SSCC 98 - RSA keys, Blackhole exploits, Nitol botnets and Apache takes potshots at Microsoft

Filed Under: Botnet, Cryptography, Data loss, Featured, Internet Explorer, Law & order, Malware, Microsoft, Podcast, Vulnerability

Sophos Security Chet Chat logoThis week Paul Ducklin is in the guest seat as he and Chester look at the latest security news.

This week's topics include: Patch Tuesday, weak RSA certificates, how you might manage to lose $250,000 worth of Bitcoins, a new version of the Blackhole exploit kit, and the takedown of the Nitol botnet.

To finish off, Chet and Duck take a look at Apache's recent spat with Microsoft.

That's where Microsoft tried to do what it thought was the right thing about Do Not Track in its new browser, only to suffer a smackdown by the Apache open-source web server crew.

Neither Chet nor Duck mince their words in this segment, so make sure you listen to the end!

(17 Sep 2012, duration 14'47", size 10.7MBytes)

Download this podcast as an MP3: Sophos Security Chet Chat 98.

Subscribe on iTunes or via our RSS feed.

View the Sophos Podcast archive.


-

, , , , , , , , , , , , , , , , , , , ,

You might like

5 Responses to SSCC 98 - RSA keys, Blackhole exploits, Nitol botnets and Apache takes potshots at Microsoft

  1. M parkes · 681 days ago

    this sound bite is missing the entire Microsoft v Apache news item - have the dynamic duo been censored?

    • Paul Ducklin · 681 days ago

      Hmmm. I was able to listen right to the end using Firefox on OS X (Flash plugin), and in Safari on an iPad (HTML5 magic)...

      I'll do some investigation (the "time remaining" in the Flash-based player does indeed seem to get it all wrong); in the meantime, would you mind grabbing the MP3 as a download and seeing how you get along? Please drop us an email to tips at sophos dot com to let us know what happened :-)

      • Jay · 681 days ago

        I had no problems either Firefox 15.0.1 on two different XP machines

    • Paul Ducklin · 681 days ago

      Please try now. I have re-encoded the file and linked to the new version, here:

      http://sophosnews.files.wordpress.com/2012/09/sop...

      The new file gives better results when I play it in the Flash-based player embedded in this page. Notably, I can fast-forward and rewind accurately throughout the entire audio stream, including to the end where the Apache-versus-Microsoft diatribe can be heard.

      Apologies for any confusion. It was not our intention to censor ourselves, no matter how desirable this might have semed to some listeners :-)

  2. JimboC_Security · 623 days ago

    Great podcast and thanks for the excellent info about the phasing out of RSA keys less than 1024 bits in length and the new version of the BlackHole exploit kit.

    The podcast played fine for me when downloading it as an MP3 file.

    In this podcast you mention that Internet Explorer 10 will be available for Windows 8, 7 and Vista.

    I have read from several sources that IE 10 will only be available for Windows 8 and Windows 7. Vista will be limited to IE 9.

    Here are some of the links that state this:
    http://www.windows7hacker.com/index.php/2012/11/i...
    http://www.computerworld.com/s/article/9215791/Wi...
    http://www.zdnet.com/blog/bott/why-wont-internet-...
    http://www.geekwire.com/2011/internet-explorer-10...
    http://blogs.msdn.com/b/ie/archive/2011/04/12/nat...

    Thanks and keep up the great work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog