SN 1066: Password Leakage - Zero Trust, Zero Knowledge
From Security Now (Audio) by TWiT
February 25, 2026 · 2h 50m · Episode 1066
About this episode
The episode discusses password security flaws, recent data leaks, and the implications of zero knowledge in password management.
ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now . You can submit a question to Security Now at the GRC Feedback Page . For 16kbps…
People in this episode
Hosts: Steve Gibson, Leo Laporte
Topics covered
- password security
- zero knowledge
- open source
- 3D printed firearms
- data leaks
- cybersecurity
- password managers
Keywords
- password leakage
- zero trust
- security flaws
- data breaches
- 3D printing
- social security numbers
- ClickFix attack
- password managers
- open source security
Mentioned in this episode
Organizations: ETH Zurich, Apple, Firefox, Russia, GRC, TWiT, Linux, ShinyHunters
Products: Spinrite 6
Places: U.S., EU
More episodes of Security Now (Audio)
- SN 1082: The Malicious Use of AI - Anthropic's Red Team Report · June 10, 2026 · 2h 37m
- SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat? · June 3, 2026 · 3h 20m
- SN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever? · May 27, 2026 · 2h 44m
- SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder · May 20, 2026 · 2h 52m
- SN 1078: DigiCert does it right - Hugging Face Under Fire · May 13, 2026 · 2h 41m
- SN 1077: A Browser AI API? - End of Bug Bounties? · May 6, 2026 · 2h 35m
Explore listener stats, chart rankings, contacts and more on the Security Now (Audio) podcast page.