• Picture of the week.
• 47 fixes in Chrome 89.0.4389.72.
• Crispy Subtitles from Lay's.
• Google funds Linux kernel security developers.
• WinAmp gets a huge update!
• "Intel Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical"
• Dependency Confusion!
• Listener feedback.
• Hafnium.

We invite you to read our show notes at https://www.grc.com/sn/SN-809-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• thehelm.com/securitynow
• WWT.COM/TWIT
• canary.tools/twit - use code: TWIT

• Chrome to default to trying HTTPS first when not specified.
• Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies!
• As easy as "SolarWinds123".
• Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10.
• VMware's vCenter troubles.
• SpinRite update.
• Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
• CNAME Collusion.

We invite you to read our show notes at https://www.grc.com/sn/SN-808-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• privacy.com/securitynow
• Melissa.com/twit
• itpro.tv/securitynow promo code SN30

• SHAREit Follow-up
• This Week in Web Browser Tracking
• Brave's "Private Window with Tor" was not so private
• Tracking with eMail Beacons
• Microsoft's final "Solorigate" update
• "Good App goes Bad for Profit"
• SpinRite: RS shows VERY obvious improvement after one pass of SR 6
• Dependency Confusion

We invite you to read our show notes at https://www.grc.com/sn/SN-807-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Melissa.com/twit
• barracuda.com/securitynow
• expressvpn.com/securitynow

• Pic of the week.
• New info in the Oldsmar, Florida water supply attack.
• Major Patch Tuesday update.
• Adobe released critical updates to three versions each of its Acrobat and Reader.
• Android SHAREit.
• The Rise of The Web Shells.
• This week's WordPress Mess: Responsive Menu plugin.
• SpinRite drive discovery video.
• What is C.O.M.B.?

We invite you to read our show notes at https://www.grc.com/sn/SN-806-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• business.eset.com/twit

• Picture of the Week.
• Google has been busy with Chrome.
• Google Chrome Heap Buffer Overflow Vulnerability Exploited.
• A unique use of Chrome's "sync" feature for command & control and data exfiltration.
• Defender thinks Chrome is Malware.
• More Critical WordPress Plug-in Problems.
• Plex Media servers SSDP protocol being used in DDoS attacks.
• Three more NEW vulnerabilities discovered in SolarWinds' software.
• Closing the Loop.
• SpinRite: "Discovering System's Mass Storage Devices..."
• SCADA Scandal: Hacker's attempts to adjust chemicals in Oldsmar water supply.

We invite you to read our show notes at https://www.grc.com/sn/SN-805-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• udacity.com/twit coupon code TWiT
• Gabi.com/SECURITYNOW
• WWT.COM/TWIT

• Picture of the Week.
• Chrome rescinding another CA's root cert.
• An urgent update to the recently released GnuPG.
• An interesting supply-chain attack "BigNox".
• Apple quietly put iMessage in a sandbox in iOS 14.
• For the past 10 years, "SUDO" was only pseudo secure.
• SpinRite: February 1st Progress Report.
• NAT Slipstreaming 2.0.

We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• barracuda.com/securitynow
• itpro.tv/securitynow promo code SN30
• extrahop.com/SECURITYNOW

• Chrome and Edge have beefed-up their built-in password managers.
• The random repercussions associated with the end of Adobe Flash.
• A new trend emerging with post-ransomware DDOS attacks.
• SolarWinds attack details continue to emerge.
• Malwarebytes was also attacked.
• It seems that wherever we look, we find problems.
• The Expanse is GOOD sci-fi.
• Comparative Smartphone Security: Which mobile OS is better?

We invite you to read our show notes at https://www.grc.com/sn/SN-803-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• udacity.com/twit coupon code TWiT
• privacy.com/securitynow

• When is Chrome not Chromium?
• A major DuckDuckGo milestone.
• Project Zero in the wild.
• First Patch Tuesday of 2021.
• ZeroLogon Drop Dead.
• NSA warns against outsourcing DoH services.
• A Side-Channel in Titan.
• The "PayPal Football"
• WhatsApp's decision to bring its data into Facebook.

We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• business.eset.com/twit
• expressvpn.com/securitynow
• canary.tools/twit - use code: TWIT

• Firefox and Chromium updates address remote system take over bugs.
• Tenable researchers reported a critical Chromium bug.
• What Firefox's backspace key does and should do.
• How Ryuk malware operations netted $150 million via cryptocurrency exchange.
• Intel: A triumph of marketing over technology.
• The strange case of the Male Chastity Cage.
• A SolarWinds smoking gun? "Sunburst backdoor."
• A class action lawsuit filed by shareholders of SolarWinds stock.
• The "Krebs Stamos Group"
• Zyxel security endpoints under attack.
• WhatsApp revises their privacy policy.
• Signal sees a mass influx of WhatsApp users.
• Out with the old: A look at the history of SpinRite code.

We invite you to read our show notes at https://www.grc.com/sn/SN-801-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WWT.COM/TWIT
• barracuda.com/securitynow

• Chrome struggles with A/V pre-scan file locking.
• Zyxel security products protected by a single redundant password.
• How Swatters are using IoT devices to increase the terror.
• A new serious problem in the PHP Zend Framework on WordPress.
• Bitcoin woes as value reaches new peaks.
• ReadSpeed, SSD's, and SpinRite.
• A new flaw discovered in SolarWinds' Orion software.

We invite you to read our show notes at https://www.grc.com/sn/SN-800-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• itpro.tv/securitynow promo code SN30