May 19 2009
We probably more the doubled the number of stories we talked about this week, but we only added about 8 minutes to the length of the podcast. You can consider this the “death by a thousand cuts” podcasts as we cover a string of shorter stories, ranging from a major IIS vulnerability, through breathalyzer spaghetti code, to how to get started in security.
We also spend a bit of time talking about Black Hat and Defcon, and celebrate hitting 500,000 downloads on episode 150. Someone call a numerologist!
- Breathalyzer source code released as part of a DUI defense… and it’s a mess.
- A DHS system was hacked, but only a little information made it out.
- Secret questions for password resets are often weaker than passwords, and easy to guess.
- Does tokenization solve anything? Yep.
- Kaspersky finds malware installed on a brand new netbook.
- Malware inserts malicious links into Google searchers.
- Google Chrome was vulnerable to Safari Pwn2Own bug. Both are WebKit-based, so we shouldn’t be too surprised.
- Information on the IIS 6 vulnerability/0day.
- How to get started in information security by Paul Asadoorian.
- Tonight’s Music: Liberate Your Mind by The Ginger Ninjas