Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I take 30 to 90 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A web page with any supplementary notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #151 | 03 Jul 2008 | 107 min.
Phracking Phorm

Leo and I continue our discussion of “ISP Betrayal” with a careful explanation of the intrusive technology created by Phorm and currently threatening to be deployed by ISPs, for profit, against their own customers.
51 MB 13 MB 162 KB 89 KB 158 KB

Episode #150 | 26 Jun 2008 | 91 min.
Listener Feedback #44

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 121 KB 73 KB 131 KB

Episode #149 | 19 Jun 2008 | 67 min.
ISP Betrayal

In this first of two episodes, Steve and Leo discuss the disturbing new trend of Internet Service Providers (ISPs) allowing the installation of customer-spying hardware into their networks for the purpose of profiling their customers' behavior and selling this information to third-party marketers.
32 MB 8.1 MB 81 KB 52 KB 98 KB

Episode #148 | 12 Jun 2008 | 100 min.
Listener Feedback #43

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 142 KB 86 KB 151 KB

Episode #147 | 05 Jun 2008 | 57 min.
Microsoft's Baseline Security Analyzer

Leo and I discuss the recent hacker takeover of the Comcast domain, then examine two very useful free security tools offered by Microsoft: the Baseline Security Analyzer (MBSA) and the Microsoft Security Assessment Tool (MSAT).
27 MB 6.8 MB 2.3 KB 80 KB 47 KB 92 KB

Episode #146 | 29 May 2008 | 90 min.
Listener Feedback #42

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 138 KB 78 KB 140 KB

Episode #145 | 22 May 2008 | 51 min.
Secunia's PSI

Leo and I focus upon a comprehensive and highly recommended free software security vulnerability scanner called "PSI," Personal Software Inspector. Where anti-viral scanners search a PC for known malware, PSI searches for known security vulnerabilities appearing in tens of thousands of known programs. Everyone should run this small program! You'll be surprised by what it finds.
25 MB 6.2 MB 2.3 KB 83 KB 45 KB 91 KB

Episode #144 | 15 May 2008 | 85 min.
Listener Feedback #41

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 131 KB 77 KB 137 KB

Episode #143 | 08 May 2008 | 84 min.
YubiKey

Leo and I delve into the detailed operation of the YubiKey, the coolest new secure authentication device I discovered at the recent RSA Security Conference. Our special guest during the episode is Stina Ehrensvrd, CEO and Founder of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for this cool new technology.
41 MB 10 MB 3.2 KB 127 KB 73 KB 134 KB

Episode #142 | 01 May 2008 | 76 min.
Listener Feedback #40

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
37 MB 9.2 MB 2.4 KB 107 KB 65 KB 119 KB

Episode #141 | 24 Apr 2008 | 91 min.
RSA Conference 2008

Leo and I discuss recent security news; then I describe the week I spent at the 2008 annual RSA security conference, including my chance but welcome discovery of one very cool new multifactor authentication solution.
44 MB 11 MB 3.2 KB 136 KB 72 KB 134 KB

Episode #140 | 17 Apr 2008 | 98 min.
Listener Feedback #39

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 150 KB 87 KB 152 KB

Episode #139 | 10 Apr 2008 | 81 min.
Network Congestion

Leo and I discuss an aspect of the "cost" of using the Internet - a packetized global network which (only) offers "best effort" packet delivery service. Since "capacity" is the cost, not per-packet usage, the cost is the same whether the network is used or not. But once it becomes "overused" the economics change since "congestion" results in a sudden loss of network performance.
39 MB 9.8 MB 93 KB 62 KB 118 KB

Episode #138 | 03 Apr 2008 | 66 min.
Listener Feedback #38

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 108 KB 68 KB 125 KB

Episode #137 | 27 Mar 2008 | 66 min.
RAM Hijacks

Leo and I plow into the detailed operation of static and dynamic RAM memory to give some perspective to the recent Princeton research that demonstrated that dynamic RAM (DRAM) does not instantly "forget" everything when power is removed. They examine the specific consequences of various forms of physical access to system memory.
32 MB8 MB2.2 KB81 KB51 KB98 KB

Episode #136 | 20 Mar 2008 | 86 min.
Listener Feedback #37

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 122 KB 76 KB 137 KB

Episode #135 | 13 Mar 2008 | 77 min.
IronKey

Leo and I spend 45 terrific minutes speaking with David Jevans, Ironkey's CEO and founder, about the inner workings and features of their truly unique security-hardened cryptographic hardware USB storage device.
37 MB9.3 MB2.2 KB115 KB72 KB132 KB

Episode #134 | 06 Mar 2008 | 84 min.
Listener Feedback #36

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB10 MB2.2 KB122 KB72 KB123 KB

Episode #133 | 28 Feb 2008 | 69 min.
TrueCrypt v5.0

In this second half of our exploration of whole-drive encryption, Leo and I discuss the detailed operation of the new version 5.0 release of TrueCrypt, which offers whole-drive encryption for Windows.
33 MB8.3 MB2.2 KB93 KB57 KB108 KB

Episode #132 | 21 Feb 2008 | 94 min.
Listener Feedback #35

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB11 MB2.2 KB142 KB86 KB135 KB

Episode #131 | 14 Feb 2008 | 69 min.
FREE CompuSec

In this first of our two-part exploration of the world of whole-drive encryption, Leo and I begin by discussing the various options and alternatives, then focus upon one excellent, completely free, and comprehensive security solution known as "FREE CompuSec."
33 MB8.3 MB2.1 KB85 KB55 KB106 KB

Episode #130 | 07 Feb 2008 | 97 min.
Listener Feedback #34

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB13 MB2.1 KB164 KB93 KB145 KB

Episode #129 | 31 Jan 2008 | 39 min.
Windows SteadyState

Leo and I examine and discuss Microsoft's "Windows SteadyState," an extremely useful, free add-on for Windows XP that allows Windows systems to be "frozen" (in a steady state) to prevent users from making persistent changes to ANYTHING on the system.
19 MB4.7 MB3.3 KB55 KB35 KB89 KB

Episode #128 | 24 Jan 2008 | 73 min.
Listener Feedback #33

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.7 KB115 KB67 KB119 KB

Episode #127 | 17 Jan 2008 | 48 min.
Corporate Security

Leo and I discuss the week's major security events, then use a listener's story of his organization's security challenges to set the stage for our discussion of the types of challenges corporations face in attempting to provide a secure computing environment.
23 MB5.9 MB2.1 KB68 KB41 KB95 KB

Episode #126 | 10 Jan 2008 | 101 min.
Listener Feedback #32

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB4.1 KB144 KB89 KB137 KB

Episode #125 | 03 Jan 2008 | 67 min.
Symmetric Ciphers

Steve explains, very carefully and clearly this time, why and how multiple encryption increases security. Steve also carefully and in full detail explains the operation of the new global encryption AES cipher: Rijndael.
32 MB8.1 MB2.1 KB79 KB49 KB101 KB

Episode #124 | 27 Dec 2007 | 67 min.
Listener Feedback #31

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB2.1 KB91 KB56 KB108 KB

Episode #123 | 20 Dec 2007 | 46 min.
Jungle Disk

Leo and I invite Jungle Disk's creator, Dave Wright, to join the podcast to talk about his $20 product that allows for extremely economical, efficient, seamless and absolutely secure online storage of any user data within Amazon's high-performance, high-reliability "S3" storage facility.
22 MB5.6 MB2.1 KB68 KB42 KB96 KB

Episode #122 | 13 Dec 2007 | 73 min.
Listener Feedback #30

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.1 KB112 KB64 KB116 KB

Episode #121 | 06 Dec 2007 | 54 min.
Is Privacy Dead?

This week Steve and Leo take a break from the details of bits and bytes to discuss and explore the many issues surrounding the gradual and inexorable ebbing of individual privacy as we (consumers) rely increasingly upon the seductive power of digital-domain services.
26 MB6.5 MB2.1 KB92 KB47 KB102 KB

Episode #120 | 29 Nov 2007 | 97 min.
Listener Feedback #29

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB12 MB2.1 KB146 KB86 KB135 KB

Episode #119 | 22 Nov 2007 | 70 min.
PayPal and DoubleClick

Leo and I dissect the "Links" on PayPal's site with an eye toward reverse engineering the reason for many of them routing PayPal's users through servers owned by DoubleClick. We carefully explain the nature of the significant privacy concerns raised by this practice.
33 MB8.4 MB2.1 KB84 KB53 KB104 KB

Episode #118 | 15 Nov 2007 | 81 min.
Listener Feedback #28

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.8 MB2.1 KB120 KB71 KB121 KB

Episode #117 | 08 Nov 2007 | 53 min.
Even More Perfect paper Passwords

Leo and I discuss the updated second version of our Perfect Paper Passwords (PPP) system and examine a number of interesting subtle questions such as whether it's better to have fully random equally probable passwords or true one-time-only passwords; and how, whether, and why attack strategies affect that decision.
26 MB6.5 MB2.3 KB67 KB41 KB94 KB

Episode #116 | 01 Nov 2007 | 47 min.
Listener Feedback #27

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
23 MB5.7 MB2.1 KB73 KB41 KB96 KB

Episode #115 | 25 Oct 2007 | 83 min.
Perfect Paper Passwords

During this week's second half of our discussion of GRC's new secure roaming authentication system, I reveal and fully describe the unique, simple, clean, and super-secure one-time password solution I designed to provide roaming authentication for GRC's employees. I also describe our own freely available software implementation of the "PPP" system, as well as several other recently created open source implementations.
40 MB10 MB2.0 KB122 KB68 KB121 KB

Episode #114 | 18 Oct 2007 | 95 min.
Listener Feedback #26

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB4.1 KB138 KB83 KB132 KB

Episode #113 | 11 Oct 2007 | 56 min.
Roaming Authentication

In this first of a two-part series, Leo and I discuss my recent design of a secure roaming authentication solution for GRC's employees. I begin to describe the lightweight super-secure system I designed where even an attacker with "perfect knowledge" of an employee's logon will be unable to gain access to protected resources.
27 MB6.7 MB2.1 KB73 KB42 KB96 KB

Episode #112 | 04 Oct 2007 | 64 min.
Listener Feedback #25

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.8 MB2.1 KB93 KB55 KB108 KB

Episode #111 | 27 Sept 2007 | 41 min.
OpenID Precautions

Having several times addressed the value and potential of the open source, open spec., and popular OpenID system, which is rapidly gaining traction as a convenient means for providing "single sign-on" identification on the Internet, this week Leo and I examine problems and concerns, both with OpenID and those inherent in any centralized identity management solution.
20 MB5.0 MB2.8 KB51 KB32 KB86 KB

Episode #110 | 20 Sept 2007 | 95 min.
Listener Feedback #24

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB2.6 KB161 KB85 KB138 KB

Episode #109 | 13 Sept 2007 | 95 min.
GRC's eCommerce System

Leo and I delve into some of the non-obvious problems encountered during the creation of a robust and secure eCommerce system. I explain the hurdles I faced, the things that initially tripped me up, and the solutions I found when I was creating GRC's custom eCommerce system.
46 MB11.4 MB2.6 KB128 KB77 KB127 KB

Episode #108 | 06 Sept 2007 | 80 min.
Listener Feedback #23

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.7 MB2.1 KB115 KB66 KB127 KB

Episode #107 | 30 Aug 2007 | 53 min.
PIP & Even More Perfect Passwords

Leo and I discuss two topics this week: The availability and operation of VeriSign Labs' OpenID PIP (Personal Identity Provider) beta, offering many useful features for online identity authentication; and my recent redesign of the algorithms behind GRC's popular Perfect Passwords page.
26 MB6.4 MB4.5 KB69 KB41 KB101 KB

Episode #106 | 23 Aug 2007 | 64 min.
Listener Mailbag #2

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.
31 MB7.8 MB2.1 KB95 KB60 KB120 KB

Episode #105 | 16 Aug 2007 | 62 min.
Firewall LeakTesting

Leo and I discuss the history, purpose, and value of personal firewall leaktesting. We examine the myriad techniques clever developers have found for accessing the Internet and sending data out of PCs even when those PCs are being protected by outbound-blocking personal firewalls.
30 MB7.6 MB3.1 KB74 KB49 KB100 KB

Episode #104 | 09 Aug 2007 | 70 min.
Listener Feedback Q&A #22

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB8.5 MB2.1 KB114 KB65 KB126 KB

Episode #103 | 02 Aug 2007 | 51 min.
PayPal Security Key

Leo and I talk with Michael Vergara, PayPal's Director of Account Protections, to learn everything they can about the PayPal security key effort and its probable future.
25 MB6.3 MB2.1 KB85 KB49 KB113 KB

Episode #102 | 26 July 2007 | 78 min.
Listener Mailbag #1

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.
38 MB9.4 MB3.2 KB119 KB68 KB129 KB

Episode #101 | 19 July 2007 | 83 min.
Are You Human?

Leo and I explore the Internet's rapidly growing need to automatically differentiate human from non-human automated clients. We discuss the advantages and limitations of many past and current approaches to this problem while paying close attention to the most commonly used visual 'CAPTCHA' solutions.
40 MB10 MB