Our weekly audio security column & podcast by Steve Gibson and Leo Laporte

TechTV's Leo Laporte and I take 30 to 90 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.  You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .  Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.  Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.  Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.  And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.

Episode Archive Each episode has SIX resources: High quality 64 kbps mp3 audio file Quarter size, bandwidth-conserving, 16 kbps (lower quality) mp3 audio file A web page with any supplementary notes A web page text transcript of the episode A simple text transcript of the episode Ready-to-print PDF (Acrobat) transcript   (Note that the text transcripts will appear a few hours later than the audio files since they are created afterwards.) For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

The Rational Rejection of Security Advice Leo and I turn everything around this week to question the true economic value of security advice. We consider the various non-zero costs to the average, non-Security Now! listener. We compare those real costs with the somewhat unclear and uncertain benefits of going to all the trouble of following, sometimes painful, maximum security advice. 35 MB 8.6 MB 107 KB 60 KB 118 KB

Listener Feedback #82 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 41 MB 10 MB 121 KB 75 KB 137 KB

Cyberwarfare Leo and I examine the amorphous and difficult-to-grasp issue of nation-state sponsored cyberwarfare. We examine what it means when nations awaken to the many nefarious ways the global Internet can be used to gain advantage against international competitors and adversaries. 29 MB 7.2 MB 87 KB 49 KB 99 KB

Listener Feedback #81 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 32 MB 7.9 MB 116 KB 62 KB 123 KB

“Same Origin” Troubles This week Leo and I plow into the little understood and even less known problems that arise when user-provided content — postings, photos, videos, etc. — are uploaded to trusted web sites from which they are then subsequently served to other web users. 35 MB 8.7 MB 115 KB 62 KB 121 KB

Listener Feedback #80 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 36 MB 9.0 MB 114 KB 66 KB 127 KB

A security vulnerability in SSL This week Leo and I plow into a recently discovered serious vulnerability in the fundamental SSL protocol that provides virtually all of the Internet's communications security: SSL - the Secure Sockets Layer. I explain exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client's credentials. (That's not good.) 38 MB 10 MB 93 KB 61 KB 114 KB

Listener Feedback #79 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 47 MB 12 MB 150 KB 87 KB 159 KB

The Oxymoron of “JavaScript Security” This week Leo and I are joined by author (The Geek Atlas) and software developer John Graham-Cumming to discuss many specific concerns about the inherent, designed-in, insecurity of our browser's JavaScript scripting language. Now 14 years old, JavaScript was never meant for today's high-demand Internet environment — and it's having problems. John's original presentation slides in Microsoft PowerPoint and PDF formats. 34 MB 8.5 MB 103 KB 68 KB 127 KB

Listener Feedback #78 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 36 MB 9.0 MB 119 KB 65 KB 126 KB

Badly Broken Browsing In preparation for episode #221's guest, John Graham-Cumming, who will take us on a detailed walk-through of the JavaScript language's security problems, this week Leo and I examine the sad and badly broken state of web browsing in general, and how we got to where we are. 28 MB 6.9 MB 97 KB 51 KB 106 KB

Listener Feedback #77 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 39 MB 10 MB 110 KB 67 KB 129 KB

The Fundamentally Broken Browser Model Alex and I discuss the serious security problems created by the way SSL connections are specified by non-secured web pages, and how easily a “man in the middle” attack can compromise this amazingly weak web-based security. 42 MB 11 MB 87 KB 69 KB 121 KB

Listener Feedback #76 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 45 MB 11 MB 152 KB 85 KB 159 KB

Security Maxims Leo and I discuss the first portion of a collection of pithy and apropos "Security Maxims" that were assembled by a member of the Argonne Vulnerability Assessment Team at the Nuclear Engineering Division of the Argonne National Laboratory, U.S. Department of Energy. They're great! 43 MB 11 MB 119 KB 61 KB 124 KB

Listener Feedback #75 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 43 MB 11 MB 134 KB 78 KB 145 KB

Cracking GSM Cellphones Leo and I discuss the state of GSM (Global System of Mobile communications) cracking. I show where to purchase the required hardware, from where to download the software, and just how easy and practical it has become to "crack" the old and very weak "security" employed by the three billion cellphones now in worldwide use. 33 MB 8.2 MB 94 KB 55 KB 109 KB

Listener Feedback #74 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 58 MB 15 MB 178 KB 102 KB 184 KB

Voting Machine Hacking This week Leo and I describe the inner workings of one of the best designed and apparently most secure electronic voting machines — currently in use in the United States — and how a group of university researchers hacked it without any outside information to create a 100% stealth vote stealing system. 37 MB 9.3 MB 92 KB 58 KB 109 KB

Listener Feedback #73 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 25 MB 6.2 MB 78 KB 43 KB 91 KB

Vitamin D Leo and I kick off the podcast's fifth year with a rare off-topic discussion of something I have been researching for the past eight weeks and passionately believe everyone needs to know about: Vitamin D. After next week's Q&A, the podcast will return to topics of Internet security. Steve's “Vitamin D” Research page: https://www.grc.com/health/Vitamin-D.htm 50 MB 13 MB 112 KB 80 KB 142 KB

Listener Feedback #72 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 59 MB 15 MB 196 KB 106 KB 195 KB

Listener Feedback #71 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 50 MB 13 MB 169 KB 94 KB 172 KB

Mega Security News Update A LOT of security news transpired during the three previous weeks since Steve and Leo last recorded live. So instead of the regularly scheduled Q&A episode (which is moved to next week), today they catch up with this week's "mega security news update." 43 MB 11 MB 155 KB 74 KB 147 KB

Lempel & Ziv Leo and I examine the operation of one of the most prevalent computer algorithm inventions in history: Lempel-Ziv data compression. Variations of this invention form the foundation of all modern data compression technologies. 22 MB 5.5 MB 57 KB 35 KB 76 KB

Listener Feedback #70 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 34 MB 8.6 MB 96 KB 63 KB 119 KB

Boyer & Moore Leo and I explore the invention of the best, and very non-intuitive, means for "string searching" - finding a specific pattern of bytes within a larger buffer. This is crucial not only for searching documents but also for finding viruses hidden within a computer's file system. 31 MB 7.9 MB 89 KB 49 KB 100 KB

Listener Feedback #69 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 30 MB 7.5 MB 98 KB 54 KB 110 KB

SecureZIP Leo and I examine the operation, features, and security of PKWARE's FREE SecureZIP file archiving and encrypting utility. This very compelling and free offering implements a complete PKI (Public Key Infrastructure) system with per-user/per-installation certificates, public and private keys, secure encryption, digital signing, and other security features we have discussed during previous podcasts. 24 MB 6.0 MB 71 KB 37 KB 83 KB

Listener Feedback #68 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 52 MB 13 MB 162 KB 95 KB 171 KB

The Geek Atlas, IPv6 & a non-VPN Steve and Leo explore three topics this week: A terrific new book for geeks and non-geeks alike, the uncertain future of IPv6 (and a few cautions about rushing to adoption) and a idea Steve has been mulling around for a "lightweight" means for making secure Internet connections with a VPN tunnel. 43 MB 11 MB 116 KB 70 KB 131 KB

Listener Feedback #67 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 58 MB 15 MB 215 KB 107 KB 197 KB

Windows 7 Security This week, Leo and I discuss the changes, additions and enhancements Microsoft has made to the security of their forthcoming release of Windows 7. 40 MB 10 MB 107 KB 65 KB 123 KB

Listener Feedback #66 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 58 MB 15 MB 187 KB 109 KB 188 KB

The SSL/TLS Protocol Leo and I plow into the detailed operation of the Internet's most-used security protocol, originally called "SSL" and now evolved into "TLS." The security of this crucial protocol protects all of our online logins, financial transactions, and pretty much everything else. 41 MB 10 MB 92 KB 59 KB 110 KB

Listener Feedback #65 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 37 MB 9.1 MB 118 KB 67 KB 124 KB

Conficker Steve and Leo discuss the week's security news; then they closely examine the detailed operation and evolution of "Conficker," the most technically sophisticated worm the Internet has ever encountered. 50 MB 13 MB 120 KB 77 KB 136 KB

Listener Feedback #64 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 45 MB 11 MB 127 KB 82 KB 145 KB

GhostNet Steve and Leo begin by discussing the week's security news. Then Steve carefully and completely describes the construction and operation of a worldwide covert cyberspace intelligence gathering network, operating in 103 countries, that was named "GhostNet" by its Canadian discoverers. 32 MB 7.9 MB 89 KB 53 KB 101 KB

Listener Feedback #63 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 51 MB 13 MB 165 KB 90 KB 161 KB

Internet Explorer 8 Leo and I closely examine and discuss Microsoft's just released major version 8 of Internet Explorer. Having studied this major new web browser version closely, I examine the many new features and foibles from the standpoint of its short- and long-term impact on Internet security. 36 MB 8.9 MB 101 KB 62 KB 116 KB

Listener Feedback #62 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 48 MB 12 MB 149 KB 84 KB 150 KB

Windows Autorun-around Leo and I discuss the inglorious past of Windows Autorun. We explain how, until recently, disabling "Autorun" never really worked, how Microsoft hoped to fix it while bringing minimal attention to the problem, and how Microsoft's documentation of their recent fix still "got it wrong." 34 MB 8.5 MB 100 KB 55 KB 106 KB

Listener Feedback #61 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 41 MB 10 MB 117 KB 72 KB 132 KB

Cryptographic HMACs Leo and I discuss the role, importance and operation of cryptographically-keyed message digest algorithms and their use to securely authenticate messages: Hashed Messages Authentication Codes. 39 MB 10 MB 109 KB 66 KB 121 KB

Listener Feedback #60 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 50 MB 13 MB 197 KB 106 KB 188 KB

Modes of Encryption In preparation for a deep and detailed discussion of the Secure Sockets Layer (SSL) protocol, Steve and Leo first establish some formal crypto theory and practice of encryption operating modes. 42 MB 11 MB 128 KB 69 KB 127 KB

Listener Feedback #59 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 50 MB 13 MB 162 KB 90 KB 159 KB

Crypto Rehash Before tackling the complete description of the operation of the SSL (Secure Socket Layer) protocol, this week Leo and I take a step back to survey and review much of the cryptographic material we have covered during past 3+ years of podcasts. 32 MB 8 MB 93 KB 52 KB 102 KB

Listener Feedback #58 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 40 MB 10 MB 128 KB 72 KB 132 KB

Cracking Security Certificates Steve and Leo delve into the detailed inner workings of security certificates upon which the Internet depends for establishing the identity of users, websites, and other remote entities. After establishing how certificates perform these functions, Steve describes how a team of security researchers successfully cracked this "uncrackable" security to create fraudulent identifications. 38 MB 9.4 MB 99 KB 62 KB 114 KB

Listener Feedback #57 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. 32 MB 8 MB 109 KB 62 KB 115 KB

Breaking SSL, PDP-8's & UltraCapacitors Leo and I discuss the newly discovered cracks in SSL (Secure Sockets Layer), Antique PDP-8 minicomputers, a new PDP-8 kit you can build, and the importance of next generation UltraCapacitors. 57 MB 14 MB 13 KB 190 KB 97 KB 175 KB

• Current Podcast Page
• Security Now 2022
• Security Now 2021
• Security Now 2020
• Security Now 2019
• Security Now 2018
• Security Now 2017
• Security Now 2016
• Security Now 2015
• Security Now 2014
• Security Now 2013
• Security Now 2012
• Security Now 2011
• Security Now 2010
• Security Now 2009
• Security Now 2008
• Security Now 2007
• Security Now 2006
• Security Now 2005

You can receive an eMail reminder whenever this page is updated with a new Security Now! episode. Click the "Monitor Changes" button to have the highly-regarded "Change Detection" web site monitor this page and send you a note when it changes. Monitor this page for changes:  (it's private by ChangeDetection) Security Now!, SpinRite Testimonials, and other Feedback: Please use GRC's Visitor & Listener FEEDBACK Page where you may easily submit any feedback for Security Now, SpinRite testimonials, suggestions for future Security Now topics or questions & comments for future Listener Feedback episodes. Thank you! https://www.grc.com/feedback

Gibson Research Corporation is owned and operated by Steve Gibson.  The contents of this page are Copyright (c) 2022 Gibson Research Corporation. SpinRite, ShieldsUP, NanoProbe, and any other indicated trademarks are registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.