Security Now! - 2005

Episode 1 - How a never-disclosed Windows vulnerability was quickly reverse-engineered from the patches to fix it and turned into more than 12 potent and damaging Internet worms in three days. What does this mean for the future of Internet security?

Episode 2 - How Microsoft's “HoneyMonkey” system works, how it finds malicious web sites before they find you, and what Microsoft is doing (and NOT doing) with this valuable security information it is now collecting.

Episode 3 - How and why any simple NAT Router makes a terrific hardware firewall. (And what you must disable to prevent it from being bypassed!)

Episode 4 - Everyone who uses web-based services such as eBay, Amazon, and Yahoo, needs to authenticate their identity with passwords. Password quality is important since easily guessable passwords can be easily defeated. Leo and I recap a bit from last week's program, then discuss passwords. We suggest an approach that anyone can use to easily create unbreakable passwords.

Episode 5 - Our previous episode (#4), which discussed personal password policies, generated so much great listener feedback, thoughts, ideas, and reminders about things we didn't mention, that we decided to wrap up this important topic with a final episode to share listeners' ideas and to clarify some things we left unsaid.

Episode 6 - Triggered by a recent report of three UC Berkeley researchers recovering text typed at a keyboard (any keyboard) after simply listening to ten minutes of typing, Leo and I discuss the weird realm of “alternative information leakage” - from CRTs glowing, to radio emissions, to LED lamps on the front of network equipment…to a microphone listening to anyone typing.

Episode 7 - Any contemporary discussion of threats to Internet security must discuss the history, current situation, and future of spyware. Leo and I spend a little more time than usual covering many aspects of this important topic. DON'T MISS the Episode Notes Page for this episode!

Episode 8 - Distributed Denial of Service (DDoS) attacks are occurring with ever-greater frequency every day. Although these damaging attacks are often used to extort high-profile gaming and gambling sites before major gambling events, attacks are also launched against individual users who do something to annoy “zombie fleet masters” while they are online. Some router and firewall vendors claim that their devices prevent DDoS attacks. Is that possible? What can be done to dodge the bullet of a DDoS attack launched against you while you're online?

Episode 9 - This week we explain “rootkit technology.” We examine what rootkits are, why they have suddenly become a problem, and how that problem is rapidly growing in severity. We also discuss their detection and removal and point listeners to some very effective free rootkit detection solutions.

Episode 10 - Leo and I examine the security and privacy considerations of using non-encrypted (i.e., “Open”) wireless access points at home and in public locations. We discuss the various ways of protecting privacy when untrusted strangers can “sniff” the data traffic flowing to and from your online PC.

Episode 11 - Leo and I answer some questions arising from last week's episode, then plow into a detailed discussion of the lack of security value of MAC address filtering, the futility of disabling SSIDs for security, and the extremely poor security offered by the first-generation WEP encryption system.

Episode 12 - Leo and I discuss details and consequences of Sony Corporation's alarming “Rootkit” DRM (digital rights management) copy protection scheme. This poorly written software unnecessarily employs classic rootkit technology (see episode 9) to hide from its users after installation. It can not be uninstalled easily, it can be easily misused for malicious purposes, and it has been implicated in many repeated BSOD “blue screen of death” PC crashes.

Episode 13 - Leo and I follow up on last week's discussion of the Sony Rootkit debacle with the distressing news of “phoning home” (spyware) behavior from the Sony DRM software, and the rootkit's exploitation by a new malicious backdoor Trojan. We then return to complete our discussion of WiFi security, demystifying the many confusing flavors of WPA encryption and presenting several critical MUST DO tips for WPA users.

Episode 14 - Leo and I first follow-up on the past two episodes, discussing new developments in the continuing Sony Rootkit DRM drama, and some confusion over the crackability of WPA passphrases. Then, in this first of our two-part series on VPNs, we discuss the theory of VPN connections and tunnels, explaining how they work and why they represent such a terrific solution for anyone on the go.

Episode 15 - Leo and I discuss the use of SSL and SSH encrypted tunneling for providing privacy and security whenever an insecure local network is being used - such as at an open WiFi hotspot or when using a hotel's network. These solutions are not transparent and tend to be configuration intensive. They also require the use of a “server” of some sort at the user's home or office. This makes these approaches less suitable for casual users, but offers a solution for the more technically inclined road warriors.

Episode 16 - Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, discuss a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world “application notes” for any of the security technologies we have previously discussed.

Episode 17 - In our continuing exploration of VPN technology for protecting network users on networks they don't control, Leo and I discuss the oldest “original” VPN protocols: Industry standard IPSec, and Microsoft's own PPTP and L2TP/IPSec. We examine and explain the trouble with interconnecting Windows machines to third-party VPN routers and examine the many reasons these older technologies are probably not optimal for on-the-go road warriors.

Episode 18 -This week Leo and I discuss and describe the brand new, ready to emerge from its long development beta phase, ultra-secure, lightweight, high-performance, highly polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system known as “Hamachi.” After two solid weeks of testing and intense dialog with Hamachi's lead developer and designer, I have fully vetted the system's security architecture and have it running on many of my systems. While I am traveling to Toronto this week, Hamachi is keeping my roaming laptop securely and directly connected to all of my machines back home. Don't miss this one!

Episode 19 - Leo and I wrap up our multi-week, in-depth coverage of PC VPN solutions by discussing some aftermath of the zero-configuration Hamachi system; introducing “iPig,” a very appealing new zero-configuration VPN contender; and describing the many faces of OpenVPN, the “Swiss army knife” of VPN solutions.