Security Now with Steve Gibson and Leo Laporte

Oct 3rd 2023

Security Now 942

Encrypting ClientHello

Hosted by Steve Gibson, Leo Laporte

EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Subscribe on Apple Podcasts
Subscribe on Pocket Casts
Subscribe on Club TWiT
Subscribe on RSS
Subscribe on YouTube
Category: Help & How To
  • Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
  • Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware.
  • Windows 11 now natively supports passkeys, though browser support may make this redundant.
  • Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited.
  • The ECH TLS extension encrypts the ClientHello packet to hide SNI data.
  • Exim disclosure timeline and impact on millions of vulnerable servers.
  • Bing chat ads mimic search result malvertising risks amplified by chatbot trust.

Show notes: https://www.grc.com/sn/SN-942-Notes.pdf

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors

Join Club TWiT and get episodes ad-free plus other exclusive membership benefits.

You can submit a question to Security Now at the GRC Feedback Page.