SecuraBit Episode 2

On this episode of SecuraBit. Chris, Jay, and Anthony discuss:

Download the MP3 here.

iTunes should refresh soon and you can get that via the RSS on the right, or from within iTunes itself. If all else fails the m4a is here.

Please leave feedback either via comments or to [email protected] Thanks for tuning in!

6 Responses to “SecuraBit Episode 2”

  1. Securi-D says:

    Hi,
    I think this tool might let you active/de-activate the YoubaKey. If not you could always force an automatic reboot on your computer.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q311272

    Dave

  2. Jay says:

    Thanks for the info, we’ll have to check it out. Also thanks for supporting us and continue listening!

  3. anon says:

    Please don’t take this the wrong way (I only mean this as positive/constructive criticism)
    I’m not trying to sound like a stickler but, many [actually almost all] of the stories/topics you guys talked about had flagrant factual/fundamental errors in them. One example was the last topic about the Air Force botnet; someone said that they were talking about using every computer in the US in the botnet and then the conversation just went south from there. The whole deal w/the Air Force botnet was that they wanted to use every and only military computers in that project. Another example is when someone said that it was ok to use a short password (dog) if you are using two-factor authentication. Last example, someone said that AES could be cracked in four or five years and that just made me cringe. I guess my point isn’t to pick out flaws but, maybe to encourage you guys to do just a little more research before discussing something technical. As podcasters, (whether you like it or not) you guys are viewed as authorities on security and there’s a responsibility that goes with that. No hard feelings I hope. :)

  4. Chris says:

    Anon: I appreciate the feedback. We were a bit drunk for Ep 2. I do want to address the responsibility issue. We do this as a hobby, as a way to have some fun discussion about security topics. I don’t want to put false information out there, but we will inevitably make errors as we go along. Hopefully they are minor ones such as in this episode, and on the whole the information is somewhat useful to someone, although the main goal I have with this is entertainment.

    Specifically regarding the two-factor authentication discussion though. Using the password “dog” is perfectly acceptable when requiring a hardware key such as the yubikey. Obviously the only downside is if someone steals your yubikey they could brute force your password quite easily, but then again, even if your password is j9jzFKD#@hfa85lhz, it doesn’t matter because they have your key, and given enough time and processing power, will eventually crack it before the end of time anyway, so who cares, really? :)

    Thanks for listening!

  5. Anthony says:

    Well they would love to be able to take control of every computer in the known world. The simple reason is that if you can do that you then have a foothold to know what and how attacks are being played out. This is however not practical and no likely to happen. Microsoft can’t even get the foothold big enough to put it on every computer in the world. and trust me they would love to :)

    But i second Chris’s thoughts. This is fun, it is mean to bring a sense of awareness and topics that are new and not the ones that are covered every day. I look forward to more feedback!

  6. Anthony says:

    Securi-D,
    That is an awesome looking tool, and it is from Microsoft. Wow!

    That could be handy from a troubleshooting perspective. I have to look and see if it will go in and replace the current devise manager or just be an add on or even a transparent side kick.

    Thanks for that link to the tool.

    Anthony

Leave a Reply