security_now_2006
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| security_now_2006 [2012/10/18 04:11] – created briancarnell | security_now_2006 [2014/12/04 19:01] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| - | [[Security Now Episode 20]] | + | [[Security Now Episode 20|Episode 20]] - On December 28th a serious new Windows vulnerability appeared and was immediately exploited by a growing number of malicious web sites to install malware. Many worse viruses and worms are expected soon. We start off discussing this, and our show notes provide a quick necessary workaround until Microsoft provides a patch. Then we spend the next 45 minutes answering and discussing interesting listener questions. |
| - | [[Security Now Episode 21]] | + | [[Security Now Episode 21|Episode 21]] - Leo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular - and very necessary - temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond. |
| - | [[Security Now Episode 22]] | + | [[Security Now Episode 22|Episode 22]] - Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn' |
| - | [[Security Now Episode 23]] | + | [[Security Now Episode 23|Episode 23]] - Leo and Steve close the backdoor on the controversial Windows WMF MetaFile Image code Execution (MICE) vulnerability. They discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware - MouseTrap - which determines whether any Windows or Linux/WINE system has ' |
| - | [[Security Now Episode 24]] | + | [[Security Now Episode 24|Episode 24]] - Leo and Steve discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 25]] | + | [[Security Now Episode 25|Episode 25]] - During this 49-minute episode, Leo and Steve briefly discuss the “Kama Sutra” virus that will become destructive on February 3rd. We briefly discuss PC World Magazine' |
| - | [[Security Now Episode 26]] | + | [[Security Now Episode 26|Episode 26]] - During Part 2 of “How the Internet Works,” Leo and Steve briefly review last week's discussion of the ICMP protocol, then discuss the operational details of the Internet' |
| - | [[Security Now Episode 27]] | + | [[Security Now Episode 27|Episode 27]] - Having covered the operation of the Internet' |
| - | [[Security Now Episode 28]] | + | [[Security Now Episode 28|Episode 28]] - Leo and Steve discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 29]] | + | [[Security Now Episode 29|Episode 29]] - Leo and Steve discuss the design, operation, and complete lack of security of Ethernet - the LAN technology that virtually all of the world uses. They explain how this lack of security enables a wide range of serious attacks to be perpetrated by any other machine sharing the same Ethernet - such as in a wireless hotspot, within a corporate network, or even in a wired hotel where the entire hotel is one big exploitable Ethernet LAN. GRC's ARP Cache Poisoning page contains a detailed explanation of these problems with diagrams and links to readily available Ethernet ARP exploitation malware. |
| - | [[Security Now Episode 30]] | + | [[Security Now Episode 30|Episode 30]] - Steve and Leo open their multi-week discussion of the operation and technology of cryptography. This first week they start by examining the social consequences and ethical implications of common citizens being empowered with freely available cryptographic technology that no force on Earth - no government agency, no corporation, |
| - | [[Security Now Episode 31]] | + | [[Security Now Episode 31|Episode 31]] - Leo and Steve continue their multi-episode tour of cryptographic technology. This week they analyze the cryptographic operation of secret decoder rings, which they use to develop a solid foundation of cryptographic terminology. Then they examine the first of two forms of symmetric, private key cryptography known as “symmetric stream ciphers.” Two weeks from now, after next week's Q&A episode, they' |
| - | [[Security Now Episode 32]] | + | [[Security Now Episode 32|Episode 32]] - Steve and Leo briefly review last week's topic of symmetric stream ciphers, then pose the first Security Now! Puzzler/ |
| - | [[Security Now Episode 33]] | + | [[Security Now Episode 33|Episode 33]] - Leo and Steve answer last week's Puzzler/ |
| - | [[Security Now Episode 34]] | + | [[Security Now Episode 34|Episode 34]] - Having discussed symmetric (private) key ciphers during the last two weeks, this week Leo and Steve examine asymmetric key cryptography, |
| - | [[Security Now Episode 35]] | + | [[Security Now Episode 35|Episode 35]] - Having covered stream and block symmetric ciphers and asymmetric ciphers, this week Leo and Steve describe and discuss “cryptographic hashes,” the final component to comprise a complete fundamental cryptographic function suite. They discuss the roles of, and attacks against, many common and familiar cryptographic hashes including MD5 and SHA1. |
| - | [[Security Now Episode 36]] | + | [[Security Now Episode 36|Episode 36]] - Leo and Steve discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 37]] | + | [[Security Now Episode 37|Episode 37]] - Steve and Leo conclude their multi-week coverage of the fundamental technologies underlying modern cryptographic systems. |
| - | [[Security Now Episode 38]] | + | [[Security Now Episode 38|Episode 38]] - Steve and Leo discuss the broad topic of web browser security. They examine the implications of running “client-side” code in the form of interpreted scripting languages such as Java, JavaScript, and VBScript, and also the native object code contained within browser “plug-ins” including Microsoft’s ActiveX. Steve outlines the “zone-based” security model used by IE and explains how he surfs with high security under IE, only “lowering his shields” to a website after he’s had the chance to look around and decide that the site is trustworthy. |
| - | [[Security Now Episode 39]] | + | [[Security Now Episode 39|Episode 39]] - In one of their more “aggressively technical” episodes, Steve and Leo discuss the pernicious nature of software security bugs from the programmer' |
| - | [[Security Now Episode 40]] | + | [[Security Now Episode 40|Episode 40]] - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 41]] | + | [[Security Now Episode 41|Episode 41]] - This week Steve and Leo explain why they love “TrueCrypt, |
| - | [[Security Now Episode 42]] | + | [[Security Now Episode 42|Episode 42]] - Steve and Leo delve into the inner workings of NAT routers. They examine the trouble NAT routers present to peer-to-peer networks where users are behind NAT routers that block incoming connections, |
| - | [[Security Now Episode 43]] | + | [[Security Now Episode 43|Episode 43]] - This week Leo and Steve cover the broad subject of “open ports” on Internet-connected machines. They define ports, and what it means for them to be open, closed, and stealth. They discuss what opens them, what it means to have ports “open” from both a functional and security standpoint, how open ports can be detected, whether stealth ports are really more secure than closed ports, and differences between TCP and UDP port detection. |
| - | [[Security Now Episode 44]] | + | [[Security Now Episode 44|Episode 44]] - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 45]] | + | [[Security Now Episode 45|Episode 45]] - Steve and Leo reveal and describe the HOSTS file which is hidden away within every Internet-capable machine. They explain how, because it is always the first place a machine looks for the IP address associated with any other machine name, it can be used to easily and conveniently intercept your computer' |
| - | [[Security Now Episode 46]] | + | [[Security Now Episode 46|Episode 46]] - Steve and Leo clarify the confusion surrounding consumer NAT router logging. They explain why routers tend to overreact to Internet “noise” by “crying wolf” too often, why the logs produced by consumer routers are unfortunately not very useful, and when paying attention to logs does and does not make sense. |
| - | [[Security Now Episode 47]] | + | [[Security Now Episode 47|Episode 47]] - Steve and Leo trace the history and rapid growth of Internet Denial of Service (DoS) attack techniques, tools, and motivations over the past eight years. They discuss many different types of attacks while focusing upon the distributed bandwidth flooding attacks that are the most destructive and difficult to block. |
| - | [[Security Now Episode 48]] | + | [[Security Now Episode 48|Episode 48]] - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 49]] | + | [[Security Now Episode 49|Episode 49]] - Steve and Leo describe the operation and use of the universally available “Netstat” command – available in every desktop operating system from Unix and Linux through Windows and Macs. “Netstat” allows anyone to instantly see what current Internet connections and listening ports any system has open and operating. Mastering the power of this little-known command will greatly empower any security-conscious computer user. |
| - | [[Security Now Episode 50]] | + | [[Security Now Episode 50|Episode 50]] - Steve and Leo discuss the historical beginnings of Virtual Machine technology, from the 40-year-old IBM VM/360 operating system through virtual machine language emulators and today’s VMware and Virtual PC solutions. This kicks off a multi-episode discussion of the tremendous security benefits and practical uses of modern day Virtual Machine technology. |
| - | [[Security Now Episode 51]] | + | [[Security Now Episode 51|Episode 51]] - Steve and Leo discuss the revelation, courtesy of a Symantec study and report, that Microsoft’s forthcoming Vista operating system has a brand new, written from scratch, networking stack supporting old and new network protocols. They consider the sobering security consequences of Microsoft’s decision to scrap Window’s old but battled-hardened network stack in favor of one that’s new and unproven. |
| - | [[Security Now Episode 52]] | + | [[Security Now Episode 52|Episode 52]] - Steve and Leo discuss the week’s security woes, covering D-Link and Centrino wireless buffer overflows which allow remote wireless compromise of user’s networks and machines. They explore the recent revelation that JavaScript can be used to scan an unwitting user’s internal network to take over their equipment. They talk about the purchase of Hamachi by LogMeIn and how Botnets are being used to create fraudulent eBay users with perfect “feedback” in order to defraud even careful eBay users. And more! |
| - | [[Security Now Episode 53]] | + | [[Security Now Episode 53|Episode 53]] - Steve and Leo briefly recap the concepts and technology of Virtual Machine (VM) technology, then thoroughly explore the free and commercial offerings of the earliest company to pioneer Intel-based high-performance virtual machines, VMware. They focus upon the free VMware Player which allows Virtual Machine “Appliances” to be “played” on any supported platform. They examine the value of these VMware solutions for creating highly secure “sandbox” containment environments as well as for cover-your-tracks privacy. |
| - | [[Security Now Episode 54]] | + | [[Security Now Episode 54|Episode 54]] - Steve and Leo continue their ongoing discussion of the security implications and applications of virtualization and virtual machines. This week they examine the “Blue Pill” OS subversion technology made possible by AMD’s next generation virtualization hardware support. They debunk the hype surrounding this interesting and worrisome capability, placing it into a larger security and virtualization context. |
| - | [[Security Now Episode 55]] | + | [[Security Now Episode 55|Episode 55]] - Having discussed “heavy weight” virtualization technology in recent weeks, this week Steve and Leo examine “lighter weight” application sandboxing technology and the software solutions currently available to perform this form of application “wrapping.” They discuss the inherent limitations of sandbox security and explain how valuable sandboxes can be for privacy enforcement. |
| - | [[Security Now Episode 56]] | + | [[Security Now Episode 56|Episode 56]] - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 57]] | + | [[Security Now Episode 57|Episode 57]] - Steve and Leo wrap up their multi-week series about virtual machines and virtual machine technology by closely analyzing the differences and similarities between the free and commercial VM products offered by Microsoft and VMware. |
| - | [[Security Now Episode 58]] | + | [[Security Now Episode 58|Episode 58]] - Leo and I discuss the breaking news of two new critical Windows problems: A new vulnerability that is being actively exploited on the web to install malware into innocent users’ machines – and a workaround that all Windows users can employ to protect themselves. And a serious file-corruption bug Microsoft introduced into last month' |
| - | [[Security Now Episode 59]] | + | [[Security Now Episode 59|Episode 59]] - Completing the topic of current virtual machine technology and products, Steve and Leo closely examine the commercial multiplatform virtual machine offerings from “Parallels, |
| - | [[Security Now Episode 60]] | + | [[Security Now Episode 60|Episode 60]] - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 61]] | + | [[Security Now Episode 61|Episode 61]] - Steve and Leo discuss two new 0-day Internet Explorer vulnerabilities (both now being exploited on the Internet); then they explore the commonly expressed privacy and security concerns presented by the need to trust Internet Service Providers (ISP). |
| - | [[Security Now Episode 62]] | + | [[Security Now Episode 62|Episode 62]] - Steve and Leo discuss the entire range of applications for Internet Proxies and Proxy Servers. They describe the many different uses for proxies while discussing both the benefits and the potential security and privacy liabilities created by filtering and caching web and other Internet content. |
| - | [[Security Now Episode 63]] | + | [[Security Now Episode 63|Episode 63]] - Steve and Leo get deeply into the new MojoPac product from RingCube Technologies. After spending several days plumbing the depths of this intriguing new idea for installing secure and private Windows program and file installations onto transportable USB devices, Steve tells all about what he found and what he believes it means now and in the future. |
| - | [[Security Now Episode 64]] | + | [[Security Now Episode 64|Episode 64]] - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 65]] | + | [[Security Now Episode 65|Episode 65]] - Steve and Leo get a bit philosophical this week. They discuss the broad nature of Security – all security, not just computer security. |
| - | [[Security Now Episode 66]] | + | [[Security Now Episode 66|Episode 66]] - Steve and Leo describe the new security features Microsoft has designed and built into their new version of Windows, Vista. They examine the impact of having such features built into the base product rather than offered by third parties as add-ons. And they carefully compare the security benefits of Vista on 64-bit versus 32 bit hardware platforms. |
| - | [[Security Now Episode 67]] | + | [[Security Now Episode 67|Episode 67]] - Steve and Leo first discuss errata from previous episodes, correcting, among other things, Steve' |
| - | [[Security Now Episode 68]] | + | [[Security Now Episode 68|Episode 68]] - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, |
| - | [[Security Now Episode 69]] | + | [[Security Now Episode 69|Episode 69]] - To create some background for next week's discussion about the significant technical challenges involved in creating true anonymity on the Internet, this week Steve and Leo discuss the consequences of use and abuse of the extreme power afforded by many different forms of Internet anonymity, privacy, and freedom of speech. |
| - | [[Security Now Episode 70]] | + | [[Security Now Episode 70|Episode 70]] - Last week Steve and Leo discussed the social implications and the social power of Internet Anonymity. This week they discuss the technology of Freenet and TOR (Onion Router) networks, and Steve describes the detailed technical operation of both systems. |
| - | [[Security Now Episode 71]] | + | [[Security Now Episode 71|Episode 71]] - This week Steve takes the wraps off his forthcoming security freeware utility: SecurAble. Although he's still working to get it finished, tested, and ready for initial release, Steve describes what SecurAble will do and some of the unexpected hurdles he’s encountered with the application and with details of Windows operation along the way. |
| - | [[Security Now Episode 72]] | + | [[Security Now Episode 72|Episode |
| - | + | ||
| - | [[Security Now Episode 73]] | + | |
| - | + | ||
| - | [[Security Now Episode 74]] | + | |
| - | + | ||
| - | [[Security Now Episode | + | |
security_now_2006.1350533502.txt.gz · Last modified: 2014/12/04 18:56 (external edit)