Security Now! - 2009

Episode 177 - Steve and Leo discuss the newly discovered cracks in SSL (Secure Sockets Layer), antique PDP-8 minicomputers, and the importance of next-generation UltraCapacitors.

Episode 178 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 179 - Steve and Leo delve into the detailed inner workings of security certificates upon which the Internet depends for establishing the identity of users, websites, and other remote entities. After establishing how certificates perform these functions, Steve describes how a team of security researchers successfully cracked this “uncrackable” security to create fraudulent identifications.

Episode 180 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 181 - Before tackling the complete description of the operation of the SSL (Secure Socket Layer) protocol, this week Steve and Leo take a step back to survey and review much of the cryptographic material they have covered during past 3+ years of podcasts.

Episode 182 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 183 - In preparation for a deep and detailed discussion of Secure Sockets Layer (SSL), Steve and Leo first establish some formal crypto theory and practice of encryption operating modes.

Episode 184 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 185 - Steve and Leo discuss the role, importance and operation of cryptographically-keyed message digest algorithms and their use to securely authenticate messages: Hashed Messages Authentication Codes.

Episode 186 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 187 - Steve and Leo discuss the inglorious past of Windows Autorun. They explain how, until recently, disabling “Autorun” never really worked, how Microsoft hoped to fix it while bringing minimal attention to the problem, and how Microsoft's documentation of their recent fix still “got it wrong.”

Episode 188 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 189 - Steve and Leo closely examine and discuss Microsoft's just released major version 8 of Internet Explorer. Steve has studied this major new web browser closely, so he examines the many new features and foibles from the standpoint of its short- and long-term impact on Internet security.

Episode 190 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 191 - Steve and Leo begin by discussing the week's security news. Then Steve carefully and completely describes the construction and operation of a worldwide covert cyberspace intelligence gathering network, operating in 103 countries, that was named “GhostNet” by its Canadian discoverers.

Episode 192 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 193 - Steve and Leo discuss the week's security news; then they closely examine the detailed operation and evolution of “Conficker,” the most technically sophisticated worm the Internet has ever encountered.

Episode 194 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 195 - Steve and Leo plow into the detailed operation of the Internet's most-used security protocol, originally called “SSL” and now evolved into “TLS.” The security of this crucial protocol protects all of our online logins, financial transactions, and pretty much everything else.

Episode 196 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 197 - This week, Steve and Leo discuss the changes, additions and enhancements Microsoft has made to the security of their forthcoming release of Windows 7.

Episode 198 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 199 - This week Steve and Leo explore three different topics: a terrific new book of interest to geeks or non-geeks alike; the still-questionable future and operation of IPv6 (the next version of the Internet protocol); and Steve's novel idea for making secure TCP connections across the Internet without using a VPN tunnel.

Episode 200 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 201 - Steve and Leo examine the operation, features, and security of PKWARE's FREE SecureZIP file archiving and encrypting utility. This very compelling and free offering implements a complete PKI (Public Key Infrastructure) system with per-user/per-installation certificates, public and private keys, secure encryption, digital signing, and other security features we have discussed during previous podcasts.

Episode 202 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 203 - Leo and Steve explore the invention of the best, and very non-intuitive, means for “string searching” - finding a specific pattern of bytes within a larger buffer. This is crucial not only for searching documents but also for finding viruses hidden within a computer's file system.

Episode 204 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 205 - Steve and Leo examine the operation of one of the most prevalent computer algorithm inventions in history: Lempel-Ziv data compression. Variations of this invention form the foundation of all modern data compression technologies.

Episode 206 - A LOT of security news transpired during the three previous weeks since Steve and Leo last recorded live. So instead of the regularly scheduled Q&A episode (which is moved to next week), today they catch up with this week's “mega security news update.”

Episode 207 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 208 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 209 - Steve and Leo kick off the podcast's fifth year with a rare off-topic discussion of something Steve has been researching for the past eight weeks and passionately believes everyone needs to know about: Vitamin D. After next week's Q&A, the podcast will return to topics of Internet security.

Episode 210 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 211 - This week Steve and Leo describe the inner workings of one of the best designed and apparently most secure electronic voting machines - currently in use in the United States - and how a group of university researchers hacked it without any outside information to create a 100% stealth vote stealing system.

Episode 212 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 213 - Steve and Leo discuss the state of GSM (Global System of Mobile communications) cracking. Steve shows where to purchase the required hardware, from where to download the software, and just how easy and practical it has become to “crack” the old and very weak “security” employed by the three billion cellphones now in worldwide use.

Episode 214 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 215 - Steve and Leo discuss the first portion of a collection of pithy and apropos “Security Maxims” that were assembled by a member of the Argonne Vulnerability Assessment Team at the Nuclear Engineering Division of the Argonne National Laboratory, U.S. Department of Energy.

Episode 216 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 217 - Steve and Alex discuss the serious security problems created by the way SSL connections are specified by non-secured web pages, and how easily a “man in the middle” attack can compromise this amazingly weak web-based security.

Episode 218 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 219 - In preparation for episode 221's guest, John Graham-Cumming, who will take us on a detailed walk-through of the JavaScript language's security problems, this week Leo and Steve examine the sad and badly broken state of web browsing in general, and how we got to where we are.

Episode 220 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 221 - This week Steve and Leo are joined by author and software developer John Graham-Cumming to discuss many specific concerns about the inherent, designed-in, insecurity of our browser's JavaScript scripting language. Now 14 years old, JavaScript was never meant for today's high-demand Internet environment - and it's having problems.

Episode 222 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 223 - This week Steve and Leo plow into a recently discovered serious vulnerability in the fundamental SSL protocol that provides virtually all of the Internet's communications security: SSL - the Secure Sockets Layer. Steve explains exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client's credentials.

Episode 224 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 225 - This week Steve and Leo plow into the little understood and even less known problems which arise when user-provided content - postings, photos, videos, etc. - are uploaded to trusted web sites from which they are then subsequently served to other web users.

Episode 226 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 227 - Steve and Leo examine the amorphous and difficult-to-grasp issue of nation-state sponsored cyberwarfare. They examine what it means when nations awaken to the many nefarious ways the global Internet can be used to gain advantage against international competitors and adversaries.

Episode 228 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 229 - Steve and Leo turn everything around this week to question the true economic value of security advice. They consider the various non-zero costs to the average, non-Security Now! listener. They compared those real costs with the somewhat unclear and uncertain benefits of going to all the trouble of following sometimes painful advice.