SSCC 52 - Twitter HTTPS, net neutrality, car hacking, tsunami scams and Pwn2Own

Filed Under: Apple, Apple Safari, Denial of Service, Malware, Podcast, Privacy, Social networks, Spam, Twitter, Vulnerability

Sophos Security Chet Chat logoOne year ago (and one week, if you ask some people) I started this podcast with the goal of providing security content in a manner that was different from all of the other security podcasts.

My goal was to provide a concise roundup of the week's stories that could be consumed in less than 20 minutes and only focused on the news that mattered for today's busy IT administrator. I believe we have largely succeeded in that goal and I appreciate the support from our listeners for what we are trying to achieve.

This week Michael Argast joins me to celebrate a year's worth of Chet Chat. We began our discussion with the much welcomed news that Twitter is now supporting HTTPS as a setting in your profile. We briefly talked about the US Congress reversing the FCC decision on net neutrality, the SpyEye malware DDoS of abuse.ch and the results of the Pwn2Own contest at CanSecWest.

I brought up the continuation of research into hacking "smart cars" and the recent jumbo-sized patch for Safari on Windows and OS X.

One very unfortunate topic came up: the scammers attempting to take advantage of the tragedy in Japan. We did expect this to occur, and I encourage all of you to support the relief efforts, but be sure to go to credible charities and do not respond to solicitations sent to you online. If you are unable to find local charities that are trying to help, please visit http://www.redcross.org.

If you prefer a news summary for the week in text format, visit the Sophos Security Hub for the latest selected hot topics or subscribe to our weekly newsletter, Sophos enews.


(15 March 2011, duration 18:56 minutes, size 13.6MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 52.

All of our past podcasts are available from http://podcasts.sophos.com and on iTunes.

Update: Michael and I incorrectly state that the iPhone 3GS had support dropped in the latest update for iOS (4.3). It is the iPhone 3G that is no longer being fixed/patched/supported. It doesn't really change the discussion though, as the iPhone 3G was for sale as recently as June 2010. To refuse to provide security updates for a device purchased less than a year ago is deplorable.

Update 2: Another error was brought to my attention. The Adobe zero day in Flash does not require/utilize Adobe Reader at this point. Adobe Reader is vulnerable, but the current in the wild attacks are focused on malicious Flash delivered through Microsoft Excel spreadsheets, no Reader required.

, , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.