Security Now 198
Topic: Listener Feedback 67
Recorded: May 27, 2009
Published: May 28, 2009
- 1 Security Now 198 : Listener Feedback 67
- 1.1 News & Errata
- 1.2 Spinrite Story
- 1.3 Questions & Answers
- 2 Significant Products
- 3 Sponsors
- 4 Production Information
Security Now 198 : Listener Feedback 67
News & Errata
05:14 - 33:40
05:14 - 11:37 Windows News
05:20 - 7:07
- Microsoft has released service pack two for Vista and Server 2008
- You need SP1 installed as a prerequisite for SP2 on Vista
- Microsoft Releases Windows Server 2008 and Vista SP2
07:08 - 11:37
- The tool to block the installation of service pack three for Windows XP has expired
- Service Pack Blocker Tool for Windows XP SP3 expired on May 19
11:38 - 15:30 Mac News
- There is a critical Java exploit in the wild for Mac OS X
- Urgent Mac OS X Java VM Exploit in the Wild
15:01 - 20:00 Adobe News
- Adobe will release quarterly updates on the same second Tuesday of the month as Microsoft
- Adobe to Release Quarterly Updates in Sync with Windows Updates
20:01 - 33:40 Erratta
20:01 - 21:02
- Correction ADA is everywhere
21:03 - 33:40
- Steve loves Star Trek and Terminator Salvation
- Steve and his friends made a Star Trek movie in college with a super 8 film camera
- Clip from the mp3 with relevant portions reversed (2:25) Steve said the reversed portion out of order. "Surrender your ship, We are the bunnons, or be destroyed" instead of "We are the bunnons. Surrender your ship or be destroyed."
37:00 - 41:28 Bob
"Hi, I just wanted to thank you for your SpinRite software. I was a little surprised at the price and wasn't sure if the problem I was having was going to be fixed by it. But based on reviews and your money-back guarantee, I thought I'd take a chance. Your software was easy to use and actually fixed the problem I was having. I'm very impressed! The problem was that I had a hard drive failure on an XP machine that was not allowing the machine to come up into Windows. It was giving some obscure message that I eventually found out meant that the registry file was corrupt. Amazingly, SpinRite fixed that so that I was able to get into Windows and back up all of the data on the drive before I replaced it."
Questions & Answers
Question: [ 01 ]
41:35 - 52:09 Alexandre (Quebec)
Question: What Assembler should I use and what assembler do you use?
Answer: Steve's recommendation is to check out [MASM32] as it's a free and very complete IDE (integrated development environment) with code samples, libraries. MASM32 is now a version 10. However Steve uses MASM, Microsoft's Assembler because it has macro support and has an extended syntax to make it more pleasant (including the example of writing 'if.ex eax=ecx' then a '.endif' to give a more traditional if/end statement, as opposed to otherwise writing a lot of other code that clutters the code.)
Question: [ 02 ]
52:10 - Marsh Wildman (Sacramento, California)
Question: What are the scripts we should be worried about online?
Question: [ 03 ]
01:02:28 - 01:08:32 Victor (Pretoria, South Africa)
Question: Whats a socket?
Answer: What your program talks to when you want to communicate over the network. A related name is a handle.
Question: [ 04 ]
01:08:33 - 01:15:37 Shawn Poulson (Middletown, Delaware)
Listener Comment: Some cons on using SSL for all websites:
- In addition, caching proxies won't cache this content either. ISPs often employ transparent caching proxy devices that save their upstream bandwidth to the 'Net by caching what their users often access, like say the Google search page logo. So when you go to a Google page you're probably getting that logo, not from Google, but from your ISP.
Steve's Comment: Steve was suggesting all connections should be secure not that all content should be secret
Question: [ 05 ]
01:15:38 - 01:23:07 Simon Iremonger (England)
Question: Why don't we see security flaws in processor's ?
Answer: There has been problems with processor designs in the past but we don't see as many problems with processor's as it has to be right and you cant just send everyone an update to fix any problems. Processor makers also spends lots of time and money testing new processors.
Question: [ 06 ]
01:23:08 - 01:27:02 Matthew Srebinski (Essexville, Michigan) & Eric (San Jose)
Question: [ 07 ]
01:27:03 - 01:29:15 William (Canada)
Question: Is Windows 7 XP mode properly sandboxing XP ?
Answer: Steve is unsure but he doubts it as it would be really inconvenient for users.
Question: [ 08 ]
01:29:16 - 01:32:04 Rick Slater (Carriere, Mississippi)
Question: What do you think about the Kindle DX's killbit?
Answer: This is due to the text to speech feature.
Question: [ 09 ]
01:32:05 - 01:39:23 Steve Vance (Golden Gate Computer Society in San Rafael, California)
Question: How do you detect SSL proxying ?
- Go to a secure site
- Hover your mouse over the little padlock, you'll see something that says VeriSign Trust Network.
- You can also double-click on that to open up the properties.
- What you want to do is you want to poke around in there. Various browsers have these in different places.
- But you want to look at the so-called chain of trust that we've talked about, the sort of a hierarchy of links for the certificate.
- In the case of GRC's certificate, which I get from VeriSign, you'll see GRC.com, you'll see a VeriSign intermediate, and then that trusted root, the certificate authority, and nothing else.
- If you did this in a corporate, within a corporate region where they were proxying your SSL, you would see that you had a secure connection.
- But when you looked at the certificate, it would show, for example, GRC.com and then link to some non-trusted certificate authority that had been planted in your browser and that had been used to generate a certificate on the fly.
- It would not link back to the real certificate from GRC.
Question: [ 10 ]
01:39:24 - 01:43:05 Ren Zhi Zhang (Auckland, New Zealand)
Question: How do you scan the ports of a computer from within your own LAN?
Answer: Steve recommends Superscan from Foundstone. Superscan
This windows utility can scan another machine on your LAN.
Question: [ 11 ]
01:43:05 - 01:48:04 Darius (Port Moody, BC)
Question: How do you keep your source code safe and secure on the move?
Answer: Steve uses "FileBack PC" which is really powerful and customisable.
Question: [ 12 ]
01:48:05 - 01:53:18 David Greenberg (Nyack, New York)
Listener Comment: He recommends the Apple Airport Express as a travel router.
Steve's Comment: It sounds spectacular
01:39:24 - 01:43:05
- Superscan from Foundstone. Superscan
- Ad Time: 0:33-0:44 and 2:49-5:00
- Ad Time: 0:45-1:00 and 33:41-36:48
- Recorded Date: May 27, 2009
- Release Date: May 28, 2009
- Duration: 2:00:34
- Log line:
- Edited by: Tony
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|