“DNS over TLS” Security Now! #1010 show notes: grc.com/sn/sn-1010-not… eM Client CAN be purchased. MasterCard's mega-typo! Mal-malware kits. The biggest DDoS ever. Let's Encrypt's clarification. Lots of feedback and a look at the high cost of encrypting DNS queries for privacy.

“Jailbreaking AI” Security Now! #1011 show notes: grc.com/sn/sn-1011-not… China's DeepSeek surprise: Blocked by Italy, leaking data, and more. Microsoft "Think Deeper" Copilot toggle. US ROUTERS act. DNS-blocking legislation. How to trick AI into divulging restricted knowledge.

Sorry about missing the past two weeks of weekly Security Now! podcast summary and pictures of the week! My Bad!! :( Since our email notification system is working so well — now with 16,333 subscribers — I've been forgetting to also post that stuff here. I'll do better!

In answer to follow-up questions about how to check email status and/or to join, just go here: grc.com/mail.htm Enter your "send from" address, which will immediately email a confirmation link which takes you to your own subscriptions page. Make any changes and save! :)

"FREEDOM Administration Login" Security Now! #1014 show notes: grc.com/sn/sn-1014-not… Will Apple disable ADP in the UK? Remember: Ransom payments may be illegal! Spanish Soccer blocks Cloudflare sites. Telecom hacking: How? MASSIVE Crypto heist. A PATHETIC access control system.

“Spatial-Domain Wireless Jamming” Security Now! #1015 show notes: grc.com/sn/sn-1015-not… Firefox's amended privacy policy. Signal to leave Sweden? Bybit heist aftermath & Bounty tracking. Mozilla & Manifest V2. Memory-safe languages. SMS vs QR codes, and a stunning jamming tech!

“The Bluetooth Backdoor” Security Now! #1016 show notes: grc.com/sn/sn-1016-not… Mandatory age verification. North Korean job interviews. Bybit post-attack details. The UK -vs- The World. A Passkey crack? Old LastPass vault decryptions. And the story of that Bluetooth “Backdoor”.

“Is YOUR System Vulnerable to RowHammer?” Security Now! #1017 Show Notes: grc.com/sn/sn-1017-not… Telegram crypto analysis. Twitter outages. Firefox root cert exp. New attack vector. Google age verification & UK notice? A BAD PHP vuln. Test YOUR own PC for RowHammer RAM weakness.

“The Quantum Threat” SN #1018: grc.com/sn/sn-1018-not… Don't blindly follow online instructions. Espressif responds about backdoor. Microsoft won't fix bad problem. RCS to get full, good, E2EE. Oracle to run TikTok. Delete your 23andMe data. The current threat from quantum comps.

“EU OS” SN#1019: grc.com/sn/sn-1019-not… Airport switches to whiteboard after ransom attack. Troy Hunt was Phished. Cloudflare unplugs port 80. Malware using obscure languages. No Microsoft user account geofencing. grc.sc/1019 The EU gets serious about leaving Windows

“Multi-Perspective Issuance Corroboration” SN#1020 show notes: grc.com/sn/sn-1020-not… Canon printer driver vulnerabilities. Astonishing IoT cyber-awareness. France tests kids phishing. Oracle? Really? Gmail E2EE (or not really?) New tech for verifying control over domain.

“Device Bound Session Credentials” SN#1021 show notes: grc.com/sn/sn-1021-not… Android Lockdown Mode. New Chrome & Firefox. Apple re-enabled auto-updates. Why I got an iPhone 16. Hotpatching Win11. Apple vs UK. “Thundermail” Insecurity of PLCs. A HUGE change to Session Cookies!

“Windows Sandbox” SN#1022 show notes: grc.com/sn/sn-1022-not… Firefox tab grouping. Recall's re-rollout. CVE nearly died. China confesses hacking the US. A 9.8 Python package problem again. Here come very short TLS certs. A crosswalk hack. The amazing built-in Windows Sandbox!

“Preventing Windows Sandbox Abuse” SN#1023 show notes: grc.com/sn/sn-1023-not… The "inetpub" directory mess & mystery -- and its abuse. Fake North Korean companies. More ways to confuse AI. Critical data loss in unpowered SSDs. Feedback and malware is hiding in Windows Sandbox!

“Don't Blame Signal” SN#1024 show notes: grc.com/sn/sn-1024-not… MSFT abandons passwords, allows their deletion. Meta's RayBan glasses privacy changes. 30% of MSFT code now by AI. Chrome's security without Google. eCommerce backdoors spring to life. A bad insecure Signal clone.

“Secure Conversation Records Retention” SN#1025 show notes: grc.com/sn/sn-1025-not… More attempts at age restriction. Long-lived python repository malware. FBI says discard old routers. Reverse engineering WhatsApp. Malicious AI usage. How to securely archive E2EE message history

“Rogue Comms Tech Found in US Power Grid” SN#1026 show notes: grc.com/sn/sn-1026-not… Chrome refuses Admin. Android Messenger key verification. Pwn2Own for AI. AI can replicate today. Office on old Win10. 23andMe purchased. Andor season 2. Radios discovered inside US power grid.

“Artificial Intelligence” SN#1027 show notes: grc.com/sn/sn-1027-not… The status of Encrypted Client Hellos (ECH). Remote inverter shutdowns. Blocking newly listed domains. The AI Hype Cycle. AI as blackmailer? Copilot covering up bugs? The unrestrained Venice.AI.

“AI Vulnerability Hunting” SN#1028 show notes: grc.com/sn/sn-1028-not… Pwn2Own 2025 results. PayPal scanning new domain registrations. iOS jailbreak author gives up. SVG contain JavaScript. Classic Sci-Fi movies. How OpenAI's o3 model discovered a critical remote Linux 0-day.