Security Now 227

Security Now
Episode 227


"Cyberwarfare"Hosts: Leo Laporte and Steve Gibson Topic: Cyberwarfare Recorded: December 16, 2009 Published: December 17, 2009 Duration: 1:06:29 Transcript Previous episode – Next episode

Security Now 227: Cyberwarfare

11:42 - 14:20

The U.S. House of Representatives, passed a significant resolution, HR 2221 [Data Accountability and Trust Act], which is the electronic data breach notification legislation.
Currently their is different legislation in different states and this will make it easier for companies to comply with the law.
The FTC are going to enforce this but the government, financial institutions, insurance companies, nonprofits, and institutions of higher education are exempt from FTC jurisdiction.

14:21 - 27:10

Their is a really bad SQL injection attack that is thought to have compromised 300,000 websites
If you visit a website which has been infected it searches for vulnerabilities on your machine and if it finds a vulnerability it install trojans and rootkits which steal credit card information

27:11 - 32:11 Chris Rivera (Unknown)

A listeners hard drive died and made the dreaded clicking noise so he put it in the freezer and then ran Spinrite on it. It fixed the drive.

34:51 - 01:40:50

There is cybercrime, cyberwarfare and cyberterrorism
What differentiates them is the motive behind them
In cyberwarfare it is hard to tell who was responsible
We dont inspect the network hardware when we receive it we just plug it in and there have been instances of counterfeit Cisco routers than have malicious software on them
There has also been cryptographic equipment that has been sold only to later have backdoors found in it
It is reasonable to assume that most nations have a kill switch which will disable their internet access
It would be difficult to launch a cyber attack on a country as all of the worlds economies are now linked

This area is for use by TWiT staff only. Please do not add or edit any content within this section.