Steve Gibson

“The EU's Online Age Verification” SN#1044 show notes: grc.com/sn/sn-1044-not… Consumer Reports on Win10 non-ESU. DoD CyberWaste. DeepSeek deliberate code flaws. WebAsm v3.0. Firefox v143 & Android DoH. MSFT Entra ID flaw. Chrome emergency 0-day. The EU trials Age Verification.

“Covering all the bases” SN#1041 grc.com/sn/sn-1041-not… BYTE magazine's first issue exactly 50 years ago. Shaken & Stir telco enforcement. Can AI be controlled? No AI for Vivaldi. Using AI to attack. Scummy sites sue the U.K. TransUnion breached. DOD using Russian's open source.

“Clickjacking Whac-A-Mole” SN#1040 grc.com/sn/sn-1040-not… Germany to outlaw ad blockers? Many AI lawsuits. Bluesky suspends service in Mississippi. An AI-throttling prompt. The rise of Linux malware. A trivial Docker escape fixed. Why clickjacking attacks are whac-a-mole games.

“The Sad Case of ScriptCase” SN#1039 show notes: grc.com/sn/sn-1039-not… AI summaries upsets Internet economics. Plex 0-day. Chrome improvements. NIST's crypto for IoT. SyncThing v2. Alien:Earth thoughts. Why login authentication can NEVER be relied upon to protect enterprises.

“Perplexity's Duplicity” CISA's Emergency Federal Directive. Nvidia says no backdoors! Dashlane ends worthless free tier. uBlock Origin for Safari! Serious Dell Latitude security problem. A venerable Sci-Fi franchise gets a new series. What to do when AI scrapers ignore rules?

“Chinese Participation in MAPP” SN#1037 show notes: grc.com/sn/sn-1037-not… SharePoint follow-up. How Russia spies on embassies. Signal says NO to Australia. YouTube uses history for age estimation. New Chrome extension signing. TruAge. Should Chinese co's get early patch access?

"Inside the SharePoint 0-day RCE" SN#1036 show notes: grc.com/sn/sn-1036-not… Brave browser randomizes fingerprints & will block MSFT Recall by default. Clorox sues IT contractor for $380 million damages. FIDO passkey not bypassed. Cyberwar. How MSFT badly fumbled Patch Tuesday.

“Cloudflare's 1.1.1.1 Outage” SN#1035 show notes: grc.com/sn/sn-1035-not… Bypassing Passkeys. More ransomware attacks. Cloudflare blocks pirate domains. Exchange Server by subscription. China Webshells: The new buffer overflow. The age verification need. Cloudflare config error.

“Introduction to Zero-Knowledge Proofs” SN#1034 show notes: grc.com/sn/sn-1034-not… Quantum factorization takedown. Notepad++ self-signing. Bobiverse book 6. Crypto ATMs. Browser fingerprinting metrics. Memory safe interpreters. Introduction to concepts of zero knowledge proofs.

“Going on the Offensive” SN#1033 show notes: grc.com/sn/sn-1033-not… More Israeli spyware. EU abandons Azure and adopts post-quantum crypto. U.S. cracking down on Bitcoin ATMs. Commercial use of free open source software. LOTs more! What's required for Offensive cyber operations?

“Pervasive Web Fingerprinting” SN#1032 show notes: grc.com/sn/sn-1032-not… No more Let's Encrypt email. Windows “Unexpected Restart Experience”. US Gov gets more serious about memory-safe languages. New Cisco 9.8 & 10.0's. PNGv3. The abuse of browser fingerprinting for tracking.

“How Salt Typhoon gets in” SN#1031 show notes: grc.com/sn/sn-1031-not… Salt Typhoon's latest victims. State healthcare portals leaking visitor's personals. Apple adopts industry std. Passkey import/export. Microsoft drops old drivers. Clarity on AI. A deep dive into Salt Typhoon.

“Internet Foreground Radiation” SN#1030 show notes: grc.com/sn/sn-1030-not… Denied iOS exploitation. The NPM registry under siege. Salt Typhoon inside Comcast and Digital Realty. XChat has your keys. Outlook file types. SpinRiteing encrypted drives. Bots are scanning & attacking!

“The Illusion of Thinking” SN#1029 show notes: grc.com/sn/sn-1029-not… Remembering Bill Atkinson. Meta apps & JavaScript collude. The EU's new DNS service. OpenAI is prevented from deleting ANYONE's chat history. Apple explores Large “Reasoning” Models true reasoning ability.

“AI Vulnerability Hunting” SN#1028 show notes: grc.com/sn/sn-1028-not… Pwn2Own 2025 results. PayPal scanning new domain registrations. iOS jailbreak author gives up. SVG contain JavaScript. Classic Sci-Fi movies. How OpenAI's o3 model discovered a critical remote Linux 0-day.

“Artificial Intelligence” SN#1027 show notes: grc.com/sn/sn-1027-not… The status of Encrypted Client Hellos (ECH). Remote inverter shutdowns. Blocking newly listed domains. The AI Hype Cycle. AI as blackmailer? Copilot covering up bugs? The unrestrained Venice.AI.

“Rogue Comms Tech Found in US Power Grid” SN#1026 show notes: grc.com/sn/sn-1026-not… Chrome refuses Admin. Android Messenger key verification. Pwn2Own for AI. AI can replicate today. Office on old Win10. 23andMe purchased. Andor season 2. Radios discovered inside US power grid.

“Secure Conversation Records Retention” SN#1025 show notes: grc.com/sn/sn-1025-not… More attempts at age restriction. Long-lived python repository malware. FBI says discard old routers. Reverse engineering WhatsApp. Malicious AI usage. How to securely archive E2EE message history

@RetroTechChris Hey Chris: I'm glad you found SpinRite still useful. Just a note that v6.1 =does= require a newer processor since it briefly places the system into protected mode in order to obtain access to the 51 megabytes of RAM that it needs for maximum-size I/O. 👍

A few days back, I ordered a bunch of hard disk drives. The first one, a Seagate ST32342A (Medalist) 4.3 GB IDE drive, arrived today. Let's check it out in a 🧵 here!

“Don't Blame Signal” SN#1024 show notes: grc.com/sn/sn-1024-not… MSFT abandons passwords, allows their deletion. Meta's RayBan glasses privacy changes. 30% of MSFT code now by AI. Chrome's security without Google. eCommerce backdoors spring to life. A bad insecure Signal clone.