Encrypting ClientHello
0 seconds of 0 secondsVolume 90%
Press shift question mark to access a list of keyboard shortcuts
Keyboard Shortcuts
Shortcuts Open/Close/ or ?
Play/PauseSPACE
Increase Volume↑
Decrease Volume↓
Seek Forward→
Seek Backward←
Captions On/Offc
Fullscreen/Exit Fullscreenf
Mute/Unmutem
Decrease Caption Size-
Increase Caption Size+ or =
Seek %0-9
Oct 3rd 2023
Security Now 942
Encrypting ClientHello
Hosted by
Steve Gibson,
Leo Laporte
EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
- Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
- Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware.
- Windows 11 now natively supports passkeys, though browser support may make this redundant.
- Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited.
- The ECH TLS extension encrypts the ClientHello packet to hide SNI data.
- Exim disclosure timeline and impact on millions of vulnerable servers.
- Bing chat ads mimic search result malvertising risks amplified by chatbot trust.
Show notes: https://www.grc.com/sn/SN-942-Notes.pdf
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.