Security Now Episode 1061: Rising RAM Prices, Python Funding, GM Privacy Settlement, and Critical Cybersecurity Updates

In this episode of Security Now, Steve Gibson covers several critical topics in cybersecurity and the tech industry. The episode begins with a humorous discussion about a fictional product called the "DVD Rewinder"—a device claiming to rewind DVDs and other digital media, playfully highlighting how some past concepts now seem absurd. A major focus is the dramatic rise in RAM (DRAM) prices, which have surged 60-70% since last year and are expected to climb another 50% in the first quarter. This increase impacts not only consumer PCs but also high-end network security equipment like enterprise firewalls, with manufacturers such as Fortinet, Palo Alto Networks, and Check Point likely seeing reduced profit margins. The primary cause is AI companies purchasing most of the DRAM production for their data centers, creating shortages for other sectors. Gibson then shares positive news for the Python community: Anthropic has invested $1.5 million in the Python Software Foundation over two years to enhance the security of the Python ecosystem, including CPython (the official C-based implementation) and PyPI (Python Package Index). The funds will develop automated tools to proactively scan all packages uploaded to PyPI, improving supply chain security. Gibson notes that Anthropic may use its AI, Claude, to analyze the code, making this a strategically smart investment. The episode also highlights a significant privacy victory: the FTC finalized a settlement with General Motors over unauthorized collection and sale of geolocation and driving behavior data. GM used its OnStar service to secretly gather precise location and driving habits (e.g., acceleration, braking) from millions of vehicles and sold the data to credit reporting agencies without informed consent. The order bans GM from sharing such data for five years and mandates explicit consent in the future. Gibson discusses Let’s Encrypt’s new six-day SSL/TLS certificates, which improve security by reducing exposure windows but raise concerns about the burden of frequent renewals for system administrators. A troubling development involves Iran, which appears to be permanently disconnecting from the internet starting January 8, raising questions about digital isolation and its impact on Iranian citizens. The episode concludes with an alarming update on Ghost Poster, a security issue discussed four podcasts ago, revealing the problem is far worse than initially understood. Ghost Poster involves malicious browser extensions that compromise user security more extensively than anticipated. Gibson also mentions the replacement of the Critical Infrastructure Partnership Advisory Council (CIPAC) with a new organization called ANCHOR (Alliance of National Councils for Homeland Operational Resilience), a shift that affects how industry and government share critical infrastructure threat information. A key question remains about liability protections for corporate leaders who disclose security incidents to the government. The episode underscores how cybersecurity issues intersect with economics, politics, and consumer privacy, emphasizing the growing importance of staying informed in an increasingly digital world.