Security Now 242

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 242

Security Now 242: Your Questions, Steve's Answers 89

Critical updates from Microsoft and Apple, good news for GMAIL security, and a warning for nudists....

News & Errata

8:39 - 10:18

  • Microsoft Emergency Out-Of-Cycle Patch for IE6 & IE7 (IE8 unaffected)
  • The 0-day iepeers.dll problem discussed several weeks ago
  • (And fixing 9 other vulnerabilities now, instead of April 13th)
  • Cumulative Update for IE5 through IE8

10:19 - 13:33

  • iTunes has been updated to v9.1 adds "Sync with iPad" & support for iBooks" (101 mb)
  • OS X has been updated to v10.6.3 (436 mb)

13:34 - 16:10

  • Google to begin warning users of "suspicious" activity
  • Warning banner will appear on Inbox page
  • "Now, if it looks like something unusual is going on with your account, we’ll alert you by posting a warning message saying, "Warning: We believe your account was last accessed from…" along with the geographic region that we can best associate with the access."
  • Clicking through will show log of prior logon dates, times, and IP addresses

16:11 - 21:08

  • A study to retrospectively look at what admin rights would have done for Windows 7 since it had been created in the past.
  • They determined that of the 190 vulnerabilities published by Microsoft last year, in 2009, restricting administrator rights for users would have prevented:
  • All vulnerabilities in Microsoft Office would have been avoided.
  • All vulnerabilities in IE8 would have been avoided.
  • 94 percent of all vulnerabilities in all other versions of IE would have been prevented
  • 64 percent of all other Windows vulnerabilities

55:05 - 55:40

  • Here's a CNN article about the email scam: Here

Spinrite Story

21:09 - 25:21 John Galliano (Unknown)

Spinrite has been approved for use by the army

Questions & Answers

28:11 - 01:21:37

Comment: [ 01 ]

28:11 - 33:05 Jon Hatfield (Indianapolis, Indiana)
Listener Comment: Firefox scrolling does not work if you have Katmouse installed

Steve's Comment: He wants to let everyone know about this

Question: [ 02 ]

33:06 - 37:08 Trevor Awalt (Unknown)
Listener Comment: All of the the checksum headers equal 0 on packets generated by your DNSBenchmark program

Steve's Comment: The NIC has hardware IP checksums

Question: [ 03 ]

37:09 - 42:55 Curtis Clark (Sayreville, New Jersey)
Question: I have a NAS with a static IP of 192.x.x.x, I then got a new router which assigns IP's in the 10.x.x.x range and now I can no longer access my NAS. Why is this ?

Answer: There is a thing called a subnet mask which defines what addresses are on the local network, any IP range that is not in the subnet mask is handed off to the router by the computer to route. So with your old router any IP beginning with 192 was assumed to be on the local network and with your new router any IP beginning with 10 was assumed to be on the local network

Comment: [ 04 ]

42:56 - 46:42 Anon (Unknown)
Listener Comment: The NSA satellites can read size 8 font, so be careful if you sunbathe nude as the NSA can see you

Steve's Comment: Big Brother may be watching, but he probably doesn't want to see what he does

Comment: [ 05 ]

46:43 - 55:04 Peter Brjesson (Sweden)
Listener Comment: You can use Dispose a Mail to create a temporary email account

Steve's Comment: Steve thinks its incredible that you can just create an email account on the fly but wonders how they handle spam

Comment: [ 06 ]

55:41 - 58:00 Mark Fink (Baltimore, Maryland)
Listener Comment: On my Dell M4300 laptop you can disable the built in microphone in the BIOS

Steve's Comment: It would require specialist software to re enable it without your permission if you disable it in the BIOS and anyone that doesn't use there built in microphone should do this if they can

Comment: [ 07 ]

58:01 - 59:26 Patrick Boyle (Springfield, Missouri)
'Listener Comment: Here are some tools simmilar to fixed orbit, IP Neighbors, it's www.myipneighbors.com. You can enter an IP address or a domain name. It'll show you all the domains that are hosted at that IP address. Here's one for domaintools.com, used to be whois.sc, domaintools.com. You enter an IP address or a domain name, it shows you the ownership. And whois.net, same thing by IP address, tools.whois.net.

Steve's Comment: Leo also recommends a command line Java program called JWHOIS

Comment: [ 08 ]

59:27 - 01:02:59 David W. (Griffin in Atlanta, Georgia)
Listener Comment: I respect your abilities to program in assembly language, but much of the world's software these days is designed for large-scale software for which high-level solutions rather than low-level solutions are the right way to go. Developing large software projects with large staffs and then maintaining them for a decade is not a job for which you would select assembly language, not if you could help it, anyway.

Software engineering has made little progress toward reusable components, but at least high-level languages have some effect on achieving reliability. Nothing you have said contradicts this. You, after all, are doing small, well-focused applications with a single author. But I thought I'd make the point that much of the world's software today has other design considerations.

Steve's Comment: Largely I completely agree. When I talk about my use of assembly language, I regard it as a personal preference. I'm not pushing it on people. I'm not suggesting that the world would be a better place if people programmed in assembly language. Well, maybe I am. But I completely recognize that high-level languages are here to stay; that they make much more sense for many applications.

I guess the metric that I've seen which is most compelling is that, no matter what level of language you're programming in, programmers generally produce the same number of lines per day. So if a high-level language line of code does much more than an assembly language line of code, and both programmers are going to be equally productive when measured in lines of code, then it's clear that more functionality is being written per day by someone whose lines of code do more per line because they're using a high-level language.

Question: [ 09 ]

01:03:00 - 01:07:09 Giovanni Darquea (Maryland)
Question: Yubico is now making their famous YubiKey with an integrated RFID transmitter. I was wondering what you think the potential security implications could be now that anyone can just wirelessly get your YubiKey passwords. Or, if you do think it's safe enough to use, what scenarios do you envision yourself using the RFID YubiKey with

Answer: If your corporation used RFID, like, door keys, you could register your YubiKey's RFID ID with your company's door security, in which case you wouldn't have to have a separate RFID dongle to get into the building. You'd just use your YubiKey, waving it, rather than using it in the normal USB mode which we all know the YubiKey uses. It doesn't interact with the YubiKey functionality. It's like a third channel that says, this is my ID.

The Great Warning of the Week: [ 10 ]

01:07:10 - 01:10:45 Brian (Raleigh, North Carolina)
Warning: I'd like to pass along a report from a friend who says he witnessed someone using the Ettercap network sniffing tool in a local coffee shop this morning.

Steve's Comment: This is how email scams start

Great Recommendation of the Week: [ 11 ]

01:10:46 - 01:13:29 Steve Hiner (Phoenix, Arizona)

Charles Petzold's book Code - The Hidden Language of Computer Hardware and Software.

"...it really helps to fill in some of the gaps since he has the room to expand on topics and use graphics to help explain things. I'm over 200 pages into the book, and he's finally gotten to the point of being able to talk about opcodes and machine language. 200 pages in. He takes it very slow and explains every little thing in detail. Anyone who is enjoying the Let's Build a Computer series and wants to go a bit deeper should consider picking up this book. I highly recommend it."


Answer:

I highly recommend it, too. First of all, Charles Petzold is a tremendous technical writer. He is the guy who taught me Windows.

...

So, yes, "Code: The Hidden Language of Computer Hardware and Software," I really like Steve's recommendation. It's a great one. For anyone who's enjoying this series, Charles, as Steve says, takes it very slow, and you'll really understand this stuff.

- Steve Gibson

The Brilliant Idea of the Week: [ 12 ]

01:13:30 - 01:21:37 Jack Daniel (Wilmington, Massachusetts)
Brilliant Idea: Steve, I heard the question about blocking attacks by IP, and I had a few thoughts. First, given where I'm sitting, if you're running Astaro, you can easily "black hole" route by IPs or networks. It's also easy to add a route to your computer to misdirect traffic, for Windows something like: route ADD [problem IP] MASK [255.255.255.255] [non-existent local IP address] -p will do the trick. Works for - I'll put that in the show notes because that's a command line. Works for networks, too. Don't forget the -p. It makes the route change persistent. Then a "route print" command will show the current routing table to confirm the changes.

Steve's Comment: It's a simple way of efficiently and cleanly blocking specific IPs that are blocking your computer from sending them out to the gateway.

Sponsors

Go To Assist Express

Audible

Picks

Audibledotcom.png
Shackleton's Way by Margot Morrell and Stephanie Capparell (UNABRIDGED)
Narrated by Richard Matthews

Production Information

  • Edited by: Tony
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.