S1 E1 • As the Worm Turns — the first Internet worms of 2005

How a never-disclosed Windows vulnerability was quickly reverse-engineered from the patches to fix it and turned into more than 12 potent and damaging Internet worms in three days. What does this mean for the future of Internet security?

Première diffusion : 18 août 2005

S1 E2 • HoneyMonkeys

How Microsoft's "HoneyMonkey" system works, how it finds malicious web sites before they find you, and what Microsoft is doing (and NOT doing) with this valuable security information it is now collecting.

Première diffusion : 25 août 2005

S1 E3 • NAT Routers as Firewalls

Most people don't think of common NAT routers as hardware firewalls, but ANY NAT router inherently provides terrific security and protection against incoming malicious traffic. Learn how and why this is, and which default settings MUST be changed to lock down the security of your NAT router.

Première diffusion : 1 septembre 2005

S1 E4 • Personal Password Policy (1)

Everyone who uses web-based services such as eBay, Amazon, and Yahoo, needs to authenticate their identity with passwords. Password quality is important since easily guessable passwords can be easily defeated. Leo and I recap a bit from last week's program, then discuss passwords. We suggest an approach that anyone can use to easily create unbreakable passwords.

Première diffusion : 8 septembre 2005

S1 E5 • Personal Password Policy (2)

Our previous episode (#4), which discussed personal password policies, generated so much great listener feedback, thoughts, ideas, and reminders about things we didn't mention, that we decided to wrap up this important topic with a final episode to share listeners' ideas and to clarify some things we left unsaid.

Première diffusion : 15 septembre 2005

S1 E6 • Mechanical & Electromagnetic Information Leakage

Triggered by a recent report of three UC Berkeley researchers recovering text typed at a keyboard (any keyboard) after simply listening to ten minutes of typing, Leo and I discuss the weird realm of "alternative information leakage" — from CRT glowing, to radio emissions, to LEDs lamps on the front of network equipment . . . to a microphone listening to anyone typing.

Première diffusion : 22 septembre 2005

S1 E7 • SPYaWAREness

Any contemporary discussion of threats to Internet security must discuss the history, current situation, and future of spyware. Leo and I spend a little more time than usual covering many aspects of this important topic. DON'T MISS the Episode Notes Page for this episode!

Première diffusion : 29 septembre 2005

S1 E8 • Denial of Service (DoS) Attacks

Distributed Denial of Service (DDoS) attacks are occurring with ever-greater frequency every day. Although these damaging attacks are often used to extort high-profile gaming and gambling sites before major gambling events, attacks are also launched against individual users who do something to annoy "zombie fleet masters" while they are online. Some router and firewall vendors claim that their devices prevent DDoS attacks. Is that possible? What can be done to dodge the bullet of a DDoS attack launched against you while you're online?

Première diffusion : 6 octobre 2005

S1 E9 • Rootkits

This week we discuss "rootkit technology". We examine what rootkits are, why they have suddenly become a problem, and how that problem is rapidly growing in severity. We also discuss their detection and removal and point listeners to some very effective free rootkit detection solutions.

Première diffusion : 13 octobre 2005

S1 E10 • Open Wireless Access Points

Leo and I examine the security and privacy considerations of using non-encrypted (i.e. 'Open') wireless access points at home and in public locations. We discuss the various ways of protecting privacy when untrusted strangers can 'sniff' the data traffic flowing to and from your online PC.

Première diffusion : 20 octobre 2005

S1 E11 • Bad WiFi Security (WEP and MAC address filtering)

Leo and I answer some questions arising from last week's episode, then plow into a detailed discussion of the lack of security value of MAC address filtering, the futility of disabling SSID's for security, and the extremely poor security offered by the first-generation WEP encryption system.

Première diffusion : 27 octobre 2005

S1 E12 • Sony's

Leo and I discuss details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme. This poorly written software unnecessarily employs classic rootkit technology (see episode #9) to hide from its users after installation. It can not be uninstalled easily, it can be easily misused for malicious purposes, and it has been implicated in many repeated BSOD "blue screen of death" PC crashes.

Première diffusion : 3 novembre 2005

S1 E13 • Unbreakable WiFi Security

Leo and I follow-up on last week's discussion of the Sony Rootkit debacle with the distressing news of "phoning home" (spyware) behavior from the Sony DRM software, and the rootkit's exploitation by a new malicious backdoor Trojan. We then return to complete our discussion of WiFi security, demystifying the many confusing flavors of WPA encryption and presenting several critical MUST DO tips for WPA users.

Première diffusion : 10 novembre 2005

S1 E14 • Virtual Private Networks (VPN): Theory

Leo and I first follow-up on the past two episodes, discussing new developments in the continuing Sony Rootkit DRM drama, and clearing up some confusion over the crackability of WPA passphrases. Then, in this first of our two-part series on VPNs, we discuss the theory of VPN connections and tunnels, explaining how they work and why they represent such a terrific solution for anyone who needs security while they're away from home.

Première diffusion : 17 novembre 2005

S1 E15 • VPN Secure Tunneling Solutions

Leo and I discuss the use of SSL and SSH encrypted tunneling for providing privacy and security whenever an insecure local network is being used — such as at an open WiFi hotspot or when using a hotel's network. These solutions are not transparent and tend to be configuration intensive. They also require the use of a "server" of some sort at the user's home or office. This makes these approaches less suitable for casual users, but offers a solution for the more technically inclined road warriors.

Première diffusion : 24 novembre 2005

S1 E16 • Listener feedback Q&A #1

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies we have previously discussed.

Première diffusion : 1 décembre 2005

S1 E17 • PPTP and IPSec VPN Technology

In our continuing exploration of VPN technology for protecting network users on networks they don't control, Leo and I discuss the oldest "original" VPN protocols: Industry standard IPSec, and Microsoft's own PPTP and L2TP/IPSec. We examine and explain the trouble with interconnecting Windows machines to third-party VPN routers and examine the many reasons these older technologies are probably not optimal for on-the-go road warriors.

Première diffusion : 8 décembre 2005

S1 E18 • Hamachi Rocks!

This week Leo and I discuss and describe the brand new, ready to emerge from a its long development beta phase, ultra-secure, lightweight, high-performance, highly-polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system known as "Hamachi". After two solid weeks of testing and intense dialog with Hamachi's lead developer and designer, I have fully vetted the system's security architecture and have it running on many of my systems. While I am travelling to Toronto this week, Hamachi is keeping my roaming laptop securely and directly connected to all of my machines back home. Don't miss this one!

Première diffusion : 15 décembre 2005

S1 E19 • VPNs Three: Hamachi, iPig, and OpenVPN

Leo and I wrap up our multi-week, in-depth coverage of PC VPN solutions by discussing some aftermath of the zero-configuration Hamachi system; introducing "iPig," a very appealing new zero-configuration VPN contender; and describing the many faces of OpenVPN, the "Swiss army knife" of VPN solutions.

Première diffusion : 22 décembre 2005

S1 E20 • A SERIOUS new Windows vulnerability — and Listener Q&A

On December 28th a serious new Windows vulnerability has appeared and been immediately exploited by a growing number of malicious web sites to install malware. Many worse viruses and worms are expected soon. We start off discussing this and our show notes provides a quick necesary workaround until Microsoft provides a patch. Then we spend the next 45 minutes answering and discussing interesting listener questions.

Première diffusion : 29 décembre 2005

S1 E21 • The Windows MetaFile (WMF) Vulnerability

Leo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular -- and very necessary -- temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond.

Première diffusion : 5 janvier 2006

S1 E22 • The Windows MetaFile Backdoor?

Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Première diffusion : 12 janvier 2006

S1 E23 • GRC's

Leo and I "close the backdoor" on the controversial Windows WMF Metafile image code execution (MICE) vulnerability. We discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware: MouseTrap which determines whether any Windows or Linux/WINE system has 'MICE'.

Première diffusion : 19 janvier 2006

S1 E24 • Listener Feedback Q&A #3

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.

Première diffusion : 26 janvier 2006

S1 E25 • How the Internet Works (1)

Steve talks about the Kama Sutra virus, scheduled to strike tomorrow, and PC World's anti-virus roundup. Then we delve into How the Internet Works, part 1. We'll wrap things up next week.

Première diffusion : 2 février 2006

S1 E26 • How the Internet Works (2)

Part 2 of Steve's discussion of how the fundamental Internet technologies work. This and the previous episode will provide the foundation for our future podcasts on Internet security issues.

Première diffusion : 9 février 2006

S1 E27 • How Local Area Networks Work, Part 1

Steve continues to lay a foundation on understanding networking. This week, part one of how LANs work. We cover DHCP, Subnet Masks, Routers, and hubs. We'll conclude with part two on episode 29.

Première diffusion : 16 février 2006

S1 E28 • Listener Feedback Q&A #4

Steve answers your questions on this episide. With further clarification on VPN security, Hamachi, and the answer to the eternal question, which operating system is the most secure.

Première diffusion : 23 février 2006

S1 E29 • Ethernet Insecurity

In this week's marathon edition Steve tackles security issues inherent to Ethernet, including ARP spoofing.

Première diffusion : 2 mars 2006

S1 E30 • Cryptographic Issues

This week Steve takes a look at how cryptography is used and the difficult issues strong crypto raises.

Première diffusion : 10 mars 2006

S1 E31 • Symmetric Stream Ciphers

This week Steve continues his discussion of crypto with a look at secret decoder rings and one-time pads.

Première diffusion : 16 mars 2006

S1 E32 • Listener Feedback Q&A #5

Episode 32 is our monthly question and answer session.

Première diffusion : 23 mars 2006

S1 E33 • Symmetric Block Ciphers

Part three of Steve's overview of cryptography looks at symmetric block ciphers.

Première diffusion : 30 mars 2006

S1 E34 • Public Key Cryptography

This week Steve explains how public key cryptography works, and we welcome our new sponsor, Astaro! Thanks so much for the support guys.

Première diffusion : 6 avril 2006

S1 E35 • Cryptographic Hashes

This week Steve talks about how cryptographic hashes work and are used to verify the integrity of files and email. We also talk about email signing and recommend the Gnu Privacy Guard.

Première diffusion : 13 avril 2006

S1 E36 • Listener Feedback Q&A #6

As usual on every fourth episode, Steve answers listener questions.

Première diffusion : 20 avril 2006

S1 E37 • Crypto Series Wrap-up

We wrap up our talk about cryptography with a discussion of prime number generation, key recovery, and digital certificates.

Première diffusion : 27 avril 2006

S1 E38 • Browser Security

Why is Internet Explorer so insecure? What can you do to secure it? And why is it so hard to make a secure browser? Steve talks about security policy vs. browser flaws, how he uses IE safely, and why Java and Javascript are inherently more secure than ActiveScript and ActiveX.

Première diffusion : 4 mai 2006

S1 E39 • Buffer Overruns

Buffer overflows... they're the most common kind of security flaw, but what are they and how do they happen? Finally, how can we protect ourselves from them? Steve explains all.

Première diffusion : 11 mai 2006

S1 E40 • Listener Feedback Q&A #7

As he does every fourth episode, Steve answers your questions. But first, an update on some recent security news...

Première diffusion : 18 mai 2006

S1 E41 • TrueCrypt

The ultimate encryption program, free, open source, strong, and flexible: Truecrypt.

Première diffusion : 25 mai 2006

S1 E42 • NAT Traversal

Steve explains the clever technique that Skype and other programs use to end around NAT routers.

Première diffusion : 1 juin 2006

S1 E43 • Open Ports

Ever wonder what a port is? Steve explains what they are and what terms like "stealth ports" and "port sniffing mean." Leo reads a little poetry.

Première diffusion : 8 juin 2006

S1 E44 • Listener Feedback Q&A #8

On this episode, one dozen questons and answers

Première diffusion : 15 juin 2006

S1 E45 • The 'Hosts' File

This week Steve explains the mysterious HOSTS file - part of Windows, OS X, Linux, and many other operating systems. He talks about how malicious programs may misuse it, and how you can use it to protect yourself.

Première diffusion : 22 juin 2006

S1 E46 • Router Logs

This week Steve tells us what to do with the router logs. What a router can (and can't) tell you about your security situation?

Première diffusion : 29 juin 2006

S1 E47 • Internet Weaponry

This week Steve tells us about distributed denial of service attacks and how hackers use IRC botnets to create them.

Première diffusion : 6 juillet 2006

S1 E48 • Listener Feedback Q&A #9

How big can a HOSTS file get? Does a firewall slow you down? A plan to fight phishers. All on this week's edition of Security Now! with Steve Gibson.

Première diffusion : 13 juillet 2006

S1 E49 • The NETSTAT Command

How can you tell what your computer is doing on the net? Netstat. This handy program comes with almost all operating systems. On Windows, click Start, then select Command Prompt from the Programs->Accessories menu. To run Netstat, type netstat at the command prompt. For more readable output type netstat -ab.

Première diffusion : 20 juillet 2006

S1 E50 • Virtual Machine History & Technology

Virtualization, its history and uses in security.

Première diffusion : 27 juillet 2006