SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy - a podcast by TWiT

• What caused last week's connection interruption? Router was rebooting intermittently, but why?


• David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else.


• iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact.


• Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025.


• HackerOne breach bounties surpass $300M total payout.


• CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities.


• SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch.


• Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed.


• Open source projects struggle with costly code signing certificates.


• Deep dive into CitrixBleed vulnerability allowing authentication bypass.

Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• cs.co/twit


• bitwarden.com/twit


• vanta.com/SECURITYNOW

Further episodes of Security Now (Audio)

Further podcasts by TWiT

Website of TWiT