all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SN 942: Encrypting ClientHello - EXIM eMail Servers Exposed, Windows 11 Passkeys, Bing Chat Malware Risk

Add to bookmarks
Oct. 4, 2023, 4:03 a.m. | TWiT

Security Now (Audio) twit.tv


  • Exim email server ignored ZDI's responsible disclosure of critical remote code execution flaws for over a year, putting millions of servers at risk.

  • Malicious ads are appearing in Bing Chat responses, promoting fake sites distributing malware.

  • Windows 11 now natively supports passkeys, though browser support may make this redundant.

  • Researchers exploit WiFi beamforming side-channel to potentially reveal keystrokes, but practicality is limited.

  • The ECH TLS extension encrypts the ClientHello packet to hide SNI data.

  • Exim disclosure timeline and impact on …

ads bing bing chat bing chat malware risks browser chat code code execution critical disclosure email email server encrypted client hello hides sni data exim exim server vulnerabilities exposed fake flaws help & how to iab19 leo laporte malicious malicious ads malware passkeys remote code remote code execution responsible responsible disclosure risk security security now server servers steve gibson technology twit wifi password stealing exaggerations windows windows 11 windows 11 passkey support zdi

Visit resource

More from twit.tv / Security Now (Audio)

SN 974: Microsoft's Head in the Clouds - 4-Digit Pins, Long Range Navigation, Microsoft 4 days, 4 hours ago | twit.tv
1password android passkeys can clouds +33
SN 973: Not So Fast - GPS Vulnerabilites, VPN Flaw 1 week, 4 days ago | twit.tv
can cookies fast feedback +28
SN 972: Passkeys: A Shattered Dream? - IoT Default Passwords, Passkeys 2 weeks, 4 days ago | twit.tv
chrome conditions consumer consumer iot +39
SN 971: Chat (out of) Control - Fuxnet, Android Quarantine, Gentoo 3 weeks, 4 days ago | twit.tv
actalis ai amp android +45
SN 970: GhostRace - AT&T Breach Update, Cookie Notices, Router Buttons 1 month ago | twit.tv
amp att breach button +38
SN 969: Minimum Viable Secure Product - Dlink NAS Backdoor, Privnote, Crowdefense 1 month, 1 week ago | twit.tv
android apple backdoor can +37
SN 968: A Cautionary Tale - XZ Outbreak, AT&T Data Breach 1 month, 2 weeks ago | twit.tv
ad blockers advertisers amp att +34
SN 967: GoFetch - Apple vs. DOJ, ".INTERNAL" TLD 1 month, 3 weeks ago | twit.tv
ai apple authentication blocked +43
SN 966: Morris The Second - Voyager 1, The Web Turns 35 1 month, 4 weeks ago | twit.tv
2fa accounts addresses anonymous +41

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India
View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190
View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal
View on infosec-jobs.com