Security Now 288

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 288


Security Now 288: Your Questions, Steve's Answers #111

A critical Microsoft vulnerability, The differences between open and closed source software, A number of questions around BitCoin, and more.

News & Errata

2:15 - 6:19

  • Chrome has been updated to v9
  • Fixes "high" vulnerability security bugs

6:20 - 11:00

  • via @CaptainCaveMan:
  • 0 day exploit in Windows SMB system

11:01 - 12:47

  • Vulnerability in MSHTML.dll that does CSS and HTML parsing in Windows
  • Dangling pointer problem (a pointer that is not destroyed)

12:48 - 25:12

  • Google adds two factor authentication

25:13 - 32:54

  • Intel Sandybridge chipsets will incorporate one time password technology in the hardware
  • http://ipt.intel.com

32:55 - 39:00

39:01 - 41:20

  • Symantec has updated its Stuxnet Dossier
  • Steve will do a podcast on it at some point

41:21 - 42:23

  • Steve wants to correct himself, the autoplay disabling windows update is optional

Spinrite Story

42:24 - 43:40 Mike (Unknown)

Spinrite fixed a broken harddrive


Questions & Answers

43:41 -

Question: [ 01 ]

43:41 - 47:27
Question: Will you accept CryptoCoins as payment ?

Answer: Yes

Question: [ 02 ]

47:28 - 54:47
Question: Aren't CryptoCoins a great way to launder money ?

Answer: Yes

Question: [ 03 ]

54:58 - 56:10
Question: Microsoft has a fix it to reverse the autorun patch

Answer: http://support.microsoft.com/kb/967715

Question: [ 04 ]

56:11 - 01:01:31
Question: Could you loose a BitCoin if your hardware dies and you have no backup?

Answer: Yes

Question: [ 05 ]

01:01:32 - 01:06:15
Question: What stops someone using a PC with a slow CPU but fast GPU to generate BitCoins ?

Answer: The network scales to control the rate at which puzzles are solved

Question: [ 06 ]

01:06:16 - 01:12:44
Question: Do old machines have a chance of competing with more powerful machines to generate BitCoins ?

Answer: The only way to get the solution is by guessing. The only advantage a faster machine has is it can guess more. An old machine could get lucky and find a solution.

Question: [ 07 ]

01:12:45 - 01:19:49
Question: What are the technical difficulties in reading the source for a closed source program ?

Answer: You loose things like variable names and subroutines when you disassemble a program so its harder to see whats going on

Question: [ 08 ]

01:19:50 - 01:25:05
Question: Intel could prevent 0 day attacks by preventing buffer over runs

Answer: Steve and Tom were laughing at the claim Intel were going to eliminate 0 day bugs

Question: [ 09 ]

01:25:06 - 01:28:38
Question: You could use a QR code to enter long wifi passwords

Answer: This is a clever idea http://zxing.appspot.com/generator/

Question: [ 10 ]

01:28:39 - 01:31:00
Question: Ghostery (browser addon) stops sites tracking you

Answer: Steve will try it out

Production Information

  • Edited by: Jason
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.