SN 1071: Bucketsquatting - Meta and TikTok's Tracking Pixels
Security Now (Audio)
Leo Laporte
4.6 • 2.3K Ratings
🗓️ 24 March 2026
⏱️ 169 minutes
🧾️ Download transcript
Summary
When convenience trumps caution, disaster waits in the wings. Join Steve Gibson and Mikah Sargent as they break down the jaw-dropping oversights lurking in mission-critical tax and cloud tools, and examine how a single unchecked decision can upend internet security for years.
- H&R Block's tax software does something SO WRONG.
- The Intoxalock breathalyzer calibration cyber attack.
- Firefox now offers a 100% free built-in VPN.
- TikTok and Meta's tracking pixels are so much more.
- Russians beg for the return of Telegram, WhatsApps and others.
- Never connect your crypto-wallet to an unknown service.
- What would a week be without a Cisco CVSS of 10.0.
- Ubiquiti patches a 10.0 critical flaw.
- Listener feedback and...
- What's "Bucketsquatting" and what can be done to prevent it
Show Notes - https://www.grc.com/sn/SN-1071-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Coming up on security now, Steve Gibson is here, and I am filling in for Leo Laporte, kick off the show with H&R Block's tax software. |
| 0:08.8 | Well, it's doing something pretty wild, and Steve has a suggested fix for it. |
| 0:14.1 | We also talk about what happens when breathalyzer firmware needs to be calibrated. |
| 0:20.8 | Plus, Russians want telegram and WhatsApp to return to Russia. |
| 0:27.2 | And very important, we finally learn what bucket squatting means and what can be done to fix it. |
| 0:34.4 | All of that plus so much more coming up in Security Now. |
| 0:40.3 | Podcasts you love. From people you trust. |
| 0:44.7 | This is Twitter. |
| 0:50.1 | This is Security Now, episode 1,071 with Steve Gibson and me, Micah Sargent, recorded Tuesday, March 24th, 2026. |
| 1:00.9 | Bucket squatting. |
| 1:02.6 | It's time for security now. |
| 1:05.4 | And if you're hearing this voice and going, that's not Leo Leport, well, good for you. |
| 1:08.7 | You've got a good ear for voices. |
| 1:10.4 | I am Micah Sargent. Leo Lipport is not here good for you. You've got a good ear for voices. I am Micah Sargent. |
| 1:11.8 | Leo Lipport is not here with us this week. I'll be back. Don't you worry. But until then, |
| 1:17.0 | I am excited to be joined by the ever-knowledgeable Steve Gibson. Hello, Steve. Micah, great to be with you again. Leo told us last week that |
| 1:30.0 | the RSA conference is going on in San Francisco. And so he and Lisa are there, shaking hands |
| 1:38.4 | with past and present and maybe even future advertisers for security related things. So glad to have you filling |
| 1:48.0 | in for him. It's always a pleasure to get to join you. Well, yeah. And once upon a time when we |
| 1:53.6 | had Father Robert, he was our backstop for Leo. And now we got you. So that's great. |
| 2:00.8 | Yeah, good to be here. So that's great. Yeah. |
| 2:01.4 | Good to be here. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.