Lock and Code

You've likely fallen for it before—a simulated test sent by your own company to determine whether its employees are vulnerable to one of the most pernicious online threats today: Phishing. Those simulated phishing tests often come with a voluntary or mandatory training afterwards, with questions and lessons about what mistakes you made, right after you made them.  But this extremely popular phishing defense practice might not work. In fact, it might make you worse at recognizing phishing attempts in the future. That's what Daniele Lain and his fellow PhD candidates at the ETH Zurich university in Switzerland revealed in a recent 15-month study, which we discuss today on Lock and Code, with host David Ruiz.

In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150 countries in just 24 hours. And it could have been solved with a patch that was released nearly two months prior. This was the WannaCry ransomware attack, and its final, economic impact—in ransoms paid but also in downtime and recovery efforts—has been estimated at about $4 billion. All of it could have been avoided if every organization running a vulnerable version of Windows 7 had patched that vulnerability, as Microsoft recommended. But that obviously didn't happen. Why is that? In today's episode of Lock and Code with host David Ruiz, we speak with cybersecurity professional Jess Dodson about why patching is so hard to get right for so many organizations, and what we could all do to better improve our patching duties.

We are only days into 2022, which means what better time for a 2021 retrospective? But rather than looking at the biggest cyberattacks of last year—which we already did—or the most surprising—like we did a couple of years ago—we wanted to offer something different for readers and listeners.  On today's episode of Lock and Code, with host David Ruiz, we spoke with Malwarebytes Labs' editor-in-chief Anna Brading and Labs' writer Mark Stockley about what upset them the most about cybersecurity in 2021.

In August, the NFT for a cartoon rock sold for $1.3 million, and ever since then, much of the world has been asking: What the heck is going on? On today's episode of Lock and Code, with host David Ruiz, we speak with Malwarebytes' Mark Stockley, TechCrunch's Lucas Matney, and Pilot 44's Mike Maizels about the basics of NFTs and the cryptocurrency-related technology behind them, the implied value of NFTs and why people are paying so much money for them, and the future of NFT's both within the art world and beyond it.

In 2021, the war for computer superiority has a clear winner, and it is the Macintosh, by Apple. The company's Pro laptops are finally, belatedly equipped with ports that have been standard in other computers for years. The company's beleaguered "butterfly" keyboard has seemingly been erased from history. And the base model of company's powerhouse desktop tower could set you back a hefty $6,000. What's not to love? On Lock and Code this week, we talk to Mac security expert Thomas Reed about why Macs are clearly the best... or are they?  

Cyberstalking. Harassment. Stalkerware. Nonconsensual pornography, real and digitally altered. The Internet can be a particularly ugly place for women. On Lock and Code this week, we ask why. Join a conversation with with Digitunity's Sue Krautbauer about what has gone wrong with the Internet, and what we can do to fix it. 

The cybersecurity basics should be just that—basic. Easy to do, agreed-upon, and adopted at a near 100 percent rate by companies and organizations everywhere, right? You'd hope. But the reality is that basic cybersecurity blunders have led to easy-to-discover vulnerabilities in companies including John Deere, Clubhouse, and Kaseya VSA (which we've all talked about on this show), and at least for Kaseya VSA, those vulnerabilities led to one of the worst ransomware attacks in recent history. Today, on the Lock and Code podcast with host David Ruiz, we speak with security professional and recovering Windows systems administrator Jess Dodson about why we seem to keep getting the cybersecurity basics so wrong, and why getting up to speed—which can take a company more than a year—is so necessary.

What does online privacy mean to you? Maybe it's securing your online messages away from prying eyes. Maybe it's keeping your browsing behavior hidden from advertisers. Or maybe it's, like for many people today, using a VPN to hide your activity from your Internet Service Provider. But because online privacy can mean so many things, that also means it includes so much more than just using a VPN. Today, we speak to The Tor Project Executive Director Isabella Bagueros about what other types of online tracking users are vulnerable to, even if they're using a VPN, how else users can stay private online without becoming overwhelmed, and why users should be careful about trusting any one, single VPN.

On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber hacking campaign coming from the United Arab Emirates, called Project Raven, that has reportedly impacted hundreds of journalists, activists, and human rights defenders in Yemen, Iran, Turkey, and Qatar.  But in a bizarre twist, this tale of surveillance abroad tapered inwards into a tale of privacy at home, as one of the three men named by the DOJ is Daniel Gericke, the chief information officer at ExpressVPN. Which, as it just so happens, is the preferred VPN vendor of our host David Ruiz, who, as it just so happens, has spent much of his career explicitly fighting against government surveillance. And he has some thoughts on the whole thing. 

Internet safety for kids is hard enough as it is, but what about Internet safety for children with special needs? How do you teach strong password creation for children with learning disabilities? How do you teach children how to separate fact from fiction when they have a different grasp of social cues? And how do you make sure these lessons are not only remembered for years to come, but also rewarding for the children themselves? Today on Lock and Code, we speak with Alana Robinson, a special education technology and computer science teacher for K – 8, about cybersecurity trainings for children with special needs, and about how, for some lessons, her students are better at remembering the rules of online safety than some adults.