Oct 31st 2023
Security Now 946
CitrixBleed
Hosted by
Steve Gibson,
Leo Laporte
iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
- What caused last week's connection interruption? Router was rebooting intermittently, but why?
- David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.
- iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.
- Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.
- HackerOne breach bounties surpass $300M total payout.
- CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.
- SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.
- Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.
- Open source projects struggle with costly code signing certificates.
- Deep dive into CitrixBleed vulnerability allowing authentication bypass.
Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.