SSCC 52 – Twitter HTTPS, net neutrality, car hacking, tsunami scams and Pwn2Own

Sophos Security Chet Chat 41

Sophos Security Chet Chat logoOne year ago (and one week, if you ask some people) I started this podcast with the goal of providing security content in a manner that was different from all of the other security podcasts.

My goal was to provide a concise roundup of the week’s stories that could be consumed in less than 20 minutes and only focused on the news that mattered for today’s busy IT administrator. I believe we have largely succeeded in that goal and I appreciate the support from our listeners for what we are trying to achieve.

This week Michael Argast joins me to celebrate a year’s worth of Chet Chat. We began our discussion with the much welcomed news that Twitter is now supporting HTTPS as a setting in your profile. We briefly talked about the US Congress reversing the FCC decision on net neutrality, the SpyEye malware DDoS of and the results of the Pwn2Own contest at CanSecWest.

I brought up the continuation of research into hacking “smart cars” and the recent jumbo-sized patch for Safari on Windows and OS X.

One very unfortunate topic came up: the scammers attempting to take advantage of the tragedy in Japan. We did expect this to occur, and I encourage all of you to support the relief efforts, but be sure to go to credible charities and do not respond to solicitations sent to you online. If you are unable to find local charities that are trying to help, please visit

If you prefer a news summary for the week in text format, visit the Sophos Security Hub for the latest selected hot topics or subscribe to our weekly newsletter, Sophos enews.

(15 March 2011, duration 18:56 minutes, size 13.6MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 52.

All of our past podcasts are available from and on iTunes.

Update: Michael and I incorrectly state that the iPhone 3GS had support dropped in the latest update for iOS (4.3). It is the iPhone 3G that is no longer being fixed/patched/supported. It doesn’t really change the discussion though, as the iPhone 3G was for sale as recently as June 2010. To refuse to provide security updates for a device purchased less than a year ago is deplorable.

Update 2: Another error was brought to my attention. The Adobe zero day in Flash does not require/utilize Adobe Reader at this point. Adobe Reader is vulnerable, but the current in the wild attacks are focused on malicious Flash delivered through Microsoft Excel spreadsheets, no Reader required.