SN 1065: Attestation - Code Signing Gets Tough
Security Now (Audio)
Leo Laporte
4.6 • 2.3K Ratings
🗓️ 17 February 2026
⏱️ 161 minutes
🧾️ Download transcript
Summary
How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026.
- Websites can place high demands upon limited CPU resources.
- Microsoft appears to back away from its security commitment.
- What's Windows 11 26H1 and where do I get it.
- Chrome 145 brings Device Bound Session Credentials.
- More countries are moving to ban underage social media use.
- The return of Roskomnadzor.
- Discord to require proof of adulthood for adult content.
- Might you still be using WinRAR 7.12 -- I was.
- Paragon's Graphite can definitely spy on all instant messaging.
- 30 malicious Chrome Extensions.
- 287 Chrome extensions from spying on 37.4 million users.
- The first malicious Outlook add-in steals 4000 user's credentials.
- Some AI "vibe" coding thoughts.
- What I just went through to obtain a new code signing certificate
Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here. We have lots to talk about. A big change to Chrome, |
| 0:07.7 | bringing something called device-bound session credentials to your browser. Steve's going to talk about |
| 0:13.4 | how you can prove you are who you say you are when it comes to your code signing. And bad news |
| 0:20.2 | about more than 200 Chrome extensions that were spying on more than 34 |
| 0:25.1 | million people that more coming up next on security now podcasts you love from people you |
| 0:34.6 | trust this is Twit. |
| 0:41.6 | This is Security Now with Steve Gibson. |
| 0:44.5 | Episode 16, 2005, recorded Tuesday, February 17, 26. |
| 0:51.1 | Attestation. |
| 0:52.7 | It's time for Security Now, the show we cover the latest in security, privacy, |
| 0:57.7 | how things work, sci-fi, and whatever else this guy here is up to. Mr. Steve Gibson, welcome. |
| 1:06.7 | I do try to keep us mostly on track, though, you know, the world is not monotonic. |
| 1:13.7 | So, you know, lots of things are going on. |
| 1:17.4 | You're a polyglot, a polyglot, you know everything. |
| 1:22.1 | So it's nice to talk about all these things. |
| 1:25.1 | Certainly don't know everything. |
| 1:26.3 | I do. |
| 1:27.1 | There are things I know a lot about and things that I'm interested in learning more about. But yeah, I'm definitely curious. I just from my first moments of awareness, I wanted to know how things work. That's what I want to know the important mindset. Yeah. Yeah. |
| 1:45.8 | And so I lost my fear of, you know, looking inside to go, oh, look, that little cam goes |
| 1:53.1 | this way and that pushes that lever over here and that causes that to drop down. And, you know, |
| 1:58.1 | I was very good at the game, the board game mouse trap for that reason |
| 2:02.4 | back in our youth. Okay, the elephant in the room is the 28 page security research paper that |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.