Leo and I reveal and describe the 'HOSTS' file, which is hidden away within every Internet-capable machine. We explain how, because it is always the first place a machine looks for the IP address associated with any other machine name, it can be used to easily and conveniently intercept your computer's silent communication with any questionable web sites you'd rather have it not talking to.

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.

This week Leo and I cover the broad subject of 'open ports' on Internet-connected machines. We define 'ports', and what it means for them to be open, closed, and stealth. We discuss what opens them, what it means to have ports 'open' from both a functional and security standpoint, how open ports can be detected, whether stealth ports are really more secure than closed ports, and differences between TCP and UDP port detection.

Leo and I delve into the inner workings of NAT routers. We examine the trouble NAT routers present to peer-to-peer networks where users are behind NAT routers that block incoming connections, and we explain how a third-party server can be briefly used to help each router get its packets through to the other, thus allowing them to directly connect.

This week Leo and I explain why we love "TrueCrypt", a fabulous, free, open source, on-the-fly storage encryption tool that is fast, flexible, super-well-engineered, feature packed, and able to provide advanced state of the art encryption services for many applications.

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies and issues we have previously discussed.

In one of our more "aggressively technical" episodes, Leo and I discuss the pernicious nature of software security bugs from the programmer's perspective. We explain how "the system stack" functions, then provide a detailed look at exactly how a small programming mistake can allow executable code to be remotely injected into a computer system despite the best intentions of security-conscious programmers.

Leo and I discuss the broad topic of web browser security. We examine the implications of running "client-side" code in the form of interpreted scripting languages such as Java, JavaScript, and VBScript, and also the native object code contained within browser "plug-ins" including Microsoft's ActiveX. I outline the "zone-based" security model used by IE and explain how I surf with high security under IE, only "lowering my shields" to a website after I've had the chance to look around and decide that the site looks trustworthy.

Leo and I conclude our multi-week coverage of the fundamental technologies underlying modern cryptographic systems. We discuss the number of 512-bit primes (two of which are used to form 1024-bit public keys) and the relative difficulty of performing prime factorizations at various bit lengths. We discuss the importance of, and solutions to, private key recovery using varying numbers of trustees. And conclude by explaining the need for, and the operation of, security certificates.

Leo and I discuss questions asked by listeners of our previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world "application notes" for any of the security technologies we have previously discussed.