Security Now! - 2012

Episode 334 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 335 - After catching up with only a small bit of the week's security news, Steve and Leo discuss the recent revelation of a fundamental security flaw in the functioning of the WiFi WPA standard. WiFi Access Points, following the certification-mandated default configuration, allow an attacker to obtain network access within just a few hours.

Episode 336 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 337 - This week, after catching up on an interesting week of Security and Privacy news and legislation, Steve and Leo examine the troubled Wi-Fi Protected Security (WPS) protocol in detail to understand its exact operation, and to examine a series of limitations that cannot be resolved.

Episode 338 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 339 - This week, after catching up with a busy and interesting week of security news and events, Steve and Leo take a close look at ScriptNo, a new Chrome extension created by a developer who left Firefox (and NoScript) for Chrome and was pining for NoScript's features.

Episode 340 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 341 - This week, after catching up with the week's security and privacy news, Steve and Leo examine the feasibility of the hacker group “Anonymous” successfully taking the Internet offline after a disavowed Internet posting has claimed they intend on March 31st.

Episode 342 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 343 - This week, after catching up with the week's security and privacy news, Steve and Leo take a detailed look at the World Wide Web's current HTTP protocol and examine the significant work that's been done by the Chromium Project on “SPDY,” a next-generation web protocol for dramatically decreasing page load times and latency and improving performance and interactivity.

Episode 344 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 345 - After catching up with the week's news, Steve and Leo examine the growing concern over, and performance problems created by, the Internet's “Buffer Bloat,” which has been silently creeping into our networks as the cost of RAM memory used for buffers has been dropping. It's easy to assume that more buffering is good, but that's not true for the Internet.

Episode 346 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 347 - After catching up with the week's news, Steve and Leo examine the inner workings of the most popular password managers for Apple's iOS devices to determine whether and to what degree they offer enhanced security for safe password storage.

Episode 348 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 349 - After catching up with the week's news, Steve and Leo examine ALL of the various cloud-based synchronizing, storage and backup solutions they could find. Steve surveys each one in turn, and Leo chimes in with his own personal experience with many of the offerings. They conclude that SpiderOak looks like the winner, though Jungle Disk is still in the running.

Episode 350 - During this special Q&A episode, Steve and Iyaz host an entirely Twitter-driven Q&A episode, caused by the flurry of interest created by last week's focus upon Cloud Storage Solutions. After catching up with the week's security-related events, they zip through 21 tweets, then focus upon and examine the security architecture of one controversial and popular cloud storage provider: Backblaze.

Episode 351 - After catching up with the week's news and Twitter feedback, Steve and Leo closely examine three remote cloud storage solutions whose Crypto was done COMPLETELY right, Offering full TNO (Trust No One) security. And one of them makes Steve wish he were a Mac user!

Episode 352 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 353 - After catching up with the week's news, Steve and Leo look at the state of the slow but sure and steady progress being made to tighten up the Internet's eMail security. Since spoofing and phishing continue to be huge problems, these problems continue to command the attention of the Internet's largest commerce, financial, and social networking domains. The good news is: There's good reason for hope!!

Episode 354 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 355 - Steve and Leo tackle two new and interesting threats to Internet security. First, the newly discovered “Flame” / “Flamer” / “Skywiper” malware dwarfs Stuxnet and Duqu in capability and complexity. Then they examine the work of two University of Michigan researchers who have detailed a collection of new ways to attack the TCP protocol. They inject malicious content into innocent web pages and add malicious links to online chats.

Episode 356 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 357 - It's time for Security Now!. Steve Gibson's here. Boy, he's got a lot of security news. There was a big Microsoft update, a new Apple update of Java, and Oracle, too. But the big story is Flame, two amazing revelations that might give us some idea about where Flame actually came from. Steve Gibson, next, on Security Now!.

Episode 358 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 359 - After catching up with a few items of security and privacy news, Steve and Leo return to the Internet's “Buffer Bloat” problem to share the new solution “CoDel” (pronounced “coddle”) that has been developed by several of the Internet's original and leading technologists and designers.

Episode 360 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 361 - After catching up with the week's security news, Steve and Leo take a close look at the recent “DNS Changer” malware, the FBI's role in the “takedown” of the malicious servers, and the expert technical assistance provided by Paul Vixie, one of the pioneers and principal developers of the Internet's Domain Name System (DNS).

Episode 362 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 363 - After catching up with an eventful week of security news, Steve and Leo explore a variant of the story of “Ali Baba's Cave” as a means for clearly explaining the operation and requirements of cryptographic Zero-Knowledge Interactive Proofs.

Episode 364 - After catching up with an eventful week of security news, Steve and Leo describe and explore the details of the “epic hack” that recently befell well-known technology writer Mat Honan.

Episode 365 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 366 - After catching up with a collection of miscellaneous and interesting security-related news, Steve and Leo take a close look at the long-term consequences of the many massive password leakages which have occurred. The upshot? Hackers are getting MUCH better at cracking passwords, and “clever” techniques can no longer be regarded as safe.

Episode 367 - We have so much security news and information to cover this week that we didn't have time to take questions from our listeners. What we have, instead, is a LOT of interesting news about the new Java vulnerabilities, new TNO cloud storage solutions, and lots more.

Episode 368 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 369 - After catching up with an eventful week of security news, Steve and Leo step back for an overview and discussion of the slowly evolving state of the art in Internet Identity Authentication.

Episode 370 - We begin the week with a visit with our distinguished guest, Mark Russinovich, late of Sysinternals and now with Microsoft. Mark joins us to chat about the release of his second security thriller, “Trojan Horse,” and to share some of his view of the security world.

Episode 371 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 372 - After catching up with just a tiny bit of security news (it was a very quiet week in security), Steve and Leo take the podcast's first-ever comprehensive look at the emerging and increasingly popular NFC (Near Field Communications) technology, which is now present in tens of millions of cell phones and other mobile and fixed-location devices.

Episode 373 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 374 - After catching up with the week's most important security news, Steve and Leo wind up their propeller-cap beanies right to the breaking point of their springs in order to obtain enough lift to examine and explore the operation of ECC - Elliptic Curve Cryptography - the next-generation public key cryptography technology.

Episode 375 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 376 - This week, after failing to find much in the way of interesting security news, Steve and Leo make up for that by introducing the concept of “Fully Homomorphic Encryption,” which allows encrypted data to be operated upon WITHOUT it first being decrypted, and results remain encrypted.

Episode 377 - Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 378 - After catching up with an interesting and varied grab-bag of security news and paraphernalia, Steve and Tom further examine the controversy surrounding Microsoft's decision to enable the Do Not Track (DNT) “signal” header in IE10 and share some insights gained from a recent Microsoft Executive VP Keynote presentation about exactly this issue.

Episode 379 - Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 380 - After catching up with lots of interesting security news, updates on Steve's Acoustic Dog Training project, and lots of other miscellany, Steve and Leo examine a recently developed and increasingly popular Internet security protocol, DTLS, which combines the advantages of UDP with SSL security.

Episode 381 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 382 - After catching up with the week's news, Steve and Leo take a deep dive into the technology of the ever-more-ubiquitous “QR Codes” which are popping up everywhere and are increasingly being used, not only for good, but with malicious intent.

Episode 383 - Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Episode 384 - For this special year-end holiday edition of Security Now!, Steve digs down deep into his video archives. He takes us back 22 years, to 1990, to share a 45-minute presentation he gave, once upon a time, on the inner workings of the “megabyte-sized” hard disk drives that gave birth to the PC industry.