Firewalls Don't Stop Dragons Podcast

We often think of malware as a problem for our computers and perhaps our smartphones. But bad guys love to hack our home routers and IoT devices, as well. Thankfully, purging malware from those types of devices can usually be done just by rebooting them. (There's a reason tech support always asks you to try turning your device off and back on again.) I'll explain why this works and what you should do to protect your connected devices. In other news: I explain why most people are not in danger of their devices blowing up; a new Windows phishing campaign uses fake CAPTCHAs and PowerShell; LinkedIn started training their AI on your data before telling you how to opt out; Oracle's CEO touts his vision of ubiquitous AI surveillance; Ford seeks a patent to show you ads in your vehicle based on your conversations and other private data; Meta admits to scraping public Instagram and Facebook posts to train its AI; four great new iOS 18 privacy and security features; Apple Intelligence servers are very basic, for a reason; and the FBI shuts down a massive Chinese botnet. Article Links [WIRED] Your Phone Won’t Be the Next Exploding Pager https://www.wired.com/story/exploding-pagers-hezbollah-phones/ [briankrebs] This Windows PowerShell Phish Has Scary Potential https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/ [404media.co] LinkedIn Is Training AI on User Data Before Updating Its Terms of Service https://www.404media.co/linkedin-is-training-ai-on-user-data-before-updating-its-terms-of-service/ [theregister.com] Ellison declares Oracle 'all in' on AI mass surveillance https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/ [therecord.media] Ford seeks patent for tech that listens to driver conversations to serve ads https://therecord.media/ford-patent-application-in-vehicle-listening-advertising [9to5Mac] Meta scraped all public Facebook and Instagram posts since 2007 for AI training https://9to5mac.com/2024/09/11/meta-scraped-all-public-facebook-and-instagram-posts-since-2007-for-ai-training/ [TechRadar] I'm a privacy expert—here are the 4 iOS 18 features I'm excited about https://www.techradar.com/phones/im-a-privacy-experthere-are-the-4-ios-18-features-im-excited-about [9to5Mac] Apple Intelligence servers are really basic, says Craig Federighi – and that’s deliberate https://9to5mac.com/2024/09/12/apple-intelligence-servers-are-really-basic-says-craig-federighi-and-thats-deliberate/ [Gizmodo] FBI Shuts Down Botnet Run by Beijing-Backed Hackers That Hijacked Over 200,000 Devices https://gizmodo.com/fbi-shuts-down-botnet-run-by-beijing-backed-hackers-that-hijacked-over-200000-devices-2000500627 Tip of the Week: Malware Reboot Remedy Further Info Awareness Campaign Phase 2!: https://fdsd.me/awareness2  LinkedIn privacy settings: https://www.linkedin.com/mypreferences/d/categories/privacy  Test your ad blocker(s): https://d3ward.github.io/toolz/adblock.html  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:31: Update Apple devices 0:01:36: Awareness Campaign teaser 0:02:04: News rundown 0:04:08: Your Phone Won’t Be the Next Exploding Pager 0:08:00: This Windows PowerShell Phish Has Scary Potential 0:12:34: LinkedIn Trains AI on Your Data Before Updating Its ToS 0:16:41: Ellison declares Oracle 'all in' on AI mass surveillance 0:20:15: Ford seeks patent for tech that listens to ...

You may be vaguely aware of the term 'quantum computing' from media reports. But what you may not have picked up on is that one of the primary uses for quantum computers may be to break data encryption. Furthermore, you may not realize that if three-letter agencies can save off our encrypted emails and messages now, this could mean they could read them in the future when sufficiently powerful quantum computing becomes viable. How does this work? And what can we do about it now to protect our privacy in the future? We'll dig into all of this today with Brandon Sundh from Tuta (formerly Tutanota), a prominent secure email company, who is already deploying such protections. Interview Notes Try Tuta! https://tuta.com/  Tuta’s quantum-safe crypto: https://tuta.com/blog/post-quantum-cryptography  Quantum mechanics: https://en.wikipedia.org/wiki/Quantum_mechanics  Schrödinger's cat:  https://en.wikipedia.org/wiki/Schr%C3%B6dinger's_cat  NIST post-quantum standards: https://csrc.nist.gov/projects/post-quantum-cryptography  NSA pays RSA to weaken encryption?: https://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220/  Longer passwords are better: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/  Privacy Guides on Proton Wallet: https://www.privacyguides.org/articles/2024/09/08/proton-wallet-review/#why-does-this-exist  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:50: Some terminology first 0:07:33: What is quantum computing and what's it good for? 0:16:25: What are the currrent capabilities of quantum computers? 0:22:02: How long have we been working on quantum computers? 0:25:01: If QC is still so far off, why do we need to prepare now? 0:30:53: How do we design encryption to make it safe against quantum computers? 0:36:10: How can we be sure that the NSA isn't buillding backdoors into these algorithms? 0:41:11: Will post-quantum algorithms replace current ones or augment them? 0:45:51: How soon will quantum-safe crypto be roled out? 0:52:42: Who will be able to own and operate these quantum computers? 0:54:45: Are law enforcement agencies pushing back against quantum-safe crypto? 1:00:34: Who is more likely to win: coder makers or code breakers? 1:04:24: Wrap-up 1:05:55: Looking ahead

Mis- and disinformation is just a fact of modern life, but certain events can cause the practice to significantly increase - like a big election. This is a good time to review this phenomenon, learning how to recognize it, how to avoid being drawn in, and perhaps most importantly how to reduce its spread. In other news: Telegram's CEO was arrested in France; too many people keep saying Telegram is an secure messaging app when it's really not; if you think ads and tracking are bad now, wait till you hear all the ways modern TVs are monetizing their users; sextortion scams are using some new techniques to scam their victims; consumer groups have lobbied the FTC to create clear guidance on 'software tethering'; and California just approved a new privacy bill that will finally require companies to honor universal opt-out signals from apps and browsers. Article Links BBC] Telegram CEO Pavel Durov arrested at French airport https://www.bbc.com/news/articles/ckg2kz9kn93o [blog.cryptographyengineering.com] Is Telegram really an encrypted messaging app? https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/ [Ars Technica] Your TV set has become a digital billboard. And it’s only getting worse. https://arstechnica.com/gadgets/2024/08/tv-industrys-ads-tracking-obsession-is-turning-your-living-room-into-a-store/ [briankrebs] Sextortion Scams Now Include Photos of Your Home https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/ [advocacy.consumerreports.org] Consumer Reports, U.S. PIRG, and 15 other groups call on FTC to create clear guidance for ‘software tethering’ https://advocacy.consumerreports.org/press_release/ftc-software-tethering/ [Dark Reading] California Approves Privacy Bill Requiring Opt-Out Tools https://www.darkreading.com/data-privacy/california-privacy-bill-require-opt-out-tools Tip of the Week: Spotting Fake News https://firewallsdontstopdragons.com/the-truth-is-out-there/  Further Info My series on deleting your public data online: https://firewallsdontstopdragons.com/osint-reconnaissance/ Enabling Global Privacy Control (GPC): https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:14: News preview 0:05:22: Telegram CEO Pavel Durov arrested at French airport 0:09:47: Is Telegram really an encrypted messaging app? 0:19:57: Your TV set has become a digital billboard. And it’s only getting worse. 0:41:25: Sextortion Scams Now Include Photos of Your Home 0:48:06: Consumer groups call on FTC to create clear guidance for ‘software tethering’ 0:54:33: California Approves Privacy Bill Requiring Opt-Out Tools 0:59:22: Tip of the Week: Dealing with Misinformation 1:11:36: Looking ahead

Proton released three major new products this summer, all within the span of about a couple months: Proton Docs, Proton Wallet and Proton Scribe. Given that Proton is a privacy-focused company, some of these offerings seemed almost at odds with that mission. So today I ask Andy Yen (Proton's CEO) some questions about the privacy of their Bitcoin wallet and AI editing tool. We also discuss the new Proton Foundation and how it safeguards their privacy mission for the future. Finally, I ask Andy if they would consider acquiring Mozilla to save the Firefox browser and, in the wake of the blow back Signal received about protecting local access to messaging data, how Proton addresses the 'compromised machine' threat model. Interview Notes Proton Docs: https://proton.me/blog/docs-proton-drive  Proton Wallet: https://proton.me/blog/proton-wallet-launch  Proton Scribe: https://proton.me/blog/proton-scribe-writing-assistant  Proton Foundation: https://proton.me/blog/proton-non-profit-foundation  Techlore on Proton Wallet: https://www.youtube.com/watch?v=tESbBM2LZHM&t=1922s  Seth for Privacy’s Andy Yen interview: https://optoutpod.com/episodes/protonwallet-andy-yen/  My interview on Easy Prey Podcast: https://www.easyprey.com/firewalls-dont-stop-dragons-with-carey-parker/ Techlore: https://www.techlore.tech/ Privacy Guides: https://www.privacyguides.org/  The New Oil: https://thenewoil.org/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:18: Interview setup 0:04:18: Why did you release so many new products all at once? 0:05:53: Did you develop Proton Docs from scratch? Will we get Proton Sheets, too? 0:10:09: What drove you to add AI features? How do you maintain privacy with AI? 0:17:07: Why did Proton feel the need to create another cryptocurrency wallet? 0:21:37: Who is the target audience for Proton Wallet? 0:28:38: As a privacy company, why go with Bitcoin, which is not really private? 0:39:34: Will you support Monero or Zcash? 0:40:40: Why did you restructure Proton as a foundation? What's the impact of this? 0:45:41: How is this new foundation different from others like Mozilla or Tor? 0:47:59: Would Proton ever consider acquiring Mozilla to save Firefox? 0:55:43: Does TunnelVision affect Proton VPN? How can we improve VPNs generally? 1:01:35: Signal was bashed for not encrypting local keys. How does Proton handle this? 1:05:25: What's coming next from Proton? 1:07:48: Interview wrap-up 1:10:54: Couple updates on Wallet, Scribe availability 1:11:50: Recommending other great privacy resources and Proton discussions 1:12:53: Upcoming shows 1:14:29: Upcoming podcast awareness campaign

The headlines have been on fire with stories about 3 billion people's data being leaked from a company you've never heard of. But like many such stories, the mainstream media gets a lot of the important details wrong and glosses over a lot of the important nuances. Today we're going to dive into what really happened and what you should do about it, whether your data was part of the breach or not. In other news: Illinois waters down its landmark biometric information law; US court rules geofence warrants are unconstitutional; FTC to investigate :surveillance pricing" and files rule impacting shady product reviews; the CFPB cracks down on some types of consumer data sales; and Consumer Reports evaluates several top data deletion services. Article Links [Reuters] Illinois governor approves business-friendly overhaul of biometric privacy law https://www.reuters.com/legal/government/illinois-governor-approves-business-friendly-overhaul-biometric-privacy-law-2024-08-05/ [TechCrunch] US appeals court rules geofence warrants are unconstitutional https://techcrunch.com/2024/08/13/us-appeals-court-rules-geofence-warrants-are-unconstitutional/ [Electronic Frontier Foundation] To Fight Surveillance Pricing, We Need Privacy First https://www.eff.org/deeplinks/2024/08/fight-surveillance-pricing-we-need-privacy-first [ftc.gov] Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials https://www.ftc.gov/news-events/news/press-releases/2024/08/federal-trade-commission-announces-final-rule-banning-fake-reviews-testimonials [natlawreview.com] CFPB Forecasts New Rule Cracking Down on Consumer Data Sales https://natlawreview.com/article/cfpb-forecasts-new-rule-cracking-down-consumer-data-sales [Los Angeles Times] Hackers may have stolen the Social Security numbers of every American. How to protect yourself https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number [troyhunt.com] Inside the "3 Billion People" National Public Data Breach https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/ [consumerreports.org] Evaluating People-Search Site Removal Services https://innovation.consumerreports.org/new-report-data-defense-evaluating-people-search-site-removal-services/ Tip of the Week: OSINT Final Steps https://firewallsdontstopdragons.com/osint-final-steps/  Other Helpful Links Have I Been Pwned: https://haveibeenpwned.com/  NPD Data Breach search tool: https://npd.pentester.com/  Privacy Guides data removal tools: https://www.privacyguides.org/en/data-broker-removals/  Techlore video on data removal: https://www.youtube.com/watch?v=tESbBM2LZHM  Google’s Results About You: https://myactivity.google.com/results-about-you?pli=1  How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ How and why to plant your flag: https://firewallsdontstopdragons.com/why-you-need-to-plant-your-flag/  Strong passwords: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/   Backing up 2FA codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:00: News preview 0:06:33: Illinois governor approves business-friendly overhaul of biometric privacy law 0:11:18: US appeals court rules geofence warrants are unconstitutional ...

Finding your soul mate or even just a one-night stand can all be done digitally now - there's an app for that. Several, in fact. But in order to find the best match, you need to turn over a lot of extremely personal information. You probably also need to let the app track your location, so you're only matching people within some acceptable distance. You would hope that dating apps would be better than other apps at securing your private data... but are they? And are these services selling my data to advertisers? Today I answer these questions and many more with Zoë MacDonald from Mozilla's Privacy Not Included team who recently published a full report on this topic. Interview Notes Privacy Not Included report on dating apps: https://foundation.mozilla.org/en/privacynotincluded/articles/data-hungry-dating-apps-are-worse-than-ever-for-your-privacy/  Mozilla Foundation: https://foundation.mozilla.org/en/?form=donate-header  Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/  Falling out of love with dating apps: https://www.theguardian.com/lifeandstyle/2023/oct/28/its-quite-soul-destroying-how-we-fell-out-of-love-with-dating-apps  Using dating apps to locate someone: https://www.techradar.com/pro/privacy-flaw-in-top-dating-apps-could-have-revealed-user-location-down-to-2-metres  How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:57:02: Wrap-up and looking ahead 0:02:06: Freeze your credit! 0:04:19: How do modern dating apps work, exactly? 0:08:19: How do they find compatible matches? 0:10:34: Do these apps require constant access to your current location? 0:14:50: How much information used by these apps is inferred vs explicitly requested? 0:17:59: Do these apps use inferred data to weed out bad actors? 0:20:36: How did you decide which apps to evaluate? 0:23:54: What were your key takeaways and most alarming findings? 0:25:57: Do apps owned by the same parent company have similar privacy policies? 0:27:28: How transparent are these apps about sharing your data? 0:29:08: Was there any correlation between app cost and monetizing your data? 0:31:20: Are dating apps better about securing your personal data? 0:33:53: Do any of the dating apps offer end-to-end encryption of DMs? 0:35:40: Do these services try to keep you from leaving the app? 0:39:03: Once you find a match, can you get a refund for unused subscription time? 0:40:28: How do new AI features on dating apps affect your privacy? 0:43:30: Have there been any major dating service data breaches? 0:45:05: How bad are these apps for romance scams like 'big butchering'? 0:47:10: If I still want to use a dating app, how do I maximize my privacy? 0:51:19: Can I use a service on the web only (no app)? Can I delete my data? 0:54:20: How well do dating apps actually work, in terms of finding a mate?

It's time once again for cybersecurity professionals to make the pilgrimage to the scorching desert of Las Vegas, Nevada for a week of tech conferences that we lovingly refer to as Hacker Summer Camp. Today I'll bring you my on-the-ground reporting from BSides and DEF CON. I'll also bring you part 2 of my series on Open Source Intelligence (OSINT) and how to purge your personal data from the web. In the news this week: Vegas hotels search hacker's rooms; Apple and others fix old but important browser bug; NFL rolls out more facial recognition at stadiums; Ford looks to patent car surveillance tech; automakers sold your data to brokers for pennies; border agents can no longer search your smartphone without a warrant; judge rules that Google is a monopoly. Article Links [404media.co] Hotel to Search Rooms During DEF CON Hacking Conference https://www.404media.co/hotel-to-search-rooms-during-def-con-hacking-conference/ [AppleInsider] Apple has closed an ancient macOS Safari security hole https://appleinsider.com/articles/24/08/07/apple-has-closed-an-ancient-macos-safari-security-hole [therecord.media] NFL to roll out facial authentication software league-wide https://therecord.media/nfl-to-roll-out-facial-authentication-league-wide [therecord.media] Ford wants patent for tech allowing cars to surveil and report speeding drivers https://therecord.media/ford-seeks-patent-cars-surveil-speeders-report-to-police [The New York Times] Automakers Sold Driver Data for Pennies, Senators Say https://www.nytimes.com/2024/07/26/technology/driver-data-sold-for-pennies.html [9to5Mac] Border agents cannot search smartphones without a warrant, rules federal court https://9to5mac.com/2024/07/29/cannot-search-smartphones-without-a-warrant/ [AppleInsider] Judge rules Google is a search and advertising monopoly https://appleinsider.com/articles/24/08/05/judge-rules-that-google-is-a-search-and-advertising-monopoly Tip of the Week: OSINT Remediation https://firewallsdontstopdragons.com/osint-remediation/  Further Info BSides Las Vegas: https://bsideslv.org/  DEF CON 32: https://defcon.org/html/defcon-32/dc-32-index.html UnDisruptible27:  https://securityandtechnology.org/undisruptable27/ Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:26: Summer Camp Highlights 0:10:25: Hotel to Search Rooms During DEF CON 0:15:14: Apple has closed an ancient macOS Safari security hole 0:20:00: NFL to roll out facial authentication software league-wide 0:26:25: Ford wants patent for tech allowing cars to surveil and report speeding drivers 0:29:38: Automakers Sold Driver Data for Pennies, Senators Say 0:32:46: Border agents cannot search smartphones without a warrant, 0:36:44: Judge rules Google is a search and advertising monopoly 0:40:52: Tip of the Week: OSINT Remediation 0:54:25: EFF Tech Trivia update

Jack Daniel is a storyteller, wanderer, comic, bartender, blacksmith, luthier, historian, mechanic, and the world’s oldest millennial. He is also one of the founders of Security BSides. Jack has a colorful and interesting history, and today we'll learn about how and why he started BSides, delve into a little hacker conference history, talk about modern hackers and cybersecurity conferences and how he's seen them change over the years, and how hackers and their conferences are vastly different than the others. Interview Notes Jack Daniel: https://www.linkedin.com/in/jackadaniel/  BSides official site: https://bsides.org/  BSides Las Vegas (part of hacker summer camp): https://bsideslv.org/  InfoSecMap: https://infosecmap.com/  Cult of the Dead Cow interview: https://podcast.firewallsdontstopdragons.com/2023/08/07/cult-of-the-dead-cow/  Jeff Moss interview #1: https://podcast.firewallsdontstopdragons.com/2021/08/16/on-a-dark-tangent/  Jeff Moss interview #2: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/  CackalackyCon: https://cackalackycon.org/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:49: Interview lingo 0:04:05: How did you get into the world of cybersecurity and hacking? 0:12:40: Why did you start BSides? 0:17:43: What were some of the first BSides talks like? 0:21:42: What are the founding principles of BSides? 0:28:00: What approval do you need to start a BSides conference? 0:34:44: How have other hacker conferences influenced BSides and vice versa? 0:36:53: Is there a beef between BSides and Black Hat? 0:38:58: What's your connection with ShmooCon? 0:42:42: How have hackers and these conferences changed since the old days? 0:47:40: Discussion on responsible disclosure 0:50:39: Two different kinds of presenters 0:54:02: You might be a hacker if... 1:01:30: What's the best way to find a local hacker conference? 1:06:50: BSides is about community 1:08:29: Interview wrap-up 1:11:19: Patron content 1:11:53: Looking ahead

Last week, we all learned about a company called CrowdStrike that apparently has the capability to single-handedly bring multiple airlines, hospitals and other large companies to their knees in an instant. There are many lessons we should be learning from this incident, though I'm not going to hold my breath. I'll tell you what happened and what I think we should be doing to avoid a repeat of this incident in the future. In other news: Google finally throws in the towel on blocking third-party cookies; a private organization claims to have gained access to advertising-based location data on Trump's shooter; Republican VP candidate JD Vance forgets to make his Venmo data private; leaked docs show what phones Cellebrite can and can't hack; Meta takes down thousands of accounts related to sextortion ring; and for my Tip of the Week, we'll tackle part 1 of my article on deleting your public data from the web. Article Links [AppleInsider] Google gives up on Chrome plan to ditch third-party cookies https://appleinsider.com/articles/24/07/23/google-gives-up-on-chrome-plan-to-ditch-third-party-cookies [404media.co] Heritage Foundation Claims to Use Location Data to Track Trump Shooter's Movements https://www.404media.co/heritage-foundation-claims-to-use-location-data-to-track-trump-shooters-movements/ [9to5Mac] J.D. Vance Venmo connections public, as privacy failing still in place six years later https://9to5mac.com/2024/07/19/jd-vance-venmo-connections-public/ [404media.co] Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/ [The Washington Post] Meta takes down thousands of Facebook, Instagram accounts running sextortion scams from Nigeria https://www.washingtonpost.com/business/2024/07/24/meta-nigeria-sextortion-scam-instagram-facebook/fce496c6-49b8-11ef-9149-c75da5dd9201_story.html [Schneier Blog] The CrowdStrike Outage and Market-Driven Brittleness https://www.schneier.com/blog/archives/2024/07/the-crowdstrike-outage-and-market-driven-brittleness.html Tip of the Week:OSINT Reconnaissance:  https://firewallsdontstopdragons.com/osint-reconnaissance/  Further Info Book surge results: https://fdsd.me/booksurge  Moxie Marlinspike (Signal) on Cellebrite vulnerabilities: https://signal.org/blog/cellebrite-vulnerabilities/  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:51: AT&T breach update 0:01:44: News rundown 0:03:56: Google gives up on Chrome plan to ditch third-party cookies 0:08:28: Group Claims to Use Location Data to Track Trump Shooter's Movements 0:13:42: J.D. Vance Venmo connections public 0:19:28: Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock 0:27:35: Meta takes down thousands of accounts running sextortion scams 0:31:21: Lessons from the CrowdStrike Outage 0:44:52: Tip of the Week: OSINT Reconnaissance 0:55:20: Book surge report 0:57:06: More help will be needed 0:58:10: Looking ahead

If someone decided to dig into your life - perhaps even try to 'dox' you - how might they go about doing that? What could they find about you right now on the internet? You might be surprised at how much information is readily available from public sources, including your local government agencies and state databases. Today I'll be talking with Jason Edison from Intel Techniques whose day job is using open source intelligence, or OSINT, to find suspected criminals and whose night job is helping people remove that same information to protect their privacy and even personal security. Interview Notes Intel Techniques: https://inteltechniques.com/  Data Removal Guide: https://inteltechniques.com/workbook.html  Data Removal Workbook (PDF): https://inteltechniques.com/data/workbook.pdf  Credit Freeze Guide: https://inteltechniques.com/freeze.html  MySudo privacy app: https://mysudo.com/ SimpleLogin (Proton) email aliases: https://simplelogin.io/ Private credit cards: https://privacy.com/   Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:41: Interview setup 0:02:34: What do you do for your day job in law enforcement? 0:05:17: What is open source intelligence, exactly? 0:08:41: What are your primary sources for OSINT? 0:12:01: What is doxing and how might it impact someone? 0:14:56: How does an OSINT specialist also value personal privacy? 0:22:36: How do others in law enforcement view data collection and privacy? 0:28:36: When emotional cases arise, do officials favor privacy rights over catching bad guys? 0:33:32: How do we balance privacy rights vs public safety? 0:39:19: How would you do a full workup on someone? 0:45:18: Where do people overshare or give away the most personal information? 0:52:31: How much of my personal information is available via public records? 0:56:43: Will tooks like AI help us find the needles in the haystacks? 1:00:56: What about data deletion services - are they worth it? 1:07:51: How useful are email and phone aliases for privacy? 1:11:17: How do you prove your identity to deletion sites without giving more info? 1:17:10: What tools can I find at Intel Techniques? 1:19:00: My data deletion journey

Ads on the web are beyond annoying - they are actually a threat to your privacy and sometimes even your security. Ads pay for a lot of the "free" web content we consume, but until ad networks stop tracking us and selling ad space to phishing and malware groups, we need tools to block them. Today I'll give you two solid options for doing so. In the news: Australian man charged for WiFi scam on flights; Airbnb reveals 35,000 complaints about hidden cameras; Linksys routers expose WiFi credentials; a massive new hacker list contains 10 billion unique passwords; a new AT&T call and text records data breach; Signal gets flak for response to storing encryption keys in the clear; Mozilla launches "privacy-preserving" ad attribution system (on by default); Proton launches encrypted Google Docs competitor. Article Links [The Hacker News] Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights https://thehackernews.com/2024/07/australian-man-charged-for-fake-wi-fi.html [9to5Mac] 35,000 complaints about hidden cameras in Airbnb properties https://9to5mac.com/2024/07/10/hidden-cameras-in-airbnb-properties/ [stackdiary.com] Linksys Velop routers send Wi-Fi passwords in plaintext to US servers https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/ [cybernews.com] RockYou2024: 10 billion passwords leaked in the largest compilation of all time https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/ [TechCrunch] What the AT&T call records data breach means for you https://techcrunch.com/2024/07/12/what-the-att-call-records-data-breach-means-for-you/ [stackdiary.com] Signal under fire for storing encryption keys in plaintext https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/ [Mozilla] Privacy-Preserving Attribution https://support.mozilla.org/en-US/kb/privacy-preserving-attribution [Lifehacker] Why You Should Consider Proton Docs Over Google https://lifehacker.com/tech/why-you-should-consider-proton-docs-over-google Tip of the Week: How & Why to Block Ads https://firewallsdontstopdragons.com/how-and-why-to-block-ads/  Further Info Enter the DEF CON 32 ticket raffle: send email to dc24@firewallsdontstopdragons.com Techlore NextDNS tutorial: https://www.youtube.com/watch?v=WUG57ynLb8I Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:21: Book surge report 0:03:00: News rundown 0:05:06: Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights 0:09:50: 35,000 complaints about hidden cameras in Airbnb properties 0:15:31: Linksys Velop routers send Wi-Fi passwords in plaintext to US servers 0:20:29: 10 billion passwords leaked in the largest compilation of all time 0:26:51: What the AT&T call records data breach means for you 0:32:37: Signal under fire for storing encryption keys in plaintext 0:47:24: Mozilla's new Privacy-Preserving Attribution 0:58:58: New: Proton Docs! 1:00:18: Tip of the Week: How & Why to Block Ads 1:12:41: Wrap up 1:13:01: Book surge report 1:15:25: DEF CON 32 ticket raffle! 1:17:48: Looking ahead

We're generating a ridiculous amount of data every day. Much of it is highly personal and that's dangerous. But there are actually several Privacy Enhancing Technologies that may allow us to use this personal data to improve our collective quality of life without ruining the privacy of the data subjects. I'll be discussing these PETs with Irene Knapp who spent five years working in the privacy department at Google. I will also spend a good bit of time asking them about what it's like working at Google and get some insights about the company's approach to privacy from the inside. (Spoiler: it's not good.) Interview Notes Internet Safety Labs: https://internetsafetylabs.org/about-us/  Irene’s Google departure post: https://medium.com/@Irenes/on-the-occasion-of-leaving-google-b8c7029c8d8b  Coworker.org: https://coworker.org  Google loses privacy chief: https://www.techspot.com/news/103268-google-privacy-chief-head-competition-law-leaving-not.html  Further Info BOOK SURGE!! https://fdsd.me/booksurge  Send me your questions! https://fdsd.me/qna  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:40: Interview setup 0:03:56: What is Internet Safety Labs and what do you do there? 0:05:45: Why do we not have liability in the software industry? 0:07:02: How did you come to work for Google and what was your experience like there? 0:07:58: What caused you to eventually leave? 0:10:26: How did private policy evolve while you were at Google? 0:12:36: What was happening in Google that impeded your efforts? 0:19:19: How does Google compare to other companies like Facebook? 0:20:56: What's your take on Google's new Privacy Sandbox technology? 0:27:24: Can we do some good with all the data we're collecting? 0:33:51: From where do we derive a legal right to privacy? 0:35:10: How does differential privacy work? 0:38:49: Where might we use differential privacy? 0:41:59: What is homomorphic encryption and how does it work? 0:44:47: Are there any other promising PETs? 0:46:49: How do zero knowledge proofs work? 0:49:20: Which of the PETs seem most promising right now? 0:51:20: Do we need privacy regulations to save us here? 0:56:19: What's next for you? 0:58:31: Interview wrap-up 1:00:52: BOOK SURGE!!

We've talked about how to backup your local device data and how to back up data that is primarily stored in the cloud. But there's a lot of important, irreplaceable data we take for granted: data owned by others. This might be shared online photo albums, cloud document collaborations, eBooks and other digital media, and even websites you frequently rely on. Today we'll talk about how you can make local copies of these files in case they should ever go offline. In other news: European politicians' personal details exposed online; Proton transitions to non-profit corporate structure; lawsuit claims Microsoft tracked sex toy purchases; online ID verification service exposed drivers licenses; new Mac info-stealer served up by Google Ads; law enforcement is spying on Americans' mail; new ALPR vulnerabilities prove it's a public safety threat; UK hospital hack leaks 300M patient records; US bans Kaspersky software; Sonos removes promise not to sell its users' data; Mozilla buys a 'privacy-centric' ad firm. Article Links [proton.me] Cyber house of cards – Politicians’ personal details exposed online https://proton.me/blog/politicians-exposed-dark-web [proton.me] Proton is transitioning towards a non-profit structure https://proton.me/blog/proton-non-profit-foundation [404media.co] Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording in Real Time' Software https://www.404media.co/lawsuit-claims-microsoft-tracked-sex-toy-shoppers-with-recording-in-real-time-software/ [404media.co] ID Verification Service for TikTok, Uber, X Exposed Driver Licenses https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/ [Ars Technica] Mac users served info-stealer malware through Google ads https://arstechnica.com/security/2024/06/mac-info-stealer-malware-distributed-through-google-ads/ [The Washington Post] Law enforcement is spying on thousands of Americans’ mail, records show https://www.washingtonpost.com/technology/2024/06/24/post-office-mail-surveillance-law-enforcement/ [Electronic Frontier Foundation] New ALPR Vulnerabilities Prove Mass Surveillance Is a Public Safety Threat https://www.eff.org/deeplinks/2024/06/new-alpr-vulnerabilities-prove-mass-surveillance-public-safety-threat [TechCrunch] US bans sale of Kaspersky software citing security risk from Russia  https://techcrunch.com/2024/06/20/us-bans-kaspersky-software-security-risk-russia/ [AppleInsider] Sonos removes a promise to not sell personal data, gets busted by users https://appleinsider.com/articles/24/06/15/sonos-removes-a-promise-to-not-sell-personal-data-gets-busted-by-users [theregister.com] What's up with Mozilla buying ad firm Anonym? It's all about 'privacy-centric advertising' https://www.theregister.com/2024/06/18/mozilla_buys_anonym_betting_privacy/ Tip of the Week: Backing Up Other Data https://firewallsdontstopdragons.com/how-to-backup-other-data/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:25: Book blitz coming soon 0:00:55: Dear Carey reminder 0:01:38: Bitwarden bug fixed 0:02:28: News rundown 0:04:22: EU politicians’ personal details exposed online 0:10:37: Proton adopts non-profit structure 0:15:15: Lawsuit Claims Microsoft Tracked Sex Toy Shoppers 0:19:28: ID Verification Service Exposed Driver Licenses 0:27:38: Mac users served info-stealer malware through Google ads

Every day, we generate tons of digital exhaust: our web browsing, GPS location, online and in-store purchases, emails and messages, social media posts and feed viewing habits, and much, much more. Online marketers and data brokers have been living off these breadcrumbs for years. The intelligence and law enforcement agencies have found this data to be incredibly revealing, and they can buy most of this data on the open market without requiring any sort of warrant - and they have. This has important implications for democratic societies that value privacy and freedom. I'll discuss how this mass surveillance works and what it means for all of us with Byron Tau, author of the book "Means of Control". Interview Notes Means of Control: https://www.amazon.com/Means-Control-Alliance-Government-Surveillance/dp/0593443225  Byron Tau at NOTUS: https://www.notus.org/byron-tau  Puking Monkey’s DEF CON presentation: https://www.youtube.com/watch?v=T43Ti7c11lY  Make your EZ Pass “moo”: https://hackaday.com/2013/09/16/modified-e-zpass-detects-reads-far-from-toll-booths/  Official US policy on collecting public info on citizens: https://www.dni.gov/index.php/newsroom/press-releases/press-releases-2024/3815-odni-releases-ic-policy-framework-for-commercially-available-information  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:58: Update your Windows PCs 0:01:32: Interview setup 0:04:59: How might the collection of online data impact a regular person? 0:10:13: What sorts of things can all this data reveal about us? 0:15:44: How much can we learn by tracking a person's location? 0:17:38: What is 'gray data'? 0:22:40: Our data can be saved virtually forever - what are the ramifications? 0:26:30: How are data gathering rules different for law enforcement vs intelligence agencies? 0:32:54: When did data brokers start selling our info to government agencies? 0:39:22: Is it legal for these agencies to act as data brokers themselves? 0:42:12: What laws have impacted this sort of data collection in the US? 0:44:49: How and why do these agencies hide this data collection? 0:51:02: Are governments sharing data to skirt local restrictions? 0:54:54: How have these spy programs evolved since 9/11? 1:00:28: Have government agencies lobbied Congress against federal privacy laws?? 1:03:20: How can we limit data collection and increase our privacy? 1:06:24: Could the Big Tech backlash help get a privacy law passed? 1:08:33: What are you working on next? 1:09:59: Interview follow-up 1:11:36: Looking ahead

Until recently, most of our important data lived primarily on our devices. Backing up that data often meant choosing a cloud backup service. But today, many of our most important photos and files are actually stored in the cloud. While cloud servers are supposed to be more robust than home computers with flaky hard drives and smartphones that get lost or stolen, it also means that someone else is in control of that data. Cloud services go offline, get bought out or even shut down. We now need to be sure to back up our cloud data, too. In other news: 23andMe breach under investigation by US and Canada; cops release personal location info to FOIA request; hacker gains access to Tile customer data; more car privacy updates; Microsoft Recall backlash highlights our distrust; report shows Microsoft favoring profits over security; Mac Bartender app shadily changes ownership; new Apple privacy features coming. Article Links [malwarebytes.com] 23andMe data breach under joint investigation in two countries https://www.malwarebytes.com/blog/news/2024/06/23andme-data-breach-under-joint-investigation-in-two-countries [theregister.com] Crooks threaten to leak 3B personal records 'stolen from background check firm' https://www.theregister.com/2024/06/03/usdod_data_dump/ [404media.co] Cops Released a Car’s Travel History to a Total Stranger https://www.404media.co/cops-released-a-cars-travel-history-to-a-total-stranger/ [404media.co] Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/ [The New York Times] Is Your Driving Being Secretly Scored? https://www.nytimes.com/2024/06/09/technology/driver-scores-insurance-data-apps.html [Windows Central] A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-straw [ProPublica] Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers [AppleInsider] Adobe's new terms of service unacceptably gives them access to all of your projects, for free https://appleinsider.com/articles/24/06/06/adobes-new-terms-of-service-unacceptably-gives-them-access-to-all-of-your-projects-for-free [MacRumors] PSA: Bartender Mac App Under New Ownership, But Lack of Transparency Raises Concerns https://www.macrumors.com/2024/06/04/bartender-mac-app-new-owner/ [9to5Mac] iOS 18 includes these new privacy features: Lock and hide apps, improved contact permissions, more https://9to5mac.com/2024/06/10/ios-18-includes-these-new-privacy-features-lock-and-hide-apps-improved-contact-permissions-more/ Tip of the Week: Backup Your Cloud Data: https://firewallsdontstopdragons.com/how-to-backup-cloud-data/  Further Info Under New Management plugin: https://github.com/classvsoftware/under-new-management Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:52: News preview 0:03:11: 23andMe data breach under joint investigation in two countries 0:07:01: Crooks threaten to leak 3B personal records 'stolen from background check firm' 0:09:52: Cops Released a Car’s Travel History to a Total Stranger

Encrypted communications are important for everyone, even if you have nothing to hide. But they're also important when you're trying to hide global criminal operations. Drug smugglers and money launderers have special needs when it comes to secure messaging. Several phone companies were created to address this market. Unfortunately for the criminals, the most popular one - Anom - was secretly run by the FBI. Today Joseph Cox from 404 Media will tell us about this astoundingly audacious sting operation, which is the basis for his book, Dark Wire. Interview Notes Order Dark Wire: https://a.co/d/h9o7ump Anom website (right before take down): https://web.archive.org/web/20210507151115/http://anom.io/  Phantom Secure website (circa 2017): https://web.archive.org/web/20170330122723/http://phantomsecure.com/  Vice Anom story: https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor  Anom phone video: https://www.youtube.com/watch?v=EA1KS-xh0n0  Operation Trojan Shield: https://en.wikipedia.org/wiki/Operation_Trojan_Shield  Trojan Shield press conference: https://www.youtube.com/watch?v=S89O0nis_ss  Encrochat: https://en.wikipedia.org/wiki/EncroChat  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:54: Migrating to Mastodon 0:02:24: Embracing the dark... mode 0:02:45: Countdown to 400 0:03:28: Interview setup 0:04:30: How did this all start with you on an obscure forum for criminals? 0:08:34: What was Operation Trojan Shield? 0:10:49: How did the FBI start a secure phone company? 0:12:41: What were some of Anom's key tech features? 0:15:26: Where did they get the Arcane Operating System? 0:17:56: How did the 'duress' feature work? 0:20:18: How did Anom copy encrypted messages without being detected? 0:24:35: How were these phones marketed to criminals? 0:28:10: What does these phones cost? 0:30:09: What were the legal aspects for this multi-national operation? 0:34:49: How did they use this intelligence without revealing the source? 0:39:38: Did the criminals ever suspect the phones? 0:42:04: How did this all come to an end? 0:46:14: So, are we 'going dark' or not? 0:49:27: What lessons did the FBI take away from all this? 0:51:36: Can we still trust things like Signal and Proton? 0:55:39: What's your next big story or book? 0:58:09: Interview end notes 1:03:12: Looking ahead

Most major social media platforms are a hot mess. Your feed is filled with tons of crap you never asked to see and your data is mined mercilessly to serve you targeted ads. The promise of having a place to trade interesting posts with friends and family is now muddied up with sponsored content chosen by hidden algorithms optimized to keep you scrolling. It doesn't have to be that way. I've found something much better, and I'm inviting you to come join me. In other news: Ticketmaster breach leaks data on half a billion users; the iOS bug that resurrected deleted photos explained; GPT-4 can write working malware based only on CVE bug descriptions; Slack customers upset to learn that their data was being used to train AI systems; WiFi location service can be used to track mobile routers; police are trialing new devices that can track and identify you based on multiple electronic signals; new Windows AI feature records everything you do on your PC; Microsoft rolling out welcome changes to admin privilege use; Google adding several privacy and security features to Android 15; and iVerify how has an Android app. Article Links [Mashable] Ticketmaster hacked. Breach affects more than half a billion users. https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack [9to5Mac] Security Bite: Here’s the iOS 17.5 bug that resurfaced deleted photos https://9to5mac.com/2024/05/26/security-bite-heres-the-ios-17-5-bug-that-resurfaced-deleted-photos/ [Dark Reading] GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories [securityweek.com] User Outcry as Slack Scrapes Customer Data for AI Model Training https://www.securityweek.com/user-outcry-as-slack-scrapes-customer-data-for-ai-model-training/ [9to5Mac] Apple Location Services vulnerability can enable troop movements to be tracked https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/ [Forbes] New Police Tech Can Detect Phones, Pet Trackers And Library Books In A Moving Car https://www.forbes.com/sites/thomasbrewster/2024/05/14/police-car-surveillance-tech-uncovers-phones-pet-trackers-and-library-books/ [Ars Technica] New Windows AI feature records everything you’ve done on your PC https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/ [PCWorld] Microsoft battens security hatches on Windows admin accounts https://www.pcworld.com/article/2344405/microsoft-battens-security-hatches-on-oft-used-windows-admin-accounts.html [Lifehacker] Google Is Rolling Out Some Great Privacy Features to Android This Year https://lifehacker.com/tech/google-is-rolling-out-some-great-privacy-features-with-android-15 [iverify.io] iVerify Basic is now on Android! https://www.iverify.io/post/iverify-basic-is-now-on-android Tip of the Week: Move to Mastodon https://firewallsdontstopdragons.com/how-to-move-to-mastodon/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:34: Ticketmaster hacked, breach affects more than half a billion users 0:05:59: Here’s the iOS 17.5 bug that resurfaced deleted photos 0:12:28: GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories 0:17:36: User Outcry as Slack Scrapes Customer Data for AI Model Training 0:23:12: Apple Location Services vulnerability can enable troop movements ...

Our privacy has never been more threatened. While some of us are vaguely aware of this, most of the rampant data collection and sharing is completely opaque. And the consequences are more dire than most of us realize. We can't afford to be complacent. We need to push back, to ask questions, and make better choices. Privacy-respecting apps and services do exist today. Making a deliberate and overt decision to use them will force the market (and our elected representatives) to take notice. My guest Naomi Brockwell from NBTV will make a compelling case for privacy and reclaiming control of our data, including several top notch tips for doing so. Interview Notes Naomi Brockwell’s NBTV: https://www.nbtv.media/   A World Without Privacy: https://www.nbtv.media/episodes/a-world-without-privacy  A Beginner’s Introduction to Privacy: https://www.amazon.com/Beginners-Introduction-Privacy-Naomi-Brockwell-ebook/dp/B0BQHS8MFS  Who can access your car remotely? https://www.youtube.com/watch?v=Ff9pmaSdZV8  Naomi Brockwell on All Things Secured: https://www.youtube.com/watch?v=D0WjIWBQEBM  Michael Bazzell’s Extreme Privacy resources: https://inteltechniques.com/links.html  Try Proton! https://firewallsdontstopdragons.com/its-time-to-try-proton/  Try Signal! https://firewallsdontstopdragons.com/how-to-switch-to-signal/  Further Info Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:58: How did you become a privacy evangelist? 0:06:51: What are some of the most mind-blowing ways we leak personal data? 0:09:56: What were some of Orwell's most prescient predictions in 1984? 0:15:49: How is surveillance different in real life from 1984? 0:22:23: How does data collection skew the power balance between citizens and authorities? 0:26:36: How do you counter the "I have nothing to hide" argument? 0:29:55: Why is it so important to normalize the use of privacy tools? 0:33:46: What changes do you recommend and what are the impacts for making them? 0:45:48: If you've given away tons of personal data already, is it too late? 0:50:07: What can we do to push vendors to respect our privacy more? 0:57:49: What's the future of privacy look like? 1:00:15: Post-interview notes 1:06:11: Looking ahead

Security experts talk at length about how to choose a good password - but we don't often talk about how to choose a good PIN code. A recent analysis by a researcher shows popular patterns humans use when choosing PIN codes, and therefore what you should avoid doing. In the news: MediSecure e-Rx firm hit by data breach; CISA warns of active D-Link router exploit; a couple cases of insecure APIs being abused; 53k Nissan employees' SSN's leaked; new macOS malware called Cuckoo; Ascension Healthcare suffers cyberattack; Proton user's poor OpSec gives him away; TunnelVision VPN attack exploits DHCP feature; Maryland & Vermont pass data privacy laws; tracker detection feature debuts on iPhone & Android. Article Links [BleepingComputer] MediSecure e-script firm hit by ‘large-scale’ data breach https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/ [The Hacker News] CISA Warns of Actively Exploited D-Link Router Vulnerabilities https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html [Ars Technica] How I upgraded my water heater and discovered how bad smart home security can be https://arstechnica.com/gadgets/2024/05/how-i-upgraded-my-water-heater-and-discovered-how-bad-smart-home-security-can-be/ [BleepingComputer] Dell API abused to steal 49 million customer records in data breach https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ [infosecurity-magazine.com] 53,000 Nissan Employees' Social Security Numbers Exposed https://www.infosecurity-magazine.com/news/employees-social-security-nissan/ [Tom's Guide] New Cuckoo macOS malware can take over all Macs and steal your passwords https://www.tomsguide.com/computing/malware-adware/new-cuckoo-macos-malware-can-take-over-all-macs-and-steals-your-passwords-too-dont-fall-for-this [Dark Reading] Ascension Healthcare Suffers Major Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack [restoreprivacy.com] Proton Mail Discloses User Data Leading to Arrest in Spain https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/ [Ars Technica] Novel attack against virtually all VPN apps neuters their entire purpose https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ [mullvad.net] Evaluating the impact of TunnelVision https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision [epic.org] Vermont Passes Landmark Data Privacy Bill https://epic.org/vermont-passes-landmark-data-privacy-bill/ [epic.org] Governor Moore Signs Maryland Online Data Privacy Act https://epic.org/governor-moore-signs-maryland-online-data-privacy-act/ [9to5Mac] Here’s how the new Cross-Platform Tracking Detection works https://9to5mac.com/2024/05/13/cross-platform-tracking-detection-ios-17-5/ Tip of the Week: How to Choose a PIN https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:34: Update Apple devices, Chrome 0:01:16: A note on supporting Firefox 0:03:48: News preview 0:07:00: MediSecure hit by large-scale data breach 0:09:01: CISA Warns of Actively Exploited D-Link Router Vulnerabilities 0:13:14: How I upgraded my water heater and discovered how bad smart home securi...

Russia has been hacking Ukraine for at least a decade now, but since the invasion of Ukraine in February of 2022, the cyber war has changed. Instead of being a tactical element, cyber war is now a full-fledged strategic aspect of the conflict, on both sides. At the outset, Ukraine put out an official call to enlist cyber warriors from around the globe to their cause in what's been called the IT Army of Ukraine. Today we'll look at how this group was formed, how it operates, and what we should all be learning from what's happening there. My guest is Dina Temple-Raston from The Record, the Click Here Podcast, and formerly NPR. Interview Notes Dina Temple-Raston at The Record: https://therecord.media/author/dina-temple-raston  Click Here podcast: https://therecord.media/podcast  Click Here, Episode 98: “Lessons from the world's first hybrid war”: https://podcasts.apple.com/us/podcast/click-here/id1225077306?i=1000639045741  NPR’s I’ll Be Seeing You: https://www.npr.org/series/760566025/ill-be-seeing-you  Operation Glowing Symphony: https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:50: How did you get into covering cybersecurity and cyber warfare? 0:06:48: When and how did Russian cyber attacks begin in Ukraine? 0:15:40: What is the IT Army of Ukraine and what is its origin? 0:20:47: Have we seen other cyberwar volunteer organizations? 0:23:05: How are information and communications being utilized by the IT Army? 0:26:53: How has Russia responded to this? 0:28:34: How are IT Army members recruited and vetted? 0:30:17: How are objectives coordinated? 0:31:20: Where are IT Army members coming from? 0:32:03: Do we know if Western military members are participating in the IT Army? 0:36:30: What are the military lessons to be learned here? 0:42:11: What should civilians be learning from all of this? 0:46:01: What's next for you and Click Here? 0:47:14: Wrap-up and looking ahead