• The consequences of Internet content restriction.
• The measured risks of 3rd-party browser extensions.
• The consequences of SonicWall's unpatched 9.8 firewall severity.
• The incredible number of still-unencrypted email servers.
• SonicWall vulnerability patching
• Shadowserver Foundation & eMail Encryption
• Salt Typhoon Evicted
• HIPAA gets a long-needed cybersecurity upgrade.
• The EU standardizes on USB-C for power charging. What?
• Believe it or not, a CATCHA you solve by playing DOOM.
• And... what I learned from three weeks of study of AI

Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• bitwarden.com/twit
• expressvpn.com/securitynow
• veeam.com
• threatlocker.com for Security Now

Leo revisits some of the year's top Security Now segments of 2024.

• 956. Apple's Hardware Backdoor: Steve reflects on the previous week's 'The Mystery of CVE-2023-38606' deep-dive. Did Apple deliberately designed a secure backdoor?
• 960. Unforeseen Consequences of Google's 3rd-party Cookie Cutoff: As Google moves to phase out third-party cookies, the advertising industry scrambles to find new ways to track users, potentially leading to more intrusive methods like requiring users to create accounts on websites.
• 961. Bitlocker: Chipped or Cracked?: A clever hacker demonstrates how BitLocker-encrypted drives can be compromised on systems using separate TPM chips, highlighting the importance of integrating TPM functionality directly into the CPU.
• 964. So, What Is Apple's PQ3?: Steve analyzes Apple's new "PQ3" post-quantum safe iMessaging protocol, uestioning whether it truly offers superior security compared to Signal's existing solution.
• 976. Recall - The 50 Gigabyte Privacy Bomb: Examining Microsoft's new "Recall" feature that records users' screens every few seconds, raising significant privacy concerns.
• 984. CrowdStruck: A look at the disastrous global IT outage caused by a faulty CrowdStrike Falcon update, affecting airports, hospitals, banks, and more.
• 1000. Steve and Leo reflect on 1000 episodes of Security Now.
• 1001. Artificial General Intelligence: Steve and Leo discuss the challenges in achieving artificial general intelligence (AGI) and the debate surrounding its potential timeline and societal impact.

Host: Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

• Is AI the Wizard of Oz? Or is it more?
• Microsoft's long standing effective MFA login bypass.
• Is TPM 2.0 not required after all for Windows 11?
• Meet 14 North Korean IT workers who made $88 million from the West.
• Android updates its Bluetooth tracking with anti-tracking.
• The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight.
• The AskWoody site remains alive, well, and terrific.
• My iPhone is linked to Windows and it's wonderful. Yay.
• How has email been finding logos before BIMI?
• If we use Him and Her for people, how about Hal for AI?
• Another very disturbing conversation with ChatGPT.
• What's going on with the new ChatGPT o1 model? It wants to escape? What??
• Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world?
• And all the best holiday wishes. See you in January

Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• joindeleteme.com/twit promo code TWIT
• 1password.com/securitynow
• bigid.com/securitynow
• canary.tools/twit - use code: TWIT