The S in IoT stands for security (and much more) [Podcast+Transcript] – Naked Security

DOUG AAMOTH. Cryptographic bugs, sensible cybersecurity regulations, a cryptocurrency conundrum, and a new Firefox sandbox.

All that and more on the Naked Security podcast.


Welcome to the podcast, everybody.

I am Doug. He is Paul…

PAUL DUCKLIN. I wouldn’t have said “conundrum”, Doug.

I might have said “catastrophe” or “business as usual”… but let’s leave that until later, shall we?

DOUG. I was slightly diplomatic, but yes, “catastrophe” probably would have been better… stay tuned for that one.

Well, we like to start the show with a Fun Fact, and the Fun Fact for this week is that on its patent application, the name for the computer mouse was not-quite-as-succinct: “X-Y position indicator for a display system.”

When asked about the origin of the mouse name, its inventor, Douglas Engelbart, recalled, “I just looked like a mouse with a tail, and we all called it that.”

DUCK. The other name to remember, there is, of course, Bill English, who is essentially the co-inventor.

Engelbart came up with the idea of the mouse, based on a device called a planimeter, which had fascinated him when he was a kid.

And he went to Bill English, his colleague, and said, “Can you build one of these?”

Apparently it was carved out of mahogany… you’ve seen the pics, Doug.

DOUG. It’s lovely, yes.

DUCK. It’s quite chunky!

And is it true – I think you’ve said this on a previous podcast – that they had the cable coming out of the wrong side at first?

DOUG. At first they did, coming out of the wrist end, yes.

DUCK. And when they flipped it round, obviously, it’s a tail… it can only be a mouse!

DOUG. Well, thank you for that, Mr. Engelbart.

Despite the instances of repetitive stress injury and carpal tunnel syndrome… other than that, the mouse has gone swimmingly.

It is an aptly named peripheral, and speaking of things that are aptly named: we have a Mozilla bug called “BigSig”.

So, I wonder what that could be about?

DUCK. Strictly speaking, it’s CVE-2021-43527.

It was found by well known serial bug-hunting expert from Google, Tavis Ormandy.

It was an old school buffer overflow that nobody had noticed for years and…