How to Choose a PIN

Security experts talk at length about how to choose a good password – but we don’t often talk about how to choose a good PIN code. A recent analysis by a researcher shows popular patterns humans use when choosing PIN codes, and therefore what you should avoid doing.

In the news: MediSecure e-Rx firm hit by data breach; CISA warns of active D-Link router exploit; a couple cases of insecure APIs being abused; 53k Nissan employees’ SSN’s leaked; new macOS malware called Cuckoo; Ascension Healthcare suffers cyberattack; Proton user’s poor OpSec gives him away; TunnelVision VPN attack exploits DHCP feature; Maryland & Vermont pass data privacy laws; tracker detection feature debuts on iPhone & Android.

Article Links

1. [BleepingComputer] MediSecure e-script firm hit by ‘large-scale’ data breach https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/
2. [The Hacker News] CISA Warns of Actively Exploited D-Link Router Vulnerabilities https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html
3. [Ars Technica] How I upgraded my water heater and discovered how bad smart home security can be https://arstechnica.com/gadgets/2024/05/how-i-upgraded-my-water-heater-and-discovered-how-bad-smart-home-security-can-be/
4. [BleepingComputer] Dell API abused to steal 49 million customer records in data breach https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/
5. [infosecurity-magazine.com] 53,000 Nissan Employees’ Social Security Numbers Exposed https://www.infosecurity-magazine.com/news/employees-social-security-nissan/
6. [Tom’s Guide] New Cuckoo macOS malware can take over all Macs and steal your passwords https://www.tomsguide.com/computing/malware-adware/new-cuckoo-macos-malware-can-take-over-all-macs-and-steals-your-passwords-too-dont-fall-for-this
7. [Dark Reading] Ascension Healthcare Suffers Major Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack
8. [restoreprivacy.com] Proton Mail Discloses User Data Leading to Arrest in Spain https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/
9. [Ars Technica] Novel attack against virtually all VPN apps neuters their entire purpose https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
10. [mullvad.net] Evaluating the impact of TunnelVision https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision
11. [epic.org] Vermont Passes Landmark Data Privacy Bill https://epic.org/vermont-passes-landmark-data-privacy-bill/
12. [epic.org] Governor Moore Signs Maryland Online Data Privacy Act https://epic.org/governor-moore-signs-maryland-online-data-privacy-act/
13. [9to5Mac] Here’s how the new Cross-Platform Tracking Detection works https://9to5mac.com/2024/05/13/cross-platform-tracking-detection-ios-17-5/
14. Tip of the Week: How to Choose a PIN https://firewallsdontstopdragons.com/how-to-choose-a-pin/ 

Further Info

• Send me your questions! https://fdsd.me/qna 
• Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
• Subscribe to the newsletter: https://fdsd.me/newsletter 
• Become a patron! https://www.patreon.com/FirewallsDontStopDragons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Support our mission! https://fdsd.me/support 
• Generate secure passphrases! https://d20key.com/#/ 

Table of Contents

Use these timestamps to jump to a particular section of the show.

• 0:00:34: Update Apple devices, Chrome
• 0:01:16: A note on supporting Firefox
• 0:03:48: News preview
• 0:07:00: MediSecure hit by large-scale data breach
• 0:09:01: CISA Warns of Actively Exploited D-Link Router Vulnerabilities
• 0:13:14: How I upgraded my water heater and discovered how bad smart home security can be
• 0:19:46: Dell API abused to steal 49 million customer records
• 0:23:11: 53,000 Nissan Employees’ Social Security Numbers Exposed
• 0:27:06: New Cuckoo macOS malware can take over all Macs and steal your passwords
• 0:32:41: Ascension Healthcare Suffers Major Cyberattack
• 0:35:22: Proton Mail Discloses User Data Leading to Arrest in Spain
• 0:43:35: Novel attack against virtually all VPN apps neuters their entire purpose
• 0:47:28: Mullvad: Evaluating the impact of TunnelVision
• 0:55:48: Vermont & Maryland Pass Data Privacy Laws
• 0:58:27: Here’s how the new Cross-Platform Tracking Detection works
• 1:01:50: Tip of the Week: How to Choose a PIN
• 1:10:12: Looking ahead