Security Now 224

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 224

Security Now 224: Your Questions, Steve's Answers 80

News & Errata

05:12 - 08:23

  • Some NSA agents admitted that they have worked on security for Apple, Sun and Microsoft software

08:24 - 10:26

  • There is now an jailbroken iPhone worm that is enlisting infected phones into a botnet and is stealing banking credentials

10:27 - 19:08

  • Internet Explorer 8 has a vulnerability in its cross site scripting filter
  • Google is disabling this feature in IE 8 on its websites
  • Internet Explorer 6 & 7 both have a remote code execution vulnerability
  • It can be fixed by disabling javascript

19:09 - 19:42

  • Opera has patched its browser to fix a vulnerability

19:43 - 21:20

  • Steve and Leo will occasionally be doing a special health podcast based on Steve's research

Spinrite Story

21:21 - 22:53 Darren Wiggly

A listeners external hard drive died so he ran Spinrite on it. It fixed the drive.

You have been had with this story. Its a fake.

Promulgated by PaulDotCom !

Questions & Answers

27:23 - 01:21:06

Comment: [ 01 ]

27:23 - 34:19 Drew (Virginia Beach, VA)
Listener Comment: You said that old code is better code but on a previous episode you talked about how a old voting machine was hacked due to advancements in technology

Steve's Comment: This belief is a religious thing as he thinks that its better to have code that has been around for a long time and tested and understood than new code

Comment: [ 02 ]

34:20 - 41:35 Anon (Unknown)
Listener Comment: I think that improvements in coding tools and techniques are making new programs more secure than older ones. For example IE 8 is more secure than IE 6.

Steve's Comment: You have to distinguish between security problems caused by policy compared to security problems caused by coding mistakes. It was Microsofts policy early on to turn the firewall off by default which made Windows less secure due to a poor policy decision as opposed to a programmer at Microsoft making a mistake coding the firewall.

Comment: [ 03 ]

41:36 - 49:08 Brandon (Indianapolis)
Listener Comment: Their is an add on for Firefox and Internet Explorer called Web of Trust (WOT) that gives you a security ranking for websites you visit and alerts you if you are going to visit a website that is known to contain malware

Steve's Comment: This was born as people were annoyed that you had to pay a provider for a security certificate. This idea lets users rank websites and get information about them for free

Question: [ 04 ]

49:09 - 57:25 John Edwards (Edinburgh, Scotland)
Question: How can you securely manage your usernames and passwords ?

Answer: Leo stores all of his passwords in an encrypted evernote document. Steve keeps all his passwords on a palm pilot. You could also use something like KeyPass or Roboform

Comment: [ 05 ]

57:26 - 01:06:20 Doug Smith (Albany, New York)
Listener Comment: Their is a difference between a human right and requirement. People should not be obligated to have Internet connectivity to fulfill their civic duties. They should not be required to have an email address. They should not be required to have a cell phone. They should not be required to vote electronically over a network. They should not be required to submit their taxes electronically, and they should not be required to have Internet access at home in order for their children to attend public schools.

Steve's Comment: Steve and Leo both agree with this. But they make the point that you could replace internet with telephone or snail mail and if you don't want them you need to realise that your life is going to be harder.

Question: [ 06 ]

01:06:21 - 01:09:40 Joe Perleberg (Green Bay, Wisconsin)
Listener Comment: Lots of banks and require you to provide a fingerprint when cashing a cheque to help prevent fraud

Steve's Comment: It is easy and cheap to record fingerprints now so nearly anyone can do it but Steve predicts it wont end well

Head Shaker of the Week: [ 07 ]

01:09:41 - 01:13:55 Joe Dorward (Berkshire, England)
Head Shaker: I tried to log out of hotmail but was unable to do so as third party cookies were disabled

Response: This is crazy and who knows what they are doing

Sad Biometric Stupidity Story of the Week: [ 08 ]

01:13:56 - 01:21:06 Steve (Rochester, New York)
Story: A bank wouldn't allow a man to cash a cheque as he had no arms and could not provide a fingerprint

Response: He may well have a lawsuit against the bank and this is terrible

Sponsors

Go To MY PC

Ford Sync

Production Information

  • Edited by: Tony
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.