Security Now 204

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 204

Security Now 204: Listener Feedback 70

News & Errata

02:45 - 04:00

  • This podcast was recorded in advance as Leo is in China so there is no Security News or Errata.
  • The Q&A in two weeks will be a mega Security News catchup.

Spinrite Story

04:01 - 06:06 Louise (Unknown)

  • A listener had her computer infected with a trojan so she reformatted the drive and reinstalled windows. She backuped all of her data to an external drive but it locked up whilst she was trying to copy the data back onto her computer. She ran Spinrite on it and it took 27 hours but it fixed the drive and saved all of her data.

Questions & Answers

Comment: [ 01 ]

06:07 - 10:00 Trevor (Wall, New Jersey)

Listener Comment: A listener was at the A&P supermarket using a self checkout machine. It crashed whilst he was using it and booted back into Windows 2000. So he did some investigation and launched Internet Explorer 6 and was taken to msn.com. The system was connected to the internet and appeared to be unpatched and had no antivirus software.

Steve's Comment: Steve gets a kick out of it.

Question: [ 02 ]

10:01 - 14:34 Doug Zuckerman (Bethesda, Maryland)

Question: Could you could summarise the questions you answer on the main security now page of your website?

Answer: The questions are summarised on the Wiki and there are transcripts on Steve's site.

Question: [ 03 ]

14:35 - 18:43 Brad Banko (Cuyahoga Falls, Ohio)

Question: Does writing in Assembly language mean that your code is tied to Intel processors ?

Answer: Yes but you can easily move between processors by reading the instruction references

Question: [ 04 ]

18:44 - 22:45 Brian Taylor (Walnut, California)

Question: How do you wrap your mind around all the complexities of what you do?

Answer: Steve has been around for a long time so he has a large knowledge base and due to the fact that the podcast focuses on a small area it seems like he has more facts at his grasp than he does. He spends a couple of hours preparing for the podcast so he can be at the top of his game when doing the podcast.

Question: [ 05 ]

22:46 - 31:25 Mat Ludlam (Weybridge, London)

Question: I want to store a cookie on a user's machine that allows them to automatically log into my system. I want this cookie to have a lifespan of about seven days, and I don't trust the users. I don't have a problem with users seeing the information, I just don't want it changed. Also how can I stop the user from copying a cookie from one machine to another?

Answer: There are two options depending on if you can store data on your end or not. In the first case you're storing the data at your end and just giving them a little token for it, a pointer to it; or, in the second case, you give them all the data to store in their cookie, and they give it back to you every time. So either way will work, and it's just a function of what you're most comfortable with and what makes sense based on the capabilities you've got at the server end. To stop them copying the cookie from one machine to another you would have to use scripting to get the value of some unique ID from the system such as a Windows GUID

Question: [ 06 ]

34:45 - 42:04 John (Indiana)

Question: What are your thoughts on the security of connecting to the Internet on a laptop via tethering from a cell phone. Also does it make a difference if your using a cellphone or a EVDO card?

Answer: Cellphones can have their own vulnerabilities as they are complex. For example iPhone OS 3.0 fixed 40 security problems. An EVDO card is less complex as it's just a dumb modem. All of the cellphone technology securities have been cracked and when you are using tethering or a EVDO card, you have about the same security as using an open WiFi hotspot. When the security for cellphone communications was created, the hardware had a lot less power and although hardware power has increased, the security used hasn't been updated.

Question: [ 07 ]

42:05 - 47:31 Brandon (Portland, Oregon)

Question: You say that as the areal density on a drive increases the reliability drops but isnt a 1TB drive just 4 x 250gb platters. So wouldnt a 1TB drive be just as reliable as a 250gb drive?

Answer: If you use a 1TB drive and it dies then you loose all of the data that was on it. If you use 4 separate 250gb drives then if one dies you don't loose all the data. So you could argue using lots of smaller drives is more reliable. However you should never be in a situation where you could loose all your important data if a drive fails.

Comment: [ 08 ]

47:32 - 53:13 Scott Teriano (Port Pirie, South Australia)

Listener Comment: You were not the first person to invent the idea of a non VPN my cousin showed me how and I'm using it currently.

Steve's Comment: Its not about being the first person to do something its about solving a problem yourself.

Comment: [ 09 ]

53:14 - 56:30 Tom Shuman (Minneapolis)

Listener Comment: Leo has talked about how he is going to teach a programming class and I want to recommend Hacker Highschool which teaches security awareness for teens. Link

Steve's Comment: Its really nice

Question: [ 10 ]

56:31 - 01:02:03 Brad Beyenhof (San Diego, California)

Question: Are you going to be providing the third party NAT traversal service for Cryptolink and if you are what will it's term of service be?

Answer: Steve isn't sure yet but if he did it wouldn't have a monthly fee and he wants to make it so any third party could provide the service incase GRC was offline.

Comment: [ 11 ]

01:02:04 - 01:02:58 Paul Scott (Las Vegas, Nevada)

Listener Comment: There is a Windows utility to configure the Apple Airport express and it works fine.

Steve's Comment: This is good

Question: [ 12 ]

01:02:59 - 01:09:22 Amir Katz (Kfar Saba, Israel)

Question: Why isn't the TPM turned on by default and what are the benefits of turning it on ?

Answer: It is turned off by default as some people may consider it a privacy violation. The TPM provides an identity enclosure for your system and provides secure authentication.

Sponsors

GoToMyPC

  • Q209-5
  • Go To My PC
  • Ad Times: 0:33-0:48 and 31:34-34:45

Production Information

  • Recorded Date: June 24, 2009
  • Release Date: July 9, 2009
  • Duration: 1:11:21
  • Log line:
  • Edited by: Tony
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.