Sat, 27 May 2017 15:44:06 +0100 Wed, 15 Apr 2020 09:52:18 +0100 https://twit.tv/shows/security-now en-US This work is licensed under a Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International - http://creativecommons.org/licenses/by-nc-nd/4.0/ 14400 Technology Security http://twit.cachefly.net/coverart/sn/sn144audio.jpg https://twit.tv/shows/security-now 144 144 TWiT Steve Gibson discusses the hot topics in security today with Leo Laporte. Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC. Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live at https://twit.tv/live every Tuesday. TWiT, Technology, Steve Gibson, Leo Laporte, security, spyware, malware, hacking, cyber crime, encryption false no Leo Laporte distro@twit.tv Thu, 28 Dec 2006 18:00:00 -0800 http://media.grc.com/sn/sn-072-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-072-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 21 Dec 2006 18:00:00 -0800 http://media.grc.com/sn/sn-071-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-071-lq.mp3 This week I take the wraps off our forthcoming security freeware utility: SecurAble. Although I'm still working to get it finished, tested, and ready for initial release, I describe what SecurAble will do and some of the unexpected hurdles I've encountered with the application and with details of Windows operation along the way. Thu, 14 Dec 2006 18:00:00 -0800 http://media.grc.com/sn/sn-070-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-070-lq.mp3 Last week Leo and I discussed the social implications and the social power of Internet Anonymity. This week we discuss the technology of Freenet and TOR (Onion Router) networks, and I describe the detailed technical operation of both systems. Thu, 07 Dec 2006 18:00:00 -0800 http://media.grc.com/sn/sn-069-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-069-lq.mp3 To create some background for next week's discussion about the significant technical challenges involved in creating true anonymity on the Internet, this week Leo and I discuss the consequences of the use and abuse of the extreme power afforded by many different forms of Internet anonymity, privacy, and freedom of speech. Thu, 30 Nov 2006 18:00:00 -0800 http://media.grc.com/sn/sn-068-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-068-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 23 Nov 2006 18:00:00 -0800 http://media.grc.com/sn/sn-067-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-067-lq.mp3 Leo and I first discuss errata from previous episodes, correcting, among other things, Steve's first poor impression of Vista's performance. Then we discuss the results of my in-depth research into the inner workings of Vista's Kernel Patch Protection (aka PatchGuard) to uncover its limitations, benefits, and real purpose. Thu, 16 Nov 2006 18:00:00 -0800 http://media.grc.com/sn/sn-066-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-066-lq.mp3 Leo and I describe the new security features Microsoft has designed and built into their new version of Windows, Vista. We examine the impact of having such features built into the base product rather than offered by third parties as add-ons. And we carefully compare the security benefits of Vista on 64-bit versus 32-bit hardware platforms. Thu, 09 Nov 2006 18:00:00 -0800 http://media.grc.com/sn/sn-065-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-065-lq.mp3 Leo and I get a bit philosophical this week. We discuss the broad nature of Security — all security, not just computer security. We propose a new definition of 'Security' and flesh it out with examples to illustrate why security is so difficult, if not impossible. Thu, 02 Nov 2006 18:00:00 -0800 http://media.grc.com/sn/sn-064-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-064-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 26 Oct 2006 18:00:00 -0800 http://media.grc.com/sn/sn-063-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-063-lq.mp3 Leo and I get deeply into the new MojoPac product from RingCube Technologies. After spending several days plumbing the depths of this intriguing new idea for installing secure and private Windows program and file installations onto transportable USB devices, I tell all about what I found and what I believe it means now and in the future. Thu, 19 Oct 2006 18:00:00 -0800 http://media.grc.com/sn/sn-062-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-062-lq.mp3 Leo and I discuss the entire range of applications for Internet Proxies and Proxy Servers. We describe the many different uses for proxies while discussing both the benefits and the potential security and privacy liabilities created by filtering and caching web and other Internet content. Thu, 12 Oct 2006 18:00:00 -0800 http://media.grc.com/sn/sn-061-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-061-lq.mp3 Leo and I discuss two new 0-day Internet Explorer vulnerabilities (both now being exploited on the Internet); then we explore the commonly expressed privacy and security concerns presented by the need to trust Internet Service Providers (ISP). Thu, 05 Oct 2006 18:00:00 -0800 http://media.grc.com/sn/sn-060-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-060-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 28 Sep 2006 18:00:00 -0800 http://media.grc.com/sn/sn-059-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-059-lq.mp3 Completing the topic of current virtual machine technology and products, Steve and Leo closely examine the commercial multiplatform virtual machine offerings from "Parallels," comparing them to VMware and Virtual PC. Steve also corrects an important incorrect statement he made the previous week about features missing from VMware's free Server VM solution. Thu, 21 Sep 2006 18:00:00 -0800 http://media.grc.com/sn/sn-058-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-058-lq.mp3 Leo and I discuss the breaking news of two new critical Windows problems: A new vulnerability that is being actively exploited on the web to install malware into innocent users' machines - and a work-around that all Windows users can employ to protect themselves. And a serious file-corruption bug Microsoft introduced into last month's security update that affects all Windows 2000 users. Thu, 14 Sep 2006 18:00:00 -0800 http://media.grc.com/sn/sn-057-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-057-lq.mp3 Leo and I wrap up our multi-week series about virtual machines and virtual machine technology by closely analyzing the differences and similarities between the free and commercial VM products offered by Microsoft and VMware. Thu, 07 Sep 2006 18:00:00 -0800 http://media.grc.com/sn/sn-056-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-056-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 31 Aug 2006 18:00:00 -0800 http://media.grc.com/sn/sn-055-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-055-lq.mp3 Having discussed "heavy weight" virtualization technology in recent weeks, this week Leo and I examine "lighter weight" application sandboxing technology and the software solutions currently available to perform this form of application "wrapping." We discuss the inherent limitations of sandbox security and explain how valuable sandboxes can be for privacy enforcement. Thu, 24 Aug 2006 18:00:00 -0800 http://media.grc.com/sn/sn-054-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-054-lq.mp3 Leo and I continue our ongoing discussion of the security implications and applications of virtualization and virtual machines. This week we examine the "Blue Pill" OS subversion technology made possible by AMD's next generation virtualization hardware support. We debunk the hype surrounding this interesting and worrisome capability, placing it into a larger security and virtualization context. Thu, 17 Aug 2006 18:00:00 -0800 http://media.grc.com/sn/sn-053-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-053-lq.mp3 Leo and I briefly recap the concepts and technology of Virtual Machine (VM) technology, then thoroughly explore the free and commercial offerings of the earliest company to pioneer Intel-based high-performance virtual machines, VMware. We focus upon the free VMware Player which allows Virtual Machine 'Appliances' to be 'played' on any supported platform. They examine the value of these VMware solutions for creating highly secure 'sandbox' containment environments as well as for cover-your-tracks privacy. Thu, 10 Aug 2006 18:00:00 -0800 http://media.grc.com/sn/sn-052-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-052-lq.mp3 Leo and I discuss the week's security woes, covering D-Link and Centrino wireless buffer overflows which allow remote wireless compromise of user's networks and machines. We explore the recent revelation that JavaScript can be used to scan an unwitting user's internal network to take over their equipment. We talk about the purchase of Hamachi by LogMeIn and how Botnets are being used to create fraudulent eBay users with perfect "feedback" in order to defraud even careful eBay users. And more! Thu, 03 Aug 2006 18:00:00 -0800 http://media.grc.com/sn/sn-051-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-051-lq.mp3 Leo and I discuss the revelation, courtesy of a Symantec study and report, that Microsoft's forthcoming Vista operating system has a brand new, written from scratch, networking stack supporting old and new network protocols. They consider the sobering security consequences of Microsoft's decision to scrap Window's old but battled-hardened network stack in favor of one that's new and unproven. Thu, 27 Jul 2006 18:00:00 -0800 http://media.grc.com/sn/sn-050-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-050-lq.mp3 Leo and I discuss the historical beginnings of Virtual Machine technology, from the 40-year-old IBM VM/360 operating system through virtual machine language emulators and today's VMware and Virtual PC solutions. This kicks off a multi-episode discussion of the tremendous security benefits and practical uses of modern day Virtual Machine technology. Thu, 20 Jul 2006 18:00:00 -0800 http://media.grc.com/sn/sn-049-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-049-lq.mp3 Leo and I describe the operation and use of the universally available "Netstat" command -- available in every desktop operating system from Unix and Linux through Windows and Macs. "Netstat" allows anyone to instantly see what current Internet connections and listening ports any system has open and operating. Mastering the power of this little-known command will greatly empower any security-conscious computer user. Thu, 13 Jul 2006 18:00:00 -0800 http://media.grc.com/sn/sn-048-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-048-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 06 Jul 2006 18:00:00 -0800 http://media.grc.com/sn/sn-047-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-047-lq.mp3 Leo and I trace the history and rapid growth of Internet Denial of Service (DoS) attack techniques, tools, and motivations over the past eight years. We discuss many different types of attacks while focusing upon the distributed bandwidth flooding attacks that are the most destructive and difficult to block. Thu, 29 Jun 2006 18:00:00 -0800 http://media.grc.com/sn/sn-046-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-046-lq.mp3 Leo and I clarify the confusion surrounding consumer NAT router logging. We explain why routers tend to overreact to Internet 'noise' by 'crying wolf' too often, why the logs produced by consumer routers are unfortunately not very useful, and when paying attention to logs does and does not make sense. Thu, 22 Jun 2006 18:00:00 -0800 http://media.grc.com/sn/sn-045-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-045-lq.mp3 Leo and I reveal and describe the 'HOSTS' file, which is hidden away within every Internet-capable machine. We explain how, because it is always the first place a machine looks for the IP address associated with any other machine name, it can be used to easily and conveniently intercept your computer's silent communication with any questionable web sites you'd rather have it not talking to. Thu, 15 Jun 2006 18:00:00 -0800 http://media.grc.com/sn/sn-044-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-044-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 08 Jun 2006 18:00:00 -0800 http://media.grc.com/sn/sn-043-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-043-lq.mp3 This week Leo and I cover the broad subject of 'open ports' on Internet-connected machines. We define 'ports', and what it means for them to be open, closed, and stealth. We discuss what opens them, what it means to have ports 'open' from both a functional and security standpoint, how open ports can be detected, whether stealth ports are really more secure than closed ports, and differences between TCP and UDP port detection. Thu, 01 Jun 2006 18:00:00 -0800 http://media.grc.com/sn/sn-042-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-042-lq.mp3 Leo and I delve into the inner workings of NAT routers. We examine the trouble NAT routers present to peer-to-peer networks where users are behind NAT routers that block incoming connections, and we explain how a third-party server can be briefly used to help each router get its packets through to the other, thus allowing them to directly connect. Thu, 25 May 2006 18:00:00 -0800 http://media.grc.com/sn/sn-041-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-041-lq.mp3 This week Leo and I explain why we love "TrueCrypt", a fabulous, free, open source, on-the-fly storage encryption tool that is fast, flexible, super-well-engineered, feature packed, and able to provide advanced state of the art encryption services for many applications. Thu, 18 May 2006 18:00:00 -0800 http://media.grc.com/sn/sn-040-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-040-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies and issues we have previously discussed. Thu, 11 May 2006 18:00:00 -0800 http://media.grc.com/sn/sn-039-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-039-lq.mp3 In one of our more "aggressively technical" episodes, Leo and I discuss the pernicious nature of software security bugs from the programmer's perspective. We explain how "the system stack" functions, then provide a detailed look at exactly how a small programming mistake can allow executable code to be remotely injected into a computer system despite the best intentions of security-conscious programmers. Thu, 04 May 2006 18:00:00 -0800 http://media.grc.com/sn/sn-038-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-038-lq.mp3 Leo and I discuss the broad topic of web browser security. We examine the implications of running "client-side" code in the form of interpreted scripting languages such as Java, JavaScript, and VBScript, and also the native object code contained within browser "plug-ins" including Microsoft's ActiveX. I outline the "zone-based" security model used by IE and explain how I surf with high security under IE, only "lowering my shields" to a website after I've had the chance to look around and decide that the site looks trustworthy. Thu, 27 Apr 2006 18:00:00 -0800 http://media.grc.com/sn/sn-037-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-037-lq.mp3 Leo and I conclude our multi-week coverage of the fundamental technologies underlying modern cryptographic systems. We discuss the number of 512-bit primes (two of which are used to form 1024-bit public keys) and the relative difficulty of performing prime factorizations at various bit lengths. We discuss the importance of, and solutions to, private key recovery using varying numbers of trustees. And conclude by explaining the need for, and the operation of, security certificates. Thu, 20 Apr 2006 18:00:00 -0800 http://media.grc.com/sn/sn-036-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-036-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed. Thu, 13 Apr 2006 18:00:00 -0800 http://media.grc.com/sn/sn-035-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-035-lq.mp3 Having covered stream and block symmetric ciphers and asymmetric ciphers, this week Leo and I describe and discuss "cryptographic hashes", the final component to comprise a complete fundamental cryptographic function suite. We discuss the roles of, and attacks against, many common and familiar cryptographic hashes including MD5 and SHA1. Thu, 06 Apr 2006 18:00:00 -0800 http://media.grc.com/sn/sn-034-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-034-lq.mp3 Having discussed symmetric (private) key ciphers during the last two weeks, this week Leo and I examine asymmetric key cryptography, commonly known as "Public Key Cryptography". We begin by examining the first public key cryptosystem, known as the Diffie-Hellman Key Exchange, invented in 1976. Then we describe the operation of general purpose public key cryptosystems such as the one invented by RSA. Thu, 30 Mar 2006 18:00:00 -0800 http://media.grc.com/sn/sn-033-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-033-lq.mp3 Leo and I answer last week's Puzzler/BrainTeaser which explored the idea of using two private one-time pad "keys," like two padlocks, to securely convey a message between two parties, neither of whom would have the other's key. Then we continue our ongoing tour of fundamental crypto technology by describing the operation of Symmetric Block Ciphers. Thu, 23 Mar 2006 18:00:00 -0800 http://media.grc.com/sn/sn-032-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-032-lq.mp3 Leo and I briefly review last week's topic of symmetric stream ciphers, then we pose the first Security Now! Puzzler/BrainTeaser which proposes a secure means for sending encrypted messages where neither party knows the other's key. The Puzzler/BrainTeaser will be answered and resolved at the start of next week's episode. Then, as always in our Q&A episodes, we answer questions and discuss issues raised by listeners. Thu, 16 Mar 2006 18:00:00 -0800 http://media.grc.com/sn/sn-031-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-031-lq.mp3 Leo and I continue our multi-episode tour of cryptographic technology. This week we analyze the cryptographic operation of secret decoder rings which we use to develop a solid foundation of cryptographic terminology. We then examine the first of two forms of symmetric, private key cryptography known as symmetric stream ciphers. Two weeks from now, after next week's Q&A episode, we'll discuss the operation of symmetric block ciphers. Thu, 09 Mar 2006 18:00:00 -0800 http://media.grc.com/sn/sn-030-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-030-lq.mp3 Leo and I open our multi-week discussion of the operation and technology of cryptography. This first week we start by examining the social consequences and ethical implications of common citizens being empowered with freely available cryptographic technology that no force on Earth - no government agency, no corporation, no private individual - can crack within their lifetimes. Thu, 02 Mar 2006 18:00:00 -0800 http://media.grc.com/sn/sn-029-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-029-lq.mp3 Leo and I discuss the design, operation, and complete lack of security of Ethernet - the LAN technology that virtually all of the world uses. We explain how this lack of security enables a wide range of serious attacks to be perpetrated by any other machine sharing the same Ethernet - such as in a wireless hotspot, within a corporate network, or even in a wired hotel where the entire hotel is one big exploitable Ethernet LAN. GRC's ARP Cache Poisoning page contains a detailed explanation of these problems with diagrams and links to readily available Ethernet ARP exploitation malware.ARP Cache Poisoning: /nat/arp.htm Thu, 23 Feb 2006 18:00:00 -0800 http://media.grc.com/sn/sn-028-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-028-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed. Thu, 16 Feb 2006 18:00:00 -0800 http://media.grc.com/sn/sn-027-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-027-lq.mp3 Having covered the operation of the Internet's WAN (Wide Area Network) technology in the past two weeks, this week Leo and I turn to discussing the way Local Area Networks (LANs) operate and how they interface with the Internet WAN. We address the configuration of subnet masks, default gateways, and DHCP to explain how packets are routed among machines and gateways within a LAN. Thu, 09 Feb 2006 18:00:00 -0800 http://media.grc.com/sn/sn-026-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-026-lq.mp3 During this 38-minute, part 2 episode of "How the Internet Works," Leo and I briefly review last week's discussion of the ICMP protocol, then discuss the operational details of the Internet's two main data-carrying protocols: UDP and TCP. Thu, 02 Feb 2006 18:00:00 -0800 http://media.grc.com/sn/sn-025-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-025-lq.mp3 During this 49-minute episode, Leo and I briefly discuss the 'Kama Sutra' virus that will become destructive on February 3rd. We briefly discuss PC World Magazine's recent evaluation and ranking of ten top anti-malware systems. And we begin our long-planned 'fundamental technology' series with a two-part close look at the history and detailed operation of the global Internet. Thu, 26 Jan 2006 18:00:00 -0800 http://media.grc.com/sn/sn-024-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-024-lq.mp3 Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed. Thu, 19 Jan 2006 18:00:00 -0800 http://media.grc.com/sn/sn-023-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-023-lq.mp3 Leo and I "close the backdoor" on the controversial Windows WMF Metafile image code execution (MICE) vulnerability. We discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware: MouseTrap which determines whether any Windows or Linux/WINE system has 'MICE'.Download "MouseTrap" - our free MICE tester (29 kb) Thu, 12 Jan 2006 18:00:00 -0800 http://media.grc.com/sn/sn-022-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-022-lq.mp3 Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.Download "MouseTrap" - our free MICE tester (29 kb) Thu, 05 Jan 2006 18:00:00 -0800 http://media.grc.com/sn/sn-021-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-021-lq.mp3 Leo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular -- and very necessary -- temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond.