In Episode 332, Steve Gibson and Tom Merritt discuss the issues related to the security on the Internet, and comment to the feedback of their listeners. In the beginning of the conversation they are talking about the recently discovered two zero-day Flash vulnerabilities, the following updates of Adobe and Acrobat, as well as of the latest update of Chrome, which was aimed at eliminating the flaws of the browser. Next, the discussion of IE6, IE7, Firefox’ security issues and Windows automatic updates takes place. The conversation gets focused on the Stop Online Privacy Act, HR 3261 and its amendments. Gibson ridicules the bill and its language wiles by way of pointing out that the document automatically breaks the DNS system and threats free speech rights a priori. He adds that blacklisting on the Internet does not work despite the numerous attempts, since it can effectively work only in a “constrained environment”. Gibson mentions the quote, which he cannot but agree with while explaining why blacklisting does not work on the Internet in general: “The Internet was designed to route around censorship”. (media.grc.com)
Next, Merritt and Gibson have a conversation about miscellaneous things and listeners’ feedback about “briefly stalled sales”, “query headers”, Do Not Trek header, animated CAPTCHA, hard drive cloning, HTML5 security analysis, the inconsistency of lithium-ion batteries, the limited edition of HP-15C, the danger of “hardware” firewalls, remote attacks on PCs, iOS application, etc. Steve Gibson analyses the common issue when lots of people assume they are of no interest for somebody and consciously ignore the security, and adds that viruses and spam do not care about the identity, warning the users to be more careful about their online safety and security.
http://media.grc.com/SN/sn-322-lq.mp3
In Podcast 322, Gibson and Merritt talk about Microsoft and Apple updates, the Microsoft vulnerabilities and the new software coming in the beginning of the conversation. They highlight the installation of malware in Germany by the Chaos Computer Club, which was aimed at spying on laptops of the Germans, but proved to be not secure enough. Steve Gibson notes that in certain situations the FBI gets involved in gathering data through the use of spyware, which can result into the government’s permission to install spyware legally. He adds that the situation with checking laptops at customs control when malware might be put is rather disturbing issue as well.
In the interview, they mention the possible outcomes of the AES cipher. In his answer to a listener’s question, Steve Gibson points out that it is possible to chain encryption ciphers together with the help of TrueCrypt. He adds that loss of AES strength does not result in AES getting weaker.
Gibson provides the data on how computers get infected; according to him, IE is at about 66%, Firefox …