User Tools

Site Tools


security_now_2015

Security Now! - 2015

Episode 489 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.

Episode 490 - Leo and I first discuss a surprisingly busy week of security news; then, we take a careful walk through the history (it's not what you may think) and the detailed operation of “The Enigma Machine” which Germany used to encrypt their sensitive radio traffic during the Second World War.

Episode 491 - Following this slow week of security news, Leo and I first discuss the news surrounding how and why the U.S. was so sure that North Korea was behind the attack on Sony. Then we examine the cryptographic consequences of the British and U.S. governments' recent pronouncements that terrorist communications should not be allowed to remain secret.

Episode 492 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.

Episode 493 - After catching up with a few important security events of the week, Leo and I revisit and dissect the anonymity promises of TOR in light of scores of academic papers which have questioned its anonymity guarantees.

Episode 494 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world ‘application notes’ for any of the security technologies and issues we have previously discussed.

Episode 495 - Leo and I catch up with several VERY interesting security events and stories of the week. Then we take a close look and a deep dive into the operation of the industry's first change in the official HTTP protocol in 15 years - the finalization and emergence of the HTTP/2 IETF specification which significantly streamlines web browser and web server interaction.

Episode 496 - Leo and I discuss the week's major security events, including the revelation of the Lenovo Crapware and the joint GCHQ/NSA Gemalto attack which rendered cellular phones insecure. Then we discuss questions and comments from listeners of previous episodes to tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 497 - Leo and I discuss the week’s tamer-than-usual news; then we host a terrific interview of the team (recently featured on Sunday’s “60 Minutes”) who have been working with DARPA to address the challenge of hardening high-tech networked vehicles – autos and UAVs – against malicious hacking attacks.

Episode 498 - Leo and I catch up with several VERY interesting security events and stories of the week. Then we take a deep dive into two of the week's big security stories: FREAK and RowHammer.

Episode 499 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 500 - Leo and I discuss the recent Pwn2Own hacking competition. We examine another serious breach of the Internet's certificate trust system and marvel at a very clever hack to crack the iPhone four-digit PIN lock. Then we take a close look at the evolution of booting from BIOS to UEFI and how Microsoft has leveraged this into their “Windows Secure Boot” system. We also examine what it might mean for the future of non-Windows operating systems.

Episode 501 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 502 - Leo and I catch up on a busy and interesting week of security events. Then we take a close look at the results of the just-completed second phase of the TrueCrypt audit, which focused upon the implementation of TrueCrypt's security and privacy guarantees.

Episode 503 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 504 - Leo and I catch up with the most interesting and significant security and privacy news of the week. Then we take a close look at what's known of the mechanisms China has developed - both filtering and offensive weaponry - to provide for their censorship needs and to potentially attack external Internet targets.

Episode 505 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 506 - Leo and I catch up with the past week's most interesting security events and cover some miscellaneous tidbits. We then examine the carefully written testimony of two leading computer scientists who argue against the feasibility of incorporating encryption backdoors into commercial mobile and other device technologies.

Episode 507 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 508 - After catching up with a busy week of security news, Leo and I take a close look at the surprisingly weak and insecure technology used for today's modern automotive keyless entry and engine start systems. We show how easily it may be bypassed… perhaps for as little as $17 on eBay.

Episode 509 - After covering the week's most significant security news, Leo and I closely examine the week's most significant news, a major new vulnerability in the Internet's TLS protocol known as “Logjam.”

Episode 510 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 511 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 512 - Leo and I discuss the week's most interesting recent security events and a bit of miscellany. Then we examine the revelations about the current state of Internet user tracking arising from Mozilla's Firefox tracking protection instrumentation.

Episode 513 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 514 - After catching up with a lot of interesting security news, Father Robert and I take a look at recent research into improving the privacy delivered to users of the Tor network. Our conclusions are somewhat distressing.

Episode 515 - So much happened in the security and privacy worlds this past week that it will be everything Father Robert and I can do just to cover and discuss it all during a single podcast. So this is one of our pure news coverage and catch-up episodes. I'm sure it's going to be a blast!

Episode 516 - Security and privacy-related news keeps coming! So this week Father Robert and I will cover the past week's many interesting events. Then we revisit the much evolved and nearly finalized SQRL protocol to see how it has grown and matured during the 92 weeks since I first disclosed its concept during Podcast 424 with Tom.

Episode 517 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 518 - August’s annual DefCon and Black Hat conferences never fail to surprise, worry, and entertain. This year is no different. Though still two weeks off, reports of interesting security troubles are beginning to surface. This week Leo and I examine the week’s news and take a close look at a topic the Internet press got completely wrong: HORNET, a new design for an Internet Anonymity network.

Episode 519 - While Leo and I await the revelations from the ongoing annual Black Hat and DefCon conferences, the fallout from which we will doubtless be dissecting during upcoming weeks, we keep current with other security news and events. We then examine the change of philosophy embodied by Microsoft's Windows 10 and its many controversial spying “features.”

Episode 520 - Leo and I catch up on a busy week of security news, and then we follow my ongoing search for a low-hassle solution for safely browsing the danger-filled World Wide Web.

Episode 521 - Leo and I catch up on another in a series of very busy weeks of security news. Then we discuss several recently written commentaries about the distressing state of online web advertising.

Episode 522 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 523 - Leo and I catch up with the week's major security events. We then examine the ecosystem of web page advertising by comparing it to other “opportunistic advertising” such as that appearing on public transportation, highway billboards, broadcast television commercials and other public venues - which consumers have no obligation to consume. I eschew the implication that visitors to a web page have an obligation to retrieve third-party content, over which the website has little or no control, which consumes bandwidth, reduces online privacy, hinders performance, and potentially exposes visitors to malicious exploitation. And I believe this remains true even when a visitor's retrieval of such despicable third-party content would generate much-needed revenue for the visited site. Finally, I review the many operational features of uBlock Origin, my chosen HTML firewall, which effectively returns control to web users.

Episode 524 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 525 - Leo and I cover a relatively small bit of news of the week, including dispelling an unwarranted concern about LastPass being hacked. Then we converse with Patrick Jackson, co-founder and chief technology officer (CTO) of Disconnect, about his company's view of the web-tracking industry, its past and probable future.

Episode 526 - Leo and I cover a busy past week of security news, then discuss the first week of iOS mobile web content filtering made possible by Wednesday's release of iOS v9. We take a close look at the initial set of content blocking apps available for iOS and Safari.

Episode 527 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 528 - With many massive Internet data breaches, and a prolific vigilante worm loose on the Internet, Leo and I spend a fun- and fact-filled podcast covering the past week's multitude of news.

Episode 529 - In the wake of the news that LogMeIn is acquiring LastPass, Joe Siegrist, founder and CEO of LastPass, joins us to talk about the acquisition and what he hopes it means for the future of our favorite password manager. We then catch up with the week's news, and share and discuss 10 questions and comments from our listeners.

Episode 530 - This week's podcast is titled “Doing It Wrong” because the week's news happened to include four unrelated examples of companies really getting security wrong. So Leo and I first catch up on the week's other news and miscellany. Then we take a look at four examples of security being done wrong.

Episode 531 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 532 - Leo and I discuss a very busy week of interesting - and somewhat distressing - security and privacy news. Then we explore the fundamental problem with iOS application security enforcement which is going to take Apple some time to resolve.

Episode 533 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 534 - Leo and I discuss a wide range of security news, Steve's feelings about the new iPad Pro, and lots of interesting bits of miscellany. We then revisit the newly controversial question of Internet encryption which has been raised with great emphasis after last week's terrorist attacks in Paris.

Episode 535 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 536 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 537 - This first week of December brought us the early Christmas present of an amazing amount of interesting and important news. This entire episode is chockful of reports and discussion of everything that has happened during the past busy week in security and privacy.

Episode 538 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

Episode 539 - Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.

security_now_2015.txt · Last modified: 2016/12/10 23:37 by briancarnell