Security Now with Steve Gibson and Leo Laporte

Jan 24th 2017

Security Now 596

Password Complexity

A phishing attack that uses a browser's autofill.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Category: Help & How To

Symantec issues additional invalid certificates while on probation, Tavis Ormandy finds a very troubling problem in Cisco's Web conferencing extension for Chrome, yesterday's important update to iOS, renewed concerns about LastPass metadata leakage, the SEC looks askance at what's left of Yahoo, a troubling browser form auto-fill information leakage, Tor further hides it's hidden services, China orbits a source of entangled photons?  Heartbleed three years later, a new take on compelling fingerprints, approaching the biggest Pwn2Own ever, some miscellany... and some tricks for computing password digit and bit complexity equivalence.

We invite you to read our show notes.

<p>Download or subscribe to this show at <a href="https://twit.tv/shows/security-now">https://twit.tv/shows/security-now<… can submit a question to Security Now! at the <a href="http://grc.com/feedback.htm&quot; target="_blank">GRC Feedback Page</a>.</p><p>For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: <a href="http://grc.com/securitynow.htm&quot; target="_blank">grc.com</a>, also the home of the best disk maintenance and recovery utility ever written <a href="http://spinrite.info/&quot; target="_blank">Spinrite 6</a>.</p><p>Bandwidth for Security Now is provided by <a href="https://www.cachefly.com/&quot; target="_blank">CacheFly</a>.</p>