SN 946: CitrixBleed - iMessage Contact Key Verification, HackerOne bug bounty news, CISA's Logging Made Easy
What caused last week's connection interruption? Router was rebooting intermittently, but why? David Redekop of AdamNetworks explained their enterprise network security solution aims to only allow known safe connections, blocking everything else. iMessage gets Contact Key Verification to confirm new devices added to an account belong to the contact. Public Interest Research Group asks Microsoft to extend Windows 10 support beyond 2025. HackerOne breach bounties surpass $300M total payout. CISA releases free Logging Made Easy toolkit to enhance Windows logging capabilities. SpinRite 6.1 pre-release 2 published, likely final pre-release with some testing remaining before full launch. Moving the Internet fully to IPv6 likely won't happen until IPv4 addresses are fully consumed. Open source projects struggle with costly code signing certificates. Deep dive into CitrixBleed vulnerability allowing authentication bypass. Show Notes - https://www.grc.com/sn/SN-946-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: cs.co/twit bitwarden.com/twit vanta.com/SECURITYNOW