blog icon Twitter Icon RSS Icon





Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I take 30 to 90 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A web page with any supplementary notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #338 | 01 Feb 2012 | 92 min.
Listener Feedback #136

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 148 KB 83 KB 157 KB

Episode #337 | 25 Jan 2012 | 74 min.
WPS: A Troubled Protocol

This week, after catching up on an interesting week of Security and Privacy news and legislation, Leo and I examine the troubled Wi-Fi Protected Security (WPS) protocol in detail to understand its exact operation, and to examine a series of limitations that cannot be resolved.
36 MB 8.9 MB 107 KB 61 KB 121 KB

Episode #336 | 18 Jan 2012 | 96 min.
Listener Feedback #135

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 120 KB 78 KB 144 KB

Episode #335 | 09 Jan 2012 | 83 min.
Wi-Fi Protected (In)Security

After catching up with only a small bit of the week's security news, Leo and I discuss the recent revelation of a fundamental security flaw in the functioning of the WiFi WPA standard. WiFi Access Points, following the certification-mandated default configuration, allow an attacker to obtain network access within just a few hours.
40 MB 10 MB 103 KB 63 KB 121 KB

Episode #334 | 04 Jan 2012 | 98 min.
Listener Feedback #134

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 165 KB 87 KB 163 KB

Episode #333 | 28 Dec 2011 | 95 min.
Science Fiction Holiday Special

After catching up with just a bit of year-end security news, for their special holiday episode, Steve and Leo review their favorite Science Fiction books and movies, pulling the commentary they have previously scattered throughout many years into a single reference.
46 MB 11 MB 167 KB 83 KB 162 KB

Episode #332 | 21 Dec 2011 | 93 min.
Listener Feedback #133

Tom and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 98 KB 79 KB 139 KB

Episode #331 | 14 Dec 2011 | 94 min.
Mega Security News Update

We had so much news this week that it squeezed out our show's planned topic of Google's new SDPY web browser protocol. So we'll tackle that early next year. In the meantime, Leo and Steve will discuss the news of this very active week!
45 MB 11 MB 177 KB 81 KB 160 KB

Episode #330 | 07 Dec 2011 | 99 min.
Listener Feedback #132

Tom and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 101 KB 81 KB 141 KB

Episode #329 | 30 Nov 2011 | 74 min.
Browser ID

After catching up with the week's news, Leo and I examine the operation of Mozilla's solution to the need for secure, reliable and easy-to-use establishment of online Internet identity known as: BrowserID. We also compare it with all of the other existing technologies and solutions we've discussed before.
35 MB 8.8 MB 109 KB 62 KB 120 KB

Episode #328 | 23 Nov 2011 | 102 min.
Listener Feedback #131

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 148 KB 88 KB 162 KB

Episode #327 | 16 Nov 2011 | 68 min.
Internet Privacy Update

The day before recording this podcast in the studio with Leo, I attended an annual Internet privacy conference. After catching up with the week's security news, updates, and errata, I share what I saw and learned during the conference, including three VERY promising new privacy and authentication tools.
33 MB 8.2 MB 155 KB 68 KB 137 KB

Episode #326 | 09 Nov 2011 | 102 min.
Listener Feedback #130

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 148 KB 86 KB 159 KB

Episode #325 | 02 Nov 2011 | 74 min.
TCP Pt.3 - Necessary Refinements

After catching up with the week's news, Leo and I return this week to our "How the Internet Works" fundamentals series. We examine the challenges presented by “packet-based connections” to further understand the operation of the Internet's most popular and complex protocol: TCP.
35 MB 8.9 MB 83 KB 57 KB 109 KB

Episode #324 | 26 Oct 2011 | 75 min.
Listener Feedback #129

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB 9 MB 110 KB 64 KB 124 KB

Episode #323 | 19 Oct 2011 | 84 min.
TCP Pt.2 - Attacking TCP

After catching up with the week's news, Leo and I return this week to our “How the Internet Works” fundamentals series. We examine the operation of the various attacks that have been made through the years against the Internet's most popular and complex protocol: TCP.
41 MB 10 MB 84 KB 63 KB 116 KB

Episode #322 | 12 Oct 2011 | 75 min.
Listener Feedback #128

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB 9 MB 86 KB 69 KB 123 KB

Episode #321 | 05 Oct 2011 | 103 min.
The Beauty of B.E.A.S.T.

After catching up with the week's security news, Steve and Leo examine the implications of a recent Internet-wide exploit known as BEAST: Browser Exploits Against SSL/TLS. They share the process used by the discoverers of an exploit for this long-known vulnerability and consider its implications.
49 MB 12 MB 135 KB 84 KB 154 KB

Episode #320 | 29 Sep 2011 | 91 min.
Listener Feedback #127

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 127 KB 78 KB 146 KB

Episode #319 | 22 Sep 2011 | 74 min.
Certificate Authority (CA) Trust - Time to Change it?

After catching up with just a bit of the past week's news, Leo and I explore the most mature potential replacement for the Internet's existing (and failing) “trust model” which has always been based upon the unequivocal trust of Certificate Authorities.
36 MB 8.9 MB 87 KB 58 KB 111 KB

Episode #318 | 15 Sep 2011 | 104 min.
Listener Feedback #126

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 151 KB 94 KB 170 KB

Episode #317 | 8 Sep 2011 | 92 min.
TCP Part 1 – Getting Connected

After catching up with a week of the amazing news of the security breach of the DigiNotar certificate authority, Steve and Leo continue their "How the Internet Works" series with the first of several episodes describing the operation of the Internet's most used protocol: TCP.
44 MB 11 MB 97 KB 68 KB 124 KB

Episode #316 | 1 Sep 2011 | 98 min.
Listener Feedback #125

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 135 KB 84 KB 154 KB

Episode #315 | 25 Aug 2011 | 83 min.
Off The Grid

After catching up with the week's news, I explain my goals, development process, and operation of the “Off The Grid” paper-based encryption system I developed for use in encrypting website domain names into matching secure website passwords.
40 MB 10 MB 168 KB 76 KB 149 KB

Episode #314 | 18 Aug 2011 | 82 min.
Listener Feedback #124

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 10 MB 111 KB 72 KB 134 KB

Episode #313 | 11 Aug 2011 | 103 min.
How The Internet Works: ICMP & UDP

After catching up with a busy week of security updates, and some miscellaneous fun security news, Tom & I return for the second installment of "How The Internet Works" with a look at the ICMP and UDP protocols.
49 MB 12 MB 89 KB 76 KB 130 KB

Episode #312 | 04 Aug 2011 | 90 min.
Listener Feedback #123

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 95 KB 77 KB 133 KB

Episode #311 | 28 Jul 2011 | 66 min.
Anatomy of a Security Mistake

This week, after catching up with a collection of interesting security events, Leo and I take a close look at a recently discovered security coding error, examining exactly how and why it occurred, to understand how easily these kinds of mistakes can be made... and how difficult it can be to EVER find them all.
32 MB 7.9 MB 82 KB 54 KB 105 KB

Episode #310 | 21 Jul 2011 | 103 min.
Listener Feedback #122

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 154 KB 90 KB 164 KB

Episode #309 | 14 Jul 2011 | 79 min.
How the Internet Works, Part 1

This week, after catching up with our usual grab bag of Internet-related security and privacy news, including another Microsoft Patch Tuesday, Leo and I plow into the first of a series of forthcoming episodes, which will be spread out over time, describing the detailed technical operation of the ever-more-ubiquitous global Internet.
38 MB 9.4 MB 91 KB 62 KB 118 KB

Episode #308 | 07 Jul 2011 | 103 min.
Listener Feedback #121

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 159 KB 92 KB 167 KB

Episode #307 | 30 Jun 2011 | 76 min.
The Future of Identity

This week, after catching up on the week's security and privacy news, Steve and Leo take a look at the state of Identity Management in Cyberspace with the U.S. Government's publication of its NSTIC - National Strategy for Trusted Identities in Cyberspace.
36 MB 9.1 MB 111 KB 67 KB 126 KB

Episode #306 | 23 Jun 2011 | 96 min.
Listener Feedback #120

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 146 KB 82 KB 154 KB

Episode #305 | 16 Jun 2011 | 67 min.
Ghostery

This week, after catching up on the week’s security and privacy news, Steve and Leo take a close look at “Ghostery,” a highly recommended, multi-OS, multi-browser extension that reveals all of the tracking bugs and cookies websites are hosting to track us, and optionally allows them to be blocked.
32 MB 8.0 MB 86 KB 56 KB 107 KB

Episode #304 | 09 Jun 2011 | 86 min.
Listener Feedback #119

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 119 KB 75 KB 140 KB

Episode #303 | 02 Jun 2011 | 91 min.
Password Haystacks

Steve shares something of a revelation about the true nature of passwords and why “password entropy” really doesn't matter as much as has long been believed. He explains, therefore, how it's possible for passwords to be both memorable AND impossible to crack at the same time.
44 MB 11 MB 125 KB 76 KB 139 KB

Episode #302 | 26 May 2011 | 94 min.
Listener Feedback #118

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 129 KB 82 KB 148 KB

Episode #301 | 19 May 2011 | 91 min.
Going Random, Part 2 of 2

After catching up with the week's security and privacy news, we conclude our two-part series discussing the need for, and applications of, random and pseudo-random numbers. We discuss the ways in which a computer, which cannot produce random numbers, can be programmed to do an extremely good job.
44 MB 11 MB 105 KB 70 KB 130 KB

Episode #300 | 12 May 2011 | 113 min.
Listener Feedback #117

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
54 MB 14 MB 177 KB 94 KB 173 KB

Episode #299 | 05 May 2011 | 91 min.
Going Random, Part 1 of 2

This week's security news and events took up so much time that we didn't have time to cover the entire topic of “Randomness” in security and cryptography. So we split the topic into two parts. This first week we open the topic and explain the background, problem and need. Week after next we'll plow into the solutions.
44 MB 11 MB 122 KB 76 KB 139 KB

Episode #298 | 28 Apr 2011 | 102 min.
Listener Feedback #116

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 157 KB 89 KB 164 KB

Episode #297 | 21 Apr 2011 | 90 min.
Pass-Sentences??

After catching up with a number of extra-interesting security news of the week, Steve and Leo explore the recently raised suggestion that using a three word "pass-sentence" such as “I like tomatoes” would be MORE secure (and far more memorable) than "J4f6<2". Short sentences are certainly easier to remember... but more secure?
43 MB 11 MB 117 KB 71 KB 134 KB

Episode #296 | 14 Apr 2011 | 108 min.
Listener Feedback #115

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 177 KB 97 KB 180 KB

Episode #295 | 07 Apr 2011 | 77 min.
The Comodo SSL Breach

After catching up with the past week's very busy security news, Leo and I closely examine the circumstances and repercussions surrounding the mid-March breach of the Comodo SSL certificate authority certificate signing system.
37 MB 9.2 MB 98 KB 58 KB 113 KB

Episode #294 | 31 Mar 2011 | 102 min.
Listener Feedback #114

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 155 KB 90 KB 166 KB

Episode #293 | 24 Mar 2011 | 93 min.
IE9

After catching up with a great deal of security news and interesting computer industry miscellania, Steve shares everything he has recently learned from his extensive study into the new security and privacy features of IE9.
45 MB 11 MB 140 KB 78 KB 146 KB

Episode #292 | 17 Mar 2011 | 83 min.
Listener Feedback #113

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 159 KB 78 KB 151 KB

Episode #291 | 10 Mar 2011 | 90 min.
Stuxnet

After catching up with a very busy week of software updates and wide-ranging security news, Steve & Leo discuss the revelations documented in Symantec's comprehensive “Stuxnet Dossier.”
43 MB 11 MB 109 KB 69 KB 130 KB

Episode #290 | 03 Mar 2011 | 94 min.
Listener Feedback #112

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 125 KB 80 KB 147 KB

Episode #289 | 24 Feb 2011 | 101 min.
Proxied Surfing

After catching up with the week's security updates and other security-related news, Leo and I discuss the many modes of operation of “Proxied Web Surfing” which are used to bypass firewalls and Internet filters, aid free speech, and alter the contents of web pages retrieved from the Internet.
48 MB 12 MB 120 KB 80 KB 144 KB

Episode #288 | 17 Feb 2011 | 92 min.
Listener Feedback #111

Tom Merritt and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 88 KB 73 KB 128 KB

Episode #287 | 10 Feb 2011 | 61 min.
BitCoin CryptoCurrency

This week, after catching up with a busy “Patch Tuesday,” Tom Merritt and I explore the fascinating crypto technology developed to create “BitCoin,” the Internet's decentralized peer-to-peer completely private online currency exchange system.
40 MB 9.9 MB 78 KB 63 KB 115 KB

Episode #286 | 03 Feb 2011 | 92 min.
Listener Feedback #110

Tom Merritt and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 91 KB 75 KB 132 KB

Episode #285 | 27 Jan 2011 | 67 min.
Fuzzy Browsers

After catching up with the week's security updates and news, Leo and I examine the use of “code fuzzing” to locate functional defects in the web browsers we use every day. Surprisingly, every browser in use today can be crashed with this technique.
32 MB 8.1 MB 74 KB 52 KB 100 KB

Episode #284 | 20 Jan 2011 | 79 min.
Listener Feedback #109

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
38 MB 9.5 MB 111 KB 68 KB 131 KB

Episode #283 | 13 Jan 2011 | 61 min.
Bluetooth Hacking

After catching up with the week's security and privacy news, Leo and I complete our analysis of the Bluetooth security by examining the history and current status of Bluetooth hacking exploits. We conclude with a set of recommendations for minimizing the Bluetooth attack surface.
32 MB 7.9 MB 79 KB 52 KB 102 KB

Episode #282 | 06 Jan 2011 | 96 min.
Listener Feedback #108

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 134 KB 82 KB 152 KB

Episode #281 | 30 Dec 2010 | 43 min.
The Portable Dog Killer, Encore

This is our special “TWiT is Closed for the Holidays” Christmas special encore episode of the tale of “The Portable Dog Killer”, a story I relate to Leo and our listeners from my own past, 39 years ago, containing a strong moral about the importance of getting out from behind the video game screen and actually building something.
21 MB 5.2 MB 84 KB 41 KB 90 KB

Episode #280 | 23 Dec 2010 | 99 min.
Bluetooth

After first catching up with a bunch of fun and interesting security and privacy news, Leo and I plow into a meaty and detailed description of the technology of Bluetooth device interconnection and its cryptographic security. A follow-on episode will cover the past hacking attacks against Bluetooth.
44 MB 11 MB 111 KB 71 KB 131 KB

Episode #279 | 16 Dec 2010 | 81 min.
Listener Feedback #107

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 10 MB 112 KB 70 KB 134 KB

Episode #278 | 09 Dec 2010 | 80 min.
Tag Me (with RFID)

After catching up on the week's security news, this week's co-host Tom Merritt and I discuss the interesting security, privacy, management and technology issues surrounding the implantation of a remotely readable RFID (radio frequency identification) tag into one's own body for the purpose of being authenticated by devices and systems in one's own environment, such as laptop, car, garage door, house front door, etc.
38 MB 10 MB 84 KB 67 KB 119 KB

Episode #277 | 02 Dec 2010 | 97 min.
Listener Feedback #106

Before plowing into this week's Q&A content, Leo and I catch up with the industry's security and privacy related news. I share a vitamin D researcher's reaction to a troubling new report about vitamin D, and share my recent science fiction reading discoveries and opinions.
47 MB 12 MB 136 KB 82 KB 150 KB

Episode #276 | 25 Nov 2010 | 75 min.
Testing DNS Spoofability

After catching up with the week's security updates and news, Leo and I revisit the continuing concern over DNS Spoofing by examining the technology behind my quite comprehensive, free, online DNS Spoofability Testing system at GRC.com.
36 MB 9.0 MB 91 KB 57 KB 110 KB

Episode #275 | 18 Nov 2010 | 79 min.
Listener Feedback #105

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
38 MB 9.5 MB 106 KB 65 KB 123 KB

Episode #274 | 11 Nov 2010 | 63 min.
Benchmarking DNS

After catching up with the week's security updates and news, I formally unveil GRC's latest freeware, the DNS Benchmark. I explain the value of the program's many features and discusses the operation of this “long time in coming” freeware offering.
30 MB 7.5 MB 73 KB 50 KB 98 KB

Episode #273 | 04 Nov 2010 | 77 min.
Listener Feedback #104 & The FireStorm

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
37 MB 9.2 MB 104 KB 63 KB 122 KB

Episode #272 | 28 Oct 2010 | 67 min.
Firesheep

After catching up with a very busy week of security-related news and events, Steve and Leo celebrate the game-changing creation and release of "Firesheep", an add-on for the Firefox web browser which makes online web session hijacking as easy as it could possibly be. This WILL change the world for the better.
32 MB 8.1 MB 105 KB 57 KB 115 KB

Episode #271 | 21 Oct 2010 | 96 min.
Listener Feedback #103

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 161 KB 84 KB 161 KB

Episode #270 | 14 Oct 2010 | 76 min.
The Evercookie

After reviewing the past week's security updates and news, Steve and Leo examine Samy Kamkar's (http://samy.pl/evercookie/) clever suite of Javascript Hacks, collectively used to create an "Evercookie" for tagging web browsers in a fashion that's extremely difficult to shake off.
37 MB 9.1 MB 98 KB 61 KB 119 KB

Episode #269 | 07 Oct 2010 | 70 min.
Listener Feedback #102

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB 8.4 MB 101 KB 62 KB 120 KB

Episode #268 | 30 Sep 2010 | 72 min.
CryptoSystem Backdoors

Leo and I discuss the deeply troubling recent news of possible legislation that would require all encrypted Internet communications, of any kind, to provide a means for U.S. law enforcement “wiretap” style monitoring.
34 MB 8.6 MB 101 KB 61 KB 117 KB

Episode #267 | 23 Sep 2010 | 72 min.
Listener Feedback #101

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB 8.7 MB 110 KB 64 KB 123 KB

Episode #266 | 16 Sep 2010 | 83 min.
Inside OAuth

This week, after covering some rather significant security updates and news, Leo and I plow into the still-evolving Internet OAuth protocol. OAuth is used for managing the controlled delegation of access authorization to third-party web sites and services. It sounds more confusing than it is. Well, maybe not.
40 MB 10 MB 92 KB 64 KB 119 KB

Episode #265 | 09 Sep 2010 | 74 min.
Listener Feedback #100

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB 8.9 MB 101 KB 63 KB 119 KB

Episode #264 | 02 Sep 2010 | 64 min.
Side-Channel Privacy Leakage

This week Leo and I examine the many tiny bits of individually non-unique information that inherently leak from a user's web browser out on the Internet. What's surprising is that when all of these individual non-unique bits are gathered together and assembled into a single “fingerprint,” the result IS often unique and can thereby be used as a tracking fingerprint to identify individual users' movements as they surf.
31 MB 7.7 MB 68 KB 48 KB 95 KB

Episode #263 | 26 Aug 2010 | 81 min.
Listener Feedback #99

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 10 MB 115 KB 69 KB 131 KB

Episode #262 | 19 Aug 2010 | 61 min.
Strict Transport Security

This week, after catching up with the week's security news, Steve describes the exciting emerging web standard known as "STS" or "Strict Transport Security" which, when supported by browser and web site, allows a web site to dramatically increase its access security by telling the browser to only connect securely and disallow any security exceptions.
29 MB 7 MB 77 KB 49 KB 97 KB

Episode #261 | 12 Aug 2010 | 69 min.
Listener Feedback #98

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
33 MB 8.3 MB 96 KB 61 KB 117 KB

Episode #260 | 05 Aug 2010 | 82 min.
DNS Rebinding

This week, after catching up on all of the post-BlackHat and DefCon conference news, Steve and Leo plow into the detailed depths of “DNS Rebinding.” Together they thoroughly explore this significant and fundamental weakness of the Internet's security.
40 MB 9.9 MB 115 KB 68 KB 130 KB

Episode #259 | 29 Jul 2010 | 95 min.
Listener Feedback #97

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 11 MB 137 KB 79 KB 149 KB

Episode #258 | 22 Jul 2010 | 89 min.
Five Years of Vulnerabilities

This week Leo and I discuss a disturbing new Windows 0-day vulnerability present in all versions of Windows. We cover a very busy week of security news, then discuss the recently released report from Secunia which analyzes the past five years of Windows software vulnerabilities.
43 MB 11 MB 104 KB 69 KB 127 KB

Episode #257 | 15 Jul 2010 | 84 min.
Listener Feedback #96

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 134 KB 74 KB 142 KB

Episode #256 | 08 Jul 2010 | 109 min.
LastPass

Steve and Leo cover the week's Internet-related security news, then Steve delivers his long awaited in-depth review and evaluation of LastPass. Steve explains the nature of the need for high-security passwords, the problem that need creates, and the way the design of LastPass completely and in every way securely answers that need.
52 MB 13 MB 148 KB 90 KB 163 KB

Episode #255 | 01 Jul 2010 | 70 min.
Listener Feedback #95

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB 8.4 MB 92 KB 57 KB 113 KB

Episode #254 | 24 Jun 2010 | 74 min.
What We'll Do for Speed

This week Steve and Leo examine the amazing evolution of microprocessor internals. They trace the development of the unbelievably complex technologies that have been developed over the past 25 years to wring every last possible cycle of performance from an innocent slice of silicon.
35 MB 8.8 MB 85 KB 57 KB 108 KB

Episode #253 | 17 Jun 2010 | 71 min.
Listener Feedback #94

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB 8.5 MB 83 KB 56 KB 107 KB

Episode #252 | 10 Jun 2010 | 85 min.
RISCy Business

After catching up from a very busy week of security news, I recount the history of the development of complex instruction set (CISC) computers following their evolution into reduced instruction set (RISC) computers.
41 MB 10 MB  119 KB 70 KB 131 KB

Episode #251 | 03 Jun 2010 | 86 min.
Listener Feedback #93

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 147 KB 80 KB 152 KB

Episode #250 | 27 May 2010 | 91 min.
Operating Systems

After catching up on the week's important security news, Steve & Leo continue their tour of the fundamentals of computer technology by looking at the history and present day features of modern operating systems.
44 MB 11 MB 105 KB 72 KB 128 KB

Episode #249 | 20 May 2010 | 104 min.
Listener Feedback #92

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 182 KB 95 KB 177 KB

Episode #248 | 13 May 2010 | 90 min.
The Portable Dog Killer

In commemoration of the 50th anniversary of the invention of the LASER, this week Steve is going to relate a story from his own past, 39 years ago, containing a strong moral about the importance of getting out from behind the video game screen and actually building something.
43 MB 11 MB 181 KB 83 KB 163 KB

Episode #247 | 06 May 2010 | 72 min.
The “Multi”-verse

Steve and Leo continue with their “fundamentals of computing” series this week, building upon all previous installments, to explain the details of multi-threading, multi-tasking, multi-processing, multi-core ... the “multi”-verse of modern computing.
35 MB 8.7 MB 114 KB 63 KB 122 KB

Episode #246 | 29 Apr 2010 | 89 min.
Listener Feedback #91

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 133 KB 79 KB 147 KB

Episode #245 | 22 Apr 2010 | 71 min.
The Security of Open vs CLosed

After catching up on many interesting recent security events, Steve and Leo seriously examine the proven comparative security of open versus closed source and development software, and open versus closed execution platforms. What's really more secure?
35 MB 8.6 MB 93 KB 58 KB 113 KB

Episode #244 | 15 Apr 2010 | 90 min.
Listener Feedback #90

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 130 KB 80 KB 149 KB

Episode #243 | 08 Apr 2010 | 85 min.
State Subversion of SSL

Leo and I catch up with the weekly security news, and I share my very positive impressions of my Apple iPad. Then I explain why and how world governments are able to legally compel their national SSL Certificate Authorities to issue Intermediate CA certificates which allow agencies of those governments to surreptitiously intercept, decrypt, and monitor secured SSL connections of any and all kinds.
41 MB 10 MB 114 KB 70 KB 131 KB

Episode #242 | 01 Apr 2010 | 80 min.
Listener Feedback #89

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
38 MB 9.4 MB 126 KB 72 KB 138 KB

Episode #241 | 25 Mar 2010 | 81 min.
Hardware Interrupts

In this fourth installment of Steve's “How Computers Work” series, Steve explains the operation of “hardware interrupts” which, by instantly interrupting the normal flow of instructions, allow computers to attend to the needs of the hardware that interacts with the outside world while they are in the middle of doing other things.
39 MB 9.8 MB 102 KB 67 KB 123 KB

Episode #240 | 18 Mar 2010 | 80 min.
Listener Feedback #88

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
38 MB 10 MB 115 KB 71 KB 133 KB

Episode #239 | 11 Mar 2010 | 92 min.
Stacks, Registers & Recursion

After a significant security news update, Steve and Leo continue their description of the operation of computers at the raw hardware level. This week Steve explains why and how computers have multiple accumulators, and also how a computer's "stack" operates and why stacks have become a crucial component of all modern computers.
44 MB 11 MB 117 KB 72 KB 132 KB

Episode #238 | 04 Mar 2010 | 91 min.
Listener Feedback #87

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 127 KB 75 KB 140 KB

Episode #237 | 25 Feb 2010 | 50 min.
Indirection: The Power of Pointers

A feature present in the earliest commercial computers, known as “indirection”, has proven to be necessary, powerful, beneficial . . . and amazingly dangerous and difficult for programmers to “get right”. This week, Leo and I examine the Power of Pointers and why, even after all these years, they continue to bedevil programmers of all ages.
24 MB 6.0 MB 61 KB 40 KB 83 KB

Episode #236 | 18 Feb 2010 | 81 min.
Listener Feedback #86

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 9.7 MB 121 KB 72 KB 134 KB

Episode #235 | 11 Feb 2010 | 69 min.
Machine Language

After starting at the very beginning two weeks ago by looking at how resistors and transistors can be used to assemble logical functions, this week Steve and Leo use those functions to build a working digital computer that understands a simple but entirely useful and workable machine language.
33 MB 8.3 MB 88 KB 55 KB 106 KB

Episode #234 | 04 Feb 2010 | 81 min.
Listener Feedback #85

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 9.7 MB 118 KB 73 KB 137 KB

Episode #233 | 28 Jan 2010 | 75 min.
Let's Design a Computer (part 1)

To understand the advances made during 50 years of computer evolution, we need to understand computers 50 years ago. In this first installment of a new Security Now series, we design a 50 year old computer. In future weeks, we will trace the factors that shaped their design during the four decades that followed.
36 MB 8.9 MB 90 KB 59 KB 112 KB

Episode #232 | 21 Jan 2010 | 100 min.
Listener Feedback #84

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 148 KB 91 KB 166 KB

Episode #231 | 14 Jan 2010 | 106 min.
Mega Security Update & CES Observations

Leo and I catch up on two busy weeks of security news with a “mega security news update” . . . and Steve, who watched Leo's streaming video coverage of CES, weighs in with his own discoveries and findings from the big annual consumer electronics fest.
51 MB 13 MB 4.3 KB 203 KB 95 KB 182 KB

Episode #230 | 07 Jan 2010 | 54 min.
Listener Feedback #83

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
26 MB 6.5 MB 82 KB 49 KB 100 KB

Episode #229 | 31 Dec 2009 | 72 min.
The Rational Rejection of Security Advice

Leo and I turn everything around this week to question the true economic value of security advice. We consider the various non-zero costs to the average, non-Security Now! listener. We compare those real costs with the somewhat unclear and uncertain benefits of going to all the trouble of following, sometimes painful, maximum security advice.
35 MB 8.6 MB 107 KB 60 KB 118 KB

Episode #228 | 24 Dec 2009 | 86 min.
Listener Feedback #82

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 121 KB 75 KB 137 KB

Episode #227 | 17 Dec 2009 | 60 min.
Cyberwarfare

Leo and I examine the amorphous and difficult-to-grasp issue of nation-state sponsored cyberwarfare. We examine what it means when nations awaken to the many nefarious ways the global Internet can be used to gain advantage against international competitors and adversaries.
29 MB 7.2 MB 87 KB 49 KB 99 KB

Episode #226 | 10 Dec 2009 | 66 min.
Listener Feedback #81

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB 7.9 MB 116 KB 62 KB 123 KB

Episode #225 | 03 Dec 2009 | 74 min.
“Same Origin” Troubles

This week Leo and I plow into the little understood and even less known problems that arise when user-provided content — postings, photos, videos, etc. — are uploaded to trusted web sites from which they are then subsequently served to other web users.
35 MB 8.7 MB 115 KB 62 KB 121 KB

Episode #224 | 26 Nov 2009 | 75 min.
Listener Feedback #80

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB 9.0 MB 114 KB 66 KB 127 KB

Episode #223 | 19 Nov 2009 | 80 min.
A security vulnerability in SSL

This week Leo and I plow into a recently discovered serious vulnerability in the fundamental SSL protocol that provides virtually all of the Internet's communications security: SSL - the Secure Sockets Layer. I explain exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client's credentials. (That's not good.)
38 MB 10 MB 93 KB 61 KB 114 KB

Episode #222 | 12 Nov 2009 | 97 min.
Listener Feedback #79

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 150 KB 87 KB 159 KB

Episode #221 | 05 Nov 2009 | 71 min.
The Oxymoron of “JavaScript Security”

This week Leo and I are joined by author (The Geek Atlas) and software developer John Graham-Cumming to discuss many specific concerns about the inherent, designed-in, insecurity of our browser's JavaScript scripting language. Now 14 years old, JavaScript was never meant for today's high-demand Internet environment — and it's having problems.

John's original presentation slides in Microsoft PowerPoint and PDF formats.
34 MB 8.5 MB 103 KB 68 KB 127 KB

Episode #220 | 29 Oct 2009 | 75 min.
Listener Feedback #78

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB 9.0 MB 119 KB 65 KB 126 KB

Episode #219 | 22 Oct 2009 | 57 min.
Badly Broken Browsing

In preparation for episode #221's guest, John Graham-Cumming, who will take us on a detailed walk-through of the JavaScript language's security problems, this week Leo and I examine the sad and badly broken state of web browsing in general, and how we got to where we are.
28 MB 6.9 MB 97 KB 51 KB 106 KB

Episode #218 | 15 Oct 2009 | 80 min.
Listener Feedback #77

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 10 MB 110 KB 67 KB 129 KB

Episode #217 | 08 Oct 2009 | 87 min.
The Fundamentally Broken Browser Model

Alex and I discuss the serious security problems created by the way SSL connections are specified by non-secured web pages, and how easily a “man in the middle” attack can compromise this amazingly weak web-based security.
42 MB 11 MB 87 KB 69 KB 121 KB

Episode #216 | 01 Oct 2009 | 93 min.
Listener Feedback #76

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 152 KB 85 KB 159 KB

Episode #215 | 24 Sep 2009 | 74 min.
Security Maxims

Leo and I discuss the first portion of a collection of pithy and apropos "Security Maxims" that were assembled by a member of the Argonne Vulnerability Assessment Team at the Nuclear Engineering Division of the Argonne National Laboratory, U.S. Department of Energy. They're great!
43 MB 11 MB 119 KB 61 KB 124 KB

Episode #214 | 17 Sep 2009 | 89 min.
Listener Feedback #75

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 134 KB 78 KB 145 KB

Episode #213 | 10 Sep 2009 | 68 min.
Cracking GSM Cellphones

Leo and I discuss the state of GSM (Global System of Mobile communications) cracking. I show where to purchase the required hardware, from where to download the software, and just how easy and practical it has become to "crack" the old and very weak "security" employed by the three billion cellphones now in worldwide use.
33 MB 8.2 MB 94 KB 55 KB 109 KB

Episode #212 | 03 Sep 2009 | 120 min.
Listener Feedback #74

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 178 KB 102 KB 184 KB

Episode #211 | 27 Aug 2009 | 78 min.
Voting Machine Hacking

This week Leo and I describe the inner workings of one of the best designed and apparently most secure electronic voting machines — currently in use in the United States — and how a group of university researchers hacked it without any outside information to create a 100% stealth vote stealing system.
37 MB 9.3 MB 92 KB 58 KB 109 KB

Episode #210 | 20 Aug 2009 | 51 min.
Listener Feedback #73

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
25 MB 6.2 MB 78 KB 43 KB 91 KB

Episode #209 | 13 Aug 2009 | 104 min.
Vitamin D

Leo and I kick off the podcast's fifth year with a rare off-topic discussion of something I have been researching for the past eight weeks and passionately believe everyone needs to know about: Vitamin D. After next week's Q&A, the podcast will return to topics of Internet security.

Steve's “Vitamin D” Research page: http://www.GRC.com/health/Vitamin-D.htm
50 MB 13 MB 112 KB 80 KB 142 KB

Episode #208 | 06 Aug 2009 | 123 min.
Listener Feedback #72

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 196 KB 106 KB 195 KB

Episode #207 | 30 Jul 2009 | 104 min.
Listener Feedback #71

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 169 KB 94 KB 172 KB

Episode #206 | 23 Jul 2009 | 90 min.
Mega Security News Update

A LOT of security news transpired during the three previous weeks since Steve and Leo last recorded live. So instead of the regularly scheduled Q&A episode (which is moved to next week), today they catch up with this week's "mega security news update."
43 MB 11 MB 155 KB 74 KB 147 KB

Episode #205 | 16 Jul 2009 | 46 min.
Lempel & Ziv

Leo and I examine the operation of one of the most prevalent computer algorithm inventions in history: Lempel-Ziv data compression. Variations of this invention form the foundation of all modern data compression technologies.
22 MB 5.5 MB 57 KB 35 KB 76 KB

Episode #204 | 09 Jul 2009 | 71 min.
Listener Feedback #70

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB 8.6 MB 96 KB 63 KB 119 KB

Episode #203 | 02 Jul 2009 | 65 min.
Boyer & Moore

Leo and I explore the invention of the best, and very non-intuitive, means for "string searching" - finding a specific pattern of bytes within a larger buffer. This is crucial not only for searching documents but also for finding viruses hidden within a computer's file system.
31 MB 7.9 MB 89 KB 49 KB 100 KB

Episode #202 | 25 Jun 2009 | 62 min.
Listener Feedback #69

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB 7.5 MB 98 KB 54 KB 110 KB

Episode #201 | 18 Jun 2009 | 49 min.
SecureZIP

Leo and I examine the operation, features, and security of PKWARE's FREE SecureZIP file archiving and encrypting utility. This very compelling and free offering implements a complete PKI (Public Key Infrastructure) system with per-user/per-installation certificates, public and private keys, secure encryption, digital signing, and other security features we have discussed during previous podcasts.
24 MB 6.0 MB 71 KB 37 KB 83 KB

Episode #200 | 11 Jun 2009 | 109 min.
Listener Feedback #68

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 162 KB 95 KB 171 KB

Episode #199 | 04 Jun 2009 | 90 min.
The Geek Atlas, IPv6 & a non-VPN

Steve and Leo explore three topics this week: A terrific new book for geeks and non-geeks alike, the uncertain future of IPv6 (and a few cautions about rushing to adoption) and a idea Steve has been mulling around for a "lightweight" means for making secure Internet connections with a VPN tunnel.
43 MB 11 MB 116 KB 70 KB 131 KB

Episode #198 | 28 May 2009 | 120 min.
Listener Feedback #67

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 215 KB 107 KB 197 KB

Episode #197 | 21 May 2009 | 73 min.
Windows 7 Security

This week, Leo and I discuss the changes, additions and enhancements Microsoft has made to the security of their forthcoming release of Windows 7.
40 MB 10 MB 107 KB 65 KB 123 KB

Episode #196 | 14 May 2009 | 121 min.
Listener Feedback #66

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 187 KB 109 KB 188 KB

Episode #195 | 07 May 2009 | 85 min.
The SSL/TLS Protocol

Leo and I plow into the detailed operation of the Internet's most-used security protocol, originally called "SSL" and now evolved into "TLS." The security of this crucial protocol protects all of our online logins, financial transactions, and pretty much everything else.
41 MB 10 MB 92 KB 59 KB 110 KB

Episode #194 | 30 Apr 2009 | 76 min.
Listener Feedback #65

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
37 MB 9.1 MB 118 KB 67 KB 124 KB

Episode #193 | 23 Apr 2009 | 104 min.
Conficker

Steve and Leo discuss the week's security news; then they closely examine the detailed operation and evolution of "Conficker," the most technically sophisticated worm the Internet has ever encountered.
50 MB 13 MB 120 KB 77 KB 136 KB

Episode #192 | 16 Apr 2009 | 93 min.
Listener Feedback #64

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 127 KB 82 KB 145 KB

Episode #191 | 09 Apr 2009 | 66 min.
GhostNet

Steve and Leo begin by discussing the week's security news. Then Steve carefully and completely describes the construction and operation of a worldwide covert cyberspace intelligence gathering network, operating in 103 countries, that was named "GhostNet" by its Canadian discoverers.
32 MB 7.9 MB 89 KB 53 KB 101 KB

Episode #190 | 02 Apr 2009 | 105 min.
Listener Feedback #63

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 165 KB 90 KB 161 KB

Episode #189 | 26 Mar 2009 | 74 min.
Internet Explorer 8

Leo and I closely examine and discuss Microsoft's just released major version 8 of Internet Explorer. Having studied this major new web browser version closely, I examine the many new features and foibles from the standpoint of its short- and long-term impact on Internet security.
36 MB 8.9 MB 101 KB 62 KB 116 KB

Episode #188 | 19 Mar 2009 | 86 min.
Listener Feedback #62

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 149 KB 84 KB 150 KB

Episode #187 | 12 Mar 2009 | 70 min.
Windows Autorun-around

Leo and I discuss the inglorious past of Windows Autorun. We explain how, until recently, disabling "Autorun" never really worked, how Microsoft hoped to fix it while bringing minimal attention to the problem, and how Microsoft's documentation of their recent fix still "got it wrong."
34 MB 8.5 MB 100 KB 55 KB 106 KB

Episode #186 | 05 Mar 2009 | 86 min.
Listener Feedback #61

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 117 KB 72 KB 132 KB

Episode #185 | 26 Feb 2009 | 80 min.
Cryptographic HMACs

Leo and I discuss the role, importance and operation of cryptographically-keyed message digest algorithms and their use to securely authenticate messages: Hashed Messages Authentication Codes.
39 MB 10 MB 109 KB 66 KB 121 KB

Episode #184 | 19 Feb 2009 | 117 min.
Listener Feedback #60

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 197 KB 106 KB 188 KB

Episode #183 | 12 Feb 2009 | 88 min.
Modes of Encryption

In preparation for a deep and detailed discussion of the Secure Sockets Layer (SSL) protocol, Steve and Leo first establish some formal crypto theory and practice of encryption operating modes.
42 MB 11 MB 128 KB 69 KB 127 KB

Episode #182 | 05 Feb 2009 | 104 min.
Listener Feedback #59

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 162 KB 90 KB 159 KB

Episode #181 | 29 Jan 2009 | 65 min.
Crypto Rehash

Before tackling the complete description of the operation of the SSL (Secure Socket Layer) protocol, this week Leo and I take a step back to survey and review much of the cryptographic material we have covered during past 3+ years of podcasts.
32 MB 8 MB 93 KB 52 KB 102 KB

Episode #180 | 22 Jan 2009 | 82 min.
Listener Feedback #58

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 128 KB 72 KB 132 KB

Episode #179 | 15 Jan 2009 | 67 min.
Cracking Security Certificates

Steve and Leo delve into the detailed inner workings of security certificates upon which the Internet depends for establishing the identity of users, websites, and other remote entities. After establishing how certificates perform these functions, Steve describes how a team of security researchers successfully cracked this "uncrackable" security to create fraudulent identifications.
38 MB 9.4 MB 99 KB 62 KB 114 KB

Episode #178 | 08 Jan 2009 | 66 min.
Listener Feedback #57

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB 8 MB 109 KB 62 KB 115 KB

Episode #177 | 01 Jan 2009 | 118 min.
Breaking SSL, PDP-8's & UltraCapacitors

Leo and I discuss the newly discovered cracks in SSL (Secure Sockets Layer), Antique PDP-8 minicomputers, a new PDP-8 kit you can build, and the importance of next generation UltraCapacitors.
57 MB 14 MB 13 KB 190 KB 97 KB 175 KB

Episode #176 | 25 Dec 2008 | 64 min.
Drop My Rights

Leo and I delve into the inner workings of a free, easy to use and useful yet unknown Microsoft utility known as "DropMyRights." It can be used to easily run selected, dangerous Internet-facing applications - such as your web browser and email client - under reduced, safer non-administrative privileges while everything else in the system runs unhampered.
31 MB 7.7 MB 3.7 KB 81 KB 49 KB 94 KB

Episode #175 | 18 Dec 2008 | 86 min.
Listener Feedback #56

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 10 MB 149 KB 81 KB 143 KB

Episode #174 | 11 Dec 2008 | 60 min.
Sandbox Limitations

Having described “Sandboxie” and Virtual Machine sandboxing utilities in the past, Leo and I discuss the limitations of any sort of sandboxing for limiting the negative impacts of malware on a user's privacy and system's security.
29 MB 7.2 MB 69 KB 46 KB 90 KB

Episode #173 | 04 Dec 2008 | 105 min.
Listener Feedback #55

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 160 KB 90 KB 158 KB

Episode #172 | 27 Nov 2008 | 90 min.
Sandboxie

Leo and I return to take a much closer look at “Sandboxie,” an extremely useful, powerful, and highly recommended Windows security tool we first mentioned two years ago. This time, after interviewing Sandboxie's creator, Ronen Tzur, I explain why I am totally hooked and why Leo is wishing it was available for his Macs.
43 MB 11 MB 114 KB 71 KB 128 KB

Episode #171 | 20 Nov 2008 | 88 min.
Listener Feedback #54

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 11 MB 109 KB 71 KB 126 KB

Episode #170 | 13 Nov 2008 | 103 min.
The TKIP Hack

Leo and I begin with a refresher on WEP, the original technology of WiFi encryption. With that fresh background, we then tackle the detailed explanation of every aspect of the recently revealed very clever hack against the TKIP security protocol. TKIP is the older and less secure of the two security protocols offered within the WPA and WPA2 WiFi Alliance certification standards.
50 MB 12 MB 122 KB 77 KB 136 KB

Episode #169 | 06 Nov 2008 | 93 min.
Listener Feedback #53

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB 11 MB 114 KB 76 KB 135 KB

Episode #168 | 30 Oct 2008 | 57 min.
ClickJacking

Leo and I discuss yet another challenge to surfing safely in the web world: Known as “ClickJacking,” or more formally as “UI Redressing,” this class of newly popular threats tricks web users into performing web-based actions they don't intend by leading them to believe they are doing something else entirely.
27 MB 6.9 MB 4.9 KB 76 KB 44 KB 89 KB

Episode #167 | 23 Oct 2008 | 89 min.
Listener Feedback #52

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 124 KB 73 KB 133 KB

Episode #166 | 16 Oct 2008 | 75 min.
Cross-Site Request Forgery

Leo and I discuss the week's security events, then we address another fundamental security and privacy concern inherent in the way web browsers and web-based services operate: Using “Cross-Site Request Forgery” (CSRF), malicious pranksters can cause your web browser to do their bidding using your authentication.
36 MB 9 MB 107 KB 58 KB 112 KB

Episode #165 | 09 Oct 2008 | 108 min.
Listener Feedback #51

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 151 KB 91 KB 158 KB

Episode #164 | 02 Oct 2008 | 97 min.
SockStress

Leo and I discuss a class of newly disclosed vulnerabilities reported to exist in many operating systems' implementations of the fundamental TCP protocol. Two security researchers, claiming that they could not get anyone's attention (after less than one month), disclosed far too much information in a recent audio interview — leaving little to the imagination — and exposing the Internet to a new class of DoS attacks. They'll certainly get attention now. (See this episode's Show Notes for many additional links.)
47 MB 12 MB 12 KB 117 KB 76 KB 133 KB

Episode #163 | 25 Sep 2008 | 97 min.
GoogleUpdate & DNS Security

Leo and I wrap up the loose ends from last week's final Q&A question regarding the self-removal of the GoogleUpdate system following the removal of Google's Chrome web browser, then we discuss the operation and politics of upgrading the Internet's entire DNS system to fully secure operation.
47 MB 12 MB 129 KB 77 KB 138 KB

Episode #162 | 18 Sep 2008 | 89 min.
Listener Feedback #50

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 133 KB 76 KB 138 KB

Episode #161 | 11 Sep 2008 | 75 min.
Google's Chrome

Leo and I examine Google's new “Chrome” web browser. Leo likes Chrome and attempts to defend it as being just a beta release; but, while I am impressed by the possibilities created by Chrome's underlying architecture, I'm extremely unimpressed by its total lack of critically important security and privacy features.
36 MB 9 MB 115 KB 63 KB 118 KB

Episode #160 | 04 Sep 2008 | 87 min.
Listener Feedback #49

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 10 MB 132 KB 76 KB 137 KB

Episode #159 | 28 Aug 2008 | 95 min.
Vista Security Bypass

Steve and Leo discuss some recent revelations made by two talented security researchers during their presentation at the Black Hat conference. Steve explains how, why, and where the much touted security improvements introduced in the Windows Vista operating system fail to prevent the exploitation of unknown security vulnerabilities.
36 MB 9.1 MB 101 KB 60 KB 113 KB

Episode #158 | 21 Aug 2008 | 93 min.
Listener Feedback #48

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 144 KB 80 KB 143 KB

Episode #157 | 14 Aug 2008 | 74 min.
DNS — After the Patch

Leo and I follow-up on the recent industry-wide events surrounding the discovery, partial repair, and disclosure of the serious (and still somewhat present) "spoofability flaw" in the Internet's DNS protocol. We also examine what more can be done to make DNS less spoofable.
36 MB 8.9 MB 3.3 KB 107 KB 61 KB 115 KB

Episode #156 | 07 Aug 2008 | 84 min.
Listener Feedback #47

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 119 KB 72 KB 133 KB

Episode #155 | 31 Jul 2008 | 103 min.
Bailiwicked Domain Attack

Steve and Leo discuss the deeply technical and functional aspects of DNS, with a view toward explaining exactly how the recently discovered new DNS cache poisoning attacks are able to cause users' browsers to be undetectably redirected to malicious phishing sites.
49 MB 12 MB 2.5 KB 131 KB 78 KB 137 KB

Episode #154 | 24 Jul 2008 | 88 min.
Listener Feedback #46

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 11 MB 119 KB 73 KB 131 KB

Episode #153 | 17 Jul 2008 | 62 min.
DePhormed Politics

Leo and I conclude our coverage of the serious privacy invasion threat from the Phorm system with a discussion with Alexander Hanff, a technologist and activist located in the United Kingdom, who has been at the center of the public outcry against this invasive technology.
30 MB 7.5 MB 2.6 KB 77 KB 50 KB 95 KB

Episode #152 | 10 Jul 2008 | 83 min.
Listener Feedback #45

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 120 KB 71 KB 129 KB

Episode #151 | 03 Jul 2008 | 107 min.
Phracking Phorm

Leo and I continue our discussion of “ISP Betrayal” with a careful explanation of the intrusive technology created by Phorm and currently threatening to be deployed by ISPs, for profit, against their own customers.
51 MB 13 MB 162 KB 89 KB 158 KB

Episode #150 | 26 Jun 2008 | 91 min.
Listener Feedback #44

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 121 KB 73 KB 131 KB

Episode #149 | 19 Jun 2008 | 67 min.
ISP Betrayal

In this first of two episodes, Steve and Leo discuss the disturbing new trend of Internet Service Providers (ISPs) allowing the installation of customer-spying hardware into their networks for the purpose of profiling their customers' behavior and selling this information to third-party marketers.
32 MB 8.1 MB 81 KB 52 KB 98 KB

Episode #148 | 12 Jun 2008 | 100 min.
Listener Feedback #43

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 142 KB 86 KB 151 KB

Episode #147 | 05 Jun 2008 | 57 min.
Microsoft's Baseline Security Analyzer

Leo and I discuss the recent hacker takeover of the Comcast domain, then examine two very useful free security tools offered by Microsoft: the Baseline Security Analyzer (MBSA) and the Microsoft Security Assessment Tool (MSAT).
27 MB 6.8 MB 2.3 KB 80 KB 47 KB 92 KB

Episode #146 | 29 May 2008 | 90 min.
Listener Feedback #42

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 138 KB 78 KB 140 KB

Episode #145 | 22 May 2008 | 51 min.
Secunia's PSI

Leo and I focus upon a comprehensive and highly recommended free software security vulnerability scanner called "PSI," Personal Software Inspector. Where anti-viral scanners search a PC for known malware, PSI searches for known security vulnerabilities appearing in tens of thousands of known programs. Everyone should run this small program! You'll be surprised by what it finds.
25 MB 6.2 MB 2.3 KB 83 KB 45 KB 91 KB

Episode #144 | 15 May 2008 | 85 min.
Listener Feedback #41

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 131 KB 77 KB 137 KB

Episode #143 | 08 May 2008 | 84 min.
YubiKey

Leo and I delve into the detailed operation of the YubiKey, the coolest new secure authentication device I discovered at the recent RSA Security Conference. Our special guest during the episode is Stina Ehrensvrd, CEO and Founder of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for this cool new technology.
41 MB 10 MB 3.2 KB 127 KB 73 KB 134 KB

Episode #142 | 01 May 2008 | 76 min.
Listener Feedback #40

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
37 MB 9.2 MB 2.4 KB 107 KB 65 KB 119 KB

Episode #141 | 24 Apr 2008 | 91 min.
RSA Conference 2008

Leo and I discuss recent security news; then I describe the week I spent at the 2008 annual RSA security conference, including my chance but welcome discovery of one very cool new multifactor authentication solution.
44 MB 11 MB 3.2 KB 136 KB 72 KB 134 KB

Episode #140 | 17 Apr 2008 | 98 min.
Listener Feedback #39

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 150 KB 87 KB 152 KB

Episode #139 | 10 Apr 2008 | 81 min.
Network Congestion

Leo and I discuss an aspect of the "cost" of using the Internet - a packetized global network which (only) offers "best effort" packet delivery service. Since "capacity" is the cost, not per-packet usage, the cost is the same whether the network is used or not. But once it becomes "overused" the economics change since "congestion" results in a sudden loss of network performance.
39 MB 9.8 MB 93 KB 62 KB 118 KB

Episode #138 | 03 Apr 2008 | 66 min.
Listener Feedback #38

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 108 KB 68 KB 125 KB

Episode #137 | 27 Mar 2008 | 66 min.
RAM Hijacks

Leo and I plow into the detailed operation of static and dynamic RAM memory to give some perspective to the recent Princeton research that demonstrated that dynamic RAM (DRAM) does not instantly "forget" everything when power is removed. They examine the specific consequences of various forms of physical access to system memory.
32 MB8 MB2.2 KB81 KB51 KB98 KB

Episode #136 | 20 Mar 2008 | 86 min.
Listener Feedback #37

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 122 KB 76 KB 137 KB

Episode #135 | 13 Mar 2008 | 77 min.
IronKey

Leo and I spend 45 terrific minutes speaking with David Jevans, Ironkey's CEO and founder, about the inner workings and features of their truly unique security-hardened cryptographic hardware USB storage device.
37 MB9.3 MB2.2 KB115 KB72 KB132 KB

Episode #134 | 06 Mar 2008 | 84 min.
Listener Feedback #36

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB10 MB2.2 KB122 KB72 KB123 KB

Episode #133 | 28 Feb 2008 | 69 min.
TrueCrypt v5.0

In this second half of our exploration of whole-drive encryption, Leo and I discuss the detailed operation of the new version 5.0 release of TrueCrypt, which offers whole-drive encryption for Windows.
33 MB8.3 MB2.2 KB93 KB57 KB108 KB

Episode #132 | 21 Feb 2008 | 94 min.
Listener Feedback #35

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB11 MB2.2 KB142 KB86 KB135 KB

Episode #131 | 14 Feb 2008 | 69 min.
FREE CompuSec

In this first of our two-part exploration of the world of whole-drive encryption, Leo and I begin by discussing the various options and alternatives, then focus upon one excellent, completely free, and comprehensive security solution known as "FREE CompuSec."
33 MB8.3 MB2.1 KB85 KB55 KB106 KB

Episode #130 | 07 Feb 2008 | 97 min.
Listener Feedback #34

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB13 MB2.1 KB164 KB93 KB145 KB

Episode #129 | 31 Jan 2008 | 39 min.
Windows SteadyState

Leo and I examine and discuss Microsoft's "Windows SteadyState," an extremely useful, free add-on for Windows XP that allows Windows systems to be "frozen" (in a steady state) to prevent users from making persistent changes to ANYTHING on the system.
19 MB4.7 MB3.3 KB55 KB35 KB89 KB

Episode #128 | 24 Jan 2008 | 73 min.
Listener Feedback #33

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.7 KB115 KB67 KB119 KB

Episode #127 | 17 Jan 2008 | 48 min.
Corporate Security

Leo and I discuss the week's major security events, then use a listener's story of his organization's security challenges to set the stage for our discussion of the types of challenges corporations face in attempting to provide a secure computing environment.
23 MB5.9 MB2.1 KB68 KB41 KB95 KB

Episode #126 | 10 Jan 2008 | 101 min.
Listener Feedback #32

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB4.1 KB144 KB89 KB137 KB

Episode #125 | 03 Jan 2008 | 67 min.
Symmetric Ciphers

Steve explains, very carefully and clearly this time, why and how multiple encryption increases security. Steve also carefully and in full detail explains the operation of the new global encryption AES cipher: Rijndael.
32 MB8.1 MB2.1 KB79 KB49 KB101 KB

Episode #124 | 27 Dec 2007 | 67 min.
Listener Feedback #31

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB2.1 KB91 KB56 KB108 KB

Episode #123 | 20 Dec 2007 | 46 min.
Jungle Disk

Leo and I invite Jungle Disk's creator, Dave Wright, to join the podcast to talk about his $20 product that allows for extremely economical, efficient, seamless and absolutely secure online storage of any user data within Amazon's high-performance, high-reliability "S3" storage facility.
22 MB5.6 MB2.1 KB68 KB42 KB96 KB

Episode #122 | 13 Dec 2007 | 73 min.
Listener Feedback #30

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.1 KB112 KB64 KB116 KB

Episode #121 | 06 Dec 2007 | 54 min.
Is Privacy Dead?

This week Steve and Leo take a break from the details of bits and bytes to discuss and explore the many issues surrounding the gradual and inexorable ebbing of individual privacy as we (consumers) rely increasingly upon the seductive power of digital-domain services.
26 MB6.5 MB2.1 KB92 KB47 KB102 KB

Episode #120 | 29 Nov 2007 | 97 min.
Listener Feedback #29

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB12 MB2.1 KB146 KB86 KB135 KB

Episode #119 | 22 Nov 2007 | 70 min.
PayPal and DoubleClick

Leo and I dissect the "Links" on PayPal's site with an eye toward reverse engineering the reason for many of them routing PayPal's users through servers owned by DoubleClick. We carefully explain the nature of the significant privacy concerns raised by this practice.
33 MB8.4 MB2.1 KB84 KB53 KB104 KB

Episode #118 | 15 Nov 2007 | 81 min.
Listener Feedback #28

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.8 MB2.1 KB120 KB71 KB121 KB

Episode #117 | 08 Nov 2007 | 53 min.
Even More Perfect paper Passwords

Leo and I discuss the updated second version of our Perfect Paper Passwords (PPP) system and examine a number of interesting subtle questions such as whether it's better to have fully random equally probable passwords or true one-time-only passwords; and how, whether, and why attack strategies affect that decision.
26 MB6.5 MB2.3 KB67 KB41 KB94 KB

Episode #116 | 01 Nov 2007 | 47 min.
Listener Feedback #27

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
23 MB5.7 MB2.1 KB73 KB41 KB96 KB

Episode #115 | 25 Oct 2007 | 83 min.
Perfect Paper Passwords

During this week's second half of our discussion of GRC's new secure roaming authentication system, I reveal and fully describe the unique, simple, clean, and super-secure one-time password solution I designed to provide roaming authentication for GRC's employees. I also describe our own freely available software implementation of the "PPP" system, as well as several other recently created open source implementations.
40 MB10 MB2.0 KB122 KB68 KB121 KB

Episode #114 | 18 Oct 2007 | 95 min.
Listener Feedback #26

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB4.1 KB138 KB83 KB132 KB

Episode #113 | 11 Oct 2007 | 56 min.
Roaming Authentication

In this first of a two-part series, Leo and I discuss my recent design of a secure roaming authentication solution for GRC's employees. I begin to describe the lightweight super-secure system I designed where even an attacker with "perfect knowledge" of an employee's logon will be unable to gain access to protected resources.
27 MB6.7 MB2.1 KB73 KB42 KB96 KB

Episode #112 | 04 Oct 2007 | 64 min.
Listener Feedback #25

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.8 MB2.1 KB93 KB55 KB108 KB

Episode #111 | 27 Sept 2007 | 41 min.
OpenID Precautions

Having several times addressed the value and potential of the open source, open spec., and popular OpenID system, which is rapidly gaining traction as a convenient means for providing "single sign-on" identification on the Internet, this week Leo and I examine problems and concerns, both with OpenID and those inherent in any centralized identity management solution.
20 MB5.0 MB2.8 KB51 KB32 KB86 KB

Episode #110 | 20 Sept 2007 | 95 min.
Listener Feedback #24

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB2.6 KB161 KB85 KB138 KB

Episode #109 | 13 Sept 2007 | 95 min.
GRC's eCommerce System

Leo and I delve into some of the non-obvious problems encountered during the creation of a robust and secure eCommerce system. I explain the hurdles I faced, the things that initially tripped me up, and the solutions I found when I was creating GRC's custom eCommerce system.
46 MB11.4 MB2.6 KB128 KB77 KB127 KB

Episode #108 | 06 Sept 2007 | 80 min.
Listener Feedback #23

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.7 MB2.1 KB115 KB66 KB127 KB

Episode #107 | 30 Aug 2007 | 53 min.
PIP & Even More Perfect Passwords

Leo and I discuss two topics this week: The availability and operation of VeriSign Labs' OpenID PIP (Personal Identity Provider) beta, offering many useful features for online identity authentication; and my recent redesign of the algorithms behind GRC's popular Perfect Passwords page.
26 MB6.4 MB4.5 KB69 KB41 KB101 KB

Episode #106 | 23 Aug 2007 | 64 min.
Listener Mailbag #2

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.
31 MB7.8 MB2.1 KB95 KB60 KB120 KB

Episode #105 | 16 Aug 2007 | 62 min.
Firewall LeakTesting

Leo and I discuss the history, purpose, and value of personal firewall leaktesting. We examine the myriad techniques clever developers have found for accessing the Internet and sending data out of PCs even when those PCs are being protected by outbound-blocking personal firewalls.
30 MB7.6 MB3.1 KB74 KB49 KB100 KB

Episode #104 | 09 Aug 2007 | 70 min.
Listener Feedback Q&A #22

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB8.5 MB2.1 KB114 KB65 KB126 KB

Episode #103 | 02 Aug 2007 | 51 min.
PayPal Security Key

Leo and I talk with Michael Vergara, PayPal's Director of Account Protections, to learn everything they can about the PayPal security key effort and its probable future.
25 MB6.3 MB2.1 KB85 KB49 KB113 KB

Episode #102 | 26 July 2007 | 78 min.
Listener Mailbag #1

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and obse