Security Now! - 2011

Episode 282 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 283 - After catching up with the week's security and privacy news, Steve and Leo complete their analysis of the Bluetooth security by examining the history and current status of Bluetooth hacking exploits. They conclude with a set of recommendations for minimizing the Bluetooth attack surface.

Episode 284 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 285 - After catching up with the week's security updates and news, Steve and Leo examine the use of “code fuzzing” to locate functional defects in the web browsers we use every day. Surprisingly, every browser in use today can be crashed with this technique.

Episode 286 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 287 - This week, after catching up with a busy “Patch Tuesday,” Steve and Tom explore the fascinating crypto technology developed to create “BitCoin,” the Internet's decentralized peer-to-peer completely private online currency exchange system.

Episode 288 - Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 289 - After catching up with the week's security updates and other security-related news, Steve and Leo discuss the many modes of operation of “Proxied Web Surfing” which are used to bypass firewalls and Internet filters, aid free speech, and alter the contents of web pages retrieved from the Internet.

Episode 290 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 291 - After catching up with a very busy week of software updates and wide-ranging security news, Steve and Leo discuss the revelations documented in Symantec's comprehensive “Stuxnet Dossier.”

Episode 292 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 293 - After catching up with a great deal of security news and interesting computer industry miscellanea, Steve shares everything he has recently learned from his extensive study into the new security and privacy features of IE9.

Episode 294 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 295 - After catching up with the past week's very busy security news, Steve and Leo closely examine the circumstances and repercussions surrounding the mid-March breach of the Comodo SSL certificate authority certificate signing system.

Episode 296 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 297 - After catching up with a number of extra-interesting security news of the week, Steve and Leo explore the recently raised suggestion that using a three-word “pass-sentence” such as “I like tomatoes” would be MORE secure (and far more memorable) than “J4f6<2”. Short sentences are certainly easier to remember … but more secure?

Episode 298 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 299 - This week's security news and events took up so much time that we didn't have time to cover the entire topic of “Randomness” in security and cryptography. So we split the topic into two parts. This week we open the topic and explain the background, problem and need. Week after next we'll plow into the solutions.

Episode 300 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 301 - After catching up with the week's security and privacy news, we conclude our two-part series discussing the need for, and applications of, random and pseudorandom numbers. We discuss the ways in which a computer, which cannot produce random numbers, can be programmed to do an extremely good job.

Episode 302 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 303 - Steve shares something of a revelation about the true nature of passwords and why “password entropy” really doesn't matter. He explains, therefore, how it's possible for passwords to be both memorable AND impossible to crack at the same time.

Episode 304 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 305 - This week, after catching up on the week's security and privacy news, Steve and Leo take a close look at “Ghostery,” a highly recommended, multi-OS, multi-browser extension that reveals all of the tracking bugs and cookies websites are hosting to track us, and optionally allows them to be blocked.

Episode 306 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 307 - This week, after catching up on the week's security and privacy news, Steve and Leo take a look at the state of Identity Management in Cyberspace with the U.S. Government's publication of its NSTIC - National Strategy for Trusted Identities in Cyberspace.

Episode 308 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 309 - This week, after catching up with our usual grab bag of Internet-related security and privacy news, including another Microsoft Patch Tuesday, Steve and Leo plow into the first of a series of forthcoming episodes, which will be spread out over time, describing the detailed technical operation of the ever-more-ubiquitous global Internet.

Episode 310 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 311 - This week, after catching up with a collection of interesting security events, Steve and Leo take a close look at a recently discovered security coding error, examining exactly how and why it occurred, to understand how easily these kinds of mistakes can be made - and how difficult it can be to EVER find them all.

Episode 312 - Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 313 - After catching up with a busy week of security updates, and some miscellaneous fun security news, Steve and Tom return for the second installment of “How The Internet Works” with a look at the ICMP and UDP protocols.

Episode 314 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 315 - After catching up with the week's news, Steve explains his goals, development process, and operation of the “Off The Grid” paper-based encryption system he developed for use in encrypting website domain names into matching secure website passwords.

Episode 316 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 317 - After catching up with a week of the amazing news of the security breach of the DigiNotar certificate authority, Steve and Leo continue their “How the Internet Works” series with the first of several episodes describing the operation of the Internet's most used protocol: TCP.

Episode 318 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 319 - After catching up with just a bit of the past week's news, Steve and Leo explore the most mature possible replacement for the Internet's existing (and failing) “trust model,” which has always been based upon the unequivocal trust of Certificate Authorities.

Episode 320 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 321 - After catching up with the week's security news, Steve and Leo examine the implications of a recent Internet-wide exploit known as BEAST: Browser Exploits Against SSL/TLS. They share the process used by the discoverers of an exploit for this long-known vulnerability and consider its implications.

Episode 322 - Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 323 - After catching up with the week's news, Steve and Leo return this week to their “How the Internet Works” fundamentals series. They examine the operation of the various attacks that have been made through the years against the Internet's most popular and complex protocol: TCP.

Episode 324 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 325 - After catching up with the week's news, Steve and Leo return this week to their “How the Internet Works” fundamentals series. They examine the challenges presented by “packet-based connections” to further understand the operation of the Internet's most popular and complex protocol: TCP.

Episode 326 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 327 - The day before recording this podcast in the studio with Leo, Steve attended an annual Internet privacy conference. After catching up with the week's security news, updates, and errata, Steve shares what he saw and learned during the conference, including three VERY promising new privacy and authentication tools.

Episode 328 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 329 - After catching up with the week's news, Steve and Leo examine the operation of Mozilla's solution to the need for secure, reliable and easy-to-use establishment of online Internet identity known as: BrowserID. They also compare it with all of the other existing technologies and solutions we've discussed before.

Episode 330 - Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 331 - We had so much news this week that it squeezed out our show's planned topic of Google's new SDPY web browser protocol. So we'll tackle that early next year. In the meantime, Leo and Steve will discuss the news of this very active week!

Episode 332 - Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 333 - After catching up with just a bit of year-end security news, for their special holiday episode, Steve and Leo review their favorite Science Fiction books and movies, pulling the commentary they have previously scattered throughout many years into a single reference.