| Security Now! |
| Security Now! 42: NAT Traversal - sponsored by Astaro Corp. | |
| Security Now 42: NAT Traversal Steve explains the clever technique that programs like Skype use to get around NAT routers. For 16kpbs versions, transcripts, and notes, visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. 
Security Now is brought to you by Astaro Internet Security. Running time: 34:55 |
| Security Now! 41: Truecrypt - sponsored by Astaro Corp. | |
| Security Now 41: Truecrypt The ultimate encryption program, free, open source, strong, and flexible: Truecrypt. For 16kpbs versions, transcripts, and notes, visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Security Now is brought to you by Astaro Internet Security. Running time: 40:28 |
| Security Now! 40: Listener Q&A 7 - sponsored by Astaro Corp. | |
| Security Now 40: Listener Q&A 7 - May 17, 2006 As he does every fourth episode, Steve answers your questions. But first, an update on some recent security news... - Apple releases a huge number of security fixes for OS X
- RealVNC announces a patch for a serious security flaw
- The debate over privacy in the Whois database
- using No Script to lock down Firefox
- breaching security by modifying the HOSTS file
Steve also answers questions about home made SSL certificates, President Bush's tamper-proof ID cards, fooling keyloggers, the integrity of MD5 hashes and salting, why don't stacks go down in memory instead of up, Skype security, protecting data on a laptop using TrueCrypt, getting PGP free from GNUpg, is Skype P2P?, is open source more secure than closed source, and the recent move to force ISPs to log all traffic. For 16kpbs versions, transcripts, and notes, visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Security Now is brought to you by Astaro Internet Security. Running time: 1:10:50 |
| Security Now! 39: Buffer Overflows - sponsored by Astaro Corp. | |
| Security Now 39 for May 11, 2006: Buffer Overflows They're the most common kind of security flaw, but what are they and how do they happen? Finally, how can we protect ourselves from them? Running time: 49:49
Security Now is brought to you by Astaro Internet Security. |
| Security Now! 38: Browser Security - sponsored by Astaro Corp. | |
| Security Now 38: Browser Security - 4 May 2006 Why is Internet Explorer so insecure? What can you do to secure it? And why is it so hard to make a secure browser? Steve talks about security policy vs. browser flaws, how he uses IE safely, and why Java and Javascript are inherently more secure than ActiveScript and ActiveX. Running time: 37:11
Security Now is brought to you by Astaro Internet Security. |
| Security Now! 37: Primes and Certificates - Sponsored by Astaro Corp. | |
| Security Now for 27 April 2006 - Episode 37: Primes and Certificates We wrap up our talk about cryptography with a discussion of prime number generation, key recovery, and digital certificates. Running time: 34:55
Security Now is brought to you by Astaro Internet Security. |
| Security Now! 36: One Dozen Questions sponsored by Astaro Corp. | |
| As usual on episode numbers divisible by four, Steve answers listener questions. Next week: applied crypto. Running time: 55:46
Security Now is brought to you by Astaro Internet Security. |
| Security Now! 35: Cryptographic Hashes - sponsored by Astaro Corp. | |
| Security Now for 13 April 2006 - Episode 35: Cryptographic Hashes Steve talks about how cryptographic hashes work and are used to verify the integrity of files and email. We talk about email signing and recommend the Gnu Privacy Guard. Running time: 34:05 |
| Security Now! 34: Public Key Cryptography sponsored by Astaro Corp. | |
| This week Steve explains how public key cryptography works, and we welcome our new sponsor, Astaro! Thanks so much for the support guys. Running time: 37:07
Security Now is brought to you by Astaro Internet Security. |
| Security Now! 33: Symmetric Block Ciphers | |
Part three of Steve's series on cryptography coverts Symmetric Block Ciphers. Running time: 43:15 |
| Security Now! 32: Q&A | |
Steve answers your questions on this episode: - Why is DRM so easy to crack when public key crypto is so tough?
- Should I disable my laptop's wi-fi card when I'm not using it?
- Why does GMail keep me logged in?
- Security issues with PPTP
- Using distributed processing to crack encryption
- The Bogon address space and what to do about it
- The security of hotel LANs
- Preventing ARP poisoning
- How spyware uses Microsoft's Layered Service Provider to sneak onto your machine
- What to do when an ISP doesn't give you a public IP address
- Are all machines hackable?
And he offers our first Security Now! stumper. Running time: 54:47 |
| Security Now! 31: Crypto 102 | |
| This week Steve continues his discussion of crypto with a look at secret decoder rings and one-time pads. Running time: 52:36 |
| Security Now! 30: Crypto Issues | |
We begin a four part series on cryptography with a look at how cryptography is used and the difficult issues strong crypto raises. Running time: 40:24 |
| Security Now! 29: Ethernet Insecurity | |
| This week Steve tackles security issues inherent to Ethernet, including ARP spoofing. Programs mentioned on this show include: For more information on ARP poisoning, visit grc.com Running time: 52:14 |
| Security Now! 28: Your Questions, Steve's Answers | |
Steve answers your questions on this episide. With further clarification on VPN security, Hamachi, and the answer to the eternal question, which operating system is the most secure. Running time: 40:24 |
| Security Now! 27: How LANs Work Pt. 1 | |
| Steve continues to lay a foundation on understanding networking. This week, part one of how LANs work. We cover DHCP, Subnet Masks, Routers, and hubs. We'll conclude with part two on episode 29. Running time: 37:04 |
| Security Now! 26: How the Internet Works, Pt. 2 | |
| Steve finishes his discussion of basic Internet technologies. This and the previous podcast will provide the foundation for future podcasts. |
| Security Now! 25: How the Internet Works, Pt. 1 | |
| Steve talks about the Kama Sutra virus, scheduled to strike tomorrow, and PC World's anti-virus roundup. Then we delve into How the Internet Works, part 1. We'll wrap things up next week. Running time: 49:03 |
| Security Now! 24: Questions and Answers | |
| Our monthly question and answer session with Steve Gibson. Steve also hosts transcripts, show notes, and a 16kbps version of the show for the bandwidth impaired at grc.com. Running time: 40:23 |
| Security Now! 23: Mousetrap | |
| Steve Gibson with the final word on the Windows Metafile (WMF) vulnerability, and a new program he's written to detect it in all versions of Windows. It's now pretty clear that the ability to execute code in WMF graphics files was intentional - but we may never know why it's there. Steve wraps up the subject, lays a few myths to rest, explains why Windows 95/98/Me are not vulnerable, and offers a tool to detect the hole in all versions of Windows, including the WINE emulator for Linux. Download your free copy of GRC's Mousetrap from grc.com. Steve also hosts transcripts, show notes, and a 16kbps version of the show for the bandwidth impaired at grc.com. Running time: 29:08 |
| Security Now! 22: The WMF Backdoor | |
| Flash: Steve Gibson has been working with the WMF vulnerability and is now convinced that this is an intentional backdoor into Windows added by Microsoft. Yes, Microsoft has patched the WMF vulnerability in Windows 2000 and XP, but in his research for a fix for Windows 95/98/Me Steve has come up with a blockbuster. It is his considered opinion that the WMF vulnerability could not have been a mistake. It was an intentional backdoor inserted into Windows by Microsoft for reasons unknown. Listen for details. Running time: 39:19 |
| Security Now! 21: Ilfak Guilanov | |
| Steve Gibson covers the worst Windows vulnerability yet and interviews the author of the first patch, Ilfak Guilanov. As we've told you in the past two editions of Security Now! there's a very serious security flaw in all versions of Windows. This hole takes advantage of poor design choice in the Windows metafile interpreter and can be exploited by a malicious web site or by email attachments. There are hundreds of malicious sites out there right now that take advantage of this vulnerability. Microsoft pushed a fix for Windows XP and 2000 today - so run Windows update. There is no fix yet for Windows 95/98/Me but Steve has committed to writing one if it appears to be necessary. In this episode we talk about the vulnerability and interview the creator of the first patch for it, Ilfak Guilanov. According to Steve's analysis, Microsoft is using Ilfak's technique in its own patch. For more details visit grc.com. Running time: 27:06 |
| Security Now! Special Edition: WMF Vulnerability Update | |
| Malicious web sites and malware taking advantage of the Windows metafile flaw are now rampant on the net. All versions of Windows are affected, but Windows 2000 and XP users can download a special fix from Ilfak Guilfanov. Steve recommends downloading and installing this fix as soon as possible. WMF Fix Steve also hosts transcripts, show notes, and a 16kbps version of the show for the bandwidth impaired at grc.com. Running time: 11:07 |
| Security Now! Episode 20: QandA | |
| This week your questions and Steve's answers. But first, notice of a very serious security flaw in all versions of Windows. This hole takes advantage of a flaw in the Windows metafile interpreter and can be propogated by a malicious web site or by email attachments. Despite the fac t that the hole was discovered only yesterday, there are already numerous web sites trying to take advantage of it. There's no patch yet from Microsoft, but fortunately the fix is very easy. Steve documents it at grc.com. On this show we discuss: - Logging into secure sites
- Hamachi troubles
- Getting WPA security on old wi-fi equipment
- Securing Windows Remote Desktop
- The unreliabilty of fingerprint scanners
- Using Gmail on a public network
- NAT routers vs hardware firewalls
- Speed issues with VPN
- Removing the Sony rootkit
- ISPs that only offer private IP addresses
- SSID hiding and why it doesn't work
- Port knocking as a form of security
Steve also hosts transcripts, show notes, and a 16kbps version of the show for the bandwidth impaired at grc.com. Running time: 52:49 |
