Security Now
Encyclopedia
Security Now! is a weekly podcast
hosted by Leo Laporte
and Steve Gibson. The first episode was released on 19 August 2005.
Released each Thursday, Security Now! consists of a discussion between Gibson and Laporte of issues of computer security
and, conversely, insecurity
. Covered topics have included security vulnerabilities, firewall
s, password
security, spyware
, rootkit
s, Wi-Fi
, virtual private network
s (VPNs), virtual machine
s, full virtualization
, hardware-assisted virtualization, and virtual appliance
s.
(link) and on the GRC Security Now! page. The audio is encoded as 64 kbit/s MP3 files with 16 kbit/s versions available for listeners on low bandwidth connections or those with limited storage space. The audio files are licensed under the creative commons by-nc-sa license.
formats.
4 episode" or "mod 4 equals 0 episode.") was devoted to this, but starting with Episode 108 this merged with the then recently introduced "Mailbag" episodes ("mod 4 + 2 episodes") and became a bi-weekly feature. Listeners submit their comments and questions for the podcast at the GRC.COM Website.
Technology/Science category. In August 2006, Security Now! ranked fourth in the "Top 40" of all podcasts listened to via the PodNova service. Security Now! averaged around 100,000 downloads per episode throughout 2006.
of intentionally putting a backdoor into the Windows Metafile
processing code in Windows 2000
and Windows XP
. Gibson claimed that while reverse engineering
the Windows Metafile format, he could run arbitrary code
by using a "nonsensical" value in the metafile, and concluded Microsoft had intentionally designed Windows this way so it could run code on Windows computers without the user's knowledge. Microsoft
's Stephen Toulouse responded in a Microsoft Security Response Center blog post the next day, saying the behavior was not intentional.
Podcast
A podcast is a series of digital media files that are released episodically and often downloaded through web syndication...
hosted by Leo Laporte
Leo Laporte
Léo Gordon Laporte is an Emmy Award winning, American technology broadcaster, author, and entrepreneur. A former resident of Providence, Rhode Island, he now lives in Petaluma, California with his wife Jennifer and two children, Abby and Henry....
and Steve Gibson. The first episode was released on 19 August 2005.
Released each Thursday, Security Now! consists of a discussion between Gibson and Laporte of issues of computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
and, conversely, insecurity
Computer insecurity
Computer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.-Security and systems design:...
. Covered topics have included security vulnerabilities, firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
s, password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
security, spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
s, Wi-Fi
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...
, virtual private network
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
s (VPNs), virtual machine
Virtual machine
A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". Modern virtual machines are implemented with either software emulation or hardware virtualization or both together.-VM Definitions:A virtual machine is a software...
s, full virtualization
Full virtualization
In computer science, full virtualization is a virtualization technique used to provide a certain kind of virtual machine environment, namely, one that is a complete simulation of the underlying hardware...
, hardware-assisted virtualization, and virtual appliance
Virtual appliance
A virtual appliance is a virtual machine image designed to run on a virtualization platform ....
s.
Podcast feed
Security Now! is distributed via its main podcast RSS feedRSS (file format)
RSS is a family of web feed formats used to publish frequently updated works—such as blog entries, news headlines, audio, and video—in a standardized format...
(link) and on the GRC Security Now! page. The audio is encoded as 64 kbit/s MP3 files with 16 kbit/s versions available for listeners on low bandwidth connections or those with limited storage space. The audio files are licensed under the creative commons by-nc-sa license.Show format
The podcast runs for approximately 90 minutes, with sections on 'Attacks and Breaches', 'Security updates', 'Security News', and then the actual discussion of the subject of the podcast.Additional content
As part of GRC's section on the podcast, supplementary notes and transcripts of each show are available in plain text, HTML and PDFPortable Document Format
Portable Document Format is an open standard for document exchange. This file format, created by Adobe Systems in 1993, is used for representing documents in a manner independent of application software, hardware, and operating systems....
formats.
Listener feedback
Regular episodes of the podcast have been devoted to the answering of questions and responding to feedback provided by Security Now! listeners. Originally every 4th episode (referred to as a "modModulo operation
In computing, the modulo operation finds the remainder of division of one number by another.Given two positive numbers, and , a modulo n can be thought of as the remainder, on division of a by n...
4 episode" or "mod 4 equals 0 episode.") was devoted to this, but starting with Episode 108 this merged with the then recently introduced "Mailbag" episodes ("mod 4 + 2 episodes") and became a bi-weekly feature. Listeners submit their comments and questions for the podcast at the GRC.COM Website.
Popularity
In August 2007, Security Now! won in the People's Choice Podcast AwardsPodcast Awards
The People's Choice Podcast Awards, better known as the Podcast Awards, are an annual set of awards given to the best podcasts as voted by the people...
Technology/Science category. In August 2006, Security Now! ranked fourth in the "Top 40" of all podcasts listened to via the PodNova service. Security Now! averaged around 100,000 downloads per episode throughout 2006.
Microsoft backdoor accusation
In January 2006 Steve Gibson accused MicrosoftMicrosoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
of intentionally putting a backdoor into the Windows Metafile
Windows Metafile
Windows Metafile is a graphics file format on Microsoft Windows systems, originally designed in the 1990s. Windows Metafiles are intended to be portable between applications and may contain both vector graphics and bitmap components....
processing code in Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
. Gibson claimed that while reverse engineering
Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
the Windows Metafile format, he could run arbitrary code
Arbitrary code
In computer security, arbitrary code execution is used to describe an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way...
by using a "nonsensical" value in the metafile, and concluded Microsoft had intentionally designed Windows this way so it could run code on Windows computers without the user's knowledge. Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
's Stephen Toulouse responded in a Microsoft Security Response Center blog post the next day, saying the behavior was not intentional.