SN 1005: 6-Day Certificates? Why? - Android Anti-Tracking, MFA lLogin Bypass, BIMI

• Is AI the Wizard of Oz? Or is it more?
• Microsoft's long standing effective MFA login bypass.
• Is TPM 2.0 not required after all for Windows 11?
• Meet 14 North Korean IT workers who made $88 million from the West.
• Android updates its Bluetooth tracking with anti-tracking.
• The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight.
• The AskWoody site remains alive, well, and terrific.
• My iPhone is linked to Windows and it's wonderful. Yay.
• How has email been finding logos before BIMI?
• If we use Him and Her for people, how about Hal for AI?
• Another very disturbing conversation with ChatGPT.
• What's going on with the new ChatGPT o1 model? It wants to escape? What??
• Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world?
• And all the best holiday wishes. See you in January

Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

• joindeleteme.com/twit promo code TWIT
• 1password.com/securitynow
• bigid.com/securitynow
• canary.tools/twit - use code: TWIT