Security Now with Steve Gibson and Leo Laporte

Sep 26th 2023

Security Now 941

We told you so!

NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Category: Help & How To
  • Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
  • China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
  • A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
  • The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
  • A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
  • Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
  • A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
  • An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
  • Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
  • There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
  • Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.