 Going Random (1)

    • May 5, 2011

    Firefox and Chrome updates, Apple tracks differently, Bin Laden's security, relying on randomness, and more.

  • S01E300 Listener Feedback #117

    • May 12, 2011

    Reasons you should change your Facebook password right now, Zero Day, a new Do Not Track bill, and more.

  • S01E301 Going Random (2)

    • May 19, 2011

    DIY Malware kite for Mac, Protect IP act, Achieving true randomness, and more.

  • S01E302 Listener Feedback #118

    • May 26, 2011

    Mac Defender malware, Sony's continuing security woes, Android vulnerability patched by Google, your questions, and more.

  • S01E303 Password Haystacks

    • June 2, 2011

    Making passwords memorable AND uncrackable, More on Mac Defender, Lockheed Martin breach, and more.

  • S01E304 Listener Feedback #119

    • June 9, 2011

    RSA SecurID token replacement, Sony breaches continue, your questions, and more.

  • S01E305 Ghostery

    • June 16, 2011

    Website surveillance monitoring and blocking, IMF breach, commercial bank fraud liability, and more.

  • S01E306 Listener Feedback #120

    • June 23, 2011

    Malware stealing Bitcoins, Dropbox security, WordPress hacked, your questions, and more.

  • S01E307 The Future of Identity

    • June 30, 2011

    LulzSec says farewell, cost of Citigroup attack, National Institute of Standards and Technology, and more.

  • S01E308 Listener Feedback #121

    • July 7, 2011

    Dropbox TOS update, Microsoft's Skype intercept patent, evaluating LulzSec, your questions, and more.

  • S01E309 How the Internet Works, Part 1

    • July 14, 2011

    Steve explains how the internet works with three basic principles, plus security updates, security news, and more.

  • S01E310 Listener Feedback #122

    • July 21, 2011

    iOS updates, careers in computer security, randomness in cryptography, your questions, and more.

  • S01E311 Anatomy of a Security Mistake

    • July 28, 2011

    Apple iOS Certificate, Passware, dissecting the crypt_blowfish bug, and more.

  • S01E312 Listener Feedback #123

    • August 4, 2011

    We find a way to keep Tor from being censored, KISSmetrics's sneaky cookie and your questions answered by Steve.

  • S01E313 How The Internet Works: ICMP & UDP

    • August 11, 2011

    Adobe patches galore, a deep look at ICMP and UDP, and more.

  • S01E314 Listener Feedback #124

    • August 18, 2011

    Tons of Firefox news, Gizmodo off the hook, lot's of questions, and more.

  • S01E315 Off The Grid

    • August 25, 2011

    Caesar Cipher, Playfair Cipher, going off the grid and more.

  • S01E316 Listener Feedback #125

    • September 1, 2011

    Google's fraudulent SSL Certificate, Pakistan bans encryption software, your questions, and more.

  • S01E317 TCP Part 1 – Getting Connected

    • September 8, 2011

    DigiNotar mega-update, DNS hack of NetNames, TCP demystified, and more.

  • S01E318 Listener Feedback #126

    • September 15, 2011

    More on DigiNotar, GlobalSign security breach, your questions, and more.

  • S01E319 Certificate Authority (CA) Trust - Time to Change it?

    • September 22, 2011

    DigiNotar bankruptcy, SSL weakness discovered, alternatives to the CA Hierarchy Model, and more.

  • S01E320 Listener Feedback #127

    • September 29, 2011

    Kindle Fire and the Silk browser, MySQL breach, your questions, and more.

  • S01E321 The Beauty of B.E.A.S.T.

    • October 5, 2011

    HTC not sandboxing Android data, phishing on the rise, Browser Exploit Against SSL/TLS, and more.

  • S01E322 Listener Feedback #128

    • October 12, 2011

    Fighter drone's malware infection, Germany deliberately installing malware on traveller's computers, your questions and Steve's answers.

  • S01E323 TCP Pt.2 - Attacking TCP

    • October 19, 2011

    Details on the Silk browser, Google encrypted search, TCP attacks, and more.

  • S01E324 Listener Feedback #129

    • October 26, 2011

    Two Internets, Stuxnet variant "DuQu", Spanning Tree Protocol, your questions, and more.

  • S01E325 TCP Pt.3 - Necessary Refinements

    • November 2, 2011

    Certificate authorities compromised, BT to block Newzbin, Mac OSX Bitcoin mining malware, "Bytes in Flight", and more.

  • S01E326 Listener Feedback #81

    • November 9, 2011

    DuQu worm, remote code execution kernel vulnerability, Adobe abandons Flash for mobile, your questions, and more.

  • S01E327 Internet Privacy Update

    • November 16, 2011

    Firefox 8, SOPA, Kindle Fire first look, and more.

  • S01E328 Listener Feedback #131

    • November 23, 2011

    SOPA, SCADA hacked, Kindle Fire extended review, your questions, and more.

  • S01E329 Browser ID

    • November 30, 2011

    Comparing Mozilla's BrowserID to other security technologies, Android malware, Malvertising, and more.

  • S01E330 Listener Feedback #132

    • December 7, 2011

    DNSCrypt Beta for Mac, Zeus banking trojan, Carrier IQ, your questions, and more.

  • S01E331 Mega Security News Update

    • December 14, 2011

    Microsoft, Adobe, and Carrier IQ security news, and more.

  • S01E332 Listener Feedback #133

    • December 21, 2011

    Background updates of IE, more on Carrier IQ, your questions, and more.

  • S01E333 Science Fiction Holiday Special

    • December 28, 2011

    Firefox 9, SOPA, Sci-Fi movie and book recommendations, and more.

  • S01E334 Listener Feedback #134

    • January 4, 2012

    Microsoft's Out-Of-Cycle patch, FISA constitutionality, your questions, and more.

  • S01E335 Wi-Fi Protected (In)Security

    • January 9, 2012

    Simple Secure Wifi isn't very secure, password recovering charger, WPA cracker, and more.

  • S01E336 Listener Feedback #135

    • January 18, 2012

    Zappos customer data breach, Slow Motion DDoS, your questions, and more.

  • S01E337 WPS: A Troubled Protocol

    • January 25, 2012

    Forcing laptop decryption, GPS tracking now requires a warrant, DNS poisoning, and more.

  • S01E338 Listener Feedback #136

    • February 1, 2012

    Google's privacy policy changes, Region's lost 401k data, pcAnywhere source stolen years ago, your questions, and more.

  • S01E339 “ScriptNo” for Chrome

    • February 8, 2012

    NSTIC update, webcam nightmare, a NoScript-like extension for Chrome, and more.

  • S01E340 Listener Feedback #137

    • February 15, 2012

    SSL's public key encryption, pcAnywhere, Google Wallet, your questions, and more.

  • S01E341 Can “Anonymous” Take Down the Internet?

    • February 22, 2012

    The iOS cookie incident, whether Anonymous might take down the Internet, and more.

  • S01E342 Listener Feedback #138

    • February 29, 2012

    HTML video copy protection, protection against forced decryption, Yubico "Nano", your questions, and more.

  • S01E343 HTTP & SPDY

    • March 6, 2012

    LulzSec leader betrays Anonymous , how a site can know your social networks, comparing HTTP to SPDY, and more.

  • S01E344 Listener Feedback #139

    • March 14, 2012

    6th annual Pwn2Own, Microsoft's noisy 2nd Tuesday, Wikipedia transfer from GoDaddy complete, your questions, and more.

  • S01E345 Buffer Bloat

    • March 21, 2012

    Buffer Bloat on the internet, NSA Super-Super Computer Center, Apache Server Status information leakage, and more.

  • S01E346 Listener Feedback #140

    • March 28, 2012

    Ten great answers and questions, buffer bloat, security news, and more.

  • S01E347 iOS Password Mis-Managers

    • April 4, 2012

    Global Payments card processor breach, Apple holds security key for iCloud, iPhone passcode exploit, and more.

  • S01E348 Listener Feedback #141

    • April 11, 2012

    Flashback infects 670,000 Macs, safety of Safari password storage, Windows Defender Offline, your questions, and more.

  • S01E349 Cloud Solutions

    • April 19, 2012

    Steve gathers up all the cloud storage solutions and gives us his review.

  • S01E350 Twitter Feedback Q&A #142 / Cloud Security

    • April 25, 2012

    During this special Q&A episode, Iyaz and I host an entirely Twitter-driven Q&A episode, caused by the flurry of interest created by last week's focus upon Cloud Storage Solutions. After catching up with the week's security-related events, we zip through 21 tweets, then focus upon and examine the security architecture of one controversial and popular cloud storage provider: Backblaze.

  • S01E351 Three Hybrid Cloud Solutions

    • May 2, 2012

    After catching up with the week's news and Twitter feedback, Leo and I closely examine three remote cloud storage solutions whose Crypto was done COMPLETELY right, Offering full TNO (Trust No One) security. And one of them makes me (Steve) wish I were a Mac user!

  • S01E352 Listener Feedback #143

    • May 9, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E353 DMARC - eMail Security

    • May 16, 2012

    After catching up with the week's news, Steve and Leo look at the state of the slow but sure and steady progress being made to tighten up the Internet's eMail security. Since spoofing and phishing continue to be huge problems, these problems continue to command the attention of the Internet's largest commerce, financial, and social networking domains. The good news is: There's good reason for hope!!

  • S01E354 Listener Feedback #144

    • May 23, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E355 Poking Holes in TCP

    • May 30, 2012

    Steve and Leo tackle two new and interesting threats to Internet security. First, the newly discovered “Flame” / “Flamer” / “Skywiper” malware dwarfs Stuxnet and Duqu in capability and complexity. Then they examine the work of two University of Michigan researchers who have detailed a collection of new ways to attack the TCP protocol. They inject malicious content into innocent web pages and add malicious links to online chats.

  • S01E356 Listener Feedback #145

    • June 6, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E357 Flame On!

    • June 13, 2012

    This week, after catching up with a large amount of the week’s news, Leo and I carefully examine two major new discoveries about the Windows Flame worm.

  • S01E358 Listener Feedback #146

    • June 20, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E359 Coddling Our Buffers

    • June 27, 2012

    After catching up with a few items of security and privacy news, Leo and I return to the Internet's "Buffer Bloat" problem to share the new solution “CoDel” (pronounced “coddle”) that has been developed by several of the Internet's original and leading technologists and designers.

  • S01E360 Listener Feedback #147

    • July 11, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E361 Paul Vixie & DNS Changer

    • July 18, 2012

    After catching up with the week's security news, Leo and I take a close look at the recent “DNS Changer” malware, the FBI's role in the “takedown” of the malicious servers, and the expert technical assistance provided by Paul Vixie, one of the pioneers and principal developers of the Internet's Domain Name System (DNS).

  • S01E362 Listener Feedback #148

    • July 25, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E363 Ali Baba's Cave

    • August 1, 2012

    After catching up with an eventful week of security news, Leo and I explore a variant of the story of “Ali Baba's Cave” as a means for clearly explaining the operation and requirements of cryptographic Zero-Knowledge Interactive Proofs.

  • S01E364 Mat Honan's Very Bad Weekend

    • August 8, 2012

    After catching up with an eventful week of security news, Leo and I describe and explore the details of the “epic hack” that recently befell well-known technology writer Mat Honan.

  • S01E365 Listener Feedback #149

    • August 15, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E366 Password Cracking Update: The Death of “Clever”

    • August 22, 2012

    After catching up with a collection of miscellaneous and interesting security-related news, Leo and I take a close look at the long-term consequences of the many massive password leakages which have occurred. The upshot? Hackers are getting MUCH better at cracking passwords, and “clever” techniques can no longer be regarded as safe.

  • S01E367 What a Busy Week!

    • August 29, 2012

    We have so much security news and information to cover this week that we didn’t have time to take questions from our listeners. What we have, instead, is a LOT of interesting news about the new Java vulnerabilities, new TNO cloud storage solutions, and lots more.

  • S01E368 Listener Feedback #150

    • September 5, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E369 Internet Identity Update

    • September 11, 2012

    After catching up with an eventful week of security news, Leo and I step back for an overview and discussion of the slowly evolving state of the art in Internet Identity Authentication.

  • S01E370 Mark Russinovich & Other News

    • September 19, 2012

    We begin the week with a visit with our distinguished guest, Mark Russinovich, late of Sysinternals and now with Microsoft. Mark joins us to chat about the release of his second security thriller, “Trojan Horse,” and to share some of his view of the security world.

  • S01E371 Listener Feedback #151

    • September 26, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E372 NFC - Near Field Communications

    • October 3, 2012

    After catching up with just a tiny bit of security news (it was a very quiet week in security), Leo and I take the podcast's first-ever comprehensive look at the emerging and increasingly popular NFC (Near Field Communications) technology, which is now present in tens of millions of cell phones and other mobile and fixed-location devices.

  • S01E373 Listener Feedback #152

    • October 10, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E374 ECC - Elliptic Curve Cryptography

    • October 17, 2012

    After catching up with the week's most important security news, Leo and I wind up our propeller-cap beanies, right to the breaking point of their springs, in order to obtain enough lift to examine and explore the operation of ECC - Elliptic Curve Cryptography - the next-generation public key cryptography technology.

  • S01E375 Listener Feedback #153

    • October 24, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E376 Fully Homomorphic Encryption

    • October 31, 2012

    This week, after failing to find much in the way of interesting security news, Leo and I make up for that by introducing the concept of “Fully Homomorphic Encryption,” which allows encrypted data to be operated upon WITHOUT it first being decrypted, and results remain encrypted.

  • S01E377 Listener Feedback #154

    • November 7, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E378 Microsoft: Security, Privacy & DNT

    • November 14, 2012

    After catching up with an interesting and varied grab-bag of security news and paraphernalia, Tom and I further examine the controversy surrounding Microsoft's decision to enable the Do Not Track (DNT) "signal" header in IE10, and share some insights gained from a recent Microsoft Executive VP Keynote presentation about exactly this issue.

  • S01E379 Listener Feedback #155

    • November 21, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E380 DTLS - Datagram Transport Layer Security

    • November 28, 2012

    After catching up with lots of interesting security news, updates on Steve's Acoustic Dog Training project, and lots of other miscellany, Leo and I examine a recently developed and increasingly popular Internet security protocol, DTLS, which combines the advantages of UDP with SSL security.

  • S01E381 Listener Feedback #156

    • December 5, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E382 QR Codes

    • December 12, 2012

    After catching up with the week's news, Leo and I take a deep dive into the technology of the ever-more-ubiquitous “QR Codes” which are popping up everywhere and are increasingly being used, not only for good, but with malicious intent.

  • S01E383 Listener Feedback #157

    • December 19, 2012

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E384 Once Upon a Time

    • December 26, 2012

    For this special year-end holiday edition of Security Now!, I dug down deep into my video archives, taking back 22 years, to 1990, to share a 45-minute presentation I gave, once upon a time, on the inner workings of the “megabyte-sized” hard disk drives that gave birth to the PC industry.

  • S01E385 Listener Feedback #158

    • January 2, 2013

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E386 Disconnect WidgetJacking

    • January 9, 2013

    After catching up with a very busy week of interesting security news and events, Leo and I examine the growing privacy and security problems created by the ever more pervasive social widgets - Facebook's LIKE button, Google's +1, Twitter's Tweet!, and others - and they offer an easy-to-use free solution!

  • S01E387 Listener Feedback #159

    • January 16, 2013

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E388 Memory Hard Problems

    • January 23, 2013

    After catching up with a bunch of fun and interesting news of the week, Leo and I examine the future of anti-hacking password scrambling and storage with the introduction of “Memory Hard Problems,” which are provably highly resistant to massive hardware acceleration.

  • S01E389 Listener Feedback #160 & UPnP Exposure Disaster

    • January 30, 2013

    Leo and I discuss the week's major security events—and the disastrous news of 81 million exposed vulnerable routers!—discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E390 “Mega” Security Overview

    • February 6, 2013

    After covering “UPnP a week later” and catching up with some interesting security industry happenings, Leo and I take a look into the controversy surrounding the security (or lack thereof) of Kim Dotcom's new “Mega” cloud storage offering.

  • S01E391 Listener Feedback #161

    • February 13, 2013

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E392 The Internet Underworld

    • February 20, 2013

    We first converse with today's special guest, Brian Krebs, who for many years wrote for the Washington Post and is now publishing his own “Krebs on Security” blog. Our topic is “The Internet Underground.” After that, we catch up with a somewhat busy and interesting week in Internet security.

  • S01E393 Listener Feedback #162

    • February 27, 2013

    Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

  • S01E394 Tor 2.0

    • March 6, 2013

    Evernote resets 50 million passwords, Oracle issues emergency JAVA update, Tor's updated operation, and more.

  • S01E395 Your Questions, Steve's Answers 163

    • March 13, 2013

    More JAVA vulnerabilities, more Flash vulnerabilities, DNT and IE10, your questions, and more.

  • S01E396 Telnet-pocalypse

    • March 20, 2013

    Bitcoin, Carna Botnet, Krebs DDoS'd, distributed hash tables, and more.

  • S01E397 Your Questions, Steve's Answers 164

    • March 27, 2013

    Apple authentication, FBI and Real-Time interception, your questions, and more.

  • S01E398 Distributed Hash Tables

    • April 3, 2013

    COX is blocking UPnP, "Darkleech", poor Comcast JavaScript, Distributed Database technology, and more.

  • S01E399 Your Questions, Steve's Answers 165

    • April 10, 2013

    Comcast's Blocked Ports, Verizon DSL begins to NAT it's users, VUDO, your questions, and more.

  • S01E400 VPN Solutions

    • April 17, 2013

    Wordpress botnet, another JAVA update, CRAPCHAs, Virtual Private Networks, and more.

  • S01E401 Your Questions, Steve's Answers 166

    • April 24, 2013

    Another JAVA flaw, Google Street View data collection in Germany, Malware in Google Play Apps, and more!

  • S01E402 BitTorrent Sync

    • May 1, 2013

    Security news, "BitTorrent Sync", and more.

  • S01E403 Your Questions, Steve's Answers 167

    • May 8, 2013

    Quantum Internet, BT tests IP address sharing, Syria on the Internet, your questions, and more.

  • S01E404 How Facebook Monetizes

    • May 15, 2013

    iPhone cracking for law enforcement, New Yorker opens an anonymous dead-drop system, Syria dropped off the Net again, and more.

  • S01E405 Your Questions, Steve's Answers 168

    • April 22, 2013

    New Firefox cookie policy, Skype snooping, your questions, and more.

  • S01E406 Off the Record with OTR

    • May 29, 2013

    Login with Amazon, Google to update SSL certificates, anatomy of a hack, and more.

  • S01E407 Your Questions, Steve's Answers 169

    • June 5, 2013

    Car door lock mystery, Zeus Trojan on Facebook, your questions, and more.

  • S01E408 The State of Surveillance

    • June 12, 2013

    Diving deep and defining NSA's PRISM data collection, and more.

  • S01E409 Your Questions, Steve's Answers 170

    • June 19, 2013

    More on PRISM, the business of secretive communication, your questions, and more.

  • S01E410 Interesting Intel History

    • June 26, 2013

    Snowden leaks continue, Firefox 22, Project Chess, and more.

  • S01E411 Your Questions, Steve's Answers 171

    • July 3, 2013

    Snowden leaks continue, Firefox 22, Project Chess, and more.

  • S01E412 SSL and Perfect Forward Secrecy

    • July 10, 2013

    A creepy PRISM thought, a defense against it, a big Microsoft patch Tuesday, and more.

  • S01E413 How Much Tinfoil?

    • July 17, 2013

    Microsoft handing NSA encrypted messages, Feds disinvited to Def Con, and more.

  • S01E414 Inflection Points

    • July 24, 2013

    Department of Homeland Security overreaction, Feds want master encryption keys, Apple's dev site hacked, and more.

  • S01E415 Your Questions, Steve's Answers 172

    • July 31, 2013

    XKeyscore, SkyDrive looking for a new name, Megamos Crypto, your questions, and more.

  • S01E416 Black Hat, TOR and more

    • August 7, 2013

    Firefox 23, Twitter multi-factor auth improvements, NSA Director's bad time at Black Hat, and more.

  • S01E417 Your Questions, Steve's Answers 173

    • August 14, 2013

    Lavabit, Silent Circle, Android and BitCoin, your questions, and more.

  • S01E418 Considering PGP

    • August 21, 2013

    Steve and Leo cover the consequences of the Snowden leaks and, with that in mind, they examine the Pretty Good Privacy (PGP) system for encrypting email and attachments.

  • S01E419 Your Questions, Steve's Answers 174

    • August 28, 2013

    Kim Dotcom's secure email solution, Wickr, Cackle, Hemlis, your questions, and more.

  • S01E420 BitMessage

    • September 4, 2013

    NSA and USA in the doghouse, New Zealand bans software patents, more JAVA trouble, and more.

  • S01E421 The Perfect Accusation

    • September 11, 2013

    LastPass and the NSA, MyOpenID, Patch Tuesday, NSA versus encryption, and more.

  • S01E422 Your Questions, Steve's Answers 175

    • September 18, 2013

    Social media monitoring at school, unpatchable Java 6 exploits, IPv6 subversion, and more.

  • S01E423 Fingerprint Biometrics

    • September 25, 2013

    NSA-influenced code and backdoors, iOS7 flaws, TouchID, and more.

  • S01E424 SQRL

    • October 2, 2013

    Fingerprints are usernames, BitTorrent Chat, Steve's practical replacement for website usernames and passwords, and more.

  • S01E425 SQRL and Q & A 176

    • October 9, 2013

    Secure QR Login followup, Lavabit defied the FBI, Microsoft's second Tuesday, your questions, and more.

  • S01E426 SQRL: Anti-Phishing and Revocation

    • October 16, 2013

    Two new valuable features of SQRL, Internet Governance Project, Lavabit, and more.

  • S01E427 A Newsy Week

    • October 23, 2013

    Google's “Project Shield”, CryptoSeal, CryptoLocker, Shumway, and more.

  • S01E428 Your Questions, Steve's Answers 177

    • October 30, 2013

    Firefox 25, LinkedIn Intro, CryptoLocker, SQRL, your questions, and more.

  • S01E429 Monkey Was 26th

    • November 6, 2013

    TrueCrypt Audit, Google versus the NSA, LastPass update, and much more news.

  • S01E430 Your Questions, Steve's Answers 178

    • November 13, 2013

    Microsoft TIFF 0-day flaw, lots of Bitcoin happenings, your questions, and more.

  • S01E431 What is RADIUS?

    • November 20, 2013

    Security news, the coin wallet idea, why does proXPN allow only twelve characters, Steve explains RADIUS, and more.

  • S01E432 Coin, Patent Trolls, and More

    • November 27, 2013

    Following another week overfilled with interesting security-related news, Steve and Leo spend an hour and a half diving deeply into an updated (and likely very close to correct) understanding of the COIN payment card, news on the CryptoLocker front, a close look at a patent troll case that has so far done the wrong way, and much more.

  • S01E433 Breaking SSL

    • December 4, 2013

    A closer look at "BULLRUN", the NSA's code name for their Encryption Cracking initiative, TL Warp Drive, and more.

  • S01E434 Your Questions, Steve's Answers 179

    • December 11, 2013

    Patch Tuesday, Firefox 26, NSA and Google cookies, your questions, and more.

  • S01E435 Your Questions, Steve's Answers 180

    • December 18, 2013

    All things NSA, Acoustic Crypto Key leakage, FIDO Alliance and SQRL, your questions, and more.

  • S01E436 Time Traveling with Steve

    • December 25, 2013

    Steve opens up his archives to show some of his first appearances with Leo on the Screen Savers.

  • S01E437 New Year's News Catchup

    • January 7, 2014

    We talk about the NSA and ANT protocols, more CryptoLocker news, the SnapChat leak of names and phone numbers, and more.

  • S01E438 NSA's ANT

    • January 14, 2014

    After catching up with another busy week of security news, we dive into the amazing NSA ANT documentation to learn about the NSA's field capabilities.

  • S01E439 Your Questions, Steve's Answers 181

    • January 21, 2014

    Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes.

  • S01E440 Your Questions, Steve's Answers 182

    • January 28, 2014

    More point-of-sale malware news, overtrain Apple's TouchID for reliability, BlueTooth LE's pairing is "just broken" and more.

  • S01E441 Password Policies

    • February 4, 2014

    Steve and Leo examine research performed by Dashlane (makers of a password manager). They have researched and presented the current state of the Top100 web retailer's password policies.

  • S01E442 Q&A 183

    • February 11, 2014

    Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes.

  • S01E443 Sisyphus

    • February 18, 2014

    Steve's original plan to explain Google's terrific innovations in web performance, known as "QUIC" were derailed by the overwhelmingly worrisome security news, so this week's podcast is pure, and rather sobering, news of the week.

  • S01E444 Goto: Fail

    • February 25, 2014

    Goto: Fail, Apple's SSL screw up, WhatsApp TOS change, Telegram, Mt. Gox & Bitcoin, and more!

  • S01E445 Your Questions, Steve's Answers 184

    • March 4, 2014

    Was the iOS SSL flaw done on purpose? NSA spying on Yahoo users' webcams, Steve makes a shocking admission about Windows XP, and more!

  • S01E446 iOS Security (1)

    • March 11, 2014

    Snowden's SXSW appearance, SQRL coming in 34 languages, the deepest look yet into Apple's iOS security, and more!

  • S01E447 iOS Security (2)

    • March 18, 2014

    More "XP Armageddon", PwnToOwn, cloud storage costs plummet, and more!

  • S01E448 iOS Security (3)

    • March 25, 2014

    An important Fix-It for a new 0-day vulnerability in Microsoft Word, has WPA2 Wi-Fi been cracked? iOS security part 3, and more.

  • S01E449 Your Questions, Steve's Answers 185

    • April 1, 2014

    The NSA / Dual_EC_DRBG flaw is worse than we knew, is Google's Always HTTPS for Gmail a bad thing? A quick WiFi password install for iPhones, and more.

  • S01E450 How the Heartbleeds

    • April 8, 2014

    The end of updates for Windows XP, AnyDVD, the Heart Bleed Bug, and more.

  • S01E451 TrueCrypt & Heartbleed Part 2

    • April 15, 2014

    The previous week consisted of nearly a single story: Heartbleed. It was only "nearly", though, because we also received the results from the first phase of the TrueCrypt audit.

  • S01E452 Your Questions, Steve's Answers 186

    • April 21, 2014

    Ladar Levinson's appeal ruling, Google could bring end-to-end encryption to the masses, Jailbreaking iOS and more!

  • S01E453 Certificate Revocation

    • April 29, 2014

    Internet Explorer 0-day flaw, a new look for Firefox v29, what do we do when good certificates go bad? And more!

  • S01E454 Certificate Revocation, Part 2

    • May 6, 2014

    OpenID and OAuth vulnerability rediscovered, US Gov begins testing Universal CyberID, certificate revocation part 2: how practice follows theory, and more!

  • S01E455 Your Questions, Steve's Answers 187

    • May 13, 2014

    Microsoft's 2nd Tuesday patches, the Certificate Authority Security Council weighs in on Chrome's revocation solution, the appeal decision in Oracle vs. Google, and more!

  • S01E456 Harvesting Entropy

    • May 20, 2014

    Steve and Leo examine the practical size of randomness and the challenge of collecting Entropy in a client that may not have any built-in support for providing it, and may also be surrounded by active attackers.

  • S01E457 Your Questions, Steve's Answers 188

    • May 27, 2014

    During this week's Q&A we host a special guest, industry veteran and ISP, Brett Glass, who shares his views on the confusing Network Neutrality debate. We also catch up with the past week's security news and answer 10 questions and comments from our listeners.

  • S01E458 TrueCrypt: WTH?

    • June 3, 2014

    Steve and Leo look back upon and analyze the past seven days of insanity which followed the startling surprise "self-takedown" of the long standing TrueCrypt.org website, and of TrueCrypt itself.

  • S01E459 Your Questions, Steve's Answers 189

    • June 10, 2014

    Google's browser-based PGP, more OpenSSL troubles, iOS8 thwarts tracking? And Steve answers your questions!

  • S01E460 Authenticated Encryption

    • June 17, 2014

    Steve and Leo discuss the need for, and the Internet industry's search for, new standards for "Authenticated Encryption" which simultaneously encrypts messages for privacy while also authenticating them against any active in-flight tampering.

  • S01E461 Your Questions, Steve's Answers 190

    • June 24, 2014

    The EFF wants internet users to open up their Wi-Fi networks, BoringSSL, Google to start offering domains, and more.

  • S01E462 Cloud Storage Solutions

    • July 1, 2014

    Paypal's security misfires, serious Android crypto key theft vulnerability affecting 86% of devices, and we announce and launch the beginning of a multi-part podcast series which will examine and analyze the many current alternatives for securely (TNO) storing our files "in the cloud."

  • S01E463 Your Questions, Steve's Answers 191

    • July 8, 2014

    Microsoft's Patch Tuesday & they fumble a takedown, Oracle ends XP's Java, Cloud Storage Solutions update and more!

  • S01E464 Your Questions, Steve's Answers 192

    • July 15, 2014

    Three Internet of Things standardization groups, Google hires a team of hackers for "Project Zero," Has CryptoLocker been neutralized? And more!

  • S01E465 iOS Surveillance?

    • July 22, 2014

    Level3 responds to Verizon's network congestion chart, Canvas Fingerprinting, Microsoft Research says not to use strong passwords? And more!

  • S01E466 Your Questions, Steve's Answers #193

    • July 29, 2014

    iOS v7 HAS been Jailbroken, iOS Backdoors and Canvas Fingerprinting, WhisperSystems' truly secure "Redphone" comes to iPhone as "Signal", Android found not to be checking certificate chains, Clarification in the Verizon vs Level3 argument, and Q&A #193.

  • S01E467 Browser Password Managers

    • August 5, 2014

    HP's recent analysis of the (lack of) security in "Internet of Things" appliances, BadUSB, Steve's analysis of browser-based password managers, and more!

  • S01E468 Your Questions, Steve's Answers 194

    • August 12, 2014

    BadUSB follow-up, LastPass outage, Google to prioritize websites with HTTPS, and more!

  • S01E469 Big Routing Tables

    • August 19, 2014

    Who can access your digital assets after death? HTTP Shaming, last week's internet outage, and more!

  • S01E470 Your Questions, Steve's Answers 195

    • August 26, 2014

    "Autonomous" vs. "Anonymous", Sony's Playstation Network DDoS attack, the first confirmed Heartbleed intrusion and more.

  • S01E471 PGP: Time for an Upgrade?

    • September 2, 2014

    The iCloud iBrute iHack, more consumer Wi-Fi router security troubles, encrypting email... with PGP? And more!

  • S01E472 Your Questions, Steve's Answers 196

    • September 9, 2014

    The Home Depot breach, Comcast gets pretty intrusive, Google declares war on the SHA-1 hash and more!

  • S01E473 Google vs. SHA-1

    • September 16, 2014

    Comcast versus TOR, a big Linked-In mistake, a serious pre-KitKat Android problem and more!

  • S01E474 Your Questions, Steve's Answers 197

    • September 23, 2014

    Apple's iOS 8 security, Google and Dropbox team up in a new venture, encrypting some data versus all data, and more!

  • S01E475 Shocked by the Shell

    • October 1, 2014

    After covering a very busy and interesting past week of security and privacy news, Father Robert and Steve explain, examine, and dig down deep into the many fascinating details of the worst-ever, two-decade old, latent and pervasive Internet bug known as "ShellShock."

  • S01E476 Your Questions, Steve's Answers 198

    • October 7, 2014

    JP Morgan Chase and the largest breach yet, Yahoo!'s servers hit by ShellShock, BadUSB exploit code posted to Github, and your Q&A!

  • S01E477 Payment Tokenization

    • October 14, 2014

    A new Windows 0-day exploit, rumor of a pending SSLv3 flaw and Steve analyzes the next evolution in online payment technology which replaces traditional credit card numbers with "Payment Tokens."

  • S01E478 Poodle Bites

    • October 21, 2014

    FBI director wants Congress to fix phone encryption, Google adds Yubikey 2nd-factor authentication, and is there anything to worry about Poodle?

  • S01E479 Your Questions, Steve's Answers 199

    • October 28, 2014

    Apple Pay vs. CurrentC, Verizon (and AT&T) inserting a sticky cookie, RC4 gets an upgrade tweak, and listener feedback!

  • S01E480 Your Questions, Steve's Answers 200

    • November 4, 2014

    CurrentC already hacked, a serious OSX Yosemite vulnerability, is your TV watching you? And your questions!

  • S01E481 Certificate Transparency

    • November 11, 2014

    Microsoft's Mega Patch Tuesday, Obama wants to reclassify ISPs as telecommunications carriers, verifying a website's authenticity with certificates and more.

  • S01E482 Your Questions, Steve's Answers 201

    • November 18, 2014

    Dirtboxes spying on cellphones, an update for AT&T and Verizon's Cellular Super-Cookie, worries about BitTorrent Sync's security and privacy, and your questions!

  • S01E483 Let's Encrypt

    • November 25, 2014

    Intelligence gathering malware Regin, the Edward Snowden documentary Citizenfour, upcoming Certificate Authority Let's Encrypt and more.

  • S01E484 Your Questions, Steve's Answers 202

    • December 2, 2014

    Firefox v34, iOS 8 bugs, how to safely report a vulnerability and more of your questions.

  • S01E485 Expensive Lessons

    • December 9, 2014

    Poodle Bites (again!), TURLA - an APT (Advanced Persistent Threat) targeting Linux, and very expensive lessons learned from Target and Sony's recent security breaches.

  • S01E486 Your Questions, Steve's Answers 203

    • December 16, 2014

    Chrome UX changes in 2015, a Las Vegas casino struck hard by a cyberattack, the ethics of disclosing illegally obtained content, your questions and Steve's answers!

  • S01E487 Steve Introduces SQRL

    • December 23, 2014

    Steve Gibson introduces and explains Secure Quick Reliable Login (SQRL), Steve's proposal for a replacement for website passwords at DigiCert Security Summit 2014 in Las Vegas.

  • S01E488 The (In)Security of 2014

    • December 30, 2014

    Who hacked Sony? Apple deploys their first forced-update, Snowden docs revealing NSA headaches, and a look back on a busy 2014 for security!

  • S01E489 Your Questions, Steve's Answers 204

    • January 6, 2015

    The HSTS Super-Cookie, "ThunderStrike," CryptoLocker's successor, and questions from listeners!

  • S01E490 The Enigma

    • January 13, 2015

    Lizard Squad's DDoS network largely powered by SOHO Routers, Google abandons pre-v4.4 Android Updates, and British Prime Minister David Cameron proposes outlawing communications that the government cannot eavesdrop on.

  • S01E491 Cryptographic Backdoors

    • January 20, 2015

    Why the President was sure it was North Korea, a few Sci-Fi recommendations from Steve, and separating fact from fiction about Cryptographic Backdoors.

  • S01E492 Your Questions, Steve's Answers 205

    • January 27, 2015

    The Firefox Marketplace, Google takes a bite out of Apple too, Apple agrees to a Chinese audit of their product security, and your questions!

  • S01E493 TOR: Not so Anonymous

    • February 3, 2015

    Regin's apparent heritage, Bad Linux "GHOST" vulnerability, and how TOR may not be so anonymous after all.

  • S01E494 Your Questions, Steve's Answers 206

    • February 10, 2015

    Adobe's multiple Flash patches, the U.S. Government announces a cyber threat integration center, the latest on the Anthem breach, and Steve answers listener questions!

  • S01E495 HTTP/2

    • February 17, 2015

    Leo and Steve catches up with several VERY interesting security events and stories of the week, then we take a close look and a deep dive into the operation of the industry's first change in the official HTTP protocol in 15 years -- the finalization and emergence of the HTTP/2 IETF specification which significantly streamlines web browser and web server interaction.

  • S01E496 Your Questions, Steve's Answers 207

    • February 24, 2015

    Leo and Steve discuss the week's major security events, including the revelation of the Lenovo crapware "Superfish," the joint GCHQ/NSA Gemalto attack which rendered cellular phones insecure, and Steve answers more of your questions!

  • S01E497 Hacking Vehicles

    • March 3, 2015

    Leo and I discuss the week's tamer-than-usual news, then we host a terrific interview of the team (recently featured on Sunday's 60 Minutes) who have been working with DARPA to address the challenge of hardening high-tech networked vehicles -- autos and UAVs -- against malicious hacking attacks.

  • S01E498 Freak & RowHammer

    • March 12, 2015

    Steve and Leo catch up with several VERY interesting security events and stories of the week, then we take a deep dive into two of the week's big security stories: FREAK and RowHammer.

  • S01E499 Your Questions, Steve's Answers 208

    • March 17, 2015

    A look at the new TeslaCrypt, Yahoo! to eliminate passwords, InstantCryptor and Steve answers your questions!

  • S01E500 Secure Boot

    • March 24, 2015

    An iPhone/iPad 4-digit PIN hack, the recent Pwn2Own hacking competition, and Steve takes a look at the evolution of booting from BIOS to UEFI and how Microsoft has leveraged this into their "Windows Secure Boot" system.

  • S01E501 Your Questions, Steve's Answers 209

    • April 1, 2015

    The ongoing GitHub/GreatFire.org DDoS attack, a bad vulnerability discovered in hotel/convention center/visitor routers, a detailed analysis of 10 million passwords and your questions!

  • S01E502 The TrueCrypt Audit

    • April 7, 2015

    CNNIC's Root CA cert to be removed from Chrome, Microsoft to change handling of Do Not Track, the "After Market" for IPv4 address space is heating up, and Steve looks at the findings of the TrueCrypt Audit.

  • S01E503 Your Questions, Steve's Answers 210

    • April 14, 2015

    The EFF wins its Podcast Patent Challenge, an update on CNNIC's root certificates, the Mac "Rootpipe" vulnerability, more viewer questions and Steve's Answers!

  • S01E504 Great Firewalls & Cannons

    • April 21, 2015

    TrueCrypt audit follow up, Google search history dump, and Steve Gibson and Leo Laporte take a close look at the mechanisms China has developed - both filtering and offensive weaponry - to provide for their censorship needs and to potentially attack external internet targets.

  • S01E505 Your Questions, Steve's Answers 211

    • April 28, 2015

    Wi-Fi access points can crash iOS devices, CryptoWall installed via malicious ads for two months, thoughts about ad blocking, and Steve answers your questions!

  • S01E506 Law Enforcement Backdoors

    • May 5, 2015

    The "Pixie Dust" failure of WPS, disabling RC4, Mozilla putting on the pressure to phase out HTTP, two very different and well thought out statements about law enforcement backdoors.

  • S01E507 Your Questions, Steve's Answers 212

    • May 12, 2015

    Appeals court rules that sweeping up Americans' data is illegal, Europe's Smart Grid crypto is dumb, SSD on-the-shelf data retention, your questions and Steve's answers!

  • S01E508 Exploiting Keyless Entry

    • May 19, 2015

    Starbucks discovers the downside of convenience over security, the "Venom" vulnerability, and a look at how crooks are ransacking and stealing cars.

  • S01E509 TLS Logjam

    • May 26, 2015

    Let's Encrypt's Terms of Service, more on "plane hacker" Chris Roberts, a major new vulnerability in the Internet's TLS protocol known as "Logjam," and more!

  • S01E510 Your Questions, Steve's Answers 213

    • June 2, 2015

    Crashing (your friends') iPhones, a worrisome Mac firmware problem, Microsoft annoying and/or frightening users with unsolicited "Win10 upgrade" offers, Google's Vault and Soli projects, and your questions and Steve's answers!

  • S01E511 Your Questions, Steve's Answers 214

    • June 9, 2015

    Patch Tuesday, Federal backdoor development funding, a real HDD firmware bootkit, iOS v9, your questions and Steve's answers!

  • S01E512 Mozilla Tracking Protection

    • June 16, 2015

    Steve Gibson and Leo Laporte discuss Firefox's Tracking Protection and the state of tracking users on the internet. The LastPass network breach, more bad news from the Office of Personnel Management, did China & Russia obtain and decrypt Snowden's document cache? And examining the revelations about the current state of Internet user tracking arising from Mozilla's Firefox tracking protection instrumentation.

  • S01E513 Your Questions, Steve's Answers 215

    • June 23, 2015

    How does a buffer overflow lead to an exploit? A significant cross-application security flaw in Mac OS X and iOS, the Samsung keyboard flaw, how safe is your Lastpass master password, transmitting sensitive data to "tech-unsavvy people", and more of your questions with Steve's answers!

  • S01E514 Tor’s Astoria Client

    • June 30, 2015

    Should we trust NoScript? Adobe issues an emergency out-of-cycle patch for FLASH, an update to Google's Chrome browser unnerves some, an AM radio that steals nearby Crypto keys, a truly fabulous site of privacy tools, a look at recent research into improving the privacy delivered to users of the Tor network.

  • S01E515 A Crazy News Week!

    • July 7, 2015

    Steve Gibson talks about his concerns of "Wi-Fi Sense" on Windows 10, a feature that shares your Wi-Fi password with your contacts in Facebook, Outlook and Skype. Firefox v39, ICANN's WHOIS privacy policy, a new old DDoS attack protocol in use, Amazon rolls their own TLS stack, ARIN runs out of IPv4 space, Italy's Hacking team gets hacked... with a surprise in the disclosed data! Juicy new details about the NSA's XKEYSCORE and international spying, Windows 10 gets privacy-worrisome "WiFi Sense" facility, and more!

  • S01E516 Hacking Team vs. SQRL

    • July 14, 2015

    Steve Gibson revisits SQRL with Fr. Robert Ballecer. More Hacking Team revelations including another Adobe Flash exploit and a UEFI rootkit, OpenSSL's latest problem, another plea to the government from encryption experts, even worse news from the OPM breach, an updated look at SQRL and more!

  • S01E517 Your Questions, Steve's Answers 216

    • July 21, 2015

    Steve loses his T1, the official SQRL logo, Auto hacking matures from "connect" to "Internet", Microsoft's emergency out-of-cycle update, Progress in attacking RC4, and more of your questions with Steve's answers!

  • S01E518 HORNET: A Fix For TOR?

    • July 28, 2015

    A significant Android problem is found in the "StageFright" module, with almost a billion Android devices at risk. Fiat/Chrysler hacking follow-up, the Android "StageFright" flaw, the security practices of experts vs. non-experts, Major DMCA news, the Anti-Phishing Working Group's Global Phishing Survey, the right way to silence the Windows 10 upgrade pesterings, and what is HORNET?

  • S01E519 The Windows 10 Privacy Tradeoff

    • August 4, 2015

    Steve Gibson analyzes Windows 10's privacy settings. StageFright update, a DNS vulerability in BIND, PagerDuty suffered a database breach, OSX has a somewhat worrisome 0-day in the wild, NoScript versus Sandboxie, and examining what we know of the Windows 10 privacy tradeoff.

  • S01E520 The Quest for Surfing Safety

    • August 11, 2015

    Steve Gibson and the search for safely navigating the internet. StageFright Watch, Windows 10 Tracking disable tool, was TrueCrypt decrypted by the FBI? Firefox vulnerability, and Steve's search for a low-hassle solution for safely browsing the danger-filled World Wide Web.

  • S01E521 Security Is Difficult

    • August 18, 2015

    Steve Gibson and Leo Laporte discuss the distressing state of online web advertising. Two steps forward, one step back for Android StageFright, new Windows 10 privacy concerns, high profile malvertising surfaces, Kaspersky, Lenovo, HTC and AT&T each in their own doghouses and more!

  • S01E522 Your Questions, Steve's Answers 217

    • August 25, 2015

    What is the best way to securely wipe a drive? Lenovo BIOS behavior retraction and update, ransomware file encryptor appears on Github, consequences of the growing intersection of life and the Internet, the need for physical security and Hilary's email server, and Steve answers your questions!

  • S01E523 uBlock Origin

    • September 1, 2015

    Steve Gibson and Leo Laporte look at uBlock Origin, an add-on blocker for web browsers. Running Firefox as a "normal" user, malvertising hits MSN, Amazon & Google tighten up on Flash, Windows 7& 8 quietly get new and unwanted features, Dave Winer: "Mac OS is spyware too," and Steve Gibson goes over the features of uBlock Origin.

  • S01E524 Your Questions, Steve's Answers 218

    • September 8, 2015

    How is data stored on glass platters used in hard drives? Seagate Wi-Fi drive nightmare, AdBlock plus releases adblocking browsers on the eve of iOS 9, Android phones now coming with pre-installed malware, your questions and Steve's answers!

  • S01E525 Disconnect.me

    • September 15, 2015

    Steve Gibson talks with co-founder and CTO of Disconnect, a privacy and security tool to block trackers. Has LastPass been hacked? Matthew Green's look at iMessage's assurances, Canary Tokens, Let's Encrypt issues first certificate, and a discussion with Patrick Jackson, co-founder and CTO of Disconnect..

  • S01E526 iOS Content Blockers

    • September 22, 2015

    iOS XcodeGhost, critical Adobe FLASH update, Ashley Madison password mystery. iOS XcodeGhost discovered by Chinese developer, critical Adobe Flash update, AVG begin selling browsing and search history to advertisers, Cisco routers in at least 4 countries infected by stealthy backdoor, 11+ million Ashley Madison passwords cracked, VW & Audi recall after EPA hack programming.

  • S01E527 Your Questions, Steve's Answers 219

    • September 29, 2015

    Listener and columnist for ComputerWorld Michael Horowitz found that Lenovo's ThinkPad line still monitors and tracks users. Time to migrate away from TrueCrypt? AdBlocker App update, Thinkpad is, sadly no longer "clean", new concerns over Anti Virus add-on utilities and Steve answers your questions!

  • S01E528 Breaches & Vigilante Worms

    • October 6, 2015

    Linux.Wifatch is a piece of code that behaves like a worm, has infected vulnerable routers, removes malware and secures the router. Breaches at Patreon, Experian & Scottrade, Stagefright 2, Linux.Wifatch: The Router Vigilante Worm, problems with VeraCrypt, Anrdroid Marshmallow's major security improvements and more!

  • S01E529 Joe Siegrist of LastPass

    • October 13, 2015

    Joe Siegrist talks with Steve Gibson and Leo Laporte about the recent news that LogMeIn has purchased LastPass. Joe Siegrist and the LastPass acquisition, Patch Tuesday, another dent in SHA-1, U.S. Government plans not to force "cryptotapping"... for now and Steve answers your questions!

  • S01E530 Doing It Wrong

    • October 20, 2015

    Steve Gibson takes a look at four companies getting security wrong. An emergency Adobe FLASH vunerability, sneaking naughty iOS apps pas Apple's scrutiny and a look at four examples (from this week) of companies getting security wrong.

  • S01E531 Your Questions, Steve's Answers 221

    • October 27, 2015

    Is it time to drop TrueCrypt for VeraCrypt? 1Password metadata, revisited, bad Western Digital hard drive encryption, how the NSA is seeing into encrypted data, an update on the "Let's Encrypt" project, the future of the beleaguered SHA-1 hash and Steve answers your questions!

  • S01E532 Verifying iOS App Conduct

    • November 4, 2015

    Steve Gibson explores the fundamental problem with iOS application security enforcement. Brief glitch with uBlock Origin in the Chrome store, Symantec screws up cert issuance, "the Hacking Team" returns, Tor Messenger, US and UK take differing cybersecurity paths, a clever new browser fingerprinting hack, JavaScript (ECMAScript) 6 peek, Threema gets an independent audit and the disconcerting result of Steve's analysis of iOS application vetting.

  • S01E533 Your Questions, Steve's Answers 222

    • November 10, 2015

    A variant of the ransomware "Power Worm" can not be decrypted even after the ransom is paid. China's new hiring problem, Firefox v42 update, don't pay the "Power Worm" ransomware, CAs mis-issuing banned certificates, Microsoft rethinks their January 1st 2017 SHA-1 cutoff date, and Steve Gibson answers your questions!

  • S01E534 Encryption and the Law

    • November 17, 2015

    The post-Paris Encryption controversy. Leo and Steve discuss a wide range of security news, Steve's feelings about the new iPad Pro, lots of interesting bit of miscellany, and we then revisit the newly controversial question of Internet encryption which has been raised with great emphasis after last week's terrorist attacks in Paris.

  • S01E535 Your Questions, Steve's Answers 223

    • November 24, 2015

    Dell, Lastpass, Windows 10, and Q&A with Steve. Dell steps in it big time, Windows 10's various recent struggles, a report of the Manhattan DA's office about Smartphone Encryption, various updates and miscellany including an Errata, ten listener thoughts, and questions!

  • S01E536 Your Questions, Steve's Answers 224

    • December 1, 2015

    A security researcher finds 600,000 Arris cable modems have two backdoor vulnerabilities. A Follow up on last week's thoughts on warranted iPhone unlocking, Mozilla's life after Google, Arris cable modems in the doghouse, Blackberry says no to a large government, another nail in the Adobe Flash coffin, and Steve answers more viewer questions!

  • S01E537 A Mega News Week

    • December 8, 2015

    France considers counter-terrorism measures such as blocking TOR and public Wi-Fi. Microsoft's Patch Tuesday (and Adobe Flash mega patch Tuesday!) Microsoft's new moves to force Windows 10 onto unwanting users, even bigger trouble for Dell, and trouble for AOL and Lenovo, Let's Encrypt public beta goes live, what did President Obama mean on Sunday? Perhaps France is (over)reacting? The Republic of Kazakhstan paves a worrisome path, ISIS releases an app for Android, CryptoWall gets even worse and more!

  • S01E538 Your Questions, Steve's Answers 225

    • December 15, 2015

    A security researcher exposes 13 million MacKeeper user data using the Shodan search engine. Is Kazakhstan's new encryption law a preview of future U.S. policy? FBI chief asks tech companies to stop offering end-to-end encryption, 13 million MacKeeper user's data exposed, Cloudflare, Facebook and others compromise on SHA-1 sunsetting, Google to deprecate one of Symantec's root certificates, major expoit in Bell Canada's routers reveal WPA2-PSK, Wired thinks it has unmasked Satoshi Nakamoto... maybe not, a suspected hit and run driver caught in Florida after car called the cops, Telegram cryptanalysis, and Steve answers possibly the coolest question he's ever been asked for a Q&A!

  • S01E539 Your Questions, Steve's Answers 226

    • December 22, 2015

    Should password length be kept a secret? The stunning Juniper router backdoor, Oracle gets smacked by the U.S. Federal Trade Commission, what happens if you simply press backspace 28 times at a Linux password prompt? WhatsApp briefly banned in Brazil, Hillary's call for a Manhattan-style effort on encryption, a recent audit provides an updated snaptshot of the state of web privacy, Microsoft increases the GWX controversy and Steve answers your questions!

  • S01E540 Vitamin D

    • December 29, 2015

    This special episode from 2009 featured a rare off-topic discussion about Steve Gibson's research into vitamin D. This episode was originally recorded with audio only.

  • S01E541 New Year's News

    • January 5, 2016

    A look back at security vulnerability counts of 2015. Some GWX (Get Windows X) news updates, a Windows 10 market share snapshot, hysteria over Windows 10 disk encryption, Google issues critical updates for recent Android versions, ransomware goes multi-platform with JavaScript, the next IoT Wi-Fi standard is ratified, smartwatch side-channel attacks, IPv6 adoption at its 20 year mark and more!

  • S01E542 Your Questions, Steve's Answers 227

    • January 12, 2016

    How can LastPass' Emergency Access be TNO? TrendMicro drastically lowers the bar on "you're doing it wrong", Symantec issues banned SHA-1 certs in 2016, Firefox backs off from disallowing newly issued SHA-1 certs in 2016, a sad day has finally arrived for Windows XP Embedded SP3, how LastPass v4.0's new Emergency Access feature can be TNO, and more!

  • S01E543 LostPass

    • January 19, 2016

    Steve Gibson analyzes the ShmooCon presentation on "LostPass" and LastPass' response. Major Internet of Things news: Ring Doorbell, Webcams, Wi-Fi passwords in the cloud, more malvertising in the news, a major internet appliance backdoor discovered, New York State Assembly Bill about phone encryption, more Microsoft and Windows 10 news and the ShmooCon presentation of the LastPass phishing hack.

  • S01E544 Your Questions, Steve's Answers 228

    • January 26, 2016

    How do I know that I am on the most secure connection with a VPN? More on the consumer encryption fight, a smartphone updating lawsuit, a new web compression standard, a website that (deliberately) crashes iOS, a new Firefox and Steve answers your questions!

  • S01E545 Three Dumb Routers

    • February 2, 2016

    Steve Gibsons guide to using multiple routers for a secure network. Java is finally leaving the browser, Google's February Nexus Android update, the ongoing encryption debate, and Steve talks about how to set up a secure network for all your devices with no less than three dumb routers. GRC.com: NAT Router Security Solutions - https://www.grc.com/nat/nat.htm

  • S01E546 Router Q&A Follow-Up

    • February 9, 2016

    Steve Gibson looks at a severe vulnerability in eBay's online sales platform that could be the "hack of the decade." iOS Error 53 and an interesting Apple 3rd party service conundrum, Comodo's crummy Cromodo browser, a new Google search safely feature, an interesting audit of Windows 10 after enabling all privacy features, Steve's experience with GWX and a new Windows 7 install, the amazing clever hack of the decade, and Steve answers three listener follow-up questions from last week's "Three Dumb Routers" episode.

  • S01E547 GRC is DOWN

    • February 16, 2016

    Steve Gibson details how vulnerable websites can be to attacks. Steve and Leo talk about what is happening to the grc.com website and how a DDoS attack brings down a website.

  • S01E548 DDoS Attack Mitigation

    • February 23, 2016

    Steve Gibson on what has happened in the last week since the DDoS attack on GRC.com. Apple vs the FBI, Linux Mint, more Comodo bad news, Hollywood Presbyterian Medical Center pays Crypto ransom, Glibc flaw follow-up, Error 53 follow-up and Steve details everything that has transpired since last week's "GRC is Down" episode.

  • S01E549 Your Questions, Steve's Answers 229

    • March 1, 2016

    Steve Gibson tries to find a formal definition of a "backdoor." The ongoing Apple iPhone battle, iPhone passcode length helps a lot! So does not running as Admin under Windows, local network scanning tools, and Steve answers your questions!

  • S01E550 CacheBleed

    • March 8, 2016

    Steve Gibson takes a look at the CacheBleed attack. A brief Apple decryption dispute update, the first Mac OS X ransomware strikes, will quantum computing mean the end of encryption? Verizon gets a barely noticeable slap on the wrist, Facebook missed a huge security hole, next-gen fingerprint spoofing with an inkjet printer, John McAfee, RSA, a wonderfull Let's Encrypt milesotone, and a look at the CacheBleed attack.

  • S01E551 Your Questions, Steve's Answers 230

    • March 15, 2016

    Storing encrypted information in the cloud. Encryption - dispute or dispute? A specific IoT nightmare example, BleepingComputer gets sued and asks for help, a new and horrifying DDoS attack amplifier, Microsoft pushes Windows 10 even harder and Steve answers your questions!

  • S01E552 D.R.O.W.N.

    • March 22, 2016

    Steve Gibson takes a closer look at the D.R.O.W.N. vulnerability & attack (and why security is hard!). FBI postpones today's court hearing, Matthew Green and four students poked a hole in iMessage, another side channel attack against mobile devices, massive malvertising campaign hits many major sites, Levovo back in the dog house... again! 2016 Pwn2Own competition results, Android StageFright module even more unsafe than believed, and a closer look at the D.R.O.W.N. vulnerability & attack.

  • S01E553 Too Much News

    • March 29, 2016

    Steve Gibson unveils his free tool to hold off that Windows 10 update: Never10! U.S. says it has unlocked the iPhone without Apple, California Assembly Bill AB-1681, was TrueCrypt originally created by an international arms dealer? A major flaw in the StartSSL Certificate Authority, two more hospitals hit with ransomware, a problem found in the SAMBA protocol, good news on the IoT device setup front, GRC's Never10 freeware, and Steve gives details on his new monster PC!

  • S01E554 Your Questions, Steve's Answers 231

    • April 5, 2016

    IoT: Whose "lifetime" is a lifetime subscription? A quiet week gives us a chance to catch up on some listener feedback, a few words of caution about jumping in to the IoT gadget world too soon, Bruce Schneier on the FBI/Apple outcome, a bit of miscellany (some of it is amazing), ten great observations, comments and questions from our listeners.

  • S01E555 WhatsApp

    • April 12, 2016

    Steve Gibson analyzes the Open Whisper "Signal" protocol that has been integrated into WhatsApp. BadLock, the latest draft of the Burr/Feinstein encryption bill, the iPhone FBI hack update, a worrisome architectural problem in Mozilla's Firefox extension handling, HTTPS gets a BIG new supporter, at least tens of thousands of commercial CCTV DVRs can be remotely hacked, Amazon is (was) selling a malware-infected Webcam system, and the results of Steve's deep dive into the security of WhatsApp.

  • S01E556 SMTP STS

    • April 19, 2016

    A look at SMTP STS: a new specification to add Strict Transport Security (STS) to email. 60 Minutes expose' on the inter­provider SS7 signalling system, the future appears black for BlackBerry, quicksand for QuickTime, what was found in the decrypted San Bernardino phone, Threema vs WhatsApp vs Signal, and a look at SMTP STS: a new specification to add Strict Transport Security (STS) to email.

  • S01E557 Your Questions, Steve's Answers 232

    • April 26, 2016

    Let's Encrypt certificate issuance update, the Net Snowden effect, the cost to unlock an (empty) iPhone, a clever AppLocker bypass to run any program, Opera's built in VPN announcement, TeslaCrypt ransomware updated again, fake DDoS extortionists, the U.S. launches first-ever public Cyberbomb at ISIS, DNSSEC and another reason to choose Hover and Steve answers your questions!

  • S01E558 Bit Con

    • May 3, 2016

    The U.S. Congress passed a new eMail privacy act, Edward Snowden and Fareed Zakaria debate, the still unresolved fingerprint question, Android's continuing troubles with "Stagefright", Brazillian judge shuts down WhatsApp for three days, will the real Satoshi Nakamura please stand up? And Steve answers more of your questions!

  • S01E559 Dumb SmartThings

    • May 10, 2016

    Today's Mega Patch Tuesday for Windows, closing the chapter on Dr. Craig Wright, Lenovo, Microsoft and Qualcomm all in separate doghouses, another fun bit on Curl bashing, the unintended consequences of "Terrorist Math," the Temperfect Mug finally arrives and a look at Samsung's not ready for prime time SmartThings.

  • S01E560 Z­-Wave Goodbye

    • May 17, 2016

    Steve's long love affair with Windows, the Oracle/Google JAVA API lawsuit, the pending registration of "burner" phones, surveillance microphones found in public areas, John McAfee and team cracks WhatsApp encryption? The Ring Doorbell may need another update, a security-related Kickstarter which Security Now listeners would never fall for, a controversial feature being removed from Windows 10, a worrisome and exploitable heap corruption in the popular 7-Zip application and a look a the Z-Wave Home Automation system.

  • S01E561 Your Questions, Steve's Answers 234

    • May 24, 2016

    A surprising end to the Teslacrypt file encrypting malware, Google's plan to continue squeezing Flash off the web, anyone want 117 million (old) LinkedIn email messages and passwords? They're for sale. News of the technology underlying Google's new Allo messaging system, save Firefox and Steve answers listener questions!

  • S01E562 IoT Infancy (1)

    • May 31, 2016

    Over-the-top Feinstein-Burr encryption bill dies in the Senate, Google's fair use API defense prevails, Google's increasing pressure on its Android partners, Bluecoat Systems obtains an Intermediate CA cert from Symantec/Verisign, the insecurity of add-on laptop bloatware and custom updating software, a promised update on SQRL and Rapid7's sobering analysis of Internet-connected baby monitors.

  • S01E563 IoT Infancy (2)

    • June 7, 2016

    A "Reality-Check" timeout, a new 0-day Windows exploit on the market, a truly horrifying (and clever) chip-level exploit, yesterday's monthly Android Security Update, a sad side-effect of the GWX push, the LinkedIn breach apparently bites Mark Zuckerberg, Facebook plans to offer optional encryption for Messenger, five things that give self-driving cars headaches, a follow-up on SQRL's authentication management and some truly horrifying details of internet-connected baby monitor implementations.

  • S01E564 Your Questions, Steve's Answers 235

    • June 14, 2016

    BlueCoat Systems gets a new parent, a bad Chrome bug you never knew you had, prolific hacker "Peace" has another 51 million account credentials to sell, LetsEncrypt's mass emailer reveals a fun bug, Visual Studio 2015 C++ compiler secretly inserts telemetry code into binaries and Steve answers your questions!

  • S01E565 Control-Flow Enforcement Technology (CET)

    • June 21, 2016

    Palantir got owned - in a good way, confirmation of the danger of SMS as a 2nd factor, a frightening IoT camera experience, some confusion over the GotoMyPC full password reset, the machine under the machine: do our systems have a designed-in rootkit? And Steve takes a deep dive into Intel's forthcoming anti-hacking Control-Flow Enhancement Technology!

  • S01E566 Your Questions, Steve's Answers 236

    • June 28, 2016

    One Windows update was expensive for Microsoft, a troubling court ruling about FBI hacking, hope for slow Windows 7 updates, Comodo dops to a new low level of slimy behavior, malware moves to pure JavaScript, stealing data by spinning your computer fans, a worrisome flaw found in most NetGear routers, and Steve answers your questions!

  • S01E567 Hacking Certificates

    • July 5, 2016

    Leo and I catch up with another packed week of security news, including an update on mobile ransomware, the successful extraction of Android's full disk encryption (FDE) master keys, Google's Tavis Ormandy finds horrific flaws in all Symantec traffic analyzing software, a Brazilian judge is at it again with WhatsApp, this week's IoT horror story, some miscellany and errata, and finally a look at a horribly flawed attempt to copy Let's Encrypt automation of free SSL certificate issuance.

  • S01E568 Your Questions, Steve's Answers 237

    • May 12, 2016

    Facebook Messenger adds "Secret Conversations", Putin vs. the Internet, the fate of Russian-based VPN endpoints, Russian hackers compromising iOS devices, Steve's follow-up to the Lenovo SMM hack, is sharing your Netflix password illegal? Post-quantum crypto testing in Chrome, reconsidering anti-virus add-ons, Pokemon Go woes, a possible defense against CryptoMalware and Steve answers five viewer questions from Twitter.

  • S01E569 Messenger, CryptoDrop & Riffle

    • July 19, 2016

    Leo and I catch up with a fun and interesting week of security happenings, including a bit of daylight on the password sharing question, the trouble with self reporting security breaches, trouble in TOR-land, what future AI assistants mean for our privacy, a terrific looking new piece of security monitoring freeware, a startlingly worrisome 20-year-old fundamental Windows architectural design flaw, a problem with Juniper router's OS certificate validation, some errata, a bunch of miscellany, and the promised follow-up dissection of Facebook Messenger's extra features, the anti-ransomware CryptoDrop, and MIT's "Riffle" anonymity enforcing networking solution.

  • S01E570 Your Questions, Steve's Answers 238

    • July 26, 2016

    Apple gets Stagefright, is Russia trying to influence the U.S. presidential election? Microsoft's battles and wins against U.S. privacy overreach, Grace Hopper (who coined the term "software bug") brilliantly demonstrates "a nanosecond", a bug-fix update to pfSense, a "doing it weird" look at the CUJO security appliance, and Steve answers your questions!

  • S01E571 Phishing & Filtering

    • August 2, 2016

    Keysniffer: More fun with wireless keyboards. LastPass vulnerabilities, new wireless keyboard headaches, deprecating SMS as a second authentication factor, obtaining Windows 10 for free after July, the pervasive problem with website spoofing, and the power and application of multi-interface packet filtering.

  • S01E572 Defcon & Blackhat (1)

    • August 9, 2016

    Does ZFS "Scrub" on a FreeNAS replace SpinRite? A distressing quantity of Win10 news, Apple's changing bug bounty policy, newly disclosed Android takeover flaws, yet another way to track web visitors, hackers spoof Tesla auto sensors, Firefox and LastPass news, a19-year old stubborn decision by Microsoft comes home to roost, and a handful of new problems found with HTTP.

  • S01E573 Memory & Micro Kernels

    • August 16, 2016

    Did Microsoft really leak their secure boot "Golden Key?" AdBlock, unblock, counter-unblock, and counter-counter-unblock is well underway, Leo's story from the field about Avast A/V, a "security is hard to do" mistake in an update to the Internet's TCP protocol, Microsoft's evolving Windows Update policies, an uber-cool way for developers to decrypt and inspect their Firefox and Chrome local TLS traffic, trouble with Windows Identity leak mitigation, and discussion of micro kernels and Intel's forthcoming memory breakthrough!

  • S01E574 Routers & Micro Kernels

    • August 23, 2016

    Did the Shadow Brokers hack the NSA's Equation Group? Apple's bug bounty gets quickly outbid, a critical flaw discovered in the RNG of GnuPG, the EFF weighs in on Windows 10, Chrome browser is frightening people unnecessarily, a Johns Hopkins team of cryptographers, including Matthew Green, disclose a weakness in Apple's iMessage technology, unused router hardware capabilities, what's a "Micro Kernel?" And more!

  • S01E575 Pegasus & Trident

    • August 30, 2016

    The FBI has found evidence that two state election systems were attacked and hacked. Dropbox and Opera handle incidents responsibly, while a Chinese certificate authority could not have been more irresponsible. Facebook and WhatsApp announce an information sharing arrangement, the FBI discloses election site hacking, Tavis prepares DashLane and 1Password vulnerability disclosures, the threat of autonomous weapon systems and Wi-Fi router radio wave spying, the details behind Pegasus and Trident, the emergency Apple iOS v9.3.5 patch and more!

  • S01E576 Flip Feng Shui

    • September 6, 2016

    Weaponizing RowHammer with "Flip Feng Shui" - the most incredibly righteous and sublime hack... ever! The continuing woes of WoSign, autonomous micro-recon drones turn out to be real, a new crypto attack on short block ciphers prompts immediate changes oin OpenVPN and OpenSSL, introducing a new Security Now! Abbreviation: "YAWTTY": Yet Another Way To Track You, a discouraging social engineering experiment, another clever USB attack and a look at the weaponizing of RowHammer with "Flip Feng Shui" - the most incredibly righteous and sublime hack... ever!

  • S01E577 Your Questions, Steve's Answers 239

    • September 13, 2016

    Is secure delete still necessary on a drive with whole disk encryption? Flip Feng Shui follow-up, Apple's announcements, Android's rough week, a bank's data center shuts down due to noise, Bluetooth device privacy leakages, and Steve answers your questions! We invite you to read our show notes.

  • S01E578 GRC's XSS Adventure

    • September 20, 2016

    Steve Gibson recommends the best website security scanner. Concerns over a significant expansion in effectively warrantless intrusion into end-user computers, the forthcoming change in Internet governance, NTIA's contract with ICANN to handle IANA is expiring in ten days! Google's next move in using Chrome to push for improved security, the interresting details emerging from a successful NAND memory cloning attack on the iPhone 5c and Steve shares the details and findings of a recent Cross-Site Scripting (XSS) problem on GRC and his recommendation for the best website security scanner!

  • S01E579 DDoS, Breaches and Other Records To Be Broken

    • September 27, 2016

    Brian Krebs, Akamai and Google's Project Shield, Yahoo's record-breaking, massive 500 million user data breach, Apple's acknowledged iOS 10 backup PBKDF flaw, well known teen hacker jailbreaks his new iPhone 7 in 24 hours, Microsoft formally allows removal of "Get Windows 10", a new OpenSSL SERVER DoS flaw, more WoSign/StartCom woes (Mozilla prepares to pull the plug), Bittorrent Sync renamed and more deeply documented, and more!

  • S01E580 Your Questions, Steve's Answers 240

    • October 4, 2016

    What is the difference between HTTPS and HSTS? An "update" on Microsoft's GWX remover, an encouraging direction for the Windows 10 Edge browser, HP's "security update" blocks non-HP ink cartridges, a clarification about how to upgrade a site's password hashing, a really terrific DNS hack, another update on Windows update, our web browsers may be fatiguing oru SSD's, and Steve answers your questions!

  • S01E581 Yahoo & Primal Worries

    • October 11, 2016

    Yahoo security, $1.5 mil iPhone bug bounty, WoSign woes, trapdoored primes. Leo and Steve discuss today's Windows update changes for 7 and 8.1, an exploit purchaser offers a $1.5 million bounty for iOS hacks, WhisperSystems encounter first bug, an IEEE study reveals pervasive "Security Fatigue" among users, Firefox and Chrome news, following the WoSign Woes, Samsung Note 7 news, some errata, a bunch of miscellany... and a look into new Yahoo troubles and concerns over the possibility of hidden trapdoors in widely deployed prime numbers.

  • S01E582 Your Questions, Steve's Answers 241

    • October 18, 2016

    Feds demand fingerprints to unlock phones, VeraCrypt audited, life in a simulation. Leo and Steve discuss some serious concerns raised over compelled biometric authentication, a detailed dive into the recently completed audit of VeraCrypt (the successor to TrueCrypt), more on web browsers fatiguing system main SSD storage, a bunch of interesting miscellany (including... are we living in a simulated reality?), and eleven questions and observations from our terrific listeners.

  • S01E583 DRAMMER

    • October 25, 2016

    Last Week's Botnet DDoS, Linux "Dirty COW" bug, the DRAMMER exploit. Leo and Steve discuss last week's major attack on DNS, answering the question of whether the Internet is still working?, we look at Linux's worrisome "Dirty COW" bug rediscovered in the kernel after nine years, we address the worrisome average lifetime of Linux bugs, share a bit of errata and miscellany, and offer an in-depth analysis of DRAMMER, the new, largely unpatachable, Android mobile device Rowhammer 30-second exploit.

  • S01E584 Your Questions, Steve's Answers 242

    • November 1, 2016

    Windows "Atom Bomb" exploit, side-channel attack on Intel processors, verifiable hacker-proof code. Leo and Steve discuss an oh-so-subtle side-channel attack on Intel processors, the quest for verifiable hacker-proof code (which oh-so-subtle side-channel attacks on processors can exploit anyway!), another compiler optimization security gotcha, the challenge of adding new web features without opening routes of exploitation, some good news about the DMCA, Matthew Green and the DMCA, the relentless MPAA and RIAA still pushing the limits and threatening the Internet, the secure ProtonMail service feels the frightening power of skewed search results, regaining control over Windows 10 upgrade insistence, a new 0-day vulnerability Google revealed before Microsoft has patched it, a bit of errata, miscellany and as many listener feedback questions and comments as we have time for.

  • S01E585 The Windows AtomBomb

    • November 8, 2016

    LastPass goes mobile-free, MySQL patches, problems with OAuth, Windows Atombomb attack, and the open source LessPass app. Leo and I discuss the answer to last week’s security & privacy puzzler, Let's Encrypt Squarespace, the new open source "LessPass" app, LastPass goes mobile-free, many problems with OAuth, popular Internet services' privacy concerns, news from the IP spoofing front, Microsoft clarifies Win10 update settings and winds down EMET, a hacker finds a serious flaw in Gmail, MySQL patches need to be installed now, a tweet from Paul Thurrott, a bit of errata and... and the Windows AtomBomb attack.

  • S01E586 The BlackNurse Attack

    • November 15, 2016

    The BlackNurse Attack, PwnFest. Results from our listener's informal CAIDA spoofing testing. LessPass turned out to be even less than it appeared. Steve's day at Yubico. News from PwnFest & Mobile Pwn2Own. The probable elimination of Dark Matter. A new Wi-Fi field disturbance attack. A wacky Kickstarter "fingerprint" glove. The "BlackNurse" reduced-bandwidth DoS attack.

  • S01E587 Mobile & IoT Nightmares

    • November 22, 2016

    Weaponized $5 Raspberry Pi. Samy Kamkar is back with a weaponized $5 RaspberryPI. "El Cheapo" Android phones bring new meaning to "Phoning it in". Watching a webcam getting taken over. Bruce Schneier speaks to Congress about the Internet. A(nother) iPhone Lockscreen Bypass and another iPhone lockup link. Ransomware author asks a security researcher for help fixing their broken crypto. Britain finally passed that very extreme surveillance law. Some more fun miscellany… and more!

  • S01E588 Your Questions, Steve's Answers 243

    • November 29, 2016

    San Francisco Muni hacked. A wonderful quote about random numbers, our standard interesting mix of security do's and dont's, new exploits (WordPress dodged a big bullet!), planned changes, tips & tricks, things to patch, a new puzzle/game discovery, some other fun miscellany... and, finally! Ten comments, thoughts and questions from our terrific listeners!

  • S01E589 Your Questions, Steve's Answers 244

    • December 7, 2016

    Gooligan breaches 1m Google accounts. Leo and Steve discuss Android meeting Gooligan, Windows Upgrades bypass Bitlocker, nearly one million UK routers taken down by a Mirai variant, the popular AirDroid app is "Doing it wrong", researchers invent a clever credit card disclosure hack, Cloudflare reports a new emerging botnet threat, deliberate backdoors discovered in 80 different models of Sony IP cameras, we get some closure on our SanFran MUNI hacker, a fun hack with Amazon's Echo and Google's Home, How to kill a USB port in seconds, a caution about keyless entry (and exit), too-easy-to-spoof fingerprint readers, an extremely troubling report from the UK, and finally some good news: the open-source covert USB hack defeating “BeamGun”!... plus a bunch of fun miscellany, some great Sci-Fi reader/listener book news, and... however many questions we're able to get to by the end of two hours!

  • S01E590 Your Questions, Steve's Answers 245

    • December 13, 2016

    A Brilliantly Horrific New Ransomware Twist. This week, Leo and Steve discuss ticket-buying bots getting their hand slapped (do they have hands?), a truly nasty new addition to encrypting ransomware operation, a really dumb old problem returns to many recent Netgear routers, Yahoo!'s being too pleased with their bug bounty program, Steganometric advertising malware that went undetected for two years, uBlock Origin readies for a big new platform, what exactly is the BitDefender "BOX"? (We wish we knew!), VeraCrypt was audited... next up is OpenVPN! (Yay!), the definitive answer to the question of where Spock's thumb should be, Steve's new relaxing and endless puzzler, and... questions from our listeners!

  • S01E591 Law Meets Internet

    • December 20, 2016

    1 Billion Yahoo Accounts Hacked. This week, Leo and Steve discuss Russia’s hacking involvement in the US Election; that, incredibly, it gets even worse for Yahoo!, misguided anti-porn legislation in South Carolina, troubling legislation from Australia, legal confusion from the Florida appellate court, some good news from the U.S. Supreme Court, Linux security stumbling, why Mac OS X got an important fix last week, the Steganography malvertising attack that targets home routers, news of a forthcoming inter-vehicle communications mandate, professional cameras being called upon to provide built-in encryption, LetsEncrypt gets a worrisome extension, additional news, errata, miscellany… and how exactly DOES that “I really really promise I'm not a robot (really!)” non-CAPTCHA checkbox CAPTCHA work?

  • S01E592 The Portable Dog Killer (2)

    • December 27, 2016

    Steve Gibson tells how he built a device to solve a problem with a neighborhood dog. Steve Gibson tells how he built a device at 16 years old to solve a problem with a neighborhood dog. Original podcast date: May 13, 2010, Episode 248.

  • S01E593 I'm NOT a Robot! (Really)

    • January 3, 2017

    The Internet of Tattling Things. Law enforcement and the Internet of Tattling things, a very worrisome new and widespread PHP eMail vulnerability, Paul and Mary Jo score a big concession from Microsoft, a six-year-old "hacker" makes the news, Apple discovers how difficult it is to make developers change, hyperventilation over Russian malware found on a power utility's laptop, the required length of high entropy passwords, more pain for Netgear, an update on the just finalized v1.3 of TLS, the EFF's growing "Secure" messaging scorecard, a bunch of fun miscellany... and how does that "I'm not a Robot" checkbox work?

  • S01E594 A Look Into PHP Malware

    • January 10, 2017

    A TV station learns to be careful when saying the "A" word. The US Federal Trade Commission steps into the IoT and home networking malpractice world, a radio station learns a lesson in what words NOT to repeat, Google plans to even eliminate the checkbox, a crucial caveat to the "passwords are long enough" argument, more cause to be wary of third-party software downloads, a few follow-ups to last week's topics, a bit of miscellany and a close look at a well-known piece of PHP malware.

  • S01E595 What’s Up with WhatsApp?

    • January 17, 2017

    WhatsApp's non-backdoor "backdoor". A classic bug at GoDaddy bypassed domain validation for 8850 issued certificates, could flashing a peace sign compromise your biometric data?, it's not only new IoT devices that may tattle, many autos have been able to for the past 15 years, McDonald's gets caught in a web security bypass, more famous hackers have been hacked, Google uses AI to increase image resolution, more on the value or danger of password tricks, and... does WhatsApp incorporate a deliberate crypto backdoor?

  • S01E596 Password Complexity

    • January 24, 2017

    A phishing attack that uses a browser's autofill. Symantec issues additional invalid certificates while on probation, Tavis Ormandy finds a very troubling problem in Cisco's Web conferencing extension for Chrome, yesterday's important update to iOS, renewed concerns about LastPass metadata leakage, the SEC looks askance at what's left of Yahoo, a troubling browser form auto-fill information leakage, Tor further hides it's hidden services, China orbits a source of entangled photons? Heartbleed three years later, a new take on compelling fingerprints, approaching the biggest Pwn2Own ever, some miscellany... and some tricks for computing password digit and bit complexity equivalence.

  • S01E597 Traitors In Our Midst

    • January 31, 2017

    Robot is "Not a Robot," Netgear exploit. The best “I'm not a Robot” video ever, Cisco's WebEx problem is far more pervasive than first believed, more bad news (and maybe some good news) for Netgear, Gmail adds .js to the no-no list, a hotel finally decides to abandon electronic room keying, more arguments against the use of modern AV, another clever exploitable CSS browser hack, some (hopefully final) password complexity follow-ups, a bit of errata and miscellany, a SQRL status update, a "Luke... trust the SpinRite" story, and a very nice analysis of a little-suspected threat hiding among us.

  • S01E598 Two Armed Bandits

    • February 7, 2017

    150,000 printers "pwned". Speak of the devil... printers around the world get hacked! Vizio's TVs really were watching their watchers, Windows has a new 0-day problem, Android's easy-to-hack pattern lock, an arsonist's pacemaker rats him out, a survey finds that many iOS apps are not checking TLS certificates, the courts create continuing confusion over eMail search warrants, a blast from the past: SQL Slammer appears to return, Cellebrite's stolen cell phone cracking data begins to surface, some worrisome events in the Encrypted Web Extensions debate, Non-Windows 10 users are not alone, a couple of questions answered, my report of a terrific Sci-Fi series, a bit of miscellany... and a fun story about one-armed bandits being hacked by two armed bandits.

  • S01E599 TLS Interception INsecurity

    • February 14, 2017

    Uncontrolled TLS Interception. Patch Tuesday DELAYED (and we may know why!), our favorite ad-blocker embraces the last major browser, a university gets attacked by its own vending machines, PHP leaps into the future, a slick high-end Linux hack, the rise of fileless malware, some good advice for tax time, it's not only Android's pattern lock that's vulnerable to visual eavesdropping, what happens with you store a huge pile of Samsung Note 7's in one place?, some fun miscellany, a MUST NOT MISS science fiction TV series, a look at the growing worrisome security implications of uncontrolled TLS interception.

  • S01E600 The MMU Side-Channel Attack

    • February 21, 2017

    Microsoft Patch Tuesday for February is cancelled! The story behind Microsoft's Patch Tuesday security update disaster. CyberX discovered a new large-scale cyber-reconnaissance operation targeting Ukraine targets: using vulnerabilities in Dropbox data traffic, DDL malware injection. Find out how easy it is to hack and steal an internet connected car. Chrome 56 update that hides connection certificate info. The future of Firefox add-ons. The lock screen of Win 10 leaking Clipboard contents. Project Zero's Windows flaw and NVIDIA Driver. pfSense and Ubiquity follow-ups. The MMU side-channel attack: it has nothing to do with chip flaws. ASLR will need your full attention.

  • S01E601 The First SHA-1 Collision

    • February 28, 2017

    Cloudbleed vs. Cloudflare. This week, Leo and Steve discuss the "CloudBleed" adventure, another project zero 90-day timer expires for Microsoft, this week's IoT head-shaker, a New York airport exposes critical server data for a year, another danger created by inline third party TLS-intercepting "middleboxes", more judicial thrashing over fingerprint warrants, Amazon says no to Echo data warrant, a fun drone-enabled proof on concept is widely misunderstood, another example of A/V attack surface expansion, some additional Crypto education pointers and miscellany... and what does Google's deliberate creation of two SHA-1-colliding files actually mean?

  • S01E602 Let’s Spoof!

    • February 7, 2017

    Why Amazon AWS S3 crashed the web. Countdown to March's patch Tuesday; what was behind Amazon's S3 outage? Why don't I have a cellular connectivity backup? Some additional Cloudflare perspective, Amazon to fight another day over their Voice Assistant's privacy, an examination of the top 9 Android password managers uncovers problems, another lifeless malware campaign found in the wild, security improvements in Chrome and Firefox, a proof of concept for BIOS ransomware, a how-to walk-through for return-oriented programming, a nifty new site scanning service, Matthew Green compares desktop and mobile security, a bunch of feedback quickies, an incredibly wonderful waste of time accomplishment, the future threat of deliberately fooling AI, and the dark side of automated domain validation certificate issuance.

  • S01E603 Vault 7

    • March 14, 2017

    CIA Vault 7 Tools Analyzed. This week Steve and Leo discuss March's long-awaited patch Tuesday, the release deployment of Google Invisible reCaptcha, getting more than you bargained for with a new Android smartphone, the new "Find my iPhone" phishing campaign, the failure of Wi-Fi anti-tracking, a nasty and significant new hard-to-fix web server 0-day vulnerability, what if your ISP decides to unilaterally block a service you depend upon? Shining some much-needed light onto a poorly conceived end-to-end messaging application, two quick takes, a bit of errata and miscellany... and a look into what Wikileaks revealed about the CIA's data collection capabilities and practices.

  • S01E604 Taming Web Ads

    • March 21, 2017

    Bye-Bye, Windows 7 Updates. This week Steve and Leo discuss developments in the new windows on old hardware front, Cisco finds a surprise in the Vault7 docs, Ubiquity was caught with the PHPs down, CheckPoint discovered problems in WhatsApp and Telegram, some interesting details about the long-running Yahoo breaches, the death of the "eBay Football", the latest amazing IoT insanity, the incredible results of the CanSecWest Pwn2Own competition, a classic "you're doing it wrong" example, Tavis pokes LastPass again, some miscellany and an interesting proposal about controlling web advertising abuse.

  • S01E605 Google -vs- Symantec

    • March 28, 2017

    This week Steve and Jason discuss… Google’s Tavis Ormandy takes a shower, iOS gets a massive feature and security update, a new target for ‘Bot money harvesting appears, Microsoft suffers a rather significant user-privacy fail, the UK increases its communications decryption rhetoric, a worrisome vote in the US senate, NEST fails to respond to a researcher's report, this week in IoT nonsense, a fun quote of the week, a bit of miscellany, some quickie questions from our listeners, and a close look at the developing drama surrounding Google's enforcement of the Certificate Authority Baseline rules with Symantec.

  • S01E606 Proactive Privacy

    • April 4, 2017

    Step-by-step digital privacy. This week Steve and Leo discuss another iOS update update, more bad news and some good news on the IoT front, the readout on Tavis Ormandy's shower revelation, more worrisome anti-encryption saber rattling from the EU, a look at a recent Edward Snowden tweet, Samsung's S8 mistake, a questionable approach to online privacy, celebrating the 40th anniversary of Alice and Bob, some quickie feedback loops from our listeners, and an update on Steve's projects.

  • S01E607 Proactive Privacy, Really!

    • April 11, 2017

    Protecting your privacy as you surf online. This week Steve and Leo discuss Symantec finding 40 past attacks explained by the Vault7 document leaks, an incremental improvement coming to CA certificate issuance, Microsoft patches a 0-day Office vulnerability that was being exploited in the wild, what's a "BricketBot"?, why you need a secure DNS registrar, This Week in IoT Tantrums, a head shaker from our "You really can't make this stuff up" department, the present danger of fake VPN services, an older edition of Windows reaches end-of-patch-life, some "closing the loop" feedback from our listeners, a bit of miscellany, and a comprehensive survey of privacy encroaching technologies and what can be done to limit their grasp.

  • S01E608 News & Feedback Potpourri

    • April 18, 2017

    Stealing PINs, Fingerprint Sensors. This week Steve and Leo discuss another new side-channel attack on smartphone PIN entry (and much more), Smartphone fingerprint readers turn out to be far more spoofable that we had hoped. All Linux kernels prior to v4.5 are vulnerable to a serious remote network attack over UDP, a way to prevent Google from tracking the search links we click (and to allow us to copy the links from the search results), the latest NSA Vault7 data dump nightmare, the problem with punycode domains, four years after the public UPnP router exposure, looking closely at the mixed blessing of hiding WiFi access point SSID broadcasts, some miscellany, and then a collection of quick "Closing The Loop" follow-ups from last week's "Proactive Privacy" podcast.

  • S01E609 The Double Pulsar

    • April 25, 2017

    DoublePulsar, Google Ad Blocking. This week Steve and Leo discuss how one of the NSA's Vault7 vulnerabilities has gotten loose, a clever hacker removes Microsoft deliberate (and apparently unnecessary) block on Win7/8.1 updates for newer processors, Microsoft refactors multifactor authentication, Google to add native ad-blocking to Chrome… and what exactly *are* abusive ads?, Mastercard to build a questionable fingerprint sensor into their cards, are Bose headphones spying on their listeners? 10 worrisome security holes discovered in Linksys routers, MIT cashes out half of its IPv4 space, and the return of two meaner BrickerBots. Then some Errata, a bit of Miscellany, and, time permitting, some "Closing the Loop" feedback from our podcast's terrific listeners.

  • S01E610 Intel's Mismanagement Engine

    • May 2, 2017

    A May Day Mayday for Intel. This week Steve and Leo discuss the long-expected remote vulnerability in Intel's super-secret motherboard Management Engine technology, exploitable open ports in Android apps, another IoT blows a suspect's timeline, newly discovered problems in the Ghostscript interpreter, yet another way for ISPs and others to see where we go, a new bad problem in the Edge browser, Chrome changes its certificate policy, an interesting new "Vigilante Botnet" is growing fast, a proposed solution to smartphone-distracted driving, Ransomware as a service, Net Neutrality heads back to the chopping block (again), an intriguing new service from Cloudflare, and the ongoing Symantec certificate issuance controversy. Then some fun errata, miscellany, and some closing-the-loop feedback from our terrific listeners.

  • S01E611 Go FCC Yourself

    • May 9, 2017

    Intel AMT Horror, Net Neutrality. This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft's built-in malware scanning technology, Patch Tuesday, Google's Android patches, SMS 2-factor authentication breached, Google goes phishing, the emergence of ultrasonic device tracking, lots of additional privacy news, some errata and miscellany, actions US citizens can take to express their dismay over recent Net Neutrality legislation, and some quick closing the loop feedback from our terrific listeners.

  • S01E612 Makes You WannaCry

    • May 16, 2017

    WannaCry Ransomware, FCC DDoS. This week Steve and Leo discuss an update on the FCC's Net Neutrality comments, the discovery of an active keystroke logger on dozens of HP computer models, the continuing loss of web browser platform heterogeneity, the OSTIF's just-completed OpenVPN security and practices audit, more on the dangers of using smartphones as authentication tokens, some extremely welcome news on the Android security front, long-awaited updated password recommendations from NIST, some follow-up errata, a bit of tech humor and miscellany, closing the loop with some listener feedback... then a look at last week's global explosion of the WannaCry worm.

  • S01E613 WannaCry Aftermath

    • May 23, 2017

    WannaCry Aftermath, Hacking Trump. This week we examine a bunch of WannaCry follow-ups, including some new background, reports of abilities to decrypt drives, attacks on the Killswitch, and more. We also look at what the large StackOverflow site had to do to do HTTPS, the Wi-Fi security of various properties owned by the US president, more worrisome news coming from the UK's Teresa May, the still sorry state of certificate revocation, are SSDs also subject to RowHammer-like attacks? Some miscellany, and closing the loop with our listeners.

  • S01E614 Vulnerabilities Galore!

    • May 30, 2017

    Chipotle Hack, Malware Subtitles. This week we discuss a new non-eMail medium for spear phishing, Chipotle can't catch a break, social engineering WannaCry exploits on Android, video subtitling now able to take over our machines, a serious Android UI design flaw that Google appears to be stubbornly refusing to address, Linux gets its own version of WannaCry, another dangerous NSA exploit remains unpatched and publicly exploitable on WinXP and Server 2003 machines, a look at 1Password's brilliant and perfect new "Travel Mode", Google extends its ad-tracking into the offline world, some follow-ups, miscellany, and closing-the-loop feedback from our terrific listeners... concluding with my possibly useful analogy to explain the somewhat confusing value of open versus closed source.

  • S01E615 Legacy's Long Tail

    • June 6, 2017

    OneLogin Breach, Hacking Submarines. This week we discuss an embarrassing high-profile breach of an online identity company, an over-hyped problem found in Linux's sudo command, the frightening software used by the UK's Trident nuclear missile submarine launch platforms, how emerging nations prevent high school test cheating, another lesson about the danger of SMS authentication codes, another worrisome SHODAN search result, high-penetration dangerous adware from a Chinese marketer, another "that's not a bug" bug in Chrome allowing websites to surreptitiously record audio and video without the user's knowledge, the foreseeable evolution of hybrid crypto-malware, the limp return of Google Contributor, Google continues to work on end-to-end eMail encryption, a follow-up on straight-to-voicemail policy, “Homomorphic Encryption” (what the heck is that?), and "closing the loop" follow up from recent discussions.

  • S01E616 Things Are Getting Worse

    • June 13, 2017

    Social media malware, Russia is hacking through AMP, Bitcoin malware. This week we discuss clever malware hiding its social media communications, the NSA documents the Russian election hacking two-factor authentication bypass, meanwhile, other Russian attackers leverage Google's own infrastructure to hide their spoofing, Tavis finds more problems in Microsoft's anti-malware protection, a cryptocurrency-stealing malware, more concerns over widespread Internet-connected camera design, malware found to be exploiting Intel's AMT motherboard features, the new danger of mouse cursor hovering, Apple's iCloud sync security claims, Azure changes their CA, a bunch of catch-up miscellany and a bit of closing the loop feedback from our listeners.

  • S01E617 When Governments React

    • June 20, 2017

    Governments Want Web Security Keys. This week we discuss France, Britain, Japan, Germany & Russia each veering around in their Crypto Crash Cars, Wikileaks' Vault7 reveals widespread CIA WiFi router penetration, why we can no longer travel with laptops, HP printer security insanity, how long are typical passwords?, Microsoft to kill off SMBv1, the all-time mega ransomware payout, Google to get into the whole-system backup business, hacking PCs with "Vape Pens", a bit of miscellany, and a bunch of Closing the Loop feedback with our terrific listeners.

  • S01E618 Research: Useful and Otherwise

    • June 27, 2017

    Crypto in a Lightbulb. This week we discuss another terrific NIST initiative, RSA crypto in a quantum computing world, Cisco's specious malware detection claims, the meaning of post-audit OpenVPN bug findings, worrisome bugs revealed in Intel's recent Skylake and KabyLake processors, the commercialization of a malware technique, WannyCry keeps resurfacing, LinkSys responds to the CIA's Vault7 CherryBomb firmware, another government reacts to encryption, the NSA's amazing Github repository, more news about HP printer auto-updating, a piece of errata, some miscellany, and some closing the loop feedback from our listeners.

  • S01E619 All the Usual Suspects

    • July 11, 2017

    W3C adds DRM to HTML5, Facebook can track logged out users, jailbreaking drones and more! This week we have all the usual suspects: Governments regulating their citizenry, evolving Internet standards, some brilliant new attack mitigations and some new side-channel attacks, browsers responding to negligent certificate authorities, specious tracking lawsuits, flying device jailbreaking, more IoT tomfoolery, this week's horrifying Android vulnerability, more Vault7 CIA Wikileaks, a great tip about controlling the Internet through DNS... and even more! In other words, all of the usual suspects! (And two weeks until our annual BlackHat exploit extravaganza!)

  • S01E620 Calm Before the Storm

    • July 18, 2017

    MySpace Hack, Net Neutrality. This week, while waiting for news from the upcoming BlackHat & DefCon conventions, we discuss another terrific security eBook bundle offer, a Net Neutrality follow-up, a MySpace account recovery surprise, another new feature coming to Win10, the wrongheadedness of paste-blocking web forms, Australia versus the laws of math, does an implanted pacemaker meet the self-incrimination exemption?, an updated worse-case crypto-future model, it's surprising what you can find at a flea market, another example of the consumer as the product, an SQRL technology update, and some closing-the-loop feedback from our terrific listeners.

  • S01E621 Crypto Tension

    • July 25, 2017

    Arresting ethical hackers, Verizon caught violating Title II, Roomba maker wants to sell maps of your home. We start off this week with a fabulous picture of the week and for the first time in this podcast's 12-year history, our first quote of the week. Then we'll be discussing the chilling effects of arresting ethical hackers, the upcoming neutrality debate congressional hearing, something troubling encountered at McAfee.com, an entirely new IoT nightmare you couldn't have seen coming and just won't believe, the long-awaited Adobe Flash end-of-life schedule, welcome performance news for Firefox users, the FCC allocates new sensor spectrum for self driving cars, three bits of follow-up errata, a bit of miscellany, and then: "Crypto Tension" -- a careful look at the presently ongoing controversy surrounding the deliberate provisioning of passive eavesdropping decryption being seriously considered for inclusion in the forthcoming TLS v1.3 standard.

  • S01E622 Hack the Vote

    • August 1, 2017

    DEF CON Antics, Facebook Kills AI. This week we look at the expected DEF CON fallout including the hacking of US election voting machines, Microsoft's enhanced bug bounty program, the wormification of the Broadcom WiFi firmware flaw, the worries when autonomous AI agents begin speaking in their own language which we cannot understand, Apple's pulling VPN clients from its Chinese app store, a follow-up on iRobot's floor plan mapping intentions, some new on the Chrome browser front, the 18th Vault-7 Wikileaks dump, and some closing-the-loop feedback from our terrific podcast followers.

  • S01E623 Inching Forward

    • August 8, 2017

    DigiCert, LastPass, IoT Security. This week we discuss and look into DigiCert's acquisition of Symantec's certificate authority business unit, LogMeIn's LastPass Premium price hike, the troubling case of Marcus Hutchins' post-Defcon arrest, another instance of WannaCry-style SMBv1 propagation, this week's horrific IoT example, some hopeful IoT legislation, the consequences of rooting early Amazon Echoes, the drip drip drip of Wikileaks Vault 7 drips again, Mozilla's VERY interesting easy-to-use secure large file encrypted store and forward service, the need to know what your VPN service is really up to, a bit of errata, miscellany, and some closing-the-loop feedback from our always-attentive terrific listeners.

  • S01E624 Twelve and Counting

    • August 15, 2017