Security Now 199

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 199

Security Now 199: The Geek Atlas

A good book, the IPv6 protocol, and Steve's secure TCP idea that doesn't use a VPN tunnel.

News & Errata

02:14 - 29:06

Apple News
02:14 - 03:30

  • Apple has patched a Quicktime flaw

Blackberry News
03:31 - 04:28

  • PDF vulnerability in blackberries, updates are available

Microsoft News
04:28 - 09:23

09:24 - 25:00

  1. In Regedit, delete the {20a82645-c095-46ed-80e3-08825760534b} subkey under HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions.
  2. In Firefox, about:config, click reset on general.useragent.extra.microsoftdotnet and restart Firefox.
  3. Delete %SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\*

25:01 - 27:16

  • The EU is considering making Microsoft include competitors browsers

27:17 - 29:06

  • Steve's Kindle DX will arrive June 11th 2009

Spinrite Story

29:06 - 30:30

  • Steve lost the testimonial he was going to read out this week

The Geek Atlas

33:44 - 45:48

  • Get a copy of The Geek Atlas at Amazon.
  • 128 locations around the world of technical and historical geeky interest
  • It also gives very technical explanations of principles

IPv6 Protocol

45:49 - 01:09:21

  • IPv5 is a streaming protocol
  • IPv6 matters if the stack in your Windows machine is configured for IPv6 it will emit IPv6 DNS queries
  • IPv6 was created due to a concern over depletion of IP address space
  • IPv4 gives 4,294,967,296 possible different IPs
  • 40 % of these IP's are not even in use such as 5.x.x.x
  • Class A network's have 60 million IP's
  • NAT has solved the problem of running out of IP's
  • Cryptolink will support IPv6
  • Percentage of machines at IPv6 in:
    • Russia 0.76
    • France 0.65
    • The Ukraine 0.64
    • Norway 0.49
    • The U.S. 0.4
    • China 0.24
  • In a Class A network the first byte is the network number, and the other three bytes is the host within that network.
  • You could have 16.777 million hosts under that Class A network.
  • In a Class B network the first two bytes would specify the network, and the second two bytes the host.
  • You could have 65536 hosts in a Class B network
  • In a Class C network you have 254 hosts
  • In IPv6 the high 64 bits are the network and the low bits are the host
  • In the original plan the lower 32 bits were going to be generated by using the MAC address of the hardware but this creates a privacy concern as your IP address would effectively never change so you could be tracked.

Secure TCP with a VPN Tunnel

01:12:28 - 01:28:43

  • With VPN's the machine is completly enclosed and participating as a peer on the remote network.
  • CryptoLink will have a partial enclosure mode where you can designate specific remote locations whose traffic will be routed through the VPN tunnel, and others that won't.
  • Lots of ISP block unsafe ports

The Junior VPN idea:

  • Imagine that there were device drivers, network drivers, at either end of the connection and that at the home end, this network driver was listening to other ports, not 445, but other ports, and strongly encrypting and authenticating any packets which arrived there with a symmetric key, a secret symmetric key.
  • At Starbucks I have a network driver which is sort of doing the complementary thing. Windows thinks it's sending packets out toward 445. But when they come to this driver, it says, oh, this is going to home, so we port shift. We shift the destination port up to one or multiple ports, because there's nothing to say one packet can't come in and seven can't come out, aimed at different ports, in order to make sure that we get through to the other end. And that same strong symmetric encryption and authentication is applied so that what the packets contain is absolute gibberish.
  • So this packet leaves, gets shifted to a different port, goes out, passes the ISP's filter, comes in, gets decrypted and authenticated, meaning that only my machine at Starbucks is able to generate a packet which decrypts correctly and authenticates.
  • The port is shifted back down to 445 so Windows is happy with it. And I'm able to map my C drive or whatever drive or resource that I want to from home remotely with no overhead, no tunnels, no routing, no encapsulation.

Notable Quotes

Steve Hiner (listener): [I'm] at the primate exhibit, writing VB with all the monkeys.


GoTo Assist Express


The Structure of Scientific Revolutions by Thomas S. Kuhn (UNABRIDGED)
Narrated by Dennis Holland
  • Ad Time: 0:33-0:44 and 01:10:21 - 01:12:57

Production Information

  • Recorded Date: June 2, 2009
  • Release Date: June 3, 2009
  • Duration: 1:30:07
  • Log line: A good book, the IPv6 protocol, and Steve's secure TCP idea that doesn't use a VPN tunnel.
  • Edited by: Tony
  • Notes: Multiple spots where Steve had to reconnect due to bad connections. 20:43, 22:14, 48:11, 48:33 also missing a segment that was replaced by backup recording. 1:01:58-1:06:25
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.