• New "SparkCat" secret-stealing AI image scanner discovered in App and Play stores.
• The UK demands that Apple does the impossible: decrypting ADP cloud data.
• France moves forward on legislation to require backdoors to encryption.
• Firefox moves to 135 with a bunch of useful new features.
• The Five Eyes alliance publishes edge-device security guidance.
• Six NetGear routers contain CVSS 9.6 and 9.8 vulnerabilities.
• Sysinternals utilities allow malicious Windows DLL injection.
• Google removes restrictive do-gooder language from AI application policies.
• "AI Fuzzing" successfully jailbreaks the most powerful ChatGPT o3 model.
• Examining the well and deliberately hidden truth behind ransomware cyberattacks on U.S. K-12 schools

Show Notes - https://www.grc.com/sn/SN-1012-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• joindeleteme.com/twit promo code TWIT
• canary.tools/twit - use code: TWIT
• zscaler.com/security
• uscloud.com
• 1password.com/securitynow

• Why was DeepSeek banned by Italian authorities?
• What internal proprietary DeepSeek data was found online?
• What is "DeepSeek" anyway? Why do we care, and what does it mean?
• Did Microsoft just make OpenAI's strong model available for free?
• Google explains how generative AI can be and is being misused.
• An actively exploited and unpatched Zyxel router vulnerability.
• The new US "ROUTERS" Act.
• Is pirate-site blocking legislation justified or is it censorship?
• Russia's blocked website count tops 400,000.
• Microsoft adds "scareware" warnings to Edge.
• Bitwarden improves account security.
• What's still my favorite disk imaging tool?
• And let's take a close look into the extraction of proscribed knowledge from today's AI

Show Notes - https://www.grc.com/sn/SN-1011-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• threatlocker.com for Security Now
• veeam.com
• bitwarden.com/twit

• eM Client CAN be purchased outright.
• An astonishing 5-year-old typo in MasterCard's DNS.
• An unwelcome surprise received by 18,459 low-level hackers.
• DDoS attacks continue growing, seemingly without any end in sight.
• Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates.
• SpinRite uncovers a bad brand new 8TB drive.
• Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook.
• A look into the tradeoffs required to obtain privacy for our DNS lookups

Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• uscloud.com
• joindeleteme.com/twit promo code TWIT
• bitwarden.com/twit
• zscaler.com/security

• What do we learn from January's record breaking 0-day critical Patch Tuesday?
• Microsoft to "force-install" a new Outlook into all Windows 10 and 11 desktops?
• GoDaddy required to get much more serious about its hosting security.
• More age verification enforcement is coming, including globally.
• What another instance of a widely exposed management interface teaches us.
• DJI drone's official firmware update lifts geofencing for unrestricted flight.
• CISA's efforts pay off with MUCH improved critical infrastructure security.
• Listener feedback about TOTP, HOTP and age-verification.
• And we take a deep dive into cracking authenticator keys

Show Notes - https://www.grc.com/sn/SN-1009-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• vanta.com/SECURITYNOW
• bitwarden.com/twit
• threatlocker.com for Security Now
• veeam.com

• Meta winds down 3rd-party content filtering. Is encryption soon to follow?
• Taking over abandoned Command & Control server domains (strictly for research purposes only).
• IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care?
• "SyncThing" receives a (blessedly infrequent) update.
• Government email is not using encryption? Really?
• Email relaying prevents point-to-point end-to-end encryption and authentication.
• Just because Let's Encrypt doesn't support email doesn't mean it's impossible.
• What Sci-Fi does ChatGPT think I (Steve) should start reading next?
• To auto-update or not to auto-update? — is that one question or two?
• And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens.

Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• canary.tools/twit - use code: TWIT
• uscloud.com
• joindeleteme.com/twit promo code TWIT
• 1password.com/securitynow
• zscaler.com/security

• The consequences of Internet content restriction.
• The measured risks of 3rd-party browser extensions.
• The consequences of SonicWall's unpatched 9.8 firewall severity.
• The incredible number of still-unencrypted email servers.
• SonicWall vulnerability patching
• Shadowserver Foundation & eMail Encryption
• Salt Typhoon Evicted
• HIPAA gets a long-needed cybersecurity upgrade.
• The EU standardizes on USB-C for power charging. What?
• Believe it or not, a CATCHA you solve by playing DOOM.
• And... what I learned from three weeks of study of AI

Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• bitwarden.com/twit
• expressvpn.com/securitynow
• veeam.com
• threatlocker.com for Security Now

Leo revisits some of the year's top Security Now segments of 2024.

• 956. Apple's Hardware Backdoor: Steve reflects on the previous week's 'The Mystery of CVE-2023-38606' deep-dive. Did Apple deliberately designed a secure backdoor?
• 960. Unforeseen Consequences of Google's 3rd-party Cookie Cutoff: As Google moves to phase out third-party cookies, the advertising industry scrambles to find new ways to track users, potentially leading to more intrusive methods like requiring users to create accounts on websites.
• 961. Bitlocker: Chipped or Cracked?: A clever hacker demonstrates how BitLocker-encrypted drives can be compromised on systems using separate TPM chips, highlighting the importance of integrating TPM functionality directly into the CPU.
• 964. So, What Is Apple's PQ3?: Steve analyzes Apple's new "PQ3" post-quantum safe iMessaging protocol, uestioning whether it truly offers superior security compared to Signal's existing solution.
• 976. Recall - The 50 Gigabyte Privacy Bomb: Examining Microsoft's new "Recall" feature that records users' screens every few seconds, raising significant privacy concerns.
• 984. CrowdStruck: A look at the disastrous global IT outage caused by a faulty CrowdStrike Falcon update, affecting airports, hospitals, banks, and more.
• 1000. Steve and Leo reflect on 1000 episodes of Security Now.
• 1001. Artificial General Intelligence: Steve and Leo discuss the challenges in achieving artificial general intelligence (AGI) and the debate surrounding its potential timeline and societal impact.

Host: Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

• Is AI the Wizard of Oz? Or is it more?
• Microsoft's long standing effective MFA login bypass.
• Is TPM 2.0 not required after all for Windows 11?
• Meet 14 North Korean IT workers who made $88 million from the West.
• Android updates its Bluetooth tracking with anti-tracking.
• The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight.
• The AskWoody site remains alive, well, and terrific.
• My iPhone is linked to Windows and it's wonderful. Yay.
• How has email been finding logos before BIMI?
• If we use Him and Her for people, how about Hal for AI?
• Another very disturbing conversation with ChatGPT.
• What's going on with the new ChatGPT o1 model? It wants to escape? What??
• Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world?
• And all the best holiday wishes. See you in January

Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• joindeleteme.com/twit promo code TWIT
• 1password.com/securitynow
• bigid.com/securitynow
• canary.tools/twit - use code: TWIT