SN 895: After 20 years in GCHQ - Stranger Strings, PayPal passkeys, new TCP/IP RCE in Windows
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 1 November 2022
⏱️ 122 minutes
🧾️ Download transcript
Summary
- Picture of the Week.
- Windows driver blocklist to be updated next Tuesday.
- More Microsoft shenanigans.
- An upcoming OpenSSL CRITICAL vulnerability update -- get ready!
- A new TCP/IP RCE in Windows.
- A study of malicious CVE proof of concept exploits in GitHub.
- "Stranger Strings" : An exploitable flaw in SQLite.
- PayPal to add support for Passkeys.
- A browser exploitation tutorial!
- Kathleen Booth: July 9th, 1922 – September 29, 2022.
- Closing The Loop.
- SpinRite.
- After 20 years in GCHQ.
We invite you to read our show notes at https://www.grc.com/sn/SN-895-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here. We have an update on that Microsoft Windows driver block list |
| 0:07.0 | Flaw, I guess you'd call it three years. They have an updated it finally |
| 0:10.5 | They have and how you can do it manually anytime you want |
| 0:15.2 | SQL light SQL ITE has a big security flaw |
| 0:19.8 | It's everywhere. We got to fix this one and then some thoughts |
| 0:23.9 | After 20 years in Britain's GC HQ what we've learned about security |
| 0:29.9 | It's all coming up next on security now |
| 0:34.9 | Podcasts you love from people you trust |
| 0:38.9 | This is twit |
| 0:45.2 | This is security now with Steve Gibson episode 895 |
| 0:49.9 | Recorded Tuesday November 1st, 2022 after 20 years in GC HQ |
| 0:57.9 | Security now is brought to you by Nord layer. Nord layer is a secure network access solution for your business |
| 1:05.9 | Join over 6,000 plus fully protected organizations at nordlayer.com slash twit |
| 1:12.9 | And get your first month free when purchasing an annual subscription and by collide |
| 1:18.9 | Collide is endpoint security that uses the most powerful untapped resource in IT end users |
| 1:25.9 | Visit collide.com slash security now to learn more and activate a free 14-day trial today |
| 1:32.9 | No credit card required and by IT pro TV |
| 1:36.9 | If you're looking to break into the world of IT or if your IT team needs to level up |
| 1:42.9 | Get the introduction you need with IT pro TV |
| 1:45.9 | Check out an IT pro TV business plan by visiting IT pro dot TV slash security now today |
| 1:52.9 | It's time for security now the show we cover your safety at home and abroad |
| 1:59.9 | Mostly on the internet generally with computers |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.