New Episode of Security Now: Security Now 1034

In this episode of Security Now, Steve Gibson and Leo Laporte tackle several fascinating topics related to computer security. The episode begins with a discussion on the advances in quantum computing and the factorization of prime numbers, a crucial subject for modern cryptography. Steve Gibson presents a recent article by Peter Gutmann that severely criticizes the alleged advances in quantum factorization. Gutmann asserts that the announced achievements are often misleading and do not represent genuine progress. For example, the numbers factorized are often chosen to be easily factorable, which does not reflect the real challenges of cryptography. This revelation is important because it calls into question the claims that quantum computing could soon render current cryptographic systems obsolete.

Another topic covered is the recent update of Notepad++, a popular text editor. Steve Gibson explains that the developer of Notepad++, Don Ho, encountered problems with code signing certificates, leading to false detections by antivirus software. To circumvent this issue, Don Ho decided to create his own self-signed certificate. However, this solution poses security risks, as it could encourage users to add untrustworthy certificates to their root certificate store. Steve Gibson discusses the implications of this approach and the broader challenges related to code signing and digital trust.

Leo Laporte and Steve Gibson also discuss recent security vulnerabilities affecting WhatsApp and cryptocurrency ATMs. They explain how security flaws can be exploited for phishing and extortion attacks. An interesting point raised by listeners is that WhatsApp claims to have fixed a server-side vulnerability without updating the client application, which raises questions about how messages are handled and secured.

The episode continues with a discussion on browser fingerprinting, a topic Steve Gibson had covered in a previous episode. Using the EFF's "Cover Your Tracks" tool, Steve Gibson demonstrates how browsers can be uniquely identifiable based on various parameters such as HTTP headers, installed plugins, and screen dimensions. This demonstration highlights the challenges of protecting online privacy and the difficulty of avoiding surveillance and tracking.

Finally, the episode concludes with an introduction to zero-knowledge proofs, a fascinating cryptographic concept. Steve Gibson explains this concept using several practical examples, including the "Where's Waldo?" problem and the scenario of Ali Baba's cave. These examples illustrate how it is possible to prove a statement without revealing additional information. This concept is crucial for applications such as online age verification without disclosing sensitive personal information.

In conclusion, this episode of Security Now offers an in-depth look at various aspects of computer security, ranging from advances in quantum computing to the challenges of code signing and advanced cryptographic concepts. The discussions are both informative and engaging, providing listeners with a deep understanding of current security issues.