<ul> <li>Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations.</li> <li>WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware.</li> <li>HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks.</li> <li>Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down.</li> <li>Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data.</li> <li>Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded.</li> <li>Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side.</li> <li>Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation.</li> <li>Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw.</li> <li>Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off.</li></ul> <p>Show Notes - <a href="https://www.grc.com/sn/SN-937-Notes.pdf">https://www.grc.com/sn/SN-937-Notes.pdf</a></p> <p><strong>Hosts:</strong> <a href="https://twit.tv/people/steve-gibson">Steve Gibson</a> and <a href="https://twit.tv/people/leo-laporte">Leo Laporte</a></p> <p>Download or subscribe to this show at <a href="https://twit.tv/shows/security-now">https://twit.tv/shows/security-now</a>.</p> <p>Get episodes ad-free with Club TWiT at <a href="https://twit.tv/clubtwit" rel="payment">https://twit.tv/clubtwit</a></p> <p>You can submit a question to <em>Security Now</em> at the <a href="https://www.grc.com/feedback.htm" target="_blank">GRC Feedback Page</a>.</p> <p>For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: <a href="https://www.grc.com/securitynow.htm" target="_blank">grc.com</a>, also the home of the best disk maintenance and recovery utility ever written <a href="https://www.grc.com/sr/spinrite.htm" target="_blank">Spinrite 6</a>.</p> <p><strong>Sponsors:</strong><ul> <li><a href="https://kolide.com/securitynow" target="_blank" rel="sponsored">kolide.com/securitynow</a></li> <li><a href="http://canary.tools/twit" target="_blank" rel="sponsored">canary.tools/twit - use code: TWIT</a></li> <li><a href="http://podtail.com/podcast/building-cyber-resilience" target="_blank" rel="sponsored">Building Cyber Resilience Podcast</a></li> </ul></p>
Source: https://twit.tv/shows/security-now/episodes/937
Published: 2023-08-29 18:28:28