Sat, 27 May 2017 15:46:31 +0100 Wed, 15 Apr 2020 09:58:51 +0100 https://twit.tv/shows/security-now en-US This work is licensed under a Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International - http://creativecommons.org/licenses/by-nc-nd/4.0/ 14400 Technology Security http://twit.cachefly.net/coverart/sn/sn144audio.jpg https://twit.tv/shows/security-now 144 144 TWiT Steve Gibson discusses the hot topics in security today with Leo Laporte. Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC. Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live at https://twit.tv/live every Tuesday. TWiT, Technology, Steve Gibson, Leo Laporte, security, spyware, malware, hacking, cyber crime, encryption false no Leo Laporte distro@twit.tv Thu, 31 Dec 2009 18:00:00 -0800 http://media.grc.com/sn/sn-229-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-229-lq.mp3 Leo and I turn everything around this week to question the true economic value of security advice. We consider the various non-zero costs to the average, non-Security Now! listener. We compare those real costs with the somewhat unclear and uncertain benefits of going to all the trouble of following, sometimes painful, maximum security advice. Thu, 24 Dec 2009 18:00:00 -0800 http://media.grc.com/sn/sn-228-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-228-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 17 Dec 2009 18:00:00 -0800 http://media.grc.com/sn/sn-227-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-227-lq.mp3 Leo and I examine the amorphous and difficult-to-grasp issue of nation-state sponsored cyberwarfare. We examine what it means when nations awaken to the many nefarious ways the global Internet can be used to gain advantage against international competitors and adversaries. Thu, 10 Dec 2009 18:00:00 -0800 http://media.grc.com/sn/sn-226-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-226-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 03 Dec 2009 18:00:00 -0800 http://media.grc.com/sn/sn-225-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-225-lq.mp3 This week Leo and I plow into the little understood and even less known problems that arise when user-provided content — postings, photos, videos, etc. — are uploaded to trusted web sites from which they are then subsequently served to other web users. Thu, 26 Nov 2009 18:00:00 -0800 http://media.grc.com/sn/sn-224-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-224-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 19 Nov 2009 18:00:00 -0800 http://media.grc.com/sn/sn-223-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-223-lq.mp3 This week Leo and I plow into a recently discovered serious vulnerability in the fundamental SSL protocol that provides virtually all of the Internet's communications security: SSL - the Secure Sockets Layer. I explain exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client's credentials. (That's not good.) Thu, 12 Nov 2009 18:00:00 -0800 http://media.grc.com/sn/sn-222-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-222-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 05 Nov 2009 18:00:00 -0800 http://media.grc.com/sn/sn-221-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-221-lq.mp3 This week Leo and I are joined by author (The Geek Atlas) and software developer John Graham-Cumming to discuss many specific concerns about the inherent, designed-in, insecurity of our browser's JavaScript scripting language. Now 14 years old, JavaScript was never meant for today's high-demand Internet environment — and it's having problems.John's original presentation slides in Microsoft PowerPoint and PDF formats. Thu, 29 Oct 2009 18:00:00 -0800 http://media.grc.com/sn/sn-220-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-220-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 22 Oct 2009 18:00:00 -0800 http://media.grc.com/sn/sn-219-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-219-lq.mp3 In preparation for episode #221's guest, John Graham-Cumming, who will take us on a detailed walk-through of the JavaScript language's security problems, this week Leo and I examine the sad and badly broken state of web browsing in general, and how we got to where we are. Thu, 15 Oct 2009 18:00:00 -0800 http://media.grc.com/sn/sn-218-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-218-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 08 Oct 2009 18:00:00 -0800 http://media.grc.com/sn/sn-217-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-217-lq.mp3 Alex and I discuss the serious security problems created by the way SSL connections are specified by non-secured web pages, and how easily a "man in the middle" attack can compromise this amazingly weak web-based security. Thu, 01 Oct 2009 18:00:00 -0800 http://media.grc.com/sn/sn-216-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-216-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 24 Sep 2009 18:00:00 -0800 http://media.grc.com/sn/sn-215-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-215-lq.mp3 Leo and I discuss the first portion of a collection of pithy and apropos "Security Maxims" that were assembled by a member of the Argonne Vulnerability Assessment Team at the Nuclear Engineering Division of the Argonne National Laboratory, U.S. Department of Energy. They're great! Thu, 17 Sep 2009 18:00:00 -0800 http://media.grc.com/sn/sn-214-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-214-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 10 Sep 2009 18:00:00 -0800 http://media.grc.com/sn/sn-213-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-213-lq.mp3 Leo and I discuss the state of GSM (Global System of Mobile communications) cracking. I show where to purchase the required hardware, from where to download the software, and just how easy and practical it has become to "crack" the old and very weak "security" employed by the three billion cellphones now in worldwide use. Thu, 03 Sep 2009 18:00:00 -0800 http://media.grc.com/sn/sn-212-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-212-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 27 Aug 2009 18:00:00 -0800 http://media.grc.com/sn/sn-211-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-211-lq.mp3 This week Leo and I describe the inner workings of one of the best designed and apparently most secure electronic voting machines — currently in use in the United States — and how a group of university researchers hacked it without any outside information to create a 100% stealth vote stealing system. Thu, 20 Aug 2009 18:00:00 -0800 http://media.grc.com/sn/sn-210-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-210-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 13 Aug 2009 18:00:00 -0800 http://media.grc.com/sn/sn-209-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-209-lq.mp3 Leo and I kick off the podcast's fifth year with a rare off-topic discussion of something I have been researching for the past eight weeks and passionately believe everyone needs to know about: Vitamin D. After next week's Q&A, the podcast will return to topics of Internet security.Steve's "Vitamin D" Research page: https://www.grc.com/health/Vitamin-D.htm Thu, 06 Aug 2009 18:00:00 -0800 http://media.grc.com/sn/sn-208-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-208-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 30 Jul 2009 18:00:00 -0800 http://media.grc.com/sn/sn-207-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-207-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 23 Jul 2009 18:00:00 -0800 http://media.grc.com/sn/sn-206-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-206-lq.mp3 A LOT of security news transpired during the three previous weeks since Steve and Leo last recorded live. So instead of the regularly scheduled Q&A episode (which is moved to next week), today they catch up with this week's "mega security news update." Thu, 16 Jul 2009 18:00:00 -0800 http://media.grc.com/sn/sn-205-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-205-lq.mp3 Leo and I examine the operation of one of the most prevalent computer algorithm inventions in history: Lempel-Ziv data compression. Variations of this invention form the foundation of all modern data compression technologies. Thu, 09 Jul 2009 18:00:00 -0800 http://media.grc.com/sn/sn-204-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-204-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 02 Jul 2009 18:00:00 -0800 http://media.grc.com/sn/sn-203-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-203-lq.mp3 Leo and I explore the invention of the best, and very non-intuitive, means for "string searching" - finding a specific pattern of bytes within a larger buffer. This is crucial not only for searching documents but also for finding viruses hidden within a computer's file system. Thu, 25 Jun 2009 18:00:00 -0800 http://media.grc.com/sn/sn-202-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-202-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 18 Jun 2009 18:00:00 -0800 http://media.grc.com/sn/sn-201-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-201-lq.mp3 Leo and I examine the operation, features, and security of PKWARE's FREE SecureZIP file archiving and encrypting utility. This very compelling and free offering implements a complete PKI (Public Key Infrastructure) system with per-user/per-installation certificates, public and private keys, secure encryption, digital signing, and other security features we have discussed during previous podcasts. Thu, 11 Jun 2009 18:00:00 -0800 http://media.grc.com/sn/sn-200-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-200-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 04 Jun 2009 18:00:00 -0800 http://media.grc.com/sn/sn-199-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-199-lq.mp3 Steve and Leo explore three topics this week: A terrific new book for geeks and non-geeks alike, the uncertain future of IPv6 (and a few cautions about rushing to adoption) and a idea Steve has been mulling around for a "lightweight" means for making secure Internet connections with a VPN tunnel. Thu, 28 May 2009 18:00:00 -0800 http://media.grc.com/sn/sn-198-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-198-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 21 May 2009 18:00:00 -0800 http://media.grc.com/sn/sn-197-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-197-lq.mp3 This week, Leo and I discuss the changes, additions and enhancements Microsoft has made to the security of their forthcoming release of Windows 7. Thu, 14 May 2009 18:00:00 -0800 http://media.grc.com/sn/sn-196-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-196-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 07 May 2009 18:00:00 -0800 http://media.grc.com/sn/sn-195-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-195-lq.mp3 Leo and I plow into the detailed operation of the Internet's most-used security protocol, originally called "SSL" and now evolved into "TLS." The security of this crucial protocol protects all of our online logins, financial transactions, and pretty much everything else. Thu, 30 Apr 2009 18:00:00 -0800 http://media.grc.com/sn/sn-194-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-194-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 23 Apr 2009 18:00:00 -0800 http://media.grc.com/sn/sn-193-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-193-lq.mp3 Steve and Leo discuss the week's security news; then they closely examine the detailed operation and evolution of "Conficker," the most technically sophisticated worm the Internet has ever encountered. Thu, 16 Apr 2009 18:00:00 -0800 http://media.grc.com/sn/sn-192-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-192-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 09 Apr 2009 18:00:00 -0800 http://media.grc.com/sn/sn-191-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-191-lq.mp3 Steve and Leo begin by discussing the week's security news. Then Steve carefully and completely describes the construction and operation of a worldwide covert cyberspace intelligence gathering network, operating in 103 countries, that was named "GhostNet" by its Canadian discoverers. Thu, 02 Apr 2009 18:00:00 -0800 http://media.grc.com/sn/sn-190-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-190-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 26 Mar 2009 18:00:00 -0800 http://media.grc.com/sn/sn-189-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-189-lq.mp3 Leo and I closely examine and discuss Microsoft's just released major version 8 of Internet Explorer. Having studied this major new web browser version closely, I examine the many new features and foibles from the standpoint of its short- and long-term impact on Internet security. Thu, 19 Mar 2009 18:00:00 -0800 http://media.grc.com/sn/sn-188-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-188-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 12 Mar 2009 18:00:00 -0800 http://media.grc.com/sn/sn-187-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-187-lq.mp3 Leo and I discuss the inglorious past of Windows Autorun. We explain how, until recently, disabling "Autorun" never really worked, how Microsoft hoped to fix it while bringing minimal attention to the problem, and how Microsoft's documentation of their recent fix still "got it wrong." Thu, 05 Mar 2009 18:00:00 -0800 http://media.grc.com/sn/sn-186-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-186-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 26 Feb 2009 18:00:00 -0800 http://media.grc.com/sn/sn-185-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-185-lq.mp3 Leo and I discuss the role, importance and operation of cryptographically-keyed message digest algorithms and their use to securely authenticate messages: Hashed Messages Authentication Codes. Thu, 19 Feb 2009 18:00:00 -0800 http://media.grc.com/sn/sn-184-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-184-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 12 Feb 2009 18:00:00 -0800 http://media.grc.com/sn/sn-183-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-183-lq.mp3 In preparation for a deep and detailed discussion of the Secure Sockets Layer (SSL) protocol, Steve and Leo first establish some formal crypto theory and practice of encryption operating modes. Thu, 05 Feb 2009 18:00:00 -0800 http://media.grc.com/sn/sn-182-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-182-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 29 Jan 2009 18:00:00 -0800 http://media.grc.com/sn/sn-181-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-181-lq.mp3 Before tackling the complete description of the operation of the SSL (Secure Socket Layer) protocol, this week Leo and I take a step back to survey and review much of the cryptographic material we have covered during past 3+ years of podcasts. Thu, 22 Jan 2009 18:00:00 -0800 http://media.grc.com/sn/sn-180-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-180-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 15 Jan 2009 18:00:00 -0800 http://media.grc.com/sn/sn-179-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-179-lq.mp3 Steve and Leo delve into the detailed inner workings of security certificates upon which the Internet depends for establishing the identity of users, websites, and other remote entities. After establishing how certificates perform these functions, Steve describes how a team of security researchers successfully cracked this "uncrackable" security to create fraudulent identifications. Thu, 08 Jan 2009 18:00:00 -0800 http://media.grc.com/sn/sn-178-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-178-lq.mp3 Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Thu, 01 Jan 2009 18:00:00 -0800 http://media.grc.com/sn/sn-177-lq.mp3 TWiT Technology Security false http://media.grc.com/sn/sn-177-lq.mp3 Leo and I discuss the newly discovered cracks in SSL (Secure Sockets Layer), Antique PDP-8 minicomputers, a new PDP-8 kit you can build, and the importance of next generation UltraCapacitors.