https





Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I take 30 to 90 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A web page with any supplementary notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #176 | 25 Dec 2008 | 64 min.
Drop My Rights

Leo and I delve into the inner workings of a free, easy to use and useful yet unknown Microsoft utility known as "DropMyRights." It can be used to easily run selected, dangerous Internet-facing applications - such as your web browser and email client - under reduced, safer non-administrative privileges while everything else in the system runs unhampered.
31 MB 7.7 MB 3.7 KB 81 KB 49 KB 94 KB

Episode #175 | 18 Dec 2008 | 86 min.
Listener Feedback #56

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 10 MB 149 KB 81 KB 143 KB

Episode #174 | 11 Dec 2008 | 60 min.
Sandbox Limitations

Having described “Sandboxie” and Virtual Machine sandboxing utilities in the past, Leo and I discuss the limitations of any sort of sandboxing for limiting the negative impacts of malware on a user's privacy and system's security.
29 MB 7.2 MB 69 KB 46 KB 90 KB

Episode #173 | 04 Dec 2008 | 105 min.
Listener Feedback #55

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
51 MB 13 MB 160 KB 90 KB 158 KB

Episode #172 | 27 Nov 2008 | 90 min.
Sandboxie

Leo and I return to take a much closer look at “Sandboxie,” an extremely useful, powerful, and highly recommended Windows security tool we first mentioned two years ago. This time, after interviewing Sandboxie's creator, Ronen Tzur, I explain why I am totally hooked and why Leo is wishing it was available for his Macs.
43 MB 11 MB 114 KB 71 KB 128 KB

Episode #171 | 20 Nov 2008 | 88 min.
Listener Feedback #54

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 11 MB 109 KB 71 KB 126 KB

Episode #170 | 13 Nov 2008 | 103 min.
The TKIP Hack

Leo and I begin with a refresher on WEP, the original technology of WiFi encryption. With that fresh background, we then tackle the detailed explanation of every aspect of the recently revealed very clever hack against the TKIP security protocol. TKIP is the older and less secure of the two security protocols offered within the WPA and WPA2 WiFi Alliance certification standards.
50 MB 12 MB 122 KB 77 KB 136 KB

Episode #169 | 06 Nov 2008 | 93 min.
Listener Feedback #53

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
30 MB 11 MB 114 KB 76 KB 135 KB

Episode #168 | 30 Oct 2008 | 57 min.
ClickJacking

Leo and I discuss yet another challenge to surfing safely in the web world: Known as “ClickJacking,” or more formally as “UI Redressing,” this class of newly popular threats tricks web users into performing web-based actions they don't intend by leading them to believe they are doing something else entirely.
27 MB 6.9 MB 4.9 KB 76 KB 44 KB 89 KB

Episode #167 | 23 Oct 2008 | 89 min.
Listener Feedback #52

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 124 KB 73 KB 133 KB

Episode #166 | 16 Oct 2008 | 75 min.
Cross-Site Request Forgery

Leo and I discuss the week's security events, then we address another fundamental security and privacy concern inherent in the way web browsers and web-based services operate: Using “Cross-Site Request Forgery” (CSRF), malicious pranksters can cause your web browser to do their bidding using your authentication.
36 MB 9 MB 107 KB 58 KB 112 KB

Episode #165 | 09 Oct 2008 | 108 min.
Listener Feedback #51

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 151 KB 91 KB 158 KB

Episode #164 | 02 Oct 2008 | 97 min.
SockStress

Leo and I discuss a class of newly disclosed vulnerabilities reported to exist in many operating systems' implementations of the fundamental TCP protocol. Two security researchers, claiming that they could not get anyone's attention (after less than one month), disclosed far too much information in a recent audio interview — leaving little to the imagination — and exposing the Internet to a new class of DoS attacks. They'll certainly get attention now. (See this episode's Show Notes for many additional links.)
47 MB 12 MB 12 KB 117 KB 76 KB 133 KB

Episode #163 | 25 Sep 2008 | 97 min.
GoogleUpdate & DNS Security

Leo and I wrap up the loose ends from last week's final Q&A question regarding the self-removal of the GoogleUpdate system following the removal of Google's Chrome web browser, then we discuss the operation and politics of upgrading the Internet's entire DNS system to fully secure operation.
47 MB 12 MB 129 KB 77 KB 138 KB

Episode #162 | 18 Sep 2008 | 89 min.
Listener Feedback #50

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 133 KB 76 KB 138 KB

Episode #161 | 11 Sep 2008 | 75 min.
Google's Chrome

Leo and I examine Google's new “Chrome” web browser. Leo likes Chrome and attempts to defend it as being just a beta release; but, while I am impressed by the possibilities created by Chrome's underlying architecture, I'm extremely unimpressed by its total lack of critically important security and privacy features.
36 MB 9 MB 115 KB 63 KB 118 KB

Episode #160 | 04 Sep 2008 | 87 min.
Listener Feedback #49

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 10 MB 132 KB 76 KB 137 KB

Episode #159 | 28 Aug 2008 | 95 min.
Vista Security Bypass

Steve and Leo discuss some recent revelations made by two talented security researchers during their presentation at the Black Hat conference. Steve explains how, why, and where the much touted security improvements introduced in the Windows Vista operating system fail to prevent the exploitation of unknown security vulnerabilities.
36 MB 9.1 MB 101 KB 60 KB 113 KB

Episode #158 | 21 Aug 2008 | 93 min.
Listener Feedback #48

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB 11 MB 144 KB 80 KB 143 KB

Episode #157 | 14 Aug 2008 | 74 min.
DNS — After the Patch

Leo and I follow-up on the recent industry-wide events surrounding the discovery, partial repair, and disclosure of the serious (and still somewhat present) "spoofability flaw" in the Internet's DNS protocol. We also examine what more can be done to make DNS less spoofable.
36 MB 8.9 MB 3.3 KB 107 KB 61 KB 115 KB

Episode #156 | 07 Aug 2008 | 84 min.
Listener Feedback #47

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 119 KB 72 KB 133 KB

Episode #155 | 31 Jul 2008 | 103 min.
Bailiwicked Domain Attack

Steve and Leo discuss the deeply technical and functional aspects of DNS, with a view toward explaining exactly how the recently discovered new DNS cache poisoning attacks are able to cause users' browsers to be undetectably redirected to malicious phishing sites.
49 MB 12 MB 2.5 KB 131 KB 78 KB 137 KB

Episode #154 | 24 Jul 2008 | 88 min.
Listener Feedback #46

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
42 MB 11 MB 119 KB 73 KB 131 KB

Episode #153 | 17 Jul 2008 | 62 min.
DePhormed Politics

Leo and I conclude our coverage of the serious privacy invasion threat from the Phorm system with a discussion with Alexander Hanff, a technologist and activist located in the United Kingdom, who has been at the center of the public outcry against this invasive technology.
30 MB 7.5 MB 2.6 KB 77 KB 50 KB 95 KB

Episode #152 | 10 Jul 2008 | 83 min.
Listener Feedback #45

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 120 KB 71 KB 129 KB

Episode #151 | 03 Jul 2008 | 107 min.
Phracking Phorm

Leo and I continue our discussion of “ISP Betrayal” with a careful explanation of the intrusive technology created by Phorm and currently threatening to be deployed by ISPs, for profit, against their own customers.
51 MB 13 MB 162 KB 89 KB 158 KB

Episode #150 | 26 Jun 2008 | 91 min.
Listener Feedback #44

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
44 MB 11 MB 121 KB 73 KB 131 KB

Episode #149 | 19 Jun 2008 | 67 min.
ISP Betrayal

In this first of two episodes, Steve and Leo discuss the disturbing new trend of Internet Service Providers (ISPs) allowing the installation of customer-spying hardware into their networks for the purpose of profiling their customers' behavior and selling this information to third-party marketers.
32 MB 8.1 MB 81 KB 52 KB 98 KB

Episode #148 | 12 Jun 2008 | 100 min.
Listener Feedback #43

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
48 MB 12 MB 142 KB 86 KB 151 KB

Episode #147 | 05 Jun 2008 | 57 min.
Microsoft's Baseline Security Analyzer

Leo and I discuss the recent hacker takeover of the Comcast domain, then examine two very useful free security tools offered by Microsoft: the Baseline Security Analyzer (MBSA) and the Microsoft Security Assessment Tool (MSAT).
27 MB 6.8 MB 2.3 KB 80 KB 47 KB 92 KB

Episode #146 | 29 May 2008 | 90 min.
Listener Feedback #42

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
43 MB 11 MB 138 KB 78 KB 140 KB

Episode #145 | 22 May 2008 | 51 min.
Secunia's PSI

Leo and I focus upon a comprehensive and highly recommended free software security vulnerability scanner called "PSI," Personal Software Inspector. Where anti-viral scanners search a PC for known malware, PSI searches for known security vulnerabilities appearing in tens of thousands of known programs. Everyone should run this small program! You'll be surprised by what it finds.
25 MB 6.2 MB 2.3 KB 83 KB 45 KB 91 KB

Episode #144 | 15 May 2008 | 85 min.
Listener Feedback #41

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 131 KB 77 KB 137 KB

Episode #143 | 08 May 2008 | 84 min.
YubiKey

Leo and I delve into the detailed operation of the YubiKey, the coolest new secure authentication device I discovered at the recent RSA Security Conference. Our special guest during the episode is Stina Ehrensvrd, CEO and Founder of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for this cool new technology.
41 MB 10 MB 3.2 KB 127 KB 73 KB 134 KB

Episode #142 | 01 May 2008 | 76 min.
Listener Feedback #40

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
37 MB 9.2 MB 2.4 KB 107 KB 65 KB 119 KB

Episode #141 | 24 Apr 2008 | 91 min.
RSA Conference 2008

Leo and I discuss recent security news; then I describe the week I spent at the 2008 annual RSA security conference, including my chance but welcome discovery of one very cool new multifactor authentication solution.
44 MB 11 MB 3.2 KB 136 KB 72 KB 134 KB

Episode #140 | 17 Apr 2008 | 98 min.
Listener Feedback #39

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
47 MB 12 MB 150 KB 87 KB 152 KB

Episode #139 | 10 Apr 2008 | 81 min.
Network Congestion

Leo and I discuss an aspect of the "cost" of using the Internet - a packetized global network which (only) offers "best effort" packet delivery service. Since "capacity" is the cost, not per-packet usage, the cost is the same whether the network is used or not. But once it becomes "overused" the economics change since "congestion" results in a sudden loss of network performance.
39 MB 9.8 MB 93 KB 62 KB 118 KB

Episode #138 | 03 Apr 2008 | 66 min.
Listener Feedback #38

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB 10 MB 108 KB 68 KB 125 KB

Episode #137 | 27 Mar 2008 | 66 min.
RAM Hijacks

Leo and I plow into the detailed operation of static and dynamic RAM memory to give some perspective to the recent Princeton research that demonstrated that dynamic RAM (DRAM) does not instantly "forget" everything when power is removed. They examine the specific consequences of various forms of physical access to system memory.
32 MB8 MB2.2 KB81 KB51 KB98 KB

Episode #136 | 20 Mar 2008 | 86 min.
Listener Feedback #37

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
41 MB 10 MB 2.2 KB 122 KB 76 KB 137 KB

Episode #135 | 13 Mar 2008 | 77 min.
IronKey

Leo and I spend 45 terrific minutes speaking with David Jevans, Ironkey's CEO and founder, about the inner workings and features of their truly unique security-hardened cryptographic hardware USB storage device.
37 MB9.3 MB2.2 KB115 KB72 KB132 KB

Episode #134 | 06 Mar 2008 | 84 min.
Listener Feedback #36

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
40 MB10 MB2.2 KB122 KB72 KB123 KB

Episode #133 | 28 Feb 2008 | 69 min.
TrueCrypt v5.0

In this second half of our exploration of whole-drive encryption, Leo and I discuss the detailed operation of the new version 5.0 release of TrueCrypt, which offers whole-drive encryption for Windows.
33 MB8.3 MB2.2 KB93 KB57 KB108 KB

Episode #132 | 21 Feb 2008 | 94 min.
Listener Feedback #35

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
45 MB11 MB2.2 KB142 KB86 KB135 KB

Episode #131 | 14 Feb 2008 | 69 min.
FREE CompuSec

In this first of our two-part exploration of the world of whole-drive encryption, Leo and I begin by discussing the various options and alternatives, then focus upon one excellent, completely free, and comprehensive security solution known as "FREE CompuSec."
33 MB8.3 MB2.1 KB85 KB55 KB106 KB

Episode #130 | 07 Feb 2008 | 97 min.
Listener Feedback #34

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
50 MB13 MB2.1 KB164 KB93 KB145 KB

Episode #129 | 31 Jan 2008 | 39 min.
Windows SteadyState

Leo and I examine and discuss Microsoft's "Windows SteadyState," an extremely useful, free add-on for Windows XP that allows Windows systems to be "frozen" (in a steady state) to prevent users from making persistent changes to ANYTHING on the system.
19 MB4.7 MB3.3 KB55 KB35 KB89 KB

Episode #128 | 24 Jan 2008 | 73 min.
Listener Feedback #33

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
35 MB8.8 MB2.7 KB115 KB67 KB119 KB

Episode #127 | 17 Jan 2008 | 48 min.
Corporate Security

Leo and I discuss the week's major security events, then use a listener's story of his organization's security challenges to set the stage for our discussion of the types of challenges corporations face in attempting to provide a secure computing environment.
23 MB5.9 MB2.1 KB68 KB41 KB95 KB

Episode #126 | 10 Jan 2008 | 101 min.
Listener Feedback #32

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB4.1 KB144 KB89 KB137 KB

Episode #125 | 03 Jan 2008 | 67 min.
Symmetric Ciphers

Steve explains, very carefully and clearly this time, why and how multiple encryption increases security. Steve also carefully and in full detail explains the operation of the new global encryption AES cipher: Rijndael.
32 MB8.1 MB2.1 KB79 KB49 KB101 KB



You can receive an eMail reminder whenever this page is updated with a new Security Now! episode. Click the "Monitor Changes" button to have the highly-regarded "Change Detection" web site monitor this page and send you a note when it changes.

Monitor this page for changes: (it's private by ChangeDetection)
Security Now!, SpinRite Testimonials, and other Feedback:
Please use GRC's Visitor & Listener FEEDBACK Page where you may easily submit any feedback for Security Now, SpinRite testimonials, suggestions for future Security Now topics or questions & comments for future Listener Feedback episodes. Thank you!

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: May 04, 2013 at 18:12 (347.11 days ago)Viewed 15 times per day