SSCC 87 – Mac botnet, Global Payments, Flash Player updater, AES-NI and cloud encryption

Sophos Security Chet Chat

Sophos Security Chet Chat logoDavid Schwartzberg is this week’s guest on the Chet Chat. David is a Senior Security Engineer for Sophos and one of our experts on cryptography.

Much of the news this week was dominated by the massive Mac botnet that has been plaguing OS X users. The malware exploited an unpatched vulnerability in Oracle Java that has claimed more than 600,000 victims.

As a percentage nearly as many Mac users are infected with this malware as Windows users were with Conficker.

We also discussed the recent credit card breach at payment processor Global Payments. David shared his thoughts on how the use of techniques like tokenization can help prevent these types of data leaks.

I also took a moment to praise Adobe for its recent launch of an automatic updater for Adobe Flash Player. David pointed out the automatic updates aren’t right for every situation, but we agreed that frequently targeted applications would likely benefit from this approach.

In 2010 Intel introduced hardware encryption support (AES-NI) in some of their CPUs and David talked about the performance advantages of using AES-NI for all encryption related activities.

David also talked about some of the cool new ways we are enabling safe usage of the cloud for data storage in SafeGuard Enterprise 6.

(5 April 2012, duration 20:44 minutes, size 11.8 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 87, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.