Security Now 1020 transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show 0:00:00 - Leo Laporte
It's time for security now. Steve Gibson is here. Lots to talk about including a 10.0 CVSS score for a problem in Apache Parquet. French school children are not gullible, it turns out. The French government tried to trick them and failed. And then we'll find out what multi-perspective issuance cooperation is and why you might need it. That and a whole lot more coming up next on Security Now Podcasts you love.From people you trust. This is Twit. This is Security Now with Steve Gibson, episode 1020, recorded April 8th 2025. Multi-perspective issuance corroboration it's time for Security. Now the show. We talk about your safety, your privacy, your security and a bunch of other stuff that geeks are interested in. With this guy right here, I think you officially are the king of geeks, Steve Gibson.
Wizardry in Silicon Design
I would wear that badge proudly, leo, wouldn't you? Yes, I would you have earned it over the years. We had a listener who had a t-shirt made and sent me a photo. Just say no to Port 80. I love it. From last week's podcast, which reminded me I had some made a while ago that just said Born to Code, because if I put on, I make a fresh cup of coffee. Put on some quiet music, sit down in front of my computer and have some problems to solve it is my happy place there's like there's like nothing like it.
Yeah, that is just I get sad when I hear about vibe coding and ai replacing engineers, because I think it is independent of whether it's a useful economic exercise, a wonderful fun thing to do.
The Nostalgia of Coding
A buddy of mine sent a link yesterday to a blog post. There's a guy named I think it's Ken Schiff, but that sounds like his last name, I've shortened it. Anyway, he's been. He like pops the lids on Intel chips, Intel processors, Wow. And then he takes photomicrographs of the chip and then reverse engineers the circuitry.Wow about the times three multiplier hardware in the Pentium and that was like they had like a dedicated strip of silicon that was for multiplying by three. That's all it did.
Current Topics in Security
This is Security Now, episode 1020. Uh for patch tuesday. Uh, we actually have a picture that is apropos you. I think you're going to enjoy it when we get to it. Uh, today's title I wasn't sure it was going to fit. Uh, actually it. It strained the margins of the show. It's very obscure. Yes, and it wasn't until my own description of the backstory behind this grew that I thought well, this is our topic for the week. Multi-perspective issuance corroboration, mpic Okay, the certificates, the issuance and the consumption for web browsers.
Why they unanimously voted to require themselves to do this multi-perspective issuance corroboration. So this is a big change that just happened in the requirements for issuing web browser certificates, which we're going to get to after we look at Canon printer driver vulnerabilities enabling Windows kernel exploitation and the astonishing cybersecurity awareness which has been shown by a household appliance manufacturer.
A listener pointed me to this company. I think they're Australian or maybe they're, I don't remember where they are. Yeah, new Zealand, maybe. Anyway, unbelievable that they have a page because they're into connection and connected appliances. They understand what their obligation is if they're going to do it like none other. Also, france tried to hook two and a half million school children in a phishing test. We're going to look at the results of that. Wordpress, three years ago ago, added an abuse prone feature. Any guess what happened? And oracle is there something you would like to tell us that you have not so far?
Upcoming in Tech
Some problems over there. They're like what? no, nothing to see here, just we're. You know what's that big lump under the carpet? Don't worry about that. Utah's governor just signed the App Store Accountability Act into law. We've talked about the legislation passing through their lower bodies. It's now law in Utah. Now what? Also, it turns out that AI bots hungry for new data are inadvertently DDoSing FOSS projects. Yeah, this is a problem.
Also, no Microsoft account. No, windows 11. A change been made to the dev channel coming soon, to your next Windows 11 installation Also. Gmail claims it now offers end-to-end encryption. Well, it kind of sort of does somewhat. It is the definition of a hack and we'll talk about it. Also, a dreaded CVSS 10.0 was discovered in something called Apache Parquet Not good, oh, sorry, sorry, but 10.0, 10.0, everybody, so that's as bad as it gets.
Reflections on Podcast Journey
Finally after 1019 I think we got the hang of it now, there are people who's sunday.you should stop by and say hello. Our 20th anniversary twit is this Sunday. After 20 years, Patrick Norton's going to come by, Samad Bulsamed will be on Alan Malventano and we're getting videos from all of our viewers. I've been asking everybody if you want to share your memory of the first time you saw a, your memory of the first time you saw Twitter, the first time you saw me and Steve, maybe back in the screensavers days, share a video with us. We've got a lot of them. It's going to be a lot of fun. That's on Sunday. Can you believe it? Long time we've been doing this.
Well, and I asked Benito. I said I thought that the number of Sunday's Twit was 1,027. It is, I think. And today is 1020 for us, so security now only started seven weeks later, right? Well, maybe because you never stop, you know, for the first 15 years you wouldn't even take the Christmas holiday off.
So and maybe it was that tattoo that did it I thought I'm I'm quitting on Christmas from now on there might be a few day, but, yeah, roughly seven weeks later was very quickly after it. Yes, yes, and you're coming up on your 20th right when, when is that going to be? do we know? august, I think yeah yeah 20 years. I don't feel that old, I really don't. It does you know? We started doing this in our late 40s.
What's cool is that we have really been on the podcast through huge changes in the industry. Yeah, I mean, like you know, viruses moving from one person's thumb drive to the next, or computer to computer. I mean that was a thing, and you know.
Technical Accuracy in Movies
There's a great movie just came out called Black Bag. I don't want to spoil it. It's Michael Fassbender and Cate Blanchett and you should watch it. Have you seen it? No, but the only reason I mention this is there's a moment when they're talking about this exploit. That is a deadly exploit, and they said it's based on Stuxnet and we've designed it for air-gapped computers.
And I was thinking, man, they must listen to security. Now, it was technically a really great moment in that movie. It's a fun spy movie. But you know what? That's one of the things I think maybe you could take a little bit of credit for. Hollywood is a little more savvy in the content, the computer content that you see on screen.
I've been very impressed with what they're doing now I just think that it's percolated down into the culture. The people who are writing this now are part of the culture. Or they actually know we need to get a tech guy to help us with the script, and so there's some script. Apology. There was a series and I meant to mention it, except it wasn't that good, but it was about prime factorization.
Yes, I was going to ask you. I haven't watched it, I was going to ask you about it. Yeah, it was known that our security infrastructure understood that it was possible to factor primes, so they didn't want it to be made public. So they were spying on all the top mathematicians who were working in the field that might stumble upon this.
And so, anyway, it was. You know, I mean again, that's where I was thinking, wow, they got a lot of this right. I was ready to lambaste them. I thought this is going to be terrible. Well, there were some things that were not correct. They didn't actually say it wasn't factorization, but it was primes. They understood that primes. Something about primes something about primes.
oh, it was patterns in primes. It was some guy was like, oh, he's like figured out that like a pattern in primes, but it turns out that this, so this was a conspiracy to keep this from being discovered. Keep it quiet, to keep it quiet. That went back decades, and so, anyway, I would say it was fun.
Conclusion
And you and I both watched Robert De Niro's Zero Day, which also had some technical accuracy in it, so you know they're getting better. Anyway, time to take a break. Nothing but technical accuracy just around the corner and our picture of the week with first, also technically accurate. Yes, is it? Oh good, I haven't looked yet. All right, I like to save it for the show, our show today, brought to you by a brand new sponsor, material.This is something everybody needs. Gosh knows we need it. It's the multi-laye
