Security Now with Steve Gibson and Leo Laporte

Oct 3rd 2023

Security Now 942

Encrypting ClientHello

EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Category: Help & How To
  • Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.
  • Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware.
  • Windows 11 now natively supports passkeys, though browser support may make this redundant.
  • Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited.
  • The ECH TLS extension encrypts the ClientHello packet to hide SNI data.
  • Exim disclosure timeline and impact on millions of vulnerable servers.
  • Bing chat ads mimic search result malvertising risks amplified by chatbot trust.

Show notes:

Download or subscribe to this show at

Get episodes ad-free with Club TWiT at

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site:, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.