Security Now 1086 transcript
Please be advised that this transcript is AI-generated and may not be word-for-word. Time codes refer to the approximate times in the ad-free version of the show.
Leo Laporte [00:00:00]:
It's time for Security Now. Steve Gibson is here. Great show planned. We're going to talk about Fable 5. Actually, we're going to talk about AI used for security. One of the creators, the fathers of the Internet, is retiring and you won't believe how many bugs Google fixed in Chrome this time around. All that and more coming up next on Security Now.
Steve Gibson [00:00:24]:
Podcasts you love from people you trust.
Leo Laporte [00:00:29]:
This is Twit. This is Security now with Steve Gibson. Episode 1086, recorded Tuesday, July 7, 2026. The Apex Agentic adversary. It's time for Security now, the show. We cover the latest in security, privacy and online shenanigans with the king of online shenanigans, Mr. Steve Gibson.
Steve Gibson [00:00:58]:
Not the creator of I Water of. Fortunately, the Internet did not exist when was a little one, you know, like high school age when I was, you know, creating shock machines and portable dog killers. Because that would have been a problem. Yeah.
Leo Laporte [00:01:12]:
What do you think if as a kid at your, you know, this super inquisitive, super smart kid, had AI been available, what would your life. It'd be completely different, right?
Steve Gibson [00:01:24]:
I mean, I, I would be doing things because I've always been a project person. I mean, I've been, I, I've, I, I don't sort of just meander. I normally want a conclusion, so, so I, I'm sure I would be, you know, telling my parents, I need more tokens. I need more.
Leo Laporte [00:01:46]:
Can I have some more tokens, Mom?
Steve Gibson [00:01:48]:
I need to increase my, you know, allowance is, is what we used to get, you know. Well, we'll give you a dollar a week if you take the trash cans out. Of course, that lasts about a week and a half and then trash cans don't get taken out anymore. But I would have been saying I need to increase my token allowance.
Leo Laporte [00:02:03]:
Yeah, that's really true. Take out the trash cans, you get a million more tokens, Little Stevie.
Steve Gibson [00:02:10]:
So today's podcast title, which is the Apex Agentic Adversary, is a phrase that comes from someone famous who we're going to be talking about at the end of the podcast. Actually, we're going to talk about several famous people during this podcast because Vint Cerf also has his name pop up. Of course we recognize it. We'll have some fun with that. So we're going to talk about some, an aspect of Fable 5 which has disappointed people, not you. And we'll talk about how it's, you know, what your experience has been, because that's certainly interesting. Opera becoming the first browser to offer paste, protect and why while I think that's good, why I'm more annoyed than ever at that it had to be, you know, Opera and who cares about 2% of the browsers. I mean it's better than zero, right? But still, Microsoft Blue Hammer is now being used to hammering to Hammer systems.
Steve Gibson [00:03:18]:
Vint Cerf has some comments about AI on the eve of his retirement. Chrome has turned 150 as the nation turns 250 and Leo well, we'll have some fun. Something happened about that. That's just so cool. Also Google, I wanted to just touch on Google and the EU and oops. The, the. The fine is coming out of escrow but it's not going back to Google. Also there's an upcoming what we think is going to be the final chat control vote.
Steve Gibson [00:03:55]:
Although really unclear. It's looking like something may happen. We know but no, no one knows what because it's all behind closed doors. Turns out that there were some bad problems found both in Airdrop and in the Android equivalent Quick Share which are exploitable. Also, something interesting about bypassing Claude's and chat GPT's guardrails. As I've been saying, you just this is uncontrollable technology. And we have another example of that. I had a spin right story to share so which I haven't had for
Leo Laporte [00:04:34]:
one of those times. Yeah, yeah.
Steve Gibson [00:04:35]:
And this one was like I'm the proud father. Anyway, and then we're going to talk about a legendary hacker who has used AI against a. I don't know to say horribly, shockingly, massively. Anyway, it's a library that is everywhere and it is again, you know what AI does when you aim at anyone's past code is it just cuts it to Swiss cheese. Anyway, and that is where the phrase a apex agentic adversary came from. So I think a lot of fun stuff for us. Fun picture of the week from a listener who's been listening to us for about six years and he, and, and he, he, he sent an email. I think I just got it over the weekend.
Steve Gibson [00:05:25]:
He said his name is Ryan. He said after 6ish years of listening, I think I finally got something for Picture of the Week. Thanks for a great podcast that's been very helpful throughout my career. So anyway, we will get to that after our first break and so yeah, a fun podcast.
Leo Laporte [00:05:43]:
And if you are listening, there's a couple of ways you can see the picture of the week. One is to get the video, the other is to get Steve's show notes which always contain the picture of the week. Now, I am looking at your show notes, but I have not scrolled up. So I would.
Steve Gibson [00:05:56]:
If you. If you prescribe, if you sub, it may be a prescription. If you subscribe to the weekly mailing, then there's a 250 pixel wide. That's the standard picture of the week thumbnail. And if you click on it, you immediately get the picture of the week. You don't even have to look at the show notes is my point. So you could also just. Just get it that way.
Leo Laporte [00:06:21]:
It's in the email right there.
Steve Gibson [00:06:22]:
There are lots of people who just say, I just really. I don't care about security, but the pictures of the week are worth it.
Leo Laporte [00:06:27]:
That's actually, you know, that's a good point. Get the email just for the thumbnail so you can click it and see the picture of the week. A little laugh of the week comes in your mailbox. Courtesy Steve Gibson. That's nice. All right, Steve. Picture of the week.
Steve Gibson [00:06:40]:
So, as I often do, I. I captioned this myself. I gave this a caption. But, Officer, what do you mean the speed limit is 25? I'm sure I didn't see any sign to that effect.
Leo Laporte [00:06:53]:
All right, I'm scrolling up. Let's see. It's just. There's nothing here. I don't get it. You will. You've baffled me. Normally I get these right away.
Leo Laporte [00:07:06]:
It's just an empty street.
Steve Gibson [00:07:07]:
No, you do, but this is not a cognitive get. This is a notice. It get. So, but, officer, what do you mean the speed limit is 25? I'm sure I didn't see any sign to that effect.
Leo Laporte [00:07:18]:
Yeah. Oh, there it is. Yeah, you're right. You didn't. Holy cow.
Steve Gibson [00:07:27]:
Now, Leo, how does this happen?
Leo Laporte [00:07:31]:
Like, who puts a sign smack dab against the telephone pole so you can't read it?
Steve Gibson [00:07:37]:
I mean, it's even centered behind the pole.
Leo Laporte [00:07:42]:
It's sl. Part of a two is all you could see. Holy cow. Do you think they put the pole in after the sign had to have been.
Steve Gibson [00:07:51]:
And they just like. Well, that's.
Leo Laporte [00:07:52]:
We're not. We're done. We don't care. It's our job.
Steve Gibson [00:07:54]:
That's, you know, we know. We know where the pole has to go. And it's got to go right here. And actually there is like a.
Leo Laporte [00:08:02]:
We.
Steve Gibson [00:08:02]:
We see a big. A spool of wire at the bottom.
Leo Laporte [00:08:06]:
Yeah.
Steve Gibson [00:08:07]:
So my guess is that. Yeah, exactly. That this is sort of in the process of happening anyway. Yeah. For those who don't have access to the video or Or. Or the show notes, we have this typical, you know, speed limit 25. We've all seen those. And it is.
Steve Gibson [00:08:25]:
I mean, it is almost completely obscured. We know it's 25 because you can see just the, as Leo said, the S and the L. A little bit of the L is not visible. And then what? You know, that's got to be a 2, because it can't be any. Any other number. A 3 would look different if you just saw the very left edge of it, or four or five or something. Anyway, I would argue this one, you know, you think you can get out of this ticket? I think so. I think you take a picture and you go to court, you say, your Honor, you know, I'm paying attention.
Steve Gibson [00:09:01]:
And, boy, I don't know where this is, but look at all those foam poles and power poles.
Leo Laporte [00:09:06]:
They're a lot of them and very close together, aren't they?
Steve Gibson [00:09:08]:
And this is. This is not, you know, computer generated. This is our listener Ryan, who. Six days. Who's been listening for six years, and he saw this and he thought of the podcast. So, Ryan, thank you for keeping us in mind.
Leo Laporte [00:09:23]:
You're.
Steve Gibson [00:09:23]:
You're absolutely. And I wrote back to him, I said, you got it on the first try. I said, this is a perfect.
Leo Laporte [00:09:28]:
Nice job picture for.
Steve Gibson [00:09:29]:
Yeah, like, wow. Shaking our heads at that. Humanity.
Leo Laporte [00:09:34]:
Crazy.
Steve Gibson [00:09:35]:
Okay, so a blurb of reporting by. By Bleeping Computer following The release of Fable 5 caught my attention because it was. To me, it was predictable. Here's what Bleeping computer wrote about Fable 5's performance after talking a little bit about its availability, which I've skipped because we know about that. You know, like, oh, it's. It's expensive. Twice as expensive as Opus 4.8 and so forth.
Leo Laporte [00:10:02]:
And just as a data point, I asked my Hermes agent, which I use, to do a lot of AI stuff, based on the amount of tokens I used in June last month, how much would it have cost if I'd been using Fable 5? And it said $5,000. And this was just kind of casual use. I wasn't doing anything. Heavy duty, $5,000. And I said, well, if I use Deep Seq, the cheap Chinese model, it said 117 bucks. So there's a big difference between Fable now.
Steve Gibson [00:10:38]:
There is, and I'm glad you brought that up, because we're going to. By the end of this podcast, something has happened which suggests that the guardrails can actually protect the user rather than limit what the user can do. So it's. This is Going to end up being I think very important to our audience because there will be a strong tendency to use a, a powerful foreign AI like Deep Sea because like well look at all the money I'm saving. But there's a gotcha which, which we will get by the end of, of today.
Leo Laporte [00:11:19]:
I'll be.
Steve Gibson [00:11:20]:
Listen.
Leo Laporte [00:11:21]:
Yikes.
Steve Gibson [00:11:21]:
So Bleeping Computer wrote after talking about the availability like you know that cost and token use and, and it's like available. Okay, what is it that is available until the 7th is.
Leo Laporte [00:11:35]:
So, so the whole, the deal with
Steve Gibson [00:11:37]:
I mean, I mean until the 12th now.
Leo Laporte [00:11:39]:
Well yeah, so that's, that's part of the story. The deal was Fable is of course very expensive. I think it's.
Steve Gibson [00:11:45]:
What was it twice, twice what 4.8 is.
Leo Laporte [00:11:48]:
Yeah. $15 for a million tokens in and 50 for a million tokens out. So it's, it's considerably more expensive than even the best mod Chat, GPT. But Open AI, Anthropic and other companies, even the Chinese companies have subscriptions where it's kind of all you can eat subscription. You pay 100 bucks a month or 200 bucks a month and you get 5 times the tokens or 20 times the tokens for a flat rate.
Steve Gibson [00:12:13]:
Most all you could eat then I
Leo Laporte [00:12:14]:
mean never all you, if you too much. Yeah. And there's also limits to how much you can use in a five hour period, how much you can use in a week and how much you can use in a month. So they, they try to. But honestly if you buy a 5x or a 20x package, unless you're really like running 12 different tasks at the same time, you're probably going to be covered. So when they first released Fable they gave us five days that we could use it under our all you can eat package. And then we were told by on the 22nd of June it's over. Well of course the government ended it a little bit sooner.
Leo Laporte [00:12:51]:
When it came back they said okay, you can use it under your subscription package and It'll only be 50% of the total usage cost of what it will be. So it's even more so half off,
Steve Gibson [00:13:05]:
half off for an introductory period.
Leo Laporte [00:13:07]:
Right. And it will be available on your subscription. But that's going to end on July 7th. So up to midnight last night I was going gotta use all the Fable, gotta use all the Fable because I have a max subscription anyway, they announced this morning, okay, never mind. We're going to let that continue until the 12th. So we have until the 12th to use it under Our subscribers.
Steve Gibson [00:13:29]:
Why do you like they, they want to addict more people to it that not enough people got the news that it was back maybe. And so. Okay.
Leo Laporte [00:13:39]:
And there's another reason which is that OpenAI has a model GPT 5.6 which they're touting is as good as Fable and very good at secure cybersecurity, by the way.
Steve Gibson [00:13:51]:
Oh, so AB comparison testing. Yeah.
Leo Laporte [00:13:53]:
And in fact the rumors were the minute Anthropic pulls the plug on that subscription thing, OpenAI is going to release 5.6 and say come on in, you can use a subscription here. Now that didn't happen, but I suspect competition is the other reason. So we'll see. You know these two are head to head battle right now. Yeah, it's interesting. Yeah. Anyway, I'm gonna, I have five more days to stay up till midnight.
Steve Gibson [00:14:18]:
So I'm gonna be five more days at half.
Leo Laporte [00:14:21]:
Half use or use my subscription and it will be half the usage. So I will get twice as much done in five hours that I could. And, and it's still on the subscription.
Steve Gibson [00:14:31]:
And that, that, that hourly reset thing also makes sense because they have, I mean because use is inherently interactive and they have a limited capacity.
Leo Laporte [00:14:42]:
That's right.
Steve Gibson [00:14:43]:
Based on data center.
Leo Laporte [00:14:44]:
That might be the other reason that,
Steve Gibson [00:14:46]:
so they need to spread to what degree they can. They have to spread usage over time.
Leo Laporte [00:14:51]:
Right.
Steve Gibson [00:14:52]:
So that not everybody can pile on at the same time during the same five hours.
Leo Laporte [00:14:57]:
Remember, Anthropic knows exactly how many people are using it, how hard they're using it, when and so forth. They have a limited capacity. Sure. They buy capacity from xai, a billion dollars a month worth of capacity. They've got, you know, they're buying as much capacity as they can, but there is a limit to that. And so that's why it costs more and that's why these limits and yeah, they may, that may be the other detail. We don't know. Maybe they found out that oh, they've got enough capacity to support it for another few more.
Steve Gibson [00:15:23]:
Do you know if there's a diurnal cycle to it? Like is there?
Leo Laporte [00:15:28]:
Oh, there is. For instance the Chinese models, they have a peak period that is in the middle of the night for me. So that's very good. So you see I have used up that's context. 13% of it's a million token context. But that's the five hour period. I've used up 27%. When it gets to 90% it's.
Leo Laporte [00:15:48]:
It either starts, I've turned off the start charging me, but you can have it start charging you API tokens and then it really gets expensive. So you want to stay within that five hour period. Yeah, it's, it's fun. It's working right now. Even as we talk, it's doing stuff.
Steve Gibson [00:16:05]:
Okay, so they talked about that stuff.
Leo Laporte [00:16:09]:
Yeah.
Steve Gibson [00:16:10]:
Then they said, however, the real gut punch is the degraded performance or as famously used in the AI community, the Nerfed performance on Reddit, meaning ner. Nerfed is the term on Reddit. Users are reporting that the restored Fable 5 feels weaker or simply being routed through stricter safety systems more often than before. One user wrote in a Reddit post quote, the new guardrails are kicking in on way too many tasks and falling back to Opus 4.8. This is not the model that got banned, so Bleeping says the problem is not just limited to Claude desktop, as Claude Code is also struggling with similar issues. Now again, Leo, I don't. I think you're not hitting this because you're doing advertising management or whatever.
Leo Laporte [00:17:05]:
Yeah, they don't seem to care about what Right. I asked somebody and it says they will tell you they didn't do this last time, but they will tell you now. If they drop down to 4. 8. In the past they've dropped down silently to Opus 4.8, but apparently they will let you know if they've done that. So as far as I know they haven't done that.
Steve Gibson [00:17:22]:
So bleep. And clearly these people who are writing this and complaining are knowing that it is dropping to Opus 4.8. So this is not going, you know, silently bleeping said. One user said Fable quote didn't even let me search for dead code without switching to opus, while another said it was very, very obvious when the fallback triggers because Claude tells the user and visibly shifts to opus. Another developer claimed the model was unusable for some systems level coding work, saying that C C Rust, Win32, API References, memory related work and files mentioning words like security, vulnerable, unsafe or hook appeared to trigger a fallback or block. Fable 5 may still be powerful when it actually handles the task. That's what you're finding, Leo, but the restored version appears to be far more sensitive to prompts, project files and security adjacent language.
Leo Laporte [00:18:29]:
Yeah, you can thank the government for the US government.
Steve Gibson [00:18:32]:
That's right. However they wrote Bleeping computer understands that the model itself has not been nerfed. Instead, it's likely that Anthropic is being extra careful with the safety guardrails, which is negatively affecting Fable's daily use cases in I would argue in a subset like that are security adjacent. Which totally makes sense, they said. In fact, we observed that Fable is sometimes routed to Opus 4.8 even when the task does not appear to be a safety risk. Anthropic has said that its updated safeguards rely on a large safety margin, which could explain the subpar experience some users are seeing with Fable. Anthropic has not acknowledged the reports of false positives yet, but it's likely the company is aware of the problem and will address it in a future update. Okay, now all of this is exactly the downstream consequence of what I've meant for when I've been saying over and over since the early emergence of this that the intrinsic operation of our current generation of LLM systems is fundamentally hostile to control by safeguards and guardrails.
Steve Gibson [00:19:52]:
What's clearly happened here is that after an inevitable slip up caused after that inevitable slip up caused the US Government to freak out, and after even the nsa, our highest tech national security agency, discovered that the security of even their highest security networks was vulnerable to Mythos, the only way Anthropic was able to get a vestige of the Fable Mythos model back online was to go way overboard in knee jerk reaction to anything that might even possibly resemble cyber or code security. Up until this point, our AI models have been growing in power with astonishing speed. In the beginning, we found that just by making a neural network massive enough to contain a useful amount of knowledge, then training it on that knowledge, we achieved surprising utility. Eventually we were practically unable to scale them any further. So and where we are now, rather than increasing their breadth through further scaling, now we're increasing their effective depth through looping, essentially reusing the same very powerful network iteratively to amplify and purify itself knowledge output. So as a result, with a comparatively startlingly small amount of work, we humanity at large now have in our possession a new set of knowledge manipulating tools the likes of which have never existed before. But there's a problem with this, which this podcast has been exploring since this revolution in AI first appeared. Large language model AI essentially provides a new form and scale of access to knowledge.
Steve Gibson [00:21:59]:
That's what it is. Knowledge itself, of course, is ethically neutral. It's just knowledge. The question and concern is how the access to that knowledge will be used. Until now we've been racing forward, creating the most powerful knowledge containment and access systems possible, and we've succeeded beyond our wildest imaginations. But it really is true that knowledge is power. And only scant passing attention has been given so far to the reality that not everyone can be trusted with unrestrained access to the power of the knowledge that's now potentially available to anyone and everyone. Commercial AI providers are at a disadvantage and have a problem that the open weight models do not.
Steve Gibson [00:22:52]:
It may not be fair, but it's true. To be a commercial AI provider means being saddled with the responsibility of preventing the illegal use and abuse of their commercial offerings. They have no choice. So the commercial AI industry's attention must now shift from bigger is better to how do we truly and accurately control the use of what we've created? Up to this point, control has been an annoying afterthought. That attitude cannot stand and it must have become the new focus of every provider of high strength commercial AI models. We've seen the anti control arguments that suggest that if, for example, the US were to somehow impose limits upon its internal development of AI, it would be putting itself at a significant strategic disadvantage relative to the rest of our adversarial nations. The solution to this dilemma is not to limit anything on the development and capability side. That should not only be allowed, it should be pushed to continue to go full bore.
Steve Gibson [00:24:12]:
The solution is to truly develop something we don't have yet, which is highly accurate control over the use of this most powerful AI we're able to create. So just to conclude, I have no idea how this will be done and I accept that it's an extremely difficult problem to solve. In fact, I expect it to be significantly more difficult to solve this problem, the one of control, than it was to create the knowledge containment and access system that now requires that control. But I believe that's what has to happen next. You know, everyone's worried about controlling this. I, I think there should be no limit imposed on how strong these things can get. But they're going to have to have some means of control. And, and I, I just, you know, I'm not, I don't pretend to be an AI expert.
Steve Gibson [00:25:12]:
I'm standing on the outside, you know, with my life's experience of intuition saying, you know, we don't really control this yet. The reason, Leo, all these false positives are happening is that basically they put keywords.
Leo Laporte [00:25:29]:
Yes. It's like it's a classifier. That's exactly how it works. Yeah.
Steve Gibson [00:25:32]:
Yes. And that's just dumb, right? I mean that's like how do we get this back online so that they, so that we can offer some of Fable 5? But it means that it's really not of any practical use to security researchers. You've got to that you've got to be chosen and trusted. And then you get to use Fable 5's equivalent with this, which is Mythos 5.
Leo Laporte [00:25:57]:
Right. It's my guess that the gov, the US government said we want to keep those capabilities to ourselves. We want the NSA to have them
Steve Gibson [00:26:09]:
and, and selected trusted private organizations because
Leo Laporte [00:26:13]:
we know that which is sensible. That's possible. Yeah.
Steve Gibson [00:26:16]:
Yes. And so, so I, so right now there's you know, Fable five that you can use as long as you're careful which words you use. You know, pick, pick your words carefully and then, and then Mythos, if you can demonstrate who you are, then you get control, you know, controlled access to unrestrained superpower essentially. But also remember that there have been other researchers who've said I found a whole bunch of things using just standard good AI and the proper harness. It's, you know, they've been arguing that yeah, these, these latest frontier models are powerful but you, if you're, if you're, you know, you know, if you're, if you know how to build a harness and you know how to prompt, you don't need that in order to get some results, which I think is also significant.
Leo Laporte [00:27:14]:
Right.
Steve Gibson [00:27:15]:
Okay. So I mentioned at the top of the show Opera, they've added something that they call paste protect to protect against, not surprisingly, click fix attacks. As we know, this new breed of so called click fix attacks has become the number one means of getting malware into people's machines. It's the number not, not not only number one, but bigger than all others combined. It alone amounts to more than all other attack techniques combined. I've been crying in the dark for any OS vendor, but specifically Microsoft whose OS supports cross application clipboard copy and paste. Right? I mean that's what the clipboard is to take responsibility, which they should for preventing or in some way dramatically cautioning their users against putting anything onto the system clipboard from their browser or if you do only allow it to be pasted back into the browser, not anywhere else. You know, apparently some pendant inside Microsoft would, you know, is arguing that this is the way the clipboard is supposed to function.
Steve Gibson [00:28:40]:
You know, that its entire purpose is to facilitate inter application data exchange. So it's neither their fault nor their responsibility if such a facility is misused. And you know, while that's not incorrect per se, on some level it's, it damages Microsoft if Windows further requires the reputation of being a security disaster. In any event, we're talking about this Today. Because while I would argue that this is not their responsibility, some browser vendors are doing what the underlying OS should be doing for all browsers. That is, it ought to be just, you know, fix it in one place. And the proper place is the os. So today we have news from Opera, who last Thursday posted at Opera, user security is a top priority.
Steve Gibson [00:29:37]:
That's why today, meaning last Thursday, we are excited to announce that Opera is the first browser to introduce Paste Protect, a native defense measure against malicious takeover of your clipboard. And it isn't really a takeover, Right. It's, you know, it's.
Leo Laporte [00:29:56]:
Well, that's Microsoft's point. It's what it's supposed to do.
Steve Gibson [00:29:59]:
Right, right, exactly. It's the malicious use. It's the context.
Leo Laporte [00:30:05]:
Yeah.
Steve Gibson [00:30:05]:
Yes. And they say. Which includes code injection attacks such as click fix. Paste Protect helps identify situations where malicious websites attempt to either replace something you copied with a malicious version or place potentially harmful commands on your clipboard and later trick you into pasting them into a terminal or, you know, command prompt or the run dialogue. When any kind of suspicious clipboard activity is detected. And this is, this makes me a little queasy, right. It feels heuristic, like, oh, it's looking
Leo Laporte [00:30:41]:
at our clipboard every time. Right.
Steve Gibson [00:30:43]:
That's a problem. So like other activity that we don't think is a problem, that's going to be allowed. No, it ought to be. Nothing from your browser gets into your system. It's just like it ought to be an island. So they said when any kind of suspicious clipboard activity is detected, which again makes me uncomfortable. Opera's Paste Protect warns users before dangerous content can be executed. And you've got a picture of that on the screen.
Steve Gibson [00:31:12]:
Thank you. From the show notes. It says Paste Protect suspicious content blocked. This site has was prevented from copying a potentially harmful command to your clipboard. It's recommended you close this tab. Then there's a learn more or you know, close tab safely show the content and then hold to copy. That's kind of strange language. Hold to copy and then they say is parens unsafe.
Leo Laporte [00:31:44]:
It should be hold to paste.
Steve Gibson [00:31:46]:
Yeah, that's weird. That is. Anyway, so they, they said by introducing pace protect Opera. Opera is taking a proactive approach to defending against defending users against some of the fastest growing attack techniques on the web. Click fix is a growing form, doesn't have to grow much bigger of social engineering attack that tricks users into running malicious commands on their own devices. In 2025, it was responsible for over 53% of all malware loader activity, according to report by cybersecurity firm Huntress. And we shared that at the time, they said while there are extensions that, that try to mitigate such attacks, and warning systems are featured in some operating systems. Okay, Apple's beginning to do something.
Steve Gibson [00:32:46]:
Paste Protect is built directly into the Opera browser, the first line of defense before a malicious command even makes it to your Clipboard. It's also enabled by default, thank God, meaning users are protected automatically without needing to configure anything. Paste Protect combines Opera's already existing hijack protection feature with a new and unique injection protection element. And there's nothing else here. Blah, blah, blah. So Opera has stepped up. Yay, that's great. But at the moment, as I mentioned, Opera sits at roughly 2% of the global browser market.
Steve Gibson [00:33:27]:
And I don't think it's growing, which puts it in fifth place, meaning that market share falls off dramatically. Fifth place behind Chrome, Safari, Edge and Firefox. And the people who need this protection are the, you know, the most. Right. Are the ones not using Opera because they're just using Edge or, or Chrome, you know, mostly Safari probably number three, and then Firefox in fourth position. So what Opera got right was reminding us that now this single easy to cure problem alone is responsible for more than half, at least 53% and growing of all user facing attacks. And since it's so effective, you know, it's not going away. The attack is the, the abuse of this clipboard is not going away.
Steve Gibson [00:34:27]:
It's going to grow because the attacks are so effective. Everybody's being tricked by this and there's only one way that's going to change. And it's not by some obscure browser fixing it for 2% of the world. It's Microsoft that needs to pay attention to this and the abuse of their clipboard.
Leo Laporte [00:34:48]:
But I do think that maybe Microsoft's reluctance, you kind of hit it, is that they don't want to be reading the contents of the Clipboard on every single.
Steve Gibson [00:34:57]:
They don't have to, but they know where it came from originally. Yes, they track the origin and so you should not be able to paste from the Clipboard anything that was copied to it from a browser.
Leo Laporte [00:35:15]:
That makes sense. I mean, I do that all the time because Bit Warden, my password manager is an extension on my browser. And so I go there, get the password and then I paste it into a window somewhere.
Steve Gibson [00:35:26]:
Right. And, and so, and so it would make sense for you for, for default, for it to caution you and then you could say, oh no, thank you. Yeah, yeah. And you. And then you could have the option of turning that annoying thing off.
Leo Laporte [00:35:41]:
Right.
Steve Gibson [00:35:41]:
Like, we all wish we could just turn off the cookie reminder so they
Leo Laporte [00:35:45]:
don't have to look at the contents, just the origin. That's all. Right.
Steve Gibson [00:35:48]:
And they do track origin already. They know where contents came from.
Leo Laporte [00:35:53]:
Yeah, that makes sense.
Steve Gibson [00:35:54]:
Yeah. Yeah. And again, please, Microsoft, do it in the meantime, while we're waiting for that Leo, it may be quite a while,
Leo Laporte [00:36:03]:
but I'm willing to fill some of that time anyway.
Steve Gibson [00:36:06]:
All right. We all. We all really need a vault. Yes, that. Where we can. Because no one knows their password any longer. Anybody who does is not doing the right thing. I have.
Steve Gibson [00:36:19]:
And my wife really hasn't converted yet. And so she says, what is the password? And I go, well, honey, I. You know, I can't read it. I don't know, because, you know.
Leo Laporte [00:36:31]:
But I could share it with you. If you use Bitwarden, I can share it securely with you. Yeah, I. It's really an interesting issue. It's not. They shouldn't really call it a password manager, because I think everybody needs an encrypted spot vault put stuff. And so it's really much more than that now. And I think it's vital for.
Steve Gibson [00:36:51]:
Well, and with so much of our lives now being digital, not to be morbid, but there is the issue of what happens to a person's accounts when they're no longer able. You know, when they're. When they're no longer at the helm. You know, their. Their loved one or their family is saying, how do we deal with this? I mean, so, you know, how many
Leo Laporte [00:37:17]:
times have I got calls on the radio show with somebody with that exact situation? And Bitwarden has that. Actually, most password managers now have that capability to say, here is my designated survivor.
Steve Gibson [00:37:29]:
Right.
Leo Laporte [00:37:29]:
And a mechanism for giving that person all of that information. At least. Of course, my wife has all of that, and I'm sure Lori does, too.
Steve Gibson [00:37:38]:
Yeah, absolutely.
Leo Laporte [00:37:40]:
Yeah. Because we're getting on. Steve.
Steve Gibson [00:37:43]:
Well, I'm feeling good, and I'm going for episode 2000. So that's our next milestone.
Leo Laporte [00:37:49]:
Yeah, let's do it.
Steve Gibson [00:37:51]:
Okay. So one place we know Microsoft is paying attention, although they don't seem to be paying attention to abuse of the clipboard by online browser hackers, we know they're paying attention to the continuing antics of the security researcher hacker who fashions themselves Nightmare Eclipse.
Leo Laporte [00:38:13]:
Oh, Lord.
Steve Gibson [00:38:14]:
They're not happy about that person.
Leo Laporte [00:38:16]:
No.
Steve Gibson [00:38:18]:
There's been some speculation that it's a. A, A young woman who we've covered long time ago who was like camping in the in Alaska or something. I remember her, yes. Huh. Similar skill set. Worked for Microsoft for a while, presumably left unhappy and similar outrage.
Leo Laporte [00:38:48]:
Yeah, yeah, maybe it is. I didn't think.
Steve Gibson [00:38:51]:
There's been some online speculation anyway. Early last week SISSA confirmed that the Blue Hammer Windows Defender local elevation of privilege vulnerability was now seeing active use, Bleeping Computer wrote. CISA confirmed on Monday that ransomware gangs have begun exploiting a high severity Microsoft Defender privilege escalation vulnerability that's previously been abused in zero day attacks. So had been abused CISA got on board is the point. Blue Hammer, they wrote, was leaked by a security researcher known as Nightmare Eclipse in early April. Now keep track of that early April together with proof of concept exploit code. In protest at how the Microsoft Security Research Response Center MSRC handles the disclosure process, Microsoft explains in a security advisory quote, insufficient, I love this. Insufficient granularity of access control in Microsoft Defender allows an unauthorized attacker to elevate privileges locally.
Steve Gibson [00:40:03]:
What? Insufficient granularity? What a crock. That's like excusing a leaky water faucet by saying insufficient valve closure allows water to escape. Yeah, right. So you know, that's known as a leak. Anyway, what they're describing is not insufficient granularity but improper design. So how about taking some responsibility here, Microsoft? Anyway, Bleeping Computer continues Will Dorman, principal vulnerability analyst at Thoros, told Bleeping Computer in April that while the issue is not easy to exploit meaning Blue Hammer, it gives local attackers access to the Whoops Security account manager, the SAM database, which that's the world which contains password hashes for local accounts. With this access, they can escalate to system privileges and potentially take complete control of the targeted system, Dorman said. Quote, at that point the attackers basically own the system and can do things like spawn a system privilege shell or whatever, unquote.
Steve Gibson [00:41:15]:
Microsoft patch the vulnerability and here it is. Microsoft patched the vulnerability on April 14th two months ago. Wait, almost three, right? April made. Yeah, almost three as part of the April 2026 patch. Tuesday. However, days later, Huntress Lab security researchers revealed that threat actors had been exploiting it as a zero day in attacks that showed evidence of hands on keyboard threat actor activity. So not automated, but you know, a hacker in somebody's system using this escalation of privilege exploit in order to get control of the system. CISA added the Blue Hammer flaw to its KEV the known exploited vulnerabilities catalog on on the 22nd of April.
Steve Gibson [00:42:10]:
So again, you know, two and a half months ago, ordering federal civilian executive branch agencies to patch their Windows devices against ongoing attacks using that within two weeks, which would be bring it to May 7th. So by May 7th, CISA warned at the time, quote, this type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Unquote. While Microsoft writes bleeping computer has yet to tag this security flaw as exploited in attacks, why bother at this point? Everybody else knows CISA has now also flagged it as exploited in ransomware campaigns in a Monday update to its Kev catalog, which surprised no one. In recent years, CISA has flagged eight Microsoft Defender vulnerabilities that have been exploited in attacks, with two of them also targeted by ransomware gangs. Okay, so what's curious about the timing of this to me is that this flaw was patched way back on April 14th. So we've had the second half of April followed by all of May and all of June, because here we are in July 7th. So how is it that there are any Windows systems that have not been updated since April's maze or Junes patch Tuesdays or any time since? You know, no one, as we've said, no one deserves being attacked.
Steve Gibson [00:43:50]:
But asking for it is what this looks like. So the only explanation I can find would be some overzealous enterprise IT admin who's decided that allowing Microsoft to have unfettered update rights over the systems they oversee is a bigger problem than patching actively exploited vulnerabilities. And I think they're wrong, you know, or perhaps this hypothetical IT person is overworked and is just asleep at the switch, whatever, you know, they intended to get around to it but didn't. Whatever the case, the idea that Windows systems are being successfully exploited two and a half months after Microsoft made patches available and you know, those systems will, will be tr, if they're allowed to, will be trying to update themselves. Somebody is saying no, no, no, no, no, no. Anyway, it's, it's really unfortunate and so avoidable that this is happening. Having nightmare Eclipse posting proofs of concept for these prematurely disclosed vulnerabilities, I'm sure made matters worse, made it trivial for the bad guys to grab an example of how to do this and then start using it. But never updating Windows is also a no wins strategy, as everyone has seen.
Steve Gibson [00:45:22]:
I've, you know, the dynamics of the way the world has changed has really moved me in the direction of let updates happen. The, the incidence of them Causing a problem while not zero is low enough that the, the, the, the, the risk imposed by not doing it is far higher. Okay, so Leo Vint Cerf is certainly not a household name. I'm sure that none of the hosts of the View would recognize it. No, no, we do. We do. Certainly a name that is revered among the techies who have been present throughout the birth of the Internet. During a recent conference where Vint Cerf's pending retirement from Google was noted, he had some interesting things to share about where he sees things today and where AI may be headed.
Steve Gibson [00:46:27]:
TechCrunch covered this under their headline, the Father of the Internet is finally Retiring. They wrote Vinton Cerf will step down from his role as Google's chief Internet Internet evangelist next week, marking the conclusion of one of the most influential careers in technology history. And, and yes, I would argue that's not overstated. They continue writing speaking via video feed at the Open Frontier conference hosted by the Laud Institute, Surf was recognized by Dave Patterson, the UC Berkeley professor best known for co developing RISC processor architecture. Patterson said, quote, vint has been at Google for more than 20 years and he's retiring a week from today, so I think we ought to give him a round of applause for a relatively good career.
Leo Laporte [00:47:29]:
Relatively. Yeah, relatively invented tcpip. Big deal.
Steve Gibson [00:47:33]:
That's. That's right. The room erupted in cheers. Yeah, so it was neat. A Google spokesperson confirmed that that Surf will be stepping down from his role at the company. Surf now 83 and collaborator Robert Kahn are credited with being the architects of the networking protocols that became the Internet we know today. His work developing and popularizing TCP IP, the basic set of rules. This is, this is TechCrunch writing that lets different computer networks talk to each other.
Steve Gibson [00:48:11]:
Beginning in the late 1970s, has been recognized with numerous honorary degrees, the Presidential Medal of Freedom and a touring award, among other honors. Since 05, Cerf has served as vice president and chief Internet evangelist at Google. TechCrunch had in parens at this point we can safely say the Internet has been fully evangelized.
Leo Laporte [00:48:38]:
I think so that's.
Steve Gibson [00:48:39]:
And they said, for good or otherwise,
Leo Laporte [00:48:41]:
job, job well done.
Steve Gibson [00:48:43]:
That's right. Surf, they wrote, was speaking on a panel alongside other computer scientists known for their work on durable open source projects, including Patterson Francois Cholet, creator of the Keras Deep Learning library and co founder of of ndia. John Osterhoot, the Stanford computer scientist behind the Tickle, you know, TCL programming language, who also co founded Electric Cloud, and Matei Zaharia who is Databricks co founder and chief technologist. They offered advice about what it takes to build open source systems that survive, advice that's increasingly relevant as founders bet on open infrastructure for the next wave of AI products. Much of the conference's discussion focused on the problems with the centralization of advanced models in a handful of well resourced labs. In contrast to the decentralized world of the open Internet that made Cerf's own protocols so durable. However, Cerf predicted that the rise of AI agents, software that can act autonomously and coordinate with other software would push tech companies back toward standardized protocols. Cerf said, quote the agentic model of AI with multiple agents from multiple sources and interacting with each other is going to force composability and a requirement for interoperability and standardization, unquote.
Steve Gibson [00:50:31]:
If he's right, writes TechCrunch, the companies that define those interoperability standards early could end up with outsized influence over how the agentic economy actually works, a dynamic not unlike the early Internet protocol wars. While other panelists speculated that natural language communication between LLM agents would be sufficient, Cerf predicted formal standards would be required. He said, quote I don't think English is going to be the best choice. There's a flexibility in it, but there's also ambiguity and I think precision for interagent interaction is going to be very, very important. An agent really needs to be sure the other agent understands what it is that they just agreed to do together. Remember the old telephone game where you whispered a message in someone's ear and by the time it got 10 people away the message was totally different? Imagine a bunch of agents talking to each other in natural language. You know, that's kind of terrifying. Unquote.
Leo Laporte [00:51:48]:
I don't have to we have a discord chat with four agents talking to each other and it's cuckoo. It's really out there. You know, OpenAI has a standard, an API standard for how you talk to Codex that everybody uses. Anthropic has the MCP standard. I think it's already happening. I think he's absolutely right.
Steve Gibson [00:52:09]:
Yeah. And then their article concludes saying in a more light hearted moment, Patterson remember the the UC Berkeley inventor of Risk recalled meeting Cerf, known for his wardrobe of three piece suits. As a grad student in the 90s. Patterson said, he's always been the best dressed computer scientist I've ever met. My memory of Vint is that he came as a grad student with a shirt and tie in the 90s. Surf replied, it's absolutely True. I even had a vest. And for some reason I always wanted to stick out.
Steve Gibson [00:52:46]:
And instead of having long hair and something in my nose, I thought just, I thought just dressing differently was one way to do it.
Leo Laporte [00:52:55]:
He always wore a three piece suit. Here he is. I interviewed him in 2014 in his three piece suit. He always did wear that. He was very well dressed fella and a real gentleman. Genius. Just a genius.
Steve Gibson [00:53:09]:
So yeah, I would assert that Vint certainly did stand out, but not due to his choice of wardrobe, but because he turned out to be so completely correct about many of the design decisions that grew into the Internet. Through the more than 20 years of this podcast, our listeners have often heard me shake my head in wonder of the early genius that designed the Internet. It's easy for us to forget that there were many early competing and proprietary alternative protocols like Novell's IPX SPX, Apple's Apple Talk, Dex DecNet, Xerox's XNS, IBM's token ring. But TCP IP was also present and it was open, free and worked. No one owned it. And when Windows 95 shipped with a built in TCP IP protocol stack, that was pretty much the rest of the game. It's like, okay, it's done, it's out there now, everybody has it.
Leo Laporte [00:54:20]:
And by the way, gave it away. Right? He didn't try to make money on it.
Steve Gibson [00:54:23]:
Oh, absolutely. I mean the whole concept was here's how you do DNS, here's how you do ip, here's how you create a connection oriented association between two IP endpoint addresses. That's called tcp. If you don't want connection, you use udp. I mean, yeah, it was all open protocol and you know, and, and he was an early evangelist of this and it worked. And I think that, I think that there was a very early stack called Trumpet. Trumpet Windsock was.
Leo Laporte [00:55:03]:
Oh yeah, Trumpet Windsock, I remember.
Steve Gibson [00:55:05]:
And I, and I believe that that's what Microsoft grabbed and incorporated into Windows 95.
Leo Laporte [00:55:12]:
That makes sense. Yeah, yeah, yeah.
Steve Gibson [00:55:15]:
You know we're going to talk about Chrome 150, but we're at an hour in. Let's take another break so we don't get too far ahead of ourselves.
Leo Laporte [00:55:23]:
We absolutely best do that, Mr. And then.
Steve Gibson [00:55:25]:
Oh wait, wait till you, wait till you see what happened. Oh goodness.
Leo Laporte [00:55:31]:
Really? Okay. Oh, that's a tease. I don't know what it's a tease for, but that's a tease that makes me want to stay tuned. Now back to Steve.
Steve Gibson [00:55:40]:
So as the United States reaches 250 Chrome hits 150. I went to bring up the page of updates to get some sense for what Chrome 150 had wrought. So I clicked on the link which my system's default URL handler, Firefox, of course, then began to render and the page would not come up too big. Yes, actually that's exactly right, Leo. I received a little Google. It does now. I just tried it. I don't know what was going on.
Leo Laporte [00:56:16]:
33.
Steve Gibson [00:56:17]:
Yes.
Leo Laporte [00:56:18]:
Oh my gosh, yes.
Steve Gibson [00:56:21]:
Just scroll that sucker. I mean it scrolls and scrolls and scrolls and scrolls.
Leo Laporte [00:56:27]:
And by the way, many of these critical CVEs.
Steve Gibson [00:56:30]:
Yes. So.
Leo Laporte [00:56:36]:
Oh my God.
Steve Gibson [00:56:36]:
Just it's, it's astonishing.
Leo Laporte [00:56:40]:
This has to be fable, this error mythos. This has.
Steve Gibson [00:56:43]:
That's exactly what, what we are seeing overall. I, I don't, I'm. I don't want to forget to mention this. There's probably a place where I, I had intended to. I'm seeing this everywhere. You probably got a notice that there was critical updates for your synology. I just updated both of mine. I believe what we are seeing is what we saw pre Y2K, which is great.
Steve Gibson [00:57:10]:
Everybody is using AI on their own in the privacy of their own R D and their development shops to find and fix problems.
Leo Laporte [00:57:22]:
That's all from one version of Chrome.
Steve Gibson [00:57:26]:
I know.
Leo Laporte [00:57:27]:
Unbelievable.
Steve Gibson [00:57:28]:
What I know. It's astonishing. And I've, I. There have been a couple other things where I, I've had updates and I thought, wow, that's a lot of updates. And I went back and looked at the previous one where there was like one thing fixed, the one before that one thing fixed and one before that, one thing fixed, and then this one is like 27. So what, what the. The feeling I'm getting is that what we had hoped would happen is happening, which is, is quietly, without a lot of fanfare. Everywhere the word has has gotten to people writing software that they can invest in some tokens and they can get their software fixed.
Steve Gibson [00:58:11]:
And we're seeing updates far more comprehensive than they have been historically. So the, the, the little page here says the Chrome team is delighted to announce the promotion of Chrome 150 to the stable channel for Windows, Mac and Linux. This will roll out over coming days and weeks. Chrome 1500 7871, 46 for Linux and either 46 or 47 for Windows and Mac, they said contains a number of fixes and improvements. Well, yeah, 433, that's a number. It's got three digits.
Leo Laporte [00:58:56]:
A number with lots of digits.
Steve Gibson [00:58:58]:
That's right. So they said a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 150. I'll talk a little bit about that then. Under the section titled Security Fixes and Rewards they write Note access to bug details and links may be kept restricted until the majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but have not yet fixed. They said this update includes 433 security fixes, not just random like oh, the font was the wrong size. Oh, speaking of which, they there is a new they are now supporting the feature in CSS where the font will scale itself to the area provided which isn't that handy.
Steve Gibson [01:00:05]:
Yes, as far as I know they're the first person to do or the first browser to do that. Anyway, they said Please see the Chrome security page for more information if you can get it to display. So yes, 433 security fixes and as I as we've said, we've both seen the page just scrolls and scrolls and scrolls. So it's sorted by severity with the most severe first. So at the top we see that all of the first 20 of those 433 which were all found by Google themselves as all as were most but, but but the 21st one wasn't so I'll get there in a second. All of those first 20 are critical. So 20 critical security flaws fixed and
Leo Laporte [01:00:55]:
running like some brand new application that's not being actively maintained by the best
Steve Gibson [01:01:00]:
engineers in the world. Chrome.
Leo Laporte [01:01:02]:
This is Chrome. Wow.
Steve Gibson [01:01:05]:
Yeah, wow. So we see Use after free in Extensions, Use after free in gpu, Use after free in Angle type confusion in dawn and Insufficient validation of untrusted input in iOS web use after Free in Web USB Use after free in Chromoting Insufficient validation of untrusted input in Angle Insufficient validation of untrusted input in Skia Use after free in Dawn Use after free in Browser Use after free in Views Use after free in Views. You get the feeling that they put a memory tester on this Use after free in Skia Use after free in Bluetooth out of bounds, Read and write in Dawn, Use after free in Ozone Heap buffer overflow in Skia, Use after free in Chromoting and a Use after free in Full screen. So it's pretty obvious that some sort of new tooling has been quite successfully deployed against the Chromium code base to discover 433 previously unknown problems. They didn't fix these last month. They didn't know about them. They didn't know about them last month. As we know, a use after free where an attacker is able to control the data that's used is a premier means of remotely taking over a system.
Steve Gibson [01:02:35]:
And as we frequently observe, today's web browsers present the largest and most vulnerable attack surface to the Internet. Since by design they execute untrusted code supplied by not only every site the user visits, but every third party that wishes to supply their own content.
Leo Laporte [01:02:58]:
Yes, just that statement should make you terrified.
Steve Gibson [01:03:01]:
It should. It is utterly insane. It is insane. But it's what we are all doing today. Yes. How did we get. How did this happen? Right? So next up, under those 20 critical vulnerabilities that have all been repaired with the release of Chrome 150, we have the first high. It's rated a high vulnerability, high stakes vulnerability, and this one was interesting.
Steve Gibson [01:03:30]:
It's been assigned the CVE of 202614382 and its description is insufficient validation of untrusted input in angle. What makes it interesting is that its anonymous discoverer and the reporter of this earned him or herself a bug bounty from Google of a cool quarter million dollars in return for reporting this. And this brings me to an observation that I have missed until now. We've talked a lot about bug bounties and about the feasibility of, you know, followers of this podcast perhaps earning sufficient income on the side from finding and reporting bug bounties to significantly augment and maybe even supplant their day job. The acknowledged problem with that is that finding exploitable vulnerabilities at that time, when we were previously talking about this a year or two ago, required both sufficient expertise and potentially really significant amount of time invested. But as we've been covering for months now, AI has now largely eliminated both of those limitations. Near the start of what was happening, I observed that the future of PWN to own competition and programs like HackerOne were probably endangered. And in fact, last week we saw five of the six pwn to own Berlin contestants drop out after Mozilla patched a single flaw that they were that five of those six were all depending upon.
Steve Gibson [01:05:24]:
It's like whoops. But when I spoke of bug bounty programs disappearing, I was talking about a future after the legacy of past troubled software had all been cleaned up. That's not today, that's not yet. That's some future day. This moment in time is the optimum opportunity for someone who has the motivation to score some available bug bounty while also helping to improve that software and beat the bad guys to the punch. The time is now, while AI vulnerability discovery is still in its infancy and bugs are so numerous that webpage attempting to list them are unable to load before timing out. If you may have considered this before, you may wish to consider it again. The game has changed and that same lowered bar that has the world worried that bad guys are going to take advantage allows the good guys to also and as we've seen, it's not necessary to have access to the latest and greatest expensive models.
Steve Gibson [01:06:38]:
So dive in, hang out in forums where this is being discussed. You'll learn a lot and who knows, might happen you might make some money. The other changes that Google brought to Chrome 150 were the addition of post Quantum crypto. Chrome now supports something called MLDSA for TLS connections, something Vince never thought about. MLDSA is model is Module Lattice based digital signature authentication. Back during its development we talked about it because it was known as Crystals Dilithium, where crystals is the acronym for cryptographic suite of algebraic lattices. But once the algorithm was approved by nist it was formally renamed to the much more boring ML dsa. MLDSA is a general purpose digital signature scheme meant to replace RSA and ecc, you know, elliptic curve crypto based digital signatures.
Steve Gibson [01:07:48]:
Its performance is already on par with previous schemes and will likely improve going forward. The downside is that the signatures and public keys are significantly larger than their non quantum safe predecessors which we're still using. This creates potential resource issues, you know, resource size issues that must be accounted for in the system's design and deployment. So it might break some space allocation assumptions in the short term and require a bit of re engineering. You know, it's not going to pro, it's not going to just like break things because both sides have to agree upon their ability to handle the signature and public key sizes. Once they both do, then it's like hey, we get to use post quantum crypto. Chrome 50 also adds support for the Fido Alliance Credential Exchange standard in Chrome on Android and also a new always use Secure Connections mode as well as some new UI elements including new icons, context menus and settings. The most interesting new feature for us is probably Android Chrome's support for what essentially is Passkey Exchange.
Steve Gibson [01:09:11]:
This was a well thought out solution by a committee of designers who that included representatives for 1Password, Dashlane, Bitwarden, NordPass and Google. They got it right since actually it wasn't very difficult to get it right. While it's really just a matter of securely encrypting a bundled up blob of metadata, the composition of that metadata needed everybody's input to keep from missing something important. Now we just needed to be supported everywhere. The spec, which was published two years ago, suggests that now it's time to get it supported so that pass keys and you know, essentially all the data that is a passkey can be securely moved from one client to another. It's clear that's going to happen. It'll just take some time, as indeed these things do. In a bit of miscellaney I want, I noted that everywhere I looked everybody was covering a little bit of news.
Steve Gibson [01:10:20]:
Maybe schadenfreude, I don't. I'm not sure. But since it has, you know, already altered current behavior and will almost certainly inform future behavior, I wanted to share the news here. The European Union's highest court, that is the court of last resort, rejected the final appeal made by Google against a record antitrust fine. Google's argument was that the Euroblock was unfairly penalizing innovation. Yeah, right. You know, their unfairly penalizing innovation by preventing Google from forcing all Android users to use Google's stuff in order to use Android. Good luck with that argument.
Steve Gibson [01:11:14]:
Anyway, the reporting on this reads Google will have to pay a record 4.125 billion euros, which is currently around $167 billion in antitrust fine over anti competitive practices after the European Union's top court ruled against an appeal by the tech giant on Thursday. Last Last Thursday, the European Commission initially imposed a 4.3 billion euro penalty back in 2018. So fully eight years ago, accusing Google of abusing its Android systems market dominance by requiring all phone makers to pre install Google Search and Chrome. The EU's executive branch accused Google of restricting competition while imposing the block's highest antitrust fine ever. The EU's General Court upheld the findings in 2022, but they reduced the fine from 4.34 billion to 4.125 billion. Not much of a reduction. Google then appealed to the Luxembourg based Court of justice, the EU's highest court, which has now sided with the bloc's antitrust enforcer. The justices of that court said, quote, the appeal brought by Google and its parent company Alphabet against the judgment of the General Court is dismissed, thereby confirming the penalty imposed for Google's searches.
Steve Gibson [01:12:55]:
Abuse of a dominant position in the context of the Android operating system, unquote. Google claimed the case was unfounded, saying that the sanction penalized innovation and that Android users were free to download rival apps. Google said in a statement, quote, in any event, we adapted our agreements to comply with the initial decision back in 2018. That's what I referred to or that's what I was referring to when I said behavior had been altered and we remain focused on continued innovation and openness for our users, partners and developers, unquote. Earlier, Google had also accused the EU of being blind to practices by Apple pushing its own services on iPhones. It occurs to me that Google was maybe not paying attention to what the EU did with Internet Explorer Leo way back in the early days of Windows, which, you know, very similar outcome. They the this reporting finishes saying the latest case is one of several antitrust disputes between Google and the EU which find the company more than 8 billion euros between 2017 and 2019 over antitrust violations. The EU has other open investigations into big tech giants under its Digital Markets act, the dma, and Thursday's ruling sets the stage for the bloc's regulatory crackdown.
Steve Gibson [01:14:25]:
Among the other EU sanctions Google is facing for exploiting its market dominance are a 2.95 billion euros fine from Sept. 25 for favoring its own advertising services and a 2.4 billion euro competition fine for promoting its own shopping services. So I previously noted during a podcast long ago that there was a shockingly large gap between imposed versus paid fines. This gave the impression that the imposition of the fines were just pro forma and that they could, they could and would simply be ignored because that seemed to be what was happening. In looking a bit deeper into this for this reporting, I learned that in every case when a fine is imposed, the challenger of that fine is required to place the entire fine amount into an escrow where it will be held during any series of appeals. So for example, that $4.6 billion that Google just lost had already been captured by an escrow years ago and has been out of circulation ever since. Upon losing that appeal, the escrow is now collectible by the European Union and the EU shows no signs of letting up. Google, Apple and Meta are all currently contesting fines over various antitrust and anti competition law violations totaling more than 6 billion euros since the start of 2024.
Steve Gibson [01:16:12]:
Google's fighting an ad tech fine of 2.9 billion euros, Apple's arguing against a 500 million euro anti stock steering fine, and Meta is appealing a 797 million euro marketplace fine. So you know, no, the the EU is just saying we're not putting up with you know any of this behavior which the US seems to be fine with, we're going to require that, you know, true competition be supported. And while we're talking about the European Union, it's worth noting that the ever controversial Chat Control has not surprisingly refused to die. Not surprisingly because it, you know, it was never fully resolved and I could argue maybe it's never going to be. It is a fundamentally unresolvable sore point and I don't see how it can go away. Chat Control, that phrase of course is the euphemism that's been given to the requirement to detect and prevent any and all illegal communications among citizens of the European Union. There's just no getting around the fact that the prevention of any illegal communications makes necessarily requires somehow the monitoring of all communications in order to determine if any are illegal. And in this regard the EU has apparently painted themselves into their own corner.
Steve Gibson [01:17:59]:
Since any such communications monitoring flies in the face of their own citizenry's privacy laws, which they also have and which are also absolute. What they want is obviously impossible on its face. They say they want to give their citizens privacy, but that only applies to legal communications. And any enforcement of this requires a breach of all that privacy. Recall that the previous chat control 1.0 was a voluntary scanning scheme. Few companies complied with it even so, but a few did. And what happened was that it was renewed and remained optional. But by Comparison Chat Control 2.0, which is what is now looming, is the pending permanent so called CSAR child sexual abuse regulation.
Steve Gibson [01:19:03]:
This if it happened and it's like still hasn't gone away. There's a vote next week. This would impose a mandatory scanning framework. This 2.0 legislation has been through trilog negotiations since December 25, with meetings held on December 9 of last year, then February 26, April 16 and May 16 of of this year, the fifth and supposedly final one reports say that it just happened and there's. I saw some reports that said it's about to happen. So some there was Something happened on June 29th, but apparently something's also happening next week. We should know what's gonna what is actually happening shortly. It's we're currently under Cyprus's Council presidency.
Steve Gibson [01:20:00]:
So far any conclusions from these multiple rounds of trilog negotiations are unknown. No one knows what's been happening behind closed doors, but we should know soon. And as I said I don't see what's like any way to resolve the conflicting goals that the EU themselves have, let alone what the the vendors of communications systems are going to do all of the big guys have written to the EU like Apple for example, saying, you know, don't do this. There's just no way to do what you want in a privacy enforcing fashion. There was also a report that I saw which I didn't put in into the show notes that mentioned that fully 1 in 4 of all AI attempted automated recognition of CSAM material was a, was a false positive. So AI wasn't either. Wasn't was also not doing a good job of this. So I don't know.
Leo Laporte [01:21:08]:
I think CSAM is just the excuse. I think these governments really do want, want access.
Steve Gibson [01:21:13]:
Yes, yes. They want to have communications that, that they can monitor. At the same time they say they want to give their citizens privacy, you know, can't do. I don't know how you, yeah. I don't know how you resolve that.
Leo Laporte [01:21:26]:
The sad thing is they've changed the rules which makes it more likely to pass. And I have a feeling this time it's going to get through.
Steve Gibson [01:21:33]:
Yes. And what I've seen noted is that some countries are signaling a, a new willingness to pass it. The question is what is going to pass and what will the vendors do?
Leo Laporte [01:21:47]:
Well, we know Signal will leave. Speaking of signaling. Signal will leave.
Steve Gibson [01:21:50]:
Yes, Signal will leave. I don't know, I don't know about Telegram. But then, you know, Apple Telegram cares. Yeah.
Leo Laporte [01:21:59]:
They'll see this as an opportunity frankly.
Steve Gibson [01:22:02]:
Right. Because. Because Signal, their big competitor will say sorry, we, we can't offer our services.
Leo Laporte [01:22:09]:
I think really Apple and Android are really going to be the big question marks because both of those have Strong encryption with RCS and WhatsApp.
Steve Gibson [01:22:17]:
Same.
Leo Laporte [01:22:18]:
WhatsApp. Yep. It uses the signal protocol. That's right.
Steve Gibson [01:22:22]:
Wow. Really, really interesting. It just won't go away.
Leo Laporte [01:22:26]:
No.
Steve Gibson [01:22:27]:
A research paper published during last week or during, sorry the last week of June, so two weeks ago was titled Protocol Prying Systematic vulnerability Research in the Apple Airdrop and Android Quick Share proximity transfer protocols. Okay. You know like you know, move transferring something between devices that are near each other. Okay, I'm just going to share the abstract while breaking in to comment on their. On the abstract writing. They wrote Apple Airdrop and Google Samsung Quick Share are proximity file transfer protocols used by over 5 billion devices. Yet their application layer security properties remain largely unstudied because both stacks are, are proprietary and undocumented. Okay, now what? You know this is an all too familiar problem, right.
Steve Gibson [01:23:37]:
We've got something which is where we're just being asked to believe it's secure, yet there's no proof of that. I mean, I get it, I guess on Apple's side that they're saying, well, you know, we don't document these things, we fix them. If, when problems are found. How can you find problems if you, if, if you force researchers to reverse engineer the, you know, extracted code or, or on the wire protocol, it's just still the wrong way to operate. But we're in a world where we do have proprietary companies offering solutions. Not everything is open source yet they said both protocols are reachable from wireless proximity without any prior pairing and process complex serialized content. Oh, binary P lists, CPIO archives, protocol buffers, U key, two handshakes and they do this inside privileged demons, making them attractive zero click targets across multiple operating systems. Okay, so the attacker needs to be within typical airdrop quick share distance of their target.
Steve Gibson [01:25:00]:
We know the danger inherent in taking serialized content assuming that it was serialized by a friendly party, then deserializing it to restore its original structure, you know, kind of reinflating it. Deserialization means interpretation and we've seen so many times how fraught with error interpreters can be when they're not completely protected. And to make matters worse here, these deserializing interpreters are running inside privileged demons, meaning that any code an attacker may be able to cause the interpreter to execute will have system level privileges. It's in the kernel, so no need to also elevate. You're already elevated if you can get code to run. So they continue writing. We perform the first cross platform reverse engineering and protocol aware fuzzing study of both stacks. We reconstruct airdrops seven layer state machine and dvzip adaptive compression from binary analysis.
Steve Gibson [01:26:20]:
Build Air Fuzz, a protocol aware fuzzer that mutates pre compression representations and complement it with targeted handwritten analysis of Samsung's Quick Share service and Google's Quick Share for Windows. We discover a total of six vulnerabilities. Three are pre authentication issues in macOS,OS airdrop. The first is Swift fatal error DOS in the HTTP path router. The second is an unbounded XML plist recursion in foundation and the third is a null dereference in network frameworks HTTP 1.1 parser. We found two protocol layer flaws in Samsung Quick Share. The first is a pre authentication offline frame dispatch and the second is a D to D encryption bypass for three frame types. The last problem was a heap use after free in Google Quick Share for Windows for which Google awarded a bounty.
Steve Gibson [01:27:30]:
We responsibly disclosed all findings. Apple Samsung and Google have acknowledged the reports, so these are all clearly bugs and should be readily fixable by their respective publishers. So I'd imagine that we'll be seeing updated, you know, updates, addressing them soon. Still, it's annoying that the researchers had to go to such extreme lengths, prying apart proprietary protocols, figuring out what was going on, creating a fuzzer to essentially, you know, attack the, the interpreters of those protocols, find problems, reverse engineer the problems. Like, okay, Apple's not doing that. There ought to be some way to, to cross that Rubicon. I, I don't know what that would be, but I do know what it's time for. Leo.
Steve Gibson [01:28:29]:
Oh, and then we're going to talk about at some length, bypassing Anthropics and OpenAI's guardrails.
Leo Laporte [01:28:41]:
Time for our hydration break, as they say in the World Cup. He's got. What are you drinking? Orange juice. What's wrong with you?
Steve Gibson [01:28:50]:
Diluted three to one.
Leo Laporte [01:28:52]:
Oh, okay. No more coffee. You've had enough.
Steve Gibson [01:28:55]:
I'm. I'm running around so much. It's. As I think I mentioned last week, the Apple Health app is saying what is going on with you? Because it's like just jumped up in the amount of activity, but it's been great.
Leo Laporte [01:29:08]:
What? What? So just what's going on in your heart rate? And it's like. But it's happy that you're working so hard.
Steve Gibson [01:29:15]:
It's just my is my phone in my pocket and it says my number of steps have gone from 2,000 to 5,300.
Leo Laporte [01:29:23]:
Because you're moving.
Steve Gibson [01:29:24]:
Because I'm moving from one to go back and forth and up and down. Stairs. Yes.
Leo Laporte [01:29:29]:
Stairs is good. Stairs is good for you.
Steve Gibson [01:29:32]:
Okay, so deep keeps D E E P K E E P. Deep keeps research paper has the headline inKject I n k j e c t inKject colon the visual prompt injection that text defenses were never meant to stop or never built to stop. Their paper reads, A user asked an LLM to deploy a website. Oh, and I should mention Leo. This is why an AI's guard rail technology benefits its user as opposed to encumbers its user.
Leo Laporte [01:30:22]:
Okay.
Steve Gibson [01:30:22]:
Why it could be dangerous to use a powerful Chinese AI that doesn't have the same guardrails.
Leo Laporte [01:30:30]:
Oh, which I am. Okay, so quickly tell me.
Steve Gibson [01:30:33]:
A user asked an LLM to deploy a website for. From a public repository. Standard workflow. The model retrieved the code, processed the repository's assets, and built the site as requested. It also created an admin account with attacker controlled credentials. Whoopsie. Silently embedded in the back end. The user saw none of it.
Steve Gibson [01:30:59]:
The model flagged nothing. Every guardrail in place treated the task as clean. The instructions that caused this were sitting inside an image file in the repository.
Leo Laporte [01:31:13]:
Oh.
Steve Gibson [01:31:14]:
The model read them and followed them. That is inkject steganography? Yes. The attacker never touched the user's system, the user's environment, or the user's credentials. They uploaded an image to a repo to a public repository. That was enough. Direct versus indirect why the distinction matters Visual prompt injection is not a new concept. Researchers have demonstrated that instructions embedded in images can manipulate Visual language models. VLMs.
Steve Gibson [01:31:53]:
Some vendors have implemented mitigations for the most straightforward cases. Inkjet is an indirect variant. The word carries a lot of weight. In a direct attack, the attacker needs the user to interact with a malicious image. The user has to upload it, reference it explicitly, or send it through a channel the attacker controls. That creates a dependency. The attacker needs the user to do something. In an indirect attack, the attacker does not need the user to do anything beyond their normal workflow.
Steve Gibson [01:32:33]:
The malicious image sits in a public location. When the user asks the LLM to work, the model retrieves and processes the image on its own as part of the task. The user does not know the image is there. The model pulls it anyway. The attack surface for indirect injection is not a specific user interaction. It's every asset the model will autonomously retrieve during the course of its work. Every string, every image, every file could be malicious. So how does InKject work? The setup is simple.
Steve Gibson [01:33:16]:
An attacker embeds malicious instructions inside an image and hosts it where a vlm, a visual language model, is likely to encounter it during a task. The instructions are designed to evade security scanning while remaining legible to the model. When a user asks the LLM to deploy or interact with that repository, the model retrieves the image as part of its normal operation. Through its inherent ability to process images, it reads the embedded instructions and executes them alongside the user's actual task. The user receives a result that looks correct. The unauthorized action has already been taken in our test case, and they've got five bullets. First, a user asked an LLM to deploy a website from a from a public repository. The repository contained an image with embedded instructions.
Steve Gibson [01:34:20]:
The model retrieved and processed the image as part of the deployment. The hidden instructions told the model to create an admin account with full privileges on the deployed site. The website was deployed as requested. An attacker controlled admin account was created without the user's knowledge. The model did not flag the instruction it did not warn the user. It completed both the requested task and the unauthorized one with no visible indication that anything out of scope had occurred. InKject works because of a gap between what security tools can read and what visual language models can read. We found two distinct techniques that exploit this gap.
Steve Gibson [01:35:13]:
Both defeated the guardrails on all four tested models. The first technique employs white text on a white background. Malicious instructions are rendered in white or near white text against a white background. The image looks blank to any human reviewer. Security scanning tools that evaluate image content for harmful material also miss it. They are looking for recognizable visual content faces, objects, explicit material, known threat signatures. A white rectangle with no visible contrast registers as an empty image, but the VLM reads it without difficulty. This is not a quirk of any specific model.
Steve Gibson [01:36:06]:
Visual language models are built to extract meaning from images across a wide range of conditions, including low contrast, faded text, and challenging backgrounds. That general purpose visual capability is precisely what the attacker is using. The model sees what human reviewers and automated scanners do not. The second technique uses skewed and distorted text. Some security architectures attempt to catch embedded instructions by running images through OCR before passing them to the model. The reasoning is if you can extract the text first, you can run it through the same filters that catch text based injection. But skewing or distorting the perspective of embedded text breaks OCR extraction. The characters are rotated, warped, or transformed enough that OCR returns garbled output or nothing at all.
Steve Gibson [01:37:16]:
The security filter sees clean input, but the VLM reads the original instructions accurately. This is the core of the capability gap inKject exploits. OCR and visual language models do not read the images the same way. OCR looks for well formed character patterns under expected conditions. VLMs interpret visual content semantically, including text rendered in ways that OCR cannot process. Any security architecture that treats these as equivalent has a blind spot that can be precisely targeted. We tested both techniques against four models across two providers and they are the top two the providers. All four executed the injected instructions.
Steve Gibson [01:38:15]:
All four would refuse the same instructions delivered as plain text. Open AI and Anthropic have both invested heavily in defenses against conventional prompt injection. These systems work. They catch a wide range of text based injection attempts, flag suspicious patterns, and block instructions that arrive through the prompt. Inkject bypasses them because it does not go through the text layer. The malicious instruction lives in an image. The VLM processes it through its visual encoder before any text level analysis occurs. By the time the model processes output, sorry produces output it has already read the embedded instruction and acted on it.
Steve Gibson [01:39:13]:
The guardrails that stop quote Create an admin account with these credentials unquote in a text prompt do not stop the same instruction placed inside an image. The same instruction delivered visually executes without resistance. This is not a failure of any specific safety system. It's a consequence of where those systems were built to operate. They were designed for models that process text vlms process images too, and that processing happens upstream of the controls. We tested InKject against four production models OpenAI GPT 5.2, OpenAI GPT 5.4, Mini Anthropics Claude Sonnet 4.6, and Anthropics Claude Opus 4.5. All four were susceptible to both evasion techniques. Attack success varied across models, but no model in the test set blocked the injected instructions.
Steve Gibson [01:40:26]:
The vulnerability was disclosed to OpenAI and Anthropic prior to this publication. So why does this model now? Why? Why does this matter now? Visual language models are not being deployed as novelties. They're being embedded into production engineering workflows, repository analysis, code generation, automated deployments, infrastructure product provisioning. These systems have real access to real environments. The indirect nature of inkject means the attack scales. An attacker does not need to target specific users or compromises specific sessions. They need to implant a malicious image somewhere in the path of assets. VLMs routinely retrieve public repositories, image hosting services, shared asset libraries.
Steve Gibson [01:41:23]:
Any of these is a viable delivery point. One image can affect every user whose VLM retrieves it. The attack also leaves no obvious trace. The model completes the user's requested task. Nothing in the output signals that an additional unauthorized action occurred. A user who deploys a repository and reviews the result sees a correctly deployed site. The unauthorized account is there, but they have no reason to look for it. 40% of generative AI solutions are predicted to be multimodal by 2027.
Steve Gibson [01:42:03]:
The workflows being built today on VLMs are the attack surface inkject targets. Security architecture for these systems needs to account for what the visual layer can do, not just what the text layer can do. InKject demonstrates three things that have practical implications for any organization running VLMs in production. First, indirect injection is viable at scale. Attackers do not need direct access to a target user or system. They need access to content that a VLM will retrieve autonomously. Second, the capability gap between OCR and vlms is an exploitable attack surface. Defenses that rely on OCR to pre process visual content assume equivalence that does not exist.
Steve Gibson [01:43:01]:
That assumption is wrong in exactly the ways an attacker needs it to be. And finally, third, text based guardrails do not transfer to the visual layer. The same instruction that triggers a refusal in text executes without resistance in an image. Until defenses are built to operate at the visual processing layer, that gap remains open. InKject was discovered by Deep Keep's research team and the vulnerability was disclosed to OpenAI and Anthropic ahead of this publication. So my takeaway from this is the need to remain very careful as a user of current generation AI, be vigilant and as aware of all the ways that things can go wrong as possible. Also, as I said, this research suggests that we may be seeing a long term divergence in the delivered safety of AI models. These very responsible Deep Keep researchers notified anthropic and OpenAI immediately.
Steve Gibson [01:44:22]:
And, and we know that both of those two top tier commercial AI providers are already in the crosshairs of the US government. So they're going to be on their best behavior and they will have certainly already jumped onto this research and either have or soon will have closed yet another loophole in their AI's guard railing. But what about all the other AI systems and models which are now proliferating around the world? Will they care as much? Will they need to? We've become used to guard railing being put in place to prevent the abuse of AI by malefactors. But the point of this research is to show that malefactors may be able to to use this technique not to trick an an AI into providing them with knowledge and information that it should not, but to indirectly take some action against unwitting end users of the AI on the malefactor's behalf. This suggests that that the use of any AI whose guard rails may not be absolutely state of the art doesn't just allow its users to get away with things they should not. It also means that its users could be indirectly attacked due to the lack of the fully comprehensive guard rails their chosen AI is using. And that's a big deal.
Leo Laporte [01:46:14]:
Yeah. So takeaway is I shouldn't just take stuff off the web and give it to my AI, I guess.
Steve Gibson [01:46:21]:
Well, depends upon your AI. I would say it's safe to give it to Anthropic.
Leo Laporte [01:46:27]:
Let me do anything anyway.
Steve Gibson [01:46:29]:
Claude. Or Chat GPT. Exactly. They're going to have a need knee jerk reaction. But they're. But as a consequence of this research they will now be scanning any imagery.
Leo Laporte [01:46:42]:
Right.
Steve Gibson [01:46:42]:
That that your AI might encounter while it's doing its work. And, and we talk. Remember how long ago we talked about this idea of like, like you could embed commands in images. Well, so they put in an OCR to check for commands and images.
Leo Laporte [01:47:01]:
Right.
Steve Gibson [01:47:01]:
But. But turns out you can do it in a wacky way, that an image processor which is designed to pull meaning from an image will still be able to read even though Both Anthropic and OpenAI's image scanners were missing the embedded text. So the embedded text finder is going to get better. My worry is why would everybody's embedded text finder take the time to get better? And if there's a gap, then it means that there could be problems with, with a, with using an AI that isn't protecting you against its encounter with deliberately embedded malicious material that arranges to get in. So it's a little spooky.
Leo Laporte [01:47:57]:
Yeah.
Steve Gibson [01:47:58]:
Okay, so it's been a while, as I mentioned at the top of the show, that I've talked about GRC's primary bread and butter product, of course, Spin. Right. But I had the occasion on Sunday, two days ago to have a proud father experience. My wife Lori and I, as we've said, have been wrapping up our move into our new and our new and final home. She hates it when I call it that, but I'm sure it is at this point, everything is out of our previous place, but very little is organized in the new place. And over morning coffee, we were talking and taking stock in what needed to happen next, how to organize where we are. She mentioned that she needed to do something that would. Would require a PC.
Steve Gibson [01:48:51]:
And as I've noted before, she uses her iPhone for PC things that would drive me nuts. I just like, hey, you have a real computer around the corner. Why don't you use that? But you know, it's the computer that she's holding in her hand that she uses. So I get it. And I asked her whether she'd like me to reassemble her PC, you know, get it all plugged back in and ready for her. And she said no, that she wanted to use her laptop. You know, like going forward for all of these such things. She just doesn't really need a PC full time.
Steve Gibson [01:49:25]:
A laptop would be enough. So I told her that I had no idea where the laptop that she had been using was, but that I'd try to track it down. Fortunately, it was a. It was, it was a soft laptop bag. It was in a soft laptop bag. That is a brand we both like. It's. The brand is in case it's got a distinctive, almost fluorescent green tag.
Steve Gibson [01:49:50]:
So I was able to Find it easily since it hadn't been used in many months. I, of course I wanted to do the right husband, you know, the techie husband thing. I needed to join it to our new WI FI network. And of course I would run Windows Update and get it all, you know, settled and ready for her. The laptop was Adele, which is my second favorite brand after Lenovo. So I plugged it in, powered it up, and I watched the Windows 10 roller coaster dots spinning around and around and around.
Leo Laporte [01:50:25]:
We've all been there.
Steve Gibson [01:50:26]:
Oh my God. And actually after a while I became concerned that something was wrong. Because I mean it, I it two probably 200 spins. You know that. Oh, and the little disk drive icon was lit up solid the entire time. So I thought, okay, whatever it's doing, I mean, it's like, it's like just what? Anyway, and at the time I was working on today's podcast, so I just let it keep going on the side. Eventually it got itself booted. So I joined it to our brand new WI FI network and ran Windows Update.
Steve Gibson [01:51:09]:
That also took nearly forever, but it did finally finish. After the update, I noted that booting wasn't any faster. So I decided it was time to run Spinrite 61. Time for six. One on it. And I've pasted the before and after benchmark photos from our Spinrite 61 customers before. I've never pasted them from me. Your own pictures, My own pictures.
Steve Gibson [01:51:45]:
What I immediately saw before running spinrite on the drive. But just running spinrite's built in benchmarks. Oh, look at this. Wow. The the front of the 256 gigabyte SSD was astonishingly slow. It was clocking in at just 13.445 megabytes per second. 13.445. Whereas the middle and the end of the same drive was running the way it should be at 570.5 megabytes per second.
Steve Gibson [01:52:27]:
So we have 13.4 versus 570. Now, this was the phenomenon that the group of us who were testing spin right 61 throughout its three and a half year development became quite familiar with. And I've shared, as I've said, many of our other users, similar reports since then. But I may not have ever had the occasion to witness myself on a real live system that someone I cared about was going to be using. So I fired it up on level three, which is what's necessary to refresh the entire storage surface of an ssd. And I watched it painfully run the real time monitor page of Spin Right lets Us watch the individual reading and writing phases spin right is reading 16 megabytes at a time. 6.6.3 is able to do that. And, and it's got a, it's got a bar where, where it shows what, which phase of the work it's on where, where the first one is reading.
Steve Gibson [01:53:40]:
And it may do other recovery things if necessary. And if you're running on different levels and then the last one is where it's finished, it writes it back. And so it normally would just be, it would just be a flick on the read and then a writing as we know on an SSD always takes longer than reading. So it would normally you would mostly see it sitting on writing and it would. And it would briefly flick up to read and then back down to writing. That's not what was happening. It was sitting on the reading phase for a long time and then, then dropping to writing and then back up to reading again. So you know, again it's what I expected but it was an extreme case of that.
Steve Gibson [01:54:26]:
So that meant that for that. Well, I'm getting ahead of myself. One of the more amazing things that I should mention that I've witnessed across many brands now of SSD is how slow an SSD can become while still. And I'm kind of amazed by this still finally being able to obtain an error free read. It is retrying and it is applying error correcting like crazy. But it ends up getting the data back. Those 16 megabyte blocks that Spinrite 61 reads at a time are typically composed of, of eight logical 5K sectors, meaning a 4K byte physical block. So, so SSDs are actually allocated in 4K pages 4K physical blocks.
Steve Gibson [01:55:28]:
So for every 16 megabytes that SpinWrite reads, that's four thousand and ninety six individual 4K byte physical blocks being read. And apparently in this case on this drive, a large Percentage of those 4096 individual 4k byte physical blocks must have needed retrying and rereading and error correction, rethresholding, whatever it took to finally pull the data off. But I'll be damned if every single block was not finally read without a single error. It might slow way down, but the SSD controllers are clearly prioritizing read recovery over speed, which makes sense. That's exactly, yes, that is exactly what we would want. The problem is Leo, this is so gradual over time that people adjust to it. They, they just, they, you know, it didn't happen suddenly one morning. It's just, it's slow.
Steve Gibson [01:56:35]:
It's over time, it just things slowed down. So anyway, this was going on. It was going painfully slow. So I turned back to work on the podcast and let six one grind away on that Dell laptop's ssd. After a couple of hours, I looked over and noticed that it was now about halfway done and zipping along. Spinride had moved through and past the slow beginning regions of the drive into the unused territory where the drive probably knew that nothing had ever been stored there. Now, what's interesting about SSDs is they know that an old school hard drive doesn't. But those regions were still fully trimmed, meaning that the SSD's controller did not even need to read from the media, since, as I noted, the drives, yes, its controller would have known that those regions contain no data.
Steve Gibson [01:57:38]:
Okay. And since there was no point in continuing, I hit Escape at that point to interrupt Spin Right, exited back to the DOS console prompt, pulled the USB boot stick from the laptop, hit Control Alt delete to reboot, and I watched. Sure enough, rather than watching those six annoying roller coaster dots looping around hundreds of times, unbelievably, they looped around exactly twice and the welcome screen popped up and I was in Windows. Now, the first thing I did was to enter Optim Optim into the search bar and that brought up the disk. The the. The disk defragmenter and optimizer. This was not to defrag an SSD, but rather to re trim it. Running spin right at level 3, 4 or 5 will always write to the media, even if the file system is not storing any data in that location.
Steve Gibson [01:58:46]:
The ssd, which doesn't know any better, will assume that it must keep whatever Spinwright just wrote, even though Spinwright was just writing zeros. So running an Optimize on an SSD after Spin writing it serves to re trim the SSD, meaning to let it know which 4K physical blocks are important and actually contain file system data, and which it does it never needs to and. And which are actually empty and which it never needs to worry about preserving in the future. So anyway, we've had many users and owners of Spinrite 61 described their before and after experiences with with 6:1 and the performance of their machines, but I've never had the experience myself on an actual machine. So yeah, a bit of a proud father experience here. And my wife now gets to use a snappy laptop that performs just the way it did when it was brand new. So anyway, it was very nice.
Leo Laporte [01:59:59]:
Congratulations. I noticed the random access time improved too. Yeah.
Steve Gibson [02:00:03]:
Yes, yes. Because any during random fetching, any read that happened to fall within the, the front of the drive would just basically stall while the, while the driver tried to actually read it.
Leo Laporte [02:00:18]:
Yeah. Yeah. Very cool.
Steve Gibson [02:00:20]:
Very cool. Okay, our last break and then we, we're going to talk about who it was who coined the term apex agentic adversary.
Leo Laporte [02:00:34]:
It sounds like something from Jurassic park, but I might be wrong on that.
Steve Gibson [02:00:38]:
Apex. Apex predator.
Leo Laporte [02:00:39]:
Apex predator. That's right.
Steve Gibson [02:00:41]:
That's right.
Leo Laporte [02:00:42]:
All right, on we go with agent. What is this agentic what?
Steve Gibson [02:00:45]:
The apex agentic adversary. Oh, which is a phrase that we will see quoted by somebody who's sort of famous. So a set. Oh, and, but, but I mean, but this sort of hides the fact that a really bad set of vulnerabilities has been uncovered. A set of seven severe vulnerabilities have been discovered in the massively widely used FATFS file system library. FATFS as File System. FAT File system. It's a pure ANCC implementation of Microsoft's original FAT file system with extension allocation
Leo Laporte [02:01:34]:
table it stands for.
Steve Gibson [02:01:36]:
Exactly. And this FAT FS code is the solution used by virtually any and all embedded computing devices that have any need to operate any lightweight and broadly compatible file system. Like for example, a voting machine. I mean like anything you can imagine where, you know, you, you plug an SD card or, or a, a thumb drive into it, a router or whatever if it needs to do to understand the FAT file system. Many of the systems use this. So the troubles these seven severe vulnerabilities were discovered by the security firm Run Zero. Now Run Zero has some pedigree by virtue of its founders. Its primary founder and CEO is none other than HD Moore.
Steve Gibson [02:02:36]:
The is a name we've used on this podcast many times. He's the primary developer of the massively popular Metasploit framework which became the Metasploit project. Metasploit is the world's most widely used penetration testing framework. The research paper's co author is Todd Beardsley who currently enjoys the title of VP of Security Research along with HD at Run Zero. Excuse me. Todd was previously the section chief for the Vulnerability response section at CISA. Todd has over 30 years of hands on security experience with previous IT ops, security and software engineering and management positions in large organizations including the government Rapid7, another company we refer to for like over and over and over three Com, Dell and Westinghouse, both in offensive and defensive practices. So when these guys notify the world that they have found something serious, they know of what they speak the title of their research which they Updated most recently last Wednesday was seven FAT FS bugs.
Steve Gibson [02:03:59]:
One very large blast radius. Yeah, right. So here, here's what they shared with the embedded computing world. They said heads up, if you ship firmware that touches FAT media, that's you, right? Yeah. Think any removable storage like USB drives and SD cards, you'll want to pay attention to this. This work was part of Run Zero's research into long tail supply chain bug hunting using LLMs. And, and they they wrote we live in the future, meaning they're just as blown away by what AI is doing as anybody else. So just to be clear, we have another example of what the world can expect as LLM technology is aimed at old and long standing code bases.
Steve Gibson [02:04:58]:
The trouble is when they're also massively widely deployed and enable vulnerabilities that are probably impossible to remediate. You know, think of all the devices around that that might need a removable media of any kind. So these, the, this pair tells the story. Well they write Today we're publishing seven CVE documenting several vulnerabilities in in the FAT FS project ranging from cvss of, of, from medium to high and they wrote no criticals. Whew. The affected ecosystem includes some major non the affected ecosystem meaning for example things that use this some major non hobby platforms like Express, If, ESP, IDF, ST, Microelectronics, STM32Q middleware, Zephyr, RTOS, MicroPython, RGupilot, RT Thread embed Samsung's Tizen RT and SW update with downstream reach into consumer IoT industrial controllers, drones, crypto wallets and more. FATFS they write, is a portable royalty free fat ex fat file system library written in C by author whose moniker is Chan Cha Capital N and he this person posts over at Elm hyphen chan.org E L M hyphen C-A-N.org they write. It's designed for resource constrained embedded systems with no OS dependency and is typically compiled directly into Firmware.
Steve Gibson [02:07:05]:
It supports FAT12, FAT16, FAT32 and EX Extended FAT as well as optional long file name and GPT partition support. So it's been kept up to date. I think the most recent update was about a year ago. Because FAT FS is small, self contained and permissively licensed, it's become the de facto standard FAT implementation for for microcontroller firmware. The library is vendor vendored verbatim into official SDKs, RTOSEs, bootloaders and application frameworks, meaning a single upstream vulnerability propagates to every downstream project that copied FF C, which is the, you know, the the FAT file system C file. They said this project is a return to this project, meaning their current work, now that they're reporting on is a return to a security assessment started back in 2017 when a manual audit and multi day fuzzing effort identified some basic but not compelling bugs in the fat FS driver. Nine years later, in March 2026, we revisited this project using Visual Studio Code, GitHub, Copilot in auto mode, and some basic prompts, all without any specific loops, harnesses or skills. The results were surprising.
Steve Gibson [02:08:50]:
Bugs that were overlooked during the manual audit became trivial to find by using the LLM to automatically build a fuzzer with novel inputs. Not only did this effort find interesting and reportable bugs, it also automated the process of validating that these bugs are actually exploitable across different embedded scenarios. So why do FATFS bugs matter? For the vendors who build on these platforms, it's simple. Any physical access leads to a jailbreak, especially given the FATFS library's lack of address space layout, randomization and memory protection. For everyone else, there are numerous devices where brief physical access by the general public should not lead to a full compromise, for example security cameras with SD card storage, voting machines with USB file readers, ATMs, and pretty much anything else that has a screen that you expect people to touch. Fatfs has no CVE history, no security mailing list, no no patch notification mechanism. Every downstream project that uses FF C must discover, triage and patch these vulnerabilities independently, usually without knowing whether they're affected. That means the window between public disclosure and widespread remediation will be measured in years, not days.
Steve Gibson [02:10:36]:
The practical attack Surface is therefore not one software application or service, but tens of millions of devices across dozens of independent code bases, many of which will never receive a patch. The archetypal exploitation scenario is the evil SD card. An attacker with a few seconds of of physical access swaps the storage medium in a device from consumer cameras to drones to 3D printers to a thousand other product families. Every vulnerability in this set is triggerable by mounting a crafted FAT image, which nearly always happens automatically on insertion, with no user interaction required. That said, physical access is not the only path. Devices that ingest FAT formatted update packages from a network source, such as over the Air update frameworks and Drag and Drop bootloader updates, are exploitable by any attacker who can deliver a malicious image to the FAT update pipeline. Supply chain compromises an agent in the middle injection on a clear text HTTP update feed or a malicious image posted to a Hobby platform distribution portal. The over the air path is fully remote on any device that lacks end to end authenticated integrity verification of its update container prior to mounting it with with FATFs.
Steve Gibson [02:12:17]:
Therefore, the value presented to attackers is straightforward. These issues are triggerable by crafted FAT extended FAT GPT images, often through removable media or update channels that get mounted automatically. Note that CVE 2026, 6682 and 6683 are both impacted in some over the air processes for firmware. This post is intentionally light on exploit internals. For technical details, proof of concept, images, harnesses and code level analysis, see Run Zero's companion search research repository on GitHub and I've got a link to them in the show notes. Or just go to GitHub.com run0inc R U N Z R O I N C and you'll find the the directory there. The seven findings documented here are listed roughly in order of subjective value to an attacker, and I'm going to skip over them. They're in the show notes for anyone who's interested.
Steve Gibson [02:13:29]:
We start with a CVSS of 7.6, which is the highest. They called it the headline issue and that's that 6682 which they said describes integer overflow in core mount arithmetic, which can produce attacker controlled file size metadata the downstream code may trust as a read length. In real systems that can become a heap. Stack overflow and code execution in terms of practical attacker value plus transitive impact, this is at the top of the stack and so they have actually three that are all they all sign a CVSS of 7.6 where basically they're able to arrange to execute code they provide on an SD card or a USB stick simply by sticking it in to any machine that is using this library to read those things. That's what this comes down to. So it's bad. They in they they then independently remind us of our favorite xkcd. After enumerating through those dependencies or through through those seven CVEs, they said if you've seen xkcd's 2347 dependency, of course that's the the the huge construction of different size blocks.
Steve Gibson [02:15:00]:
You already know where this is going. One component maintained in one tiny corner of the Internet quietly supports an absurd amount of modern cyber stuff.
Leo Laporte [02:15:14]:
Well, EXFAT is everywhere. Yes, everywhere. You use it probably on your freedos, right?
Steve Gibson [02:15:20]:
Yes. Yeah, so they said FAT FS is one of those components. It's compact, useful and copied everywhere. That's Great for shipping products quickly, but less great when memory safety issues show up in parser adjacent code that happily ingests untrusted media. This kind of component is even more challenging to deal with from a disclosure and fix perspective, in that nearly everyone ends up making local vendored modifications. So an upstream patch must be validated pretty carefully before incorporating. We made repeated attempts to contact the maintainer and we invoked JPCERT CC early on as well. We never received a response.
Leo Laporte [02:16:16]:
So this is a maintainer.
Steve Gibson [02:16:18]:
Actually there is, but basically isn't. It's just some random guy who chooses checks in once a year to see if like, if night needs to do anything.
Leo Laporte [02:16:25]:
It's done. He thinks it's done.
Steve Gibson [02:16:26]:
Yeah, it's exactly. It's done, it's fit, it's finished code. And an audit nine years ago found no problems that, that were. That were significant. Just a few things.
Leo Laporte [02:16:36]:
You know, the fact that you could make the name of the volume so long that it goes into user space. That seems so obvious. How could they miss something like that?
Steve Gibson [02:16:45]:
That's.
Leo Laporte [02:16:46]:
I mean that. So these are. Oh, well, right. Okay.
Steve Gibson [02:16:52]:
So they said we never received a response. So this publication is aimed at the people who can still do something useful right now, which is to say, yeah, downstream, downstream implementers, they said, audit your vendored version, audit your wrappers, audit your file name and file size handling and plan for patch updates. Okay, and now we learn where I obtain the title of today's podcast. HD Moore writes, Keeping this class of issue quiet in 2026 considered that they were unable to find the vendor, there's no mailing list, no CVE history, There's just, you know, it was just some project, some random guy Chan did. And thank you very much for giving the world a free fat file system. Unfortunately, it's got some bad bugs. So HD says keeping this class of issue quiet in 2026 would be almost entirely security theater. Now that we've entered the age of the apex agentic adversary, if we can find this kind of thing with some thoughtful application of AI assisted vulnerability hunting, then so can pretty much anyone else.
Steve Gibson [02:18:16]:
Sure, this took a little H.D. moore branded stubbornness. But. But even so, we don't believe these are going to stay undiscovered for very long. It's too good a target space. Yeah, and the next researcher probably won't bother with creating validation and reproduction harnesses when it comes to vulnerability disclosure. I've always believed that I'm merely the most recent person to learn about the issue. Meaning why would, why, why would he, he, he's saying imagine that he's the only one to know.
Steve Gibson [02:18:53]:
He said and what's more true now than ever in this hyper automated oh, and that's more true now than ever in this hyper automated code auditing world. Better to disclose, coordinate where possible and in the end publish in order to give defenders the heads up. And he said PS Looking for exploits. You can find a test, harness a full QMU based exploit example and corrupt FAT FS images in the repository. Okay, so yes, we have indeed entered a brave new world where the rules of the game are clearly changing. The collapsing cost of novel vulnerability discovery means that many new players, both well meaning and malicious, will be joining the fray. The asymmetry of the security guarantee bites us in this instance as we know security must get everything right everywhere every time for insecurity to win, security need only make one mistake in one place once. It's an impossible scenario, but it's the scenario we have today.
Steve Gibson [02:20:23]:
Someday, thanks to AI, it's clear to me that software will have finally being will have finally been fixed. AI is going to fix our software. We couldn't do it ourselves. We could write it, but we couldn't understand it because it got out of control. And that's something that until now we've only been able to dream of. But to get there from here, we have a long and daunting road ahead because there's a lot of crappy software out there and a lot of it, as HD noted, is never going to get changed. So I'm thankful that the world does have many good guy researchers such as this HD Moore who are interested and intrigued enough to contribute their time, energy and effort. And in this specific instance I agree with the, with the route that Harold, that's, that's what the H of HD Moore.
Steve Gibson [02:21:16]:
It's. He, he's Harold Dwight Moore, but just goes by hd. I agree with the route he took. Given that this library is effectively unmaintained, that there's no mailing list nor update methodology and that they weren't even able to contact its authority. Direct outreach to all of the library's major known users and they have a list of those is all the researchers can do. You know, let them know that the library they're using would make any future use of it. Well actually all past but also future vulnerable. So they could fix it and depending upon who they are, maybe they can fix their some of their installed base, maybe they can't.
Steve Gibson [02:22:03]:
Maybe they just need to stick glue into the USB socket so that nothing can Mount itself there.
Leo Laporte [02:22:11]:
So, I mean, you have to have auto mount turned on. Right. I mean.
Steve Gibson [02:22:14]:
Well, that. That's the point. Typically these embedded devices do.
Leo Laporte [02:22:19]:
They do.
Steve Gibson [02:22:20]:
Because all you do is. Yeah. You just stick the SD card in the camera and it looks to see what's there. Looking to see what's there takes it over.
Leo Laporte [02:22:29]:
Right. So. Yeah. And you probably can't even disable that. You wouldn't.
Steve Gibson [02:22:34]:
Right.
Leo Laporte [02:22:34]:
You don't have an interface, probably.
Steve Gibson [02:22:36]:
Exactly. Not a. Not a feature.
Leo Laporte [02:22:38]:
Yeah. Wow.
Steve Gibson [02:22:38]:
Because, Leo, why would you ever need to.
Leo Laporte [02:22:44]:
Steve, amazing. While you've been talking, I've been building and boy, Fable is amazing. And I'll tell you what it's been doing is reviewing. Reviewing. So I have it write the plan, then Opus 4a executes, and then it reviews and it's doing. Look at. Two real bugs were caught during execution.
Steve Gibson [02:23:05]:
Wow.
Leo Laporte [02:23:05]:
By sub agents. And this is. It's already doing, you know, that exact kind of testing. Yeah. It found a race condition, which is pretty amazing. So I just, you know, and I. Lisa says, well, what are we going to do if it doesn't work? Will you be around to fix it? Or are you going to be on the air and not able to fix it? And I said, it's always going to work. It's not going to have any bugs.
Steve Gibson [02:23:34]:
There's a far better chance it'll work than anything that anybody else would ever write.
Leo Laporte [02:23:40]:
This is true of the stuff that she's been using for 12 years. So it's kind of like, come on, the thing you've been using all this time is so unreliable.
Steve Gibson [02:23:49]:
Yeah. You know, and she probably knows the quirks. Like, oh, that's. Click on this.
Leo Laporte [02:23:53]:
She knows all the workarounds. It's like Steve Jobs when he first demoed the iPhone. He knew the. There was one path and one path only where everything would work. Any deviation, the thing crashes horribly. Yeah. That we kind of were in that situation. I'm.
Leo Laporte [02:24:09]:
I'm. I'm very impressed with its ability to. To do this stuff. And actually, as it turns out, this is a fairly trivial thing because it's a business application and we're not.
Steve Gibson [02:24:21]:
And I think you should be impressed. I mean, I don't think you should be at all shy about being impressed. You know, one of the things that I've said from the start is AI is going to inherently be very good at code.
Leo Laporte [02:24:32]:
This is its language.
Steve Gibson [02:24:33]:
Yes.
Leo Laporte [02:24:34]:
It's a language it's fluent in.
Steve Gibson [02:24:37]:
It plays by rules. It's all logical. It's got a ton of examples on the Internet to have learned from.
Leo Laporte [02:24:43]:
Yeah, that's the key. Yeah, yeah, it's doing this in Go. I don't have a strong preference of language. Probably if it had asked me I would have said Rust. But it likes Go. Go has concurrency and Go is a good.
Steve Gibson [02:24:56]:
Go is a good language. And actually that's where your race condition came from was the concurrency threads.
Leo Laporte [02:25:03]:
Yeah, that's right. It has that built in.
Steve Gibson [02:25:05]:
It's also how to build a lock in.
Leo Laporte [02:25:07]:
It's also very fast which is nice. It really, it's a good web language and we're going to be running this in the cloud. So anyway, maybe be trivial to say, hey, can you rewrite that in Rust? I'll be back in a day or two, you let me know.
Steve Gibson [02:25:24]:
Wow, we are, it's in a whole different world, my friend.
Leo Laporte [02:25:28]:
It's somewhat addictive because you feel this power to do stuff that in the past as computer users we were somewhat disempowered. You know, we were stuck with whatever the fat library guy wrote. I'm not going to rewrite that. And now we have all this capability we just didn't have before. It's very addictive, it's very exciting and you can see with what is it?
Steve Gibson [02:25:55]:
Agentic, the apex ejectic adversary.
Leo Laporte [02:26:01]:
We're going to be in a whole new world of security as well.
Steve Gibson [02:26:04]:
The good news though, as I said, if we just look at around at the updates that are coming in from all different directions, like the fact that the synology, this synology fixed a bunch of stuff that where they'd only had one or two over the like for the past year, suddenly there was 14. Well, we know where those 14 came from. They're being responsible. And they said, whoa, let's run our software through AI. And now we have a much better result than we did before, much more attack resistant. So again, I think in the same way that Y2K didn't crash because everybody actually did fix their, their year 2000 dependencies, it seems that we're have, we have a well distributed remediation going on across the globe.
Leo Laporte [02:27:01]:
Darren in our club Twit says, oh, all you have to do is add a Claude side panel to the app and then if Lisa has a problem, she doesn't have to ask you, she just say could you fix that? And Claude, Claude will do it. It's a little buddy in there that can do it. Wow, what a world. What a world we live in. And you know what? I'm just glad that you and I made it to this point. So we can watch this.
Steve Gibson [02:27:26]:
Exactly. That I am. That this is just too significant.
Leo Laporte [02:27:30]:
I feel like my, our grandparents who, who grew up in an age before you could man could fly and ended up living to an age where you could fly to Europe in a jet airplane in.
Steve Gibson [02:27:41]:
Or the moon.
Leo Laporte [02:27:42]:
Or the moon. Imagine you're born in 1900. They had orbital and Wilbur Wright hadn't yet invented the airplane. And you're my age and you're watching us land on the moon in 69 years. That's. That's kind of where we are in. We're in this hyper speed of change. And some people find that very upsetting.
Leo Laporte [02:28:07]:
I understand why. But then there are people like you and me and I imagine most of our audience who go, yeah, this is cool.
Steve Gibson [02:28:12]:
And AI is going to accelerate that rate of change. It is going to.
Leo Laporte [02:28:17]:
It already is. Yeah, you're right. That's. That's part of the most interesting part of it. Yeah. Steve Gibson's@grc.com that's where you'll find, of course, Spin. Right. It's like a bicycle wheel for your hard drive.
Steve Gibson [02:28:33]:
I love that story. I mean, it's transformed this laptop. I mean, I turn on and it goes. And then I get the welcome screen. It's like, holy crap.
Leo Laporte [02:28:46]:
Lori must be impressed. Lori must go, you know, you, whatever. I don't know what you do, Steve, but whatever it is, I guess you're pretty good at it.
Steve Gibson [02:28:52]:
Nah. She says, okay, well the rest of
Leo Laporte [02:28:55]:
us appreciate it if you don't yet have the world's best mass storage, performance enhancing, repairing and, and, and kind of, you know, maintaining, maintaining maintenancing tool. It's called Spin. Right. You gotta have it. If you have Mass Storage 6.1 is the current version. It's@grc.com It's Steve's bread and butter. There's another program there you might well want as well. I think everybody should have this if you're on the Internet.
Leo Laporte [02:29:22]:
If you're not on the Internet, forget it. But if you are on the Internet, you might want to take a look at his DNS Benchmark Pro, which makes sure you're using the best DNS server for your particular installation. And that is not the often not the ISPs choice.
Steve Gibson [02:29:37]:
And there's so much, there's so much more than just which. What is faster? I mean, you'll. It's a deep, rich educational environment because there's.
Leo Laporte [02:29:47]:
That's a really good point. I always focus on the speed, but there's other things.
Steve Gibson [02:29:50]:
Oh different types of queries and IP4 and 6 and and and DOH and DOT. I mean there's just, there's a lot there now.
Leo Laporte [02:29:58]:
So DNS is really, really important and we've learned a lot on this show. And you can get this tool also from GRC.com while you're there. Go to GRC.com email and you can submit your email address. Steve will white list it if you're not a bot. If you're a bot, don't do it. But if you're not a bot, go ahead. And by the way, underneath it there are two checkboxes for two mailing lists. One is a weekly mailing of the show notes.
Steve Gibson [02:30:20]:
You'll get that picture of the week
Leo Laporte [02:30:23]:
and a special thumbnail version of the picture week. You can click and see it before I do. That's free. Of course there's also another mailing list that really gets very little traffic when Steve has something new to announce. But that's good to able to be be on sign up there GRC.com email you can also submit pictures of the week once you get your email vetted. What else? Oh, he has the show. Of course he has copies of this particular show security now in fact he has unique versions. A 16 kilobit version which is very small, little scratchy but tiny.
Leo Laporte [02:30:55]:
He has a 64 kilobit sounds fine. That's a good mono version of the of the show.
Steve Gibson [02:31:00]:
He.
Leo Laporte [02:31:01]:
I presume it's mono. You don't have stereo 32 bit. It's one mono 64. Yeah, that's great. We have stereo. You don't need. I'm in the left, Steve's in the right. He also has the transcripts there which are written by an actual human.
Leo Laporte [02:31:16]:
That's why they take a couple of days by Elaine Ferris and if of course shownotes are also there for download. Grc.com Lots of other useful fascinating stuff, all of it free. We have it at our website as well. Twitter tv sn. There's audio and video video there we all we are audio stereo. We also, we also have a YouTube channel which is just video. I don't know if that one's stereo or not, but that is a good way to share clips with other people. And then of course you can subscribe in your favorite podcast player.
Leo Laporte [02:31:50]:
If you do want to watch us live, you can Club trip members get special behind the velvet rope access in our Discord channel. You can watch live there, chat with us live there. Club Twitter is a great way to support Steve and the work we do here. Frankly, without the club, we would have to cut back, Lisa said just this morning. I don't know what we do. She was doing payroll. The club helps a lot. If you're not a member, go to Twitter TV club TWiT.
Leo Laporte [02:32:17]:
You'll get ad free versions of the show with chapter markings so you can jump along. You'll also get access to the Club Twit Discord and special programming we do only for the club, club members or not. You can also watch live at YouTube, Twitch, X.com, facebook, LinkedIn and Kik. We stream the show as we do it every Tuesday right after Mac break Weekly. That's around 1:30 Pacific, 4:30 Eastern, 20:30 UTC. Live or not, we want to make sure you're here next week for another thrilling, gripping edition of Security csd. Bye Mac Security.
Steve Gibson [02:32:55]:
Now.