logo
episode-header-image
Aug 2024
2h 2m

SN 986: How Revoking! - Crowdstrike Dama...

TWiT
About this episode
  • Platform Key Disclosure
  • Firefox's 3rd-party Cookie mess
  • The W3C Finally Weighs-in
  • CrowdStrike Damages.
  • GRC's Email
  • How Revoking!

Show Notes - https://www.grc.com/sn/SN-986-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next
May 7
SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach
Microsoft to officially abandon passwords and support their deletion. Meta's RayBan smart glasses weaken their privacy terms. 30% of Microsoft code is now being written by AI. Google says prying Chrome from it will damage its security. Nearly 1,000 six-year-old eCommerce backdoor ... Show More
2h 46m
Apr 30
SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"
Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. ... Show More
2h 44m
Apr 23
SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats
Enabling Firefox's Tab Grouping. Recalled Recall Re-Rolls out. The crucial CVE program nearly died. It's been given new life. China confesses to hacking the US (blames our stance on Taiwan). CISA says what Oracle still refuses to. Brute force attacks on the (rapid) rise. An AI/ML ... Show More
2h 53m
Recommended Episodes
Feb 2024
Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deceptio ... Show More
1h 39m
Nov 2024
Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath
Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some in ... Show More
1h 43m
May 13
Log4j vulnerability (noun) [Word Notes]
Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/log4j⁠ Audio reference link: “⁠CISA Dire ... Show More
9m 16s
Jun 11
Ghost students “haunting” online colleges.
Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal gover ... Show More
37m 6s
Dec 2020
SLP238 Zach Herbert & Ken Carpenter - Passport by Foundation Devices: Air Gapped Hardware Wallet
The market for high quality hardware wallets is becoming more competitive with new entrants over time. Zach Herbert & Ken Carpenter of Foundation Devices join me to talk about their new upcoming product, Passport. Passport is fully air gapped (QR or microSD), PSBT, and designed w ... Show More
1h 3m
Aug 2024
Episode 85: Practical Applications of DEFCON 32 Web Research
Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus w ... Show More
1h 30m
Jan 2020
Love, lucky dips, and 23andMe
The man who hacked the UK National Lottery didn't end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by co ... Show More
42m 21s
Oct 2022
S3 E5 - Ed Holloway-George: Building Secure Apps, Root/Jailbreak Detection, Tap Jacking & more!
Today’s guest is Ed Holloway-George, Senior Android Engineer @Asos & speaker on all things cyber app security.In this episode we discuss: • The most common app vulnerabilities in 2022 • How to build more secure apps • Using hardware keystores • What is Tap Jacking • and much more ... Show More
35m 56s
Aug 2018
090: Fortnite for Android, and the FCC's DDoS BS
Fortnite players are told they'll have to disable a security setting on Android, the FCC finally admits that it wasn't hit by a DDoS attack, and Verizon's VPN smallprint raises privacy concerns. All this and much much more is discussed in the latest edition of the "Sm ... Show More
36m 47s
Listen to millions of songs and podcasts on Anghami