SSCC 108 - WW2 crypto, Bitcoin mining, internet cameras, password breaches [PODCAST]

Filed Under: Featured, Podcast

For your listening pleasure, here's the latest episode in our popular "Chet Chat" series.

Senior Security Advisor Chester Wisniewski discusses the latest security news with regular guest Duck (Paul Ducklin).

The pair turn their unique blend of insight, expertise and scepticism on recent events in the computer security world.

(If this is your first time listening to the Chet Chat: episodes come out every two weeks, and usually last about a quarter of an hour. That makes the Chet Chat podcast ideal for your daily commute or for a spot of lunchtime listening. There's an archive of previous Chet Chats and other Sophos podcasts - you can also get our podcasts via RSS or iTunes.)

Listen now:


(08 May 2013, duration 14'24", size 8.7 MBytes)

Download now:

Sophos Security Chet Chat #108 (MP3)

Chet Chat episode 108 shownotes:

• British cryptographic derring-do during World War Two

Chester and Duck look back on a "by-hand" steganographic system used by British PoWs during the Second World War to hide secret messages in letters home. Amazingly, researchers at Plymouth University just tried their hand at decoding the letters of a certain Sub Lieutenant John Pryor, and found that the system had worked fine!

Duck points out that hiding one message openly inside another is much more difficult that you might think, so he's running a small contest for listeners and readers to try their hand at prison-camp crypto!

Write a short but believable paragraph that hides Duck's 15-word secret message and you could win a Naked Security T-shirt.

• Network gaming company hides Bitcoin miner in anti-cheat tool

Chester expresses incredulity (but not, perhaps, surprise) at the news that a North American online games company shipped a secret Bitcoin miner inside its client software.

Duck reminds us that this story is particularly ironic since the only reason for the client software in the first place was to stop gamers cheating each other. Somehow the rules didn't seen to extend to the company not cheating its customers out of GPU power.

• Internet cameras under the security lens once again

Duck laments some of the vulnerabilities found by researchers at Core Security in popular internet cameras. From hard-coded passwords, through directory traversal vulnerabilities to completely open access to the video stream, these holes don't just affect security, but privacy, too.

Chester explains the method he uses to ensure he doesn't forget about security patches and firmware updates for his home devices, but both Chet and Duck doubt that embedded devices in the workplace get patched as they should.

• Yet more very public password breaches

Chester asks where logon security is headed after the recent high-profile hacks at Associated Press and LivingSocial. He wonders whether salting and hashing passwords is really the panacea people seem to assume.

Duck agrees, pointing out his suspicion that "don't worry, I hashed the passwords" is turning into a excuse for data breaches, rather than simply being treated as part of defence in depth.

• Signing off

Chester is too modest to mention it, so Duck chimes in at the end to brag tothank our listeners and readers for their help in steering Naked Security to win a pair of awards. Chester collected them in person while he was at Infosecurity Europe in London.

Catch up with Chet Chats and other podcasts


(08 May 2013, duration 14'24", size 8.7 MBytes)

You can download the Sophos Security Chet Chat podcast episode 108 directly in MP3 format.

And why not take a look at the back-catalogue of Sophos Podcasts in our archive? We have loads of interesting stuff for your listening pleasure.

, , , , , , , , , , , , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog