• Chrome to actively refuse admin privileges.
• Android Messenger is getting manual key verification.
• Pwn2Own to add AI "pwning" as in-scope attack targets.
• AI has already been found to be replicating.
• Microsoft not killing off Office on Win10 after October.
• 23andMe's asset purchaser revealed.
• Many fun talking points thanks to our listeners.
• Steve's review of "Andor", season 2.
• What's been discovered inside the U.S. power grid

Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• bigid.com/securitynow
• material.security
• joindeleteme.com/twit promo code TWIT
• bitwarden.com/twit
• drata.com/securitynow

• The state of Virginia passes an age-restriction law that has no chance.
• New Zealand also tries something similar, citing Australia's lead.
• A nasty Python package for Discord survived 3 years and 11K downloads.
• The FBI says it's a good idea to discard end-of-life consumer routers.
• What's in WhatsApp? Finding out was neither easy nor certain.
• The UK's Cyber Centre says AI promises to make things much worse.
• A bunch of great feedback from our great listeners, then:
• Is true end-to-end encryption possible when records must be retained?

Show Notes - https://www.grc.com/sn/SN-1025-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• threatlocker.com for Security Now
• uscloud.com
• hoxhunt.com/securitynow
• canary.tools/twit - use code: TWIT

• Microsoft to officially abandon passwords and support their deletion.
• Meta's RayBan smart glasses weaken their privacy terms.
• 30% of Microsoft code is now being written by AI.
• Google says prying Chrome from it will damage its security.
• Nearly 1,000 six-year-old eCommerce backdoors spring to life.
• eM Client moves to version 10.3
• A bunch of terrific listener feedback creates talking points.
• A little-known, insecure message archiving service comes to light.

Show Notes - https://www.grc.com/sn/sn-1024-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• bitwarden.com/twit
• joindeleteme.com/twit promo code TWIT
• drata.com/securitynow
• material.security
• threatlocker.com/twit

• Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday?
• And what new Windows Update crashing hack did this also create?
• North Korea is now creating fake US companies to lure would-be employees.
• The "Inception" attack subverts all GPT conversational AIs.
• New information about data loss in unpowered SSD mass storage.
• Lots of terrific feedback from our listeners.
• How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it

Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• legatosecurity.com
• threatlocker.com for Security Now
• outsystems.com/twit
• hoxhunt.com/securitynow

• Enabling Firefox's Tab Grouping.
• Recalled Recall Re-Rolls out.
• The crucial CVE program nearly died. It's been given new life.
• China confesses to hacking the US (blames our stance on Taiwan).
• CISA says what Oracle still refuses to.
• Brute force attacks on the (rapid) rise.
• An AI/ML Python package rates a 9.8 (again!)
• The CA/Browser forum passed short-life certs. :(
• A wonderful crosswalk hack hits Silicon Valley.
• Android to add force restarting ahead of schedule. Maybe.
• The EFF is never happy. But especially now, about Florida.
• Interesting research into ransomware payouts.
• Windows Sandbox: The amazing gem hidden inside all Windows 10 & 11!

Show Notesb - https://www.grc.com/sn/SN-1022-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• joindeleteme.com/twit promo code TWIT
• drata.com/securitynow
• bigid.com/securitynow
• 1password.com/securitynow
• material.security

• Android to get "Lockdown Mode".
• What's in the new editions of Chrome and Firefox?
• Why did Apple silently re-enable automatic updates?
• My new iPhone 16, Chinese tariffs and electronics.
• Dynamic "hotpatching" coming to Win11 Enterprise & Edu.
• Why is it so difficult for Oracle to fess up?
• Another multi-year breach inside US Treasury.
• An Apple -vs- the UK update.
• "Thundermail" (Can't someone come up with a better name?)
• The (in)Security of Programmable Logic Controllers.
• When LLM's write code and hallucinate non-existent packages.
• Wordpress core security and PHP gets an important audit.
• Device-Bound Session Credentials update session cookie technology

Show Notes - https://www.grc.com/sn/SN-1021-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• expressvpn.com/securitynow
• vanta.com/SECURITYNOW
• threatlocker.com for Security Now
• legatosecurity.com
• bitwarden.com/twit

• Canon printer driver vulnerabilities enable Windows kernel exploitation.
• Astonishing cyber-security awareness from a household appliance manufacturer.
• France tries to hook 2.5 million school children with a Phishing test.
• Wordpress added an abuse prone feature in 2022. Guess what happened?
• Oracle? Is there something you'd like to tell us?
• Utah's governor just signed the App Store Accountability Act. Now what?
• AI bots hungry for new data are DDoSing FOSS projects.
• No Microsoft Account? No Microsoft Windows 11.
• Gmail claims it now offers E2EE. It kinda sorta does. Somewhat.
• A dreaded CVSS 10.0 was discovered in Apache Parquet.
• A bunch of terrific listener feedback.
• What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it?

Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• material.security
• threatlocker.com for Security Now
• canary.tools/twit - use code: TWIT
• joindeleteme.com/twit promo code TWIT
• bitwarden.com/twit

• Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
• A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
• Cloudflare completely pulls the plug on port 80 (HTTP) API access.
• Malware is switching to obscure languages to avoid detection. FORTH, anyone?
• Password reuse doesn't appear to be dropping. Cloudflare has numbers.
• A listener shares his log of malicious Microsoft login attempts. Why no geofencing?
• 23andMe down for the count (reminder).
• A sobering Ransomware attack & victim listing website. Gulp!
• "InControl" keeps VR planes aloft.
• And the European Union gets serious about a switch to Linux

Show Notes - https://www.grc.com/sn/SN-1019-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• drata.com/securitynow
• outsystems.com/twit
• bitwarden.com/twit
• threatlocker.com for Security Now
• legatosecurity.com