FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:   || 2 | 3 | 4 | 5 |

«Security Now! Transcript of Episode #143 Page 1 of 30 Transcript of Episode #143 YubiKey Description: Steve and Leo delve into the detailed operation ...»

-- [ Page 1 ] --

Security Now! Transcript of Episode #143 Page 1 of 30

Transcript of Episode #143


Description: Steve and Leo delve into the detailed operation of the YubiKey, the coolest

new secure authentication device Steve discovered at the recent RSA Security

Conference. Their special guest during the episode is Stina Ehrensvrd, CEO and Founder

of Yubico, who describes the history and genesis of the YubiKey, and Yubico's plans for

this cool new technology.

High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-143.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-143-lq.mp3 INTRO: Netcasts you love, from people you trust. This is TWiT.

Leo Laporte: Bandwidth for Security Now! is provided by AOL Radio at AOL.com/podcasting.

This is Security Now! with Steve Gibson, Episode 143 for May 8, 2008: YubiKey. This show and the entire TWiT broadcast network is brought to you by donations from listeners like you. Thanks.

This is Security Now!, Episode 142 [sic], Leo Laporte here, Steve Gibson in Irvine, joining us in our new highly technical studio that isn't really working.

Steve Gibson: With the details still coming together.

Leo: A lot of the details still coming together. Hi, Steve.

Steve: Hey, Leo, great to be back with you for our 142nd [sic] week of Security Now!.


Leo: Practically consecutive. Have we missed any weeks? No.

Steve: No, we have never missed a week.

Security Now! Transcript of Episode #143 Page 2 of 30 Leo: Wow.

Steve: Yeah, you and I used to have to bunch them up when you were running around traveling or when we were together...

Leo: Isn't it nice? I don't have to go to Canada anymore, yeah. I mean, that's really simplified things considerably. Very pleased about that. So we have a guest today.

Steve: We're going to have a guest joining us by phone from Sweden. And that'll be someone I referred to two weeks ago, and maybe even last week, and that is Stina, who is the CEO and one of the founders of Yubico, the makers of the YubiKey, which I just happened to stumble on when I was up at the RSA security conference.

Leo: Boy, that was a lucky thing for both of us.

Steve: Really was. Well, and for our listeners, too. They have received hundreds of emails and inquiries from my mention of the YubiKey when I did the episode two weeks ago on the RSA security conference. And I've been in pretty much constant dialogue with Stina and the technical people that they've got. And the news is virtually 100 percent good. I mean, the more I learn about this, they've been evolving their policies - anyway, so this week's episode is the Yubico YubiKey. As we'll see when we get into it, this is an even better authentication solution than I expected it was going to be when I described it last week, or two weeks ago, as the coolest new thing I had seen at the RSA conference.

So this week's episode is Yubico's YubiKey, and I really think - I'm going to go into all the technical details after we have had a chance to speak with Stina. I asked her to come on because she really has a vision for what she would like to see happen with authentication. I wanted to understand, you know, where this wacky name came from, a little bit about the company, and just sort of get a sense for where they are because I know that when we've talked about and explained issues of authentication there's been a strong interest.

Obviously I'm a person, I mean, I'm on record here on Security Now! believing that authentication, you know, getting this problem solved is an enabling factor for the whole future of the Internet as we go from Web 2.0 to 3.0. More applications are moving onto the web. We hear about now there's, like, all this computing in the cloud where corporations are going to be moving more of their infrastructure onto the Internet as we have people who are able to carry that. So in every situation where we've got a network and you don't have your typical - I think we once described it as like the Andy of Mayberry authentication, where you know Aunt Bee, and you know Opie.

Leo: So you give Opie the drugs when he comes to the drugstore for Aunt Bee.

Steve: Exactly. And so here on the 'Net we need a good way of knowing that the person at the other end is who they say. And we've talked about VeriSign solutions and the eBay and PayPal football and the credit card. We're going to talk about something now which is completely open source, no subscription fee, lifetime free authentication. And, I mean, Security Now! Transcript of Episode #143 Page 3 of 30 it's - I'm excited because this is, as long as you've got a USB port, this is the answer. It doesn't have a display, as we talked about it before two weeks ago. It pretends to be a keyboard. But you just touch the button and it shoots out into your computer, into for example a web form, this long string of random-looking encrypted stuff that then can be authenticated, either by you or by Yubico or whomever. And the advantage is that there's no cost to anyone for all of this.

Leo: Wait a minute. Obviously there's some cost or Yubico wouldn't have a business model.

Steve: No, they want to sell the hardware. That's all they want to do. Anyway, we'll go over this.

Leo: You're giving it all away. We won't have anything left when Stina calls. So hang in there. Now, do you have any news, anything you want to do before we talk with Stina?

Steve: Oh, yeah. We definitely have some news of the week. One little disturbing bit of news was posted on Dave Jevans' blog. Remember, he's one of the main founders and president of IronKey. He posted the news, I guess it was on Friday, that Anonymizer.com was acquired by Abraxas. And the bad news is that Abraxas provides anonymity services for the national security community - NSA, CIA, DIA, and so forth.

–  –  –

Steve: And so, you know, I'd feel much more comfortable if Anonymizer.com had stayed independent and just themselves rather than now being part of a government contractor.

Leo: Wow. Yeah, you've got to really kind of wonder. Did you ever - have you ever heard the rumors that Facebook was partly sponsored by the CIA?

Steve: I've heard something about that.

Leo: It's a persistent rumor which has been consistently denied, as far as I know.

But it's kind of credible. You would think, if you were the NSA, if you were the CIA, that kind of a great way to watch people would be to be part of these social networks. What better thing to do than buy Anonymizer?

Steve: Yeah, yeah.

–  –  –

Leo: TOR is looking better and better, that's what I...

Steve: I don't know that anything untoward is going on, of course. But I just wanted our listeners to know, if any of them are Anonymizer customers, that Anonymizer is no longer independent. It has been acquired, and acquired by a company that does a lot of business with the three-letter-initial intelligence services of the United States.

Leo: When you said "untoward," did you mean that as a pun?

–  –  –

Steve: You're at the top of your game this morning.

Leo: It's that quinti venti latte, man. You're right, those things work. So let's - okay, so that's one big story. What else is out there?

Steve: Also there was a - this is just sort of just to keep our eye on. A disturbing constant theme of the FBI has been their request for ISPs to retain data. There was a recent congressional hearing where FBI director Robert Mueller again called for federal data retention laws to force ISPs to keep records of what their customers do for two years.

Leo: He's been trying to do this for a long time.

Steve: I know. And what's really confusing is he's not saying what he wants kept. Now, the weakest information that would be kept would probably be at least the IP addresses that customers have had over that period of time, which frankly would not be that burdensome, I mean, for the ISPs to retain. But there's talk about it being all the way up to and including a website trail, that is, what websites people are going to.

Leo: You mean the kind of stuff that Google keeps track of with its web history.

–  –  –

Leo: Oh, actually more than that because Google's only tracking your searches. Your ISP knows everywhere you go because of the DNS requests.

Steve: Oh, yes. Well, it's watching your click stream, as it's now becoming called. And of course he immediately marches out the child porn peddlers and online predators, saying oh, we could do a much better job of catching them. Well, of course everyone is sympathetic to that. But it's creepy to think that this whole, I mean, that our ISP that's connecting us to the 'Net has the power that they do to see everything that we're doing and that they would be required by the government to maintain two years of logs of everything every individual does on the Internet.

Leo: That's the old argument...

Steve: I mean, that's really - I'm sorry.

Leo: That's the old argument, if you're not doing anything wrong, what do you have to fear?

Steve: Yeah, and unfortunately our government doesn't have the best track record of dealing with this kind of information aggregation.

Leo: Well, no government does. And anybody should be suspicious of any government. Yeah, I trust our government, but any government that wants to collect this information, that's a bad thing.

Steve: Yeah. And finally, four researchers at Carnegie-Mellon University, UC Berkeley, and University of Pittsburgh, they've come up with an automated, they call it APEG, Automated Patch-Based Exploit Generator. Essentially this thing is able to take a look at Windows Updates, analyze the pre and post patch, and design an exploit for the vulnerability that the patch fixes. And so we've talked about how hackers are looking at Windows Update updates and then manually reverse engineering what it was that was changed. Well, these guys, these computer science researchers have essentially automated that process. And so they are now urging Microsoft - I mean, no. Their point is, if they can do it, so can the bad guys. And we know there's big money behind developing, quickly developing exploits for vulnerabilities. And there's a window of opportunity between the time the vulnerability is known about, the exploit is generated, and everyone gets themselves patched.

So they're urging Microsoft to somehow really work to minimize this vulnerability window. For example, maybe getting the updates all distributed, but having them encrypted so that then a key is provided to just, like, simultaneously decrypt them all in place. Maybe use peer-to-peer networks somehow to push these fixes out much faster.

Because right now, I mean, they trickle out of Microsoft. When you consider the number of systems that need to be updated every second Tuesday of the month, I mean, it's often the case that my computer doesn't alert me that it's got some updates for several days after those patches began to get pushed out. So essentially what's happened is there's been a reaction to this constant patching that we're now seeing from Microsoft.

Security Now! Transcript of Episode #143 Page 6 of 30 And these researchers are saying, hey, if we can automate it, so can the bad guys. And you've got to believe that there's a huge incentive for them to do so.

Leo: You bet. You bet. Automated Zero Day. I like that. I mean, I don't like that. But it's, I mean, you have to admire their technical prowess, if nothing else. And you know, it's really all taken off since there's been a financial incentive for them to do it.

I mean, that's the key thing. As long as they can make money at it, well, we'll throw resources at it.

Steve: That's the change in the last five years. This went from being script kiddies screwing around say, hey, look, Ma, what I can do, to now to organized crime saying, okay, we're going to pay you hackers to do that. And it's big money.

Leo: Amazing. Amazing. Any other news?

Steve: Well, I did have one, since we're waiting for Stina to call...

Leo: Well, she's actually here. She's already here.

Steve: Oh, there she is.

Leo: But let's just finish up, and then we'll get to Stina because I don't...

Steve: Well, I had an interesting piece of email that caught my eye, as I always do. This one the subject was "SpinRite helps kids with cancer." And I thought, okay, how is data recovery going to do that? So this is a letter from Pete Harmon that I got a couple weeks ago. It said, "Dear Steve, I wanted to drop you a line and let you know how much good you're doing in so many ways that you probably never considered possible the day you sat down to develop SpinRite." He said, "I'm a FedEx pilot" - so a Federal Express pilot and I have gotten a reputation as a computer hobbyist/geek around flight operations."

Leo: Well, if he's listening to Security Now!, that's true.

Steve: Yeah. He says, "On more than one occasion I've provided tech support to friends and fellow pilots." He says, "I run a website for our pilots called PilotSwap.net." And he said, "Several weeks back I got a phone call from Bill, who told me his computer was dead, and he heard I may be able to help. He described the problem, that his laptop was working fine one day in Honolulu and wouldn't boot at all when he landed in Sydney the next day." Obviously carrying FedEx packages across the globe. And he said, "I asked him if he could hear the hard drive spinning, and he said he thought he could, but stated it was just clicking and clicking, but nothing was happening.

–  –  –

was stumped. His computer was simply not going to boot from either CD or the hard drive. So just for grins, I removed the top two screws holding the hard drive panel on and took his hard drive out, brought it home with me. I hooked it up to my PC at home using an EIDE-to-USB cable I have, and the drive spun right up. But it was mostly unreadable and made lots of noise when I tried to access what few files I could even see in Windows Explorer. I rebooted my machine with my SpinRite CD and was able to quickly see Bill's drive. I set SpinRite to work, and about four hours later the data rescue routines were complete.

Pages:   || 2 | 3 | 4 | 5 |

Similar works:

«Report on the Conditions of Public Service Broadcasting Cinzia Padovani Michael Tracey Center for Mass Media Research School of Journalism and Mass Communication University of Colorado at Boulder Copyright 2002 Presented at the RIPE@2002 Conference, 17-19.1.02, Finland On a global basis, public service media face ideological, political, and technological challenges. At issue is the question of whether they will be able to redefine their role in societies increasingly dominated by market values,...»

«The Trampers’ Map of the Tararua Mountain System, 1936 Geoff Aitken geoff.aitken@xtra.co.nz Abstract The production and publishing of The Trampers’ Map of the Tararua Mountain System by the New Zealand Department of Lands and Survey in 1936 was a remarkable achievement. The development of tramping as a recreation, and the initiative of individuals, combined with a positive attitude in the Department resulted in a map which was startlingly ahead of its time, and remained in use in various...»

«Newand OldWorld Foodways in Florida: Eating for 500 Dr. Gary R. Mormino, Frank E. Duckwall Professor of History and Co-Director of Florida Studies Program, University of South Florida St. Petersburg Hurtling across the universe at warp speed, a death star is on a collision course with Planet Earth. Humanity has twenty-four hours to prepare for a climactic last act. Astrologers and astronomers predict landfall at the happiest place on earth—Main Street Disney. Having just celebrated your...»

«Curriculum Vitae David P. Craig Willamette University Office: 503-370-6333 Department of Biology Cell: 503-949-7659 900 State Street SE Email: dpcraig@willamette.edu http://www.willamette.edu/cla/biology/faculty/craig Salem, Oregon 97301 Education: 1997 Ph.D. in Ecology, Population, and Organismic Biology, University of Colorado, Boulder. Dissertation: The Role of Corvids as Nest Predators in the Colorado Front Range 1990 B.S. in Biology, Lewis & Clark College, Portland, Oregon Senior Project:...»

«Copyright by Creighton Chandler III 2013 The Dissertation Committee for Creighton Chandler III certifies that this is the approved version of the following dissertation: Guatemalan Kairos: Catholic Social Thought, Liberation, and the Course of History, 1965-1976 Committee: Virginia Garrard-Burnett, Supervisor Arturo Arias Matthew J. Butler Karen L. Engle Mark A. Lawrence C. Matthews Samson Guatemalan Kairos: Catholic Social Thought, Liberation, and the Course of History, 1965-1976 by...»

«Trinidad and Tobago The Asa Wright Nature Centre & Blue Waters Inn The Southeastern Arizona Bird Observatory Presents TRINIDAD & TOBAGO A HUMMINGBIRD SEMINAR And more. With Sheri Williamson and Tom Wood June 18-27, 2015 Avid birders and fans of natural history have flocked to Trinidad and the Asa Wright Nature Centre for over three decades, drawn by a magnetic combination of fascinating birds, talented naturalists, and time at a place that makes history in the study of the New World tropics....»

«SPIES, SADISTS AND SORCERERS The history you weren’t taught at school Dominic Selwood Contents About the Author Foreword THE ANCIENT WORLD 1. Flavius Josephus, the Roman destruction of Jerusalem, and two millennia of bloodshed in the Middle East 2. Theodosius I: the forgotten man who turned Christianity into a global religion THE MEDIEVAL WORLD 3. Rome was not civilized and the ‘Dark Ages’ were not dark 4. The Vikings were no worse than the Anglo-Saxons 5. Alfred the Great, king of...»

«D Journal of Modern Accounting and Auditing, ISSN 1548-6583 July 2012, Vol. 8, No. 7, 932-950 DAVID PUBLISHING The Accounting Profession: A Descriptive Study of the Common and Code Law Countries∗ Nalan Altintas, Fatih Yilmaz Istanbul University, Istanbul, Turkey The accounting profession does not have a long history. It is mainly evolved in the last 150 years in the modern sense. Many factors influence the development of accounting and there are many reasons why countries have developed...»

«515. BARTHOLINA BURMANNIANA Orchidaceae Graham Duncan Summary. The history, taxonomy, distribution and cultivation requirements of the South African Bartholina burmanniana (L.) Ker-Gawl. (Orchidaceae) are discussed; a full botanical description and an illustration are provided. The family Orchidaceae is handsomely represented in southern Africa and includes the horticulturally important genera Ansellia Lindl., Disa Bergius and Eulophia R.Br. ex Lindl. among the 53 genera and approximately 470...»

«Wildlife Center, Inc. Animal Fact Sheets TABLE OF CONTENTS INTRODUCTION o What is a raptor o Anatomy drawings EAGLES o Bald Eagle o Golden Eagle EXOTICS o African Grey o Mealy Amazon o Blue and Gold Macaw o Chinchilla o Mute Swan o Pied Crow FALCONS o European Kestrel o American Kestrel o Peregrine Falcon HAWKS o Augur Buzzard o Common Buzzard o Ferruginous Hawk o Harris Hawk o Red Tailed Hawk MAMMALS o Bobcat o Chinchilla & Story o Ocelot o Lynx o African Pygmy Hedgehog o Porcupine o River...»

«THE BATTLE OF NEW ORLEANS A Thesis Submitted to the Graduate Faculty of the Louisiana State University and Agriculture and Mechanical College in partial fulfillment of the requirements for the degree of Master of Arts in Liberal Arts in The Interdepartmental Program in Liberal Arts by Gregory Morris Thomas B.A. History, The Citadel, 1986 December, 2005 To my grandparents, who sparked my interest in history. To my parents, who always encouraged and supported me. To my children, my greatest...»

«Intelligence and Terrorism Information Center at the Israel Intelligence Heritage May 3, 2007 & Commemoration Center (IICC) Al Qaeda's Maritime Threat By Akiva J. Lorenz Al Qaeda’s Maritime Threat First Published at http://www.ict.org.il/apage/11847.phpApril 15, 2007 Program Manager & Researcher International Institute for CounterTerrorism (ICT) Outline: I. Introduction II. Definition of Maritime Terrorism III. Historical overview IV. Al Qaeda Background V. Wake-up calls VI. Analyzing the USS...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.