Security Now 310

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 310


Security Now 310: Q&A 122

News & Errata

  • Apple iOS updated to 4.3.4 that fixes 3 critical problems, including a PDF rendering flaw that was used to JailBreak iOS devices.
  • LulzSec hacked the SUN newspaper, redirecting to a site with false news
  • ReadWriteWeb report: Forester survey shows that Windows XP still powers 60% of corporate desktops
  • Collusion demo: Firefox add on, gives a quick overview example by showing a collusion graph of how different tracking websites track the user when going from site to site.
  • Mozilla Identity, a new identity service from mozilla, early stage, Steve will check it in a later episode.
  • TrueCrypt is asking for donations.
  • BrowserScope.org: checks browser in functionality and security and compares it with other browsers.

Spinrite Story

SpinRite fixed a harddisk to be able to clone it. Before cloning it took 24 hours to process 8%, after SpinRite 22 minutes.

Questions & Answers

Question: [ 01 ] Career advice: Joey wants to become a computer & security expert, however with the constant evolution of technology and computers he is worried that by the time he graduates there will be no more improvements to be made. He als asks if SpinRite will work with his PlayStation?

Yes SpinRite will work. Recall the guy who used SpinRite to repair iPod drives. It doesn't need to know anything about the file system.

Is security going away? 1- Do what you love to do and don't worry about 30 years from now, than do something that you don't like. 2- About the future of security: I feels to Steve we are in the Wild West. As we see, it is becoming worse. We don't see any slow downs. The threats are becoming more sophisticated, requiring more specialization in security. Steve started as "Mr. Hard Drive" and shifted expertise over time. The internet changed his focus entirely.--Walthouser 17:16, 20 July 2011 (PDT)

Question: [ 02 ] Didn't Steve already do a series on how the internet works? Using hashing as a source for random number generation

Back in episodes 25 and 26. We have a new group of listeners. Steve is also taking a fresh approach to how the internet works, including IPv6 and DNS spoofing, as well as more depth.

The problem with most random number generators is the lack of a good seed that gives the algorithm good entropy. See Steve's R and D page. he offers a generated token which adds entropy from the client's side. --Walthouser 17:28, 20 July 2011 (PDT)

Question: [ 03 ] Allen from Denmark asks what is to prevent "Is my credit card stolen" from serving up a page that actually posts data?

This is a good point. In Security Now 308: Q&A 121 Steve looked at the source and saw what it was doing. However, what a site does today is not necessarily what it will do tomorrow. One preventative is the Chrome browser's requirement that a page's javascript to come via https as well as the text. --Walthouser 17:28, 20 July 2011 (PDT)

Question: [ 04 ]

Question: [ 05 ]

Question: [ 06 ]

Question: [ 07 ]

Question: [ 08 ]

Question: [ 09 ]

Question: [ 10 ]

Question: [ 11 ]

Question: [ 12 ]

Sponsors

  • Astaro Offer Code: SecurityNow

Production Information

  • Edited by: TechEngineer
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.