Security Now 224
Topic: Listener Feedback #80
Recorded: November 25, 2009
Published: November 26, 2009
- 1 Security Now 224: Your Questions, Steve's Answers 80
- 2 Sponsors
- 3 Production Information
Security Now 224: Your Questions, Steve's Answers 80
News & Errata
05:12 - 08:23
- Some NSA agents admitted that they have worked on security for Apple, Sun and Microsoft software
08:24 - 10:26
- There is now an jailbroken iPhone worm that is enlisting infected phones into a botnet and is stealing banking credentials
10:27 - 19:08
- Internet Explorer 8 has a vulnerability in its cross site scripting filter
- Google is disabling this feature in IE 8 on its websites
- Internet Explorer 6 & 7 both have a remote code execution vulnerability
19:09 - 19:42
- Opera has patched its browser to fix a vulnerability
19:43 - 21:20
- Steve and Leo will occasionally be doing a special health podcast based on Steve's research
21:21 - 22:53 Darren Wiggly
A listeners external hard drive died so he ran Spinrite on it. It fixed the drive.
You have been had with this story. Its a fake.
Promulgated by PaulDotCom !
Questions & Answers
27:23 - 01:21:06
Comment: [ 01 ]
27:23 - 34:19 Drew (Virginia Beach, VA)
Listener Comment: You said that old code is better code but on a previous episode you talked about how a old voting machine was hacked due to advancements in technology
Steve's Comment: This belief is a religious thing as he thinks that its better to have code that has been around for a long time and tested and understood than new code
Comment: [ 02 ]
34:20 - 41:35 Anon (Unknown)
Listener Comment: I think that improvements in coding tools and techniques are making new programs more secure than older ones. For example IE 8 is more secure than IE 6.
Steve's Comment: You have to distinguish between security problems caused by policy compared to security problems caused by coding mistakes. It was Microsofts policy early on to turn the firewall off by default which made Windows less secure due to a poor policy decision as opposed to a programmer at Microsoft making a mistake coding the firewall.
Comment: [ 03 ]
41:36 - 49:08 Brandon (Indianapolis)
Listener Comment: Their is an add on for Firefox and Internet Explorer called Web of Trust (WOT) that gives you a security ranking for websites you visit and alerts you if you are going to visit a website that is known to contain malware
Steve's Comment: This was born as people were annoyed that you had to pay a provider for a security certificate. This idea lets users rank websites and get information about them for free
Question: [ 04 ]
49:09 - 57:25 John Edwards (Edinburgh, Scotland)
Question: How can you securely manage your usernames and passwords ?
Answer: Leo stores all of his passwords in an encrypted evernote document. Steve keeps all his passwords on a palm pilot. You could also use something like KeyPass or Roboform
Comment: [ 05 ]
57:26 - 01:06:20 Doug Smith (Albany, New York)
Listener Comment: Their is a difference between a human right and requirement. People should not be obligated to have Internet connectivity to fulfill their civic duties. They should not be required to have an email address. They should not be required to have a cell phone. They should not be required to vote electronically over a network. They should not be required to submit their taxes electronically, and they should not be required to have Internet access at home in order for their children to attend public schools.
Steve's Comment: Steve and Leo both agree with this. But they make the point that you could replace internet with telephone or snail mail and if you don't want them you need to realise that your life is going to be harder.
Question: [ 06 ]
01:06:21 - 01:09:40 Joe Perleberg (Green Bay, Wisconsin)
Listener Comment: Lots of banks and require you to provide a fingerprint when cashing a cheque to help prevent fraud
Steve's Comment: It is easy and cheap to record fingerprints now so nearly anyone can do it but Steve predicts it wont end well
Head Shaker of the Week: [ 07 ]
01:09:41 - 01:13:55 Joe Dorward (Berkshire, England)
Head Shaker: I tried to log out of hotmail but was unable to do so as third party cookies were disabled
Response: This is crazy and who knows what they are doing
Sad Biometric Stupidity Story of the Week: [ 08 ]
01:13:56 - 01:21:06 Steve (Rochester, New York)
Story: A bank wouldn't allow a man to cash a cheque as he had no arms and could not provide a fingerprint
Response: He may well have a lawsuit against the bank and this is terrible
Go To MY PC
- GoToMyPC #5
- Ad Time: 00:00:36-00:00:51 and 00:02:53-00:05:03
- FordSync #2
- Ad Time: 00:00:53-00:01:10 and 00:22:53-00:26:59
- Edited by: Tony
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|