Security Now 212

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 212

Security Now 212: Your Questions, Steve's Answers 74

News & Errata

10:30 - 12:06

  • VMware Workstation was updated to 6.5.3
    • They now offer full support for Ubuntu 9.04
    • Aswell as loads of other new features

12:07 - 16:05

  • Chrome is now at 2.0.172.43
  • It fixes a severe flaw in the javascript engine
  • A flaw in the XML libary
  • And now forbids the use of MD2 and MD4 hashes in SSL certificates

16:06 - 19:50

  • US State offices have been receiving HP laptops they never ordered
  • They could contain malware and hardware modifications such as keystroke loggers and radio transmitters

19:51 - 21:30

  • A lot more information has surfaced on the GSM crack
  • Next week will discuss how it is done

21:31 - 37:13

  • There has been a new attack on WPA
  • You no longer need to have quality of service support
  • With the new attack though the user you are attacking and the access point can not be within radio range of each other
  • The hacker has to be the link between the access point and the user
  • They use the fact that they have preemptive access to the traffic in order to perform the exploit
  • You still do not get the WPA key you are only able to modify the ARP packet
  • The other end is also blacked out whilst you are decrypting the packet
  • Steve's advise is to just use WPA AES

37:14 - 41:00

  • In ultra capacitor news:
  • Polarity has been awarded a contract from EEStor to integrate Polarity's high-power HV to LV, which is high voltage to low voltage, converter into EEStor's EESU, that will be used in Zenn Motor Company's small to medium-sized electric car

41:01 - 44:46

  • There are One Instruction Set Computers (OISC) that are Turing complete

44:47 - 50:33

  • Current 3D technology in cinemas works using "circular" polarization the way it works is
  • There's a digital projector with a special thing in front of it which at 144 times per second is flipping back and forth the circular polarization between clockwise and counterclockwise at the same time that the image is being changed.
  • So this light goes down and hits the silvered screen
  • They scramble the polarization upon reflection
  • Then what comes back to the user is the two separate images, circularly polarized with different spins
  • And they're wearing glasses with the matching circular polarized filters.
  • The advantage of this method over older technology is you do not have to hold your head straight

50:34 - 57:07

  • Michael will have the proof copy of the final book in the Gibraltar Series to Steve on Saturday (5th September 2009 based on recording date)
  • Book 2 in the Gibraltar series is now available on the Kindle
  • The sync technology on the Kindle works really well

57:08 - 58:31

  • Think Geek have some new t shirts for sale one of which just has the word "NO" printed in white letters on a black background which Steve likes

Spinrite Story

No Spinrite Story this week as there are mentions of it in the questions

Questions & Answers

01:02:48 - 01:58:49

Question: [ 01 ]

01:02:48 - 01:11:10 Craig (Chicago)
Question: Is Hot Spot Shield a secure VPN service?

Answer: They are advertising supported so they are tracking and monitoring everything you do whilst using their service. This is a privacy risk and means someone is messing with your connection to insert adds. Steve does not give this his approval but recommends Hot Spot VPN

Question: [ 02 ]

01:11:11 - 01:17:38 Bob Carneim (Oak Ridge, Tennessee)
Question: What comes after flash cookies as a method of tracking people over the internet?

Answer: There are things called "user persistence objects" but Steve hopes after the outrage caused by the opt out behaviour of flash cookies future technologies will be opt in.

Question: [ 03 ]

01:17:39 - 01:25:20 Bill Barnes (Charlotte, North Carolina)
Question: Is opening ports through my firewall a security risk ?

Answer: If you open a port through your firewall then everyone on the internet has access to the service you have allowed. If a vulnerability is found in the service hackers may be able to get access to your network.

Comment: [ 04 ]

01:25:21 - 01:28:25 Joe Dorward (Bracknell Forest, England)
Listener Comment: If you know people who wont use a secure password mangement solution then it is better to write down a really good password than memorise a poor one as someone is more likely to try and guess your password over the internet than come to your house and look at it.

Steve's Comment: Steve agrees but adds that you should make an adjustment to the password you write down when you type it in so even if someone gets access to the paper with the password written on they cant use it.

Comment: [ 05 ]

01:28:26 - 01:40:33 Paul Bye (Rochester, Minnesota)
Listener Comment: My ISP "Charter Communications" are intercepting name errors which is a fundamental change to how DNS is meant to work and now means my VPN wont work.

Steve's Comment: There is normally a way to opt out of this 'feature' and DNS Benchmark contains of list of publicly available name servers which you could switch to

Question: [ 06 ]

01:40:34 - 01:48:48 Rod Duckworth (Sydney, Australia)
Question: Why cant I download all previous episodes through iTunes and also can I put the audio files on my site?

Answer: Leo only puts the 20 most recent shows on the RSS feeds for iTunes to save bandwith. You can put the audio files on your site but Steve and Leo would prefer it if you just used their URL as it enables podtrac to count how many times the episode was downloaded and then the sponsors can pay them.

Comment: [ 07 ]

01:48:49 - 01:52:15 John Prince (Somerset, UK)
Listener Comment: My router doesn't support WPA 2 so I contacted netgear about getting a firmware update and they told me that it is an end of life product and I would need to buy a new router.

Steve's Comment: Companies do have to discontinue products at some point but you could get a router that you can put open source firmware on

Question: [ 08 ]

01:52:16 - 01:58:49 Grant McMillan (Brisbane, Australia)
Question: Could a hacker capture encrypted packets and save them for decryption in the future when computing power is greater ?

Answer: Yes


Only 8 questions this week as the podcast reached the two hour mark


Significant Products

"No" T Shirt

Sponsors

Audible

Picks

Audibledotcom.png
The Fountains of Paradise by Arthur C. Clarke (UNABRIDGED)
Narrated by Marc Vietor
  • Ad Time: 0:57-1:06 and 59:08-1:02:40

GoToAssist

Production Information

  • Recorded Date: September 2, 2009
  • Release Date: September 3, 2009
  • Duration: 2:00:10
  • Log line:
  • Edited by: Tony
  • Notes:
    • Omina 8X Prog 1 still having popping noise.
    • Muted Leo Sneeze And Cough at 1:13:26 and 1:17:32
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.