https





Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I take 30 to 90 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A PDF file containing Steve's show notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #451 | 15 Apr 2014 | 101 min.
TrueCrypt & Heartbleed Part 2

Not surprisingly, the previous week consisted of nearly a single story: Heartbleed. It was only “nearly,” though, because we also received the results from the first phase of the TrueCrypt audit. So this week Leo and I discuss these two topics in detail.
49 MB 12 MB 664 KB 117 KB 78 KB 141 KB

Episode #450 | 08 Apr 2014 | 96 min.
How the Heartbleeds

Leo and I discuss this long-anticipated, final "Second Tuesday of the Month" patch update for Windows XP - which has finally arrived. We share a bunch of interesting miscellany, then take a very deep dive to examine and understand the technology, events and implications of yesterday's (April 7, 2014) discovery of a two-year-old critical buffer overrun bug in the open source industry's OpenSSL protocol package. It's been named “Heartbleed” because it abuses the new TLS “heartbeat” extension to bleed the server of critical security information.
46 MB 12 MB 1.6 MB 105 KB 72 KB 134 KB

Episode #449 | 01 Apr 2014 | 128 min.
Listener Feedback #185

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
61 MB 15 MB 123 KB 171 KB 101 KB 182 KB

Episode #448 | 25 Mar 2014 | 107 min.
iOS Security (part 3 of 3)

On the heels of Apple’s major update to their iOS Security whitepaper, Steve and Leo catch up with the week’s top security news – one IMPORTANT Microsoft Zero-Day Fixit, but otherwise largely debunking a bunch of hysterical headlines and “news” stories. Then they FINALLY conclude what has become the three-part series describing the security of iOS v7.  Unfortunately, this week the news is less good.
51 MB 13 MB 237 KB 120 KB 82 KB 145 KB

Episode #447 | 18 Mar 2014 | 116 min.
iOS Security (part 2 of 3)

On the heels of Apple's major update to their iOS Security whitepaper, Leo and I catch up with the week's top security news, including coverage of the interesting discoveries from the past week's 14th annual CanSecWest and Pwn2Own hacking competitions. Then, having come up for breath after last week's Part 1 episode, we take a second deep dive into everything we have learned about the inner workings of iOS. Most is good news, but there's one bit that's VERY troubling.
56 MB 14 MB 295 KB 127 KB 87 KB 154 KB

Episode #446 | 11 Mar 2014 | 100 min.
iOS Security (part 1 of 3)

On the heels of Apple's major update to their iOS Security whitepaper, Leo and I catch up with the week's top security news, including coverage of Edward Snowden's live appearance during the recent SXSW conference. Then we take a deep dive into everything we have learned about the inner workings of iOS. Most is good news, but there's one bit that's VERY troubling!
48 MB 12 MB 268 KB 107 KB 75 KB 136 KB

Episode #445 | 04 Mar 2014 | 98 min.
Listener Feedback #184

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 134 KB 135 KB 79 KB 149 KB

Episode #444 | 25 Feb 2014 | 114 min.
Goto: Fail

The week delivered so much amazing news, much of it requiring some detailed and careful discussion, that we have a pure news podcast. It's titled from the errant line of code that was responsible for this week's highest-profile fumble of the week: Apple's complete lack of SSL/TLS certificate checking in both iOS and MAC OS X. (Both since fixed.)
55 MB 14 MB 169 KB 155 KB 89 KB 162 KB

Episode #443 | 18 Feb 2014 | 104 min.
Sisyphus

My original plan to explain Google's terrific innovations in web performance, known as “QUIC” were derailed by the week's overwhelmingly worrisome security news, with significant new problems from Linksys, Belkin, Asus and others. So this week's podcast is pure, and rather sobering, news of the week. We'll cover Google's “QUIC” as soon as time permits!
50 MB 13 MB 419 KB 149 KB 85 KB 158 KB

Episode #442 | 11 Feb 2014 | 97 min.
Listener Feedback #183

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 867 KB 140 KB 84 KB 153 KB

Episode #441 | 04 Feb 2014 | 108 min.
Password Policies (2014)

After catching up with a bunch of interesting news, Leo and I examine a terrific piece of research performed by Dashlane, makers of a password manager. They have researched and presented the current state of the top 100 web retailers' password policies. Fascinating!
52 MB 13 MB 190 KB 150 KB 87 KB 157 KB

Episode #440 | 28 Jan 2014 | 117 min.
Listener Feedback #182

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
56 MB 14 MB 227 KB 149 KB 95 KB 169 KB

Episode #439 | 21 Jan 2014 | 103 min.
Listener Feedback #181

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 916 KB 125 KB 82 KB 146 KB

Episode #438 | 14 Jan 2014 | 110 min.
NSA's ANT: What We've Learned

As promised last week, after catching up with another crazily-busy week of interesting and fun security news, we take a deep dive into the amazing NSA ANT documentation to learn what we can of the NSA's field capabilities. What we learn is chilling and interesting, though not entirely surprising.
56 MB 14 MB 2.9 MB 149 KB 90 KB 163 KB

Episode #437 | 07 Jan 2014 | 109 min.
New Year's News Catchup

This first podcast of 2014 catches us up on all of the news that transpired over the Christmas and New Years holidays... and there was a LOT of it! (Like it or not, the NSA news just keeps on coming!)
52 MB 13 MB 303 KB 151 KB 85 KB 157 KB

Episode #435 | 18 Dec 2013 | 108 min.
Listener Feedback #180

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 909 KB 156 KB 91 KB 166 KB

Episode #434 | 11 Dec 2013 | 111 min.
Listener Feedback #179

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
53 MB 13 MB 2.8 MB 175 KB 99 KB 178 KB

Episode #433 | 04 Dec 2013 | 98 min.
“BULLRUN”: How the NSA breaks Internet encryption

After catching up with the week's more interesting Security News and my Miscellany (such as NASA working on an FTL Warp Drive!) Leo & I take a closer look at “BULLRUN”, the NSA's code name for their encryption cracking initiative, to speculate upon just what the NSA might be doing... and capable of doing.
47 MB 12 MB 1.2 MB 119 KB 76 KB 140 KB

Episode #432 | 27 Nov 2013 | 90 min.
Coin, CryptoLocker, Patent Trolls & More

Following another week overfilled with interesting security-related news, Steve and Leo spend an hour and a half diving deeply into an updated (and likely very close to correct) understanding of the COIN payment card, news on the CryptoLocker front, a close look at a patent troll case that has so far done the wrong way, and much more.
43 MB 11 MB 314 KB 109 KB 69 KB 129 KB

Episode #431 | 20 Nov 2013 | 106 min.
What Is RADIUS?

After catching up on another whirlwind week of really interesting Internet security news, Leo and I provide a brief overview of “RADIUS” - the 22-year-old pervasive, but often unseen, protocol and system for providing wide area network user authentication and accounting.
51 MB 13 MB 142 KB 85 KB 156 KB

Episode #430 | 13 Nov 2013 | 100 min.
Listener Feedback #178

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 148 KB 83 KB 154 KB

Episode #429 | 06 Nov 2013 | 105 min.
“Monkey” Was 26th!

The past week was so jam-packed with so much fun and interesting security news that we had a hard time just fitting it all in. So this week's podcast is news, news, news!
50 MB 13 MB 167 KB 87 KB 163 KB

Episode #428 | 30 Oct 2013 | 101 min.
Listener Feedback #177

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 172 KB 88 KB 166 KB

Episode #427 | 23 Oct 2013 | 93 min.
A Newsy Week!

So much happened during the past week that today's podcast will consist of a series of rather deep dives into the many interesting things we have to discuss.
45 MB 11 MB 146 KB 77 KB 147 KB

Episode #426 | 16 Oct 2013 | 99 min.
SQRL: Anti-Phishing & Revocation

After following-up on a week chockful of interesting security news, Steve and Leo continue with their discussion of SQRL, the Secure QR code Login system, to discuss two recent innovations in the system that bring additional valuable features.
48 MB 12 MB 128 KB 79 KB 146 KB

Episode #425 | 09 Oct 2013 | 106 min.
SQRL and Q&A #176

Following up on last week's “SQRL - Secure QR Login” podcast, this week's Q&A focuses upon the many interesting questions my description of a new approach to secure website login sparked in the minds of the podcast's listeners. And, of course, we also catch up with the week's news.
51 MB 13 MB 188 KB 94 KB 175 KB

Episode #424 | 02 Oct 2013 | 106 min.
SQRL: Secure QR Login

After catching up with the week's minimal security news, Tom and I take the wraps off of “SQRL” (pronounced “squirrel”), Steve's recent brainstorm to propose a truly practical replacement for always-troublesome website login usernames and passwords.
51 MB 13 MB 106 KB 86 KB 148 KB

Episode #423 | 25 Sep 2013 | 104 min.
Fingerprint Biometrics

After catching up with the week's news, and following the news that Apple's new iPhone Touch ID system was spoofed within days of its release, Tom and I take a much closer look at the technology and application of Apple's Touch ID system, examining the reports of its early demise.
50 MB 12 MB 106 KB 84 KB 146 KB

Episode #422 | 18 Sep 2013 | 96 min.
Listener Feedback #175

Tom and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 103 KB 84 KB 143 KB

Episode #421 | 11 Sep 2013 | 106 min.
The Perfect Accusation

After covering this month's Patch Tuesday events and catching up with the past week's security news, Leo & I examine the week's most troubling and controversial revelations: the NSA's reported ability to crack much of the Internet's encrypted traffic. We explain how different the apparent reality is from the headlines, but why, also, this does form "The Perfect Accusation" to significantly strengthen all future cryptographic standards.
51 MB 13 MB 153 KB 89 KB 162 KB

Episode #420 | 04 Sep 2013 | 81 min.
Bitmessage

After catching up with a lot of interesting security news, Leo and I examine the operation and technology of the new Bitmessage secure and anonymous Internet messaging system.
39 MB 10 MB 120 KB 68 KB 131 KB

Episode #419 | 28 Aug 2013 | 97 min.
Listener Feedback #174

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 167 KB 84 KB 160 KB

Episode #418 | 21 Aug 2013 | 110 min.
Considering PGP

This week, Leo and I continue covering the consequences of the Snowden leaks and, with that in mind, we examine the Pretty Good Privacy (PGP) system for securely encrypting eMail and attachments.
53 MB 13 MB 162 KB 90 KB 167 KB

Episode #417 | 14 Aug 2013 | 92 min.
Listener Feedback #173

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 166 KB 82 KB 160 KB

Episode #416 | 07 Aug 2013 | 102 min.
Black Hat 2013, Tor & More

With last week's Las Vegas Black Hat 2013 and DEFCON conferences just completed, Leo and I examine the most significant and worrisome revelations to emerge from that annual convocation, and also discuss and dissect the week's top security news.
49 MB 12 MB 147 KB 79 KB 149 KB

Episode #415 | 31 Jul 2013 | 106 min.
Listener Feedback #172

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 167 KB 90 KB 167 KB

Episode #414 | 24 Jul 2013 | 99 min.
Inflection Points

This week we mix security news and updates with a discussion and analysis of the security industry's evolving reactions to the NSA/Snowden revelations. Leo and I examine several of the more significant news items and blogs relating to the issues of widespread Internet surveillance. Though it's not super technical, we believe you'll find it worth your time... and thought provoking.
48 MB 12 MB 155 KB 83 KB 157 KB

Episode #413 | 17 Jul 2013 | 108 min.
How Much Tinfoil?

Though regularly scheduled to be a Q&A episode, Steve and Leo had SO MUCH to cover in the week's news that there was no time left for questions. We'll save those for episode #415 and this week enjoy a great discussion of the week's many events. We'll wrap up with a discussion of the wide range of "tinfoil" solutions available and their convenience versus security tradeoffs.
52 MB 13 MB 158 KB 91 KB 165 KB

Episode #412 | 10 Jul 2013 | 95 min.
SSL & Perfect Forward Secrecy

After catching up with a bunch of interesting security news of the week and my Sci-Fi and SpinRite development updates, Leo and I explore the already existing SSL/TLS technology known as “Perfect Forward Secrecy,” which becomes useful in a world where encrypted traffic is being captured and archived.
46 MB 11 MB 135 KB 78 KB 144 KB

Episode #411 | 03 Jul 2013 | 103 min.
Listener Feedback #171

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 168 KB 92 KB 174 KB

Episode #410 | 26 Jun 2013 | 108 min.
Interesting & Useful Intel History

After catching up with another post-PRISM week of security industry news, Leo and I wind up and release our propeller beanies for a deep dive into the early history of Intel processor memory management - which, it turns out, has direct application to Steve's current work on SpinRite v6.1.
52 MB 13 MB 153 KB 87 KB 157 KB

Episode #409 | 19 Jun 2013 | 95 min.
Listener Feedback #170

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 168 KB 85 KB 163 KB

Episode #408 | 12 Jun 2013 | 97 min.
The State of Surveillance (How the NSA's PRISM program works.)

Leo and I remind our listeners that we just had another Microsoft Patch Tuesday. Then I detail and carefully lay down a solid foundation of theory of the operation of the NSA's PRISM program. This explains EVERYTHING about what the NSA is doing, and how. I even explain how and why the program got its name.

Podcast Document Resources: 1, 2, 3, 4, 5
47 MB 12 MB 145 KB 87 KB 162 KB

Episode #407 | 05 Jun 2013 | 104 min.
Listener Feedback #169

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 178 KB 94 KB 175 KB

Episode #406 | 29 May 2013 | 82 min.
Chatting Off the Record With OTR

After covering the week's security news, Leo and I examine an interesting security protocol known as “Off The Record”(OTR) which has been specifically designed to protect conversational privacy, both as it happens and also in the future.
39 MB 10 MB 106 KB 67 KB 125 KB

Episode #405 | 22 May 2013 | 100 min.
Listener Feedback #168

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 176 KB 89 KB 168 KB

Episode #404 | 15 May 2013 | 87 min.
How Facebook Monetizes

After catching up with the past week's updates and security news, Iyaz and I share information presented by the Electronic Frontier Foundation (EFF) which describes how Facebook manages the privacy interactions with their third-party data warehouses and advertisers.
42 MB 10 MB 80 KB 69 KB 122 KB

Episode #403 | 08 May 2013 | 98 min.
Listener Feedback #167

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 156 KB 84 KB 160 KB

Episode #402 | 01 May 2013 | 89 min.
BitTorrent Sync

After catching up with the week's security news, Leo and I examine everything that's currently known about the recently released “BitTorrent Sync” peer-to-peer file sharing and folder synchronizing application. (Everything seen so far looks 100% correct and VERY useful.)
42 MB 11 MB 135 KB 75 KB 142 KB

Episode #401 | 24 Apr 2013 | 99 min.
Listener Feedback #166

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 172 KB 88 KB 165 KB

Episode #400 | 17 Apr 2013 | 83 min.
VPN Solutions

After catching up with a wild week of security events, Leo and I revisit a topic from the earliest episodes of the Security Now podcast: Virtual Private Networks (VPNs). This coincides with the introduction of a new sponsor on the TWIT network, proXPN, a VPN provider that truly looks like the right choice.
40 MB 10 MB 110 KB 65 KB 125 KB

Episode #399 | 10 Apr 2013 | 101 min.
Listener Feedback #165

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 182 KB 91 KB 172 KB

Episode #398 | 03 Apr 2013 | 102 min.
Distributed Hash Tables

After catching up with a busy week in the security space, Leo and I cover an intriguing topic in fundamental distributed Internet technology, Distributed Hash Tables, which is the somewhat awkward name for distributed database technology.
50 MB 12 MB 147 KB 84 KB 155 KB

Episode #397 | 27 Mar 2013 | 114 min.
Listener Feedback #164

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
55 MB 14 MB 192 KB 99 KB 185 KB

Episode #396 | 20 Mar 2013 | 90 min.
The Telnet-pocalypse

This week was so chockful of things to discuss that we had no time to explore the fascinating technology and operation of Distributed Hash Tables. That discussion will be “tabled” for two weeks. This week, we look more closely into the somewhat troubling issues of SSL/TLS server security as revealed by SSLLabs.com, discuss the SWAT team arriving at Brian Krebs's home, examine the consequences of the revelation that 420 million routers are accepting trivial logins on their Telnet ports, and more!
43 MB 11 MB 148 KB 76 KB 144 KB

Episode #395 | 13 Mar 2013 | 89 min.
Listener Feedback #163

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 131 KB 76 KB 142 KB

Episode #394 | 06 Mar 2013 | 91 min.
Tor v2 with Hidden Services

After catching up with this week's Java vulnerabilities and emergency updates, Leo and I examine the recent evolution of the public and free “Tor” Internet anonymizing network. We look at the network's updated operation and its new ability to offer “hidden services” in addition to hiding the identity and location of the services' users.
44 MB 11 MB 126 KB 75 KB 139 KB

Episode #393 | 27 Feb 2013 | 80 min.
Listener Feedback #162

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 146 KB 83 KB 155 KB

Episode #392 | 20 Feb 2013 | 91 min.
The Internet Underworld

We first converse with today's special guest, Brian Krebs, who for many years wrote for the Washington Post and is now publishing his own “Krebs on Security” blog. Our topic is “The Internet Underground.” After that, we catch up with a somewhat busy and interesting week in Internet security.
44 MB 11 MB 140 KB 83 KB 157 KB

Episode #391 | 13 Feb 2013 | 80 min.
Listener Feedback #161

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 10 MB 167 KB 76 KB 151 KB

Episode #390 | 06 Feb 2013 | 79 min.
“Mega” Security Overview

After covering “UPnP a week later” and catching up with some interesting security industry happenings, Leo and I take a look into the controversy surrounding the security (or lack thereof) of Kim Dotcom's new “Mega” cloud storage offering.
38 MB 9.5 MB 131 KB 68 KB 122 KB

Episode #389 | 30 Jan 2013 | 91 min.
Listener Feedback #160  &  UPnP Exposure Disaster

Leo and I discuss the week's major security events—and the disastrous news of 81 million exposed vulnerable routers!—discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 164 KB 79 KB 156 KB

Episode #388 | 23 Jan 2013 | 103 min.
Memory Hard Problems

After catching up with a bunch of fun and interesting news of the week, Leo and I examine the future of anti-hacking password scrambling and storage with the introduction of “Memory Hard Problems,” which are provably highly resistant to massive hardware acceleration.
50 MB 12 MB 129 KB 81 KB 147 KB

Episode #387 | 16 Jan 2013 | 101 min.
Listener Feedback #159

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 133 KB 84 KB 154 KB

Episode #386 | 09 Jan 2013 | 92 min.
Disconnect WidgetJacking

After catching up with a very busy week of interesting security news and events, Leo and I examine the growing privacy and security problems created by the ever more pervasive social widgets - Facebook's LIKE button, Google's +1, Twitter's Tweet!, and others - and they offer an easy-to-use free solution!
44 MB 11 MB 141 KB 76 KB 147 KB

Episode #385 | 02 Jan 2013 | 93 min.
Listener Feedback #158

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 126 KB 80 KB 145 KB

Episode #384 | 26 Dec 2012 | 65 min.
Once Upon a Time

For this special year-end holiday edition of Security Now!, I dug down deep into my video archives, taking back 22 years, to 1990, to share a 45-minute presentation I gave, once upon a time, on the inner workings of the “megabyte-sized” hard disk drives that gave birth to the PC industry.
31 MB 7.8 MB 65 KB 50 KB 94 KB

Episode #383 | 19 Dec 2012 | 83 min.
Listener Feedback #157

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 115 KB 72 KB 135 KB

Episode #382 | 12 Dec 2012 | 74 min.
QR Codes

After catching up with the week's news, Leo and I take a deep dive into the technology of the ever-more-ubiquitous “QR Codes” which are popping up everywhere and are increasingly being used, not only for good, but with malicious intent.
36 MB 8.9 MB 98 KB 59 KB 113 KB

Episode #381 | 05 Dec 2012 | 105 min.
Listener Feedback #156

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 150 KB 85 KB 159 KB

Episode #380 | 28 Nov 2012 | 92 min.
DTLS - Datagram Transport Layer Security

After catching up with lots of interesting security news, updates on Steve's Acoustic Dog Training project, and lots of other miscellany, Leo and I examine a recently developed and increasingly popular Internet security protocol, DTLS, which combines the advantages of UDP with SSL security.
44 MB 11 MB 111 KB 72 KB 131 KB

Episode #379 | 21 Nov 2012 | 104 min.
Listener Feedback #155

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 13 MB 108 KB 85 KB 148 KB

Episode #378 | 14 Nov 2012 | 113 min.
Microsoft: Security, Privacy & DNT

After catching up with an interesting and varied grab-bag of security news and paraphernalia, Tom and I further examine the controversy surrounding Microsoft's decision to enable the Do Not Track (DNT) "signal" header in IE10, and share some insights gained from a recent Microsoft Executive VP Keynote presentation about exactly this issue.
54 MB 14 MB 110 KB 90 KB 153 KB

Episode #377 | 07 Nov 2012 | 87 min.
Listener Feedback #154

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 10 MB 93 KB 73 KB 130 KB

Episode #376 | 31 Oct 2012 | 58 min.
Fully Homomorphic Encryption

This week, after failing to find much in the way of interesting security news, Leo and I make up for that by introducing the concept of “Fully Homomorphic Encryption,” which allows encrypted data to be operated upon WITHOUT it first being decrypted, and results remain encrypted.
28 MB 7.0 MB 74 KB 43 KB 91 KB

Episode #375 | 24 Oct 2012 | 103 min.
Listener Feedback #153

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
49 MB 12 MB 151 KB 87 KB 163 KB

Episode #374 | 17 Oct 2012 | 76 min.
ECC - Elliptic Curve Cryptography

After catching up with the week's most important security news, Leo and I wind up our propeller-cap beanies, right to the breaking point of their springs, in order to obtain enough lift to examine and explore the operation of ECC - Elliptic Curve Cryptography - the next-generation public key cryptography technology.
36 MB 9.1 MB 91 KB 56 KB 108 KB

Episode #373 | 10 Oct 2012 | 83 min.
Listener Feedback #152

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 9.9 MB 132 KB 71 KB 139 KB

Episode #372 | 03 Oct 2012 | 57 min.
NFC - Near Field Communications

After catching up with just a tiny bit of security news (it was a very quiet week in security), Leo and I take the podcast's first-ever comprehensive look at the emerging and increasingly popular NFC (Near Field Communications) technology, which is now present in tens of millions of cell phones and other mobile and fixed-location devices.
27 MB 6.8 MB 68 KB 43 KB 87 KB

Episode #371 | 26 Sep 2012 | 99 min.
Listener Feedback #151

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 147 KB 82 KB 156 KB

Episode #370 | 19 Sep 2012 | 98 min.
Mark Russinovich & Other News

We begin the week with a visit with our distinguished guest, Mark Russinovich, late of Sysinternals and now with Microsoft. Mark joins us to chat about the release of his second security thriller, “Trojan Horse,” and to share some of his view of the security world.
47 MB 12 MB 127 KB 81 KB 146 KB

Episode #369 | 11 Sep 2012 | 100 min.
Internet Identity Update

After catching up with an eventful week of security news, Leo and I step back for an overview and discussion of the slowly evolving state of the art in Internet Identity Authentication.
48 MB 12 MB 150 KB 80 KB 150 KB

Episode #368 | 05 Sep 2012 | 95 min.
Listener Feedback #150

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 140 KB 79 KB 149 KB

Episode #367 | 29 Aug 2012 | 91 min.
What a Busy Week!

We have so much security news and information to cover this week that we didn’t have time to take questions from our listeners. What we have, instead, is a LOT of interesting news about the new Java vulnerabilities, new TNO cloud storage solutions, and lots more.
44 MB 11 MB 129 KB 75 KB 142 KB

Episode #366 | 22 Aug 2012 | 68 min.
Password Cracking Update: The Death of “Clever”

After catching up with a collection of miscellaneous and interesting security-related news, Leo and I take a close look at the long-term consequences of the many massive password leakages which have occurred. The upshot? Hackers are getting MUCH better at cracking passwords, and “clever” techniques can no longer be regarded as safe.
32 MB 8.1 MB 89 KB 50 KB 104 KB

Episode #365 | 15 Aug 2012 | 82 min.
Listener Feedback #149

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB 9.8 MB 111 KB 68 KB 129 KB

Episode #364 | 08 Aug 2012 | 103 min.
Mat Honan's Very Bad Weekend

After catching up with an eventful week of security news, Leo and I describe and explore the details of the “epic hack” that recently befell well-known technology writer Mat Honan.
50 MB 12 MB 135 KB 80 KB 149 KB

Episode #363 | 01 Aug 2012 | 81 min.
Ali Baba's Cave

After catching up with an eventful week of security news, Leo and I explore a variant of the story of “Ali Baba's Cave” as a means for clearly explaining the operation and requirements of cryptographic Zero-Knowledge Interactive Proofs.
39 MB 9.8 MB 126 KB 67 KB 130 KB

Episode #362 | 25 Jul 2012 | 89 min.
Listener Feedback #148

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 154 KB 79 KB 150 KB

Episode #361 | 18 Jul 2012 | 74 min.
Paul Vixie & DNS Changer

After catching up with the week's security news, Leo and I take a close look at the recent “DNS Changer” malware, the FBI's role in the “takedown” of the malicious servers, and the expert technical assistance provided by Paul Vixie, one of the pioneers and principal developers of the Internet's Domain Name System (DNS).
36 MB 8.9 MB 98 KB 61 KB 118 KB

Episode #360 | 11 Jul 2012 | 95 min.
Listener Feedback #147

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 11 MB 164 KB 86 KB 162 KB

Episode #359 | 27 Jun 2012 | 75 min.
Coddling Our Buffers

After catching up with a few items of security and privacy news, Leo and I return to the Internet's "Buffer Bloat" problem to share the new solution “CoDel” (pronounced “coddle”) that has been developed by several of the Internet's original and leading technologists and designers.
36 MB 9.0 MB 82 KB 56 KB 107 KB

Episode #358 | 20 Jun 2012 | 83 min.
Listener Feedback #146

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 9.9 MB 128 KB 71 KB 137 KB

Episode #357 | 13 Jun 2012 | 92 min.
Flame On!

This week, after catching up with a large amount of the week’s news, Leo and I carefully examine two major new discoveries about the Windows Flame worm.
44 MB 11 MB 106 KB 65 KB 122 KB

Episode #356 | 06 Jun 2012 | 103 min.
Listener Feedback #145

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 189 KB 90 KB 173 KB

Episode #355 | 30 May 2012 | 77 min.
Poking Holes in TCP

Steve and Leo tackle two new and interesting threats to Internet security. First, the newly discovered “Flame” / “Flamer” / “Skywiper” malware dwarfs Stuxnet and Duqu in capability and complexity. Then they examine the work of two University of Michigan researchers who have detailed a collection of new ways to attack the TCP protocol. They inject malicious content into innocent web pages and add malicious links to online chats.
37 MB 9.3 MB 88 KB 60 KB 112 KB

Episode #354 | 23 May 2012 | 98 min.
Listener Feedback #144

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 124 KB 81 KB 148 KB

Episode #353 | 16 May 2012 | 70 min.
DMARC - eMail Security

After catching up with the week's news, Steve and Leo look at the state of the slow but sure and steady progress being made to tighten up the Internet's eMail security. Since spoofing and phishing continue to be huge problems, these problems continue to command the attention of the Internet's largest commerce, financial, and social networking domains. The good news is: There's good reason for hope!!
34 MB 8.4 MB 80 KB 56 KB 107 KB

Episode #352 | 09 May 2012 | 106 min.
Listener Feedback #143

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 151 KB 92 KB 166 KB

Episode #351 | 02 May 2012 | 89 min.
Three Hybrid Cloud Solutions

After catching up with the week's news and Twitter feedback, Leo and I closely examine three remote cloud storage solutions whose Crypto was done COMPLETELY right, Offering full TNO (Trust No One) security. And one of them makes me (Steve) wish I were a Mac user!
43 MB 11 MB 116 KB 73 KB 134 KB

Episode #350 | 25 Apr 2012 | 111 min.
Twitter Feedback Q&A #142 / Cloud Security

During this special Q&A episode, Iyaz and I host an entirely Twitter-driven Q&A episode, caused by the flurry of interest created by last week's focus upon Cloud Storage Solutions. After catching up with the week's security-related events, we zip through 21 tweets, then focus upon and examine the security architecture of one controversial and popular cloud storage provider: Backblaze.
53 MB 13 MB 93 KB 86 KB 145 KB

Episode #349 | 19 Apr 2012 | 86 min.
Cloud Solutions

After catching up with the week's news, Leo and I examine ALL of the various cloud-based synchronizing, storage and backup solutions we could find. I survey each one in turn, and Leo chimes in with his own personal experience with many of the offerings. We conclude that SpiderOak looks like the winner, though Jungle Disk is still in the running.
42 MB 10 MB 104 KB 69 KB 126 KB

Episode #348 | 11 Apr 2012 | 95 min.
Listener Feedback #141

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 126 KB 79 KB 144 KB

Episode #347 | 04 Apr 2012 | 92 min.
iOS Password Mis-Managers

After catching up with the week's news, Leo and I examine the inner workings of the most popular password managers for Apple's iOS devices to determine whether and to what degree they offer enhanced security for safe password storage.
50 MB 12 MB 153 KB 90 KB 166 KB

Episode #346 | 28 Mar 2012 | 103 min.
Listener Feedback #140

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB 12 MB 153 KB 90 KB 166 KB

Episode #345 | 21 Mar 2012 | 108 min.
Buffer Bloat

After catching up with the week's news, Leo and I examine the growing concern over, and performance problems created by, the Internet's “Buffer Bloat,” which has been silently creeping into our networks as the cost of RAM memory used for buffers has been dropping. It's easy to assume that more buffering is good, but that's not true for the Internet.
52 MB 13 MB 131 KB 85 KB 153 KB

Episode #344 | 14 Mar 2012 | 108 min.
Listener Feedback #139

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 161 KB 98 KB 175 KB

Episode #343 | 06 Mar 2012 | 77 min.
HTTP & SPDY

This week, after catching up with the week's security and privacy news, Steve and Leo take a detailed look at the World Wide Web's current TCP & HTTP protocols, and examine the significant work that's been done by the Chromium Project on “SPDY”, a next-generation web protocol for dramatically decreasing page load times and latency and improving performance and interactivity.
37 MB 9.2 MB 84 KB 60 KB 110 KB

Episode #342 | 29 Feb 2012 | 109 min.
Listener Feedback #138

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
52 MB 13 MB 153 KB 94 KB 168 KB

Episode #341 | 22 Feb 2012 | 90 min.
Can “Anonymous” Take Down the Internet?

This week, after catching up with the week’s security and privacy news, Steve and Leo examine the feasibility of the hacker group “Anonymous” successfully taking the Internet offline after a disavowed Internet posting has claimed they intend on March 31st.
43 MB 11 MB 112 KB 72 KB 133 KB

Episode #340 | 15 Feb 2012 | 116 min.
Listener Feedback #137

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
56 MB 14 MB 181 KB 97 KB 182 KB

Episode #339 | 08 Feb 2012 | 82 min.
“ScriptNo” for Chrome

This week, after catching up with a busy and interesting week of security news and events, Leo and I take a close look at “ScriptNo”, a new Chrome extension created by a developer who left Firefox (and NoScript) for Chrome and was pining for NoScript's many features.
39 MB 9.8 MB 113 KB 66 KB 105 KB

Episode #338 | 01 Feb 2012 | 92 min.
Listener Feedback #136

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 148 KB 83 KB 157 KB

Episode #337 | 25 Jan 2012 | 74 min.
WPS: A Troubled Protocol

This week, after catching up on an interesting week of Security and Privacy news and legislation, Leo and I examine the troubled Wi-Fi Protected Security (WPS) protocol in detail to understand its exact operation, and to examine a series of limitations that cannot be resolved.
36 MB 8.9 MB 107 KB 61 KB 121 KB

Episode #336 | 18 Jan 2012 | 96 min.
Listener Feedback #135

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB 12 MB 120 KB 78 KB 144 KB

Episode #335 | 09 Jan 2012 | 83 min.
Wi-Fi Protected (In)Security

After catching up with only a small bit of the week's security news, Leo and I discuss the recent revelation of a fundamental security flaw in the functioning of the WiFi WPA standard. WiFi Access Points, following the certification-mandated default configuration, allow an attacker to obtain network access within just a few hours.
40 MB 10 MB 103 KB 63 KB 121 KB

Episode #334 | 04 Jan 2012 | 98 min.
Listener Feedback #134

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 165 KB 87 KB 163 KB

• Security Now 2011
• Security Now 2010
• Security Now 2009
• Security Now 2008
• Security Now 2007
• Security Now 2006
• Security Now 2005



You can receive an eMail reminder whenever this page is updated with a new Security Now! episode. Click the "Monitor Changes" button to have the highly-regarded "Change Detection" web site monitor this page and send you a note when it changes.

Monitor this page for changes: (it's private by ChangeDetection)
Security Now!, SpinRite Testimonials, and other Feedback:
Please use GRC's Visitor & Listener FEEDBACK Page where you may easily submit any feedback for Security Now, SpinRite testimonials, suggestions for future Security Now topics or questions & comments for future Listener Feedback episodes. Thank you!


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Apr 17, 2014 at 16:54 (3.44 days ago)Viewed 2,083 times per day