Brian Carnell's Wiki

User Tools

Site Tools

Trace:
security_now_2014

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
security_now_2014 [2015/04/12 23:47] briancarnellsecurity_now_2014 [2015/04/13 00:19] (current) briancarnell
Line 29: Line 29:
 [[Security Now Episode 450|Episode 450]] - Leo and I discuss this long-anticipated, final "Second Tuesday of the Month" patch update for Windows XP - which has finally arrived. We share a bunch of interesting miscellany, then take a very deep dive to examine and understand the technology, events and implications of yesterday's (April 7, 2014) discovery of a two-year-old critical buffer overrun bug in the open source industry's OpenSSL protocol package. It's been named “Heartbleed” because it abuses the new TLS “heartbeat” extension to bleed the server of critical security information. [[Security Now Episode 450|Episode 450]] - Leo and I discuss this long-anticipated, final "Second Tuesday of the Month" patch update for Windows XP - which has finally arrived. We share a bunch of interesting miscellany, then take a very deep dive to examine and understand the technology, events and implications of yesterday's (April 7, 2014) discovery of a two-year-old critical buffer overrun bug in the open source industry's OpenSSL protocol package. It's been named “Heartbleed” because it abuses the new TLS “heartbeat” extension to bleed the server of critical security information.
  
-[[Security Now Episode 451|Episode 451]]+[[Security Now Episode 451|Episode 451]] - Not surprisingly, the previous week consisted of nearly a single story: Heartbleed. It was only “nearly,” though, because we also received the results from the first phase of the TrueCrypt audit. So this week Leo and I discuss these two topics in detail.
  
-[[Security Now Episode 452|Episode 452]]+[[Security Now Episode 452|Episode 452]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 453|Episode 453]]+[[Security Now Episode 453|Episode 453]] - After catching up with the week's security events, Leo and I examine the history and operation of security certificate revocation and attempt to answer the question: What do we do when good certificates go bad?
  
-[[Security Now Episode 454|Episode 454]]+[[Security Now Episode 454|Episode 454]] - After catching up with the week's security events, Leo and I continue and complete our examination of the history and present operation of security certificate revocation. With last week's theory behind us, this week we examine the current practice and implementation of certificate revocation.
  
-[[Security Now Episode 455|Episode 455]]+[[Security Now Episode 455|Episode 455]] - Before plowing into 10 questions from our listeners, Leo and I discuss Microsoft's Second Tuesday patches, the CA Security Council's reaction to Chrome's CRLSet revocation revelations, an horrific appeal decision in Oracle v. Google, the forthcoming "Halt and Catch Fire" series, and more.
  
-[[Security Now Episode 456|Episode 456]]+[[Security Now Episode 456|Episode 456]] - After catching up with an interesting, though not dramatic, week of security news, Steve and Leo examine the practical size of randomness and the challenge of collecting entropy in a client that may not have any built-in support for providing it, and may also be surrounded by active attackers.
  
-[[Security Now Episode 457|Episode 457]]+[[Security Now Episode 457|Episode 457]] - During this week's Q&A we host a special guest, industry veteran and ISP Brett Glass, who shares his views on the confusing Network Neutrality debate. We also catch up with the past week's security news and answer 10 questions and comments from our listeners.
  
-[[Security Now Episode 458|Episode 458]]+[[Security Now Episode 458|Episode 458]] - After covering the week's most interesting security news, Steve and Leo look back upon and analyze the past seven days of insanity which followed the startling surprise "self-takedown" of the longstanding TrueCrypt.org website, and of TrueCrypt itself.
  
-[[Security Now Episode 459|Episode 459]]+[[Security Now Episode 459|Episode 459]] - During this week's Q&A we host a special guest, industry veteran and ISP Brett Glass, who shares his views on the confusing Network Neutrality debate. We also catch up with the past week's security news and answer 10 questions and comments from our listeners.
  
-[[Security Now Episode 460|Episode 460]]+[[Security Now Episode 460|Episode 460]] - After catching up with a comparatively sleepy week of security news, Steve and Leo discuss the need for, and the Internet industry's search for, new standards for "Authenticated Encryption" which simultaneously encrypts messages for privacy while also authenticating them against any active in-flight tampering.
  
-[[Security Now Episode 461|Episode 461]]+[[Security Now Episode 461|Episode 461]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 462|Episode 462]]+[[Security Now Episode 462|Episode 462]] - After catching up with an event-filled week of security events and news, we announce and launch the beginning of a multi-part podcast series which will examine and analyze the many current alternatives for securely (TNO) storing our files “in the cloud.”
  
-[[Security Now Episode 463|Episode 463]]+[[Security Now Episode 463|Episode 463]] - Father Robert (Padre) and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 464|Episode 464]]+[[Security Now Episode 464|Episode 464]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 465|Episode 465]]+[[Security Now Episode 465|Episode 465]] - After covering the interesting news of the past week, Leo and I reexamine iOS security in the wake of a hacker's presentation at a major conference which brought it all back into question and triggered an avalanche of frightening headlines.
  
-[[Security Now Episode 466|Episode 466]]+[[Security Now Episode 466|Episode 466]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 467|Episode 467]]+[[Security Now Episode 467|Episode 467]] - This week Leo and I discuss the week's more interesting security news, including HP's recent analysis of the (lack of) security in "Internet of Things" appliances, and the forthcoming Black Hat presentation on "BadUSB" which generated a lot of overly hysterical press coverage. Then I summarize my analysis of the Browser-based Password Manager research to be released later this month.
  
-[[Security Now Episode 468|Episode 468]]+[[Security Now Episode 468|Episode 468]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 469|Episode 469]]+[[Security Now Episode 469|Episode 469]] - After catching up with the week’s more interesting security tidbits, Leo and I dig into last week’s widespread Internet outage to discover that the Internet is reaching another important “limit” that’s going to require some attention: The routing tables are growing past their maximum default size!  Whoops!!
  
-[[Security Now Episode 470|Episode 470]]+[[Security Now Episode 470|Episode 470]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 471|Episode 471]]+[[Security Now Episode 471|Episode 471]] - This past Labor Day brought some high-profile security breaches (naked celebrity photos posted online) of still-unknown origin, and other interesting news. Once Leo and I get caught up with all of that craziness, we take a look at the (sad) state of eMail privacy and encryption. We examine the past and consider what the future might hold.
  
-[[Security Now Episode 472|Episode 472]]+[[Security Now Episode 472|Episode 472]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 473|Episode 473]]+[[Security Now Episode 473|Episode 473]] - After we catch up with interesting security news of the past week, Leo and I examine Google's surprising, controversial, and unilateral decision to suddenly and significantly deprecate ALL web server certificates signed by SHA-1 that will be valid past 2016 - even though 92% of certificates (with lives of at least two years) signed in January 2014 were SHA-1.
  
-[[Security Now Episode 474|Episode 474]]+[[Security Now Episode 474|Episode 474]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 475|Episode 475]]+[[Security Now Episode 475|Episode 475]] - After covering a very busy and interesting past week of security and privacy news, Father Robert and Steve explain, examine, and dig down deep into the many fascinating details of the worst-ever, two-decade old, latent and pervasive Internet bug known as “Shellshock.”
  
-[[Security Now Episode 476|Episode 476]]+[[Security Now Episode 476|Episode 476]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 477|Episode 477]]+[[Security Now Episode 477|Episode 477]] - After catching up with another interesting week of security events, including the rumor of a pending SSLv3 flaw and a new Windows zero-day exploit, Steve and Leo examine the next evolution in online payment technology which replaces traditional credit card numbers with “Payment Tokens.”
  
-[[Security Now Episode 478|Episode 478]]+[[Security Now Episode 478|Episode 478]] - After catching up with a few interesting events from the past week, Steve and Leo take a deep dive into the details of the Internet's latest “security catastrophe” which has been named “Poodle.” Steve first carefully explains the trouble, then debunks it completely, showing why the vulnerability should be fixed but will probably never be exploited.
  
-[[Security Now Episode 479|Episode 479]]+[[Security Now Episode 479|Episode 479]] - After catching up with a few interesting events from the past week, Steve and Leo take a deep dive into the details of the Internet's latest “security catastrophe” which has been named “Poodle.” Steve first carefully explains the trouble, then debunks it completely, showing why the vulnerability should be fixed but will probably never be exploited.
  
-[[Security Now Episode 480|Episode 480]]+[[Security Now Episode 480|Episode 480]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 481|Episode 481]]+[[Security Now Episode 481|Episode 481]] - Leo and I discuss the week's major security events, focusing on this month's crucially important Microsoft MEGA Patch Tuesday updates which, if exploited, will allow for wholesale remote client and server code execution and takeover. They then take a first pass look at the new “Certificate Transparency” standard and initiative being launched by Google and currently supported by DigiCert and others.
  
-[[Security Now Episode 482|Episode 482]]+[[Security Now Episode 482|Episode 482]] - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 483|Episode 483]]+[[Security Now Episode 483|Episode 483]] - This week Leo and I cover two major stories: the discovery of a frighteningly capable and sophisticated espionage malware known as “Regin,” and deeper coverage of the forthcoming “Let's Encrypt” free and automated web server certificate issuing and management system. And, as always, we also cover a bunch of interesting smaller issues.
  
-[[Security Now Episode 484|Episode 484]]+[[Security Now Episode 484|Episode 484]] - Mike and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 485|Episode 485]]+[[Security Now Episode 485|Episode 485]] - Leo and I discuss the week's major security events, including the Turla advanced persistent threat for backdoor for Linux. We then look closely at the very expensive consequences of the lax security measures employed by Target - and their massive late 2013 point-of-sale terminal breach - and Sony's whole-corporation network internal data dump and disclosure.
  
-[[Security Now Episode 486|Episode 486]]+[[Security Now Episode 486|Episode 486]] - Mike and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.
  
-[[Security Now Episode 487|Episode 487]] +[[Security Now Episode 488|Episode 488]] - For our last show of 2014, we first catch up on two very busy holiday weeks of security craziness; then we step back to review the major events of this past very busy and security event-filled year.
- +
-[[Security Now Episode 488|Episode 488]]+
security_now_2014.1428882438.txt.gz · Last modified: by briancarnell
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki