Security Now 235

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 235

Contents

Security Now 235: Machine Language

News & Errata

09:50 - 13:00

  • Microsoft released 13 bulletins covering 26 vulnerabilities.
  • 11 of those bulletins affected Windows, and two were for Office products.
  • There's even one for Microsoft Paint. If you open a malformed JPG in Microsoft Paint you can have your computer taken over.
  • Most of them were rated highly exploitable
  • One flaw was in the new IPv6 stack in Vista and Server 2008.
  • It's possible to ping an IPv6-enabled Vista or 2008 Server machine and take it over.

13:01 - 14:03

  • As of April 13th 2010 Microsoft will no longer issue security updates for the original version of Vista (pre SP1)
  • In October 2010 Microsoft will no longer support Windows 2000 or XP SP2

14:04 - 17:17

  • Apples iPhone and iPod touch had security vulnerabilities fixed, users need to update there devices

17:18 - 21:20

  • The FBI has been pressing ISPs to retain records of every URL visited by their customers

21:21 - 26:30

  • Chris Tarnovsky has sort of cracked the trusted platform module (TPM)
  • He soaked the TPM chips in acid to dissolve the hard outer shell
  • Then apparently there's actually a mesh wiring which is around the TPM inner core, specifically to provide RF shielding
  • So he used rust remover in order to remove the mesh wiring to expose the chips' inner cores.
  • Then used microprobes on the circuitry, on the actual physical circuitry face, to monitor the signals passing inside the chip.
  • And of course, once he found the right spots, he found the signals just upstream of the cipher and so was able to get the plaintext out of the chip that way.

26:31 - 29:51

  • Two trojans were found in Mozilla hosted plugins for Firefox

29:52 - 32:42

  • A trustee report analysed 4 million users and determined that 47% of these users are using the same username and password to log into multiple sites including banks

32:43 - 36:20

  • Steve has analysed the Locknote source code and it is secure

Spinrite Story

36:21 - 41:18 John Irvine (Claremont, California)

Spinrite ran for 110 hours and fixed a drive

Machine Language

46:00 - 59:17

  • The first thing we have is the Program Counter, which is a counter which increments one at a time, reading out the contents of successive words of memory.
  • So we have this program counter which will address the memory sequentially, basically stepping through it.
  • So say we start at location zero.
  • So out comes 18 bits into a register which we call the "instruction register."
  • So this instruction register holds the data that we just read out of a given location in memory.
  • Well, there's essentially a subdivision of the bits into different purposes.
  • The opcode is on the left of one of these long words.
  • We have an accumulator, which is sort of our scratch pad, so that that's the main working register where the data moves through where we perform operations.

01:02:01 - 01:19:16

Sponsors

Go To Assist Express

Carbonite

  • Carbonite
  • Offer Code: securitynow
  • Ad Times: 1:12-1:26 and 40:56-44:50

Astaro

  • Astaro.com
  • Ad Times: 0:56-1:11 and 59:17-1:02:01

Production Information

  • Edited by: Tony
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.
Personal tools