SN 937: The Man in the Middle - WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 29 August 2023
⏱️ 130 minutes
🧾️ Download transcript
Summary
- Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.
- WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.
- HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.
- Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.
- Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.
- Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.
- Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.
- Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.
- Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.
- Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.
Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here. He's going to give you some more |
| 0:03.9 | information about that win-raw hack how it works and how to fix it. We'll also talk a little bit |
| 0:10.0 | about the Unix time story and TLS hand shakes. So they really need it and do we really need |
| 0:15.5 | HTTPS? Sometimes it turns out we don't. And then Steve's going to blow the lid off of an explosive |
| 0:22.2 | story hard drives that lie. It's all coming up next on Security Now. Podcasts you love. |
| 0:31.6 | Front people you trust. This is Twit. |
| 0:39.8 | This is Security Now with Steve Gibson episode 937 recorded Tuesday, August 29th, 2023. |
| 0:48.2 | The Man in the Middle. Security Now is brought to you by Collide. Collide is a device trust solution |
| 0:56.6 | for companies with Octa. And they ensure if a device isn't trusted and secure, they can't |
| 1:02.4 | log into your cloud apps. Visit collide.com slash security now, book an on-demand demo today. |
| 1:10.0 | And by thinks canary thousands of irritating false alerts up no one. Get the single alert that |
| 1:17.3 | matters when someone's inside your network. For 10% off and a 60-day money back guarantee, |
| 1:22.7 | go to canary.tools slash twit and then with the code twits and the how did you hear about |
| 1:28.3 | this box. And by the building cyber resilience podcast, a show about tech and security from the |
| 1:35.8 | perspectives of data scientists, Dr. Anne Irvin and career CISO Rich Sireson, regarding the |
| 1:41.6 | intersection of data, finance and cyber risk management. Search for building cyber resilience |
| 1:47.3 | on Apple Podcasts, Spotify or wherever you listen to your podcasts. It's time for Security Now, |
| 1:53.9 | the show we cover your security, your privacy, your online life. With this guy right here, |
| 2:00.0 | Mr. Steven Gibson, our man of the hour. Hi, Steve. Yo, Leo. Can you be up? Can you |
| 2:07.7 | don't watch out for that? Super glue. Can you believe that it is the end of August? |
| 2:14.6 | I, uh, yeah, wow. You know, I kind of can't believe it because we have a guy here, one of our |
| 2:21.0 | employees who's been delegated to put up holiday decorations. And when I came in this morning, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.