SN 666: Certificate Transparency

6/6/2018, 3:21:52 AM , duration(0:0:7)
Technology Security
<p>This week we discuss yesterday's further good privacy news from Apple, the continuation of VPNFilter, an extremely clever web browser cross-site information leakage side-channel attack, Microsoft Research's fork of OpenVPN for security in a post-quantum world, Microsoft drops the ball on a 0-day remote code execution vulnerability in JScript, Valve finally patches a longstanding and very potent RCE vulnerability, Redis caching servers continue to be in serious trouble, a previously patched IE 0-day continues to find victims, Google's latest Chrome browser has removed support for HTTP public key pinning (HPKP), and... what is "Certificate Transparency" and why do we need it?</p> <p>We invite you to read our <a href="">show notes</a>.</p> <p><strong>Hosts:</strong> <a href="">Steve Gibson</a> and <a href="">Leo Laporte</a></p> <p>Download or subscribe to this show at <a href=""></a>.</p> <p>You can submit a question to Security Now! at the <a href="" target="_blank">GRC Feedback Page</a>.</p> <p>For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: <a href="" target="_blank"></a>, also the home of the best disk maintenance and recovery utility ever written <a href="" target="_blank">Spinrite 6</a>.</p> <p>Bandwidth for Security Now is provided by <a href="" target="_blank">CacheFly</a>.</p> <p><strong>Sponsors:</strong><ul> <li><a href=""></a></li> <li><a href=""></a></li> <li><a href="http://ITPro.TV/securitynow">ITPro.TV/securitynow - use code: SN30</a></li> </ul></p>