SN 946: CitrixBleed - iMessage Cotact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 31 October 2023
⏱️ 122 minutes
🧾️ Download transcript
Summary
- What caused last week's connection interruption? Router was rebooting intermittently, but why?
- David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
- iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
- Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
- HackerOne breach bounties surpass $300M total payout.
- CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
- SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
- Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
- Open source projects struggle with costly code signing certificates.
- Deep dive into CitrixBleed vulnerability allowing authentication bypass.
Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for Security Now Steve Gibson is here. He's got some really interesting stuff, |
| 0:04.5 | including a new idea for zero trust network architectures. We'll also talk about more last |
| 0:11.5 | has hacks, sad to say. And then he's going to do one of my favorite things, which is look at a |
| 0:17.0 | major security flaw this time with Citrix and actually examine the code that made it possible. |
| 0:23.2 | This is a real great learning episode for anybody who has to write code or just wants to know how |
| 0:27.6 | these break ins happen. So I'll come up next and secure you now. |
| 0:33.2 | Podcasts you love from people you trust. This is twit. |
| 0:43.2 | This is Security Now with Steve Gibson episode 946 recorded Halloween. That's Tuesday, |
| 0:49.9 | October 31st, 2023 Citrix Bleed. Security Now is brought to you by Duo. Protect against breaches with |
| 1:00.0 | a leading access management suite providing strong multi-layered defenses to only allow legitimate |
| 1:06.4 | users in. For any organization concerned about being breached and in need of a solution fast, |
| 1:12.0 | Duo quickly enables strong security and improves user productivity. Visit cs.co slash twit today. |
| 1:20.0 | For a free trial. And by Bitwarden. Get the open source password manager that can help you stay safe |
| 1:27.3 | online. Get started with a free teams or enterprise plan trial or get started for free across all |
| 1:33.5 | devices as an individual user at bitwarden.com slash twit. And by Vanta. Automate compliance and |
| 1:43.4 | streamline security reviews with the leading trust management platform. Vanta helps SaaS businesses |
| 1:49.6 | of all sizes, manage risk and prove security in real time. Twit listeners get $1,000 off Vanta, |
| 1:57.2 | go to vanta.com slash security now to claim this discount. It's time for security now. The show we |
| 2:04.2 | cover the latest security news, your privacy, your security, your online health and welfare with |
| 2:10.0 | this guy right here. Mr. Steven Gibson at GRC.com. Happy Halloween, Steve. Happy Halloween to you. |
| 2:19.4 | You are my namesake. You're the squirrel. I thought I'd wear a squirrel outfit for you. |
| 2:24.7 | Yeah. Very appropriate. We have a squirrel right here in the camera on my whatever this thing is |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.