SN 1040: Clickjacking "Whac-A-Mole" - Inside the Password Manager Clickjacking Frenzy and What It Means
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 26 August 2025
⏱️ 171 minutes
🧾️ Download transcript
Summary
Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords.
• Germany may soon outlaw ad blockers
• What's happening in the courts over AI
• The U.K. drops its demands of Apple
• New Microsoft 365 tenants being throttled
• Is Russia preparing to block Google Meet?
• Bluesky suspends its service in Mississippi
• How to throttle AI
• A tricky SSH-busting Go library
• Here comes the Linux desktop malware
• Apple just patched a doozy of a vulnerability
• A trivial Docker escape was found and fixed
• Why the recent browser 0-day clickjacking is really just whac-a-mole
Show Notes - https://www.grc.com/sn/sn-1040-notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here with some big stories. Germany is thinking about |
| 0:06.9 | outlawing ad blockers. We'll see what their court does. Blue Sky suspends its service in Mississippi due to age |
| 0:14.0 | restrictions. And don't worry about that recent browser zero day. It's not as dangerous as it seems. |
| 0:22.8 | That and a lot more coming up next on Security Now. |
| 0:28.6 | Podcasts you love. |
| 0:30.4 | From people you trust. |
| 0:32.9 | This is Twitter. |
| 0:38.3 | This is Security Now with Steve Gibson. |
| 0:41.0 | Episode 1040, recorded Tuesday, August 26th, 2025. |
| 0:46.8 | Clickjacking whackamol. |
| 0:49.9 | It's time for Security Now. |
| 0:52.5 | The show we cover your security, your privacy, your safety online with the king of security now. The man in charge, he is our benevolent dictator for life, Mr. Steve Gibson. |
| 1:05.3 | How about a benevolent spectator in life? Yeah, I like that. Maybe, yes. Yeah, you don't dictate anything, do you? No, I don't know. No, I'm not at all. I care hugely about personal freedom, so I give what I want. You know, I... It's good. You give us the advice. It's up to us to take it. And yeah, you'll just see me like, well, this is what I do. So yeah, you're welcome to follow or not as you choose. |
| 1:31.7 | So the most, no, I was going to say texted, but most emailed from our listeners question of the week was, what about this zero day as it was called like oh come on you know |
| 1:48.6 | you stick zero day on front of everything so it seems like uh browser click jacking theft of all your |
| 1:57.4 | usernames and passwords attack and doesn't sound good, whatever it is. |
| 2:03.1 | So we're going to talk about that as our main topic. |
| 2:06.1 | Now, you may get a clue about how I feel about it, if you hadn't already, from the title of today's podcast, number 140, which is clickjacking whackamole. |
| 2:23.6 | It's not that there's nothing to see here. |
| 2:26.0 | There's a lot for us to talk about. |
| 2:28.7 | And I think we're going to end up. |
| 2:30.9 | I mean, this is going to be a great podcast for a change because for a change. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.