Security Now 219

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 219


Security Now.jpg
"Browser Scripting"
Hosts: Leo Laporte and Steve Gibson
Topic: Browser Scripting
Recorded: October 21, 2009
Published: October 22, 2009
Duration: 1:00:43

Transcript

Previous episodeNext episode

Security Now 219: Browser Scripting

Why patches are impossible, the Total (In)security virus, and why writing software shouldn't be too easy.

News & Errata

03:00 - 04:00

  • John Cumming was originally going to be a guest on this episode but unfortunately their was a death in his family, Steve hopes he will be able to be a guest on a future episode, possibly Security Now 221

05:00 - 11:02

  • Firefox now notifies users if their plugins are out of date and have known security vulnerabilities
  • You can go Here to check if you have any out of date plugins
  • Mozilla has disabled the .Net framework plugin as it is insecure

11:03 - 16:13

  • A piece of scareware calling itself "Total Security 2009" which locks you out of your computer and only lets you use internet explorer
  • If you try to use anything else on your computer it pops up a fake message telling you your computer is infected and takes you to a website where you must purchase this program for $79.95 and even offers 'insurance' for $19

16:14 - 22:35

  • Bruce Schneier, a security guru and cryptographer, had an interesting blog posting on October 19, 2009, which was a reaction to the mega Patch Tuesday
  • He says that patching is essentially an impossible problem as patches need to be released quickly yet work on thousands of different configurations of computers

22:36 - 26:28

  • PayPal has fixed a bug in their eBay payment system where you could bypass having to enter the one time password supplied by the dongle

26:29 - 31:47

  • Amazon has dropped the price of the Kindle to $259 and added an international radio to it
  • Barnes and Noble have also released an Ebook reader which has two screens called the Nook.
  • The upper screen is E Ink and the lower screen is a colour LCD touch screen
  • Plastic logic will be releasing an Ebook reader at CES

Spinrite Story

31:48 - 34:27 Wray Buck (Unknown)

A listeners PC wouldn't boot and his BIOS informed him the drive was in danger of imminent failure. He ran Spinrite on level 5 on the drive and it was able to fix the drive enough to allow the computer to boot so he could get his data off.

Browser Scripting

37:10 - 55:10

  • A girl at the Starbucks Steve goes to had to wipe her computer and reinstall windows as after visiting a sewing website she always goes to it was infected with a virus
  • It is too easy for anyone to put up a website today and people are interested in just getting it to work rather than doing it properly
  • People often use pre-packaged software that is out of date and so hackers can easily exploit it
  • There are no requirements for a programmer who writes a website like their are for doctors who want to treat people
  • Some sites have a hacker safe seal which actually means nothing it just makes money for the company selling the badge
  • The credit card industry has a security standard called PCI
  • However many companies that are PCI certified have been breached

Sponsors

Go To Meeting

Production Information

  • Edited by: Tony
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.
Retrieved from "http://wiki.twit.tv/w/index.php?title=Security_Now_219&oldid=17203"