Security Now 219
Episode 219 |
Topic: Browser Scripting Recorded: October 21, 2009 Published: October 22, 2009 Duration: 1:00:43 |
Contents
Security Now 219: Browser Scripting
Why patches are impossible, the Total (In)security virus, and why writing software shouldn't be too easy.
News & Errata
03:00 - 04:00
- John Cumming was originally going to be a guest on this episode but unfortunately their was a death in his family, Steve hopes he will be able to be a guest on a future episode, possibly Security Now 221
05:00 - 11:02
- Firefox now notifies users if their plugins are out of date and have known security vulnerabilities
- You can go Here to check if you have any out of date plugins
- Mozilla has disabled the .Net framework plugin as it is insecure
11:03 - 16:13
- A piece of scareware calling itself "Total Security 2009" which locks you out of your computer and only lets you use internet explorer
- If you try to use anything else on your computer it pops up a fake message telling you your computer is infected and takes you to a website where you must purchase this program for $79.95 and even offers 'insurance' for $19
16:14 - 22:35
- Bruce Schneier, a security guru and cryptographer, had an interesting blog posting on October 19, 2009, which was a reaction to the mega Patch Tuesday
- He says that patching is essentially an impossible problem as patches need to be released quickly yet work on thousands of different configurations of computers
22:36 - 26:28
- PayPal has fixed a bug in their eBay payment system where you could bypass having to enter the one time password supplied by the dongle
26:29 - 31:47
- Amazon has dropped the price of the Kindle to $259 and added an international radio to it
- Barnes and Noble have also released an Ebook reader which has two screens called the Nook.
- The upper screen is E Ink and the lower screen is a colour LCD touch screen
- Plastic logic will be releasing an Ebook reader at CES
Spinrite Story
31:48 - 34:27 Wray Buck (Unknown)
A listeners PC wouldn't boot and his BIOS informed him the drive was in danger of imminent failure. He ran Spinrite on level 5 on the drive and it was able to fix the drive enough to allow the computer to boot so he could get his data off.
Browser Scripting
37:10 - 55:10
- A girl at the Starbucks Steve goes to had to wipe her computer and reinstall windows as after visiting a sewing website she always goes to it was infected with a virus
- It is too easy for anyone to put up a website today and people are interested in just getting it to work rather than doing it properly
- People often use pre-packaged software that is out of date and so hackers can easily exploit it
- There are no requirements for a programmer who writes a website like their are for doctors who want to treat people
- Some sites have a hacker safe seal which actually means nothing it just makes money for the company selling the badge
- The credit card industry has a security standard called PCI
- However many companies that are PCI certified have been breached
Sponsors
Go To Meeting
- Go To Meeting
- GoToMeeting-3
- Ad Time: 00:35-00:49 and 35:00-37:07
Production Information
- Edited by: Tony
- Notes:
![]() |
This area is for use by TWiT staff only. Please do not add or edit any content within this section. |