Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I take 30 to 90 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A web page with any supplementary notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #234 | 04 Feb 2010 | 81 min.
Listener Feedback #85

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 9.7 MB 118 KB 73 KB 137 KB

Episode #233 | 28 Jan 2010 | 75 min.
Let's Design a Computer (part 1)

To understand the advances made during 50 years of computer evolution, we need to understand computers 50 years ago. In this first installment of a new Security Now series, we design a 50 year old computer. In future weeks, we will trace the factors that shaped their design during the four decades that followed.
36 MB 8.9 MB 90 KB 59 KB 112 KB

Episode #232 | 21 Jan 2010 | 100 min.
Listener Feedback #84

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 148 KB 91 KB 166 KB

Episode #231 | 14 Jan 2010 | 106 min.
Mega Security Update & CES Observations

Leo and I catch up on two busy weeks of security news with a “mega security news update” . . . and Steve, who watched Leo's streaming video coverage of CES, weighs in with his own discoveries and findings from the big annual consumer electronics fest.
51 MB 13 MB 4.3 KB 203 KB 95 KB 182 KB

Episode #230 | 07 Jan 2010 | 54 min.
Listener Feedback #83

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
26 MB 6.5 MB 82 KB 49 KB 100 KB

Episode #229 | 31 Dec 2009 | 72 min.
The Rational Rejection of Security Advice

Leo and I turn everything around this week to question the true economic value of security advice. We consider the various non-zero costs to the average, non-Security Now! listener. We compare those real costs with the somewhat unclear and uncertain benefits of going to all the trouble of following, sometimes painful, maximum security advice.
35 MB 8.6 MB 107 KB 60 KB 118 KB

Episode #228 | 24 Dec 2009 | 86 min.
Listener Feedback #82

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 121 KB 75 KB 137 KB

Episode #227 | 17 Dec 2009 | 60 min.
Cyberwarfare

Leo and I examine the amorphous and difficult-to-grasp issue of nation-state sponsored cyberwarfare. We examine what it means when nations awaken to the many nefarious ways the global Internet can be used to gain advantage against international competitors and adversaries.
29 MB 7.2 MB 87 KB 49 KB 99 KB

Episode #226 | 10 Dec 2009 | 66 min.
Listener Feedback #81

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB 7.9 MB 116 KB 62 KB 123 KB

Episode #225 | 03 Dec 2009 | 74 min.
“Same Origin” Troubles

This week Leo and I plow into the little understood and even less known problems that arise when user-provided content — postings, photos, videos, etc. — are uploaded to trusted web sites from which they are then subsequently served to other web users.
35 MB 8.7 MB 115 KB 62 KB 121 KB

Episode #224 | 26 Nov 2009 | 75 min.
Listener Feedback #80

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB 9.0 MB 114 KB 66 KB 127 KB

Episode #223 | 19 Nov 2009 | 80 min.
A security vulnerability in SSL

This week Leo and I plow into a recently discovered serious vulnerability in the fundamental SSL protocol that provides virtually all of the Internet's communications security: SSL - the Secure Sockets Layer. I explain exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client's credentials. (That's not good.)
38 MB 10 MB 93 KB 61 KB 114 KB

Episode #222 | 12 Nov 2009 | 97 min.
Listener Feedback #79

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 150 KB 87 KB 159 KB

Episode #221 | 05 Nov 2009 | 71 min.
The Oxymoron of “JavaScript Security”

This week Leo and I are joined by author (The Geek Atlas) and software developer John Graham-Cumming to discuss many specific concerns about the inherent, designed-in, insecurity of our browser's JavaScript scripting language. Now 14 years old, JavaScript was never meant for today's high-demand Internet environment — and it's having problems.

John's original presentation slides in Microsoft PowerPoint and PDF formats.
34 MB 8.5 MB 103 KB 68 KB 127 KB

Episode #220 | 29 Oct 2009 | 75 min.
Listener Feedback #78

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB 9.0 MB 119 KB 65 KB 126 KB

Episode #219 | 22 Oct 2009 | 57 min.
Badly Broken Browsing

In preparation for episode #221's guest, John Graham-Cumming, who will take us on a detailed walk-through of the JavaScript language's security problems, this week Leo and I examine the sad and badly broken state of web browsing in general, and how we got to where we are.
28 MB 6.9 MB 97 KB 51 KB 106 KB

Episode #218 | 15 Oct 2009 | 80 min.
Listener Feedback #77

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 10 MB 110 KB 67 KB 129 KB

Episode #217 | 08 Oct 2009 | 87 min.
The Fundamentally Broken Browser Model

Alex and I discuss the serious security problems created by the way SSL connections are specified by non-secured web pages, and how easily a “man in the middle” attack can compromise this amazingly weak web-based security.
42 MB 11 MB 87 KB 69 KB 121 KB

Episode #216 | 01 Oct 2009 | 93 min.
Listener Feedback #76

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 152 KB 85 KB 159 KB

Episode #215 | 24 Sep 2009 | 74 min.
Security Maxims

Leo and I discuss the first portion of a collection of pithy and apropos "Security Maxims" that were assembled by a member of the Argonne Vulnerability Assessment Team at the Nuclear Engineering Division of the Argonne National Laboratory, U.S. Department of Energy. They're great!
43 MB 11 MB 119 KB 61 KB 124 KB

Episode #214 | 17 Sep 2009 | 89 min.
Listener Feedback #75

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 134 KB 78 KB 145 KB

Episode #213 | 10 Sep 2009 | 68 min.
Cracking GSM Cellphones

Leo and I discuss the state of GSM (Global System of Mobile communications) cracking. I show where to purchase the required hardware, from where to download the software, and just how easy and practical it has become to "crack" the old and very weak "security" employed by the three billion cellphones now in worldwide use.
33 MB 8.2 MB 94 KB 55 KB 109 KB

Episode #212 | 03 Sep 2009 | 120 min.
Listener Feedback #74

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 178 KB 102 KB 184 KB

Episode #211 | 27 Aug 2009 | 78 min.
Voting Machine Hacking

This week Leo and I describe the inner workings of one of the best designed and apparently most secure electronic voting machines — currently in use in the United States — and how a group of university researchers hacked it without any outside information to create a 100% stealth vote stealing system.
37 MB 9.3 MB 92 KB 58 KB 109 KB

Episode #210 | 20 Aug 2009 | 51 min.
Listener Feedback #73

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
25 MB 6.2 MB 78 KB 43 KB 91 KB

Episode #209 | 13 Aug 2009 | 104 min.
Vitamin D

Leo and I kick off the podcast's fifth year with a rare off-topic discussion of something I have been researching for the past eight weeks and passionately believe everyone needs to know about: Vitamin D. After next week's Q&A, the podcast will return to topics of Internet security.

Steve's “Vitamin D” Research page: http://www.GRC.com/health/Vitamin-D.htm
50 MB 13 MB 112 KB 80 KB 142 KB

Episode #208 | 06 Aug 2009 | 123 min.
Listener Feedback #72

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 196 KB 106 KB 195 KB

Episode #207 | 30 Jul 2009 | 104 min.
Listener Feedback #71

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 169 KB 94 KB 172 KB

Episode #206 | 23 Jul 2009 | 90 min.
Mega Security News Update

A LOT of security news transpired during the three previous weeks since Steve and Leo last recorded live. So instead of the regularly scheduled Q&A episode (which is moved to next week), today they catch up with this week's "mega security news update."
43 MB 11 MB 155 KB 74 KB 147 KB

Episode #205 | 16 Jul 2009 | 46 min.
Lempel & Ziv

Leo and I examine the operation of one of the most prevalent computer algorithm inventions in history: Lempel-Ziv data compression. Variations of this invention form the foundation of all modern data compression technologies.
22 MB 5.5 MB 57 KB 35 KB 76 KB

Episode #204 | 09 Jul 2009 | 71 min.
Listener Feedback #70

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB 8.6 MB 96 KB 63 KB 119 KB

Episode #203 | 02 Jul 2009 | 65 min.
Boyer & Moore

Leo and I explore the invention of the best, and very non-intuitive, means for "string searching" - finding a specific pattern of bytes within a larger buffer. This is crucial not only for searching documents but also for finding viruses hidden within a computer's file system.
31 MB 7.9 MB 89 KB 49 KB 100 KB

Episode #202 | 25 Jun 2009 | 62 min.
Listener Feedback #69

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB 7.5 MB 98 KB 54 KB 110 KB

Episode #201 | 18 Jun 2009 | 49 min.
SecureZIP

Leo and I examine the operation, features, and security of PKWARE's FREE SecureZIP file archiving and encrypting utility. This very compelling and free offering implements a complete PKI (Public Key Infrastructure) system with per-user/per-installation certificates, public and private keys, secure encryption, digital signing, and other security features we have discussed during previous podcasts.
24 MB 6.0 MB 71 KB 37 KB 83 KB

Episode #200 | 11 Jun 2009 | 109 min.
Listener Feedback #68

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 162 KB 95 KB 171 KB

Episode #199 | 04 Jun 2009 | 90 min.
The Geek Atlas, IPv6 & a non-VPN

Steve and Leo explore three topics this week: A terrific new book for geeks and non-geeks alike, the uncertain future of IPv6 (and a few cautions about rushing to adoption) and a idea Steve has been mulling around for a "lightweight" means for making secure Internet connections with a VPN tunnel.
43 MB 11 MB 116 KB 70 KB 131 KB

Episode #198 | 28 May 2009 | 120 min.
Listener Feedback #67

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 215 KB 107 KB 197 KB

Episode #197 | 21 May 2009 | 73 min.
Windows 7 Security

This week, Leo and I discuss the changes, additions and enhancements Microsoft has made to the security of their forthcoming release of Windows 7.
40 MB 10 MB 107 KB 65 KB 123 KB

Episode #196 | 14 May 2009 | 121 min.
Listener Feedback #66

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 187 KB 109 KB 188 KB

Episode #195 | 07 May 2009 | 85 min.
The SSL/TLS Protocol

Leo and I plow into the detailed operation of the Internet's most-used security protocol, originally called "SSL" and now evolved into "TLS." The security of this crucial protocol protects all of our online logins, financial transactions, and pretty much everything else.
41 MB 10 MB 92 KB 59 KB 110 KB

Episode #194 | 30 Apr 2009 | 76 min.
Listener Feedback #65

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
37 MB 9.1 MB 118 KB 67 KB 124 KB

Episode #193 | 23 Apr 2009 | 104 min.
Conficker

Steve and Leo discuss the week's security news; then they closely examine the detailed operation and evolution of "Conficker," the most technically sophisticated worm the Internet has ever encountered.
50 MB 13 MB 120 KB 77 KB 136 KB

Episode #192 | 16 Apr 2009 | 93 min.
Listener Feedback #64

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 127 KB 82 KB 145 KB

Episode #191 | 09 Apr 2009 | 66 min.
GhostNet

Steve and Leo begin by discussing the week's security news. Then Steve carefully and completely describes the construction and operation of a worldwide covert cyberspace intelligence gathering network, operating in 103 countries, that was named "GhostNet" by its Canadian discoverers.
32 MB 7.9 MB 89 KB 53 KB 101 KB

Episode #190 | 02 Apr 2009 | 105 min.
Listener Feedback #63

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 165 KB 90 KB 161 KB

Episode #189 | 26 Mar 2009 | 74 min.
Internet Explorer 8

Leo and I closely examine and discuss Microsoft's just released major version 8 of Internet Explorer. Having studied this major new web browser version closely, I examine the many new features and foibles from the standpoint of its short- and long-term impact on Internet security.
36 MB 8.9 MB 101 KB 62 KB 116 KB

Episode #188 | 19 Mar 2009 | 86 min.
Listener Feedback #62

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 149 KB 84 KB 150 KB

Episode #187 | 12 Mar 2009 | 70 min.
Windows Autorun-around

Leo and I discuss the inglorious past of Windows Autorun. We explain how, until recently, disabling "Autorun" never really worked, how Microsoft hoped to fix it while bringing minimal attention to the problem, and how Microsoft's documentation of their recent fix still "got it wrong."
34 MB 8.5 MB 100 KB 55 KB 106 KB

Episode #186 | 05 Mar 2009 | 86 min.
Listener Feedback #61

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 117 KB 72 KB 132 KB

Episode #185 | 26 Feb 2009 | 80 min.
Cryptographic HMACs

Leo and I discuss the role, importance and operation of cryptographically-keyed message digest algorithms and their use to securely authenticate messages: Hashed Messages Authentication Codes.
39 MB 10 MB 109 KB 66 KB 121 KB

Episode #184 | 19 Feb 2009 | 117 min.
Listener Feedback #60

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 197 KB 106 KB 188 KB

Episode #183 | 12 Feb 2009 | 88 min.
Modes of Encryption

In preparation for a deep and detailed discussion of the Secure Sockets Layer (SSL) protocol, Steve and Leo first establish some formal crypto theory and practice of encryption operating modes.
42 MB 11 MB 128 KB 69 KB 127 KB

Episode #182 | 05 Feb 2009 | 104 min.
Listener Feedback #59

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 162 KB 90 KB 159 KB

Episode #181 | 29 Jan 2009 | 65 min.
Crypto Rehash

Before tackling the complete description of the operation of the SSL (Secure Socket Layer) protocol, this week Leo and I take a step back to survey and review much of the cryptographic material we have covered during past 3+ years of podcasts.
32 MB 8 MB 93 KB 52 KB 102 KB

Episode #180 | 22 Jan 2009 | 82 min.
Listener Feedback #58

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 128 KB 72 KB 132 KB

Episode #179 | 15 Jan 2009 | 67 min.
Cracking Security Certificates

Steve and Leo delve into the detailed inner workings of security certificates upon which the Internet depends for establishing the identity of users, websites, and other remote entities. After establishing how certificates perform these functions, Steve describes how a team of security researchers successfully cracked this "uncrackable" security to create fraudulent identifications.
38 MB 9.4 MB 99 KB 62 KB 114 KB

Episode #178 | 08 Jan 2009 | 66 min.
Listener Feedback #57

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB 8 MB 109 KB 62 KB 115 KB

Episode #177 | 01 Jan 2009 | 118 min.
Breaking SSL, PDP-8's & UltraCapacitors

Leo and I discuss the newly discovered cracks in SSL (Secure Sockets Layer), Antique PDP-8 minicomputers, a new PDP-8 kit you can build, and the importance of next generation UltraCapacitors.
57 MB 14 MB 13 KB 190 KB 97 KB 175 KB

Episode #176 | 25 Dec 2008 | 64 min.
Drop My Rights

Leo and I delve into the inner workings of a free, easy to use and useful yet unknown Microsoft utility known as "DropMyRights." It can be used to easily run selected, dangerous Internet-facing applications - such as your web browser and email client - under reduced, safer non-administrative privileges while everything else in the system runs unhampered.
31 MB 7.7 MB 3.7 KB 81 KB 49 KB 94 KB

Episode #175 | 18 Dec 2008 | 86 min.
Listener Feedback #56

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 10 MB 149 KB 81 KB 143 KB

Episode #174 | 11 Dec 2008 | 60 min.
Sandbox Limitations

Having described “Sandboxie” and Virtual Machine sandboxing utilities in the past, Leo and I discuss the limitations of any sort of sandboxing for limiting the negative impacts of malware on a user's privacy and system's security.
29 MB 7.2 MB 69 KB 46 KB 90 KB

Episode #173 | 04 Dec 2008 | 105 min.
Listener Feedback #55

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 160 KB 90 KB 158 KB

Episode #172 | 27 Nov 2008 | 90 min.
Sandboxie

Leo and I return to take a much closer look at “Sandboxie,” an extremely useful, powerful, and highly recommended Windows security tool we first mentioned two years ago. This time, after interviewing Sandboxie's creator, Ronen Tzur, I explain why I am totally hooked and why Leo is wishing it was available for his Macs.
43 MB 11 MB 114 KB 71 KB 128 KB

Episode #171 | 20 Nov 2008 | 88 min.
Listener Feedback #54

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 11 MB 109 KB 71 KB 126 KB

Episode #170 | 13 Nov 2008 | 103 min.
The TKIP Hack

Leo and I begin with a refresher on WEP, the original technology of WiFi encryption. With that fresh background, we then tackle the detailed explanation of every aspect of the recently revealed very clever hack against the TKIP security protocol. TKIP is the older and less secure of the two security protocols offered within the WPA and WPA2 WiFi Alliance certification standards.
50 MB 12 MB 122 KB 77 KB 136 KB

Episode #169 | 06 Nov 2008 | 93 min.
Listener Feedback #53

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB 11 MB 114 KB 76 KB 135 KB

Episode #168 | 30 Oct 2008 | 57 min.
ClickJacking

Leo and I discuss yet another challenge to surfing safely in the web world: Known as “ClickJacking,” or more formally as “UI Redressing,” this class of newly popular threats tricks web users into performing web-based actions they don't intend by leading them to believe they are doing something else entirely.
27 MB 6.9 MB 4.9 KB 76 KB 44 KB 89 KB

Episode #167 | 23 Oct 2008 | 89 min.
Listener Feedback #52

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 124 KB 73 KB 133 KB

Episode #166 | 16 Oct 2008 | 75 min.
Cross-Site Request Forgery

Leo and I discuss the week's security events, then we address another fundamental security and privacy concern inherent in the way web browsers and web-based services operate: Using “Cross-Site Request Forgery” (CSRF), malicious pranksters can cause your web browser to do their bidding using your authentication.
36 MB 9 MB 107 KB 58 KB 112 KB

Episode #165 | 09 Oct 2008 | 108 min.
Listener Feedback #51

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 151 KB 91 KB 158 KB

Episode #164 | 02 Oct 2008 | 97 min.
SockStress

Leo and I discuss a class of newly disclosed vulnerabilities reported to exist in many operating systems' implementations of the fundamental TCP protocol. Two security researchers, claiming that they could not get anyone's attention (after less than one month), disclosed far too much information in a recent audio interview — leaving little to the imagination — and exposing the Internet to a new class of DoS attacks. They'll certainly get attention now. (See this episode's Show Notes for many additional links.)
47 MB 12 MB 12 KB 117 KB 76 KB 133 KB

Episode #163 | 25 Sep 2008 | 97 min.
GoogleUpdate & DNS Security

Leo and I wrap up the loose ends from last week's final Q&A question regarding the self-removal of the GoogleUpdate system following the removal of Google's Chrome web browser, then we discuss the operation and politics of upgrading the Internet's entire DNS system to fully secure operation.
47 MB 12 MB 129 KB 77 KB 138 KB

Episode #162 | 18 Sep 2008 | 89 min.
Listener Feedback #50

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 133 KB 76 KB 138 KB

Episode #161 | 11 Sep 2008 | 75 min.
Google's Chrome

Leo and I examine Google's new “Chrome” web browser. Leo likes Chrome and attempts to defend it as being just a beta release; but, while I am impressed by the possibilities created by Chrome's underlying architecture, I'm extremely unimpressed by its total lack of critically important security and privacy features.
36 MB 9 MB 115 KB 63 KB 118 KB

Episode #160 | 04 Sep 2008 | 87 min.
Listener Feedback #49

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 10 MB 132 KB 76 KB 137 KB

Episode #159 | 28 Aug 2008 | 95 min.
Vista Security Bypass

Steve and Leo discuss some recent revelations made by two talented security researchers during their presentation at the Black Hat conference. Steve explains how, why, and where the much touted security improvements introduced in the Windows Vista operating system fail to prevent the exploitation of unknown security vulnerabilities.
36 MB 9.1 MB 101 KB 60 KB 113 KB

Episode #158 | 21 Aug 2008 | 93 min.
Listener Feedback #48

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 144 KB 80 KB 143 KB

Episode #157 | 14 Aug 2008 | 74 min.
DNS — After the Patch

Leo and I follow-up on the recent industry-wide events surrounding the discovery, partial repair, and disclosure of the serious (and still somewhat present) "spoofability flaw" in the Internet's DNS protocol. We also examine what more can be done to make DNS less spoofable.
36 MB 8.9 MB 3.3 KB 107 KB 61 KB 115 KB

Episode #156 | 07 Aug 2008 | 84 min.
Listener Feedback #47

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 119 KB 72 KB 133 KB

Episode #155 | 31 Jul 2008 | 103 min.
Bailiwicked Domain Attack

Steve and Leo discuss the deeply technical and functional aspects of DNS, with a view toward explaining exactly how the recently discovered new DNS cache poisoning attacks are able to cause users' browsers to be undetectably redirected to malicious phishing sites.
49 MB 12 MB 2.5 KB 131 KB 78 KB 137 KB

Episode #154 | 24 Jul 2008 | 88 min.
Listener Feedback #46

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 11 MB 119 KB 73 KB 131 KB

Episode #153 | 17 Jul 2008 | 62 min.
DePhormed Politics

Leo and I conclude our coverage of the serious privacy invasion threat from the Phorm system with a discussion with Alexander Hanff, a technologist and activist located in the United Kingdom, who has been at the center of the public outcry against this invasive technology.
30 MB 7.5 MB 2.6 KB 77 KB 50 KB 95 KB

Episode #152 | 10 Jul 2008 | 83 min.
Listener Feedback #45

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 120 KB 71 KB 129 KB

Episode #151 | 03 Jul 2008 | 107 min.
Phracking Phorm

Leo and I continue our discussion of “ISP Betrayal” with a careful explanation of the intrusive technology created by Phorm and currently threatening to be deployed by ISPs, for profit, against their own customers.
51 MB 13 MB 162 KB 89 KB 158 KB

Episode #150 | 26 Jun 2008 | 91 min.
Listener Feedback #44

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 121 KB 73 KB 131 KB

Episode #149 | 19 Jun 2008 | 67 min.
ISP Betrayal

In this first of two episodes, Steve and Leo discuss the disturbing new trend of Internet Service Providers (ISPs) allowing the installation of customer-spying hardware into their networks for the purpose of profiling their customers' behavior and selling this information to third-party marketers.
32 MB 8.1 MB 81 KB 52 KB 98 KB

Episode #148 | 12 Jun 2008 | 100 min.
Listener Feedback #43

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 142 KB 86 KB 151 KB

Episode #147 | 05 Jun 2008 | 57 min.
Microsoft's Baseline Security Analyzer

Leo and I discuss the recent hacker takeover of the Comcast domain, then examine two very useful free security tools offered by Microsoft: the Baseline Security Analyzer (MBSA) and the Microsoft Security Assessment Tool (MSAT).
27 MB 6.8 MB 2.3 KB 80 KB 47 KB 92 KB

Episode #146 | 29 May 2008 | 90 min.
Listener Feedback #42

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 138 KB 78 KB 140 KB

Episode #145 | 22 May 2008 | 51 min.
Secunia's PSI

Leo and I focus upon a comprehensive and highly recommended free software security vulnerability scanner called "PSI," Personal Software Inspector. Where anti-viral scanners search a PC for known malware, PSI searches for known security vulnerabilities appearing in tens of thousands of known programs. Everyone should run this small program! You'll be surprised by what it finds.
25 MB 6.2 MB 2.3 KB 83 KB 45 KB 91 KB

Episode #144 | 15 May 2008 | 85 min.
Listener Feedback #41

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 131 KB 77 KB 137 KB

Episode #143 | 08 May 2008 | 84 min.
YubiKey

Leo and I delve into the detailed operation of the YubiKey, the coolest new secure authentication device I discovered at the recent RSA Security Conference. Our special guest during the episode is Stina Ehrensvrd, CEO and Founder of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for this cool new technology.
41 MB 10 MB 3.2 KB 127 KB 73 KB 134 KB

Episode #142 | 01 May 2008 | 76 min.
Listener Feedback #40

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
37 MB 9.2 MB 2.4 KB 107 KB 65 KB 119 KB

Episode #141 | 24 Apr 2008 | 91 min.
RSA Conference 2008

Leo and I discuss recent security news; then I describe the week I spent at the 2008 annual RSA security conference, including my chance but welcome discovery of one very cool new multifactor authentication solution.
44 MB 11 MB 3.2 KB 136 KB 72 KB 134 KB

Episode #140 | 17 Apr 2008 | 98 min.
Listener Feedback #39

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 150 KB 87 KB 152 KB

Episode #139 | 10 Apr 2008 | 81 min.
Network Congestion

Leo and I discuss an aspect of the "cost" of using the Internet - a packetized global network which (only) offers "best effort" packet delivery service. Since "capacity" is the cost, not per-packet usage, the cost is the same whether the network is used or not. But once it becomes "overused" the economics change since "congestion" results in a sudden loss of network performance.
39 MB 9.8 MB 93 KB 62 KB 118 KB

Episode #138 | 03 Apr 2008 | 66 min.
Listener Feedback #38

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 108 KB 68 KB 125 KB

Episode #137 | 27 Mar 2008 | 66 min.
RAM Hijacks

Leo and I plow into the detailed operation of static and dynamic RAM memory to give some perspective to the recent Princeton research that demonstrated that dynamic RAM (DRAM) does not instantly "forget" everything when power is removed. They examine the specific consequences of various forms of physical access to system memory.
32 MB8 MB2.2 KB81 KB51 KB98 KB

Episode #136 | 20 Mar 2008 | 86 min.
Listener Feedback #37

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 122 KB 76 KB 137 KB

Episode #135 | 13 Mar 2008 | 77 min.
IronKey

Leo and I spend 45 terrific minutes speaking with David Jevans, Ironkey's CEO and founder, about the inner workings and features of their truly unique security-hardened cryptographic hardware USB storage device.
37 MB9.3 MB2.2 KB115 KB72 KB132 KB

Episode #134 | 06 Mar 2008 | 84 min.
Listener Feedback #36

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB10 MB2.2 KB122 KB72 KB123 KB

Episode #133 | 28 Feb 2008 | 69 min.
TrueCrypt v5.0

In this second half of our exploration of whole-drive encryption, Leo and I discuss the detailed operation of the new version 5.0 release of TrueCrypt, which offers whole-drive encryption for Windows.
33 MB8.3 MB2.2 KB93 KB57 KB108 KB

Episode #132 | 21 Feb 2008 | 94 min.
Listener Feedback #35

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB11 MB2.2 KB142 KB86 KB135 KB

Episode #131 | 14 Feb 2008 | 69 min.
FREE CompuSec

In this first of our two-part exploration of the world of whole-drive encryption, Leo and I begin by discussing the various options and alternatives, then focus upon one excellent, completely free, and comprehensive security solution known as "FREE CompuSec."
33 MB8.3 MB2.1 KB85 KB55 KB106 KB

Episode #130 | 07 Feb 2008 | 97 min.
Listener Feedback #34

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB13 MB2.1 KB164 KB93 KB145 KB

Episode #129 | 31 Jan 2008 | 39 min.
Windows SteadyState

Leo and I examine and discuss Microsoft's "Windows SteadyState," an extremely useful, free add-on for Windows XP that allows Windows systems to be "frozen" (in a steady state) to prevent users from making persistent changes to ANYTHING on the system.
19 MB4.7 MB3.3 KB55 KB35 KB89 KB

Episode #128 | 24 Jan 2008 | 73 min.
Listener Feedback #33

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.7 KB115 KB67 KB119 KB

Episode #127 | 17 Jan 2008 | 48 min.
Corporate Security

Leo and I discuss the week's major security events, then use a listener's story of his organization's security challenges to set the stage for our discussion of the types of challenges corporations face in attempting to provide a secure computing environment.
23 MB5.9 MB2.1 KB68 KB41 KB95 KB

Episode #126 | 10 Jan 2008 | 101 min.
Listener Feedback #32

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB4.1 KB144 KB89 KB137 KB

Episode #125 | 03 Jan 2008 | 67 min.
Symmetric Ciphers

Steve explains, very carefully and clearly this time, why and how multiple encryption increases security. Steve also carefully and in full detail explains the operation of the new global encryption AES cipher: Rijndael.
32 MB8.1 MB2.1 KB79 KB49 KB101 KB

Episode #124 | 27 Dec 2007 | 67 min.
Listener Feedback #31

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB2.1 KB91 KB56 KB108 KB

Episode #123 | 20 Dec 2007 | 46 min.
Jungle Disk

Leo and I invite Jungle Disk's creator, Dave Wright, to join the podcast to talk about his $20 product that allows for extremely economical, efficient, seamless and absolutely secure online storage of any user data within Amazon's high-performance, high-reliability "S3" storage facility.
22 MB5.6 MB2.1 KB68 KB42 KB96 KB

Episode #122 | 13 Dec 2007 | 73 min.
Listener Feedback #30

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.1 KB112 KB64 KB116 KB

Episode #121 | 06 Dec 2007 | 54 min.
Is Privacy Dead?

This week Steve and Leo take a break from the details of bits and bytes to discuss and explore the many issues surrounding the gradual and inexorable ebbing of individual privacy as we (consumers) rely increasingly upon the seductive power of digital-domain services.
26 MB6.5 MB2.1 KB92 KB47 KB102 KB

Episode #120 | 29 Nov 2007 | 97 min.
Listener Feedback #29

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB12 MB2.1 KB146 KB86 KB135 KB

Episode #119 | 22 Nov 2007 | 70 min.
PayPal and DoubleClick

Leo and I dissect the "Links" on PayPal's site with an eye toward reverse engineering the reason for many of them routing PayPal's users through servers owned by DoubleClick. We carefully explain the nature of the significant privacy concerns raised by this practice.
33 MB8.4 MB2.1 KB84 KB53 KB104 KB

Episode #118 | 15 Nov 2007 | 81 min.
Listener Feedback #28

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.8 MB2.1 KB120 KB71 KB121 KB

Episode #117 | 08 Nov 2007 | 53 min.
Even More Perfect paper Passwords

Leo and I discuss the updated second version of our Perfect Paper Passwords (PPP) system and examine a number of interesting subtle questions such as whether it's better to have fully random equally probable passwords or true one-time-only passwords; and how, whether, and why attack strategies affect that decision.
26 MB6.5 MB2.3 KB67 KB41 KB94 KB

Episode #116 | 01 Nov 2007 | 47 min.
Listener Feedback #27

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
23 MB5.7 MB2.1 KB73 KB41 KB96 KB

Episode #115 | 25 Oct 2007 | 83 min.
Perfect Paper Passwords

During this week's second half of our discussion of GRC's new secure roaming authentication system, I reveal and fully describe the unique, simple, clean, and super-secure one-time password solution I designed to provide roaming authentication for GRC's employees. I also describe our own freely available software implementation of the "PPP" system, as well as several other recently created open source implementations.
40 MB10 MB2.0 KB122 KB68 KB121 KB

Episode #114 | 18 Oct 2007 | 95 min.
Listener Feedback #26

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB4.1 KB138 KB83 KB132 KB

Episode #113 | 11 Oct 2007 | 56 min.
Roaming Authentication

In this first of a two-part series, Leo and I discuss my recent design of a secure roaming authentication solution for GRC's employees. I begin to describe the lightweight super-secure system I designed where even an attacker with "perfect knowledge" of an employee's logon will be unable to gain access to protected resources.
27 MB6.7 MB2.1 KB73 KB42 KB96 KB

Episode #112 | 04 Oct 2007 | 64 min.
Listener Feedback #25

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.8 MB2.1 KB93 KB55 KB108 KB

Episode #111 | 27 Sept 2007 | 41 min.
OpenID Precautions

Having several times addressed the value and potential of the open source, open spec., and popular OpenID system, which is rapidly gaining traction as a convenient means for providing "single sign-on" identification on the Internet, this week Leo and I examine problems and concerns, both with OpenID and those inherent in any centralized identity management solution.
20 MB5.0 MB2.8 KB51 KB32 KB86 KB

Episode #110 | 20 Sept 2007 | 95 min.
Listener Feedback #24

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB2.6 KB161 KB85 KB138 KB

Episode #109 | 13 Sept 2007 | 95 min.
GRC's eCommerce System

Leo and I delve into some of the non-obvious problems encountered during the creation of a robust and secure eCommerce system. I explain the hurdles I faced, the things that initially tripped me up, and the solutions I found when I was creating GRC's custom eCommerce system.
46 MB11.4 MB2.6 KB128 KB77 KB127 KB

Episode #108 | 06 Sept 2007 | 80 min.
Listener Feedback #23

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.7 MB2.1 KB115 KB66 KB127 KB

Episode #107 | 30 Aug 2007 | 53 min.
PIP & Even More Perfect Passwords

Leo and I discuss two topics this week: The availability and operation of VeriSign Labs' OpenID PIP (Personal Identity Provider) beta, offering many useful features for online identity authentication; and my recent redesign of the algorithms behind GRC's popular Perfect Passwords page.
26 MB6.4 MB4.5 KB69 KB41 KB101 KB

Episode #106 | 23 Aug 2007 | 64 min.
Listener Mailbag #2

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.
31 MB7.8 MB2.1 KB95 KB60 KB120 KB

Episode #105 | 16 Aug 2007 | 62 min.
Firewall LeakTesting

Leo and I discuss the history, purpose, and value of personal firewall leaktesting. We examine the myriad techniques clever developers have found for accessing the Internet and sending data out of PCs even when those PCs are being protected by outbound-blocking personal firewalls.
30 MB7.6 MB3.1 KB74 KB49 KB100 KB

Episode #104 | 09 Aug 2007 | 70 min.
Listener Feedback Q&A #22

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB8.5 MB2.1 KB114 KB65 KB126 KB

Episode #103 | 02 Aug 2007 | 51 min.
PayPal Security Key

Leo and I talk with Michael Vergara, PayPal's Director of Account Protections, to learn everything they can about the PayPal security key effort and its probable future.
25 MB6.3 MB2.1 KB85 KB49 KB113 KB

Episode #102 | 26 July 2007 | 78 min.
Listener Mailbag #1

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.
38 MB9.4 MB3.2 KB119 KB68 KB129 KB

Episode #101 | 19 July 2007 | 83 min.
Are You Human?

Leo and I explore the Internet's rapidly growing need to automatically differentiate human from non-human automated clients. We discuss the advantages and limitations of many past and current approaches to this problem while paying close attention to the most commonly used visual 'CAPTCHA' solutions.
40 MB10 MB4.8 KB112 KB67 KB127 KB

Episode #100 | 12 July 2007 | 60 min.
Listener Feedback Q&A #21

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.8 MB2.1 KB92 KB57 KB118 KB

Episode #99 | 05 July 2007 | 53 min.
Trusted Platform Module (TPM)

Leo and I explain the virtues and misbegotten negative reputation of the entirely benign and extremely useful emergent crypto facility known as the "Trusted Platform Module."
25 MB6.4 MB2.1 KB74 KB43 KB104 KB

Episode #98 | 28 June 2007 | 49 min.
Internet Identity Metasystems

Leo and I discuss the user experience and operation of Microsoft's "CardSpace" technology which hopes to completely change the way users identify themselves on the Internet by doing away with traditional usernames and passwords.
24 MB6 MB2.1 KB65 KB37 KB97 KB

Episode #97 | 21 June 2007 | 46 min.
Operation: Bot Roast

Leo and I discuss the recent news of the FBI's announced crackdown and pursuit of 'bot-herders' who individually control networks of remote control DoS and Spam zombies numbering in the many tens of thousands.
22 MB5.7 MB2.1 KB53 KB34 KB92 KB

Episode #96 | 14 June 2007 | 75 min.
Listener Feedback Q&A #20

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB9.3 MB2.1 KB116 KB69 KB131 KB

Episode #95 | 07 June 2007 | 52 min.
OpenID

Leo and I examine the open, platform agnostic, license free, OpenID secure Internet identity authentication system which is rapidly gaining traction within the Internet community. It may well be the "single sign-on" solution that will simplify and secure our use of the world wide web.
25 MB6.3 MB3.4 KB63 KB41 KB101 KB

Episode #94 | 31 May 2007 | 54 min.
The Fourth Factor

Having discussed the first three "factors" in multifactor authentication (something you know, something you have, something you are), Leo and I explore aspects of the power and problems with the fourth factor, "someone you know."
26 MB6.6 MB2.5 KB63 KB37 KB98 KB

Episode #93 | 24 May 2007 | 72 min.
Microsoft Patent Wars

Leo and I tackle the past, present and future of software patents. Our discussion of this non-security topic was triggered by Microsoft's recent declaration that since free and open source software (FOSS) was infringing at least 235 of their software patents, someone ought to be paying them.
35 MB8.9 MB2.1 KB94 KB57 KB117 KB

Episode #92 | 17 May 2007 | 61 min.
Listener Feedback Q&A #19

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB7.5 MB2.1 KB94 KB55 KB116 KB

Episode #91 | 10 May 2007 | 81 min.
Marc Maiffret   (pronounced "may-fray")

Leo and I talk with Marc Maiffret, co-founder of eEye Digital Security of Aliso Viejo, California. eEye has perhaps done more forensic and vulnerability testing research to increase the remote security of Windows than any other group, including Microsoft. They continue to find and report an amazing number of Windows security vulnerabilities.
39 MB9.9 MB2.1 KB105 KB78 KB134 KB

Episode #90 | 03 May 2007 | 61 min.
Multifactor Authentication

Leo and I discuss the theory and practice of multifactor authentication which uses combinations of "something you know," "something you have," and "something you are" to provide stronger remote authentication than traditional, unreliable single-factor username and password authentication.
30 MB7.5 MB2.1 KB89 KB51 KB112 KB

Episode #89 | 26 Apr 2007 | 46 min.
Even More Badly Broken WEP

Leo and I review the operation of wireless network security and discuss in detail the operation of the latest attack on the increasingly insecure WEP encryption system. This new technique allows any WEP-protected WiFi network's secret cryptographic key to be discovered in less than 60 seconds.
22 MB5.6 MB2.6 KB62 KB36 KB97 KB

Episode #88 | 19 Apr 2007 | 57 min.
Listener Feedback Q&A #18

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
27 MB6.8 MB2.1 KB77 KB50 KB110 KB

Episode #87 | 12 Apr 2007 | 45 min.
SQL Injection Exploits

Leo and I wrap up our three-part series on web-based code injection vulnerabilities and exploitation with a discussion web-based structured query language (SQL) database attacks. We explain why and how SQL injection vulnerabilities are creating an ongoing plague of vulnerabilities besetting modern 'Web 2.0' applications.
22 MB5.6 MB3.4 KB58 KB36 KB96 KB

Episode #86 | 05 Apr 2007 | 61 min.
Cross-Site Scripting

In this second installment of our three-part coverage of web-based remote code injection, Leo and I discuss cross-site scripting vulnerabilities and exploits. I quickly read through the 28 vulnerabilities discovered in popular software just during the previous month and discusses the nature of the threat and challenge facing authors of modern 'dynamic' web sites and services.
30 MB7.5 MB3.1 KB81 KB55 KB116 KB

Episode #85a | 02 Apr 2007 | 11 min.
Animated Cursor Exploit   (Special Edition)

This special edition of Security Now was published to describe a potent zero-day exploit and alert our listeners to a fix for this problem that would be made available by Microsoft on the following day (April 3rd, 2007) thanks to an emergency "out-of-cycle" Windows update patch.
5.4 MB1.4 MB2.2 KB<< This special edition episode was not transcribed >>

Episode #85 | 29 Mar 2007 | 58 min.
Intro to Web Code Injection

Leo and I begin a three-episode series to discuss and examine web-based remote code injection exploits. Commonly known as 'Cross-Site Scripting' and 'SQL Injection,' these exploits are growing in popularity and strength as hackers discover increasingly clever ways to exploit subtle defects in next-generation web-based applications.
26 MB6.6 MB2.4 KB73 KB47 KB108 KB

Episode #84 | 22 Mar 2007 | 62 min.
Listener Feedback Q&A #17

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB7.6 MB2.1 KB107 KB63 KB126 KB

Episode #83 | 15 Mar 2007 | 50 min.
UAC in Depth

Leo and I wrap up our quest to get Windows Wi-Fi to 'Maintain Full Radio Silence' by adding one additional important tweak to Windows settings. Then we discuss the detailed security implications, now and in the future, of Vista's new and powerful user account control (UAC) system.
24 MB6.1 MB3.4 KB81 KB43 KB101 KB

Episode #82 | 08 Mar 2007 | 45 min.
Cyber Warfare

Leo and I discuss the interesting topic of state-sponsored Cyber Warfare. While born through the imagination of science fiction writers, the reality of international, inter-nation cyber combat is fiction no longer.
22 MB5.5 MB3.3 KB61 KB41 KB101 KB

Episode #81 | 01 Mar 2007 | 55 min.
Hard Drive Unreliability

Leo and I discuss the distressing results and implications of two recent very large population studies (more than 100,000 drives each) of hard drive field failures. Google and Carnegie Mellon University (CMU) both conducted and submitted studies for the recent 5th USENIX conference on File and Storage Technologies.
27 MB6.6 MB4.3 KB86 KB51 KB110 KB

Episode #80 | 22 Feb 2007 | 76 min.
Listener Feedback Q&A #16

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB9.1 MB2.7 KB124 KB75 KB140 KB

Episode #79 | 15 Feb 2007 | 61 min.
Backtracking Spoofed Spam eMail

Leo's 'TWiT.tv' and my 'GRC.com' domains are used by spambots which spoof their domains as the source of bogus eMail. This week they discuss the details of eMail "Received:" headers and explain how the examination of those headers can penetrate any spoofing to reveal the true originating IP of any spoofed spam eMail.
30 MB7.5 MB2.2 KB87 KB53 KB113 KB

Episode #78 | 08 Feb 2007 | 40 min.
DEP in Depth

With our new SecurAble freeware now launched, Leo and I discuss the full impact and importance of hardware DEP technology. I explain why I believe that hardware DEP is the single most important Internet-related security technology developed so far.
20 MB5.0 MB2.1 KB53 KB35 KB95 KB

Episode #77 | 01 Feb 2007 | 61 min.
Microsoft on Vista DRM

In episode #74 Peter Gutmann shared his concerns and fears about the system-wide consequences and impact of the digital rights management (DRM) Microsoft has built deeply into Vista. Microsoft's Vista Team responded with a comprehensive Blog posting which Leo and I read and examine this week.

Here is the blog posting we used as our source:

Windows Vista Content Protection - Twenty Questions (and Answers)
30 MB7.5 MB2.2 KB100 KB59 KB120 KB

Episode #76 | 25 Jan 2007 | 61 min.
Listener Feedback Q&A #15

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB7.5 MB2.1 KB98 KB59 KB122 KB

Episode #75 | 18 Jan 2007 | 50 min.
Vista DRM Wrap-Up & Announcing “SecurAble”

Following last week's guest appearance by Peter Gutmann, Leo and I wrap up the topic of Vista's new, deep, and pervasive Digital Rights Management (DRM) system. I also announce the completion and availability of GRC's latest freeware: “SecurAble.”

Click this link for Securable's web page.
24 MB6.1 MB2.0 KB81 KB44 KB106 KB

Episode #74 | 11 Jan 2007 | 50 min.
Peter Gutmann on Vista DRM

Peter Gutmann, the author of the highly controversial white paper detailing the significant cost of Windows Vista's deeply-entrenched digital rights management (DRM) technology, joins Leo and me this week to discuss his paper and his findings.
24 MB6.1 MB2.3 KB72 KB50 KB110 KB

Episode #73 | 04 Jan 2007 | 65 min.
Digital Rights Management (DRM)

In preparation for next week's look at how and why Windows Vista has incorporated the most pervasive and invasive system for digital rights management ever created, AACS, Leo and I first take a step back to survey the history and evolution of media property rights and the technologies used to enforce them.
32 MB8.0 MB2.1 KB79 KB54 KB113 KB

Episode #72 | 28 Dec 2006 | 61 min.
Listener Feedback Q&A #14

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB7.5 MB2.1 KB92 KB58 KB118 KB

Episode #71 | 21 Dec 2006 | 58 min.
SecurAble

This week I take the wraps off our forthcoming security freeware utility: SecurAble. Although I'm still working to get it finished, tested, and ready for initial release, I describe what SecurAble will do and some of the unexpected hurdles I've encountered with the application and with details of Windows operation along the way.
28 MB7.1 MB2.1 KB92 KB54 KB118 KB

Episode #70 | 14 Dec 2006 | 56 min.
Achieving Internet Anonymity

Last week Leo and I discussed the social implications and the social power of Internet Anonymity. This week we discuss the technology of Freenet and TOR (Onion Router) networks, and I describe the detailed technical operation of both systems.
27 MB6.8 MB2.3 KB68 KB46 KB103 KB

Episode #69 | 07 Dec 2006 | 37 min.
The Social Implications of Internet Anonymity

To create some background for next week's discussion about the significant technical challenges involved in creating true anonymity on the Internet, this week Leo and I discuss the consequences of the use and abuse of the extreme power afforded by many different forms of Internet anonymity, privacy, and freedom of speech.
18 MB4.6 MB2.1 KB56 KB33 KB94 KB

Episode #68 | 30 Nov 2006 | 97 min.
Listener Feedback Q&A #13

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB11.7 MB2.1 KB160 KB89 KB154 KB

Episode #67 | 23 Nov 2006 | 39 min.
Kernel Patch Protection

Leo and I first discuss errata from previous episodes, correcting, among other things, Steve's first poor impression of Vista's performance. Then we discuss the results of my in-depth research into the inner workings of Vista's Kernel Patch Protection (aka PatchGuard) to uncover its limitations, benefits, and real purpose.
19 MB4.9 MB3.9 KB72 KB38 KB99 KB

Episode #66 | 16 Nov 2006 | 43 min.
Windows Vista Security

Leo and I describe the new security features Microsoft has designed and built into their new version of Windows, Vista. We examine the impact of having such features built into the base product rather than offered by third parties as add-ons. And we carefully compare the security benefits of Vista on 64-bit versus 32-bit hardware platforms.
21 MB5.3 MB2.1 KB79 KB40 KB104 KB

Episode #65 | 09 Nov 2006 | 42 min.
Why Is Security So Difficult?

Leo and I get a bit philosophical this week. We discuss the broad nature of Security — all security, not just computer security. We propose a new definition of 'Security' and flesh it out with examples to illustrate why security is so difficult, if not impossible.
20 MB5.2 MB3.3 KB72 KB39 KB101 KB

Episode #64 | 02 Nov 2006 | 61 min.
Listener Feedback Q&A #12

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
29 MB7.3 MB2.1 KB101 KB58 KB121 KB

Episode #63 | 26 Oct 2006 | 66 min.
MojoPac

Leo and I get deeply into the new MojoPac product from RingCube Technologies. After spending several days plumbing the depths of this intriguing new idea for installing secure and private Windows program and file installations onto transportable USB devices, I tell all about what I found and what I believe it means now and in the future.
32 MB8.1 MB1.8 KB100 KB60 KB120 KB

Episode #62 | 19 Oct 2006 | 60 min.
Internet Proxies

Leo and I discuss the entire range of applications for Internet Proxies and Proxy Servers. We describe the many different uses for proxies while discussing both the benefits and the potential security and privacy liabilities created by filtering and caching web and other Internet content.
29 MB7.3 MB1.8 KB113 KB57 KB123 KB

Episode #61 | 12 Oct 2006 | 35 min.
ISP Privacy and Security

Leo and I discuss two new 0-day Internet Explorer vulnerabilities (both now being exploited on the Internet); then we explore the commonly expressed privacy and security concerns presented by the need to trust Internet Service Providers (ISP).
17 MB4.2 MB4.2 KB65 KB33 KB97 KB

Episode #60 | 05 Oct 2006 | 53 min.
Listener Feedback Q&A #11

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
26 MB6.4 MB1.8 KB103 KB56 KB142 KB

Episode #59 | 28 Sep 2006 | 69 min.
Comparing "Parallels" VMs

Completing the topic of current virtual machine technology and products, Steve and Leo closely examine the commercial multiplatform virtual machine offerings from "Parallels," comparing them to VMware and Virtual PC. Steve also corrects an important incorrect statement he made the previous week about features missing from VMware's free Server VM solution.
33 MB8.3 MB2.1 KB148 KB68 KB137 KB

Episode #58 | 21 Sep 2006 | 34 min.
Two New Critical Windows Problems

Leo and I discuss the breaking news of two new critical Windows problems: A new vulnerability that is being actively exploited on the web to install malware into innocent users' machines — and a work-around that all Windows users can employ to protect themselves. And a serious file-corruption bug Microsoft introduced into last month's security update that affects all Windows 2000 users.
16 MB4.1 MB5.4 KB58 KB34 KB95 KB

Episode #57 | 14 Sep 2006 | 42 min.
Virtual PC versus VMware

Leo and I wrap up our multi-week series about virtual machines and virtual machine technology by closely analyzing the differences and similarities between the free and commercial VM products offered by Microsoft and VMware.
21 MB5.2 MB2.1 KB72 KB39 KB100 KB

Episode #56 | 07 Sep 2006 | 59 min.
Listener Feedback Q&A #10

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
28 MB7.1 MB1.8 KB120 KB60 KB126 KB

Episode #55 | 31 Aug 2006 | 48 min.
Application Sandboxes

Having discussed "heavy weight" virtualization technology in recent weeks, this week Leo and I examine "lighter weight" application sandboxing technology and the software solutions currently available to perform this form of application "wrapping." We discuss the inherent limitations of sandbox security and explain how valuable sandboxes can be for privacy enforcement.
23 MB5.8 MB1.8 KB79 KB43 KB106 KB

Episode #54 | 24 Aug 2006 | 52 min.
Blue Pill

Leo and I continue our ongoing discussion of the security implications and applications of virtualization and virtual machines. This week we examine the "Blue Pill" OS subversion technology made possible by AMD's next generation virtualization hardware support. We debunk the hype surrounding this interesting and worrisome capability, placing it into a larger security and virtualization context.
25 MB6.3 MB1.7 KB85 KB47 KB109 KB

Episode #53 | 17 Aug 2006 | 40 min.
VMware

Leo and I briefly recap the concepts and technology of Virtual Machine (VM) technology, then thoroughly explore the free and commercial offerings of the earliest company to pioneer Intel-based high-performance virtual machines, VMware. We focus upon the free VMware Player which allows Virtual Machine 'Appliances' to be 'played' on any supported platform. They examine the value of these VMware solutions for creating highly secure 'sandbox' containment environments as well as for cover-your-tracks privacy.
19 MB4.8 MB2.8 KB81 KB38 KB102 KB

Episode #52 | 10 Aug 2006 | 49 min.
A Busy Week for Security Troubles

Leo and I discuss the week's security woes, covering D-Link and Centrino wireless buffer overflows which allow remote wireless compromise of user's networks and machines. We explore the recent revelation that JavaScript can be used to scan an unwitting user's internal network to take over their equipment. We talk about the purchase of Hamachi by LogMeIn and how Botnets are being used to create fraudulent eBay users with perfect "feedback" in order to defraud even careful eBay users. And more!
23.6 MB5.9 MB4.6 KB112 KB51 KB117 KB

Episode #51 | 03 Aug 2006 | 45 min.
Vista's Virgin Stack

Leo and I discuss the revelation, courtesy of a Symantec study and report, that Microsoft's forthcoming Vista operating system has a brand new, written from scratch, networking stack supporting old and new network protocols. They consider the sobering security consequences of Microsoft's decision to scrap Window's old but battled-hardened network stack in favor of one that's new and unproven.
21.8 MB5.5 MB2.9 KB101 KB45 KB110 KB

Episode #50 | 27 Jul 2006 | 52 min.
Virtual Machine History & Technology

Leo and I discuss the historical beginnings of Virtual Machine technology, from the 40-year-old IBM VM/360 operating system through virtual machine language emulators and today's VMware and Virtual PC solutions. This kicks off a multi-episode discussion of the tremendous security benefits and practical uses of modern day Virtual Machine technology.
24.8 MB6.2 MB2.2 KB88 KB47 KB109 KB

Episode #49 | 20 Jul 2006 | 58 min.
The NETSTAT Command

Leo and I describe the operation and use of the universally available "Netstat" command -- available in every desktop operating system from Unix and Linux through Windows and Macs. "Netstat" allows anyone to instantly see what current Internet connections and listening ports any system has open and operating. Mastering the power of this little-known command will greatly empower any security-conscious computer user.
28 MB7.0 MB2.2 KB104 KB55 KB120 KB

Episode #48 | 13 Jul 2006 | 66 min.
Listener Feedback Q&A #9

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB2.2 KB111 KB65 KB126 KB

Episode #47 | 06 Jul 2006 | 62 min.
Internet Weaponry

Leo and I trace the history and rapid growth of Internet Denial of Service (DoS) attack techniques, tools, and motivations over the past eight years. We discuss many different types of attacks while focusing upon the distributed bandwidth flooding attacks that are the most destructive and difficult to block.
30 MB7.6 MB2.2 KB100 KB54 KB116 KB

Episode #46 | 29 Jun 2006 | 36 min.
Router Logs

Leo and I clarify the confusion surrounding consumer NAT router logging. We explain why routers tend to overreact to Internet 'noise' by 'crying wolf' too often, why the logs produced by consumer routers are unfortunately not very useful, and when paying attention to logs does and does not make sense.
17 MB4.4 MB2.2 KB60 KB33 KB94 KB

Episode #45 | 22 Jun 2006 | 26 min.
The 'Hosts' File

Leo and I reveal and describe the 'HOSTS' file, which is hidden away within every Internet-capable machine. We explain how, because it is always the first place a machine looks for the IP address associated with any other machine name, it can be used to easily and conveniently intercept your computer's silent communication with any questionable web sites you'd rather have it not talking to.
13 MB3.1 MB2.2 KB44 KB24 KB85 KB

Episode #44 | 15 Jun 2006 | 63 min.
Listener Feedback Q&A #8

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.7 MB2.2 KB109 KB59 KB123 KB

Episode #43 | 08 Jun 2006 | 58 min.
Open Ports

This week Leo and I cover the broad subject of 'open ports' on Internet-connected machines. We define 'ports', and what it means for them to be open, closed, and stealth. We discuss what opens them, what it means to have ports 'open' from both a functional and security standpoint, how open ports can be detected, whether stealth ports are really more secure than closed ports, and differences between TCP and UDP port detection.
28 MB7.0 MB2.2 KB89 KB52 KB113 KB

Episode #42 | 01 Jun 2006 | 35 min.
NAT Traversal

Leo and I delve into the inner workings of NAT routers. We examine the trouble NAT routers present to peer-to-peer networks where users are behind NAT routers that block incoming connections, and we explain how a third-party server can be briefly used to help each router get its packets through to the other, thus allowing them to directly connect.
17 MB4.2 MB2.2 KB64 KB31 KB92 KB

Episode #41 | 25 May 2006 | 40 min.
TrueCrypt

This week Leo and I explain why we love "TrueCrypt", a fabulous, free, open source, on-the-fly storage encryption tool that is fast, flexible, super-well-engineered, feature packed, and able to provide advanced state of the art encryption services for many applications.
20 MB4.9 MB2.2 KB65 KB36 KB97 KB

Episode #40 | 18 May 2006 | 71 min.
Listener Feedback Q&A #7

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies and issues we have previously discussed.
34 MB8.5 MB2.2 KB140 KB71 KB135 KB

Episode #39 | 11 May 2006 | 50 min.
Buffer Overruns

In one of our more "aggressively technical" episodes, Leo and I discuss the pernicious nature of software security bugs from the programmer's perspective. We explain how "the system stack" functions, then provide a detailed look at exactly how a small programming mistake can allow executable code to be remotely injected into a computer system despite the best intentions of security-conscious programmers.
24 MB6 MB2.2 KB59 KB40 KB98 KB

Episode #38 | 04 May 2006 | 37 min.
Browser Security

Leo and I discuss the broad topic of web browser security. We examine the implications of running "client-side" code in the form of interpreted scripting languages such as Java, JavaScript, and VBScript, and also the native object code contained within browser "plug-ins" including Microsoft's ActiveX. I outline the "zone-based" security model used by IE and explain how I surf with high security under IE, only "lowering my shields" to a website after I've had the chance to look around and decide that the site looks trustworthy.
18 MB4.5 MB2.2 KB59 KB33 KB93 KB

Episode #37 | 27 Apr 2006 | 36 min.
Crypto Series Wrap-up

Leo and I conclude our multi-week coverage of the fundamental technologies underlying modern cryptographic systems. We discuss the number of 512-bit primes (two of which are used to form 1024-bit public keys) and the relative difficulty of performing prime factorizations at various bit lengths. We discuss the importance of, and solutions to, private key recovery using varying numbers of trustees. And conclude by explaining the need for, and the operation of, security certificates.
17 MB4.4 MB2.2 KB110 KB39 KB105 KB

Episode #36 | 20 Apr 2006 | 56 min.
Listener Feedback Q&A #6

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.
27 MB6.7 MB2.2 KB113 KB56 KB86 KB

Episode #35 | 13 Apr 2006 | 34 min.
Cryptographic Hashes

Having covered stream and block symmetric ciphers and asymmetric ciphers, this week Leo and I describe and discuss "cryptographic hashes", the final component to comprise a complete fundamental cryptographic function suite. We discuss the roles of, and attacks against, many common and familiar cryptographic hashes including MD5 and SHA1.
16 MB4.1 MB2.2 KB55 KB30 KB56 KB

Episode #34 | 06 Apr 2006 | 37 min.
Public Key Cryptography

Having discussed symmetric (private) key ciphers during the last two weeks, this week Leo and I examine asymmetric key cryptography, commonly known as "Public Key Cryptography". We begin by examining the first public key cryptosystem, known as the Diffie-Hellman Key Exchange, invented in 1976. Then we describe the operation of general purpose public key cryptosystems such as the one invented by RSA.
18 MB4.5 MB2.2 KB63 KB34 KB52 KB

Episode #33 | 30 Mar 2006 | 43 min.
Symmetric Block Ciphers

Leo and I answer last week's Puzzler/BrainTeaser which explored the idea of using two private one-time pad "keys," like two padlocks, to securely convey a message between two parties, neither of whom would have the other's key. Then we continue our ongoing tour of fundamental crypto technology by describing the operation of Symmetric Block Ciphers.
21 MB5.2 MB2.2 KB64 KB38 KB58 KB

Episode #32 | 23 Mar 2006 | 55 min.
Listener Feedback Q&A #5

Leo and I briefly review last week's topic of symmetric stream ciphers, then we pose the first Security Now! Puzzler/BrainTeaser which proposes a secure means for sending encrypted messages where neither party knows the other's key. The Puzzler/BrainTeaser will be answered and resolved at the start of next week's episode. Then, as always in our Q&A episodes, we answer questions and discuss issues raised by listeners.
26 MB6.6 MB2.2 KB105 KB53 KB75 KB

Episode #31 | 16 Mar 2006 | 53 min.
Symmetric Stream Ciphers

Leo and I continue our multi-episode tour of cryptographic technology. This week we analyze the cryptographic operation of secret decoder rings which we use to develop a solid foundation of cryptographic terminology. We then examine the first of two forms of symmetric, private key cryptography known as symmetric stream ciphers. Two weeks from now, after next week's Q&A episode, we'll discuss the operation of symmetric block ciphers.
25 MB6.4 MB2.2 KB83 KB46 KB66 KB

Episode #30 | 09 Mar 2006 | 30 min.
Cryptographic Issues

Leo and I open our multi-week discussion of the operation and technology of cryptography. This first week we start by examining the social consequences and ethical implications of common citizens being empowered with freely available cryptographic technology that no force on Earth — no government agency, no corporation, no private individual — can crack within their lifetimes.
14 MB3.6 MB2.2 KB50 KB28 KB49 KB

Episode #29 | 02 Mar 2006 | 52 min.
Ethernet Insecurity

Leo and I discuss the design, operation, and complete lack of security of Ethernet — the LAN technology that virtually all of the world uses. We explain how this lack of security enables a wide range of serious attacks to be perpetrated by any other machine sharing the same Ethernet — such as in a wireless hotspot, within a corporate network, or even in a wired hotel where the entire hotel is one big exploitable Ethernet LAN. GRC's ARP Cache Poisoning page contains a detailed explanation of these problems with diagrams and links to readily available Ethernet ARP exploitation malware.

ARP Cache Poisoning: http://www.grc.com/nat/arp.htm
25 MB6.3 MB24 KB79 KB45 KB61 KB

Episode #28 | 23 Feb 2006 | 40 min.
Listener Feedback Q&A #4

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.
19 MB4.8 MB2.2 KB95 KB43 KB63 KB

Episode #27 | 16 Feb 2006 | 37 min.
How Local Area Networks Work, Part 1

Having covered the operation of the Internet's WAN (Wide Area Network) technology in the past two weeks, this week Leo and I turn to discussing the way Local Area Networks (LANs) operate and how they interface with the Internet WAN. We address the configuration of subnet masks, default gateways, and DHCP to explain how packets are routed among machines and gateways within a LAN.
18 MB4.5 MB2.2 KB65 KB35 KB54 KB

Episode #26 | 09 Feb 2006 | 38 min.
How the Internet Works, Part 2

During this 38-minute, part 2 episode of "How the Internet Works," Leo and I briefly review last week's discussion of the ICMP protocol, then discuss the operational details of the Internet's two main data-carrying protocols: UDP and TCP.
18 MB4.6 MB2.2 KB58 KB33 KB51 KB

Episode #25 | 02 Feb 2006 | 49 min.
How the Internet Works, Part 1

During this 49-minute episode, Leo and I briefly discuss the 'Kama Sutra' virus that will become destructive on February 3rd. We briefly discuss PC World Magazine's recent evaluation and ranking of ten top anti-malware systems. And we begin our long-planned 'fundamental technology' series with a two-part close look at the history and detailed operation of the global Internet.
24 MB5.9 MB5.6 KB70 KB43 KB59 KB

Episode #24 | 26 Jan 2006 | 40 min.
Listener Feedback Q&A #3

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.
39 MB5.0 MB26 KB113 KB45 KB67 KB

Episode #23 | 19 Jan 2006 | 29 min.
GRC's "MouseTrap"

Leo and I "close the backdoor" on the controversial Windows WMF Metafile image code execution (MICE) vulnerability. We discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware: MouseTrap which determines whether any Windows or Linux/WINE system has 'MICE'.

Download "MouseTrap" – our free MICE tester (29 kb)
14 MB3.5 MB26 KB53 KB29 KB49 KB

Episode #22 | 12 Jan 2006 | 39 min.
The Windows MetaFile Backdoor?

Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Download "MouseTrap" – our free MICE tester (29 kb)
19 MB4.8 MB4.1 KB63 KB37 KB54 KB

Episode #21 | 05 Jan 2006 | 27 min.
The Windows MetaFile (WMF) Vulnerability

Leo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular -- and very necessary -- temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond.
13 MB3.3 MB5.8 KB61 KB28 KB50 KB

Episode #20 | 29 Dec 2005 | 54 min.
A SERIOUS new Windows vulnerability — and Listener Q&A

On December 28th a serious new Windows vulnerability has appeared and been immediately exploited by a growing number of malicious web sites to install malware. Many worse viruses and worms are expected soon. We start off discussing this and our show notes provides a quick necesary workaround until Microsoft provides a patch. Then we spend the next 45 minutes answering and discussing interesting listener questions.
26 MB6.5 MB10 KB104 KB52 KB70 KB

Episode #19 | 22 Dec 2005 | 53 min.
VPNs Three: Hamachi, iPig, and OpenVPN

Leo and I wrap up our multi-week, in-depth coverage of PC VPN solutions by discussing some aftermath of the zero-configuration Hamachi system; introducing "iPig," a very appealing new zero-configuration VPN contender; and describing the many faces of OpenVPN, the "Swiss army knife" of VPN solutions.
25 MB6.4 MB2.4 KB96 KB50 KB68 KB

Episode #18 | 15 Dec 2005 | 33 min.
"Hamachi" Rocks!

This week Leo and I discuss and describe the brand new, ready to emerge from a its long development beta phase, ultra-secure, lightweight, high-performance, highly-polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system known as "Hamachi". After two solid weeks of testing and intense dialog with Hamachi's lead developer and designer, I have fully vetted the system's security architecture and have it running on many of my systems. While I am travelling to Toronto this week, Hamachi is keeping my roaming laptop securely and directly connected to all of my machines back home. Don't miss this one!
16 MB4.1 MB2.4 KB81 KB36 KB58 KB

Episode #17 | 08 Dec 2005 | 33 min.
PPTP and IPSec VPN Technology

In our continuing exploration of VPN technology for protecting network users on networks they don't control, Leo and I discuss the oldest "original" VPN protocols: Industry standard IPSec, and Microsoft's own PPTP and L2TP/IPSec. We examine and explain the trouble with interconnecting Windows machines to third-party VPN routers and examine the many reasons these older technologies are probably not optimal for on-the-go road warriors.
16 MB4.0 MB7.7 KB61 KB31 KB51 KB

Episode #16 | 01 Dec 2005 | 42 min.
Listener feedback Q&A #1

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies we have previously discussed.
20 MB5.1 MB2.3 KB100 KB43 KB65 KB

Episode #15 | 24 Nov 2005 | 43 min.
VPN Secure Tunneling Solutions

Leo and I discuss the use of SSL and SSH encrypted tunneling for providing privacy and security whenever an insecure local network is being used — such as at an open WiFi hotspot or when using a hotel's network. These solutions are not transparent and tend to be configuration intensive. They also require the use of a "server" of some sort at the user's home or office. This makes these approaches less suitable for casual users, but offers a solution for the more technically inclined road warriors.
21 MB5 MB5.6 KB85 KB40 KB60 KB

Episode #14 | 17 Nov 2005 | 27 min.
Virtual Private Networks (VPN): Theory

Leo and I first follow-up on the past two episodes, discussing new developments in the continuing Sony Rootkit DRM drama, and clearing up some confusion over the crackability of WPA passphrases. Then, in this first of our two-part series on VPNs, we discuss the theory of VPN connections and tunnels, explaining how they work and why they represent such a terrific solution for anyone who needs security while they're away from home.
13 MB3.2 MB2.3 KB74 KB29 KB52 KB

Episode #13 | 10 Nov 2005 | 35 min.
Unbreakable WiFi Security

Leo and I follow-up on last week's discussion of the Sony Rootkit debacle with the distressing news of "phoning home" (spyware) behavior from the Sony DRM software, and the rootkit's exploitation by a new malicious backdoor Trojan. We then return to complete our discussion of WiFi security, demystifying the many confusing flavors of WPA encryption and presenting several critical MUST DO tips for WPA users.
17 MB4.2 MB3.2 KB 70 KB32 KB54 KB

Episode #12 | 03 Nov 2005 | 24 min.
Sony's "Rootkit Technology" DRM (copy protection gone bad)

Leo and I discuss details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme. This poorly written software unnecessarily employs classic rootkit technology (see episode #9) to hide from its users after installation. It can not be uninstalled easily, it can be easily misused for malicious purposes, and it has been implicated in many repeated BSOD "blue screen of death" PC crashes.
12 MB2.9 MB8.2 KB46 KB23 KB45 KB

Episode #11 | 27 Oct 2005 | 38 min.
Bad WiFi Security (WEP and MAC address filtering)

Leo and I answer some questions arising from last week's episode, then plow into a detailed discussion of the lack of security value of MAC address filtering, the futility of disabling SSID's for security, and the extremely poor security offered by the first-generation WEP encryption system.
18 MB4.6 MB2.3 KB70 KB34 KB54 KB

Episode #10 | 20 Oct 2005 | 28 min.
Open Wireless Access Points

Leo and I examine the security and privacy considerations of using non-encrypted (i.e. 'Open') wireless access points at home and in public locations. We discuss the various ways of protecting privacy when untrusted strangers can 'sniff' the data traffic flowing to and from your online PC.
14 MB3.4 MB3.2 KB51 KB28 KB47 KB

Episode #9 | 13 Oct 2005 | 32 min.
Rootkits

This week we discuss "rootkit technology". We examine what rootkits are, why they have suddenly become a problem, and how that problem is rapidly growing in severity. We also discuss their detection and removal and point listeners to some very effective free rootkit detection solutions.
16 MB3.9 MB5.2 KB70 KB