Security Now 226

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 226

Security Now 226: Listener Feedback 81

News & Errata

06:45 - 08:39

  • It was the second Tuesday of the month this week
  • A few things were fixed including the 0 day exploit in Internet Explorer

08:40 - 14:25

  • Voting systems are starting to become open source
  • The Open Source Digital Voting Foundation hope to have a completely open source voting system available in 8 years
  • Sequoia the creators of a broken digital voting are also going to become open source

14:26 - 17:25

  • Virgin media in the UK are about to employ deep packet inspection without their customers consent
  • It is to anonymously assess how much illegal filesharing is occurring on their systems
  • If the protocol is known to be used to illegally share files then they will go deeper into the packets to asses the flow

17:26 - 19:17

  • A break down of the OS market share on the internet:
    • XP 64%
    • Vista 23%
    • Mac 5.12%
    • Windows 7 3.77%
    • Linux 1%
    • Windows 2000 0.62%
    • iPhone is 0.54%
    • Miscellaneous Others 1%

01:12:36 - 01:15:50

  • Steve and Leo talk about Steve's DNSbenchmark program

Spinrite Story

19:18 - 24:20 Jake and Phillip (The Future)

Jake and Phillip are from the time correction team this is their story:

" My team was sent on a mission to prevent some unfortunate results of the bad science presented in the movie '2012.'" An unexpected solar flare hit our craft, resulting in a near complete loss of data from every system onboard. This caused our reentry into the earth's atmosphere to be very far off course. At this time I would like to apologize to the people of Utah. I cannot imagine the fright our reentry must have given everyone there. Please accept our sincere apology. Anyway, once we landed, if you may call it that, we set about restoring our data. We popped in SpinRite v12, and in a mere three days' time all of the data from our craft was back, exactly as it had been prior to the above-mentioned unpleasantness. You really saved our pork product (bacon, as they say in your time). Steve, you really are a magician. And although we really shouldn't tell you this, CryptoLink v3 is going to rock the world. Please keep up your good work. Sincerely, Time Correction Team XVI. "

Questions & Answers

27:20 - 01:12:36

Question: [ 01 ]

27:20 - 34:56 Chris (Las Vegas, Nevada)
Question: Windows throws an error when it receives an ARP response from an IP address it's trying to use itself, saying another device has the same IP on the LAN. So wouldn't it be trivial to have the stack throw an error if it received multiple responses for the same IP address from different MAC addresses?

Answer: Yes you could do this and Steve is going to put this feature in Cryptolink

Comment: [ 02 ]

34:57 - 40:35 Peter Jaros (Brooklyn, New York)
Listener Comment: You could defeat whole disk encryption if you steal the computer without powering it down and there are products that do just this such as This

Steve's Comment: It's actually more complicated than just never shutting it down you also have to prevent the screen saver from activating so their are USB dongles called the mouse wiggler that occasionally move the cursor. When Steve attended an FBI panel on this they also discussed how to keep the computer powered and they do this in two ways. If the PC is plugged into a power strip you plug their special adapter into one of the free spaces and it powers the computer. If it is plugged into the wall, you plug their box into the other dual outlet, then unscrew it, pull it out, and snip the wires. So now you've got their backup unit running, just routed through this little two-outlet plug back to the computer.

Comment: [ 03 ]

40:36 - 47:05 Tom Aafloen (Karlstad, Sweden)
Listener Comment: Their is a simple password manager called LockNote that should be easy to use for less skilled computer users

Steve's Comment: This looks really good and he is going to check the source out to make sure they are doing the encryption correctly

Comment: [ 04 ]

47:06 - 51:30 Jim (California, in the Bay Area)
Listener Comment: Their is a problem with Web of Trust where good websites are flagged as being malicious and theirs no review process

Steve's Comment: There is a very low threshold for a site being black listed. It appears that only a small amount of users need to claim to have been bitten by the site for it to be blacklisted and if there isn't a big active community a lot of sites could be wrongly blacklisted.

Question: [ 05 ]

51:31 - 58:30 Matthew Justice (Austin, Texas)
Question: Have you heard about Google's DNS servers and also when will your DNSbenchmark tool be released ?

Answer: DNSbenchmark can be found Here. Steve has heard about Google's DNS servers but has not looked at them in depth.

Question: [ 06 ]

58:31 - 01:04:45 Lex Thomas (Research Triangle Park, North Carolina)
Question: Are there any advantages or disadvantages to using a router to perform DNS lookups ?

Answer: Using your router to perform DNS lookup's is a bad idea as some routers crash when they receive a specially formed DNS response. Also typical consumer routers are not very smart and don't perform DNS lookup's very intelligently or quickly.

Disney authentication story of the week: [ 07 ]

01:07:57 - 01:10:32 Daniel Ernst (West Bloomfield, Michigan, USA)
Story: A listener went to Disney Land and told the employee that he was not going to give them his fingerprint. They said this was fine if he showed ID every time he went

Steve's Comment: I found an article that talked about Disney's policy where they say that they are deliberately keeping this biometric data separate, that they're not recording a fingerprint at the resolution, that is, enough data points so that it could even be used for recognition. It could only be used as a go/no go sort of verification. So only a few aspects of the fingerprint are being maintained. And they flush them after the pass which is associated with it has been expired by more than a month or something like that.

Brilliant Disneyland Authentication Solution of the Week: [ 08 ]

01:10:33 - 01:12:36 Tom Aafloen (Karlstad, Sweden)
Solution: Dedicate a finger to be used for identification at places that require it such as your index finger

Steve's Comment: This is a great idea


Go To Assist Express


Ford Sync

Production Information

  • Edited by: Tony
  • Notes: Removed Question 1 that Steve couldnt answer. 00:06:43
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.