SSCC 107 – Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST]


For your listening pleasure, here’s the latest episode in our popular “Chet Chat” series.

Senior Security Advisor Chester Wisniewski discusses the latest security news with regular guest Duck (Paul Ducklin).

The pair turn their unique blend of insight, expertise and scepticism on recent events in the computer security world.

At a tidy quarter-hour in length, the Chet Chat is ideal for your daily commute or for a spot of lunchtime listening!

Listen now:

(23 April 2013, duration 13:56 minutes, size 8.4 MBytes)

Download now:

Sophos Security Chet Chat #107 (MP3)

Chet Chat episode 107 shownotes:

Last week Chester was in Boston, so we offered our condolences to the people of that city, and made some choice remarks about what we thought of the scammers who leapt on the stories so quickly to try to add computer injury to physical and emotional pain.

• Hostgator hacked, poetic justice served

Hostgator, a Texas server hosting comany, was hacked by an insider who made off with an SSH key and allegedly set about stealing data after getting fired. We noted the poetic justice of how investigators dealt with the intruder when they spotted a him in the middle of a hack, and were able to use his TCP session “in reverse” to catch him. They came up with enough evidence of wrongdoing to lead to his arrest. Hostgator had kept the sort of logs that made the investigation possible, and we were of the opinion that you should do the same.

• Safari updated with more safety for Java

Apple updated Safari with an “allow/deny” dialog for Java applets. We weren’t 100% happy with a solution that requires yet more technically-informed decision making by users in real time, but we pointed out that it’s a better middle ground than just having Java on or off. Many Naked Security readers have shared their pain at wanting to throw Java out of their browser but being unable to do so for unavoidable legacy reasons.

• Can an Android app crash a plane?

A presentation at the Hack In The Box conference in Amsterdam about the security of in-flight control software on commercial aircraft got lots of publicity recently. We reminded you that the claims you may have heard implying that almost anyone with an Android phone could overpower a plane at will aren’t quite the conclusions you should draw.

• Facebook Home and “Cover Feed

We discussed the “Cover Feed” parts of the new Facebook Home offering, which is a replacement for the lock screen that effectively leaves your phone in a partially-unlocked state in which other people’s Facebook posts pop up even if you’re not there. Not only that, but you – or someone near your phone – can Like those posts without unlocking the device. We aren’t convinced this is a good idea, and we thought you should stick to the leanest, meanest, cleanest lock screen you can tolerate.

• Stop by and meet the team

Finally, since Chester’s in London right now, he invited anyone attending this week’s Infosecurity Europe in Earls Court to stop by at the Sophos booth and say, “G’day!”

Catch up with Chet Chats and other podcasts

(23 April 2013, duration 13:56 minutes, size 8.4 MBytes)

You can download the Sophos Security Chet Chat podcast episode 107 directly in MP3 format.

And why not take a look at the back-catalogue of Sophos Podcasts in our archive? We have loads of interesting stuff for your listening pleasure.