DiscoverSecurity Now (Audio)SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL
SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

Update: 2024-02-071
Share

Description


  • CISA's "Secure by Design" Initiative

  • The GNU C Library Flaw

  • Fastly CDN switches from OpenSSL to BoringSSL

  • Roskomnadzor asserts itself

  • Google updates Android's Password Manager

  • Firefox gets post-quantum crypto

  • Get your TOTP tokens from LastPass

  • Inflated iOS app data

  • LearnDMARC

  • Sync mobile app bug

  • SpinRite and Windows Defender

  • Crypto signing camera

  • Analog hole in digital camera authentication

  • iOS and Google's Topics

  • The gathering of the Stephvens

  • Programmable Logic Controllers

  • SpinRite update

  • Malware-infected Toothbrush

  • The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff

Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf


Hosts: Steve Gibson and Leo Laporte


Download or subscribe to this show at https://twit.tv/shows/security-now.


Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit


You can submit a question to Security Now at the GRC Feedback Page.


For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.


Sponsors:

Comments 
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
SN 999: AI Vulnerability Discovery - RT's AI TV Hosts, Windows 10 Updates

SN 999: AI Vulnerability Discovery - RT's AI TV Hosts, Windows 10 Updates

2024-11-0501:54:05

SN 998: The Endless Journey to IPv6 - AI-Driven Encryption, Session Messenger, IPv6

SN 998: The Endless Journey to IPv6 - AI-Driven Encryption, Session Messenger, IPv6

2024-10-3002:50:52

SN 997: Credential Exchange Protocol - DJI Sues DoD, Quantum Vs. RSA, Lost MS Logs

SN 997: Credential Exchange Protocol - DJI Sues DoD, Quantum Vs. RSA, Lost MS Logs

2024-10-2302:19:06

SN 996: BIMI (up Scotty) - NPD Goes Broke, Firefox Under Attack, .io

SN 996: BIMI (up Scotty) - NPD Goes Broke, Firefox Under Attack, .io

2024-10-1602:32:48

SN 995: uBlock Origin & Manifest V3 - DDoS Record, N. Korean Workers, Vitamin D

SN 995: uBlock Origin & Manifest V3 - DDoS Record, N. Korean Workers, Vitamin D

2024-10-0902:35:52

SN 994: Recall's Re-Rollout - Domain Security, Tor + Tails, VLC Update

SN 994: Recall's Re-Rollout - Domain Security, Tor + Tails, VLC Update

2024-10-0202:16:48

SN 993: Kaspersky exits the U.S. - Exploding Pagers, Passkeys in Chrome

SN 993: Kaspersky exits the U.S. - Exploding Pagers, Passkeys in Chrome

2024-09-2502:27:47

SN 992: Password Manager Injection Attacks - Aging Media, Naval Starlink, adam:ONE

SN 992: Password Manager Injection Attacks - Aging Media, Naval Starlink, adam:ONE

2024-09-1802:24:13

SN 991: RAMBO - Cloned YubiKeys, Telegram vs. Signal, French Elevators, Unix Time

SN 991: RAMBO - Cloned YubiKeys, Telegram vs. Signal, French Elevators, Unix Time

2024-09-1102:12:04

SN 990: Is Telegram an Encrypted App? - CrowdStrike Exodus, DDoS-as-a-Service, 'Active Listening' Ad Tech?

SN 990: Is Telegram an Encrypted App? - CrowdStrike Exodus, DDoS-as-a-Service, 'Active Listening' Ad Tech?

2024-09-0402:06:11

SN 989: Cascading Bloom Filters - Key Card Backdoors, Fake Cisco Gear

SN 989: Cascading Bloom Filters - Key Card Backdoors, Fake Cisco Gear

2024-08-2802:08:44

SN 988: National Public Data - Big Patch Tuesday, The Biggest Data Breach

SN 988: National Public Data - Big Patch Tuesday, The Biggest Data Breach

2024-08-2102:15:19

SN 987: Rethinking Revocation - SinkClose, IsBootSecure, Another Bad RCE

SN 987: Rethinking Revocation - SinkClose, IsBootSecure, Another Bad RCE

2024-08-1402:18:51

SN 986: How Revoking! - Crowdstrike Damage, Firefox Cookies

SN 986: How Revoking! - Crowdstrike Damage, Firefox Cookies

2024-08-0702:02:31

SN 985: Platform Key Disclosure - Crowdstrike Post-mortem, Entrust Update

SN 985: Platform Key Disclosure - Crowdstrike Post-mortem, Entrust Update

2024-07-3102:28:37

SN 984: CrowdStruck - Crowdstrike, Cellebrite, More Entrust

SN 984: CrowdStruck - Crowdstrike, Cellebrite, More Entrust

2024-07-2402:28:05

SN 983: A Snowflake's Chance - CDN Safety, Microsoft's Behavior, CDK Ransomware Attack

SN 983: A Snowflake's Chance - CDN Safety, Microsoft's Behavior, CDK Ransomware Attack

2024-07-1702:10:53

SN 982: The Polyfill.io Attack - Entrust Responds, Passkey Redaction Attacks

SN 982: The Polyfill.io Attack - Entrust Responds, Passkey Redaction Attacks

2024-07-1002:03:09

SN 981: The End of Entrust Trust - Open SSH Vulnerability, SyncThing, Endtrust

SN 981: The End of Entrust Trust - Open SSH Vulnerability, SyncThing, Endtrust

2024-07-0302:28:00

SN 980: The Mixed Blessing of Lousy PRNG - Kaspersky Ban, EU vs. Google's Privacy Sandbox

SN 980: The Mixed Blessing of Lousy PRNG - Kaspersky Ban, EU vs. Google's Privacy Sandbox

2024-06-2602:04:07

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

SN 960: Unforeseen Consequences - CISA's "Secure by Design" Initiative, Fastly's BoringSSL

TWiT