Security Now 192

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 192

Security Now: 192 Listener Feedback 64

News & Errata

02:22 - 07:26

  • Steve has had a Conficker honey pot running for 5 days. Next week's podcast will be on Conficker - there will be a time line and a thorough technical analysis.
  • Steve has noticed his copy of Conficker has stumbled into Tarpits where Conficker sent out a SYN, the Tarpit responded with a SYN ACK but said it doesn't have enough buffer space so it will have to wait, and keeps the connection open forever.

07:27 - 08:54

  • Windows updates for April have been released.
  • 5 Critical, 2 Important, 1 Moderate
  • Problems were found in the client side HTTPS protocol, which allowed a remote code exploit if you went to a malicious website.

08:55 - 09:36

  • The "How SSL works" episode is coming but Steve wants to cover security issues which are happening right now such as Conficker first.

09:37 - 11:16

  • A major set of vmware security updates were released, which are going to be the topic of a future episode.

11:17 - 12:45

  • Phorm was making a return and the European Commission is now suing British Telecom due to their previous test of it violating privacy rights.

12:46 - 15:36

  • Scareware referral fees generate $10,000 to $100,000 a month. This is where you are prompted to install fake AV software which reports it finds a virus and it can remove it if the user pays.

15:37 - 18:13

  • Steve has been an EVDO user for years and loves it.
  • Leo points out that he has streamed video over it before it is so good.
  • They discuss the low bandwith caps.

Spinrite Story

18:14 - 21:40 (Rabbe Sandelin)

  • A listener's nieces iBook wouldn't boot.
  • A MAC recovery tool could see the data but not recover it
  • Spinrite warned the drive was about to die and then ran for two days.
  • It reported some unrecoverable sectors and quite a few repaired ones
  • It still wouldn't mount via USB on his MAC
  • He fired up the MAC recovery tool again and it could recover the data.
  • This was because Spinrite looks at the drive from a low level and the other data recover tool looks at the file system level
  • Leo talks about ZFS a file system from sun which is like Raid 5 in a file system

Questions & Answers

1) 23:45 - 39:00 Phil (Montreal)

Question: Steve suggested in the ghost net podcast that people like the Dalai Lama shouldn't use Windows but isn't this security through obscurity? Also what makes you think that the people who program for other operating systems are better?

Answer: "Windows is a steaming pile of crap" Steve was talking about real time operating systems that are for embedded IC's which are rock solid.

2) 39:01 - 41:10 Dan Rector (Rochester)
Question: Could you create a page that lists the software you like?

Answer: Its on Steve's to do list.

3) 41:11 - 45:26 J.T. Aaron (Houston)
Question: How do you know if a new Firefox plugin is a security threat?

Answer: Steve checks out the creators site and their motivation for developing the addon. Also Firefox plugins are a much smaller target for attackers.

4) 45:27 - 48:29 Taylor Schreck (Rochester)
Listener Comment: Most of the computers who are infected with Conficker cant install security patches as they are using pirated versions of windows.

Steves Comment: Steve remembers Microsoft introducing Windows Genuine Advantage and thinking it was a bad thing.

5) 48:30 - 55:00 Nick Antonizick (Las Vegas, Nevada)
Question: If an application is inside a sandbox and suffers a buffer overflow attack will the attack work?

Answer: The sandbox prevents system modification. When a process modifies a file the modification is cached and the real file isn't modified.

6) 55:01 - 59:16 Robert Harder (Monterey, California)
Question: Why do some CD's stall the whole system?

Answer: It is due to the legacy design of the operating system.

7) 59:17 - 01:03:05 Casey Clingan (Hattiesburg) (Was question 5 on the list but Leo missed it and came back it to after question 6)
Listener Comment: He noticed that a computer on his campus had automatic updates turned off and wonders how many other computers there are the same.

Steves Comment: Machines on a big network are sometimes neglected and maybe someone was annoyed with them popping up so turned them off. Its important to keep them turned on though.

8) 01:03:06 - 01:08:08 Jesse (Madison, Wisconsin)
Listener Comment: He noticed that although automatic updates were turned on, on his mums PC they hadn't been installed since November 2008. He investigated and saw there was some error to which he couldn't find a solution. In the end he had to reinstall windows.

Steves Comment: Steve and Leo have both seen this before and Steve comments on how difficult it is for Microsoft to install these patches.

9) 01:08:09 - 01:11:32 Jonathan Issler (Mount Airy, MD)
Question: Why would a school be blocking all HTTPS traffic?

Answer: They cant easily monitor and filter HTTPS traffic.

10) 01:11:33 - 01:16:30 Zurahn (Ontario, Canada)
Question: Could you register a domain Conficker checks before it does and set it up to tell it to destroy itself?

Answer: This is potentially illegal and unethical. But that aside the updates Conficker receives have to be digitally signed for it to execute them.

11) 01:18:36 - 01:24:57 Gerco Dries (Netherlands)
Question: When you first start your computer some programs automatically try and connect to there servers, this leaks information about you to the network before you can set up a VPN how can you counter this?

Answer: Cryptolink will counter this problem.

12) 01:24:58 - 01:29:25 Brad Beyenhof (San Diego, California)
Listener Comment: Steve, you mentioned in Episode 190 about the two extremes of cookie management - the one, "let every cookie in" crowd; versus the two, "scrupulously inspect everything" crowd. I used to be in that second group, but I think my current system nicely fits between the two. It's very no-fuss but still very restrictive.

In Firefox, I have the browser set to accept all cookies, even third-party cookies. However, it is also set up to remove cookies every time the browser is closed. To allow for persistent logins on the sites I use most, I have added my most-used domains to an "Allow" whitelist in the Cookie Exceptions dialog. So what this means is all cookies are accepted during a session. No sites get broken for a refusal to accept cookies. But all cookies from domains I haven't specifically whitelisted get thrown out when Firefox closes, so there's no persistent tracking by unknown sites.

Steves Comment: This is a nice way of doing it. Steve is trying Permit Cookies.

Notable Quotes

Steve: Now, I take my hat off to Microsoft. I salute them for somehow managing to keep this massive Hindenburg called Windows aloft as long as they have.

Steve: Somebody built some nuclear reactor control system on top of Windows. Which is just like, oh, my goodness. It's inexcusable.

Steve: [...] you've got tools like Visual Basic that allow monkeys to program.

Significant Products

Permit Cookies Permit Cookies Alternative Link



Nerds On Site

Production Information

  • Recorded Date: April 15, 2009
  • Release Date: April 16, 2009
  • Duration: 01:33:11
  • Log line:
  • Edited by: Tony
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.