• China's Salt Typhoon claims another victim (or two).
• State healthcare portals are tracking and leaking. No kidding.
• Apple adopts FIDO's Passkeys and other credentials transport.
• Facebook gets Passkey logon.
• TikTok continues ticking for at least another 90 days.
• Canadian telco admits they were infiltrated by Salt Typhoon.
• Microsoft to remove unwanted (and hopefully unneeded) hardware drivers.
• The Austrian government legislates court-warranted message decryption.
• I (Steve) finally get full clarity on what today's "AI" means.
• A deep dive into the Salt Typhoon's operation and how they got in

Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• 1password.com/securitynow
• hoxhunt.com/securitynow
• outsystems.com/twit
• bigid.com/securitynow
• zscaler.com/security

• An exploited iOS iMessage vulnerability Apple denies?
• The NPM repository is under siege with no end in sight.
• Were Comcast and Digital Realty compromised? Don't ask them.
• Matthew Green agrees: XChat does not offer true security.
• We may know how Russia is convicting Telegram users.
• Microsoft finally decides to block two insane Outlook file types.
• 40,000 openly available video camera are online. Who owns them?
• Running SpinRite on encrypted drives.
• An LLM describes Steve's (my) evolution on Microsoft security.
• What do we know about the bots that are scanning the Internet?

Show Notes - https://www.grc.com/sn/SN-1030-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• joindeleteme.com/twit promo code TWIT
• bitwarden.com/twit
• material.security
• drata.com/securitynow
• bigid.com/securitynow

• In memoriam: Bill Atkinson
• Meta native apps & JavaScript collude for a localhost local mess.
• The EU rolls out its own DNS4EU filtered DNS service.
• Ukraine DDoS's Russia's Railway DNS ... and... so what?
• The Linux Foundation creates an alternative Wordpress package manager.
• Court tells OpenAI it must NOT delete ANYONE's chats. Period! :(
• A CVSS 10.0 in Erlang/OTP's SSH library.
• Can Russia intercept Telegram? Perhaps.
• Spain's ISPs mistakenly block Google sites.
• Reddit sues Anthropic.
• Twitter's new encrypted DM's are as lame as the old ones.
• The Login.gov site may not have any backups.
• Apple explores the question of recent Large Reasoning Models "thinking"

Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• hoxhunt.com/securitynow
• threatlocker.com for Security Now
• uscloud.com
• canary.tools/twit - use code: TWIT