SN 1059: MongoBleed - Code Signing Under Siege
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 6 January 2026
⏱️ 197 minutes
🧾️ Download transcript
Summary
Why are code signing certificates suddenly getting shorter, pricier, and more restrictive? Steve Gibson and Leo Laporte expose the "cabal" rewriting the rules for everyone who builds software—and what it means for your security and your wallet.
- Code-signing certificate lifetimes shortened by two years.
- Sadly, ChatGPT is heading toward an advertising profit model.
- The Python Package Index is strengthening its security.
- BitLocker gets hardware acceleration, but not today.
- New York City's mayoral inauguration banned Raspberry Pi's.
- An astonishingly good British time travel series.
- A critical link between Vitamin D and Magnesium.
- A look inside the very bad MongoBleed vulnerability
Show Notes - https://www.grc.com/sn/SN-1059-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here. He's a little mift. We actually get a rare |
| 0:06.6 | Gibson rant over the life cycle of code signing certificates. It's going to be dramatically |
| 0:13.4 | reduced for no good reason. Ads coming to your chat GPT. Why did they ban the Raspberry |
| 0:20.5 | Pie from the New York City inauguration? |
| 0:23.1 | And an astonishingly good British TV series that Steve wants you to know about. Plus magnesium |
| 0:30.9 | as a supplement and then a look at a very big, very problematic flaw called Mongo Bleep. |
| 0:37.9 | It's a jam-packed show. |
| 0:39.0 | Stay tuned. |
| 0:39.7 | Security Now is next. |
| 0:44.2 | Podcasts you love. |
| 0:45.9 | From people you trust. |
| 0:48.5 | This is Twitter. |
| 0:53.8 | This is Security Now with Steve Gibson, episode 159, recorded Tuesday, January 6th, 2026. |
| 1:02.6 | Mongo bleed. |
| 1:04.8 | It's time for security now, the first show of 2026. |
| 1:09.2 | Let's see if Steve has changed it all in the new year. |
| 1:13.9 | No. |
| 1:14.6 | And the answer is no, and that's a good thing. |
| 1:18.4 | And that's a good thing. |
| 1:19.3 | Steve Gibson is here. |
| 1:20.8 | The man of the hour, the man, every Tuesday we tune in for to find out what the latest is in the security news. |
| 1:26.5 | Hi, Steve. |
... |
Transcript will be available on the free plan in 15 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.