We’ve migrated Naked Security to the Sophos News platform to provide all of our security intelligence and news in one location.

SSCC 98 – RSA keys, Blackhole exploits, Nitol botnets and Apache takes potshots at Microsoft

18 Sep 2012 5 Botnet, Cryptography, Data loss, Internet Explorer, Law & order, Malware, Microsoft, Podcast, Vulnerability

by Paul Ducklin

This week Paul Ducklin is in the guest seat as he and Chester look at the latest security news.

This week’s topics include: Patch Tuesday, weak RSA certificates, how you might manage to lose $250,000 worth of Bitcoins, a new version of the Blackhole exploit kit, and the takedown of the Nitol botnet.

To finish off, Chet and Duck take a look at Apache’s recent spat with Microsoft.

That’s where Microsoft tried to do what it thought was the right thing about Do Not Track in its new browser, only to suffer a smackdown by the Apache open-source web server crew.

Neither Chet nor Duck mince their words in this segment, so make sure you listen to the end!

(17 Sep 2012, duration 14’47”, size 10.7MBytes)

Download this podcast as an MP3: Sophos Security Chet Chat 98.

Subscribe on iTunes or via our RSS feed.

View the Sophos Podcast archive.

–

Free tools

5 comments on “SSCC 98 – RSA keys, Blackhole exploits, Nitol botnets and Apache takes potshots at Microsoft”

M parkes says:

September 18, 2012 at 1:24 pm

this sound bite is missing the entire Microsoft v Apache news item – have the dynamic duo been censored?

Reply
- Paul Ducklin says:
  
  September 18, 2012 at 9:55 pm
  
  Hmmm. I was able to listen right to the end using Firefox on OS X (Flash plugin), and in Safari on an iPad (HTML5 magic)…
  
  I'll do some investigation (the "time remaining" in the Flash-based player does indeed seem to get it all wrong); in the meantime, would you mind grabbing the MP3 as a download and seeing how you get along? Please drop us an email to tips at sophos dot com to let us know what happened 🙂
  
  Reply
  - Jay says:
    
    September 19, 2012 at 12:57 am
    
    I had no problems either Firefox 15.0.1 on two different XP machines
    
    Reply
- Paul Ducklin says:
  
  September 19, 2012 at 1:08 am
  
  Please try now. I have re-encoded the file and linked to the new version, here:
  
  http://news-sophos.go-vip.net/wp-content/uploads/sites/2/2012/09/sop…
  
  The new file gives better results when I play it in the Flash-based player embedded in this page. Notably, I can fast-forward and rewind accurately throughout the entire audio stream, including to the end where the Apache-versus-Microsoft diatribe can be heard.
  
  Apologies for any confusion. It was not our intention to censor ourselves, no matter how desirable this might have semed to some listeners 🙂
  
  Reply
JimboC_Security says:

November 15, 2012 at 4:21 pm

Great podcast and thanks for the excellent info about the phasing out of RSA keys less than 1024 bits in length and the new version of the BlackHole exploit kit.

The podcast played fine for me when downloading it as an MP3 file.

In this podcast you mention that Internet Explorer 10 will be available for Windows 8, 7 and Vista.

I have read from several sources that IE 10 will only be available for Windows 8 and Windows 7. Vista will be limited to IE 9.

Here are some of the links that state this:
http://www.windows7hacker.com/index.php/2012/11/i…
http://www.computerworld.com/s/article/9215791/Wi…
http://www.zdnet.com/blog/bott/why-wont-internet-…
http://www.geekwire.com/2011/internet-explorer-10…
http://blogs.msdn.com/b/ie/archive/2011/04/12/nat…

Thanks and keep up the great work.

Reply