Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I spend somewhat shy of two hours each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

SteveAndLeoAsPicardAndRiker
(This was not our idea. It was created by a fan of the podcast using GIMP (similar to
Photoshop). But as a work of extreme image manipulation, it came out surprisingly well.)

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A PDF file containing Steve's show notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #503 | 14 Apr 2015 | 123 min.
Listener Feedback #210

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 890 KB 114 KB 100 KB 166 KB

Episode #502 | 07 Apr 2015 | 107 min.
The TrueCrypt Audit

Leo and I catch up on a busy and interesting week of security events. Then we take a close look at the results of the just-completed second phase of the TrueCrypt audit, which focused upon the implementation of TrueCrypt's security and privacy guarantees.
51 MB 13 MB 707 KB 130 KB 83 KB 152 KB

Episode #501 | 31 Mar 2015 | 122 min.
Listener Feedback #209

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 213 KB 178 KB 99 KB 181 KB

Episode #500 | 24 Mar 2015 | 94 min.
Windows Secure Boot

Leo and I discuss the recent Pwn2Own hacking competition. We examine another serious breach of the Internet's certificate trust system and marvel at a very clever hack to crack the iPhone four-digit PIN lock. Then we take a close look at the evolution of booting from BIOS to UEFI and how Microsoft has leveraged this into their “Windows Secure Boot” system. We also examine what it might mean for the future of non-Windows operating systems.
45 MB 11 MB 348 KB 126 KB 73 KB 138 KB

Episode #499 | 17 Mar 2015 | 118 min.
Listener Feedback #208

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
57 MB 14 MB 343 KB 195 KB 107 KB 195 KB

Episode #498 | 10 Mar 2015 | 100 min.
FREAK & RowHammer

Leo and I catch up with several VERY interesting security events and stories of the week. Then we take a deep dive into two of the week's big security stories: FREAK and RowHammer.
48 MB 12 MB 209 KB 156 KB 81 KB 152 KB

Episode #497 | 03 Mar 2015 | 122 min.
Vehicle Hacking

Leo and I discuss the week’s tamer-than-usual news; then we host a terrific interview of the team (recently featured on Sunday’s “60 Minutes”) who have been working with DARPA to address the challenge of hardening high-tech networked vehicles – autos and UAVs – against malicious hacking attacks.
48 MB 12 MB 196 KB 148 KB 88 KB 165 KB

Episode #496 | 24 Feb 2015 | 122 min.
Listener Feedback #207

Leo and I discuss the week's major security events, including the revelation of the Lenovo Crapware and the joint GCHQ/NSA Gemalto attack which rendered cellular phones insecure. Then we discuss questions and comments from listeners of previous episodes to tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
59 MB 15 MB 385 KB 197 KB 103 KB 190 KB

Episode #495 | 17 Feb 2015 | 105 min.
HTTP/2

Leo and I catch up with several VERY interesting security events and stories of the week. Then we take a close look and a deep dive into the operation of the industry's first change in the official HTTP protocol in 15 years - the finalization and emergence of the HTTP/2 IETF specification which significantly streamlines web browser and web server interaction.
51 MB 13 MB 925 KB 107 KB 79 KB 139 KB

Episode #494 | 10 Feb 2015 | 112 min.
Listener Feedback #206

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
54 MB 13 MB 721 KB 166 KB 93 KB 167 KB

Episode #493 | 03 Feb 2015 | 71 min.
Tor: Not so Anonymous

After catching up with a few important security events of the week, Leo and I revisit and dissect the anonymity promises of TOR in light of scores of academic papers which have questioned its anonymity guarantees.
34 MB 8.5 MB 501 KB 75 KB 51 KB 98 KB

Episode #492 | 27 Jan 2015 | 91 min.
Listener Feedback #205

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 91 KB 126 KB 76 KB 140 KB

Episode #491 | 20 Jan 2015 | 62 min.
Cryptographic Backdoors

Following this slow week of security news, Leo and I first discuss the news surrounding how and why the U.S. was so sure that North Korea was behind the attack on Sony. Then we examine the cryptographic consequences of the British and U.S. governments' recent pronouncements that terrorist communications should not be allowed to remain secret.
30 MB 7.4 MB 1.2 MB 78 KB 50 KB 102 KB

Episode #490 | 13 Jan 2015 | 115 min.
The Enigma

Leo and I first discuss a surprisingly busy week of security news; then, we take a careful walk through the history (it's not what you may think) and the detailed operation of “The Enigma Machine” which Germany used to encrypt their sensitive radio traffic during the Second World War.
55 MB 14 MB 519 KB 126 KB 85 KB 150 KB

Episode #489 | 06 Jan 2015 | 107 min.
Listener Feedback #204

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 1.3 MB 173 KB 92 KB 171 KB

Episode #488 | 30 Dec 2014 | 103 min.
The (In)Security of 2014

For our last show of 2014, we first catch up on two very busy holiday weeks of security craziness; then we step back to review the major events of this past very busy and security event-filled year.
49 MB 12 MB 262 MB 317 KB 106 KB 218 KB

Episode #487 | 23 Dec 2014 | 45 min.
SQRL's Vegas Presentation

This is the audio track of Steve's presentation of SQRL during DigiCert Corporation's Security Summit 2014 event on November 7th, 2014 in Las Vegas. We did not have text transcripts of the presentation made.
22 MB 5.4 MB

Episode #486 | 16 Dec 2014 | 106 min.
Listener Feedback #203

Mike and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 127 KB 186 KB 93 KB 176 KB

Episode #485 | 09 Dec 2014 | 84 min.
Expensive Lessons

Leo and I discuss the week's major security events, including the Turla advanced persistent threat for backdoor for Linux. We then look closely at the very expensive consequences of the lax security measures employed by Target - and their massive late 2013 point-of-sale terminal breach - and Sony's whole-corporation network internal data dump and disclosure.
40 MB 10 MB 1 MB 114 KB 67 KB 127 KB

Episode #484 | 02 Dec 2014 | 88 min.
Listener Feedback #202

Mike and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
42 MB 11 MB 920 KB 79 KB 69 KB 109 KB

Episode #483 | 25 Nov 2014 | 103 min.
“Regin” & Let's Encrypt

This week Leo and I cover two major stories: the discovery of a frighteningly capable and sophisticated espionage malware known as “Regin,” and deeper coverage of the forthcoming “Let's Encrypt” free and automated web server certificate issuing and management system. And, as always, we also cover a bunch of interesting smaller issues.
49 MB 12 MB 188 KB 158 KB 82 KB 154 KB

Episode #482 | 18 Nov 2014 | 119 min.
Listener Feedback #201

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
57 MB 14 MB 788 KB 177 KB 99 KB 181 KB

Episode #481 | 11 Nov 2014 | 97 min.
Certificate Transparency

Leo and I discuss the week's major security events, focusing on this month's crucially important Microsoft MEGA Patch Tuesday updates which, if exploited, will allow for wholesale remote client and server code execution and takeover. They then take a first pass look at the new “Certificate Transparency” standard and initiative being launched by Google and currently supported by DigiCert and others.
55 MB 14 MB 231 KB 181 KB 97 KB 179 KB

Episode #480 | 04 Nov 2014 | 115 min.
Listener Feedback #200

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
55 MB 14 MB 231 KB 181 KB 97 KB 179 KB

Episode #479 | 28 Oct 2014 | 78 min.
Listener Feedback #199

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
37 MB 9.3 MB 89 KB 112 KB 63 KB 124 KB

Episode #478 | 21 Oct 2014 | 71 min.
Poodle Bites

After catching up with a few interesting events from the past week, Steve and Leo take a deep dive into the details of the Internet's latest “security catastrophe” which has been named “Poodle.” Steve first carefully explains the trouble, then debunks it completely, showing why the vulnerability should be fixed but will probably never be exploited.
34 MB 8.6 MB 110 KB 75 KB 51 KB 98 KB

Episode #477 | 14 Oct 2014 | 80 min.
Payment Tokenization

After catching up with another interesting week of security events, including the rumor of a pending SSLv3 flaw and a new Windows zero-day exploit, Steve and Leo examine the next evolution in online payment technology which replaces traditional credit card numbers with “Payment Tokens.”
39 MB 10 MB 157 KB 94 KB 59 KB 112 KB

Episode #476 | 07 Oct 2014 | 96 min.
Listener Feedback #198

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 118 KB 128 KB 78 KB 145 KB

Episode #475 | 01 Oct 2014 | 107 min.
Shocked by the Shell

After covering a very busy and interesting past week of security and privacy news, Father Robert and Steve explain, examine, and dig down deep into the many fascinating details of the worst-ever, two-decade old, latent and pervasive Internet bug known as “Shellshock.”
51 MB 13 MB 893 KB 105 KB 86 KB 148 KB

Episode #474 | 23 Sep 2014 | 100 min.
Listener Feedback #197

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 92 KB 158 KB 85 KB 157 KB

Episode #473 | 16 Sep 2014 | 89 min.
Google vs. SHA-1

After we catch up with interesting security news of the past week, Leo and I examine Google's surprising, controversial, and unilateral decision to suddenly and significantly deprecate ALL web server certificates signed by SHA-1 that will be valid past 2016 - even though 92% of certificates (with lives of at least two years) signed in January 2014 were SHA-1.
43 MB 11 MB 179 KB 118 KB 69 KB 131 KB

Episode #472 | 09 Sep 2014 | 82 min.
Listener Feedback #196

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
39 MB 9.8 MB 79 KB 133 KB 71 KB 137 KB

Episode #471 | 02 Sep 2014 | 91 min.
PGP: Time for an Upgrade?

This past Labor Day brought some high-profile security breaches (naked celebrity photos posted online) of still-unknown origin, and other interesting news. Once Leo and I get caught up with all of that craziness, we take a look at the (sad) state of eMail privacy and encryption. We examine the past and consider what the future might hold.
44 MB 11 MB 878 KB 106 KB 69 KB 128 KB

Episode #470 | 26 Aug 2014 | 67 min.
Listener Feedback #195

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
33 MB 8.3 MB 73 KB 101 KB 59 KB 117 KB

Episode #469 | 19 Aug 2014 | 120 min.
Big Routing Tables

After catching up with the week’s more interesting security tidbits, Leo and I dig into last week’s widespread Internet outage to discover that the Internet is reaching another important “limit” that’s going to require some attention: The routing tables are growing past their maximum default size!  Whoops!!
58 MB 14 MB 1.1 MB KB 128 KB 86 KB 149 KB

Episode #468 | 12 Aug 2014 | 120 min.
Listener Feedback #194

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
58 MB 14 MB 103 KB 180 KB 99 KB 183 KB

Episode #467 | 05 Aug 2014 | 90 min.
Browser Password Managers (and “BadUSB”)

This week Leo and I discuss the week's more interesting security news, including HP's recent analysis of the (lack of) security in "Internet of Things" appliances, and the forthcoming Black Hat presentation on "BadUSB" which generated a lot of overly hysterical press coverage. Then I summarize my analysis of the Browser-based Password Manager research to be released later this month.
43 MB 11 MB 567 KB 123 KB 72 KB 137 KB

Episode #466 | 29 Jul 2014 | 122 min.
Listener Feedback #193

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
58 MB 15 MB 219 KB 145 KB 94 KB 168 KB

Episode #465 | 22 Jul 2014 | 112 min.
iOS Surveillance?

After covering the interesting news of the past week, Leo and I reexamine iOS security in the wake of a hacker's presentation at a major conference which brought it all back into question and triggered an avalanche of frightening headlines.
54 MB 13 MB 793 KB 113 KB 82 KB 146 KB

Episode #464 | 15 Jul 2014 | 107 min.
Listener Feedback #192

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 548 KB 140 KB 86 KB 156 KB

Episode #463 | 08 Jul 2014 | 114 min.
Listener Feedback #191

Father Robert (Padre) and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
55 MB 14 MB 228 KB 115 KB 94 KB 159 KB

Episode #462 | 01 Jul 2014 | 106 min.
Cloud Storage Solutions

After catching up with an event-filled week of security events and news, we announce and launch the beginning of a multi-part podcast series which will examine and analyze the many current alternatives for securely (TNO) storing our files “in the cloud.”
51 MB 13 MB 496 KB 99 KB 84 KB 143 KB

Episode #461 | 24 Jun 2014 | 112 min.
Listener Feedback #190

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
54 MB 13 MB 167 KB 134 KB 87 KB 157 KB

Episode #460 | 17 Jun 2014 | 120 min.
Authenticated Encryption

After catching up with a comparatively sleepy week of security news, Steve and Leo discuss the need for, and the Internet industry's search for, new standards for "Authenticated Encryption" which simultaneously encrypts messages for privacy while also authenticating them against any active in-flight tampering.
58 MB 14 MB 590 KB 113 KB 85 KB 145 KB

Episode #459 | 10 Jun 2014 | 111 min.
Listener Feedback #189

During this week's Q&A we host a special guest, industry veteran and ISP Brett Glass, who shares his views on the confusing Network Neutrality debate. We also catch up with the past week's security news and answer 10 questions and comments from our listeners.
54 MB 13 MB 914 KB 135 KB 86 KB 156 KB

Episode #458 | 03 Jun 2014 | 94 min.
TrueCrypt: WTF?

After covering the week's most interesting security news, Steve and Leo look back upon and analyze the past seven days of insanity which followed the startling surprise "self-takedown" of the longstanding TrueCrypt.org website, and of TrueCrypt itself.
45 MB 11 MB 140 KB 135 KB 79 KB 147 KB

Episode #457 | 27 May 2014 | 131 min.
Listener Feedback #188

During this week's Q&A we host a special guest, industry veteran and ISP Brett Glass, who shares his views on the confusing Network Neutrality debate. We also catch up with the past week's security news and answer 10 questions and comments from our listeners.
63 MB 16 MB 69 KB 215 KB 121 KB 217 KB

Episode #456 | 20 May 2014 | 123 min.
Harvesting Entropy

After catching up with an interesting, though not dramatic, week of security news, Steve and Leo examine the practical size of randomness and the challenge of collecting entropy in a client that may not have any built-in support for providing it, and may also be surrounded by active attackers.
59 MB 15 MB 174 KB 135 KB 94 KB 162 KB

Episode #455 | 13 May 2014 | 91 min.
Listener Feedback #187

Before plowing into 10 questions from our listeners, Leo and I discuss Microsoft's Second Tuesday patches, the CA Security Council's reaction to Chrome's CRLSet revocation revelations, an horrific appeal decision in Oracle v. Google, the forthcoming "Halt and Catch Fire" series, and more.
44 MB 11 MB 102 KB 122 KB 74 KB 139 KB

Episode #454 | 06 May 2014 | 112 min.
Certificate Revocation Part 2

After catching up with the week's security events, Leo and I continue and complete our examination of the history and present operation of security certificate revocation. With last week's theory behind us, this week we examine the current practice and implementation of certificate revocation.
54 MB 13 MB 544 KB 159 KB 93 KB 168 KB

Episode #453 | 29 Apr 2014 | 111 min.
Certificate Revocation Part 1

After catching up with the week's security events, Leo and I examine the history and operation of security certificate revocation and attempt to answer the question: What do we do when good certificates go bad?
53 MB 13 MB 113 KB 104 KB 84 KB 144 KB

Episode #452 | 22 Apr 2014 | 103 min.
Listener Feedback #186

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 99 KB 143 KB 83 KB 155 KB

Episode #451 | 15 Apr 2014 | 101 min.
TrueCrypt & Heartbleed Part 2

Not surprisingly, the previous week consisted of nearly a single story: Heartbleed. It was only “nearly,” though, because we also received the results from the first phase of the TrueCrypt audit. So this week Leo and I discuss these two topics in detail.
49 MB 12 MB 664 KB 117 KB 78 KB 141 KB

Episode #450 | 08 Apr 2014 | 96 min.
How the Heartbleeds

Leo and I discuss this long-anticipated, final "Second Tuesday of the Month" patch update for Windows XP - which has finally arrived. We share a bunch of interesting miscellany, then take a very deep dive to examine and understand the technology, events and implications of yesterday's (April 7, 2014) discovery of a two-year-old critical buffer overrun bug in the open source industry's OpenSSL protocol package. It's been named “Heartbleed” because it abuses the new TLS “heartbeat” extension to bleed the server of critical security information.
46 MB 12 MB 1.6 MB 105 KB 72 KB 134 KB

Episode #449 | 01 Apr 2014 | 128 min.
Listener Feedback #185

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
61 MB 15 MB 123 KB 171 KB 101 KB 182 KB

Episode #448 | 25 Mar 2014 | 107 min.
iOS Security (part 3 of 3)

On the heels of Apple’s major update to their iOS Security whitepaper, Steve and Leo catch up with the week’s top security news – one IMPORTANT Microsoft Zero-Day Fixit, but otherwise largely debunking a bunch of hysterical headlines and “news” stories. Then they FINALLY conclude what has become the three-part series describing the security of iOS v7.  Unfortunately, this week the news is less good.
51 MB 13 MB 237 KB 120 KB 82 KB 145 KB

Episode #447 | 18 Mar 2014 | 116 min.
iOS Security (part 2 of 3)

On the heels of Apple's major update to their iOS Security whitepaper, Leo and I catch up with the week's top security news, including coverage of the interesting discoveries from the past week's 14th annual CanSecWest and Pwn2Own hacking competitions. Then, having come up for breath after last week's Part 1 episode, we take a second deep dive into everything we have learned about the inner workings of iOS. Most is good news, but there's one bit that's VERY troubling.
56 MB 14 MB 295 KB 127 KB 87 KB 154 KB

Episode #446 | 11 Mar 2014 | 100 min.
iOS Security (part 1 of 3)

On the heels of Apple's major update to their iOS Security whitepaper, Leo and I catch up with the week's top security news, including coverage of Edward Snowden's live appearance during the recent SXSW conference. Then we take a deep dive into everything we have learned about the inner workings of iOS. Most is good news, but there's one bit that's VERY troubling!
48 MB 12 MB 268 KB 107 KB 75 KB 136 KB

Episode #445 | 04 Mar 2014 | 98 min.
Listener Feedback #184

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 134 KB 135 KB 79 KB 149 KB

Episode #444 | 25 Feb 2014 | 114 min.
Goto: Fail

The week delivered so much amazing news, much of it requiring some detailed and careful discussion, that we have a pure news podcast. It's titled from the errant line of code that was responsible for this week's highest-profile fumble of the week: Apple's complete lack of SSL/TLS certificate checking in both iOS and MAC OS X. (Both since fixed.)
55 MB 14 MB 169 KB 155 KB 89 KB 162 KB

Episode #443 | 18 Feb 2014 | 104 min.
Sisyphus

My original plan to explain Google's terrific innovations in web performance, known as “QUIC” were derailed by the week's overwhelmingly worrisome security news, with significant new problems from Linksys, Belkin, Asus and others. So this week's podcast is pure, and rather sobering, news of the week. We'll cover Google's “QUIC” as soon as time permits!
50 MB 13 MB 419 KB 149 KB 85 KB 158 KB

Episode #442 | 11 Feb 2014 | 97 min.
Listener Feedback #183

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 867 KB 140 KB 84 KB 153 KB

Episode #441 | 04 Feb 2014 | 108 min.
Password Policies (2014)

After catching up with a bunch of interesting news, Leo and I examine a terrific piece of research performed by Dashlane, makers of a password manager. They have researched and presented the current state of the top 100 web retailers' password policies. Fascinating!
52 MB 13 MB 190 KB 150 KB 87 KB 157 KB

Episode #440 | 28 Jan 2014 | 117 min.
Listener Feedback #182

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
56 MB 14 MB 227 KB 149 KB 95 KB 169 KB

Episode #439 | 21 Jan 2014 | 103 min.
Listener Feedback #181

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 916 KB 125 KB 82 KB 146 KB

Episode #438 | 14 Jan 2014 | 110 min.
NSA's ANT: What We've Learned

As promised last week, after catching up with another crazily-busy week of interesting and fun security news, we take a deep dive into the amazing NSA ANT documentation to learn what we can of the NSA's field capabilities. What we learn is chilling and interesting, though not entirely surprising.
56 MB 14 MB 2.9 MB 149 KB 90 KB 163 KB

Episode #437 | 07 Jan 2014 | 109 min.
New Year's News Catchup

This first podcast of 2014 catches us up on all of the news that transpired over the Christmas and New Years holidays... and there was a LOT of it! (Like it or not, the NSA news just keeps on coming!)
52 MB 13 MB 303 KB 151 KB 85 KB 157 KB

• Current Podcast Page
• Security Now 2013
• Security Now 2012
• Security Now 2011
• Security Now 2010
• Security Now 2009
• Security Now 2008
• Security Now 2007
• Security Now 2006
• Security Now 2005



You can receive an eMail reminder whenever this page is updated with a new Security Now! episode. Click the "Monitor Changes" button to have the highly-regarded "Change Detection" web site monitor this page and send you a note when it changes.

Monitor this page for changes: (it's private by ChangeDetection)
Security Now!, SpinRite Testimonials, and other Feedback:
Please use GRC's Visitor & Listener FEEDBACK Page where you may easily submit any feedback for Security Now, SpinRite testimonials, suggestions for future Security Now topics or questions & comments for future Listener Feedback episodes. Thank you!


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Apr 16, 2015 at 09:31 (2.29 days ago)Viewed 1,339 times per day