SN 1005: 6-Day Certificates? Why? - Android Anti-Tracking, MFA lLogin Bypass, BIMI
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 17 December 2024
⏱️ 145 minutes
🧾️ Download transcript
Summary
- Is AI the Wizard of Oz? Or is it more?
- Microsoft's long standing effective MFA login bypass.
- Is TPM 2.0 not required after all for Windows 11?
- Meet 14 North Korean IT workers who made $88 million from the West.
- Android updates its Bluetooth tracking with anti-tracking.
- The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight.
- The AskWoody site remains alive, well, and terrific.
- My iPhone is linked to Windows and it's wonderful. Yay.
- How has email been finding logos before BIMI?
- If we use Him and Her for people, how about Hal for AI?
- Another very disturbing conversation with ChatGPT.
- What's going on with the new ChatGPT o1 model? It wants to escape? What??
- Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world?
- And all the best holiday wishes. See you in January
Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here for our last episode of the year next year, |
| 0:05.3 | next week of best of. But this week we're going to talk about AI. Is it the Wizard of Oz? |
| 0:10.5 | Steve has some really deep thoughts about what is AI and whether we'll ever get to AGI. Also, |
| 0:17.3 | we have some pretty amazing examples of what the latest chat GPT model can do. |
| 0:23.3 | We'll talk about, oh my God, the NPM package manager repository that has more than half a million malicious packages on it and what you can do to avoid that. |
| 0:37.2 | And then certificate lifetimes are decreasing. |
| 0:41.1 | Steve asks a question, why, why? |
| 0:44.7 | All that more coming up next. |
| 0:46.4 | On security now. |
| 0:50.2 | Podcasts you love. |
| 0:51.6 | From people you trust. |
| 1:03.2 | This is Twit this is security now episode one thousand five recorded tuesday december 17th twenty twenty four six day certificates why it's time for security now. The show we cover your security and privacy and |
| 1:16.0 | safety online and talk a little bit about sci-fi, how computers work, and anything else that's on the mind |
| 1:22.1 | of the master, Mr. Stephen Gibson. Steve Gibson, how are you? And I have to say it's AI these days. |
| 1:31.1 | I'm my, my, you're not alone, I might add. |
| 1:33.7 | Burning curiosity about it. |
| 1:38.4 | Okay, so today's podcast, 1005 for for December 17th I titled six day certificates |
| 1:48.4 | why why yeah and uh we're going to take a a long look at that because I don't get it and and I uh, and I think I'll be able to make a strong |
| 2:03.0 | case for why I'm not sure there's anything to get. I don't, I've got to make just crazy. |
| 2:07.3 | This is what Apple's asking for, right? Uh, uh, well, apparently Apple was the, uh, a driver, uh, |
| 2:16.7 | the guy from sectigo, I just heard from I just heard from one of our listeners, uh, |
| 2:21.8 | from feedback who received the show notes last evening, who said that, that, you know, that that |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.