Security Now 236
Topic: Your Questions, Steve's Answers 86
Recorded: February 17, 2010
Published: February 18, 2010
- 1 Security Now 236: Your Questions, Steve's Answers 86
- 2 Notable Quotes
- 3 Sponsors
- 4 Production Information
Security Now 236: Your Questions, Steve's Answers 86
News & Errata
01:47 - 05:18
- Some users received the Blue Screen of Death after installing February 2010's updates from Microsoft
- Symantec discovered that this was due to conflicts between the patch and a trojan horse
05:19 - 06:51
- There is an update for Adobe Flash Player that fixes a problem which: "has the ability to look at the pages and other web pages and web browser windows that you may have open, read them and then, like, get usernames and passwords and banking data, anything it wants to, scrape the other windows that you may have open in your web browser, and send those somewhere."
06:52 - 09:24
- On March 1st a data protection law is going into effect in Massachusetts
- It says:
- Business with customers in Massachusetts must encrypt any of the business data, any personal private data of Massachusetts residents on portable storage devices
- Any data that is being transacted must be encrypted in flight
09:25 - 11:03
- There's a very prevalent fake AV, antivirus software, known as Live PC Care
- The creators are now offering live support
11:04 - 12:15
- the Web Video Downloader addon for Firefox was incorrectly identified as a virus by Mozilla
12:16 - 13:47
- Steve's DNS benchmark has been rated the best but the article describes Steve as an old man
13:48 - 16:10 Derek (Unknown)
A listener fixed his mothers PC with Spinrite
Questions & Answers
19:09 - 01:24:00
Question: [ 01 ]
19:09 - 24:08 Sean McLeary (Brampton, Ontario, Canada)
Question: Are packet losses a security threat ?
Answer: There are historical attacks on wifi security that incorporated packet loss in the attack but the modern standards do not have such vulnerabilites.
Question: [ 02 ]
24:09 - 29:52 Tom (Deerfield Beach, Florida)
Question: Is there any way to reliably thwart hardware and software keyloggers and screen scrapers on a public computer? Also when are you going to start developing Cryptolink ?
Answer: Steve can not think of a way to reliably thwart hardware and software keyloggers and screen scrapers on a public computer. Cryptolink development will start when Steve has finished DNS Benchmark documentation, the GRC cookie page, and the Security Now page at GRC
Question: [ 03 ]
29:53 - 36:37 Ray Herrera (Oakland, California)
Question: Do you still use Jungle Disk ?
Answer: Steve does but notes now its a subscription based model rather than a one time payment for life
Question: [ 04 ]
36:38 - 41:04 Patrick McAuley (Guelph, Ontario, Canada)
Question: Can you comment on Opera Unite ?
Answer: This is just the worst idea I've ever heard of
Question: [ 05 ]
41:05 - 48:05 Colin Perry (New Zealand)
Question: In your opinion, would it be easier to reverse-engineer or hack a program written in assembly language, the machine code, the one-to-one correspondence code that we've been talking about, as opposed to a program written in a higher level language like, say, C, or a scripting language like Perl?
Answer: It's truly much more difficult to understand what a compiler's code is trying to do than assembly language which directly translates into machine language to do the same job.
Question: [ 06 ]
48:06 - 51:42 Phil Coleman (Swansea, Wales, UK)
Question: Is there really such a thing as a private search engine, I've come across one called Start Page that claims to protect your privacy ?
Answer: This search engine could still show relevant adds
Question: [ 07 ]
51:43 - 01:01:24 Dan White (Winchester, VA)
Question: You spoke of the program counter to allow the program to step through instructions. But doesn't that require more than just simple gates? Seems like it would involve an adding function, a timer, and a looping mechanism to continually add one to the counter. But that seems to require more complex functions of a program which depend on the program counter. So would you then need a program to create a program? How do you get this chicken-and-egg thing started? Is the program counter all done in hardware?
Answer: It turns out that a binary counter has a very simple logic to it. If you have a string of bits, say individual bit cells, and say that it's initially all set to zero, well, to turn it to a one we invert the lowest order bit. And so now we've got all zeroes and then a one. To increment again, we invert that first, the rightmost bit again. But when we invert the bit, and the bit goes from a one to a zero, we invert the next bit to the left. And what's really cool is that simple logic. You just invert a bit. And when you invert it, and it goes from one to zero, you invert the bit to the left that is the most, the next most significant bit.
So we start off with all zeroes. We invert the least significant bit. That goes to a one. And then we invert it again. Well, that bit goes to zero, which kicks the next one, causes it to invert. So that goes - now you have a one zero, which is the number two in binary. Now we invert the least significant bit again, so now we have a one one. Now, when we do it again - and a one one is a three - now we invert the least significant bit. So that one goes to zero, which kicks the next one over. It's a one. It goes to zero. Which kicks the next one over, forming a one. So now you have one zero zero, which is binary four.
Question: [ 08 ]
01:01:25 - 01:05:07 Curtis Clark (Unknown)
Question: How do I convince people they really need to be careful and that you just can't browse the web like your computer is invincible?
Answer: Keep trying to get people to understand that security matters
Question: [ 09 ]
01:05:08 - 01:24:00 Anders Wold Eldhuset (Norway)
Question: When working with machine language how do you deal with things that aren't easily expressed as numbers by humans? For example, how would you store a string or send instructions to a windowing system? Also do you write in any languages apart from assembler ?
Answer: Assemblers do some work for you like converting quoted strings to ASCII and you can take the ASCII values of letters for comparisons. Steve has also wrote code in C and Perl.
58:33 - 58:45
Steve Gibson: "sufficiently complex problems need to be coded three times"
- G2M #2
- Ad Times: 0:43-0:54 and 16:12-18:33
- Edited by: Tony
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|