Security Now 202

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 202

Security Now 202: Your Questions, Steve's Answers 69

News & Errata

02:45 - 23:05

02:45 - 04:10

  • All Mozilla software has recently been updated to fix security flaws

04:11 - 04:53

  • Safari 4 has been updated

04:54 - 06:19

  • iPhone OS3 fixed more than 46 security flaws

06:20 - 13:01

  • Steve has not tested 'Morro' yet which is Microsofts free antivirus software

13:02 - 14:37

  • Brian Kernighan of Princeton defines scripting as "I know it when I see it."

14:38 - 23:05

  • Steve's security certificate expired on June 16th 2009 as he forgot to renew it

Questions & Answers

Question: [ 01 ]

25:15 - 34:05 Michael (St. Louis)
Question: Can you give us your review of the Kindle DX ?

Answer: Its big and when he tried to read a PDF on it some of them were illegible. The auto switching to landscape mode is slightly sensitive also but can be turned off. There are no page turns button on the left, in landscape mode PDF's are more readable but there are still some problems with alignment and ease of use. Simple PDF's work beautifully and the screen is magnificent. It is heavy probably due to a large battery but the page turns are faster.

The page turns on the left are not a problem if you take advantage of the auto-rotate sensor. You just have the keyboard at the top. I like the amount of text on the screen as well.

Question: [ 02 ]

34:06 - 35:32 Steve Whaley (Lexington, Illinois)
Question: Where can you get the free version of Secure Zip?

Answer: SecureZip.com

Question: [ 03 ]

35:33 - 42:40 Damien Eversmann (Sacramento)
Question: Why does it seem that all coding errors mean remote code execution vulnerabilities?

Answer: We don't talk about the smaller bugs on the podcast just the really bad problems with software such as RCE. But there are plenty of smaller bugs in software.

Question: [ 04 ]

42:41 - 46:53 Joseph Vollmer (Waterloo, Ontario, Canada)
Question: Is it possible to crack WPA / WPA 2 if you set it up correctly with a secure password?

Answer: No as long as you use a strong passphrase and set it up correctly.

Question: [ 05 ]

46:54 - 50:20 Anon (California)
Question: How do you know what a VPN from a company is doing?

Answer: You can't be sure so Steve recommends running it in a Virtual machine.

Question: [ 06 ]

50:21 - 53:04 Anthony Fitch (Blaine, Kentucky)
Listener Comment: I was in Europe and one of my friends had money stolen from her account because she used a compromised ATM

Steve's Comment: He recommends not using a card that is tied to all of your money when abroad

Question: [ 07 ]

53:05 - 01:00:56 Rick Huebner (Melbourne Beach, Florida)
Question: When using Secure Zip does the fact that one recipient now knows the plaintext symmetric key, has the ciphertext for the other recipients, and presumably can get the other recipients' public keys because those are stored easily, widely, would it make it easier to crack the private keys?

Answer:

  • To encrypt the files a nonce is chosen. That is used as the symmetric key for performing the bulk encryption of the content instead of using.
  • So this random key is encrypted separately three times, once with each certificate.
  • Now the zip file goes off to them all.

You gain no advantage in cracking the private keys because:

  • This is exactly what the public key, the asymmetric key technology was designed for.
  • The information they have is exactly the same as the information that someone with a digital signature would have

Only 7 questions and no Spinrite story this week as they were recording two episodes as Leo is going to China and they only had limited time

Sponsors

NerdsOnSite

Production Information

  • Recorded Date: June 24, 2009
  • Release Date: June 25, 2009
  • Duration: 1:02:13
  • Log line:
  • Edited by: Tony and Erik
  • Notes:
  • Removed Skype issue with Steve at 6:09
  • Inserted NerdsOnSite ad from 204 to this episode
  • Removed extra audible ad at 50:20
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.