New Episode of Security Now: Security Now 1014

In this episode of Security Now, Steve Gibson and Leo Laporte discuss several crucial topics related to cybersecurity and information technology. One of the main points discussed is Apple's decision to disable advanced data encryption for new users in the UK, in response to a request from the British government. This measure has sparked debates about privacy protection and user data security. Steve Gibson shares his opinion on this decision, noting that while Apple has partially conceded, they have not yet disabled encryption for all existing users, which could be a strategy to negotiate with the British government. Another important topic addressed is the legality of ransomware payments. Cybersecurity experts point out that paying ransomware can be illegal due to sanctions imposed by the United States. This further complicates the situation for companies that are victims of these attacks, who must not only manage the financial consequences but also navigate a complex legal framework. The podcast also discusses X's (formerly Twitter) decision to block Signalme links, a measure that has sparked mixed reactions. Although the exact reason for this block is not clear, it seems that X quickly backtracked in the face of controversy. This raises questions about freedom of expression and censorship on social media platforms. Another crucial point addressed is the vulnerability of building access control systems. Steve Gibson presents a striking example of an extremely insecure access control system that uses default credentials easily accessible online. This system, used by many apartment buildings, allows anyone to unlock doors and access residents' personal information. This highlights the importance of access control system security and the need to implement robust security measures. The podcast also addresses the issue of cybersecurity for telecom infrastructure in the United States. Senator Mark Warner has expressed concerns about the United States' ability to secure its networks against cyberattacks, particularly those carried out by China. He calls for a more aggressive response and better coordination between security agencies. Finally, Steve Gibson shares updates on his personal projects, including the DNS benchmark, which has recently added support for DNS over HTTPS and DNS over TLS requests. He emphasizes the importance of testing and securing these protocols to ensure the confidentiality and integrity of online communications. In conclusion, this episode of Security Now provides a comprehensive overview of current cybersecurity challenges, measures taken by major tech companies to protect user data, and persistent vulnerabilities in access control systems. It highlights the importance of vigilance and proactivity in protecting critical infrastructure against cyber threats.