Security Now - 16k MP3

Telegram's founder, owner and CEO arrested in France. What does that mean? One year after Microsoft began offering free cloud security event logging. How's that going? To no one's surprise, CrowdStrike is losing customers - But how many? Microsoft to meet with CrowdStrike and other vendors to discuss new solutions. Yelp is not happy with Google. Did/does Google put their thumb on the scale? Where do you go to purchase yourself some DDoS? How about sending a Telegram? Chrome exploits are becoming more rare and difficult to find so Google has upped the ante. Believe it or not, Cox Media Group is still promoting their incredibly privacy invading "Active Listening" capability. How about secretly having foreigners doing all of your work for you. What could possibly go wrong? And Johns Hopkins Cryptographer Matthew Green has become increasingly annoyed by Telegram's claims of being an encrypted messaging platform. So he finally asks the question: Is Telegram an Encrypted App?

CrowdStrike's president appears in person to accept the "Most Epic Fail" award. A secret backdoor discovered in Chinese-made RFID access key cards. Counterfeit and poorly functioning Cisco brand networking gear in use by major institutions, government and military. A startling SSD performance improvement thanks to SpinRite. When is "Bing" actually "Edge" ... and other errata. Another useful National Public Data breach check service. And what are "Cascading Bloom Filters" and why do they offer the promise of 100% browser local and instantaneous certificate revocation detection?

As we embark on our 20th year of this weekly Internet security and privacy oriented technical news podcast, we're going to look at some more interesting certificate revocation news and we have an experiment for our listeners. What six 0-days were patched during Microsoft's Patch Tuesday last week? 53 episodes of the 1980's "Famous Computer Cafe" radio show were recently discovered and are now online -- hear Bill Gates before his voice changed. We have release #3 of IsBootSecure and a GRC email update and some interesting listener feedback. Then, to no one's surprise, we're going to take a deep dive into the background, meaning and impact of the largest personal data breach in history; how to look up your own breached records online, what to do and what this means for the future.

A million domains are vulnerable to the "Sitting Duck" attack. What is it? Is it new? Why does it happen? And who needs to worry about it? A CVSS 9.8 (serious) remote code execution vulnerability has been discovered in Windows' RDL (Remote Desktop Licensing) service. Patch it before the bad guys use it! All of AMD's chips have a critical (but patchable) microcode bug that allows boot-time security to be compromised. Now what? Microsoft apparently decides NOT to fix a simple Windows bug that allows anyone to easily crash Windows with a Blue Screen of Death anytime they wish. You sure don't want that in your Windows startup folder! GRC's IsBootSecure freeware is updated and very nearly finished. And believe it or not, the entire certificate revocation system that the industry has just spent the past ten years getting working is about to be scrapped in favor of what never worked before. Go figure.

What's been learned over the past week about the PKfile Platform Key misuse issue? What is "IsBootSecure?" and why does that sound suspiciously like a new piece of GRC freeware? There's plenty of news on the 3rd-party cookie front. What's going on with Firefox and what position has the World Wide Web Consortium (W3C) taken on this important issue? Now that we're a few weeks downstream of the CrowdStrike disaster, the attorneys have come out to play. What are we learning about the legal side of this massive outage? What's been going on with GRC's incoming "SecurityNow" email system? And we finish by looking at DigiCert's recent mass certificate revocation event. Why it happened? What happened? Did it matter? Was it necessary? And how does it compare to Entrust's past behavior?

The obligatory follow-up on the massive CrowdStrike event: How do CrowdStrike's users feel? Are they switching or staying? How does CrowdStrike explain what happened? Does it make sense? How much blame should they receive? An update on how Entrust is attempting to keep its customers from changing certificate authorities. Firefox appears not to be blocking 3rd-party tracking cookies when it claims to be. How hiring remote workers can come back to bite you in the you-know-what. Did Google really want to kill off 3rd-party cookies or are they actually happy? And is there any hope of ending abusive tracking? Auto-updating anything is fraught with danger. Why do we do it and is there no better solution? And what serious mistake did a security firm discover that compromises the security of nearly 850 PC makes and models?

Which browser has had a very rough week? And why? Which bodily fluid should you probably not drink despite Google's recommendation? And how can you tweak your browser to avoid those in the future? What happens when a Windows XP machine is exposed to the unfiltered Internet? Duck and Cover! How did a pair of college kids get their laundry washed for free? And what do we learn about still-clueless corporations? And finally, after engaging with some terrific listener feedback, we're going to examine the latest thought-provoking response to the EU's proposed Child Sexual Abuse Regulation from their own scientific and research community.

What fascinating insights do we obtain from examining 3.4 million 4-digit PINs? What plans are already underway as a backup for today's vulnerable GPS technology? How many passkeys will websites store per account? And what's all this about Microsoft promising to get serious about their cloud-based services security?

What danger is presented by the world's dependence upon GPS? And why is that of any concern? Has the sky fallen on all VPN systems? And why does the tech press appear to think so? Today's myriad network authentication options are confusing and incomplete. What does the future promise? Why might Apple have been erasing iCloud Keychain data? And what's actually going on between Google and the United Kingdom regarding the sunsetting of 3rd-party cookies? What's the problem? Or is there one?

The choice for this week's main topic received some serious competition from some surprising legislation that came into effect yesterday in the United Kingdom. So we're going to start by taking a close look at what happened in the UK that promises to completely change the face of consumer IoT device security. As we'll see, that's not an overstatement; the world as we've known it just changed. While that exploration is going to consume most of the first half of today's podcast, I also want to look at what happened last week with Chrome's change of plan regarding 3rd-party cookies, I have a bit of listener feedback to share, and news of the next installment in a long-running science fiction book series. I also have the welcome news that I am finally working on bringing up GRC's eMail communications system. Then we'll finish by taking a look at a blog posting by an industry insider that many of our listeners forwarded to me asking "what do you think about this?".

What would you call Stuxnet on steroids? What's the latest on the Voyager 1 drama? What new features are coming to Android and Thunderbird? What's China done now? Why did Gentoo Linux say 'no' to AI? And after sharing and discussing a bunch of feedback from our terrific listeners and a SpinRite update, we're going to examine the latest update to the European Union's worrisome "Chat Control" legislation which is reportedly just over a month away from becoming law. Is the EU about to force the end of end-to-end encryption in order to enable and require the scanning of all encrypted communications? It appears ready to do just that.

What's the latest on that massive five year old AT&T data breach? Who just leaked more than 340,000 social security numbers, Medicare data and more, and what does that mean? Are websites honoring their cookie banner notification permissions? And why do we already know the answer to that question? What surprise has the GDPR's transparency requirements just revealed? And after sharing a bit of feedback from our listeners, we're going to go deeper into raw fundamental computer science technology than we have in a long time... and it may be inadvisable to operate any heavy equipment while listening to that part.

When is it far better for a security researcher to just keep their mouth shut? Are all Internet-based secure note exchanging sites created equal? What's been happening in the lucrative and slimy world of 0-days for pay? And what has NASA just learned about the state of Voyager 1? Something momentous has happened with SpinRite, and we're going to take a deep dive into an important industry initiative that just acquired an important new contributor.

Why should all Linux users update their systems if they haven't since February? What do 73 million current and past AT&T customers all have in common? What additional and welcome, though very different, new features await Signal and Telegram users? Which major IT supplier has left Russia early? What did Ghostery's ad blocking profile reveal about Internet users? Whatever happened with that Incognito-mode lawsuit against Google? And how are things going in the open source repository world? And then, after I share something kinda special that happened Sunday involving my Wife, SpinRite and her laptop - and it's probably not what you think - we're going to take a look at another rather horrifying bullet that the Internet dodged again.

After I comment on US Departement of Justice's antitrust suit against Apple, we'll update on General Motor's violation of its car owner's privacy and answer some questions, including what happy news is Super Sushi Samurai celebrating? Has Apple abandoned its plans for HomeKit-compatible routers? And what appears to be shaping up to take their place? Will our private networks be receiving their own domain names? And if so, what? The UN has spoken out about AI -- does anyone care? and what do I think the prospects are of us controlling AI? What significant European country just blocked Telegram? What did the just-finished 2024 Pwn2Own competition teach? Might the US be hacking back against China as they are against us? And after a bit of interesting SpinRite news and a bit of feedback from our listeners, we're going to spent the rest of our time looking into last week's quite explosive headlines about the apparently horrific unfixable flaws in Apple's M-series silicon. Just how bad is it?

Voyager lives! (Maybe). The world wide web just turned 35. What does its Dad think? What's the latest horrific violation of consumer privacy to come to light? Our listeners have been extremely engaged and interested in several of this podcast's recent topics. So we're going to use their feedback to finish off several of those topics. And finally, we look at how a group of Cornell University researchers managed to get today's generative AI models to behave badly and at just how much of a cautionary tale this may be.

What happened with CERT? What headache has VMware been dealing with? What's Microsoft's latest vulnerability disclosure strategy? What's China's "Document 79," and is it any surprise? What long-awaited new feature is in version 7.0 of Signal? How is Meta coping with the EU's new Digital Marketing Act that just went into effect? What's the latest on that devastating ransomware attack on Change Healthcare? And after addressing some interesting feedback from our listeners, I want to clarify something about Passkeys that is not at all obvious.

Last week we covered a large amount of security news; this week, not so much. There are security stories I'll be catching us up with next week, but after sharing a wonderful piece of writing about the fate of Voyager 1, news of an attractive new Humble Bundle, a tip of the week from a listener, a bit of SpinRite news and a number of interesting discussions resulting from feedback from our listeners, our promised coverage of Apple's new "PQ3" post-quantum safe iMessage protocol consumed the entire balance of this week's podcast budget, bulging today's show notes to a corpulent 21 pages. I think everyone's going to have a good time.

What US state is now trying to ban encryption for minors? What shocking truth did a recent survey of IT professionals reveal? What experimental feature from Edge is Chrome inheriting? Are online services really selling our private data? And what about browser add-ons? Should we be paying extra to obtain cloud security logs? Now that the dust has settled, what happened with LockBit? What new features just appeared in Firefox v123? And what lesson have we just received another horrific example of? I have news on the GRC software front, and we have a bunch of interesting feedback from our terrific podcast listeners. So another jam-packed episode of Security Now.

What's the worst mistake that the provider of remotely accessible residential webcams could possibly make? What surprises did last week's Patch Tuesday bring? Why would any website put an upper limit on password length? And for that matter, what's up with no use of special characters? Will Canada's ban on importing the Flipper-Zero hacking gadgets reduce car theft? Exactly why didn't the Internet build-in security from the start? How could they miss that? Doesn't Facebook's notice of a previous password leak information? Why isn't TOTP just another password that's unknown to an attacker? Can exposing SNMP be dangerous? Why doesn't eMail's general lack of encryption and other security make eMail-only login very insecure? And, finally, what major cataclysm did the Internet just successfully dodge? And is it even possible to have a "minor cataclysm"? Today, we'll be taking a number of deep dives after we examine a potential solution to global warming and energy production as shown in our terrific picture of the week. Some things are so obvious in retrospect.

What's the story behind the massive incredible 3 million toothbrush takeover attack? How many honeypots are out there on the Internet? What's the best technology to use to access your home network while traveling? Exactly why is password security all just an illusion? Does detecting and reporting previously used passwords create a security weakness? Will Apple's opening of iOS in the EU drive a browser monoculture? Can anything be done to secure our router's UPnP? Has anyone encountered the "Unintended Consequences" we theorized last week? Are running personal eMail servers no longer practical? And what's up with the recently reported vulnerability in many TPM-protected Bitlocker systems?

What move has CISA just made that affects our home routers? What serious flaw was discovered in a core C library used everywhere by Linux? Does OpenSSL still have a future? What's Roskomnadzor done now? How can a password manager become proactive with Passkey adoption? Which favorite browser just added post-quantum crypto? What prevents spoofing the images taken by digital signing cameras? Why are insecure PLC devices ever attached to the Internet? And what may be an undesirable and unforeseen consequence of Google's anti-tracking changes?

What changes will the EU's soon-to-be-in-force Digital Markets Act be bringing to Apple's traditional iOS policies? What OS is ransomware unable to infect? What has HP done now with their printer ink policy? How many stolen user database records will fit in 12 terabytes? Can't you just delete that incriminating chat stream? Did Mercedes-Benz leave their doors unlocked? What's a latest on ransom payments rates? And after entertaining some questions from our terrific listeners and a long-awaited announcement from me, we're going to take a look at Alex Stamos' reaction to Microsoft's most recent security incident response.

What mistake did Microsoft make that allowed Russians to access their top executive's eMail? What does the breach of US Health & Human Services teach us? What does Firefox's complaint about Apple, Google & Microsoft mean? Why has the Brave browser just reduced the strength of its anti-fingerprinting measures? Last year CISA started proactively scanning. How'd that go? What new feature of smartphones has become a competitive advantage? And just how Incognito is that mode? Then we'll wrap up the week by looking at some of the best feedback from our listeners, including what's the future of fraudulent media creation?, how should a high school listener of our gets started with computing?, why did a popular Android app suddenly become sketchy?, does Google's Privacy Sandbox allow websites to customize their presentations to their visitors?, how might last week's LG smart washing machine have become infected?, does the Protected Audience API also protect its audience from malvertising?, and why do big ISPs just pull the plug on DDoSed sites rather than attempt to protect them?

What would an IoT device that had been taken over, do? And what would happen to the target of attacks it might participate in? What serious problem was recently discovered in a new post-quantum algorithm and what does this mean? What does a global map of web browser usage reveal? And after entertaining some thoughts and feedback from our listeners and describing the final touch I'm putting on SpinRite, we're going to rock everyone's world (and I'm not kidding) by explaining what Google has been up to for the past three years, why it is going to truly change everything we know about the way advertisements are served to web browser users, and what it all means for the future.

I want to start off this week by following-up on last week's podcast about the hardware backdoor discovered in Apple's silicon, to support the conclusion I've reached since then, that this was deliberate on Apple's part, that they always knew about this, and why. Then we're going to wonder whether everyone is as cyber-vulnerable as Ukraine appears to be? And if so, why and just how serious could cyberattacks become? What's the latest on the mess over at 23andMe? How's cryptocurrency been faring, and are things getting better, staying the same, or getting worse? What Google Mandiant account got hacked? Just how seriously, and legally, do we take the term "war" in "cyberwar", and what are the implications of that? LastPass recently announced some policy changes; even if they are about two years late, what lessons should the rest of the 'Net take away? During 2023, how did Windows 11 fare against Windows 10? What happens when users discover that Chrome's Incognito mode is still tracking them? And then, after exploring some questions from our terrific listeners, I want to share the result of some interesting research I conducted last week during the final days of the work on SpinRite 6.1 for this week's podcast, titled: ‘The Inside Tracks’.

After everyone is updated with the state of my still-continuing work on SpinRite 6.1, and after I've shared a bit of feedback from our listeners, the entire balance of this first podcast of 2024 will be invested in the close and careful examination of the technical details surrounding something that has never before been found in Apple's custom proprietary silicon. As we will all see and understand by the time we're finished here today, it is something that can only be characterized as a deliberately designed, implemented and protected backdoor that was intended to be, and was, let loose and present in the wild. After we all understand what Apple has done through five successive generations of their silicon, today's podcast ends, as it must, by posing a single one-word question: Why?

Leo looks back at the year's top security stories of 2023: Steve's Next Password Manager After the LastPass Hack / CHESS is Safe / Here Come the Fake AI-generated "News" Sites / How Bad Guys Use Satellites / Microsoft's "Culture of Toxic Obfuscation" / Steve announces his commitment to SN / Apple Says No / NSA's Decade of Huawei Hacking / ValiDrive announcement

Is the U.S. ever going to be able to introduce new child protection legislation or are we going to continue punting to the U.S. constitution? 2024 means the beginning of the end of traditional 3rd-party cookies in Chrome. What's the plan for that? How much did the Internet grow during 2023? and why? What's the most used browser-based query language? What's the updated ranking of sites by popularity? What percentage of total Internet traffic is generated by automation? Those and many other interesting stats have been shared by Cloudflare. Then, after catching up with a bit of SpinRite news and some feedback from our listeners, we're going to examine the content of some very disturbing webpages that Cox Media Group originally posted then quickly removed.

Why is metadata such a problem? What massive new audience just got end-to-end encryption by default? What's the latest on Iran's Cyber Av3ngers? What were the most exploited vulnerabilities of 2023? How are things looking two years after the discovery of the Log4J flaw? Whatever happened with Sony's attempt to force Quad9 to block a music pirate's domain? What exactly is the Dark Web, anyway? And where is it? And after closing the loop with some of our listeners, we're going to examine last week's surprising news of a significant breakthrough in quantum computing!

How can masked domain owners be unmasked? What new and very useful feature has WhatsApp just added? How did Iranian hackers compromise multiple U.S. water facilities across multiple states? Did Montana successfully ban all use of TikTok statewide?, and is that even possible? How many Android devices are RCS-equipped? What's the EU's Cyber Resilience Act?, and is it good or bad? Is ransomware finally beginning to lose steam? What's the deal with all of these new top level DNS domains? Do they make any sense? Has CISA been listening to this podcast, or have they just been paying attention to the same things we have? What's up with France's ban on all "foreign" messaging apps?, and did the Prime Minister's nephew come up with an alternative? And I want to share two final insights from independent industry veterans regarding the EU's proposal to forcibly require our browsers and operating systems to trust any certificates signed by their member countries.

Since last week's podcast was titled "Ethernet turned 50" it only seemed right to title this one "Leo turns 67" - I'll have more to say about that at the end. Until then, Ant and I will examine the answers to various interesting questions, including: How many of us still have Adobe Flash Player lurking in our machines? What can you do if you lose your Veracrypt password? Firefox is now at release 120, what did it add? What just happened to give Do Not Track new hope? Why might you need to rename your "ownCloud" to "PwnCloud"? How might using the CrushFTP enterprise suite crush your spirits? Just how safe is biometric fingerprint authentication? How's that going with Apache's MQ vulnerability, and have you locked your credit bureau access yet? Should Passkeys be stored alongside regular passwords? What's the best way to prevent techie youngsters from accessing the Internet?, and is that even possible? What could possibly go wrong with a camera that digitally authenticates and signs its photos? Could we just remove the EU's unwanted country certificates if that happens? What's the best domain registrar, and what was Apple's true motivation for announcing RCS messaging for their iProducts?

Is there any such thing as truly free privacy? What has Elon done now? What's the latest new tactic in post-breach cyber-extortion? Has Europe finally come to their senses over old and creaky proprietary radio encryption? What new forthcoming iPhone communications feature took everyone by surprise? What discovery did I make for super-secure code signing? Just how sticky are those barnacles? What's a good way to measure USB drive speed? Is the EU's proposed eIDAS 2.0 QWACs system as bad as it seems? And if it passes into law as-is, CAN companies realistically say no? What's my favorite little PC platform for building security gateways? Why couldn't we just use the good part of a fake drive? What should ex-LassPass users watchout for in their credit card statements? And, finally, we recognize the 50th birthday of Ethernet and look back at the history of its creation.

Is your lack of privacy badgering you? And if so what can you do about it? What's the latest on last week's bombshell news of the EU's Article 45 in eIDAS 2.0? Who's lost how much money in online cryptocurrency? And is using seed phrases for your wallet that to get from a seed phrase suggestion site a good idea? Has there finally been a truly devastating and effective speculative execution flaw discovered in Intel's processors? Could it be their Downfall? What country has decided to ban all VPNs? And how bad are the two flaws found in OpenVPN? Why have I stopped working on SpinRite? What's the best backup for a large NAS? Should vulnerability researchers learn the assembly language of their target processors? If quantum computers threaten asymmetric crypto, why not return to symmetric crypto? Could someone explain exactly why Article 45 is a bad thing? What in the world is a Windshield Barnacle and why don't you want one? What's my latest Sci-Fi book series discovery? And just how bad could it be if a cosmic ray flipped a bit at just the wrong time?

Where was Microsoft storing their Azure keys? What four new 0-day flaws has Microsoft declined to repair? and what happens next? What's this week's latest mass-casualty event for publicly-exposed Internet servers? And do we have any news on last week's Citrix Bleed fiasco? What comes after CVSSv3.1 and why? What happened to Google's WebDRM proposal? And what about the earlier Cisco IOS XE mass-casualty mess? And what's the new Security Now! podcast slogan to emerge from it? Our favorite password manager just announced their support for Passkeys! Now what? That guy with the badly messed-up SSD shared the results of using SpinRite 6.1. I'll share and explain what happened. And then, after entertaining some great feedback from our listeners, we're going to look into the next big looming battle between conservative tech and rapacious governments. All that and more during this week's Security Now! podcast #947 ... and counting.

What caused last week's connection interruption? Is it possible to create and maintain an Internet whitelist? What's the latest on LastPass vault decryptions? How do you know of a remote correspondent adds a new device to their Apple account that it's really them? Might there be more life left in Windows 10 than we thought? What's foremost in the minds of today's bug bounty hunters? What new free and open source utility has CISA released? Could it be that SpinRite 6.1 is finished? Is TLS 1.2 ready for retirement? And what about IPv4? How can open source projects get their code signed? And then we're going to take a really interesting deep dive into the Internet's latest mass-casualty disaster.

How do fake drives keep being sold by Amazon? If you don't already know it, is VBScript worth learning today? NTLM authentication is 30 years old; will it see 40? What startling flaw was just found in cURL, and what should you do about it? Vulnerabilities with a CVSS score of 10.0 are blessedly rare, but today the industry has another. And also, asked by our listeners, how should "lib" be pronounced? How is SpinRite's 6.1 pre-release run? Is passkey export on the horizon? Doesn't a server's IP address make encrypting the client hello superfluous? Is there such a thing as encryption preemption? Are fraudulent higher-end drives possible? What's Privacy Badger and why did I just install it? And finally, within any enterprise, few things are more important than managing user and device access privileges. As highlighted by the NSA's and CISA's experiences, we're going to examine the need for taking privilege management more seriously than ever during this week's Security Now! Episode #945 - The Power of Privilege.

How have valiDrive's first ten days of life been going and what more have we learned about the world of fraudulently fake USB thumb drives? Should passkeys be readily exportable or are they better off being kept hidden and inaccessible? Why can't a web browser be written from scratch? Can Security Now listeners have SpinRite v6.1 early?... like... now? What was that app for filling a drive with crypto noise and what's my favorite iOS OPT app? And couldn't Google Docs HTML exported links being redirected for user privacy? After we address those terrific questions posed by our listeners we're going to take a look at the surprise emergence of a potent new HTTP/2-specific DDoS attack. Is it exploiting a 0-day vulnerability as Cloudflare claims, or is that just deflection?

How many people have downloaded GRC's latest freeware so far? Do we believe what 23andMe have told the world about the leak of their customers' personal and private data? What are the stats regarding all aspects of cyberattacks? How's the Brave Browser doing? Where and when is Google surreptitiously embedding tracking links into Google Docs exports? What high profile enterprise was also compromised by the Progress Software MOVEit SQL injection? What additional web browser just added and announced its support for Encrypted ClientHello? What change did Google just make with the release of their Pixel 8 family of smartphones? What cyber initiative did the U.S. Congress just overwhelming pass? What's "DwellTime" and why do we care? And that's just the news. We'll also be entertaining many of our listeners' questions, then starting into the first part of our examination of a really terrific document that was just published by the NSA and CISA.

Just how irresponsible have the developers of the most popular eMail server on Earth been shown to be? What nefarious intent has infiltrated AI dialog? Windows 11 now supports passkeys. But what does that mean for the browsers and add-ons that already do? The tech press is warning about a new password stealing attack against users of public Wi-Fi. How does it work? Are they right? And just how worried should we be? Why isn't there a Nobel prize for math? Was it due to a jealous husband? Is our eMail address the only way for the LastPass vault decryptors to target their victims? Is there any way to keep AI models from training on our website's content? Does anyone have a shortcut for learning SyncThing? Is it best not to keep lithium-ion batteries fully changed? Where's a clever place to keep encrypted data offline and what happens to old mathematicians? After we answer those questions and more we're going to look at the hoops the Internet's designers have had to go through to keep eavesdroppers from learning which sites we visit. Welcome to the Security Now! podcast number #942 for October 3rd, 2023.

This week we're chock full of questions! Why is my new ValiDrive freeware not published yet? Why did Apple quietly remove PDF rendering from the Mac after 39 years? Has the NSA been hacking China? What mistake did Microsoft recently make that would require the use of a bigger hard drive? Why did Signal just announce their use of post-quantum crypto? What's the big hurry? Is it possible to create a new web browser from scratch? And if not, why not? Does public key crypto really go both ways? Can pure math generate pure random numbers? One of our listeners believes he has. Could encrypting an entire hard drive then throwing away the key be used in place of the random noise wiping I'm a big fan of? Why hasn't the Unix time problem been fixed yet? Or has it? Will all of the stolen LastPass vaults eventually be decrypted? Am I really leaving Twitter? And, finally... why in the world is this episode titled "We Told You So!" ? The answers to those questions and more will be revealed by the time we're done here today. Welcome to episode #941 of TWiT's Security Now! podcast.