• Meta winds down 3rd-party content filtering. Is encryption soon to follow?
• Taking over abandoned Command & Control server domains (strictly for research purposes only).
• IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care?
• "SyncThing" receives a (blessedly infrequent) update.
• Government email is not using encryption? Really?
• Email relaying prevents point-to-point end-to-end encryption and authentication.
• Just because Let's Encrypt doesn't support email doesn't mean it's impossible.
• What Sci-Fi does ChatGPT think I (Steve) should start reading next?
• To auto-update or not to auto-update? — is that one question or two?
• And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens.

Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

• The consequences of Internet content restriction.
• The measured risks of 3rd-party browser extensions.
• The consequences of SonicWall's unpatched 9.8 firewall severity.
• The incredible number of still-unencrypted email servers.
• SonicWall vulnerability patching
• Shadowserver Foundation & eMail Encryption
• Salt Typhoon Evicted
• HIPAA gets a long-needed cybersecurity upgrade.
• The EU standardizes on USB-C for power charging. What?
• Believe it or not, a CATCHA you solve by playing DOOM.
• And... what I learned from three weeks of study of AI

Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• bitwarden.com/twit
• expressvpn.com/securitynow
• veeam.com
• threatlocker.com for Security Now

Leo revisits some of the year's top Security Now segments of 2024.

• 956. Apple's Hardware Backdoor: Steve reflects on the previous week's 'The Mystery of CVE-2023-38606' deep-dive. Did Apple deliberately designed a secure backdoor?
• 960. Unforeseen Consequences of Google's 3rd-party Cookie Cutoff: As Google moves to phase out third-party cookies, the advertising industry scrambles to find new ways to track users, potentially leading to more intrusive methods like requiring users to create accounts on websites.
• 961. Bitlocker: Chipped or Cracked?: A clever hacker demonstrates how BitLocker-encrypted drives can be compromised on systems using separate TPM chips, highlighting the importance of integrating TPM functionality directly into the CPU.
• 964. So, What Is Apple's PQ3?: Steve analyzes Apple's new "PQ3" post-quantum safe iMessaging protocol, uestioning whether it truly offers superior security compared to Signal's existing solution.
• 976. Recall - The 50 Gigabyte Privacy Bomb: Examining Microsoft's new "Recall" feature that records users' screens every few seconds, raising significant privacy concerns.
• 984. CrowdStruck: A look at the disastrous global IT outage caused by a faulty CrowdStrike Falcon update, affecting airports, hospitals, banks, and more.
• 1000. Steve and Leo reflect on 1000 episodes of Security Now.
• 1001. Artificial General Intelligence: Steve and Leo discuss the challenges in achieving artificial general intelligence (AGI) and the debate surrounding its potential timeline and societal impact.

Host: Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.