SERIES: Security Now!
DATE: November 15, 2007
TITLE: Listener Feedback 28
SPEAKERS: Steve Gibson & Leo Laporte
SOURCE FILE: http://media.GRC.com/sn/SN-118.mp3
FILE ARCHIVE: http://www.GRC.com/securitynow.htm
DESCRIPTION: Steve and Leo discuss questions asked by listeners of their previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world “application notes” for any of the security technologies and issues they have previously discussed.
INTRO: Netcasts you love, from people you trust. This is TWiT.
LEO LAPORTE: Bandwidth for Security Now! is provided by AOL Radio at AOL.com/podcasting.
This is Security Now! with Steve Gibson, Episode 118 for November 15, 2007: Your questions, Steve's answers. This show, and the entire TWiT broadcast network, is brought to you by donations from listeners like you. Thanks.
Time for Security Now!, Leo Laporte here. Steve Gibson is in Irvine, and we are ready to talk about protecting yourself online. Hey, Steve.
STEVE GIBSON: Hey, Leo, great to be back with you again.
LEO: Little disappointed because I had high hopes that we could use this new iChat client that's supposed to use a really high-quality codec. But we're still using Skype because Skype works. And iChat did not. I mean, it worked, but it was awful.
STEVE: Yeah, and we really, you know, we actually spend a lot of time dialing Skype in over time. And I think maybe if we had given iChat some more time, I mean, for example, I don't know anything about it relative to relaying and passing through our firewalls and all that. I've got static ports mapped for Skype and so forth, so…
LEO: Yeah, we didn't do any port forwarding. So maybe that would help. But still. You know, AAC-LD, the codec they're using, or purportedly using, is the same one I use for the radio show. It's a very high-quality codec, designed for - LD stands for Load Delay. It's designed for latent networks, but…
STEVE: Hey, you know, we didn't set any changes or specify the codec. Is it just changed globally?
LEO: Yeah, maybe - I'll do some research. Because, you know, Amber and I want to use it, for not just audio but also for video. So I'll have to see if we can figure out how to get it working. There's other stuff we might try down the road, too. We're always looking for other ways. Skype's been so good, though, it's hard to beat Skype.
LEO: Congratulations, by the way, you're now on the Zune.
STEVE: On the who, what, what?
LEO: On the Zune. You've heard of that, have you? It's a Microsoft product.
STEVE: It's that brown thing, isn't it?
LEO: Yeah, well, now they also have khaki green, army green, and some other colors. The Zune…
STEVE: Get a clue.
LEO: Well, it's a little better. The new Zunes actually look like only one-generation-old [indiscernible]. So that's not, you know, they're getting close. But the thing, and I won't be flip about this because I really am excited about it, they are supporting podcasts finally, natively. I mean, there's podcasts right on the front menu. The Zune Marketplace now has a podcast page, makes it easy to subscribe. And if you go, if you are a Zune - own the new Zune, or if you've updated your old Zune, and you go to our Security Now! page at TWiT.tv and check the subscribe links, you can now subscribe via the Zune Marketplace. You just select Zune from your list. So I'm just, you know why I'm excited about it, with a big company like Microsoft behind podcasts - Yahoo! has dropped out, Odeo's dropped out, PodNova's dropped out, iPodX has dropped out…
STEVE: Whoa, whoa, they have?
LEO: All of these people are gone.
LEO: And so, frankly, it's an iTunes world. And while I'm thrilled that at least somebody still supports podcasts, it's great to have another player in there, and a big one. Now all they have to do is sell some Zunes.
STEVE: Well, that would be good. And of course it's also good just in general from a standpoint of increasing the potential listener base. I mean, you know…
LEO: Well, that's exactly my point. I mean, we're frozen now. You know, we…
STEVE: Yeah. When you first mentioned to me, what, two and a half years ago, more than that I guess now, coming up on three years, you said, hey, Steve, how about doing a weekly podcast? I said, a what cast? Literally, I had never heard the term.
LEO: People still say a what cast, and that's the problem. I don't have an iPod, they say. So but, you know, we grew very quickly. You're the number two podcast on the network, right after This Week in Tech. And it's, you know, obviously still very popular. But it hasn't grown much in the last few months, and it concerns me. And I think that that's really that we've just saturated the iTunes listeners. And I think particularly for this and Windows Weekly, which are really more Windows-centric, it will really help to have Microsoft in our ballpark. So anyway, thank you, Microsoft. We also have a Microsoft update.
STEVE: Oh, boy.
LEO: A no thank you, Microsoft.
STEVE: I was just going to say, yes, and being a security podcast, you know, being tied in with Microsoft, you know, makes some sense here. Yesterday on - or, I'm sorry, day before yesterday, on Tuesday was the standard second Tuesday of the month update. And I wanted just to bring to everyone's attention that this one is really important. It's regarded as not even just critical, but highly critical.
LEO: Oh, boy.
STEVE: This is something they've been working on for a couple of months, and it's actually a vulnerability which, refreshingly, does not involve Vista this time.
LEO: So Vista is not impacted. Because I noticed I didn't get the download on my Vista machine.
LEO: By the way, there's a great - if you're using Firefox, there's a great extension called “Customize Google” that allows you to set that to be always the case, that it's always https, so you don't even have to worry about the bookmark. It just always uses https, which is one of the very good reasons to use it. All right. I deleted cookies on this new browser, and it doesn't know who I am anymore.
STEVE: Yeah. I really suspect it is cookies.
LEO: Yeah. And I've turned off scripting. So, yeah, it doesn't know who I am, says who are you? And now it's asking me - it says unable - yeah, it's cookies. It's cookies. So he probably didn't delete them all properly or whatever. But at least on my system here it was cookies.
LEO: Well, Steve, we've completed 12 fascinating questions, 12 fascinating answers. I don't know how you do it every time. But thank you, it's really fascinating. I love the Q&A sessions.
STEVE: Well, and our listeners love it. And again, in terms of how I do it, it's just being driven by the questions that we get. We've got lots of smart people who are listening and asking great questions.
LEO: That's why I do talk radio because you know you're talking about what people want to know about. Works really well. Steve Gibson is at GRC.com. That's a great place to go if you want to get Security Now! podcasts in the full version, the full-quality version, or the 16KB version. He's got transcripts, he's got show notes, he's got links to all his good stuff including the PPP page, his security passwords at GRC.com/passwords, and tons of free software including the world-famous ShieldsUP! firewall tester. It's all at GRC.com. And while you're there you might want to take a look at SpinRite, which is without a doubt, as many will tell you, the world's finest hard drive maintenance and recovery solution. GRC.com. You know what we're going to talk about next week yet, Steve?
STEVE: We are, yes, we are finally going to talk about this relationship which is disturbing between PayPal and DoubleClick.
LEO: Oh, you've done some research, eh?
STEVE: As I said, it is very disturbing. Many, many people have said, hey, whatever happened to that, did it fall through the cracks, did it fall through the cracks? Well, no, actually the Perfect Paper Passwords thing happened, and it continued to burn up more time that I expected. But yes, we're going to talk about what it means that you actually get a DoubleClick URL when you try to download the, well, actually from many links over on the PayPal side. We're going to explain the consequences of that.
LEO: I will be listening with great interest, since I use PayPal all the time.
STEVE: I do, too.
LEO: Yeah. Hey, Steve, thanks so much. We'll talk again next week. Is it Thanksgiving next week already?
STEVE: Yeah, next week is Thanksgiving week.
LEO: Oh, my goodness. Are we going to do a show on Thanksgiving?
STEVE: Absolutely, Leo. We're never missing one.
LEO: So after the turkey, make sure you tune in Security Now! Thanksgiving Edition. Thanks to everybody. We give you our thanks for listening and for all the donations which keep this show afloat and the support you've given us. We greatly appreciate all the participation. I'm Leo Laporte with Steve Gibson. Thanks for joining us. We'll see you next time, Steve, on Security Now!.
Copyright © 2007 by Steve Gibson and Leo Laporte. SOME RIGHTS RESERVED. This work is licensed for the good of the Internet Community under the Creative Commons License v2.5. See the following Web page for details: http://creativecommons.org/licenses/by-nc-sa/2.5/.