Security Now 189

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 189


Security Now 189: Internet Explorer 8

News & Errata

02:39 - 05:35

  • Steve Gibson is planning to add a Spinrite fix for Mac OS X in version 7
  • DNS benchmark is now running and Steve is just adding some new features requested by the news group
  • Steve's cookie work is finished but not public yet
  • Serious work will begin on CryptoLink after he has finished the DNS benchmark and cookie work.

08:11 - 12:39

  • A botnet has been found running in Netcom NB5 routers.
  • The web interface and Telnet port was open and exposed to internet when shipped by default.
  • The company has now fixed its firmware, power cycle the router to remove the worm.

12:40 - 13:43

  • Adobe has patched Acrobat reader versions 7 & 8.

13:44 - 15:56

  • Steve fixed a friends laptop which had been infected by a trojan
  • It downloaded a spray of recently known exploits for multiple pieces of software such as PDF's and HTML files.

15:57 - 17:35

  • Steve had misspoken on previous podcast where he stated that SSH is using SSL tunnelling. In fact SSH has its own transport

26:53 - 29:27

  • Conficker is set to do 'something' on April 1st when Leo and Steve next record Security Now.
  • AVAST found more viruses than AVG when Steve ran it on his friends infected laptop (About 50% more).
  • Steve is using an image of his friends infected hard drive to test MSRT and will report back next week.

Significant Products

17:36 - 22:25

  • Prio - It is a small DLL which functions as an extension to the Task Manager.
  • It colours processes based on if they are signed or not.
  • TCP / IP monitor which is a real time netstat
  • Allows you to assign sticky process priority.

Spinrite Story

22:26 - 26:52 Anonymous (Toronto, Ontario)

  • A listeners friends Outlook .pst file wouldn't copy from the laptop hard drive to a USB memory stick it returned a CRC check error. He downloaded Spinrite to a USB drive and ran it. It fixed the drive and they could copy the .pst file off the drive onto a memory stick

Internet Explorer 8

22:28 - 01:11:51

  • Steve found that IE 8 is still the slowest browser and that IE 8 is only the fifth fastest browser under the Sunfire javascript benchmark
  • IE 8 is only faster under "Dumb" pages
  • IE 8 cookie handling is still broken and does not block third-party cookies
  • IE 8's Compatibly Mode makes IE 8 render the page in IE 7 render mode
  • IE 8 also enhanced the delete browser history controls
  • IE 8's In Private mode causes browser not to write to history
  • IE 8's Smart Screen filter will give you on-the-fly site warnings
  • IE 8's Active X controls now allow for per site and per user installs
  • Top level domains are now highlighted while the rest of the domain stays grey in IE 8
  • Toolbars in IE 8 now have a red X that allow you to close the toolbar faster
  • By default DEP will be enable in IE 8
  • IE 8 is still very crashable and will even re-crash on reload.
  • IE 8 has upgraded the development tools

Sponsors

Astaro

  • Astaro
  • Ad time: 0:33-0:44 and 05:35-08:10

Production Information

  • Recorded Date: March 25, 2009
  • Release Date: March 26, 2009
  • Duration: 1:13:55
  • Log line:
  • Edited by: Tony
  • Notes: Removed Steve Coughing @ 0:36:08
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.