Jump to content

Security Now

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by HalHal (talk | contribs) at 01:12, 25 May 2007 (Episode list: +93). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Security Now!
File:Securitynow logo.gif
Presentation
Hosted byLeo Laporte / Steve Gibson
GenreComputer security
UpdatesWeekly
Publication
Original release19 August 2005

Security Now! is a weekly podcast (Internet radio show) hosted by Leo Laporte of this WEEK in TECH and Steve Gibson of Gibson Research Corporation (GRC). It is part of the TWiT.tv network [1], and the first episode was released on 19 August 2005.

Released each Thursday, Security Now! consists of a discussion between Gibson and Laporte of issues of computer security and, conversely, insecurity. Topics that have been covered include then-current security vulnerabilities, firewalls, password security, spyware, rootkits, Wi-Fi, virtual private networks (VPNs), and virtualization. In late 2005 and early 2006, the Windows Metafile vulnerability was also covered.

Podcast feed

Security Now! is distributed via its main podcast RSS feed (link) and on the GRC Security Now! page [2]. As with many podcasts, the audio is encoded in MP3 format, with higher quality (64 kilobits per second) and lower quality (16 kbit/s) versions available for listeners on low bandwidth connections (such as dial-up) or those with limited storage space.

Additional content

As part of GRC's section on the podcast, supplementary notes and transcripts of each show are available in plain text and PDF formats. Through Frappr, an online map is available for people to place a marker on, creating a geographical picture of where Security Now! listeners around the world live [3].

Listener feedback

Every fourth episode (referred to as the "mod 4 podcast"), Gibson and Laporte devote an episode to answering questions and responding to feedback provided by Security Now! listeners. This began on 1 December, 2005. The GRC web page has a feedback form allowing listeners to submit their comments and questions [4].

Popularity

In August 2006, Security Now! ranked fourth in the "Top 40" of all podcasts listened to via the PodNova service.[1] Security Now! averages around 100,000 downloads per episode throughout 2006. [2][3]

Episode list

Windows Metafile vulnerability claims

In episode 22 of Security Now! in January 2006, Steve Gibson made an accusation[4] that Microsoft may have intentionally put a backdoor into the Windows Metafile processing code of the Windows 2000 and XP operating systems.

Gibson claimed that while reverse engineering the Windows Metafile format, he could only run arbitrary code if he used a "nonsensical" value in the metafile. His conclusion was that Microsoft had intentionally designed Windows in this way to allow them to use the feature as a backdoor to running code on Windows computers without the knowledge of the user.

Gibson's claim was refuted[5] by Stephen Toulouse of Microsoft in an MSDN blog posting on 13 January 2006, stating that Gibson's observations applied only to metafiles containing one data record, and that the behavior was not intentional.

References

  1. ^ "PodNova Top 40". PodNova. 2006. Retrieved 2007-01-12. 4. Security Now! {{cite web}}: Unknown parameter |month= ignored (help)
  2. ^ Leo Laporte (2006-07-19). "June Numbers". Leo Laporte's blog. TWiT.tv. Retrieved 2007-01-12. Security Now: 103,034
  3. ^ Leo Laporte (2006-11-21). "October Numbers". Leo Laporte's blog. TWiT.tv. Retrieved 2007-01-12. Security Now 61: 99,751
  4. ^ Steve Gibson (January, 2006). "Security Now!, Transcript of Episode #22". Security Now! podcast. Retrieved March 18. {{cite web}}: Check date values in: |accessdate= and |year= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help); Unknown parameter |coauthors= ignored (|author= suggested) (help)CS1 maint: year (link)
  5. ^ Stephen Toulouse (January, 2006). "Looking at the WMF issue, how did it get there?". Microsoft Security Response Center Blog. MSDN TechNet Blogs. Retrieved March 18. {{cite web}}: Check date values in: |accessdate= and |year= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)CS1 maint: year (link)

Template:TWiTpodcasts