New Episode of Security Now: Security Now 1024

In this episode of Security Now, Steve Gibson and Leo Laporte celebrate the 1024th episode of the podcast by addressing several crucial topics related to cybersecurity. The episode begins with a discussion on Microsoft's efforts to eliminate passwords by implementing a new passwordless sign-in experience for all new accounts. This initiative aims to enhance security by using more modern and secure authentication methods, such as PassKeys. Steve explains in detail how this transition is unfolding and why it is important for improving user security. Another topic covered is the controversy surrounding the Signal app and the use of a modified version called TM Signal by members of the presidential cabinet. Steve clarifies that the modified version, developed by TeleMessage, was compromised, leading to a leak of sensitive data. He emphasizes that this version does not offer the same level of security as the original Signal app because it archives messages, which goes against Signal's principles of confidentiality. This revelation highlights the risks associated with using modified versions of secure applications and the importance of verifying the authenticity of the software used. The podcast also addresses the security of Ray-Ban Meta smart glasses, which recently changed their privacy policies to allow longer storage of voice recordings. Steve discusses the implications of these changes and how they can affect users' privacy. He warns against using surveillance technologies without a clear understanding of their capabilities and limitations. Another important point is the discovery of backdoors in online stores using Magento. These backdoors, implanted six years ago, were recently activated to compromise nearly 1000 stores. Steve explains how these vulnerabilities could remain dormant for so long and why it is crucial for businesses to monitor and secure their infrastructures. The podcast concludes with a discussion on the importance of securing non-standard ports for online services. Steve explains why using non-standard ports can provide an additional layer of security, even if it is not a complete solution. He shares examples from his own usage and best practices for securing network connections. In summary, this episode of Security Now provides a comprehensive overview of the latest trends and best practices in cybersecurity. It highlights the importance of staying vigilant and understanding the technologies we use daily. For more details, you can listen to the full episode at https://twit.tv/posts/transcripts/security-now-1024-transcript.