Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time.

• The unsuspected sucking power of a Linux-based robot vacuum.


• Russia to follow China's vulnerability reporting laws.


• A pair of Scattered Spider UK teen hackers arrested.


• Facebook,Instagram and TikTok violating the EU's DSA.


• Microsoft Teams bringing user WiFi tracking bypolicy.


• You backed up. That's great. Did you test that backup?


• Coveware reports all-time lowransomware payment rate.


• Ransomware negotiator reports how the bad guys get in.


• Lots of listener thoughts and feedback about NIST passwords.


• And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers.

Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!

Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• hoxhunt.com/securitynow


• zapier.com/securitynow


• 1password.com/securitynow


• veeam.com


• zscaler.com/security