- Privacy Badger blocks trackers on news sites and prevents browser exposure to unwanted domains like TikTok and Datadog.
- No major updates on EU's controversial Article 45 in eIDAS 2.0. Industry pushback continues as implementation would threaten encryption.
- Cryptocurrency exchange Poloniex lost $130M in a hot wallet hack, the 14th largest crypto theft.
- Decentralized finance platform Raft lost $3.3M due to an exploit.
- Crook operated website iotaseed.io to generate wallet seed phrases, then recorded and stole them.
- New Intel processor vulnerability called Downfall leaks encryption keys and sensitive data between users on shared systems.
- Russia moves to formally ban all VPN use in the country.
- Two new flaws found in OpenVPN software, one allowing memory access.
- SpinRite development paused as DOS and Windows versions are complete.
- Understanding assembly language helps malware analysis and exploit development, but high-level decompilers also useful.
- Quantum-safe symmetric cryptography is limited compared to asymmetric crypto.
- EU's Article 45 allows transparent decryption and traffic interception, supposedly for security purposes.
- "Windshield Barnacle" parking enforcement device uses suction cups and 1000 lbs of force to immobilize vehicles until parking tickets are paid.
- Sci-fi book series Aeon 14 by M.D. Cooper offers fun military space opera adventure.
- 27-year-old theoretical crypto attack now shown practical. Passive network observers can steal SSH RSA keys if faulty signature generated, allowing impersonation.
Show Notes - https://www.grc.com/sn/SN-948-Notes.pdf
Download or subscribe to this show at https://twit.tv/shows/security-now.
Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
You can submit a question to Security Now at the GRC Feedback Page.