Security Now 208
Topic: Listener Feedback 72
Recorded: August 5, 2009
Published: August 6, 2009
- 1 Security Now 208: Listener Feedback 72
- 1.1 News & Errata
- 1.2 Spinrite Story
- 1.3 Questions & Answers
- 2 Sponsors
- 3 Production Information
Security Now 208: Listener Feedback 72
News & Errata
11:41 - 16:00
- The iPhone has been patched to fix the SMS vulnerability
16:01 - 20:36
- Firefox 3 and 3.5 have been updated
- It fixes a heap buffer overflow
20:37 - 21:26
- Bind v9 has been updated
21:27 - 24:00
- Adobe have dropped there quarterly updating schedule to update a bad problem in flash player
24:01 - 26:53
- In a survey 55% of people ignored warnings that a security certificate has expired
26:54 - 28:35
- A fake ATM was found at the DEFCON conference
28:36 - 33:25
- The Windows 7 RTM build has a massive memory leak when you use checkdisk against a secondary drive
33:26 - 37:41
- Michael McCollum has finished the first draft of Gibraltar Stars
37:42 - 38:26
- Sony is releasing a pocket e book reader for $199 with a 5" screen
38:29 - 38:55
- Apple is reportedly working on a tablet PC
38:56 - 40:37
- It's a toy, puzzle, beautiful thing Here
40:38 - 44:55 Juan Guevara Torres (Unknown)
A listener was in line at a computer store and the couple in front of him had a problem with there hard drive. The employee told them it would cost $299 to try and recover the data. So he stepped in and asked if the store was going to use Spinrite, they told him they were so the listener told the couple they could buy the software for $90. They took his advice and brought Spinrite and it fixed their harddrive.
Questions & Answers
Question: [ 01 ]
50:07 - 01:01:18 Brian Mooney (Springdale, Arkansas) & Frylock (Unknown)
Question: Can you explain the new SSL exploit to do with how browsers processes null characters ?
- A computer will process a string until it hits a zero byte or a null character.
- A hacker could purchase a certificate for www.paypal.com[null].mymaliciousdomain.com
- Then if they were being a man in the middle you could send them to their version of PayPal and supply the browser with the certificate for www.paypal.com[null].mymaliciousdomain.com
- Currently most browsers would stop processing the certificate at www.paypal.com[null] as it thinks it is the end of the string so to the browser it would appear as a valid security certificate for PayPal
Question: [ 02 ]
01:01:19 - 01:04:42 Andrew H. (Texas) & David Horwitz (Denver, Colorado)
Question: Microsoft Security essentials will not be free for commercial use and what is your opinion of the product, and when will it be available without the beta label?
Answer: Reports are suggesting that it is very accurate in finding viruses and will be out of BETA later in 2009
Question: [ 03 ]
01:04:43 - 01:13:30 Phil (Los Angeles)
Question: What are the security implications of tethering your mobile device to your laptop and using it for an internet connection.
Answer: The encryption being used for digital cellular connections has been broken also there may be security implications if your ISP puts you behind a NAT router. If you are going to use it then ensure you are behind a firewall and are using SSL to carry out sensitive transactions.
Question: [ 04 ]
01:13:31 - 01:21:21 John Jones (Wirral, U.K.)
Question: When I use GMAIL I force it to always use HTTPS. However after reading my emails it changes from green to red saying that "this page is only partially encrypted". What is going on is my connection encrypted or not?
Answer: It is likely that your emails are being encrypted but other assets such as images contained in the email are not encrypted. It is unlikely to be something you need to be concerned about.
Question: [ 05 ]
01:21:22 - 01:31:00 Ryan (New York)
Question: My new router has an option to use WPA-PSK [TKIP] + WPA2-PSK [AES] how does this work? Also how do I get my parents to use better passwords?
Answer: This allows clients to connect using either method and can be used as it doesn't really pose any security threat. Its hard to make your parents use better passwords but you could try and compromise with them and get them to use one stronger passwords on all there websites. Leo suggests using a bookmarklet which uses one master password to generate secure passwords for all your websites. Link
Comment: [ 06 ]
01:31:01 - 01:33:41 D Kevin Ghadyani (Overland Park, Kansas)
Listener Comment: Thank you for reading my comment out and I will include your explanation when covering your site on Mine.
Steve's Comment: This is a good lead into the next question
Comment: [ 07 ]
01:33:42 - 01:34:51 David Johnston (Sydney, Australia)
Listener Comment: Thank you for talking about HTML validation and explaining to people that if you want your site to work on all browsers your code probably wont validate I have the same issues.
Steve's Comment: It makes me feel better to know other people are having similar issues
Comment: [ 08 ]
01:34:52 - 01:38:17 Kendall Bailey (Des Moines, Iowa)
Listener Comment: I use Google Checkout to buy from www.buy.com and haven't had any of the issues relating to the web loyalty programs.
Steve's Comment: Using a service like this or PayPal is a great way to buy things online
Question: [ 09 ]
01:38:18 - 01:43:19 Matt Ridley (Appleton, Wisconsin)
Question: Last episode you said you don't understand why we can't be proactive and take these bad computer clusters down. However you reprimanded the BBC for buying a botnet and telling the users there PC had been infected. Am I missing something?
Answer: They were talking about how the laws need to change as there are lots of laws making life harder for the white hats and the black hats just do what ever they want to.
Comment: [ 10 ]
01:43:20 - 01:46:16 Justin Lowmaster (Oregon)
Listener Comment: I purchased some tickets from Fandango and was tricked by the web loyalty program. However I rang them up and the charge was refunded
Steve's Comment: Its important to check your credit card statements
Question: [ 11 ]
01:46:17 - 01:51:15 Dan (Walpole, Massachusetts)
Question: My parents keep getting trojans even though they are using anti virus software and using automatic updates what else can I do to protect them?
Answer: You can help protect your parents against their own bad habits but maybe get them to change their email client from Outlook
Question: [ 12 ]
01:51:16 - 01:55:41 David Stephens (Bloomington, Indiana)
Question: Can a VPN be used to transport a virus?
Answer: Yes it could but you could use multiple routers to segment a network.
Question: [ 13 ]
01:55:42 - 02:01:57 Dave Schuh (Maple Grove, Minnesota)
Question: Could you keep us updated on your Vitamin D research?
Answer: The next episode will be all about my research
| The Winds of Dune by Brian Herbert, Kevin J. Anderson (UNABRIDGED)|
Narrated by Scott Brick
- Ad Time: 0:36-0:47 and 6:42-11:31
- Go To My PC
- Ad Time: 0:48-1:01 and 45:55-48:45
- Recorded Date: August 5, 2009
- Release Date: August 6, 2009
- Duration: 2:03:04
- Log line:
- Edited by: Tony
- Leo didn't say "72" in the open. He ok'ed the show without show # in the open.
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|