Security Now
Season 1
TV-G
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Many Professors use Security in Collage courses due to its in depth study of technology.
This series started as audio and later moved to video.
This series started as audio and later moved to video.
Where to Watch Season 1
300 Episodes
- As the Worm Turns — the first Internet worms of 2005
E1As the Worm Turns — the first Internet worms of 2005How a never-disclosed Windows vulnerability was quickly reverse-engineered from the patches to fix it and turned into more than 12 potent and damaging Internet worms in three days. What does this mean for the future of Internet security? - NAT Routers as Firewalls
E3NAT Routers as FirewallsMost people don't think of common NAT routers as hardware firewalls, but ANY NAT router inherently provides terrific security and protection against incoming malicious traffic. Learn how and why this is, and which default settings MUST be changed to lock down the security of your NAT router. - Personal Password Policy (1)
E4Personal Password Policy (1)Everyone who uses web-based services such as eBay, Amazon, and Yahoo, needs to authenticate their identity with passwords. Password quality is important since easily guessable passwords can be easily defeated. Leo and I recap a bit from last week's program, then discuss passwords. We suggest an approach that anyone can use to easily create unbreakable passwords. - Personal Password Policy (2)
E5Personal Password Policy (2)Our previous episode (#4), which discussed personal password policies, generated so much great listener feedback, thoughts, ideas, and reminders about things we didn't mention, that we decided to wrap up this important topic with a final episode to share listeners' ideas and to clarify some things we left unsaid. - Mechanical & Electromagnetic Information Leakage
E6Mechanical & Electromagnetic Information LeakageTriggered by a recent report of three UC Berkeley researchers recovering text typed at a keyboard (any keyboard) after simply listening to ten minutes of typing, Leo and I discuss the weird realm of "alternative information leakage" — from CRT glowing, to radio emissions, to LEDs lamps on the front of network equipment . . . to a microphone listening to anyone typing. - Denial of Service (DoS) Attacks
E8Denial of Service (DoS) AttacksDistributed Denial of Service (DDoS) attacks are occurring with ever-greater frequency every day. Although these damaging attacks are often used to extort high-profile gaming and gambling sites before major gambling events, attacks are also launched against individual users who do something to annoy "zombie fleet masters" while they are online. Some router and firewall vendors claim that their devices prevent DDoS attacks. Is that possible? What can be done to dodge the bullet of a DDoS attack launched against you while you're online? - Rootkits
E9RootkitsThis week we discuss "rootkit technology". We examine what rootkits are, why they have suddenly become a problem, and how that problem is rapidly growing in severity. We also discuss their detection and removal and point listeners to some very effective free rootkit detection solutions. - Open Wireless Access Points
E10Open Wireless Access PointsLeo and I examine the security and privacy considerations of using non-encrypted (i.e. 'Open') wireless access points at home and in public locations. We discuss the various ways of protecting privacy when untrusted strangers can 'sniff' the data traffic flowing to and from your online PC. - Bad WiFi Security (WEP and MAC address filtering)
E11Bad WiFi Security (WEP and MAC address filtering)Leo and I answer some questions arising from last week's episode, then plow into a detailed discussion of the lack of security value of MAC address filtering, the futility of disabling SSID's for security, and the extremely poor security offered by the first-generation WEP encryption system. - Sony's
E12Sony'sLeo and I discuss details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme. This poorly written software unnecessarily employs classic rootkit technology (see episode #9) to hide from its users after installation. It can not be uninstalled easily, it can be easily misused for malicious purposes, and it has been implicated in many repeated BSOD "blue screen of death" PC crashes. - Unbreakable WiFi Security
E13Unbreakable WiFi SecurityLeo and I follow-up on last week's discussion of the Sony Rootkit debacle with the distressing news of "phoning home" (spyware) behavior from the Sony DRM software, and the rootkit's exploitation by a new malicious backdoor Trojan. We then return to complete our discussion of WiFi security, demystifying the many confusing flavors of WPA encryption and presenting several critical MUST DO tips for WPA users. - Virtual Private Networks (VPN): Theory
E14Virtual Private Networks (VPN): TheoryLeo and I first follow-up on the past two episodes, discussing new developments in the continuing Sony Rootkit DRM drama, and clearing up some confusion over the crackability of WPA passphrases. Then, in this first of our two-part series on VPNs, we discuss the theory of VPN connections and tunnels, explaining how they work and why they represent such a terrific solution for anyone who needs security while they're away from home. - VPN Secure Tunneling Solutions
E15VPN Secure Tunneling SolutionsLeo and I discuss the use of SSL and SSH encrypted tunneling for providing privacy and security whenever an insecure local network is being used — such as at an open WiFi hotspot or when using a hotel's network. These solutions are not transparent and tend to be configuration intensive. They also require the use of a "server" of some sort at the user's home or office. This makes these approaches less suitable for casual users, but offers a solution for the more technically inclined road warriors. - Listener feedback Q&A #1
E16Listener feedback Q&A #1Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies we have previously discussed. - PPTP and IPSec VPN Technology
E17PPTP and IPSec VPN TechnologyIn our continuing exploration of VPN technology for protecting network users on networks they don't control, Leo and I discuss the oldest "original" VPN protocols: Industry standard IPSec, and Microsoft's own PPTP and L2TP/IPSec. We examine and explain the trouble with interconnecting Windows machines to third-party VPN routers and examine the many reasons these older technologies are probably not optimal for on-the-go road warriors. - Hamachi Rocks!
E18Hamachi Rocks!This week Leo and I discuss and describe the brand new, ready to emerge from a its long development beta phase, ultra-secure, lightweight, high-performance, highly-polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system known as "Hamachi". After two solid weeks of testing and intense dialog with Hamachi's lead developer and designer, I have fully vetted the system's security architecture and have it running on many of my systems. While I am travelling to Toronto this week, Hamachi is keeping my roaming laptop securely and directly connected to all of my machines back home. Don't miss this one! - VPNs Three: Hamachi, iPig, and OpenVPN
E19VPNs Three: Hamachi, iPig, and OpenVPNLeo and I wrap up our multi-week, in-depth coverage of PC VPN solutions by discussing some aftermath of the zero-configuration Hamachi system; introducing "iPig," a very appealing new zero-configuration VPN contender; and describing the many faces of OpenVPN, the "Swiss army knife" of VPN solutions. - A SERIOUS new Windows vulnerability — and Listener Q&A
E20A SERIOUS new Windows vulnerability — and Listener Q&AOn December 28th a serious new Windows vulnerability has appeared and been immediately exploited by a growing number of malicious web sites to install malware. Many worse viruses and worms are expected soon. We start off discussing this and our show notes provides a quick necesary workaround until Microsoft provides a patch. Then we spend the next 45 minutes answering and discussing interesting listener questions. - The Windows MetaFile (WMF) Vulnerability
E21The Windows MetaFile (WMF) VulnerabilityLeo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular -- and very necessary -- temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond. - The Windows MetaFile Backdoor?
E22The Windows MetaFile Backdoor?Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling. - GRC's
E23GRC'sLeo and I "close the backdoor" on the controversial Windows WMF Metafile image code execution (MICE) vulnerability. We discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware: MouseTrap which determines whether any Windows or Linux/WINE system has 'MICE'. - Listener Feedback Q&A #3
E24Listener Feedback Q&A #3Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed. - Browser SecurityE38
Browser SecurityWhy is Internet Explorer so insecure? What can you do to secure it? And why is it so hard to make a secure browser? Steve talks about security policy vs. browser flaws, how he uses IE safely, and why Java and Javascript are inherently more secure than ActiveScript and ActiveX. - The NETSTAT CommandE49
The NETSTAT CommandHow can you tell what your computer is doing on the net? Netstat. This handy program comes with almost all operating systems. On Windows, click Start, then select Command Prompt from the Programs->Accessories menu. To run Netstat, type netstat at the command prompt. For more readable output type netstat -ab. - Two New Critical Windows ProblemsE58
Two New Critical Windows ProblemsGuest: Eric Sites, VP R&D Sunbelt Software Two serious Windows flaws have surfaced today. One, a zero-day exploit, makes it possible for any web site (or HTML email) to take over a Windows machine, even if it's been fully patched. The other is a file corruption error on Windows 2000 NTFS systems introduced by a Microsoft patch. - Digital Rights Management (DRM)E73
Digital Rights Management (DRM)Steve and Leo survey the history and evolution of media property rights and the technologies used to enforce them as they prepare for next week's show: a look at AACS, the most pervasive and invasive system for digital rights management ever created. - Multifactor AuthenticationE90
Multifactor AuthenticationSteve explains the theory and practice of multifactor authentication which uses combinations of "something you know," "something you have," and "something you are" to provide stronger remote authentication than traditional, unreliable single-factor username and password authentication. - The Fourth FactorE94
The Fourth FactorWe've already talked about the three factors of authentication: something you know (e.g. a password), something you have (a passcard), and something you are (a fingerprint). Now Steve talks about the fourth factor of authentication: someone you know, or who knows you. - YubiKeyE143
YubiKeyLeo and I delve into the detailed operation of the YubiKey, the coolest new secure authentication device I discovered at the recent RSA Security Conference. Our special guest during the episode is Stina Ehrensvrd, CEO and Founder of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for this cool new technology. - SandboxieE172
SandboxieSteve and Leo return to take a much closer look at "Sandboxie", an extremely useful, powerful, and highly recommended Windows security tool they first mentioned two years ago. This time, after interviewing Sandboxie's creator, Ronen Tzur, Steve explains why he is totally hooked and why Leo is wishing it was available for his Macs. - Proxied SurfingE289
Proxied SurfingAfter catching up with the week's security updates and other security-related news, Steve and Leo discuss the many modes of operation of "Proxied Web Surfing" which are used to bypass firewalls and Internet filters, aid free speech, and alter the contents of web pages retrieved from the Internet.
