Security Now!
From Wikipedia, the free encyclopedia
| Security Now! | |
 |
|
| Hosting | Leo Laporte Steve Gibson |
|---|---|
| Language | English |
 RSS |
MP3 Feed |
| Updates | Weekly |
| Audio format | MP3 |
| Debut | August 19, 2005 |
| Genre | Computer Security |
| Website | http://www.twit.tv/SN |
Security Now! is a weekly podcast hosted by Leo Laporte and Steve Gibson. It is part of the TWiT.tv network. The first episode was released on 19 August 2005.
Released each Thursday, Security Now! consists of a discussion between Gibson and Laporte of issues of computer security and, conversely, insecurity. Covered topics have included security vulnerabilities, firewalls, password security, spyware, rootkits, Wi-Fi, virtual private networks (VPNs), and virtualization. The intro theme was composed by Jamie Diamond of The MediaRight Group and the closing theme was made by Mark Blasco at podcastthemes.com
Contents |
[edit] Podcast feed
Security Now! is distributed via its main podcast RSS feed 
(link) and on the GRC Security Now! page.[1] The audio is encoded as 64 kilobit per second MP3 files, with lower quality (16 kbit/s) versions available for listeners on low bandwidth connections (such as dial-up) or those with limited storage space.
[edit] Show format
The podcast runs for approximately 1 hour, with the actual discussion of the subject of the podcast typically starting 20 minutes into the show. The first 20 minutes being spent on general chat, security news, sponsors and reading out letters and e-mails praising Steve's disk recovery product SpinRite, although the latter is not an official sponsor of the show and its dominance in the show has been criticized.[2]
[edit] Additional content
As part of GRC's section on the podcast, supplementary notes and transcripts of each show are available in plain text and PDF formats.
[edit] Listener feedback
Beginning from episode 16, every fourth episode (referred to as "mod 4 episodes" or "mod 4 equals 0 episodes") has been devoted to answering questions and responding to feedback provided by Security Now! listeners. The GRC web page has a feedback form allowing listeners to submit their comments and questions. Additionally, the so-called "Mailbag" episodes were added in late July 2007 to "share and discuss the thoughts, comments, and observations of other Security Now! listeners" (referred to as "mod 4 + 2 episodes").[3] The distinction between "mailbag" and listener feedback episodes was removed in episode 108.
[edit] Popularity
In August 2007, Security Now! won in the People's Choice Podcast Awards Technology/Science category. In August 2006, Security Now! ranked fourth in the "Top 40" of all podcasts listened to via the PodNova service.[4] Security Now! averaged around 100,000 downloads per episode throughout 2006.[5][6]
[edit] Episode list
Episode list
| Episode | Date | Episode name | Discussed |
|---|---|---|---|
| 1 | 19 August 2005 | As the Worm Turns | Zotob, one of the first worms of 2005. |
| 2 | 25 August 2005 | HoneyMonkeys | Microsoft's Strider HoneyMonkey research project to find malicious and phishing web sites. |
| 3 | 1 September 2005 | NAT Routers as Firewalls | Network address translation routers and how they can act as firewalls. |
| 4 | 8 September 2005 | Personal Password Policy | Various ways of creating and using a personal password "algorithm" for Internet web sites. |
| 5 | 15 September 2005 | Personal Password Policy — Part 2 | A wrap-up of the password topic with answers to listeners' questions. |
| 6 | 22 September 2005 | Mechanical and Electromagnetic Information Leakage | How researchers at UC Berkeley were able to recover text typed at a keyboard through the sound made by the keys, and how CRT emissions can be used to snoop on users. [1] |
| 7 | 29 September 2005 | "SPYaWAREness" | How and why Steve Gibson wrote one of the first spyware removal tools. |
| 8 | 6 October 2005 | Denial of Service Attacks | How denial-of-service attacks are being used not only against large corporate sites but the average computer user also. |
| 9 | 13 October 2005 | Rootkits | Rootkits, their use, detection and removal. |
| 10 | 20 October 2005 | Open Wireless Access Points | The privacy and security concerns of "open" wireless access points. |
| 11 | 27 October 2005 | Bad Wi-Fi Security | Some of the less secure Wi-Fi security methods, including WEP and MAC address filtering. |
| 12 | 3 November 2005 | Sony's "Rootkit Technology" | Sony's XCP, the technology behind the 2005 Sony BMG CD copy protection scandal. |
| 13 | 10 November 2005 | Unbreakable Wi-Fi Security | Wi-Fi Protected Access encryption on wireless networks and the various flavours of it. |
| 14 | 17 November 2005 | Virtual Private Networks — Theory | The reasoning behind virtual private networks and how they can offer security for the average user. |
| 15 | 24 November 2005 | Virtual Private Networks — Secure Tunneling Solutions | SSL and SSH used in conjunction with virtual private networks. |
| 16 | 1 December 2005 | Listener Q&A #1 | Answers to questions sent in by Security Now! listeners. |
| 17 | 10 December 2005 | PPTP and IPSec VPN Technology | Earlier VPN protocols and some of the difficulties in applying them. |
| 18 | 15 December 2005 | Hamachi Rocks! | Hamachi — a zero-configuration VPN system. |
| 19 | 22 December 2005 | VPNs — Part 3 | Hamachi, iPIG and OpenVPN systems compared. |
| 20 | 29 December 2005 | Listener Q&A #2 | Listener questions and the first word on the Windows Metafile vulnerability. |
| - | 1 January 2006 | WMF special edition | A special short edition concerning the WMF vulnerability and a temporary hot-fix by software developer Ilfak Guilfanov. |
| 21 | 5 January 2006 | The Windows Metafile vulnerability | Ilfak Guilfanov who makes a guest appearance and the impact of the WMF vulnerability. |
| 22 | 12 January 2006 | The Windows Metafile backdoor? | Steve Gibson raises his concerns that the WMF vulnerability could be a backdoor inserted deliberately by Microsoft. |
| 23 | 19 January 2006 | GRC's MouseTrap | Steve Gibson's MouseTrap utility to test Windows computers for the WMF vulnerability [2]. |
| 24 | 26 January 2006 | Listener Q&A #3 | — |
| 25 | 2 February 2006 | How the Internet Works — Part 1 | The fundamental technology behind the Internet. |
| 26 | 9 February 2006 | How the Internet Works — Part 2 | The two main data protocols of the Internet: UDP and TCP. |
| 27 | 16 February 2006 | How LANs Work — Part 1 | The operation of local area networks. |
| 28 | 23 February 2006 | Listener Q&A #4 | — |
| 29 | 2 March 2006 | Ethernet Insecurity | The flaws in Ethernet security and the phenomenon of ARP cache poisoning [3]. |
| 30 | 9 March 2006 | Cryptographic Issues | The social and ethical implications of cryptography. |
| 31 | 16 March 2006 | Symmetric Stream Ciphers | The use and security behind stream ciphers and early decoder rings. |
| 32 | 23 March 2006 | Listener Q&A #5 | — |
| 33 | 30 March 2006 | Symmetric Block Ciphers | The fundamentals of symmetric block ciphers. |
| 34 | 6 April 2006 | Public Key Cryptography | Public key cryptography such as the Diffie-Hellman key exchange and RSA. |
| 35 | 13 April 2006 | Cryptographic Hashes | How cryptographic hashes work and are used to verify the integrity of files and email. |
| 36 | 20 April 2006 | Listener Q&A #6 | — |
| 37 | 27 April 2006 | Primes and Certificates | Prime number generation, key recovery, and digital certificates. |
| 38 | 4 May 2006 | Browser Security | The security of web browsers. |
| 39 | 11 May 2006 | Buffer Overruns | How buffer overruns occur. |
| 40 | 19 May 2006 | Listener Q&A #7 | — |
| 41 | 26 May 2006 | TrueCrypt | Discussion of the open source file encryption program TrueCrypt. |
| 42 | 1 June 2006 | NAT Traversal | Discussion of NAT routers and techniques for P2P programs to traverse them. |
| 43 | 8 June 2006 | Open Ports | Open, closed, and stealth ports |
| 44 | 15 June 2006 | Listener Q&A #8 | — |
| 45 | 22 June 2006 | The Hosts File | The Hosts file, and its use in privacy and spyware applications |
| 46 | 29 June 2006 | Router Logs | Steve discusses whether or not router logs are useful security information. |
| 47 | 6 July 2006 | Internet Weaponry | Denial of Service Attacks and botnets. |
| 48 | 13 July 2006 | Listener Q&A #9 | — |
| 49 | 21 July 2006 | Netstat | Operation and use of netstat. |
| 50 | 28 July 2006 | Intro to Virtualization | Virtual machine technology and its history. |
| 51 | 4 August 2006 | Vista's Virgin Stack | Windows Vista's new network stack. |
| 52 | 11 August 2006 | Security Bulletins | JavaScript exploits, eBay gaming and Hamachi's sale to LogMeIn |
| 53 | 17 August 2006 | VMware | VMware Player and its Virtual Machine "appliances"; use of virtualization for sandboxing |
| 54 | 24 August 2006 | Blue Pill | "Blue Pill" rootkit that takes advantage of next generation virtualization hardware support and is "completely undetectable". |
| 55 | 31 August 2006 | Application Sandboxes | Lighter programs for virtualization, with focus on semi freeware-semi nagware ("just" one nag once a month) and crippleware (some "extra" features can be unlocked by paying) (Sandboxie. [4] |
| 56 | 7 September 2006 | Listener Q&A #10 | — |
| 57 | 14 September 2006 | Virtual PC versus VMware | Virtual PC review and why Steve thinks VMware is superior. |
| 58 | 21 September 2006 | Two New Critical Windows Problems | Vulnerability in Vector Markup Language for IE and Windows 2000 NTFS file corruption bug. |
| 59 | 28 September 2006 | Parallels | Steve and Leo closely examine the commercial multiplatform virtual machine offerings from Parallels, comparing them to VMware and Virtual PC. |
| 60 | 5 October 2006 | Listener Q&A #11 | — |
| 61 | 12 October 2006 | ISP Privacy and Security | Two new Zero day attack Internet Explorer vulnerabilities and the exploration of commonly expressed privacy and security concerns presented by the need to trust Internet Service Providers. |
| 62 | 19 October 2006 | Internet Proxies | The entire range of applications for Internet proxies and proxy servers, as well as both the benefits and the potential security and privacy liabilities created by filtering and caching web and other Internet content. |
| 63 | 26 October 2006 | MojoPac | MojoPac from RingCube Technologies. Steve tells all about what he found and what he believes it means now and in the future. |
| 64 | 2 November 2006 | Listener Feedback Q&A #12 | — |
| 65 | 9 November 2006 | Why Is Security So Difficult? | Leo and Steve discuss the difficulties of securing Windows. |
| 66 | 16 November 2006 | Windows Vista Security | The new security features Microsoft has designed and built into their new version of Windows, Vista. |
| 67 | 23 November 2006 | Kernel Patch Protection | Vista's Kernel Patch Protection (aka PatchGuard), its limitations, benefits, and real purpose. |
| 68 | 30 November 2006 | Listener Feedback Q&A #13 | — |
| 69 | 7 December 2006 | Internet Anonymity | Is there such a thing as anonymity on the Internet? How important is it? |
| 70 | 14 December 2006 | Freenet and TOR | Two interesting implementations of Internet anonymization: The Freenet Project for anonymously storing and transmitting files, and Tor, "the onion router" which can anonymise Internet traffic. |
| 71 | 21 December 2006 | SecurAble | SecurAble, Steve's latest freeware for analyzing processor support for x86-64, the NX bit and hardware virtualization. |
| 72 | 28 December 2006 | Listener Feedback Q&A #14 | — |
| 73 | 4 January 2007 | Digital Rights Management | The history of digital rights management and the technologies used to enforce it. |
| 74 | 11 January 2007 | Peter Gutmann on Vista DRM | Peter Gutmann is a guest to discuss the Advanced Access Content System for protecting high-definition content in Windows Vista. |
| 75 | 16 January 2007 | Vista DRM | Premium content protection features in Windows Vista. |
| 76 | 23 January 2007 | Listener Feedback Q&A #15 | — |
| 77 | 1 February 2007 | Microsoft Responds | Microsoft's response to Peter Gutmann's paper on Windows Vista's digital rights management. |
| 78 | 8 February 2007 | Hardware DEP | How hardware data execution protection works, how to turn it on, and the possible pitfalls of using it. |
| 79 | 15 February 2007 | Spambots | An explanation of how spambots work, and how one can ascertain the original source of spam. |
| 80 | 22 February 2007 | Listener Feedback Q&A #16 | — |
| 81 | 1 March 2007 | Hard Drive Unreliability | A discussion of the distressing results and implications of two recent very large studies of hard drive field failures. |
| 82 | 8 March 2007 | Cyber Warfare | A discussion of the interesting topic of state-sponsored Cyber Warfare. |
| 83 | 15 March 2007 | Vista's UAC | A closer look at Windows Vista's User Account Control. |
| 84 | 22 March 2007 | Listener Feedback Q&A #17 | — |
| 85 | 29 March 2007 | Cross Site Scripting and Jikto | A discussion of Jikto and the cross-site scripting flaws it looks for. |
| 85A | 2 April 2007 | Special Edition: The Animated Cursor Vulnerability | Special edition to warn and inform listeners of a serious zero-day exploit that affects NT, XP, and Vista - even if fully patched. |
| 86 | 5 April 2007 | Cross Site Scripting Part II | Updates on the Animated Cursor Vulnerability, a recommendation for security software from eEye, and how the Sony Reader works, plus an in depth discussion of scripting vulnerabilities. |
| 87 | 13 April 2007 | SQL Injections | Another common attack vector in web software is the SQL injection. Steve explains what it is and how it happens. |
| 88 | 19 April 2007 | Listener Feedback Q&A #18 | — |
| 89 | 26 April 2007 | WEP Insecurity | An in depth look at the latest security problems regarding WEP. |
| 90 | 3 May 2007 | Multifactor Authentication | Steve explains Multifactor Authentication. |
| 91 | 10 May 2007 | Marc Maiffret of eEye Digital Security | Windows and Mac security, the coming threat from web applications and Blink. |
| 92 | 17 May 2007 | Listener Feedback Q&A #19 | — |
| 93 | 24 May 2007 | Software Patents | Steve and Leo discuss Software Patents. |
| 94 | 31 May 2007 | The Fourth Factor | The fourth factor of Multifactor Authentication. |
| 95 | 8 June 2007 | Open ID | Open ID, how it works and what it means to you. |
| 96 | 14 June 2007 | Listener Feedback Q&A #20 | — |
| 97 | 22 June 2007 | Operation Bot Roast | The FBI says it has uncovered its findings from Operation Bot Roast. |
| 98 | 28 June 2007 | Internet Identity Metasystems | Discussion of authentication with a look at Internet identity metasystems. |
| 99 | 5 July 2007 | Trusted Platform Module (TPM) | The Trusted Platform Module - a hardware solution to security now shipping on many computers. |
| 100 | 13 July 2007 | Listener Feedback Q&A #21 | — |
| 101 | 19 July 2007 | Are You Human? | Differentiating humans and automated clients using CAPTCHA. |
| 102 | 26 July 2007 | Listener Mailbag #1 | — |
| 103 | 3 August 2007 | PayPal Security Key | Interview with Michael Vergara, PayPal's Director of Account Protections. |
| 104 | 9 August 2007 | Listener Feedback Q&A #22 | — |
| 105 | 17 August 2007 | Leak Test | What Leak Tests are and how they are used. |
| 106 | 23 August 2007 | Listener Mailbag #2 | — |
| 107 | 30 August 2007 | PIP and More Perfect Passwords | VeriSign's Personal Identity Provider beta and The New Perfect Passwords page. |
| 108 | 7 September 2007 | Listener Feedback #23 | — |
| 109 | 14 September 2007 | Steve's E-Commerce | Steve talks about his E-Commerce system, and the behind-the-scenes workings. |
| 110 | 20 September 2007 | Listener Feedback #24 | — |
| 111 | 27 September 2007 | OpenID Precautions | Steve and Leo discuss the problems and concerns surrounding OpenID. |
| 112 | 5 October 2007 | Listener Feedback #25 | — |
| 113 | 12 October 2007 | Roaming Authentication | Discussion of Steve's authentication system for employees of GRC. |
| 114 | 18 October 2007 | Listener Feedback #26 | — |
| 115 | 25 October 2007 | Perfect Paper Passwords | Further discussion of Steve's authentication system for employees of GRC. |
| 116 | 1 November 2007 | Listener Feedback #27 | — |
| 117 | 8 November 2007 | Even More Perfect Paper Passwords | Further discussion of Steve's authentication system for employees of GRC. |
| 118 | 15 November 2007 | Listener Feedback #28 | — |
| 119 | 22 November 2007 | Third Party Cookies | Discussion of the security implications of third-party cookies. |
| 120 | 29 November 2007 | Listener Feedback #29 | — |
| 121 | 6 December 2007 | Is Privacy Dead? | Steve and Leo discuss internet privacy. |
| 122 | 13 December 2007 | Listener Feedback #30 | — |
| 123 | 20 December 2007 | JungleDisk | Interview with Dave Wright of JungleDisk, an application to interface with Amazon S3. |
| 124 | 27 December 2007 | Listener Feedback #31 | — |
| 125 | 3 January 2008 | Symmetric Ciphers | Steve describes the Rijndael symmetric-key algorithm in detail. |
| 126 | 10 January 2008 | Listener Feedback #32 | — |
| 127 | 17 January 2008 | Corporate Security | A discussion of the challenges of IT security in the enterprise. |
| 128 | 24 January 2008 | Listener Feedback #33 | — |
| 129 | 31 January 2008 | Windows SteadyState | Discussion of Windows SteadyState, a tool that gives administrators enhanced options for configuring shared computers. |
| 130 | 7 February 2008 | Listener Feedback #34 | — |
| 131 | 14 February 2008 | Free CompuSec | Discussion of Free CompuSec, a free full disk encryption system. |
| 132 | 21 February 2008 | Listener Feedback #35 | — |
| 133 | 28 February 2008 | TrueCrypt v5.0 | Steve details the increased functionality of TrueCrypt v5.0. |
| 134 | 6 March 2008 | Listener Feedback #36 | — |
| 135 | 13 March 2008 | IronKey | Interview with David Jevans, CEO and founder of IronKey about the security-hardened IronKey USB storage device. |
| 136 | 20 March 2008 | Listener Feedback #37 | — |
[edit] Windows Metafile vulnerability claims
In episode 22 of Security Now! in January 2006, Steve Gibson made an accusation[7] that Microsoft may have intentionally put a backdoor into the Windows Metafile processing code of the Windows 2000 and XP operating systems.
Gibson claimed that while reverse engineering the Windows Metafile format, he could only run arbitrary code if he used a "nonsensical" value in the metafile. His conclusion was that Microsoft had intentionally designed Windows in this way to allow them to use the feature as a backdoor to running code on Windows computers without the knowledge of the user.
Gibson's claim was refuted[8] by Stephen Toulouse of Microsoft in an MSDN blog posting on 13 January 2006, stating that Gibson's observations applied only to metafiles containing one data record, and that the behavior was not intentional. Gibson the apologized for the mistake, but held that the vulnerability still could not have been a coding error.
- Further information: Windows Metafile vulnerability and Transcript of episode 22 of Security Now!
[edit] References
- ^ Steve Gibson. Security Now! website. Retrieved on 2007-08-18.
- ^ Steve Gibson mentioning SpinRite criticism.
- ^ Steve Gibson with Leo Laporte. First Mailbag Episode. Retrieved on 2007-08-03. “Security Now!: 102”
- ^ PodNova Top 40. PodNova (8 2006). Retrieved on 2007-01-12. “4. Security Now!”
- ^ Leo Laporte (2006-07-19). June Numbers. Leo Laporte's blog. TWiT.tv. Retrieved on 2007-01-12. “Security Now: 103,034”
- ^ Leo Laporte (2006-11-21). October Numbers. Leo Laporte's blog. TWiT.tv. Retrieved on 2007-01-12. “Security Now 61: 99,751”
- ^ Steve Gibson; Leo Laporte (January, 2006). Security Now!, Transcript of Episode #22. Security Now! podcast. Retrieved on March 18, 2006.
- ^ Stephen Toulouse (January, 2006). Looking at the WMF issue, how did it get there?. Microsoft Security Response Center Blog. MSDN TechNet Blogs. Retrieved on March 18, 2006.
[edit] External links
- Security Now! at twit.tv
- Security Now! page at grc.com
- Security Now! RSS feed at leoville.tv
- Security Now! available episodes at PodNova.com
|
|||||||||||
