Another letter to Steve Gibson that I'm reposting here in case it's not read on Security Now.

Hey Steve,

Just finished SN200. That was a good one. Just wanted to add a bit of info that you've never mentioned and might be valuable to your listeners.

Leo mentioned that his port 22222 is forwarded to his Skype machine and Skype is listening on that port so he feels it's safe about that hole. What may not be known to some listeners is that good-behaving programs will not bind to a port on which another process is already bound. In other words, if Skype is listening on 22222 then other, possibly exploitable, processes like Windows service host will not be listening on 22222.

It is possible for malware or security tools to listen in on bound ports which is why I said "good-behaving programs" but if you've got malware it's already too late.

Update 2009/07/07

I realized later that I neglected protocols. It's possible to have one process listening on TCP 22222 while another process listens on UDP 22222. Forwarding both TCP and UDP ports 22222 to your local IP when only one is "bound" by a known process is a security risk since the other could be open to exploits.

I often write in to Steve Gibson to ask questions, provide feedback, or just rant about a security topic. While I have received responses a few times, most go unnoticed due to the volume of feedback Steve receives so I've decided to repost all my feedback to Steve here on my blog.

In response to a comment by Shawn Polson of Middletown, Delaware, Steve and Leo revisit the idea of encrypting all network connections. Shawn states that SSL shouldn't be used everywhere for efficiency reasons since SSL connections are not cached locally nor by proxies. While he makes a good point, Shawn's is not a technical limitation but just an economical issue of bandwidth. Steve and Leo continue on by clarifying their point that it's more of a general wish that all connections for email, web etc are encrypted, not specifically SSL. I agree that all connections should be secure, and Shawn is also right that there will be a bandwidth hit if content is not cached. With that said, I think it should be noted that there is also a technical reason why you can't enable SSL on every site and it has to do with a limitation of name based virtual hosts.

Here's another entry to my "My 2¢" series where I rant about things I heard on podcasts or read on the web.

Security Now! Episode 154 - Questions and Answers

Let me start, as always, by saying that Security Now! is great podcast that I look forward to listening every week. In episode 154 Steve answers a question to a listeners who says he noticed a virus warning about "Wizmo", Steve's Windows tweaking tool. Steve answers by basically saying that Wizmo is safe and known to trigger false positives by some AV software so the warning can be ignored. That's some bad advice.

While I have no doubt that the Wizmo.exe file compiled by Steve is completely safe, the question is "is the copy of Wizmo.exe the listener downloaded exactly the same as the one Steve compiled?".