Security Now 230

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 230

Security Now 230: Your Questions, Steve's Answers 83

News & Errata

  • No news or errata this week as this episode was recorded in advance due to Leo being away at the computer entertainment show

Questions & Answers

07:10 - 01:01:10

Question: [ 01 ]

07:10 - 17:43 Ocie Hudson (Ocala, Florida)
Question: On a earlier episode you said that if you have a router and a software firewall then you are behind two firewalls, however I see from my logs that some packets are getting through the routers firewall and are being blocked by my software firewall, whats going on here ?

Answer: The router and software based firewall are using different logic to decide when the connection to a server has been terminated. To end a TCP connection both ends must send a FIN packet. If the router terminated the connection as soon as it received a FIN packet from the server then it would prevent the computer behind it from receiving the FIN packet. So the router doesn't remove the connection from its NAT tables immediately but the software firewall ends the connection as soon as the machine its on sends a FIN packet. So if you close a connection and then quickly reconnect the router will allow the connection straight back through as it already has a record for it but the software firewall will block it as it has already terminated the connection

Question: [ 02 ]

17:44 - 24:05 Troubled (Ontario, Canada)
Question: Is it a bad idea to use your router for DNS lookup's as your source ports wont be random if they are coming from a NAT router

Answer: This is not an issue for a consumer router as its not your query to the ISP's DNS server that is going to be spoofed its the DNS server's query out to get the IP from the Internet that will be attacked. But yes if your ISP DNS server is behind a NAT router it is a security risk as the source ports wont be randomised as well

Comment: [ 03 ]

26:39 - 29:47 Peter Sinclair (Castle Hill, New South Wales, Australia)
Listener Comment: I've wrote a paper about disk drive heating and learnt this. Heat generation within a disk drive is proportional to the cube of the rotational velocity and inversely to the fifth power of the diameter.

Steve's Comment: Steve is going to read the paper and get back to us, but what he is saying doesn't seem logical

Comment: [ 04 ]

29:48 - 34:09 Daryl (Kansas)
Listener Comment: I've locked down my router so that any client connecting to the LAN use OpenDNS for DNS lookup's and this means I can then block certain sites so I think this is a case for letting routers handle DNS

Steve's Comment: This is not what Steve was talking about. Steve doesn't like routers that pass its IP address as the DNS server instead of the values you enter for DNS servers. What is happening for this listener is that the router is telling all the computers to use OpenDNS which is fine

Comment: [ 05 ]

34:10 - 42:08 Tom Zerucha (San Diego)
Listener Comment: A reason for routers to proxy DNS. The router has to provide your computer with something in the DHCP field for DNS when you plug it in. And in some situations this could be before it has received its own main address by doing the DHCP query out to the ISP. For instance, maybe you have to configure it with a password or something else. So what does it do? Well, it can't put in an entry for DNS it doesn't have, so it simply implements a forwarding proxy.When the WAN is configured and/or comes up and the router then gets the real DNS from the DHCP server out there in the world, it can use it. But if the router doesn't yet know what to put into the DNS field for the DHCP request, it needs to send something in that field to the local computer saying give me a lease.

Steve's Comment: This makes sense

Comment: [ 06 ]

42:09 - 45:33 Jeffrey Hilgers (U.S. Navy, Bagram Air Force Base, Afghanistan)
Listener Comment: eEye Digital Security the day after Patch Tuesday releases a very nice bulletin summary of what was released the day before. They also give information on the vulnerability itself and links to Microsoft's information on it. You can view these bulletins at [1]

Steve's Comment: The site is a bit self serving but it is nice and they have more detail than on Microsofts site.

Comment: [ 07 ]

45:34 - 47:33 Tim Wells (Marietta, Ohio)
Listener Comment: I had a similar problem to Elaine, when I updated Firefox it broke Firefox and it would keep crashing every time I ran it. To fix it I simply uninstalled Firefox then redownloaded it from Mozilla's site

Steve's Comment: He just wanted to pass this along to the listeners

Comment: [ 08 ]

47:34 - 52:25 Zec (Colorado)
Listener Comment: Today I had a $9 transaction held pending an investigation by PayPal, even though everything appears to be legit, and I even communicated with the buyer. I couldn't believe a $9 transaction would set off PayPal's sirens. So I asked around. One friend said their friend had a bunch of small deposits from writing work withheld, investigated, and ultimately not returned to her because PayPal thought she was laundering money.

Steve's Comment: The internet is full of horror stories like this and apparently it is very easy to trip PayPal's automated fraud detection systems.

Question: [ 09 ]

55:24 - 58:08 Poojan Wagh (Chicago, Illinois)
Question: Is 128-bit Blowfish secure enough to protect my data or should I pay for 448-bit Blowfish ?

Answer: 128 bit is fine

Comment: [ 10 ]

58:09 - 01:01:10 Matt Ridley (Kaukauna, Wisconsin)
Listener Comment: A friend of mine flies UAV's and told me this about the encryption issue. Controls are encrypted, as you mentioned; mission mode cameras are encrypted during flight. This was the issue was can people see the camera output. The unencrypted videos in question are usually from takeoff, landing, and refueling. The reason being, according to them, the pilots, is that the video timing lag caused from encryption/decryption - ah - gives them so much latency that it's not safe during takeoff, landing, and refueling. Once the UAVs are aloft, real-time video feedback is less critical, so encryption is engaged. According to them, in 2012 this video will become encrypted, as well.

Steve's Comment: Encryption and Decryption should be really fast unless it is on really old hardware but this explanation would make sense



  • FordSYNC #7
  • Ad Times: 00:01:14-00:01:29 and 00:04:12-00:06:24

Go To Meeting


Production Information

  • Edited by: Erik
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.