SN 1071: Bucketsquatting - Meta and TikTok's Tracking Pixels
From Security Now (Audio) by TWiT
March 25, 2026 · 2h 48m · Episode 1071
About this episode
Steve Gibson and Mikah Sargent discuss significant oversights in internet security, including vulnerabilities in tax software and tracking pixels used by major companies.
When convenience trumps caution, disaster waits in the wings. Join Steve Gibson and Mikah Sargent as they break down the jaw-dropping oversights lurking in mission-critical tax and cloud tools, and examine how a single unchecked decision can upend internet security for years. H&R Block's tax software does something SO WRONG. The Intoxalock breathalyzer calibration cyber attack. Firefox now offers a 100% free built-in VPN. TikTok and Meta's tracking pixels are so much more. Russians beg for the return of Telegram, WhatsApps and others. Never connect your crypto-wallet to an unknown service. What would a week be without a Cisco CVSS of 10.0. Ubiquiti patches a 10.0 critical flaw. Listener feedback and... What's "Bucketsquatting" and what can be done to prevent it Show Notes - https://www.grc.com/sn/SN-1071-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to Security Now at https://twit.tv/shows/security-now . You can submit a question to Security Now at the GRC Feedback Page . For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com , also the home of the best disk maintenance and recovery utility ever written Spinrite 6…
People in this episode
Hosts: Steve Gibson, Mikah Sargent
Topics covered
- internet security
- tracking pixels
- cyber attacks
- tax software vulnerabilities
- VPN services
- crypto-wallet safety
- critical flaws
Keywords
- Bucketsquatting
- internet security
- H&R Block
- Intoxalock
- Firefox VPN
- crypto-wallet
- Cisco CVSS
- Ubiquiti flaw
Sponsors
hoxhunt.com, guardsquare.com, outsystems.com, zscaler.com
Mentioned in this episode
Organizations: H&R Block, Intoxalock, Firefox, Telegram, WhatsApp, Cisco, Ubiquiti, TWiT
Products: Spinrite 6
More episodes of Security Now (Audio)
- SN 1082: The Malicious Use of AI - Anthropic's Red Team Report · June 10, 2026 · 2h 37m
- SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat? · June 3, 2026 · 3h 20m
- SN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever? · May 27, 2026 · 2h 44m
- SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder · May 20, 2026 · 2h 52m
- SN 1078: DigiCert does it right - Hugging Face Under Fire · May 13, 2026 · 2h 41m
- SN 1077: A Browser AI API? - End of Bug Bounties? · May 6, 2026 · 2h 35m
Explore listener stats, chart rankings, contacts and more on the Security Now (Audio) podcast page.