Security Now 941

• Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
• China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
• A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
• The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
• A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
• Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
• A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
• An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
• Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
• There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
• Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

• Transcripts: Security Now 941, Transcript