Security Now 370

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 370

Security Now 370: Mark Russinovich

News & Errata

Bad new 0-day Internet Explorer exploit in the wild:

  • Installs the Poison Ivy Trojan
  • Security researchers found this out by monitoring servers used by the bad guys.
  • Microsoft has issued an advisory.
  • Rapid 7 has already added the exploit to it's Metasploit framework.
  • Microsoft is urging users to install the EMET (Enhanced Mitigation Experience Toolkit).
    • Researchers have found that EMET is not entirely effective.
  • Microsoft released an out of cycle patch fixing this problem on Friday 9/21/12.

"Lastpass Sentry" service:

  • Lastpass Sentry, a new service from Lastpass.
  • Warns when your Lastpass email address has been leaked out online.
  • Lastpass partnered with "PwnedList". PwnedList currently has 24 Million (and counting) publicly leaked usernames & passwords in it's database.
  • How it works:
    • Sentry performs daily checks to make sure your Lastpass email address is not found in PwnedList's database.
    • If a match is found an email is sent to the user, notifying them of the domain that was breached and the potential security risk.
  • Currently available to LastPass Premium and Enterprise users.
  • Users can Opt-Out via eMail.

Symantec Blog: "The Elderwood Project"

Spinrite Story


Notable Quotes

Significant Products



  • Audible URL


Narrated by TBD

Other Sponsor

  • Link URL

Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.