- Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
- China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
- A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
- The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
- A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
- Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
- A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
- An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
- Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
- There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
- Listener questions whether all stolen LastPass vaults will eventually be decrypted.
Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.