Security Now 216

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 216

Security Now 216: Listener Feedback #76

News & Errata

08:05 - 15:31

  • Carbonites EULA says they can decrypt your data if they want or need to
  • It also says if you remotely access your data it will be sent in the clear not over SSL

15:32 - 27:40

  • Microsoft has released Microsoft Security Essentials
  • It has been getting positive reviews but Steve has found that it takes a long time to scan executable files
  • Steve believes this is because it is being thorough as it doesn't want to report false positives
  • Steve will be discussing it in more depth on the podcast in about 5 weeks

27:41 - 28:40

  • There are multiple vulnerabilities in VLC media player that have been patched

Spinrite Story

28:41 - 32:13 Anon (Minneapolis, Minnesota)

A listener needed to copy some .pst files from the CEO's laptop for some discovery our lawyers wanted. When I tried to back up his main file, I kept getting a CRC - Cyclic Redundancy Check - error. After working the lump out of my throat, I tried creating another .pst file to copy the email into. But that failed with the same error. So I pulled out the SpinRite disk and after running it on Level 2 for an hour, the original file copied without any problem.

Questions & Answers

37:30 - 01:31:54

Comment: [ 01 ]

37:30 - 44:36 Brian Dort (Alpena, Michigan)
Listener Comment: I ordered three new security dongles but instead of the 'football' shape key I received a thin piece of plastic like a 'credit card' with an E-Ink screen. When I asked them about it they told me that they don't sell the 'football' shaped ones any more. I dont like the new style keys as I find they break easy when I put it in my wallet and sit on it.

Steve's Comment: The 'football' shaped key is constantly running a clock to keep track of the time so it can generate the next login number. The 'credit card' shaped key does not run a clock to keep track of the time and generate a new key it just spits out the next key based on the cryptographic algorithm it has. Steve has never had a problem with his 'credit card' style keys breaking and assumes they have stopped selling the old style keys as they don't last as long

Question: [ 02 ]

44:37 - 50:03 Zane Killingsworth (Dawsonville, Georgia)
Question: What anti virus software do I need to install on a new computer?

Answer: You shouldnt be too paranoid about security but Steve recommends Microsoft Security Essentials

Comment: [ 03 ]

50:04 - 56:48 John (Ontario, California)
Listener Comment: I have 12 Macs exposed to the internet and we have no protection of any kind, yet have never, ever been hacked. I think all this paranoia about hacking is just that: paranoia. And you and Leo just propagate it, the fear factor. And furthermore, why would any of us need your advice? After all, we're not harboring nuclear secrets or planned attacks on some geographic location. Would you two just get real?

Steve's Comment: OS X does have a firewall turned on by default and if he had done this with Windows 98 he would have been hacked. The problems Security Now talks about are real and its advisable to take some precautions as you may get hacked and not even know about it.

Question: [ 04 ]

56:59 - 01:06:55 Bob (Connecticut)
Question: Can you comment on this article, "Real-Time Hackers Foil Two-Factor Security" where a 'Real Time Trojan' was able to take advantage of the fact the user was authenticated with the bank and make fraudulent transactions

Answer: Steve recommends authenticating on a per transaction basis and comments on how sophisticated this attack was

Question: [ 05 ]

01:06:56 - 01:12:15 Jacob Theobald (San Francisco)
Question: If you use IE tabs in Firefox does it make Firefox vulnerable to Internet Explorer exploits?

Answer: Yes

Comment: [ 06 ]

01:12:16 - 01:15:36 Donald Burr (Santa Maria, California)
Listener Comment: In response to the listener who wanted to run his own server I would recommend a Linux distribution, specifically one based around Debian's package management system such as Ubuntu.

Steve's Comment: There are lots of good versions of Unix and you should go with one that someone you know uses if you can so they can help you.

Question: [ 07 ]

01:15:37 - 01:19:43 Bob Carneim (Oak Ridge, Tennessee)
Question: In response to the listener who wanted to run his own server I would recommend OpenBSD can you see any problems with this?

Answer: Steve has never used OpenBSD but the host of Floss Weekly also recommends it

Comment: [ 08 ]

01:19:44 - 01:22:35 Emil (Denmark)
Listener Comment: I found this cool feature in Truecrypt that lets you set a custom message when the computer boots or even no message at all. To access it: TrueCrypt => Settings => Preferences => More Settings => System Encryption

Steve's Comment: This is cool and doesn't give away information you don't need to

Question: [ 09 ]

01:22:36 - 01:25:37 Paul Dove (Hampton, UK)
Question: I am using three routers in a Y set up and have remote admin enabled on one of the internal routers is this safe?

Answer: Yes but ensure you are using a strong password

Question: [ 10 ]

01:25:38 - 01:31:54 Dave and Max (UK)
Question: Can you watch the video of Security Now after it has been broadcast ?

Answer: You can watch live every Wednesday at 2:00 p.m. Eastern, 11:00 a.m. Pacific and 18:00 British daylight time. You can watch recordings of the video at ODTV.me. The video will also soon be available via iTunes, the Roku box and TIVO.


Only 10 questions this week. Next week Steve will be doing the podcast with Alex Lindsay as Leo is going to Dubai to speak at Ted X


Sponsors

Go To My PC

Audible

Picks

Audibledotcom.png
Flash Forward by Robert J. Sawyer (Unabridged)
Narrated by Mark Deakins

Production Information

  • Recorded: September 30th 2009
  • Published: October 1st 2009
  • Duration: 1:33:30
  • Log line:
  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.