Security Now 190
Topic: Listener Feedback 63
Recorded: April 01, 2009
Published: April 02, 2009
Security Now 190: Your Questions, Steve's Answers 63
News & Errata
5:00 - 12:02
- Conficker is surviving so long as it phones home to update itself often.
- To avoid being shut down Conficker is pseudorandomly generating domain names which it goes to to receive updates.
- From April 1st 2009 Conficker randomly checks up to 50,000 sites a day.
- This makes it hard for security professionals to pre register the domain names.
12:03 - 17:13
- A new bad kernel integer overflow meta file exploit in Windows XP.
- A malicious image can take over your computer if it is displayed.
- There was controversy over if the last meta file exploit was due to a feature purposely written into the code.
17:14 - 18:05
- Firefox updates released, fixes some security issues including the Pwn 2 Own exploit
18:06 - 18:43
- Cisco released an update to there router firmware
18:44 - 22:10
- Ghost Net, a spy network is the topic of next weeks podcast
- It has stolen data from Government computers
- Controlled by computers, nearly all of which are in China
25:52 - 27:49
- PDP 8 Kits are still available
27:50 - 28:37
- Yubico will be releasing new keys after summer which will be available at a reduced price for existing owners.
28:38 - 30:55
- Someone was charged international roaming rates when they were near the Mexican border due to the device connecting to Mexican cell towers which have high signal strength and low utilisation.
51:12 - 52:10
- To easily determine if you have Conficker attempt to go to a site such as  or   and if you cant reach them you may have it as the worm prevents you from visiting these sites.
Setting Browsers To Only Accept First Party Cookies
In this episode, Steve mentioned that he only accepts first party cookies -- that is, cookies from the site he is visiting itself, not from a third party provider. He mentioned that there are settings in every browser to do this. They are, as follows:
Firefox: Choose "Options" from the "Tools" menu. Select the "Privacy" pane. Uncheck the "Accept Third Party Cookies" box.
Safari: Choose "Preferences" from the Safari menu on the main task bar (in Mac OS X) or by clicking the Gear icon in Windows. Go to the "Security" tab. Make sure "Only from sites I visit" is selected under "Cookies." (Note: Windows instructions were tested using 4.0 beta.)
Internet Explorer: Go into Internet Options, and select Privacy. The Medium security level blocks third party cookies, but accepts first party cookies. The High security level blocks all cookies. (Note: you can't just tell it to accept third party cookies.)
Chrome: Click on the "Tools" icon. Choose "Options", then choose the "Under The Hood" tab. Choose "Restrict How Third Party Cookies Can Be Used" in the Cookie Options drop-down menu.
22:11 - 25:51
- Tree Style Tab Firefox Tab Plugin
30:56 - 31:30
- No Spinrite testimonial this week due to there being so many questions mentioning Spinrite.
Questions & Answers
1) 35:00 - 42:10 Michael (South East Asia)
Question: A listener cant tell if he is using a compromised exit node on TOR will Steve run an exit node?
Answer: No as he has no control of the data when it leaves his server and someone could watch the traffic when it leaves his server. Leo recommends reading a blog post by a TOR node operator who was visited by police as his IP was in the logs of a site offering child pornography. Link to the blog post
2) 42:11 - 47:01 Fred
Question: A listener wants to know how his company is decrypting his HTTPS traffic?
Answer: The gateway at the company is providing HTTPS certificates. When you visit a secure site the gateway connects to the secure site and reads the contents then passes it back to the user signed with the certificate they provided.
3) 47:02 - 51:10 Jack Jensen, (Tampa, Florida)
Question: A listener is hearing the sounds of mouse clicks and keyboard typing that are not his through his speakers, Firefox is also acting odd what is happening?
Answer: Steve recommends taking the drive out of the machine set it as a data drive and put it in another machine and scan it. When you scan a drive as the main drive in the computer the malware can hide itself.
4)52:11 - 59:55 Paul Harding (Calgary, Alberta, Canada)
Question: Can Spinrite be used on NAS and external drives?
Answer: USB, Firewire and Network connections to a drive are dramatically different than E-SATA connections which is just like ATA but serialised it has the same total access to hard drive guts as SATA & PATA. The best way to use Spinrite is with an ATA style connection. This lets it get more intimate with the drive than over USB, Firewire or a network. It could work over USB or on NAS but the best way to do it is with a ATA style connector.
5) 59:56 - 01:03:06 Mike Nicklin (Eureka, California)
Question: 1) Do you accept cookies 2) Do you worry about cookies 3) Should cookies be accepted just to keep the hassle down
Answer: 1) Only first party cookies 2) No 3) No. Steve recommends allowing first party cookies and blocking third party cookies.
6) 01:03:07 - 01:08:55 Lee W (West Milford, New Jersey)
Question: Why do you have to run as an administrator to run MSRT?
Answer: MSRT is a trusted tool that needs to get to the deep roots of the operating system to do its job.
7)01:08:56 - 01:13:38 Ben Pfountz (Virginia Tech)
Question: Is there a program like a botnet that can be ran on a computer so he can connect to it when he needs to fix it?
Answer: Cryptolink will do this.
8)01:13:39 - 01:17:39 Poojan Wagh (Chicago, Illinois)
Question: How do password strength meters work?
9)01:13:40 - 01:24:07 Dain Nilsson (Sweden)
Question: Could you modify a hash function to use it to encrypt and decrypt data?
Answer: Possibly, but cryptography is really hard to get right so there might be issues with it.
10)01:24:08 - 01:29:20 Richard Frisch (Weston)
Question: What is an easy and secure way to store lots of passwords with clients details?
Answer: A password manager such as Roboform on Windows or One Password on MAC or Keepass which is open source.
11)01:29:21 - 01:33:26 David F br>
Question: Doesn't granular mean the opposite of "resolute," "precise," or "articulate" ?
Answer: Its not a precise term means able to be broken up.
12)01:37:58 - 01:43:40 Rick Hughes (Sykesville)
Listener Tip: An easier way to use Drive Snapshot is to make a BartPE disk, which is at nu2.nu/pebuilder. This is a free, bootable Windows XP CD that natively understands NTFS, USB drives, networks. If you copy your licensed Drive Snapshot .exe file to the BartPE disk, you can just boot up from the CD and use the normal Drive Snapshot GUI for backing up and restoring to any drive
Steve's Comment: Steve is impressed with it if Windows wont boot its a good way to look at whats wrong.
Steve Gibson: And isn't it perfect that I sound like crap today?
Leo: I am Leo Laporte, and that guy, way distant far away...
Steve: Hello, Leo.
Leo: ...is Steve Gibson.
Steve: Earth to Leo, Earth to Leo, come in, Leo [crackle]. Over.
Leo: Steve's on the phone today. He's using his PDP-8 for Skype, and that's what they sound like.
| The Meaning of Everything: The Story of the Oxford English Dictionary by Simon Winchester (Abridged / Unabridged)|
Narrated by Simon Winchester
Ad Time: 0:50-0:58 and 1:33:24-1:36:29
Ad Time: 0:33-0:49 and 02:11-04:55
Ad Time: 0:59-1:12 and 31:30-34:56
- Recorded Date: April 01, 2009
- Release Date: April 02, 2009
- Duration: 01:45:44
- Log line:
- Edited by: Tony
- Raised Steve's audio level at 1:18:50
- Steve's Skype wasn't working so the show was done over the phone with Skype video
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|