SN 1009: Attacking TOTP - Force-Installed Outlook, DJI Firmware Update - podcast episode cover

SN 1009: Attacking TOTP - Force-Installed Outlook, DJI Firmware Update

Security Now (Video)
Jan 22, 20253 hr 7 minEp. 1009
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

  • What do we learn from January's record breaking 0-day critical Patch Tuesday?
  • Microsoft to "force-install" a new Outlook into all Windows 10 and 11 desktops?
  • GoDaddy required to get much more serious about its hosting security.
  • More age verification enforcement is coming, including globally.
  • What another instance of a widely exposed management interface teaches us.
  • DJI drone's official firmware update lifts geofencing for unrestricted flight.
  • CISA's efforts pay off with MUCH improved critical infrastructure security.
  • Listener feedback about TOTP, HOTP and age-verification.
  • And we take a deep dive into cracking authenticator keys

Show Notes - https://www.grc.com/sn/SN-1009-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Transcript

Primary Navigation Podcasts Club Blog Subscribe Sponsors More… Tech DJI Drops Drone No-Fly Zone Restrictions: What You Need to Know

Jan 24th 2025 by Benito Gonzalez

AI-created, human-edited.

In a move that's raised eyebrows across the tech and aviation communities, DJI has made a significant change to its drone firmware by removing automatic restrictions on flying into previously designated no-fly zones. The recent Security Now podcast discussion highlighted the potential implications of this controversial update.

Key Developments:

DJI has replaced its proprietary geofencing system with official FAA dataDrone operators now have full responsibility for navigating restricted airspacesThe update follows similar changes in European countries

The Risks and Concerns:

The podcast hosts, Leo Laporte and Steve Gibson, expressed serious reservations about the update. They pointed out critical safety concerns, including:

Potential interference with emergency services (like firefighting aircraft)Risks near sensitive locations like military bases and prisonsIncreased potential for misuse of drone technology

DJI's Justification:

According to the company's blog posts, the update:

Aligns with aviation regulators' principles of operator responsibilityReduces operational delays for commercial drone usersProvides more consistent and accurate airspace information

Industry Context:

The timing of this update is particularly sensitive, given ongoing geopolitical tensions between the US and China. DJI strongly denies any political motivations, positioning the change as a technological evolution.

Critical Takeaway:

While DJI argues this update empowers responsible drone operators, the podcast discussion suggests it could potentially compromise safety and increase risks in sensitive areas.

Recommendations for Drone Operators:

Stay informed about local aviation regulationsAlways prioritize safetyCarefully review FAA no-drone zone resources before flying

The debate continues, but one thing is clear: the landscape of drone technology and regulation is rapidly evolving.

Share: Copied! Security Now #1009
Jan 21 2025 - Attacking TOTP
Force-Installed Outlook, DJI Firmw… All Tech posts Contact Advertise CC License Privacy Policy Ad Choices TOS Store Twitter Facebook Instgram YouTube Yes, like every site on the Internet, this site uses cookies. So now you know. Learn more Hide Home Schedule Subscribe Club TWiT About Club TWiT FAQ Access Account Members-Only Podcasts Update Payment Method Connect to Discord TWiT Blog Recent Posts Advertise Sponsors Store People About What is TWiT.tv Tickets Developer Program and API Tip jar Partners Contact Us
Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast