SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 31 October 2023
⏱️ 122 minutes
🧾️ Download transcript
Summary
- What caused last week's connection interruption? Router was rebooting intermittently, but why?
- David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
- iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
- Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
- HackerOne breach bounties surpass $300M total payout.
- CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
- SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
- Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
- Open source projects struggle with costly code signing certificates.
- Deep dive into CitrixBleed vulnerability allowing authentication bypass.
Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now Steve Gibson is here. He's got some really interesting stuff including a new idea for Zero Trust Network |
| 0:07.8 | Architects. We'll also talk about more Last Pass Hacks, sad to say. |
| 0:13.7 | And then he's gonna do one of my favorite things, |
| 0:16.0 | which is look at a major security flaw, |
| 0:18.3 | this time with Citrix, |
| 0:20.0 | and actually examine the code that made it possible. |
| 0:23.4 | This is a real great learning episode |
| 0:25.2 | for anybody who has to write code |
| 0:26.5 | or just wants to know how these break-ins happen. |
| 0:28.9 | It's all coming up next on security now. |
| 0:35.0 | Podcasts you love. From people you trust. |
| 0:37.0 | This is Twit. |
| 0:40.0 | This is security now with Steve Gibson episode 946 recorded Halloween that's Tuesday |
| 0:49.9 | October 31st 20, Citrix Bleed. Security now is brought to you by Duo. |
| 0:59.0 | Protect against breaches with a leading access management suite providing strong multi-layered defenses to only allow legitimate |
| 1:06.4 | users in. |
| 1:07.6 | For any organization concerned about being breached and in need of a solution fast, Duo |
| 1:12.4 | quickly enables strong security and improves user productivity. |
| 1:16.5 | Visit CS.co slash twit today for a free trial. |
| 1:21.5 | And by Bitward. |
| 1:24.0 | Get the open source password manager |
| 1:26.0 | that can help you stay safe online. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.