Security Now! - 2008

Episode 121 - This week Steve and Leo take a break from the details of bits and bytes to discuss and explore the many issues surrounding the gradual and inexorable ebbing of individual privacy as we (consumers) rely increasingly upon the seductive power of digital-domain services.

Episode 122 - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world “application notes” for any of the security technologies and issues they have previously discussed.

Episode 123 - Steve and Leo invite Jungle Disk's creator, Dave Wright, to join the podcast to talk about his $20 product that allows for extremely economical, efficient, seamless and absolutely secure online storage of any user data within Amazon's high=performance, high-reliability “S3” storage facility.

Episode 124 - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world “application notes” for any of the security technologies and issues they have previously discussed.

Episode 125 - Steve explains, very carefully and clearly this time, why and how multiple encryption increases security. Steve also carefully and in full details explains the operation of the new global encryption AES cipher: Rijndael.

Episode 126 - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world “application notes” for any of the security technologies and issues they have previously discussed.

Episode 127 - Steve and Leo discuss the week's major security events, then use a listener's story of his organization's security challenges to set the stage for their discussion of the types of challenges corporations face in attempting to provide a secure computing environment.

Episode 128 - Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world “application notes” for any of the security technologies and issues they have previously discussed.

Episode 129 - Steve and Leo examine and discuss Microsoft's “Windows SteadyState,” an extremely useful, free add-on for Windows XP that allows Windows systems to be “frozen” (in a steady state) to prevent users from making persistent changes to ANYTHING on the system.

Episode 130 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 131 - In this first of their two-part exploration of the world of whole-drive encryption, Steve and Leo begin by discussing the various options and alternatives, then focus upon one excellent, completely free, and comprehensive security solution known as “FREE CompuSec.”

Episode 132 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 133 - In this second half of our exploration of whole-drive encryption, Leo and I discuss the detailed operation of the new version 5.0 release of TrueCrypt, which offers whole-drive encryption for Windows.

Episode 134 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 135 - Leo and I spend 45 terrific minutes speaking with David Jevans, IronKey's CEO and founder, about the inner workings and features of their truly unique security-hardened cryptographic hardware USB storage device.

Episode 136 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 137 - Steve and Leo plow into the detailed operation of static and dynamic RAM memory to give some perspective to the recent Princeton research that demonstrated that dynamic RAM (DRAM) does not instantly “forget” everything when power is removed. They examine the specific consequences of various forms of physical access to system memory.

Episode 138 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 139 - Steve and Leo discuss an aspect of the “cost” of using the Internet - a packetized global network which (only) offers “best effort” packet delivery service. Since “capacity” is the cost, not per-packet usage, the cost is the same whether the network is used or not. But once it becomes “overused” the economics change since “congestion” results in a sudden loss of network performance.

Episode 140 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 141 - Steve and Leo discuss recent security news; then Steve describes the week he spent at the 2008 annual RSA security conference, including his chance but welcome discovery of one very cool new multifactor authentication solution.

Episode 142 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 143 - Steve and Leo delve into the detailed operation of the YubiKey, the coolest new secure authentication device Steve discovered at the recent RSA Security Conference. Their special guest during the episode is Stina Ehrensvrd, CEO and Founder of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for this cool new technology.

Episode 144 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 145 - Steve and Leo focus upon a comprehensive and highly recommended free software security vulnerability scanner called “PSI,” Personal Software Inspector. Where anti-viral scanners search a PC for known malware, PSI searches for known security vulnerabilities appearing in tens of thousands of known programs. Everyone should run this small program! You'll be surprised by what it finds.

Episode 146 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 147 - Steve and Leo discuss the recent hacker takeover of the Comcast domain, then examine two very useful free security tools offered by Microsoft: the Baseline Security Analyzer (MBSA) and the Microsoft Security Assessment Tool (MSAT).

Episode 148 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 149 - In this first of two episodes, Steve and Leo discuss the disturbing new trend of Internet Service Providers (ISPs) allowing the installation of customer-spying hardware into their networks for the purpose of profiling their customers' behavior and selling this information to third-party marketers.

Episode 150 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 151 - Steve and Leo continue their discussion of “ISP Betrayal” with a careful explanation of the intrusive technology created by Phorm and currently threatening to be deployed by ISPs, for profit, against their own customers.

Episode 152 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 153 - Steve and Leo conclude their coverage of the serious privacy invasion threat from the Phorm system with a discussion with Alexander Hanff, a technologist and activist located in the United Kingdom, who has been at the center of the public outcry against this invasive technology.

Episode 154 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 155 - Steve and Leo discuss the deeply technical and functional aspects of DNS, with a view toward explaining exactly how the recently discovered new DNS cache poisoning attacks are able to cause users' browsers to be undetectably redirected to malicious phishing sites.

Episode 156 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 157 - Steve and Leo follow-up on the recent industry-wide events surrounding the discovery, partial repair, and disclosure of the serious (and still somewhat present) “spoofability flaw” in the Internet's DNS protocol. They also examine what more can be done to make DNS less spoofable.

Episode 158 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 159 - Steve and Leo discuss some recent revelations made by two talented security researchers during their presentation at the Black Hat conference. Steve explains how, why, and where the much touted security improvements introduced in the Windows Vista operating system fail to prevent the exploitation of unknown security vulnerabilities.

Episode 160 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 161 - Steve and Leo examine Google's new “Chrome” web browser. Leo likes Chrome and attempts to defend it as being just a beta release; but, while Steve is impressed by the possibilities created by Chrome's underlying architecture, he is extremely unimpressed by its total lack of critically important security and privacy features.

Episode 162 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 163 - Steve and Leo wrap up the loose ends from last week's final Q&A question regarding the self-removal of the GoogleUpdate system following the removal of Google's Chrome web browser, then discuss the operation and politics of upgrading the Internet's entire DNS system to fully secure operation.

Episode 164 - Steve and Leo discuss a class of newly disclosed vulnerabilities reported to exist in many operating systems' implementations of the fundamental TCP protocol. Two security researchers, claiming that they could not get anyone's attention, disclosed far too much information in a recent audio interview - leaving little to the imagination - and exposing the Internet to a new class of DoS attacks. They'll certainly get attention now.

Episode 165 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 166 - Steve and Leo discuss the week's security events, then they address another fundamental security and privacy concern inherent in the way web browsers and web-based services operate: Using “Cross-Site Request Forgery” (CSRF), malicious pranksters can cause your web browser to do their bidding using your authentication.

Episode 167 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 168 - Steve and Leo discuss yet another challenge to surfing safely in the web world: Known as “ClickJacking,” or more formally as “UI Redressing,” this class of newly popular threats tricks web users into performing web-based actions they don't intend by leading them to believe they are doing something else entirely.

Episode 169 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 170 - Steve and Leo begin with a refresher on WEP, the original technology of WiFi encryption. With that fresh background, they then tackle the detailed explanation of every aspect of the recently revealed very clever hack against the TKIP security protocol. TKIP is the older and less secure of the two security protocols offered within the WPA and WPA2 WiFi Alliance certification standards.

Episode 171 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 172 - Steve and Leo return to take a much closer look at “Sandboxie,” an extremely useful, powerful, and highly recommended Windows security tool they first mentioned two years ago. This time, after interviewing Sandboxie's creator, Ronen Tzur, Steve explains why he is totally hooked and why Leo is wishing it was available for his Macs.

Episode 173 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 174 - Having described “Sandboxie” and Virtual Machine sandboxing utilities in the past, Steve and Leo discuss the limitations of any sort of sandboxing for limiting the negative impacts of malware on a user's privacy and system's security.

Episode 175 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 176 - Steve and Leo delve into the inner workings of a free, easy to use and useful yet unknown Microsoft utility known as “DropMyRights.” It can be used to easily run selected, dangerous Internet-facing applications - such as your web browser and email client - under reduced, safer non-administrative privileges while everything else in the system runs unhampered.