Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I take 30 to 90 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A web page with any supplementary notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #124 | 27 Dec 2007 | 67 min.
Listener Feedback #31

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB2.1 KB91 KB56 KB108 KB

Episode #123 | 20 Dec 2007 | 46 min.
Jungle Disk

Leo and I invite Jungle Disk's creator, Dave Wright, to join the podcast to talk about his $20 product that allows for extremely economical, efficient, seamless and absolutely secure online storage of any user data within Amazon's high-performance, high-reliability "S3" storage facility.
22 MB5.6 MB2.1 KB68 KB42 KB96 KB

Episode #122 | 13 Dec 2007 | 73 min.
Listener Feedback #30

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.1 KB112 KB64 KB116 KB

Episode #121 | 06 Dec 2007 | 54 min.
Is Privacy Dead?

This week Steve and Leo take a break from the details of bits and bytes to discuss and explore the many issues surrounding the gradual and inexorable ebbing of individual privacy as we (consumers) rely increasingly upon the seductive power of digital-domain services.
26 MB6.5 MB2.1 KB92 KB47 KB102 KB

Episode #120 | 29 Nov 2007 | 97 min.
Listener Feedback #29

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB12 MB2.1 KB146 KB86 KB135 KB

Episode #119 | 22 Nov 2007 | 70 min.
PayPal and DoubleClick

Leo and I dissect the "Links" on PayPal's site with an eye toward reverse engineering the reason for many of them routing PayPal's users through servers owned by DoubleClick. We carefully explain the nature of the significant privacy concerns raised by this practice.
33 MB8.4 MB2.1 KB84 KB53 KB104 KB

Episode #118 | 15 Nov 2007 | 81 min.
Listener Feedback #28

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.8 MB2.1 KB120 KB71 KB121 KB

Episode #117 | 08 Nov 2007 | 53 min.
Even More Perfect paper Passwords

Leo and I discuss the updated second version of our Perfect Paper Passwords (PPP) system and examine a number of interesting subtle questions such as whether it's better to have fully random equally probable passwords or true one-time-only passwords; and how, whether, and why attack strategies affect that decision.
26 MB6.5 MB2.3 KB67 KB41 KB94 KB

Episode #116 | 01 Nov 2007 | 47 min.
Listener Feedback #27

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
23 MB5.7 MB2.1 KB73 KB41 KB96 KB

Episode #115 | 25 Oct 2007 | 83 min.
Perfect Paper Passwords

During this week's second half of our discussion of GRC's new secure roaming authentication system, I reveal and fully describe the unique, simple, clean, and super-secure one-time password solution I designed to provide roaming authentication for GRC's employees. I also describe our own freely available software implementation of the "PPP" system, as well as several other recently created open source implementations.
40 MB10 MB2.0 KB122 KB68 KB121 KB

Episode #114 | 18 Oct 2007 | 95 min.
Listener Feedback #26

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB4.1 KB138 KB83 KB132 KB

Episode #113 | 11 Oct 2007 | 56 min.
Roaming Authentication

In this first of a two-part series, Leo and I discuss my recent design of a secure roaming authentication solution for GRC's employees. I begin to describe the lightweight super-secure system I designed where even an attacker with "perfect knowledge" of an employee's logon will be unable to gain access to protected resources.
27 MB6.7 MB2.1 KB73 KB42 KB96 KB

Episode #112 | 04 Oct 2007 | 64 min.
Listener Feedback #25

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.8 MB2.1 KB93 KB55 KB108 KB

Episode #111 | 27 Sept 2007 | 41 min.
OpenID Precautions

Having several times addressed the value and potential of the open source, open spec., and popular OpenID system, which is rapidly gaining traction as a convenient means for providing "single sign-on" identification on the Internet, this week Leo and I examine problems and concerns, both with OpenID and those inherent in any centralized identity management solution.
20 MB5.0 MB2.8 KB51 KB32 KB86 KB

Episode #110 | 20 Sept 2007 | 95 min.
Listener Feedback #24

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
46 MB11 MB2.6 KB161 KB85 KB138 KB

Episode #109 | 13 Sept 2007 | 95 min.
GRC's eCommerce System

Leo and I delve into some of the non-obvious problems encountered during the creation of a robust and secure eCommerce system. I explain the hurdles I faced, the things that initially tripped me up, and the solutions I found when I was creating GRC's custom eCommerce system.
46 MB11.4 MB2.6 KB128 KB77 KB127 KB

Episode #108 | 06 Sept 2007 | 80 min.
Listener Feedback #23

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
39 MB9.7 MB2.1 KB115 KB66 KB127 KB

Episode #107 | 30 Aug 2007 | 53 min.
PIP & Even More Perfect Passwords

Leo and I discuss two topics this week: The availability and operation of VeriSign Labs' OpenID PIP (Personal Identity Provider) beta, offering many useful features for online identity authentication; and my recent redesign of the algorithms behind GRC's popular Perfect Passwords page.
26 MB6.4 MB4.5 KB69 KB41 KB101 KB

Episode #106 | 23 Aug 2007 | 64 min.
Listener Mailbag #2

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.
31 MB7.8 MB2.1 KB95 KB60 KB120 KB

Episode #105 | 16 Aug 2007 | 62 min.
Firewall LeakTesting

Leo and I discuss the history, purpose, and value of personal firewall leaktesting. We examine the myriad techniques clever developers have found for accessing the Internet and sending data out of PCs even when those PCs are being protected by outbound-blocking personal firewalls.
30 MB7.6 MB3.1 KB74 KB49 KB100 KB

Episode #104 | 09 Aug 2007 | 70 min.
Listener Feedback Q&A #22

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
34 MB8.5 MB2.1 KB114 KB65 KB126 KB

Episode #103 | 02 Aug 2007 | 51 min.
PayPal Security Key

Leo and I talk with Michael Vergara, PayPal's Director of Account Protections, to learn everything they can about the PayPal security key effort and its probable future.
25 MB6.3 MB2.1 KB85 KB49 KB113 KB

Episode #102 | 26 July 2007 | 78 min.
Listener Mailbag #1

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.
38 MB9.4 MB3.2 KB119 KB68 KB129 KB

Episode #101 | 19 July 2007 | 83 min.
Are You Human?

Leo and I explore the Internet's rapidly growing need to automatically differentiate human from non-human automated clients. We discuss the advantages and limitations of many past and current approaches to this problem while paying close attention to the most commonly used visual 'CAPTCHA' solutions.
40 MB10 MB4.8 KB112 KB67 KB127 KB

Episode #100 | 12 July 2007 | 60 min.
Listener Feedback Q&A #21

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.8 MB2.1 KB92 KB57 KB118 KB

Episode #99 | 05 July 2007 | 53 min.
Trusted Platform Module (TPM)

Leo and I explain the virtues and misbegotten negative reputation of the entirely benign and extremely useful emergent crypto facility known as the "Trusted Platform Module."
25 MB6.4 MB2.1 KB74 KB43 KB104 KB

Episode #98 | 28 June 2007 | 49 min.
Internet Identity Metasystems

Leo and I discuss the user experience and operation of Microsoft's "CardSpace" technology which hopes to completely change the way users identify themselves on the Internet by doing away with traditional usernames and passwords.
24 MB6 MB2.1 KB65 KB37 KB97 KB

Episode #97 | 21 June 2007 | 46 min.
Operation: Bot Roast

Leo and I discuss the recent news of the FBI's announced crackdown and pursuit of 'bot-herders' who individually control networks of remote control DoS and Spam zombies numbering in the many tens of thousands.
22 MB5.7 MB2.1 KB53 KB34 KB92 KB

Episode #96 | 14 June 2007 | 75 min.
Listener Feedback Q&A #20

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB9.3 MB2.1 KB116 KB69 KB131 KB

Episode #95 | 07 June 2007 | 52 min.
OpenID

Leo and I examine the open, platform agnostic, license free, OpenID secure Internet identity authentication system which is rapidly gaining traction within the Internet community. It may well be the "single sign-on" solution that will simplify and secure our use of the world wide web.
25 MB6.3 MB3.4 KB63 KB41 KB101 KB

Episode #94 | 31 May 2007 | 54 min.
The Fourth Factor

Having discussed the first three "factors" in multifactor authentication (something you know, something you have, something you are), Leo and I explore aspects of the power and problems with the fourth factor, "someone you know."
26 MB6.6 MB2.5 KB63 KB37 KB98 KB

Episode #93 | 24 May 2007 | 72 min.
Microsoft Patent Wars

Leo and I tackle the past, present and future of software patents. Our discussion of this non-security topic was triggered by Microsoft's recent declaration that since free and open source software (FOSS) was infringing at least 235 of their software patents, someone ought to be paying them.
35 MB8.9 MB2.1 KB94 KB57 KB117 KB

Episode #92 | 17 May 2007 | 61 min.
Listener Feedback Q&A #19

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB7.5 MB2.1 KB94 KB55 KB116 KB

Episode #91 | 10 May 2007 | 81 min.
Marc Maiffret   (pronounced "may-fray")

Leo and I talk with Marc Maiffret, co-founder of eEye Digital Security of Aliso Viejo, California. eEye has perhaps done more forensic and vulnerability testing research to increase the remote security of Windows than any other group, including Microsoft. They continue to find and report an amazing number of Windows security vulnerabilities.
39 MB9.9 MB2.1 KB105 KB78 KB134 KB

Episode #90 | 03 May 2007 | 61 min.
Multifactor Authentication

Leo and I discuss the theory and practice of multifactor authentication which uses combinations of "something you know," "something you have," and "something you are" to provide stronger remote authentication than traditional, unreliable single-factor username and password authentication.
30 MB7.5 MB2.1 KB89 KB51 KB112 KB

Episode #89 | 26 Apr 2007 | 46 min.
Even More Badly Broken WEP

Leo and I review the operation of wireless network security and discuss in detail the operation of the latest attack on the increasingly insecure WEP encryption system. This new technique allows any WEP-protected WiFi network's secret cryptographic key to be discovered in less than 60 seconds.
22 MB5.6 MB2.6 KB62 KB36 KB97 KB

Episode #88 | 19 Apr 2007 | 57 min.
Listener Feedback Q&A #18

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
27 MB6.8 MB2.1 KB77 KB50 KB110 KB

Episode #87 | 12 Apr 2007 | 45 min.
SQL Injection Exploits

Leo and I wrap up our three-part series on web-based code injection vulnerabilities and exploitation with a discussion web-based structured query language (SQL) database attacks. We explain why and how SQL injection vulnerabilities are creating an ongoing plague of vulnerabilities besetting modern 'Web 2.0' applications.
22 MB5.6 MB3.4 KB58 KB36 KB96 KB

Episode #86 | 05 Apr 2007 | 61 min.
Cross-Site Scripting

In this second installment of our three-part coverage of web-based remote code injection, Leo and I discuss cross-site scripting vulnerabilities and exploits. I quickly read through the 28 vulnerabilities discovered in popular software just during the previous month and discusses the nature of the threat and challenge facing authors of modern 'dynamic' web sites and services.
30 MB7.5 MB3.1 KB81 KB55 KB116 KB

Episode #85 | 29 Mar 2007 | 58 min.
Intro to Web Code Injection

Leo and I begin a three-episode series to discuss and examine web-based remote code injection exploits. Commonly known as 'Cross-Site Scripting' and 'SQL Injection,' these exploits are growing in popularity and strength as hackers discover increasingly clever ways to exploit subtle defects in next-generation web-based applications.
26 MB6.6 MB2.4 KB73 KB47 KB108 KB

Episode #84 | 22 Mar 2007 | 62 min.
Listener Feedback Q&A #17

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB7.6 MB2.1 KB107 KB63 KB126 KB

Episode #83 | 15 Mar 2007 | 50 min.
UAC in Depth

Leo and I wrap up our quest to get Windows Wi-Fi to 'Maintain Full Radio Silence' by adding one additional important tweak to Windows settings. Then we discuss the detailed security implications, now and in the future, of Vista's new and powerful user account control (UAC) system.
24 MB6.1 MB3.4 KB81 KB43 KB101 KB

Episode #82 | 08 Mar 2007 | 45 min.
Cyber Warfare

Leo and I discuss the interesting topic of state-sponsored Cyber Warfare. While born through the imagination of science fiction writers, the reality of international, inter-nation cyber combat is fiction no longer.
22 MB5.5 MB3.3 KB61 KB41 KB101 KB

Episode #81 | 01 Mar 2007 | 55 min.
Hard Drive Unreliability

Leo and I discuss the distressing results and implications of two recent very large population studies (more than 100,000 drives each) of hard drive field failures. Google and Carnegie Mellon University (CMU) both conducted and submitted studies for the recent 5th USENIX conference on File and Storage Technologies.
27 MB6.6 MB4.3 KB86 KB51 KB110 KB

Episode #80 | 22 Feb 2007 | 76 min.
Listener Feedback Q&A #16

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
36 MB9.1 MB2.7 KB124 KB75 KB140 KB

Episode #79 | 15 Feb 2007 | 61 min.
Backtracking Spoofed Spam eMail

Leo's 'TWiT.tv' and my 'GRC.com' domains are used by spambots which spoof their domains as the source of bogus eMail. This week they discuss the details of eMail "Received:" headers and explain how the examination of those headers can penetrate any spoofing to reveal the true originating IP of any spoofed spam eMail.
30 MB7.5 MB2.2 KB87 KB53 KB113 KB

Episode #78 | 08 Feb 2007 | 40 min.
DEP in Depth

With our new SecurAble freeware now launched, Leo and I discuss the full impact and importance of hardware DEP technology. I explain why I believe that hardware DEP is the single most important Internet-related security technology developed so far.
20 MB5.0 MB2.1 KB53 KB35 KB95 KB

Episode #77 | 01 Feb 2007 | 61 min.
Microsoft on Vista DRM

In episode #74 Peter Gutmann shared his concerns and fears about the system-wide consequences and impact of the digital rights management (DRM) Microsoft has built deeply into Vista. Microsoft's Vista Team responded with a comprehensive Blog posting which Leo and I read and examine this week.

Here is the blog posting we used as our source:

Windows Vista Content Protection - Twenty Questions (and Answers)
30 MB7.5 MB2.2 KB100 KB59 KB120 KB

Episode #76 | 25 Jan 2007 | 61 min.
Listener Feedback Q&A #15

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB7.5 MB2.1 KB98 KB59 KB122 KB

Episode #75 | 18 Jan 2007 | 50 min.
Vista DRM Wrap-Up & Announcing “SecurAble”

Following last week's guest appearance by Peter Gutmann, Leo and I wrap up the topic of Vista's new, deep, and pervasive Digital Rights Management (DRM) system. I also announce the completion and availability of GRC's latest freeware: “SecurAble.”

Click this link for Securable's web page.
24 MB6.1 MB2.0 KB81 KB44 KB106 KB

Episode #74 | 11 Jan 2007 | 50 min.
Peter Gutmann on Vista DRM

Peter Gutmann, the author of the highly controversial white paper detailing the significant cost of Windows Vista's deeply-entrenched digital rights management (DRM) technology, joins Leo and me this week to discuss his paper and his findings.
24 MB6.1 MB2.3 KB72 KB50 KB110 KB

Episode #73 | 04 Jan 2007 | 65 min.
Digital Rights Management (DRM)

In preparation for next week's look at how and why Windows Vista has incorporated the most pervasive and invasive system for digital rights management ever created, AACS, Leo and I first take a step back to survey the history and evolution of media property rights and the technologies used to enforce them.
32 MB8.0 MB2.1 KB79 KB54 KB113 KB

• Current Podcast Page
• Security Now 2014
• Security Now 2013
• Security Now 2012
• Security Now 2011
• Security Now 2010
• Security Now 2009
• Security Now 2008
• Security Now 2007
• Security Now 2006
• Security Now 2005




You can receive an eMail reminder whenever this page is updated with a new Security Now! episode. Click the "Monitor Changes" button to have the highly-regarded "Change Detection" web site monitor this page and send you a note when it changes.

Monitor this page for changes: (it's private by ChangeDetection)
Security Now!, SpinRite Testimonials, and other Feedback:
Please use GRC's Visitor & Listener FEEDBACK Page where you may easily submit any feedback for Security Now, SpinRite testimonials, suggestions for future Security Now topics or questions & comments for future Listener Feedback episodes. Thank you!

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Jan 02, 2015 at 16:07 (814.97 days ago)Viewed 9 times per day