SN 1021: Device Bound Session Credentials - Hotpatching in Win 11, Apple vs. UK
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 15 April 2025
⏱️ 195 minutes
🧾️ Download transcript
Summary
- Android to get "Lockdown Mode".
- What's in the new editions of Chrome and Firefox?
- Why did Apple silently re-enable automatic updates?
- My new iPhone 16, Chinese tariffs and electronics.
- Dynamic "hotpatching" coming to Win11 Enterprise & Edu.
- Why is it so difficult for Oracle to fess up?
- Another multi-year breach inside US Treasury.
- An Apple -vs- the UK update.
- "Thundermail" (Can't someone come up with a better name?)
- The (in)Security of Programmable Logic Controllers.
- When LLM's write code and hallucinate non-existent packages.
- Wordpress core security and PHP gets an important audit.
- Device-Bound Session Credentials update session cookie technology
Show Notes - https://www.grc.com/sn/SN-1021-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security. |
| 0:01.0 | Now, Steve Gibson is here. |
| 0:03.0 | We're going to talk about, well, there's a lot of things, |
| 0:05.7 | the 100-some fixes in Microsoft's Patch Tuesday last week, |
| 0:12.1 | why it's so difficult for Oracle to fess up an Apple versus the UK update |
| 0:17.2 | and the arrival of all that |
| 0:21.9 | and more coming up next on security now |
| 0:25.4 | podcasts you love |
| 0:30.1 | from people you trust |
| 0:31.7 | this is Twitter |
| 0:34.4 | this is Twitter |
| 0:38.2 | this is Security Now with Steve Gibson. |
| 0:41.3 | Episode 1,021, recorded Tuesday, April 15th, 2025. |
| 0:47.4 | Device-bound Session Credentials. |
| 0:50.6 | It's time for the moment you wait for all week long security now. |
| 0:55.3 | The show we cover your security, privacy, your safety online with the king of all of that stuff. |
| 1:01.1 | Mr. Steve Tiberius Gibson. |
| 1:03.5 | Hello, Steve. |
| 1:04.4 | Actually, Leo, what they're waiting for all week long is the next protracted event in their life, typically a five-hour commute or a plane flight or something. |
| 1:16.6 | They can listen to the show. |
| 1:18.2 | Yes, because now it's in their cue and it's time to spool this into their brain. |
| 1:26.2 | And boy, we got a spool for you today. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.