Zoom gets end-to-end encryption.

• ACLU takes Clearview to court, but maybe they should worry about their own website first
• The state of drive-by malvertising downloads
• Google will be bad listing notification abusing sites
• Who else is doing the eBay-like ThreatMetrix port scanning?
• Facebook to require identity verification for high impact posters
• Google Messaging is apparently heading toward E2EE
• The return of a much more worrisome StrandHogg
• The SHA-1 hash to finally be dropped from OpenSSH
• What happens when you fuzz USB?
• Zoom's end-to-end encryption design

We invite you to read our show notes at https://www.grc.com/sn/SN-769-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• expressvpn.com/securitynow
• WWT.COM/TWIT
• LastPass.com/twit

Contact tracing apps are not going to work.

• Why contact tracing apps are never going to work
• Unc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice!
• Firefox 77 picks up a nifty new security trick
• New features in Chrome 83: cookie management, "Safety Check," blocking third-party cookies by default in Incognito mode, and "Tab Groups"
• Adobe rushes out four out-of-cycle emergency updates to fix security flaws
• Zerodium temporarily stops buying iOS remote code execution vulnerabilities
• The NXNS Attack: A group of cybersecurity researchers in Israeli have responsibly disclosed details about a new way they worked out of using the Internet's domain name resolution system to hugely amplify (by a factor of at least 1620 packets) a DDoS attack to take down targeted websites.
• BIAS - Bluetooth Impersonation AttackS is nothing less than a complete collapse of Bluetooth security.
• Is eBay port scanning its user's computers? Kinda.
• Security Now trivia: Steve Gibson helped develop the Speak & Spell! It did voice synthesis with only a 4K bits (0.5K bytes) processor.

We invite you to read our show notes at https://www.grc.com/sn/SN-768-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• barracuda.com/securitynow
• Wasabi.com offer code SECURITYNOW
• extrahop.com/SECURITYNOW

WiFi 6, Apple vs. FBI, face masks.

• Last Tuesday's Windows patch Tuesday was not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were rated CRITICAL and all but one of which enabled Remote Code Execution by an attacker.
• The DOJ and FBI again criticize Apple over encryption
• When is a fix not a fix?
• Face masks have thwarted the London police's LFR rollout
• Utah chooses to roll their own contact tracing app
• Everything you need to know about WiFi 6

We invite you to read our show notes at https://www.grc.com/sn/SN-767-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WWT.COM/TWIT
• canary.tools/twit - use code: TWIT

Thunderbolt security flaw, Zoom buys Keybase.

• Why the ThunderSpy Thunderbolt security flaw is such a big deal
• Zoom purchases Keybase to fix encryption
• Firefox 76 released with new features
• But Firefox 76 broke Amazon's Assistant!
• Hallelujah!! Edge moves to silence those annoying notification requests.
• Critical WordPress plugin bugs present on over one million sites
• Critical vBulletin patch
• Samsung has patched a CRITICAL bug affecting the past 6 years of Smartphones
• DefCon and Black Hat 2020 go virtual

We invite you to read our show notes at https://www.grc.com/sn/SN-766-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• manscaped.com code SECURITYNOW
• itpro.tv/securitynow promo code SN30

China wants to rebuild the Internet.

• China's proposal to rebuild the internet is an authoritarian nightmare
• Bruce Schneier on COVID-19 Contact Tracing Apps
• Political Correctness hits cybersecurity
• DHS's CISA says no to 3rd-party DoH
• "POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers"
• An authorization bypass in SaltStack
• Adobe's Big Last Tuesday, Non-Patch Tuesday, Update
• Google has announced its impending clean-up of the Chrome Web Store
• Warning about RDP is not crying wolf

We invite you to read our show notes at https://www.grc.com/sn/SN-765-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• LastPass.com/twit
• WWT.COM/TWIT
• barracuda.com/securitynow

Apple/Google Contact Tracing, Best VPNs to protect you.

• Apple/Google Contact Tracing Update
• iOS 0-Day Alert! Update Apple Mail
• Best VPNs to protect you from the Five Eyes
• TypoSquatting attacks
• Vitamin D linked to COVID-19 mortality
• Resource Public Key Infrastructure
• How BGP can break the Internet

We invite you to read our show notes at https://www.grc.com/sn/SN-764-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• Wasabi.com offer code SECURITYNOW
• expressvpn.com/securitynow

Zoom Fixes Security, EARN IT is Evil, Tor in Trouble

• Zoom gets big-name help with security fixes
• Google updates Chrome to v81.0.4044.113 to squash a critical flaw
• FTP in Chrome lives another day! Google "undepreciates" FTP.
• Windows Patch Tuesday for April 2020 fixes 113 vulnerabilities
• "Basic Authentication" lives another day! Due to COVID-19, Microsoft and Google will keep "Basic Authentication" around for a little while longer
• EARN IT Act: call your Senator before it is too late!
• Tor Project fires over 1/3 of its staff
• Cloudflare dumps Google's reCAPTCHA

We invite you to read our show notes at https://www.grc.com/sn/SN-763-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• extrahop.com/TWIT
• WWT.COM/TWIT

Apple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of Life

• Apple & Google Virus Contact Tracing: secure and effective
• Zoom gets another Zoom-bombing mitigation... and a Class-Action Lawsuit
• Meanwhile, Zoom has enlisted the aid of Alex Stamos
• Zoom creates a CISO Council
• What's next for Zoom?
• Browser Security News: Chrome 81 and Firefox 75
• Android Apps Again in the Crosshairs
• Sandboxie goes Open Source
• RIP John Conway, creator of Conway's Game of Life

We invite you to read our show notes at https://www.grc.com/sn/SN-762-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• barracuda.com/securitynow
• itpro.tv/securitynow promo code SN30
• canary.tools/twit - use code: TWIT

Zoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative!

• Mozilla just patched a pair of CRITICAL 0-days
• Eight security bugs eliminated from Chrome last week
• Safari gets a bunch of very important fixes
• Chrome and Edge join Mozilla in postponing the deprecation of TLS v1.0 and v1.1
• Chrome team reversing themselves on the enforcement of Same Site cookies
• Edge with Vertical Tabs and Smart Copy
• The return of STIR & SHAKEN
• Cloudflare has added Parental Control to their 1.1.1.1 DNS service
• Cloudflare's new service accidentally blocks LGBTQIA+ sites

We invite you to read our show notes at https://www.grc.com/sn/SN-761-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• WWT.COM/TWIT
• LastPass.com/twit

iOS VPN bug, Coronavirus Folding@Home

• VPN bug in iOS 13.4
• Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19.
• RDP and VPN use skyrocketing
• To 'www' or not to 'www'
• Firefox 76 to finally stop assuming "HTTP"
• Google again revises its schedule for Chrome releases
• Microsoft moves to support "Shadow Stacks"
• Cloudflare's 1.1.1.1 DNS is audited by KPMG

We invite you to read our show notes at https://www.grc.com/sn/SN-760-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

• expressvpn.com/securitynow