SSCC 112 – Keyjacking, Facebook and Opera breaches, Apple’s WPA passwords [PODCAST]

Here you are!

Episode #112 of the Sophos Security Chet Chat podcast.

News, opinion, advice and research: Chet and Duck (Chester Wisniewski and Paul Ducklin) bring you their unique and entertaining combination of all four in their regular quarter-hour programme.

(You can keep up with our podcasts via RSS or iTunes, and catch up on previous Chet Chats and other Sophos podcasts by browsing our podcast archive.)

Listen now:

(03 July 2013, duration 13’47”, size 8.3 MBytes)

Download now:

Sophos Security Chet Chat #112 (MP3)

Chet Chat episode 112 shownotes:


When you press a key in your browser window, where does the keystroke end up? What if you think you’re typing into the topmost, visible window but your keys are being consumed by a deviously-hidden dialog underneath?

Chet and Duck discuss keyjacking, the keyboard equivalent of clickjacking.

Data breach notifications

Both Opera and Facebook published what Duck calls Dee-Bee-Ens lately – data breach notifications, that is.

You might have been forgiven for thinking they were about breach prevention, which left Chet and Duck confused.

Chet even went as far to hope that we don’t end up with regulations about complying with regulations about breach notification.

Apple’s WPA passwords

If you use your iPhone or iPad as a Wi-Fi hotspot, it will generate a human-friendly WPA password for you, up to ten letters-and-digits long. That sounds good, but is it?

Chet and Duck discuss recent research which analysed the algorithm used by Apple and found that it’s not all about size.

Previous episodes

Don’t forget: for a regular Chet Chat fix, follow us via RSS or on iTunes.