CNAME Collusion – Seven Exchange 0-Days, Firefox Enhanced Tracking Protection, SolarWinds Password

Seven Exchange 0-days, Firefox Enhanced Tracking Protection, SolarWinds Password.

• Chrome to default to trying HTTPS first when not specified.
• Firefox’s “Enhanced Tracking Protection” just neutered 3rd-party cookies!
• As easy as “SolarWinds123”.
• Rockwell Automation’s CVE-2021-22681 is a CRITICAL 10 out of 10.
• VMware’s vCenter troubles.
• SpinRite update.
• Microsoft issues emergency patches for 4 exploited 0-days in Exchange.
• CNAME Collusion.

Millsplain It to Me – This Week in Tech 702

-Apple’s Tim Cook Calls for Data Privacy.
-773M Passwords Pwned
– How to Find Out If Yours Was.
-Amazon Tries to Make Alexa Sound “Newsy.”
-Google Buys Fossil.
-74% of Facebook Users are Clueless.
-Facebook’s 10 Year Challenge.
-Atari Founder Making Alexa Board Games.
-Stop Using Windows Phone!
-Tokyo Hotel Fires Half its Robots.

Are Passwords Immortal? – Security Now 690

Pwn2Own, the Future of Passwords.
— All the action at last week’s Pwn2Own Mobile hacking contest
— The final word on processor mis-design in the Meltdown/Spectre era
— A workable solution for unsupported Intel firmware upgrades for hostile environments
— A forthcoming Firefox breach alert feature
— The expected takeover of exposed Docker-offering servershe recently announced successor to recently ratified HTTP/2
— 1.1.1.1 errata
— The future of passwords: a thoughtful article written by Troy Hunt, the creator of the popular “Have I Been Pwned” web service We invite you to read our show notes.

Hosts: Steve Gibson, Leo Laporte

Internal Bug Discovery – Security Now 693

Australia vs Encryption, Google+ Bugs Hasten its Demise
— Australia’s recently passed anti-encryption legislation
— Details of a couple more mega-breaches including a bit of Marriott follow-up
— A welcome call for legislation from Microsoft — A new twist on online advertising click fraud
— The DHS is interested in deanonymizing cryptocurrencies beyond Bitcoin
— The changing landscape of TOR funding
— An entirely foreseeable disaster with a new Internet IoT-oriented protocol
— Google finds bugs in Google+ and acts responsibly — again — what that suggests for everyone else
We invite you to read our show notes.

Hosts: Steve Gibson, Leo Laporte

Written to Binge – This Week in Tech 688

– Defending Bloomberg’s Chinese spy chip story Google+ killed by a breach that wasn’t a breach.
– Facebook breach that WAS a breach hits 30 million users. In related news, Facebook now sells a video chat device with a camera that can follow your every move.
– Made by Google event: what we think of the Pixel 3, Pixel Slate, and Home Hub.
– Apple’s TV content will be free for everyone who owns an Apple device.

Odorless and Weightless Hackers – This Week in Tech 687

Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event, plus some rumors of what was supposed to be there but wasn’t. Windows 10 update deletes people’s files. What we expect this Tuesday at Google’s Pixel 3 Event. Amazon raises its minimum wage to $15/hr, kills stock options and bonuses. Facebook hacked by “odorless and weightless hackers.” CA passes new laws restoring Net Neutrality and banning bots that pretend to be human. Presidential Alert hits phones nationwide.