DiscoverSecurity Now (MP3)
Security Now (MP3)

Security Now (MP3)

Author: TWiT

Subscribed: 9,610Played: 107,229
Share

Description

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
138 Episodes
Reverse
loading
Comments (17)

La Shaun Pearl

zoa

Jan 4th
Reply

Steven Dx

Another poorly done show discussing constitutional rights. The fifth amendment and right to remain silent is not affected by a judge issuing a warrant. Encryption is a right, and the movie `Breach' and historical events such as WWII demonstrate not all politicians or government employees can be trusted, establishing the need for such protections. This requires we do things like not have open borders, or limit the damage from crime like carry a concealed weapon. No encryption should be considered secure, as even so called heavily reviewed open source programs have existed for years with flaws. But conceptually, the 5th amendment affirms the fourth and adds another layer of protection. This is a serious concept to understand as it requires we label decrypted documents as violations of the fifth amendment, as the act of decryption is compelling a person to testify against one self. Par for course in an age of amnesia by so many public servants? Review of the facebook bug was fake news as Facebook claimed they did not know which users were affected when servers have logs? Steve just shoved that under the carpet? palm face. children photos are not poker cards.

Dec 23rd
Reply

Steve D

great show. no no no no google. If you want native apps that can read and write files, develop a native app. You can not remove the sandbox, in fact they need to fix Android shared spaces, especially sd cards. If you did try this, it would have to be a folder for each web site sand boxed to no execute, no wildcard or directory tranversal. folder www.google.com pic.jpg doc.pdf no system files no java script sub folder adsense.www.google.com So just like you delete cookies, poof! you can erase folders (they want cookies users can not delete). great show pointing this stuff out. also perms specific to not only web sites but web pages. you may not want softcondomsfakesite.com access to mail.google.com! why am i writing this, are we all that stupid now?

Dec 7th
Reply

Steve D

so if steve posts 1 gigabyte video on grc.com he should be forced to host to 4 billion ip addresses if they want it @ $5000 a day or would he want to 'throttle' that? Twisting fcc and doj rules as described in podcast demonstrate steve does not understand legal language. sad.

Oct 5th
Reply

Steve Xxx

I like the long format that allows a sense of humor and there is not someone screaming "abandon ship" every five minutes. Steve does a great foundation up approach, and that takes hand holding sometimes. The latest episode with Chrome (I am actually thinking banning that browser on my websites), highlights that auto updates can be more dangerous than traditional malware attacks. The autoupdate pushed malware into systems unkown to the attackers that were clean. Even worse, we dont know if or when malware is rolled back, horrors, if one not paying attention. So something like a password manager, that auto updates itself, could disable certificate protections, phone back to home base, then roll back changes, as even code signing, can be part of the vector for clever attacks. We need out of the box security, and a nice bon fire of all the published document "worse is better". Google is off the rails with subdomains and search bar formatting. None of their business, and created security problems, such as "what am I looking at". Years ago I not only deleted the executible for Google product updates on Windows, but other vendors too. I need to know when updates are done so I can do the backup of the system. Very sloppy practices by tech people who develop code in insecure environments, lack of training, etc. Stop expecting to update products, and dont package the entire C language in your interperters when all I need are simple graphics, text handling, and no object based, or network tools. A web browser should not have any scripting language in my opinion, as people are abusing that system, running up to 120 scripts per page ( especially support pages of Chinese firms)! I would rather have server overhead, then broken trust and crippled networks.

Sep 13th
Reply

David Magallon

These episodes are way too long. Needlessly so. Often it just seems like Steve is just rambling and you can picture Leo just going "uh huh" while watching a YouTube video.

Aug 31st
Reply

Steve D

If Martians were locking up Linux users and selling their organs, would we all still look the other way and just say if you want to do business on Mars, you got to follow the rules and use Microsoft? Don't worry, our lobbyists are holding the line, they confirm that if you can play checkers or chess, they have no plans to lock you up as a threat, at this time, as Martians are not currently at the pleasure level of ruining the lives of checker or chess players any time soon according to translators.

Aug 12th
Reply

Steve D

You are kidding right? You see no scenario where some one can target you using blue tooth? You go out to eat, then get back in your car, someone following you, is waiting for your phone to pair with audio system, in a car nearby.

Aug 11th
Reply

Steve D

The only way to break the cycle is to sell operating system chips on a monthly basis. Every month pop in a new chip, you are done. Sell it in stores so no one can be targeted.

Aug 11th
Reply

Steve D

Dept of Defense websites should not be under the possible control of private sector company certificates, who have dropped the ball in the past. Google refused way back when to spider https sites. No one wants to talk about unnecessary encryption as possibly weakening the entire system over time, which it most certainly does, I don't understand why they demand this, or why they should be trusted with safe browser integration tools, as censorship is raising its ugly head with nebulous terms and specific evidence discussed beyond a reasonable doubt. Google should not be the man in the middle by default with safe browsing 'features' as it gets in bed with violent authoritarians? Google will be broken up, writing is on the wall, in my opinion.

Aug 11th
Reply

Charlie DaBear

is there any company in the world that puts as much effort in to patching as Microsoft?

Aug 8th
Reply

dennis casteel

y inouz ith is he coming but unfortunate are on better go guess toly 😎😎uo not be be an

May 14th
Reply

iTunes User

Steve and Leo cover some very technical subjects with exactly the right amount of detail. If you are the person who your friends go to for computer advice this is a must hear show for you. If you are interested in improving your technical skills this is an excellent show. I wouldn't recomend this show to a novice computer user. If you know a firewall from a router from a switch, or can explain the difference between a worm and a virus you'll be just fine.

Aug 30th
Reply

Vince Fitzpatrick

iTunes User 0j0nn..bnb bb

Mar 6th
Reply

Christopher Altman

iTunes User 8

Oct 7th
Reply

iTunes User

Steve Gibson is obsessed with computer security and it is really reflected in this show. This is a good thing as he presents the infomation in english and you can be a beginner to advanced user and still understand the topic. Keep up the great work.

Aug 30th
Reply

iTunes User

Besides having excellent audio quality (which is lacking is so many podcasts) this one offers information that would otherwise be difficult to find and understand. While Steve's lingo is often over my head, Leo makes sure that everything is explained in a way that many average users (me) can understand. The fact that the shows cover subjects that are useful to all operating systems is a plus, especially being a Mac user myself.

Aug 30th
Reply
loading
Download from Google Play
Download from App Store