SN 941: We told you so! - NSA hacked Huawei? MS big AI data blunder, ValiDrive update

Security Now (Audio)

Leo Laporte

Cyber Crime, Malware, Technology, Encryption, Steve Gibson, Security, Hacking, Twit, Spyware, Leo Laporte

4.6 • 2.1K Ratings

🗓️ 26 September 2023

⏱️ 146 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Apple has quietly removed support for Postscript in macOS Ventura over security concerns with the outdated interpreter language.
China has formally accused the NSA of hacking and maintaining access to Huawei servers since 2009, based on documents from Edward Snowden.
A misconfigured Azure Shared Access Signature token resulted in 38TB of sensitive internal Microsoft data being exposed, including employee backups with passwords.
The Signal messaging platform has added a post-quantum encryption protocol called PQXDH, combining its existing X3DH with the believed quantum-resistant CRYSTALS-Kyber system.
A zero-day iOS exploit chain was used to target Egyptian presidential candidate Ahmed Eltantawy, redirecting his traffic to install spyware after visiting a non-HTTPS site.
Steve gave an update on the status of his forthcoming ValiDrive USB validation utility, explaining delays due to challenges working at the USB level under Windows.
A blog post argued that the complexity of modern web browsers has made it impossible to create competitive new browsers from scratch.
An emailer claimed to have a mathematical algorithm that can generate truly random numbers.
Another emailer asked whether encrypting and deleting a hard drive could substitute for overwriting with random data.
There was an explanation of how public key encryption can be used bidirectionally for both encryption and authentication.
Listener questions whether all stolen LastPass vaults will eventually be decrypted.

Show Notes - https://www.grc.com/sn/SN-941-Notes.pdf

Hosts: Steve Gibson and Ant Pruitt

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Transcript

Click on a timestamp to play from that location

0:00.0	Hey, it's time for security now. I'm Ant Purwitt sitting in for Mr. Legal Report while he's out enjoying a Green Bay Packers game.
0:07.0	That is still so funny to say. As we come sitting with Mr. Steve Gibson as he goes through some interesting news here in the world of cybersecurity.
0:16.0	We have the NSA hacked Huawei. Well, yeah, several years ago, is that really news?
0:23.0	We also take a look again at what's been going on with last pass in some of the implications regarding their previous breach.
0:31.0	And also, that algorithm doesn't quite add up. Yes, stay tuned.
0:39.0	Podcasts you love from people you trust. This is Twit.
0:45.0	This is security now episode 941 recorded Tuesday, September 26, 2023. We told you so.
1:00.0	This episode of security now is brought to you by Delete Me. Reclaim your privacy by removing personal data from online sources.
1:08.0	Protect yourself and reduce the risk of fraud, spam, cyber security threats, and more by going to join Delete Me.com slash Twit and using code Twit for 20% off.
1:19.0	And by our friends at IT Pro TV now called ACI Learning. ACI's new cyber skills is training this for everyone, not just the pros. Visit go.ACILearning.com slash Twit.
1:32.0	Twit listeners can receive up to 65% off an IT Pro enterprise solution plan after completing their form.
1:39.0	Based on your team size, you'll receive a properly courted discount tailored to your needs. And by Melissa.
1:47.0	More than 10,000 clients worldwide rely on Melissa for full spectrum data quality and ID verification software.
1:55.0	Make sure your customer contact data is up to date this holiday season.
1:59.0	Get started today with 1,000 records, clean for free at Melissa.com slash Twit.
2:06.0	Hey, what's going on everybody? I am Aunt Prood and this is security now here on Twit TV with the one and only demand of the hour or couple hours.
2:16.0	Mr. Steve Gibson, how you doing, sir?
2:19.0	Yes, I think we could probably fill our listeners time with a couple hours of all kinds of neat security information and news.
2:27.0	And this week we are, you know, no exception, we are chock full of questions.
2:32.0	Why is my new valid drive freeware not published yet? Why did Apple quietly remove PDF rendering from the Mac after 39 years?
2:43.0	Has the NSA been hacking China? What mistake did Microsoft recently make that would require the use of a bigger hard drive?
2:51.0	Why did signal just announced their use of post-quantum crypto? What's the big hurry? Is it possible to create a new web browser from scratch? And if not, why not?
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.