SN 1066: Password Leakage - Zero Trust, Zero Knowledge

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet.

• CA's warn us to urgently prepare for the inevitable.
• Three U.S. states attempt to ban 3D printed firearms.
• Denied ransom, ShinyHunters leaks 967,000 personal details.
• "Billions" of U.S. social security numbers leaked.
• Is Apple planning to add cameras to three new gadgets.
• No more security fixes for Firefox on Windows 7 & 8.
• Russia blocks the official Linux kernel site they need.
• Will the U.S."freedom.gov" site post EU blocked content.
• LLM's will offer secure passwords. Do Not Use Them.
• As predicted, the "ClickFix" attack strategy takes over.
• A listener believes his computer is compromised.
• How could three popular password managers get things wrong.

Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsors:

• guardsquare.com
• bitwarden.com/twit
• zscaler.com/security
• hoxhunt.com/securitynow
• material.security