Firewall Stone Step Dragons

Black Friday is just around the corner, which marks the unofficial launch of the holiday shopping season. As you’re considering what gifts to give to your loved ones this year, I want to make sure you’re thinking about the privacy and security aspects. To that end, I have updated my annual Best and Worst Gift Guide and I will go over the highlights in this episode for my Tip of the Week. But I also have a special new gift idea this year: security and privacy coupons that you can download and give to your loved ones!

In the news: USPS tells customers to avoid using the big blue mailboxes for gifts and important letters during the holiday season; Google pays nearly $400M fine to 40 states who sued over location tracking; Medibank refuses to pay ransom for data and criminals are starting to leak sensitive medical records online; TransUnion reports a data breach; FBI director warns that TikTok is a national security risk; Lenovo laptops are exposed to UEFI malware risks (update now); a mysterious company with government ties and a history of spying has become a root certificate authority; the British government is scanning its citizens devices looking for vulnerabilities in hopes of fixing them; almost 50% of all Mac malware can be traced to a single, security application; Apple apps are sending tons of analytics data to Apple even when analytics are disabled; I answer a listener question (Dear Carey) about the best Mastodon clients, in the wake of the Twitter collapse.

Article Links

1. [Lifehacker] Avoid Using Blue Mailboxes During the Holidays, USPS Warns https://lifehacker.com/avoid-using-blue-mailboxes-during-the-holidays-usps-wa-1849773201
2. [The Hacker News] Google to Pay $391 Million Privacy Fine for Secretly Tracking Users’ Location https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html
3. [CPO Magazine] Medibank Refuses Ransom Payments, Hackers Leak Stolen Health Data to Dark Web https://www.cpomagazine.com/cyber-security/medibank-refuses-ransom-payments-hackers-leak-stolen-health-data-to-dark-web/
4. [BGR] TransUnion data breach compromises financial information of consumers https://bgr.com/tech/transunion-data-breach-compromises-financial-information-of-consumers/
5. [USA TODAY] FBI director says TikTok poses national security threat, and he’s ‘extremely concerned’ https://www.usatoday.com/story/tech/2022/11/16/tiktok-poses-national-security-threat-fbi/10709987002/
6. [Ars Technica] Lenovo driver goof poses security risk for users of 25 notebook models https://arstechnica.com/information-technology/2022/11/lenovo-patches-secure-boot-vulnerabilities-that-imperil-25-notebook-models/
7. [The Washington Post] Mysterious company with government ties plays key internet role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
8. [Bleeping Computer] British govt is scanning all Internet devices hosted in UK https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/amp/
9. [Tom’s Guide] Almost 50% of macOS malware reportedly comes from single app — delete it now https://www.tomsguide.com/news/new-report-says-nearly-half-of-macos-malware-comes-from-single-app-delete-it-now
10. [Gizmodo] Apple Is Tracking You Even When Its Own Privacy Settings Say It’s Not, New Research Says https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558
11. Dear Carey: Mastodon clients.
    1. https://joinmastodon.org/apps 
    2. https://bilge.world/mastodon-ios-apps 

Further Info

• Best & Worst Gifts for 2022: https://firewallsdontstopdragons.com/best–worst-gifts-2022/
• Privacy & Security Coupons: https://fdsd.me/coupons 
• Give thanks and donate! https://firewallsdontstopdragons.com/give-thanks-donate/ 
• Send me your questions! https://fdsd.me/qna 
• Support me! https://fdsd.me/support 
• Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
• Check out my book, Firewalls Don’t Stop Dragons: https://firewallsdontstopdragons.com/buy-the-book/ 
• Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest 
• Generate secure passphrases! https://d20key.com/#/ 

Table of Contents

Use these timestamps to jump to a particular section of the show.

• 0:00:33: 5th edition update
• 0:03:38: QR code scam update
• 0:05:03: Twitter and FTX
• 0:06:07: News rundown
• 0:08:11: USPS says you should avoid blue mailboxes for holiday gifts
• 0:10:48: Google to pay $391M privacy fine to settle suit
• 0:13:05: Medibank refuses to pay ransom, data starts being posted
• 0:17:38: TransUnion data breach
• 0:20:46: FBI directory says TikTok is a national security threat
• 0:23:40: Lenovo UEFI bug found, patch immediately
• 0:27:29: Mysterious company with gov’t ties wants to mint certificates
• 0:39:40: British government to scan internet for vulnerable devices
• 0:44:29: 50% of Mac malware comes from a single app
• 0:47:45: Apple apps track you even with analytics turned off
• 0:54:46: Tip of the Week: Best & Worst Gifts
• 1:06:20: Security & Privacy Coupons
• 1:10:27: Dear Carey: Mastodon client?