Security Now 369
|Hosts: Leo Laporte and Steve Gibson|
Topic: Internet Identity Update
Recorded: September 11, 2012
Published: September 11, 2012
Security Now 369: Internet Identity Update
News & Errata
Microsoft 2nd Tuesday of the month updates (9/11/12):
- Two "important" privilege escalation vulnerabilities.
- Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1 released.
- Updates for Windows Server applications:
- Microsoft Systems Management Server 2003 Service Pack 3
- Microsoft System Center Configuration Manager 2007 Service Pack 2
Apple updated Java on Mac OS X.
- Apple released Java SE 6 Update 35 (1.6.0_35) for Mac OS X on September 4th.
Massive GoDaddy outage on Monday 9/10
- GoDaddy's services experienced expected downtime, lasting from 10am PDT to 4pm PDT on Monday 9/10.
- During this time godaddy.com and couponpuppet.com, may have not resolved in DNS.
- GoDaddy released a statement on the issue earlier today (9/11).
- GoDaddy claims the issue was not caused by a DDoS attack and was not caused by external sources.
- No customer data was leaked, this was not a hack.
Apache and Do Not Track:
- The Apache HTTP Server will be suppressing the "do not track" header, if the client identifies itself as Internet Explorer 10.
- David Schuetz (aka @darthnull & http://darthnull.org/)
- Examined the data, crunched it through filters, looked for dups, saw a pattern.
- Data was leaked from an app developer and not an FBI laptop.
UPEK Fingerprint Logon:
- User passwords are lightly obscured and stored in the system registry.
- People who have purchased devices Acer, Amoi, ASUS, Clevo, Compal, Dell, Gateway, IBM/Lenovo, Itronix, MPC, MSI, NEC,
Sager, Samsung, Sony, and Toshiba may find UPEK on their machines.
- Fingerprint authentication (EFS) is designed to be unbreakable. Unless of course you use UPEK's biometric.
James Lewis writes about how SpinRite got him a free TiVo. He writes "I was skeptical SpinRite even worked. I figured it was worth giving a shot for 89 bucks. I've been using my Series 1 TiVo for years. My friend had one of those fancy Humax Series 2 with DVD burners. One day it wouldn't reboot for him, so he gave it to me for free. SpinRite spent a couple of hours on the drive, and when it was done I had a Series 2 TiVo. Thank you."
Internet Identity Update:
- OATH is the internet standard for event or time based code generation.
- OAUTH provides permission management background autonomous data sharing inside of an application.
- OAUTH asks the user for the other service they wish to authenticate against.
- For example: "Login Using Facebook" / "Login Using Twitter"
- OpenID: A user visiting website website A authenticates to site A by using login information for site B.
- OpenID first asks the user for their "universal ID".
- Link URL and optional brief description
- Audible URL
| TBD by TBD (ABRIDGED/UNABRIDGED)|
Narrated by TBD
- Link URL
- Edited by:
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|