Skip to content
Naked Security Naked Security

The GHOST in the machine – 60 Sec Security [VIDEO]

Here's our weekly one-minute security video. Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy...
Written by
January 31, 2015
Naked Security 60 Sec Security 60 Second Security 60 Seconds 60SS Blackphone bot Botnet buffer overflow Dowd Exploit GHOST glibc Linux Mark Dowd Patch secret circle Spam Spampionship vulnerability zombie

Got a minute to spare?

Watch this week’s 60 Second Security

→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.

In this episode:

• [0’05”] The “Dirty Dozen” SPAMPIONSHIP

• [0’25”] Bughunter cracks “absolute privacy” Blackphone

• [0’42”] The GHOST vulnerability

About the Author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.

Follow him on Twitter: @duckblog

Read Similar Articles

0 Comments

To conform with CIPA requirements, we have enforced safety mode for Youtube. Now when I try to listen to your “60 Second Security”, I get the message: “This video is unavailable in safety mode.”

Reply

So it does. I just turned on “Safety mode” myself and…poof…”The GHOST in the Machine” vanished. That makes about as little sense as you can possibly imagine…below is a transcript so you can judge for yourself how shocking the content is for minors.

I suppose we shall have to appeal to Google, or something. Thanks for the heads-up. Appreciated.

—cut here—

Hello, everybody. I’m Paul Ducklin, and this is 60 Second Security.

Our latest SPAMPIONSHIP is out, showing where you’ll find the infected computers that send most of the world’s spam. For years the US led by volume, but this time, China took first place. The per person table, which is the one that really matters, was topped by South Korea.

An Aussie security researcher pwned his security-conscious Blackphone by sending it a dodgy text message. Note to programmers: when you’re done with a block of memory, memset() it to zero. Data that isn’t there can’t end up where it shouldn’t.

And the big story of the week is GHOST, a security hole in the GNU C Library. Glibc is part of most Linux distributions, and is used by most Linux programs, so you probably need a patch. Please check with your vendor or your distro.

[FX: BELL RINGS] And that’s a minute up. Thanks for listening, folks, and until next time, stay secure.

—cut here—

Reply

Hi Paul,
Thanks for providing the transcript. There are a lot of interesting (and frustrating) things going on in CIPA land.

Reply

I did some Internet searching using both Bing and Google on how to influence what gets blocked by safety mode. I came up with nothing.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!