Security Now! with Steve Gibbson

This Week's Stories Everyone can still upgrade to Windows 10 for free with this trick HP SSDs fail after 32768 hours The EU is not happy about a possible US encryption ban US government's formal permission to hack 110 nursing homes have been crippled by a ransomware attack Firefox is seriously pushing back on tracking signal leakage New problems with Windows DLLs The StrandHogg vulnerability We invite you to read our show notes at Hosts: Download or subscribe to this show at . You can submit a question to Security Now! at the . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: . Sponsors:

The future of the Linux kernel underneath the Android OS Inherent challenges presented by the nature of the Android ecosystem VNC users: Time to update! A welcome change to Twitter & SMS-based 2FA A "foregone conclusion" to law enforcement's strategy to force password divulgence Pre-announcement from Microsoft about DNS Details of the emerging DoH protocol We invite you to read our show notes at Hosts: Download or subscribe to this show at . You can submit a question to Security Now! at the . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: . Sponsors:

November's Patch Tuesday is the antepenultimate free Windows 7 update CheckM8 & https://Checkra.in GitHub launches Security Lab to boost open-source security Warrantless searches of devices at US borders were just ruled unconstitutional Another WhatsApp bug lets hackers quietly install spyware on your device ZombieLoad v2 The ByteCode Alliance http://tpm.fail/ We invite you to read our show notes at Hosts: Download or subscribe to this show at . You can submit a question to Security Now! at the . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: . Sponsors:

CheckM8 & Checkra.in moves to first public beta The case of the misbehaving transducer BlueKeep and Microsoft BlueKeep and BSODs BlueKeep and Marcus Hutchins Mozilla on DoH -vs- COMCAST Yet another approach for solving the problem of certificate revocation within a more limited scope. We invite you to read our show notes at Hosts: Download or subscribe to this show at . You can submit a question to Security Now! at the . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: . Sponsors:

October's Windows Patch Tuesday BROKE Windows' ability to connect to a significant number of the Internet's websites. Here's how to fix it. Chrome 78 disables Code Integrity Check to mitigate "Aw Snap!" crashes. "Chrome 78 patches a Chrome 0-day which had been discovered by Kaspersky being exploited in the wild." News from the Edge: the first Chromium-based Microsoft Edge Stable Release Candidate. Microarchitectural Data Sampling Vulnerabilities. Trouble for QNAP NAS devices exposed to the Internet. MSP's -- Managed Service Providers -- are a major vector for ransomware delivery. Five months after returning a rental car, man still has the remote control. Chinese-made drones in the US are being grounded. The DNS-over-HTTPS (DoH) controversy. BlueKeep-based attacks have finally started, and what we predicted on this podcast has finally happened. We invite you to read our show notes at Hosts: Download or subscribe to this show at . You can submit a question to Security Now! at the . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: . Sponsors: