Security Now - 16k MP3

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I spend 45 terrific minutes speaking with David Jevans, Ironkey's CEO and founder, about the inner workings and features of their truly unique security-hardened cryptographic hardware USB storage device.

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

In this second half of our exploration of whole-drive encryption, Leo and I discuss the detailed operation of the new version 5.0 release of TrueCrypt, which offers whole-drive encryption for Windows.

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

In this first of our two-part exploration of the world of whole-drive encryption, Leo and I begin by discussing the various options and alternatives, then focus upon one excellent, completely free, and comprehensive security solution known as "FREE CompuSec."

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I examine and discuss Microsoft's "Windows SteadyState," an extremely useful, free add-on for Windows XP that allows Windows systems to be "frozen" (in a steady state) to prevent users from making persistent changes to ANYTHING on the system.

Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I discuss the week's major security events, then use a listener's story of his organization's security challenges to set the stage for our discussion of the types of challenges corporations face in attempting to provide a secure computing environment.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Steve explains, very carefully and clearly this time, why and how multiple encryption increases security. Steve also carefully and in full detail explains the operation of the new global encryption AES cipher: Rijndael.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I invite Jungle Disk's creator, Dave Wright, to join the podcast to talk about his $20 product that allows for extremely economical, efficient, seamless and absolutely secure online storage of any user data within Amazon's high-performance, high-reliability "S3" storage facility.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

This week Steve and Leo take a break from the details of bits and bytes to discuss and explore the many issues surrounding the gradual and inexorable ebbing of individual privacy as we (consumers) rely increasingly upon the seductive power of digital-domain services.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I dissect the "Links" on PayPal's site with an eye toward reverse engineering the reason for many of them routing PayPal's users through servers owned by DoubleClick. We carefully explain the nature of the significant privacy concerns raised by this practice.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I discuss the updated second version of our Perfect Paper Passwords (PPP) system and examine a number of interesting subtle questions such as whether it's better to have fully random equally probable passwords or true one-time-only passwords; and how, whether, and why attack strategies affect that decision.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

During this week's second half of our discussion of GRC's new secure roaming authentication system, I reveal and fully describe the unique, simple, clean, and super-secure one-time password solution I designed to provide roaming authentication for GRC's employees. I also describe our own freely available software implementation of the "PPP" system, as well as several other recently created open source implementations.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

In this first of a two-part series, Leo and I discuss my recent design of a secure roaming authentication solution for GRC's employees. I begin to describe the lightweight super-secure system I designed where even an attacker with "perfect knowledge" of an employee's logon will be unable to gain access to protected resources.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Having several times addressed the value and potential of the open source, open spec., and popular OpenID system, which is rapidly gaining traction as a convenient means for providing "single sign-on" identification on the Internet, this week Leo and I examine problems and concerns, both with OpenID and those inherent in any centralized identity management solution.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I delve into some of the non-obvious problems encountered during the creation of a robust and secure eCommerce system. I explain the hurdles I faced, the things that initially tripped me up, and the solutions I found when I was creating GRC's custom eCommerce system.

Leo and I discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I discuss two topics this week: The availability and operation of VeriSign Labs' OpenID PIP (Personal Identity Provider) beta, offering many useful features for online identity authentication; and my recent redesign of the algorithms behind GRC's popular Perfect Passwords page.

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.

Leo and I discuss the history, purpose, and value of personal firewall leaktesting. We examine the myriad techniques clever developers have found for accessing the Internet and sending data out of PCs even when those PCs are being protected by outbound-blocking personal firewalls.

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I talk with Michael Vergara, PayPal's Director of Account Protections, to learn everything they can about the PayPal security key effort and its probable future.

Leo and I open the Security Now mailbag to share and discuss the thoughts, comments, and observations of other Security Now listeners.

Leo and I explore the Internet's rapidly growing need to automatically differentiate human from non-human automated clients. We discuss the advantages and limitations of many past and current approaches to this problem while paying close attention to the most commonly used visual 'CAPTCHA' solutions.

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I explain the virtues and misbegotten negative reputation of the entirely benign and extremely useful emergent crypto facility known as the "Trusted Platform Module."

Leo and I discuss the user experience and operation of Microsoft's "CardSpace" technology which hopes to completely change the way users identify themselves on the Internet by doing away with traditional usernames and passwords.

Leo and I discuss the recent news of the FBI's announced crackdown and pursuit of 'bot-herders' who individually control networks of remote control DoS and Spam zombies numbering in the many tens of thousands.

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I examine the open, platform agnostic, license free, OpenID secure Internet identity authentication system which is rapidly gaining traction within the Internet community. It may well be the "single sign-on" solution that will simplify and secure our use of the world wide web.

Having discussed the first three "factors" in multifactor authentication (something you know, something you have, something you are), Leo and I explore aspects of the power and problems with the fourth factor, "someone you know."

Leo and I tackle the past, present and future of software patents. Our discussion of this non-security topic was triggered by Microsoft's recent declaration that since free and open source software (FOSS) was infringing at least 235 of their software patents, someone ought to be paying them.

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I talk with Marc Maiffret, co-founder of eEye Digital Security of Aliso Viejo, California. eEye has perhaps done more forensic and vulnerability testing research to increase the remote security of Windows than any other group, including Microsoft. They continue to find and report an amazing number of Windows security vulnerabilities.

Leo and I discuss the theory and practice of multifactor authentication which uses combinations of "something you know," "something you have," and "something you are" to provide stronger remote authentication than traditional, unreliable single-factor username and password authentication.

Leo and I review the operation of wireless network security and discuss in detail the operation of the latest attack on the increasingly insecure WEP encryption system. This new technique allows any WEP-protected WiFi network's secret cryptographic key to be discovered in less than 60 seconds.

Leo and I discuss questions asked by listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

Leo and I wrap up our three-part series on web-based code injection vulnerabilities and exploitation with a discussion web-based structured query language (SQL) database attacks. We explain why and how SQL injection vulnerabilities are creating an ongoing plague of vulnerabilities besetting modern 'Web 2.0' applications.