SN 818: News From the Darkside – Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
Picture of the week.
TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers"
Huh Google?
Tor's Exit Nodes.
21 Nails in Exim's coffin.
Project Hail Mary: A Novel.
Closing the loop.
SpinRite update.
News from the Darkside.
We invite you to read our show notes at...
SN 818: News From the Darkside – Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
Picture of the week.
TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers"
Huh Google?
Tor's Exit Nodes.
21 Nails in Exim's coffin.
Project Hail Mary: A Novel.
Closing the loop.
SpinRite update.
News from the Darkside.
We invite you to read our show notes at...
SN 817: The Ransomware Task Force – Scripps Health, REvil Hacks Quanta Computer, Emotet Botnet, QNAP
Picture of the Week.
REvil hacks Apple supplier Quanta Computer.
World-famous Scripps Health taken down.
The Big Emotet Botnet Takedown.
Emotet's 4,324,770 eMail addresses.
Have I Been Pwned domain-wide notifications.
QNAP.
Gravity NNTP Newsreader updated to v3.0.11.0
Just a bit more about Dan Kaminsky.
Closing the Loop.
The Ransomware...
SN 816: The Mystery of AS8003 – Remembering Dan Kaminski, Project Zero, Unethical Security Research
Remembering Dan Kaminski.
Week before last was Patch Tuesday.
Google's Project Zero responds to today's patch latency reality.
Baking security into IoT
UNethical security research.
CloudFlare refuses to knuckle under to Patent Trolls.
Closing The Loop.
The Mystery of AS8003.
We invite you to read our show...
SN 815: Homogeneity Attacks – Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90
Club TWiT details.
Picture of the Week.
The Vivaldi Project's take on FLoC.
Chrome continues to be THE high-value target.
We're at Chrome v90.
Exchange Server Web Shells removed, with DOJ Permission.
WordPress joins the "FLoC No!" chorus.
It's Humble Bundle Book Time.
Closing the Loop.
A quick...
SN 814: PwnIt And OwnIt – Why Port 10080 is Blocked, FLoC Rollout, PHP GIT Hack Revisited, CISCO Router Problems
Picture of the week.
The Slips keep Streaming.
Are You FLoC'ed?
The PHP GIT Hack, revisited.
CISCO abandons old routers having problems.
Failure to Patch.
PwnIt And OwnIt.
We invite you to read our show notes at https://www.grc.com/sn/SN-814-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or...
SN 813: A Spy in Our Pocket – Ubiquity Coverup, Facebook Data Dump, Malicious Call of Duty Cheats
Ubiquity coverup, Facebook data dump, malicious Call of Duty cheats.
The Ubiquiti Coverup.
Facebook's 533,313,128 Million User Whoopsie!
Don't mess with our water!
Android moves to limit inter-app visibility.
Beware malicious "Call of Duty: Warzone" cheats.
QNAP — Just Say No!
Listener Feedback.
A Spy in...
SN 812: GIT Me Some PHP – Spectre Returns to Linux, API Security, OpenSSL Flaws, SolarWinds
Spectre returns to Linux, API Security, OpenSSL flaws, SolarWinds.
Picture of the week.
ProxyLogon Update.
Spectre returns to Linux.
OpenSSL fixes several high-severity flaws.
SolarWinds keeps finding new critical problems within its own code.
Cloudflare's recent moves.
A focus on API Security.
SpinRite update.
The curious case...
SN 811: What the FLoC? – Automatic Fix for Exchange Server Flaw, Firefox 87 Features, MyBB Patch
Automatic fix for Exchange Server flaw, Firefox 87 features, MyBB patch.
Dave's Garage on YouTube.
The latest update on the ProxyLogon fiasco is from Microsoft.
Black Kingdom Ransomware.
Firefox will be adopting a new privacy-enhancing Referrer Policy.
This Week in Remote Code Execution...
SN 810: ProxyLogon – New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome
New Chrome 0-Day, Patch Tuesday Redux, Spectre Comes to Chrome.
Chrome closes another 0-day.
This v89 of Chrome also lost some weight.
Spectre comes to Chrome!
Prime+Probe: A new browser tracking side-channel.
Patch Tuesday Redux.
BSODs when attempting to print.
Free code signing for the...
SN 809: Hafnium – Dependency Confusion, Intel Side Channel Attacks, Crispy Subtitles From Lay's
Dependency confusion, Intel Side Channel Attacks, Crispy Subtitles from Lay's.
Picture of the week.
47 fixes in Chrome 89.0.4389.72.
Crispy Subtitles from Lay's.
Google funds Linux kernel security developers.
WinAmp gets a huge update!
"Intel Side Channel Attacks on the CPU On-Chip Ring Interconnect...
SN 808: CNAME Collusion – Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password
Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.
Chrome to default to trying HTTPS first when not specified.
Firefox's "Enhanced Tracking Protection" just neutered 3rd-party cookies!
As easy as "SolarWinds123".
Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10.
VMware's vCenter...
SN 807: Dependency Confusion – SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"
SHAREit's security update, Solorigate, Brave's "Private Window with Tor".
SHAREit Follow-up
This Week in Web Browser Tracking
Brave's "Private Window with Tor" was not so private
Tracking with eMail Beacons
Microsoft's final "Solorigate" update
"Good App goes Bad for Profit"
SpinRite: RS shows VERY obvious...
SN 806: C.O.M.B. – Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability
Florida water supply hack update, Major patch Tuesday, Android SHAREit vulnerability.
Pic of the week.
New info in the Oldsmar, Florida water supply attack.
Major Patch Tuesday update.
Adobe released critical updates to three versions each of its Acrobat and Reader.
Android SHAREit.
The...
SN 805: SCADA Scandal – Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks
Defender thinks Chrome is malware, Plex Media Servers in DDoS attacks.
Picture of the Week.
Google has been busy with Chrome.
Google Chrome Heap Buffer Overflow Vulnerability Exploited.
A unique use of Chrome's "sync" feature for command & control and data exfiltration.
Defender...
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons Column Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you...
Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met.
"The...
NSA and ODNI analyze potential risks to 5G networks
U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering.
The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office...
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
The list of updated applications includes Adobe Experience Manager,...
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
