Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte

TechTV's Leo Laporte and I take 30 to 60 minutes near the end of each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Receive an automatic eMail reminder whenever a new episode is posted here (from ChangeDetection.com). See the section at the bottom of this page.

 Send us your feedback: Use the form at the bottom of the page to share your opinions, thoughts, ideas, and suggestions for future episodes.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts (TWiT is America's most listened to podcast!) So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.

 And a huge thanks to AOL Radio for hosting the high-quality MP3 files and providing the bandwidth to make this series possible. We use "local links" to count downloads, but all of the high-quality full-size MP3 files are being served by AOL Radio.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A web page with any supplementary notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

Episode #59 | 28 Sep 2006 | 69 min.
Comparing "Parallels" VMs

Completing the topic of current virtual machine technology and products, Steve and Leo closely examine the commercial multiplatform virtual machine offerings from "Parallels," comparing them to VMware and Virtual PC. Steve also corrects an important incorrect statement he made the previous week about features missing from VMware�s free Server VM solution.
33 MB8.3 MB2.1 KB148 KB68 KB137 KB

Episode #58 | 21 Sep 2006 | 34 min.
Two New Critical Windows Problems

Leo and I discuss the breaking news of two new critical Windows problems: A new vulnerability that is being actively exploited on the web to install malware into innocent users' machines — and a work-around that all Windows users can employ to protect themselves. And a serious file-corruption bug Microsoft introduced into last month's security update that affects all Windows 2000 users.
16 MB4.1 MB5.4 KB58 KB34 KB95 KB

Episode #57 | 14 Sep 2006 | 42 min.
Virtual PC versus VMware

Leo and I wrap up our multi-week series about virtual machines and virtual machine technology by closely analyzing the differences and similarities between the free and commercial VM products offered by Microsoft and VMware.
21 MB5.2 MB2.1 KB72 KB39 KB100 KB

Episode #56 | 07 Sep 2006 | 59 min.
Listener Feedback Q&A #10

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
28 MB7.1 MB1.8 KB120 KB60 KB126 KB

Episode #55 | 31 Aug 2006 | 48 min.
Application Sandboxes

Having discussed "heavy weight" virtualization technology in recent weeks, this week Leo and I examine "lighter weight" application sandboxing technology and the software solutions currently available to perform this form of application "wrapping." We discuss the inherent limitations of sandbox security and explain how valuable sandboxes can be for privacy enforcement.
23 MB5.8 MB1.8 KB79 KB43 KB106 KB

Episode #54 | 24 Aug 2006 | 52 min.
Blue Pill

Leo and I continue our ongoing discussion of the security implications and applications of virtualization and virtual machines. This week we examine the "Blue Pill" OS subversion technology made possible by AMD�s next generation virtualization hardware support. We debunk the hype surrounding this interesting and worrisome capability, placing it into a larger security and virtualization context.
25 MB6.3 MB1.7 KB85 KB47 KB109 KB

Episode #53 | 17 Aug 2006 | 40 min.
VMware

Leo and I briefly recap the concepts and technology of Virtual Machine (VM) technology, then thoroughly explore the free and commercial offerings of the earliest company to pioneer Intel-based high-performance virtual machines, VMware. We focus upon the free VMware Player which allows Virtual Machine 'Appliances' to be 'played' on any supported platform. They examine the value of these VMware solutions for creating highly secure 'sandbox' containment environments as well as for cover-your-tracks privacy.
19 MB4.8 MB2.8 KB81 KB38 KB102 KB

Episode #52 | 10 Aug 2006 | 49 min.
A Busy Week for Security Troubles

Leo and I discuss the week's security woes, covering D-Link and Centrino wireless buffer overflows which allow remote wireless compromise of user's networks and machines. We explore the recent revelation that JavaScript can be used to scan an unwitting user's internal network to take over their equipment. We talk about the purchase of Hamachi by LogMeIn and how Botnets are being used to create fraudulent eBay users with perfect "feedback" in order to defraud even careful eBay users. And more!
23.6 MB5.9 MB4.6 KB112 KB51 KB117 KB

Episode #51 | 03 Aug 2006 | 45 min.
Vista's Virgin Stack

Leo and I discuss the revelation, courtesy of a Symantec study and report, that Microsoft's forthcoming Vista operating system has a brand new, written from scratch, networking stack supporting old and new network protocols. They consider the sobering security consequences of Microsoft's decision to scrap Window's old but battled-hardened network stack in favor of one that's new and unproven.
21.8 MB5.5 MB2.9 KB101 KB45 KB110 KB

Episode #50 | 27 Jul 2006 | 52 min.
Virtual Machine History & Technology

Leo and I discuss the historical beginnings of Virtual Machine technology, from the 40-year-old IBM VM/360 operating system through virtual machine language emulators and today's VMware and Virtual PC solutions. This kicks off a multi-episode discussion of the tremendous security benefits and practical uses of modern day Virtual Machine technology.
24.8 MB6.2 MB2.2 KB88 KB47 KB109 KB

Episode #49 | 20 Jul 2006 | 58 min.
The NETSTAT Command

Leo and I describe the operation and use of the universally available "Netstat" command -- available in every desktop operating system from Unix and Linux through Windows and Macs. "Netstat" allows anyone to instantly see what current Internet connections and listening ports any system has open and operating. Mastering the power of this little-known command will greatly empower any security-conscious computer user.
28 MB7.0 MB2.2 KB104 KB55 KB120 KB

Episode #48 | 13 Jul 2006 | 66 min.
Listener Feedback Q&A #9

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
32 MB8.1 MB2.2 KB111 KB65 KB126 KB

Episode #47 | 06 Jul 2006 | 62 min.
Internet Weaponry

Leo and I trace the history and rapid growth of Internet Denial of Service (DoS) attack techniques, tools, and motivations over the past eight years. We discuss many different types of attacks while focusing upon the distributed bandwidth flooding attacks that are the most destructive and difficult to block.
30 MB7.6 MB2.2 KB100 KB54 KB116 KB

Episode #46 | 29 Jun 2006 | 36 min.
Router Logs

Leo and I clarify the confusion surrounding consumer NAT router logging. We explain why routers tend to overreact to Internet 'noise' by 'crying wolf' too often, why the logs produced by consumer routers are unfortunately not very useful, and when paying attention to logs does and does not make sense.
17 MB4.4 MB2.2 KB60 KB33 KB94 KB

Episode #45 | 22 Jun 2006 | 26 min.
The 'Hosts' File

Leo and I reveal and describe the 'HOSTS' file, which is hidden away within every Internet-capable machine. We explain how, because it is always the first place a machine looks for the IP address associated with any other machine name, it can be used to easily and conveniently intercept your computer's silent communication with any questionable web sites you�d rather have it not talking to.
13 MB3.1 MB2.2 KB44 KB24 KB85 KB

Episode #44 | 15 Jun 2006 | 63 min.
Listener Feedback Q&A #8

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
31 MB7.7 MB2.2 KB109 KB59 KB123 KB

Episode #43 | 08 Jun 2006 | 58 min.
Open Ports

This week Leo and I cover the broad subject of 'open ports' on Internet-connected machines. We define 'ports', and what it means for them to be open, closed, and stealth. We discuss what opens them, what it means to have ports 'open' from both a functional and security standpoint, how open ports can be detected, whether stealth ports are really more secure than closed ports, and differences between TCP and UDP port detection.
28 MB7.0 MB2.2 KB89 KB52 KB113 KB

Episode #42 | 01 Jun 2006 | 35 min.
NAT Traversal

Leo and I delve into the inner workings of NAT routers. We examine the trouble NAT routers present to peer-to-peer networks where users are behind NAT routers that block incoming connections, and we explain how a third-party server can be briefly used to help each router get its packets through to the other, thus allowing them to directly connect.
17 MB4.2 MB2.2 KB64 KB31 KB92 KB

Episode #41 | 25 May 2006 | 40 min.
TrueCrypt

This week Leo and I explain why we love "TrueCrypt", a fabulous, free, open source, on-the-fly storage encryption tool that is fast, flexible, super-well-engineered, feature packed, and able to provide advanced state of the art encryption services for many applications.
20 MB4.9 MB2.2 KB65 KB36 KB97 KB

Episode #40 | 18 May 2006 | 71 min.
Listener Feedback Q&A #7

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies and issues we have previously discussed.
34 MB8.5 MB2.2 KB140 KB71 KB135 KB

Episode #39 | 11 May 2006 | 50 min.
Buffer Overruns

In one of our more "aggressively technical" episodes, Leo and I discuss the pernicious nature of software security bugs from the programmer's perspective. We explain how "the system stack" functions, then provide a detailed look at exactly how a small programming mistake can allow executable code to be remotely injected into a computer system despite the best intentions of security-conscious programmers.
24 MB6 MB2.2 KB59 KB40 KB98 KB

Episode #38 | 04 May 2006 | 37 min.
Browser Security

Leo and I discuss the broad topic of web browser security. We examine the implications of running "client-side" code in the form of interpreted scripting languages such as Java, JavaScript, and VBScript, and also the native object code contained within browser "plug-ins"�including Microsoft�s ActiveX. I outline the "zone-based" security model used by IE and explain how I surf with high security under IE, only "lowering my shields" to a website after I've had the chance to look around and decide that the site looks trustworthy.
18 MB4.5 MB2.2 KB59 KB33 KB93 KB

Episode #37 | 27 Apr 2006 | 36 min.
Crypto Series Wrap-up

Leo and I conclude our multi-week coverage of the fundamental technologies underlying modern cryptographic systems. We discuss the number of 512-bit primes (two of which are used to form 1024-bit public keys) and the relative difficulty of performing prime factorizations at various bit lengths. We discuss the importance of, and solutions to, private key recovery using varying numbers of trustees. And conclude by explaining the need for, and the operation of, security certificates.
17 MB4.4 MB2.2 KB110 KB39 KB105 KB

Episode #36 | 20 Apr 2006 | 56 min.
Listener Feedback Q&A #6

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.
27 MB6.7 MB2.2 KB113 KB56 KB86 KB

Episode #35 | 13 Apr 2006 | 34 min.
Cryptographic Hashes

Having covered stream and block symmetric ciphers and asymmetric ciphers, this week Leo and I describe and discuss "cryptographic hashes", the final component to comprise a complete fundamental cryptographic function suite. We discuss the roles of, and attacks against, many common and familiar cryptographic hashes including MD5 and SHA1.
16 MB4.1 MB2.2 KB55 KB30 KB56 KB

Episode #34 | 06 Apr 2006 | 37 min.
Public Key Cryptography

Having discussed symmetric (private) key ciphers during the last two weeks, this week Leo and I examine asymmetric key cryptography, commonly known as "Public Key Cryptography". We begin by examining the first public key cryptosystem, known as the Diffie-Hellman Key Exchange, invented in 1976. Then we describe the operation of general purpose public key cryptosystems such as the one invented by RSA.
18 MB4.5 MB2.2 KB63 KB34 KB52 KB

Episode #33 | 30 Mar 2006 | 43 min.
Symmetric Block Ciphers

Leo and I answer last week's Puzzler/BrainTeaser which explored the idea of using two private one-time pad "keys," like two padlocks, to securely convey a message between two parties, neither of whom would have the other's key. Then we continue our ongoing tour of fundamental crypto technology by describing the operation of Symmetric Block Ciphers.
21 MB5.2 MB2.2 KB64 KB38 KB58 KB

Episode #32 | 23 Mar 2006 | 55 min.
Listener Feedback Q&A #5

Leo and I briefly review last week's topic of symmetric stream ciphers, then we pose the first Security Now! Puzzler/BrainTeaser which proposes a secure means for sending encrypted messages where neither party knows the other's key. The Puzzler/BrainTeaser will be answered and resolved at the start of next week's episode. Then, as always in our Q&A episodes, we answer questions and discuss issues raised by listeners.
26 MB6.6 MB2.2 KB105 KB53 KB75 KB

Episode #31 | 16 Mar 2006 | 53 min.
Symmetric Stream Ciphers

Leo and I continue our multi-episode tour of cryptographic technology. This week we analyze the cryptographic operation of secret decoder rings which we use to develop a solid foundation of cryptographic terminology. We then examine the first of two forms of symmetric, private key cryptography known as symmetric stream ciphers. Two weeks from now, after next week's Q&A episode, we'll discuss the operation of symmetric block ciphers.
25 MB6.4 MB2.2 KB83 KB46 KB66 KB

Episode #30 | 09 Mar 2006 | 30 min.
Cryptographic Issues

Leo and I open our multi-week discussion of the operation and technology of cryptography. This first week we start by examining the social consequences and ethical implications of common citizens being empowered with freely available cryptographic technology that no force on Earth — no government agency, no corporation, no private individual — can crack within their lifetimes.
14 MB3.6 MB2.2 KB50 KB28 KB49 KB

Episode #29 | 02 Mar 2006 | 52 min.
Ethernet Insecurity

Leo and I discuss the design, operation, and complete lack of security of Ethernet — the LAN technology that virtually all of the world uses. We explain how this lack of security enables a wide range of serious attacks to be perpetrated by any other machine sharing the same Ethernet — such as in a wireless hotspot, within a corporate network, or even in a wired hotel where the entire hotel is one big exploitable Ethernet LAN. GRC's ARP Cache Poisoning page contains a detailed explanation of these problems with diagrams and links to readily available Ethernet ARP exploitation malware.

ARP Cache Poisoning: http://www.grc.com/nat/arp.htm
25 MB6.3 MB24 KB79 KB45 KB61 KB

Episode #28 | 23 Feb 2006 | 40 min.
Listener Feedback Q&A #4

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.
19 MB4.8 MB2.2 KB95 KB43 KB63 KB

Episode #27 | 16 Feb 2006 | 37 min.
How Local Area Networks Work, Part 1

Having covered the operation of the Internet's WAN (Wide Area Network) technology in the past two weeks, this week Leo and I turn to discussing the way Local Area Networks (LANs) operate and how they interface with the Internet WAN. We address the configuration of subnet masks, default gateways, and DHCP to explain how packets are routed among machines and gateways within a LAN.
18 MB4.5 MB2.2 KB65 KB35 KB54 KB

Episode #26 | 09 Feb 2006 | 38 min.
How the Internet Works, Part 2

During this 38-minute, part 2 episode of "How the Internet Works," Leo and I briefly review last week's discussion of the ICMP protocol, then discuss the operational details of the Internet's two main data-carrying protocols: UDP and TCP.
18 MB4.6 MB2.2 KB58 KB33 KB51 KB

Episode #25 | 02 Feb 2006 | 49 min.
How the Internet Works, Part 1

During this 49-minute episode, Leo and I briefly discuss the 'Kama Sutra' virus that will become destructive on February 3rd. We briefly discuss PC World Magazine's recent evaluation and ranking of ten top anti-malware systems. And we begin our long-planned 'fundamental technology' series with a two-part close look at the history and detailed operation of the global Internet.
24 MB5.9 MB5.6 KB70 KB43 KB59 KB

Episode #24 | 26 Jan 2006 | 40 min.
Listener Feedback Q&A #3

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.
39 MB5.0 MB26 KB113 KB45 KB67 KB

Episode #23 | 19 Jan 2006 | 29 min.
GRC's "MouseTrap"

Leo and I "close the backdoor" on the controversial Windows WMF Metafile image code execution (MICE) vulnerability. We discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware: MouseTrap which determines whether any Windows or Linux/WINE system has 'MICE'.

Download "MouseTrap" – our free MICE tester (29 kb)
14 MB3.5 MB26 KB53 KB29 KB49 KB

Episode #22 | 12 Jan 2006 | 39 min.
The Windows MetaFile Backdoor?

Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Download "MouseTrap" – our free MICE tester (29 kb)
19 MB4.8 MB4.1 KB63 KB37 KB54 KB

Episode #21 | 05 Jan 2006 | 27 min.
The Windows MetaFile (WMF) Vulnerability

Leo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular -- and very necessary -- temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond.
13 MB3.3 MB5.8 KB61 KB28 KB50 KB

Episode #20 | 29 Dec 2005 | 54 min.
A SERIOUS new Windows vulnerability — and Listener Q&A

On December 28th a serious new Windows vulnerability has appeared and been immediately exploited by a growing number of malicious web sites to install malware. Many worse viruses and worms are expected soon. We start off discussing this and our show notes provides a quick necesary workaround until Microsoft provides a patch. Then we spend the next 45 minutes answering and discussing interesting listener questions.
26 MB6.5 MB10 KB104 KB52 KB70 KB

Episode #19 | 22 Dec 2005 | 53 min.
VPNs Three: Hamachi, iPig, and OpenVPN

Leo and I wrap up our multi-week, in-depth coverage of PC VPN solutions by discussing some aftermath of the zero-configuration Hamachi system; introducing "iPig," a very appealing new zero-configuration VPN contender; and describing the many faces of OpenVPN, the "Swiss army knife" of VPN solutions.
25 MB6.4 MB2.4 KB96 KB50 KB68 KB

Episode #18 | 15 Dec 2005 | 33 min.
"Hamachi" Rocks!

This week Leo and I discuss and describe the brand new, ready to emerge from a its long development beta phase, ultra-secure, lightweight, high-performance, highly-polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system known as "Hamachi". After two solid weeks of testing and intense dialog with Hamachi's lead developer and designer, I have fully vetted the system's security architecture and have it running on many of my systems. While I am travelling to Toronto this week, Hamachi is keeping my roaming laptop securely and directly connected to all of my machines back home. Don't miss this one!
16 MB4.1 MB2.4 KB81 KB36 KB58 KB

Episode #17 | 08 Dec 2005 | 33 min.
PPTP and IPSec VPN Technology

In our continuing exploration of VPN technology for protecting network users on networks they don't control, Leo and I discuss the oldest "original" VPN protocols: Industry standard IPSec, and Microsoft's own PPTP and L2TP/IPSec. We examine and explain the trouble with interconnecting Windows machines to third-party VPN routers and examine the many reasons these older technologies are probably not optimal for on-the-go road warriors.
16 MB4.0 MB7.7 KB61 KB31 KB51 KB

Episode #16 | 01 Dec 2005 | 42 min.
Listener feedback Q&A #1

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies we have previously discussed.
20 MB5.1 MB2.3 KB100 KB43 KB65 KB

Episode #15 | 24 Nov 2005 | 43 min.
VPN Secure Tunneling Solutions

Leo and I discuss the use of SSL and SSH encrypted tunneling for providing privacy and security whenever an insecure local network is being used — such as at an open WiFi hotspot or when using a hotel's network. These solutions are not transparent and tend to be configuration intensive. They also require the use of a "server" of some sort at the user's home or office. This makes these approaches less suitable for casual users, but offers a solution for the more technically inclined road warriors.
21 MB5 MB5.6 KB85 KB40 KB60 KB

Episode #14 | 17 Nov 2005 | 27 min.
Virtual Private Networks (VPN): Theory

Leo and I first follow-up on the past two episodes, discussing new developments in the continuing Sony Rootkit DRM drama, and clearing up some confusion over the crackability of WPA passphrases. Then, in this first of our two-part series on VPNs, we discuss the theory of VPN connections and tunnels, explaining how they work and why they represent such a terrific solution for anyone who needs security while they're away from home.
13 MB3.2 MB2.3 KB74 KB29 KB52 KB

Episode #13 | 10 Nov 2005 | 35 min.
Unbreakable WiFi Security

Leo and I follow-up on last week's discussion of the Sony Rootkit debacle with the distressing news of "phoning home" (spyware) behavior from the Sony DRM software, and the rootkit's exploitation by a new malicious backdoor Trojan. We then return to complete our discussion of WiFi security, demystifying the many confusing flavors of WPA encryption and presenting several critical MUST DO tips for WPA users.
17 MB4.2 MB3.2 KB 70 KB32 KB54 KB

Episode #12 | 03 Nov 2005 | 24 min.
Sony's "Rootkit Technology" DRM (copy protection gone bad)

Leo and I discuss details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme. This poorly written software unnecessarily employs classic rootkit technology (see episode #9) to hide from its users after installation. It can not be uninstalled easily, it can be easily misused for malicious purposes, and it has been implicated in many repeated BSOD "blue screen of death" PC crashes.
12 MB2.9 MB8.2 KB46 KB23 KB45 KB

Episode #11 | 27 Oct 2005 | 38 min.
Bad WiFi Security (WEP and MAC address filtering)

Leo and I answer some questions arising from last week's episode, then plow into a detailed discussion of the lack of security value of MAC address filtering, the futility of disabling SSID's for security, and the extremely poor security offered by the first-generation WEP encryption system.
18 MB4.6 MB2.3 KB70 KB34 KB54 KB

Episode #10 | 20 Oct 2005 | 28 min.
Open Wireless Access Points

Leo and I examine the security and privacy considerations of using non-encrypted (i.e. 'Open') wireless access points at home and in public locations. We discuss the various ways of protecting privacy when untrusted strangers can 'sniff' the data traffic flowing to and from your online PC.
14 MB3.4 MB3.2 KB51 KB28 KB47 KB

Episode #9 | 13 Oct 2005 | 32 min.
Rootkits

This week we discuss "rootkit technology". We examine what rootkits are, why they have suddenly become a problem, and how that problem is rapidly growing in severity. We also discuss their detection and removal and point listeners to some very effective free rootkit detection solutions.
16 MB3.9 MB5.2 KB70 KB33 KB53 KB

Episode #8 | 06 Oct 2005 | 24 min.
Denial of Service (DoS) Attacks

Distributed Denial of Service (DDoS) attacks are occurring with ever-greater frequency every day. Although these damaging attacks are often used to extort high-profile gaming and gambling sites before major gambling events, attacks are also launched against individual users who do something to annoy "zombie fleet masters" while they are online. Some router and firewall vendors claim that their devices prevent DDoS attacks. Is that possible? What can be done to dodge the bullet of a DDoS attack launched against you while you're online?
12 MB2.8 MB2.6 KB46 KB23 KB44 KB

Episode #7 | 29 Sep 2005 | 36 min.
SPYaWAREness

Any contemporary discussion of threats to Internet security must discuss the history, current situation, and future of spyware. Leo and I spend a little more time than usual covering many aspects of this important topic. DON'T MISS the Episode Notes Page for this episode!
17 MB4.4 MB17 KB61 KB34 KB52 KB

Episode #6 | 22 Sep 2005 | 18 min.
Mechanical & Electromagnetic Information Leakage

Triggered by a recent report of three UC Berkeley researchers recovering text typed at a keyboard (any keyboard) after simply listening to ten minutes of typing, Leo and I discuss the weird realm of "alternative information leakage" — from CRT glowing, to radio emissions, to LEDs lamps on the front of network equipment . . . to a microphone listening to anyone typing.
8.7 MB2.2 MB8.0 KB36 KB18 KB40 KB

Episode #5 | 15 Sep 2005 | 20 min.
Personal Password Policy — Part 2

Our previous episode (#4), which discussed personal password policies, generated so much great listener feedback, thoughts, ideas, and reminders about things we didn't mention, that we decided to wrap up this important topic with a final episode to share listeners' ideas and to clarify some things we left unsaid.
9.5 MB  2.4 MB  7.9 KB34 KB21 KB  41 KB

Episode #4 | 08 Sep 2005 | 24 min.
Personal Password Policy

Everyone who uses web-based services such as eBay, Amazon, and Yahoo, needs to authenticate their identity with passwords. Password quality is important since easily guessable passwords can be easily defeated. Leo and I recap a bit from last week's program, then discuss passwords. We suggest an approach that anyone can use to easily create unbreakable passwords.
12 MB  2.9 MB  7.4 KB52 KB25 KB  46 KB

Episode #3 | 01 Sep 2005 | 25 min.
NAT Routers as Firewalls

Most people don't think of common NAT routers as hardware firewalls, but ANY NAT router inherently provides terrific security and protection against incoming malicious traffic. Learn how and why this is, and which default settings MUST be changed to lock down the security of your NAT router.
12 MB  3.1 MB  7.4 KB51 KB26 KB  47 KB

Episode #2 | 25 Aug 2005 | 25 min.
" HoneyMonkeys "

How Microsoft's "HoneyMonkey" system works, how it finds malicious web sites before they find you, and what Microsoft is doing (and NOT doing) with this valuable security information it is now collecting.
12 MB  3.0 MB  2.4 KB69 KB26 KB  49 KB

Episode #1 | 19 Aug 2005 | 18 min.
As the Worm Turns — the first Internet worms of 2005

How a never-disclosed Windows vulnerability was quickly reverse-engineered from the patches to fix it and turned into more than 12 potent and damaging Internet worms in three days. What does this mean for the future of Internet security?
8.7 MB  2.2 MB  7.4 KB40 KB18 KB  41 KB



You can receive an eMail reminder whenever this page is updated with a new Security Now! episode. Click the "Monitor Changes" button to have the highly-regarded "Change Detection" web site monitor this page and send you a note when it changes.

Monitor this page for changes: (it's private by ChangeDetection)


Future Episode Topics:

Windows Encrypted Filesystem: We examine the operation, features, applications, and security of Windows' new "Encrypted Filesystem" feature.
The HOSTS file: The network HOSTS file is the first place our systems look for the IP address of local or remote machines. By putting "dummy" entries into the HOSTS file our computers can be kept from accessing malicious sites and services.
The Security of BitTorrent (and other peer-to-peer systems): Bittorrent has become a popular "post-Napster" solution for obtaining large files by "peering" with other Bittorrent users who have already obtained all or part of the desired file. What are the security implications of using Bittorrent and similar peer-to-peer tools?
Zombie Fleets: Right this minute, hundreds of thousands of PCs worldwide are being remotely controlled by malicious hackers. These "Zombie" computers are silently obeying the will of their hidden masters, each who control fleets of thousands of machines. This trend has grown and evolved a lot since my own encounter with this several years ago. Leo and I will look at the phenomenon of Zombie PCs and talk about the consequences to you.
Personal File Encryption: What solutions and alternatives are available for truly unbreakable local file encryption for personal PCs?
IPv6 - the next standard: All of our computers, routers, ISP's and the most of the Internet are currently using "Version 4" of the Internet Protocol (IP), known as IPv4. IPv6 is slowing gaining traction. What new features and solutions does it offer?
Your privacy and your ISP: What privacy exposures would you face if your ISP — or one of their employees — were not totally trustworthy? What are the privacy and security implications of the fact that all of your bandwidth runs through your ISP's network? And for that matter, what are the privacy and security implications anytime your network traffic is exposed to anyone outside of your control?
Identity Theft: What it is, how it happens, what it means, and what you can do to keep it from happening to you.
Exploiting Remote Vulnerabilities: What — exactly — are buffer overflows? How do "open ports" create dangers and opportunities for hackers? How are hackers (and worms!) able to exploit bugs in code to remotely take over a someone's computer on the Internet?
The Security of eCommerce: How secure are "secure" connections to other web servers? When an "https:" URL is being used, is that really secure? What are the types of risks you face when shopping online with your credit card?
Free Security: What are the current "best of breed" free security tools — personal firewall, anti-virus, anti-spyware — and why.
Windows "Vista" Security: Our security analysis of the next major step for Microsoft's consumer Windows operating system: Windows Vista.
Misfortune cookies: Why you never want to accept a cookie from a stranger. How simple web browsing leaks personal information to unknown third-parties — and how to prevent it.
Peer-friendly NAT routers: Not all NAT routers are equally "peer-to-peer friendly". Good NAT routers allow direct endpoint-to-endpoint interconnection, while bad NAT routers force a third-party to relay the information. How to determine which type you have, and how to choose the best one for peer-to-peer connections.
GRC's free LANSlide utility (not yet released to the public): What LANSlide can tell you about the operation of your own network, the strength of your NAT router, the processing load from your personal firewall, and the true speed of your wireless LAN.

We want your feedback and suggestions . . .

What do you think? Do you find these valuable? What topics would you like us to cover? What lingering questions do you have about personal computer security? What do you like or dislike about these audio productions? Tell us what's on your mind . . .
Entirely optional information:

You may leave everything below blank, or provide any information you like. I can't reply to your note without an eMail address (obviously), and it's nice to have a name and location to introduce any questions we read for our Listener Q&A episodes. It's up to you. Either way, no record of your eMail address will be retained — it will only be used as the source of this message sent to me.
Your Name:
eMail Addr:
Location:

Last Edit: Sep 29, 2006 at 22:00 (5.50 days ago)Viewed 4,442 times per day

Home Page Purchasing Tech Support Mailing List Projects Free Stuff Discussions

Home Page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2006 Gibson Research Corporation. Spinrite, ShieldsUP,
NanoProbe, and the slogan  "It's MY Computer"  are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.