Security Now! Transcript of Episode #322 Page 1 of 20

Transcript of Episode #322

Listener Feedback #128

Description: Steve and Tom discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-322.mp3

Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-322-lq.mp3

TOM MERRITT: Hey, everybody. It's time for Security Now!, the show that helps you stay safe online. I'm Tom Merritt, filling in for the vacationing Leo Laporte, which is always a treat for me because I get to hang out with Steve Gibson, the man from GRC.com. Steve, great to be on with you again.

Steve Gibson: Well, this time, or this week, I would say better late than never. I don't think we've ever been late. We've never missed one. Actually, last Christmas was the first time we ever deliberately repeated a podcast, and we got a lot of flak from listeners who said, oh, Steve, you've broken your record. You went six years with never having missed one. But in this case I was performing my civic duty, as many of our listeners will all probably already know. Spent the day in court, or in the courtroom, at least.

TOM: Right, as a prospective juror. You weren't subpoenaed there.

Steve: No, no.

TOM: But you didn't get on the jury, so I'm sorry to hear that.

Steve: Yeah, it's a mixed...

TOM: Actually, I'm not sorry to hear that because it means you can keep doing the show on time.

Steve: Yeah. It would have been an annoyance, and it was going to be a long trial. They were guessing about an 11-day trial with lots of witnesses. And it sounded like it was going to be interesting. But on balance, I think I'm glad that I had those 12 espressos in the morning, and they seemed to think I looked way too interested in the trial.

TOM: That's the key. Security Now! Transcript of Episode #322 Page 2 of 20

Steve: I was way more present than I should have been. So we don't know what this guy's going to do. Anyway...

TOM: All right. Well, we've got some Microsoft and Apple updates to get to today. The fighter drone cockpit story, we talked about that on TNT. I'm very interested to get your perspective on that. Germany deliberately installing some malware. Well, let's get into Security Now!. Security updates, we've got a Patch Tuesday on the way.

Steve: Yup. We went through the second Tuesday of the month, and there's really no earthshaking news: 23 vulnerabilities fixed by Microsoft, nine of which were ranked critical, meaning that no particular action on the user would be required. And eight of those nine were in IE, which got updated. And Microsoft did make a comment that they are expecting some flaws in Media Center, which were fixed in this round, to be exploited soon. So if you have a habit of not rebooting your machine for a while after you've installed updates, I would say probably better to do it sooner than later because Microsoft is even saying themselves that they're expecting this not-yet-exploited problem in Media Center, which they have fixed, to go live out in the wild and catch people who have not fixed it. So good to do. And of course Apple has had a big week this week.

TOM: Yeah, a bunch of software coming. Not just...

Steve: Yeah, right. iOS 5 is out. iTunes got a major update in support of that. But it also fixed, over on the Windows side, they fixed 75 different security flaws in the Windows version of iTunes. There's a new Safari. It is at 5.1.1, which is reputed to improve JavaScript performance by 13 percent.

TOM: That's not bad.