Security Now with Steve Gibson and Leo Laporte

Oct 24th 2023

Security Now 945

The Power of Privilege

Hosted by Steve Gibson, Leo Laporte

New cURL vulnerabilities, CVSS 10.0 Cisco Nightmare, So long VBScript!

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Subscribe on Apple Podcasts
Subscribe on Pocket Casts
Subscribe on Club TWiT
Subscribe on RSS
Subscribe on YouTube
Category: Help & How To
  • How fake drives continue to be sold on Amazon despite negative reviews
  • Microsoft is discontinuing support for the VBScript language
  • The 30-year old NTLM authentication protocol will eventually be removed from Windows
  • Two new vulnerabilities found in cURL
  • A new Cisco router vulnerability rated CVSS 10.0 was used to hack over 40,000 devices
  • Debate over whether "lib" should rhyme with "vibe" or "air"
  • Instructions for accessing the SpinRite 6.1 pre-release version
  • Feedback on passkey exportability and server IP address encryption
  • A listener asks if ransomware can encrypt already encrypted files
  • How Privacy Badger un-rewrites Google's search result links
  • The NSA and CISA warn about the power of privilege and the dangers of account misconfigurations like privilege creep, elevated service account permissions, and non-essential use of elevated accounts

Show Notes - https://www.grc.com/sn/SN-945-Notes.pdf

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors

Join Club TWiT and get episodes ad-free plus other exclusive membership benefits.

You can submit a question to Security Now at the GRC Feedback Page.