Security Now with Steve Gibson and Leo Laporte

Oct 31st 2023

Security Now 946

CitrixBleed

iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
Category: Help & How To
  • What caused last week's connection interruption? Router was rebooting intermittently, but why?
  • David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
  • iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
  • Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
  • HackerOne breach bounties surpass $300M total payout.
  • CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
  • SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
  • Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
  • Open source projects struggle with costly code signing certificates.
  • Deep dive into CitrixBleed vulnerability allowing authentication bypass.

Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.