Firewalls Don't Stop Dragons Podcast

The Internet of Things (IoT) has added internet connections to lots of home devices. Each and every one of those devices runs software on a computer chip. Almost all software has bugs and those bugs may be exploitable by bad guys. We're going to take another look at protecting our home networks using a simple, logical methodology. Step one: SCAN. That is, first of all, we need to understand the scope of the problem by enumerating all of the devices on your home network. I'll explain how to do that. In other news: Apple re-releases security update after web glitch; EV chargers are vulnerable to hacking which could have significant impacts; tax prep firms shared 'extraordinarily sensitive' data with Meta; Meta's new Threads service collects tons of personal info and employs dark patterns to hook you in; France passes law giving law enforcement access to private device cameras, mics and locations; police are collecting and selling personal info, bypassing the 4th Amendment and sharing across state lines; Massachusetts weighs outright ban on selling user location data; printers and printing services may be mining your documents for data. Article Links [MacRumors] Apple Releases Revised iOS and macOS Security Updates to Fix Actively Exploited Vulnerability and Safari Bug https://www.macrumors.com/2023/07/12/apple-releases-revised-security-updates/ [WIRED] EV Charger Hacking Poses a ‘Catastrophic’ Risk https://www.wired.com/story/electric-vehicle-charging-station-hacks/ [The Associated Press] 3 tax prep firms shared ‘extraordinarily sensitive’ data about taxpayers with Meta, lawmakers say https://apnews.com/article/irs-taxpayer-tax-preparation-meta-congress-9315cfca7a0942ab89f765d183fbf822 [Ars Technica] How Threads’ privacy policy compares to Twitter’s (and its rivals’) https://arstechnica.com/security/2023/07/how-threads-privacy-policy-compares-to-twitters-and-its-rivals/ [Yanko Design] The ‘Threads’ App is FILLED With Deceptive Dark Design Patterns – We Spotted More Than TEN https://www.yankodesign.com/2023/07/07/the-threads-app-is-filled-with-deceptive-dark-design-patterns-we-spotted-more-than-ten/ [Gizmodo] France Passes New Bill Allowing Police to Remotely Activate Cameras on Citizens' Phones https://gizmodo.com/france-bill-allows-police-access-phones-camera-gps-1850609772 [Tampa Bay Times] Hillsborough, Clearwater police monitoring private security cameras https://www.tampabay.com/news/hillsborough/2023/07/10/hillsborough-clearwater-police-monitoring-private-security-cameras/ [New York Daily News] NYPD seeks to grab cell phone IDs from people under arrest or in custody; push for IMEI numbers raises concerns https://www.nydailynews.com/new-york/nyc-crime/ny-nypd-campaign-cellphone-idenfiication-numbers-controversy-20230708-yltabdlozfbppeoodxymyub3zq-story.html [The Sacramento Bee] California cops illegally share data with anti-abortion states https://www.sacbee.com/news/politics-government/capitol-alert/article275795726.html [Engadget] Massachusetts weighs outright ban on selling user location data https://www.engadget.com/massachusetts-weighs-outright-ban-on-selling-user-location-data-191637974.html [The Washington Post] Your printing service might read your documents. Here’s what to know. https://www.washingtonpost.com/technology/2023/07/10/printing-privacy-security-printed-documents/ Tip of the Week: IoT Inventory https://firewallsdontstopdragons.com/secure-your-network-part-1-scan/ Further Info Nominate someone for a challenge coin: https://fdsd.me/quest  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about sec...

After lengthy negotiations and revisions, the White House has finally released its National Cybersecurity Strategy document, outlining it's priorities and goals. It's a wide-ranging and ambitious document consisting of five major areas of focus, or "pillars". What's new here? What will it mean for businesses and critical infrastructure? And what does this mean for you and I? Today I'll cover all of that and more with Josh Corman from I Am the Cavalry and formerly with the US Cybersecurity and Infrastructure Security Agency (CISA). Interview Notes National Security Strategy doc: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf Consequential Cybersecurity: https://claroty.com/blog/consequential-cybersecurity-brace-yourself-for-the-white-house-national-cybersecurity-strategy  PPD-21: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil  Known Exploited Vulnerabilities catalog : https://www.cisa.gov/known-exploited-vulnerabilities-catalog  Swimming with Sharks TED talk: https://www.youtube.com/watch?v=rZ6xoAtdF3o  I Am the Cavalry: https://iamthecavalry.org/  CISA Secure by Design: https://www.cisa.gov/securebydesign Further Info Nominate someone for a challenge coin: https://fdsd.me/quest  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:55: Interview setup 0:04:00: What is this strategy document, at a high level? 0:14:02: What are some of the more important or novels aspects? 0:18:05: Do agencies have the budget and authority to implement these strategies? 0:22:11: Will having a gov't backstop actually encourage attacks or discourage preparation? 0:30:40: Should the gov't actively scan US firms/orgs for vulnerabilities? 0:36:56: What should we do about the marketplace for zero-day hacks? 0:39:52: How aggressive should the US be against hackers? 0:41:03: What is NOT addressed by this strategy? 0:45:55: How should be manage our dependencies on foreign software and hardware? 0:52:59: What can everyday people take away from these strategies? 0:59:50: Has this document already had impacts? How do we monitor progress? 1:03:56: Interview wrap-up 1:07:40: Looking ahead

You're using a password manager. You're even using two-factor authentication. Great! When done properly, this will keep the bad guys out. Unfortunately, if you're not careful, it may also keep you out. If you forget your master password or lose access to your 2FA device, you'll be in real trouble... unless you have an access backup plan. This same plan can also help your spouse or next of kin to access your accounts should you die or become incapacitated. In the news: CISA issues a DDoS warning after multiple attacks; LetMeSpy stalkerware maker suffers a data breach of collected data; researchers use LED power light flicker to break cryptographic keys; Australian PM recommends citizens to power cycle their phones once a day; several artists boycott venues that use facial recognition; Brave browser introduces new localhost access permission; Proton unveils new password manager; Dear Carey questioner asks about PDF readers. Article Links [BleepingComputer] CISA issues DDoS warning after attacks hit multiple US orgs https://www.bleepingcomputer.com/news/security/cisa-issues-ddos-warning-after-attacks-hit-multiple-us-orgs/ [TechCrunch] LetMeSpy, a phone tracking app spying on thousands, says it was hacked https://techcrunch.com/2023/06/27/letmespy-hacked-spyware-thousands/ [The Hacker News] Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers https://thehackernews.com/2023/06/researchers-find-way-to-recover.html [9to5mac.com] Why tips like ‘turn off your iPhone for five minutes’ don’t actually help users https://9to5mac.com/2023/06/26/turn-off-your-iphone-for-5-minutes-advice/ [Rolling Stone] Tom Morello, Zack de la Rocha, and Boots Riley Boycotting Venues That Use Face-Scanning Technology https://www.rollingstone.com/music/music-features/tom-morello-zack-de-la-rocha-facial-recognition-concerts-boycott-1234775909/ [BleepingComputer] Brave Browser boosts privacy with new local resources restrictions https://www.bleepingcomputer.com/news/security/brave-browser-boosts-privacy-with-new-local-resources-restrictions/ [9to5mac.com] Proton Pass end-to-end encrypted password manager is here and free for everyone https://9to5mac.com/2023/06/28/proton-pass-encrypted-password-manager-free/ Tip of the Week - Access Backup Plan: https://firewallsdontstopdragons.com/craft-your-access-backup-plan/  Further Info Saving your Apple Photo Stream pics: https://support.apple.com/en-us/HT210705  Securityzed podcast: https://www.securityzed.com/podcast-test/securityzed-ltfyn-7xm5l-b8c8s-km25d-jbagp-6k9d4-39cr9-z5nhw-w4jwm  Nominate someone for a challenge coin: https://fdsd.me/quest  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:00: Photo Stream, Securityzed podcast 0:03:21: News rundown 0:05:10: CISA issues DDoS warning after attacks hit multiple US orgs 0:09:29: LetMeSpy stalkerware maker says it was hacked 0:16:43: Researchers Recover Crypto Keys from LED Flickers 0:24:07: Turn your iPhone off every day for 5 mins? 0:29:39: Artists boycotting venues that Use Face-Scanning Technology 0:34:02: Brave Browser boosts privacy with localhost restrictions 0:41:28: Proton debuts new password manager 0:45:56: Dear Carey question 0:50:05: Tip of the Week 1:00:32: Wrap-up

Right now there are thousands of satellites orbiting above our heads performing crucial tasks. At the end of the day, they're just computers running software - albeit at thousands of miles up and thousands of miles per hour. Can they be hacked? What are the dangers? Aaron Myrick and the Hack-A-Sat team are trying to answer those questions. And they're doing it by launching an actual satellite into low earth orbit for this year's DEF CON hacking contest and asking talented hackers from around the world to take their best shot. Interview Notes Moonlighter Fact Sheet: https://aerospace.org/fact-sheet/moonlighter-fact-sheet Hack-A-Sat 4: https://hackasat.com/moonlighter/  Hack-A-Sat GitHub resources: https://github.com/deptofdefense/hack-a-sat-library  Space-Track.org: https://www.space-track.org/  Moonlighter launch: https://vimeo.com/833432259/4ba9b0927b  Further Info Amulet of Entropy (DEF CON badge): https://amuletofentropy.com/  Nominate someone for a challenge coin: https://fdsd.me/quest  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:36: Update Apple devices, ASUS routers 0:01:03: Misc updates 0:03:08: Interview setup 0:04:19: What is Aerospace Corp and what do you do there? 0:08:25: What are things satellites do that we might not think about? 0:13:42: Break down some key stats on satellites for us. 0:17:27: How might we be affected by loss of satellites? 0:21:31: How do you hack an orbiting satellite, logistically? 0:24:38: What sorts of attacks are we worried about? 0:26:58: How do we debug problems in orbiting satellites? 0:30:55: How is hacking a satellite different from a computer? 0:35:23: What happens to old satellites? 0:41:26: What is the Hack-A-Sat program about? 0:43:35: How did the target systems work, prior to this year? 0:46:39: What have we learned so far from past contests? 0:51:24: What's new with Hack-a-Sat 4? 0:52:43: When and how will Moonlighter launch? 0:58:30: What kinds of things can I hack on Moonlighter? 1:00:43: What's the future for Hack-a-Sat? 1:03:26: Wrap-up

I launched my mission to improve people’s privacy and security almost ten years ago now. It’s been quite a journey and I’ve learned a lot in that time. One thing I’ve realized is that there’s only so much I can do on my own. And so I’ve encouraged the more technically savvy members of my audience to help others where they can. One downside to being a podcaster is that I don’t have much insight into the effectiveness of my exhortations. I have no idea how many people are going forth to do good deeds nor what those deeds are. So today I'm launching a new campaign to solicit stirring stories of good deeds and every quarter or so I will select the most inspiring deed-doers and reward them with one of my dragon challenge coins! In the news: Clop ransomware gang lists first victims of MOVEit supply chain hacks; firmware bug in Gigabyte motherboards has a fix now; US Congress and intelligence agencies debate reform for mass surveillance program; tissue and fluid samples are being abused by law enforcement for DNA scans; check washing scams are on the rise; how to avoid being scammed by virtual kidnapping schemes; 1Password announces beta support for browser passkey extension; bold new plan for 311 cyber support line. Article Links [TechCrunch] Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities/ [restoreprivacy.com] Hackers Stole Millions of Driver’s Licenses and IDs from U.S. States https://restoreprivacy.com/hackers-stole-millions-of-drivers-licenses-and-ids-from-u-s-states/ [Tom's Hardware] Firmware Backdoor Discovered in Gigabyte Motherboards, 250+ Models Affected https://www.tomshardware.com/news/gigabyte-motherboards-come-with-a-firmware-backdoor [cyberscoop.com] Congress and intelligence officials spar over surveillance reforms https://cyberscoop.com/congress-fbi-section-702/ Senate hearing: https://www.judiciary.senate.gov/oversight-of-section-702-of-the-foreign-intelligence-surveillance-act-and-related-surveillance-authorities  [aclu.org] Donated Blood or an Organ? Police Shouldn’t Have Easy Access to Your DNA https://www.aclu.org/news/privacy-technology/donated-blood-or-an-organ-police-shouldnt-have-easy-access-to-your-dna [Lifehacker] Why You Should Stop Sending Checks in the Mail, Especially Now https://lifehacker.com/why-you-should-stop-sending-checks-in-the-mail-especia-1850543113 [connectsafely.org] Quick-Guide to Virtual Kidnapping Scams https://connectsafely.org/virtualkidnapping/ [9to5mac.com] 1Password passkey support for the web launches in public beta on the Mac https://9to5mac.com/2023/06/06/1password-passkey-browser-extension/ [WIRED] The Bold Plan to Create Cyber 311 Hotlines https://www.wired.com/story/ut-austin-cybersecurity-clinic-311/ Tip of the Week: Go Forth, Do Good Deeds: https://fdsd.me/quest  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:47: News preview 0:03:01: Clop Ransomware hits several public and privacy organizations 0:11:32: Firmware Backdoor Discovered in Gigabyte Motherboards 0:17:04: Congress and intelligence officials spar over surveillance reforms 0:24:13: Police Shouldn’t Have Easy Access to Your DNA 0:28:03: Why You Should Stop Sending Checks in the Mail 0:31:43: Quick-Guide to Virtual Kidnapping Scams

At some point, when you care enough about a particular cause, you shift from following the issue to actually trying to advance the issue - to make a difference. The easiest way to do this is to find groups that are already working for this cause and supporting them with donations of your time and/or money. But what do you do if you can't find such a group, or maybe there's no local chapter? Well, you can start your own! It's not as hard as it sounds - and in fact, there exist organizations that can help you. Today I'll speak with Rory Mir from the Electronic Frontier Alliance along with leaders from two successful EFA-affiliated groups: Freddy Martinez from Lucy Parsons Labs and Chris Bushick from PDX Privacy. Interview Notes Reach out to EFF organizing team: organizing@eff.org  Electronic Frontier Alliance (EFA): https://www.eff.org/efa  Meetup groups: https://meetup.com  Lucy Parsons Labs: https://lucyparsonslabs.com/ PDX Privacy: https://www.pdxprivacy.org/ EFF on the EARN IT Act: https://www.eff.org/deeplinks/2023/05/dangerous-earn-it-bill-advances-out-committee-several-senators-offer-objections  Further Info Dragon Coins! https://fdsd.me/coin2  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Generate secure passphrases! https://d20key.com/#/ Table of Contents 0:00:25: Interview setup 0:04:32: Introductions and overview of EFA 0:09:12: Lucy Parsons Project overview 0:10:52: PDX Privacy overview 0:12:28: How has the EFA helped you with your projects? 0:15:33: What other types of groups work with the EFA? 0:17:49: What did you do before? What was it like starting your group? 0:23:02: How can you go about finding sources of funding? 0:25:25: What sorts of grants are available? 0:30:09: What accomplishments are you most proud of? 0:34:48: What were some of your biggest challenges? 0:38:51: Do you ever feel like you're David versus Goliath? 0:42:26: How can I find existing groups that I can support or join? 0:45:58: What's the first step in starting my own group? 0:49:31: If you were starting over again, what would you have done differently? 0:49:56: Do I need to incorporate or create a legal entity? 0:53:02: Can a non-profit organization make money? 0:57:32: Any parting thoughts you'd like to share? 1:00:32: Wrap-up 1:03:11: Looking ahead 1:04:09: Upcoming challenge coin campaign

Two weeks ago, I told you about the availability of two new top-level domains that also happen to be popular file name extensions: .zip and .mov. The ambiguity will undoubtedly be exploited by ne'er-do-wells to trick people into doing something they shouldn't do. There are clever ways to manipulate website addresses that would trick even tech-savvy people into clicking malicious links. Today I'll tell you how these tricks work and explain you can avoid all of these issues by simply blocking these new domains. In other news: iTunes for Windows patches a nasty bug; Android malware downloaded over 420 million times; Android phones vulnerable to fingerprint brute-force attacks; Luxottica exposes 300 million customer records; free VPN service SuperVPN exposes 360 million user records; Amazon gets slap on the wrist for Ring video doorbell private data access; KeePass "master password crack" not as bad as it sounds; Twitter adding Content Notes 'fact checks' to images; Microsoft now scanning inside password-protected zip files; drone pilot is NOT killed by drone; AI is NOT likely to cause human extinction; and Brave introduces new Off The Record browsing mode. Plus my Dear Carey question: recommended cheat sheet for computer safety. Article Links [MacRumors] PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability https://www.macrumors.com/2023/06/01/itunes-windows-vulnerability/ [Lifehacker] This Android Malware Was Downloaded Over 420 Million Times https://lifehacker.com/this-android-malware-was-downloaded-over-420-million-ti-1850492306 [BleepingComputer] Android phones are vulnerable to fingerprint brute-force attacks https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks/ [bitdefender.com] Luxottica 2021 breach: 300 million customer records up for grabs online https://www.bitdefender.com/blog/hotforsecurity/luxottica-2021-breach-300-million-customer-records-up-for-grabs-online/ [hackread.com] Free VPN Service SuperVPN Exposes 360 Million User Records https://www.hackread.com/free-vpn-service-supervpn-leaks-user-records/ [AppleInsider] Amazon gets slap on the wrist over privacy violations with Ring cameras https://appleinsider.com/articles/23/05/31/amazon-gets-slap-on-the-wrist-over-privacy-violations-with-ring-cameras [Naked Security] Serious Security: That KeePass “master password crack”, and what we can learn from it https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/ [Mashable] Twitter will now put Community Notes 'fact checks' on images https://mashable.com/article/twitter-notes-on-media-images [Ars Technica] Microsoft is scanning the inside of password-protected zip files for malware https://arstechnica.com/information-technology/2023/05/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware/ [VICE] USAF Official Says He ‘Misspoke’ About AI Drone Killing Human Operator in Simulated Test https://www.vice.com/en/article/4a33gj/ai-controlled-drone-goes-rogue-kills-human-operator-in-usaf-simulated-test [Schneier Blog] On the Catastrophic Risk of AI https://www.schneier.com/blog/archives/2023/06/on-the-catastrophic-risk-of-ai.html [brave.com] Request "Off the Record" https://brave.com/privacy-updates/26-request-off-the-record/ Tip of the Week: Blocking .zip Domains: https://firewallsdontstopdragons.com/how-to-block-the-new-zip-domain/ Further Info How to send files securely: https://firewallsdontstopdragons.com/how-to-send-files-securely-like-tax-info/  Checklist of Tips for my book: https://firewallsdontstopdragons.com/wp-content/uploads/2023/02/FDSDv5-workbook-v1.pdf 10 Years After Snowden: https://www.eff.org/deeplinks/2023/05/10-years-after-snowden-some-things-are-better-some-were-still-fighting  The Wayback Machine: https://web.archive.org/

Modern cars are more like smartphones on wheels. Like our cell phones, they are chock full of sensors, computer chips and software, and they're connected to the internet 24/7 via cellular modems. What data is being collected? Who owns this data? How secure is your data? Who is it being shared with? And most importantly, what - if anything - can you do about it? Since we last spoke with Privacy4Car's Andrea Amico, his company has released a powerful new Vehicle Privacy Report tool that aims to answer at least some of these questions and help you to be a more informed car buyer. Today we'll delve into the murky world of car data collection and privacy. Andrea Amico is one of the nation’s leading authorities on vehicle privacy and cybersecurity. He is also the founder of Privacy4Cars, the first and only privacy-tech company focused on identifying the challenges posed by vehicle data. Interview Notes Privacy4Cars: https://privacy4cars.com/  Vehicle Privacy Report tool: https://vehicleprivacyreport.com/  Assert your data rights: https://privacy4cars.com/personal-use/assert-your-data-rights/  Previous interview: Driving Data Privacy for Cars https://podcast.firewallsdontstopdragons.com/2021/09/13/driving-data-privacy-for-cars/  New privacy rules will impact your shop: https://www.autoserviceworld.com/new-privacy-rules-will-impact-your-shop/  Who Is Collecting Data From Your Car? https://themarkup.org/the-breakdown/2022/07/27/who-is-collecting-data-from-your-car  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:38: What has happened with Privacy4Cars since we last spoke? 0:06:17: Why are cars collecting so much data? How private is this data? 0:09:31: You say cars are "cell phones on wheels" - what does that mean? 0:10:24: Are cars connected even when turned off? 0:11:55: What types of data is my car collecting? 0:14:16: Do electric cars gather more data than regular cars? 0:16:54: Do cameras built into your car represent a privacy risk? 0:21:51: Who can access my car's data? Can I access it myself? 0:27:25: Who owns the data in rental or fleet cars? What about wrecked cars? 0:32:24: Cars now have smartphone apps - what data are they collecting? 0:37:18: How do I know if I've opted in to data collection? 0:40:42: Can I opt of of data collection? If so, how? 0:44:20: What about Apple's CarPlay or Google's Android Auto? 0:49:37: How do I know which cars best respect my privacy? 0:55:08: How does the Vehicle Privacy Report tool work? 0:57:14: What does this tool tell me about a car? 1:00:43: What's the value of this tool for car makers and dealerships? 1:06:09: What's next for your company and the reporting tool? 1:09:49: Interview follow-up notes

Everyone hates dealing with passwords. This has led to a mad search for 'password-killer' technology. After several failed attempts, there's finally a worthy contender: passkeys. The technology has been around for years - it's the basis for hardware keys like YubiKey. But no one wanted to have to carry the little things all the time. With passkeys, you get the same phishing-proof, passwordless goodness but tied to a device you always have: your smartphone. Websites are slowly rolling out the ability to secure your accounts with passkeys, and Apple, Google and Microsoft are building support for passkeys into their operating systems. But I would caution you to wait a bit before jumping on the bandwagon - I'll explain why in today's show. In other news: update all your Apple devices; FBI and NSA break the notorious Snake malware; Intel deploys microcode security update; location data on 2M Toyoya customers exposed for years; new .zip and .mov domains are dangerously ambiguous; new crafty Chinese router malware; online age verification will cause serious problems; Apple will allow you to 'bank' your voice soon. Article Links [Tom's Guide] Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now https://www.tomsguide.com/news/apple-issues-urgent-fix-to-block-zero-day-attacks-update-your-iphone-and-mac-now [tech.co] FBI & NSA Cut the Head Off Notorious Russian Snake Malware https://tech.co/news/nsa-fbi-russian-snake-malware [Tom's Hardware] Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake https://www.tomshardware.com/news/intel-microcode-security-update [BleepingComputer] Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/ [Digital Trends] Hackers are using a devious new trick to infect your devices https://www.digitaltrends.com/computing/hackers-are-abusing-zip-mov-domain-names/ [9to5mac.com] Researchers find security flaw in Wemo Smart Plug, Belkin says it won’t release a patch https://9to5mac.com/2023/05/16/wemo-smart-plug-security-flaw-no-patch-coming/ [Ars Technica] Malware turns home routers into proxies for Chinese state-sponsored hackers https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/ [Electronic Frontier Foundation] Age Verification Mandates Would Undermine Anonymity Online https://www.eff.org/deeplinks/2023/03/age-verification-mandates-would-undermine-anonymity-online [9to5mac.com] Everyone should use Personal Voice; it does in 15 minutes what currently takes several weeks https://9to5mac.com/2023/05/19/everyone-should-use-personal-voice/ Tip of the Week: The Pros & Cons of Passkeys https://firewallsdontstopdragons.com/the-pros-and-cons-of-passkeys/ Further Info Meross MSS115 Matter-enabled smart plug: https://shop.meross.com/products/meross-matter-smart-wi-fi-plug-mini-mss115 Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:10: Update on new location tracker spec 0:02:52: News preview 0:05:30: FBI & NSA Cut the Head Off Notorious Russian Snake Malware 0:07:27: Intel Deploys Undisclosed Microcode Security Update 0:11:12: Toyota location data of 2M customers exposed for years

In the book "1984" (published in 1949), George Orwell envisioned a Big Brother that would control the media and dictate what was "truth". But Orwell didn't predict that "telescreens" would fit in our pockets or that we would willingly carry them with us 24/7, even to the bathroom. He also didn't foresee that we would willingly subscribe to sources of mis- and disinformation in the form of social media. Today I speak with the co-author of the book "Ministry of Truth", Vincent Hendricks, about the current state of social media and its influence on democracy and society. Vincent F. Hendricks, author of THE MINISTRY OF TRUTH: BigTech's Influence On Facts, Feelings And Fictions, is Professor of Formal Philosophy at the University of Copenhagen. He is the Director of the Center for Information and Bubble Studies (CIBS) funded by the Carlsberg Foundation. Interview Notes “Ministry of Truth” book: https://www.vince-inc.com/vincent/?p=7625  “1984” by George Orwell: https://en.wikipedia.org/wiki/Nineteen_Eighty-Four "Reality Lost" (free PDF book): https://link.springer.com/book/10.1007/978-3-030-00813-0 Vincent Hendricks website: https://www.vince-inc.com/vincent/ More from Vincent: https://www.oecd-forum.org/users/vincent-f-hendricks Blocking Google popups (and other annoyances): https://firewallsdontstopdragons.com/how-to-block-google-popups/ Further Info Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest   Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:23: Pre-inteview notes 0:03:51: Why did you write this book? 0:06:06: What is the current state of social media content moderation? 0:10:41: How equally are moderation rules applied to all users? 0:12:44: Do algorithms just feed our desire for stuff that's not good for us? 0:16:39: Are things really worse today or just different? 0:21:21: Do private companies have a moral duty to support a "public square"? 0:26:23: Are social media companies warping the public discourse? 0:28:58: Is TikTok really more of a threat than Facebook or Twitter? 0:31:15: Are any of the proposed TikTok solutions viable? 0:35:41: Why can't the US Congress pass a real privacy law? 0:38:00: Can we fix some key social media ills by adding some friction? 0:41:10: How will AI systems like ChatGPT impact disinformation? 0:44:15: Can AI also have positive impacts on social media? 0:48:10: How are social media platforms like casinos? 0:50:28: How are social media platforms like Orwell's Ministry of Truth? 0:51:34: How much responsibility do we have here? 0:57:42: What tips do you have for using social media today? 1:02:59: Interview wrap-up 1:03:28: Privacy and security book club 1:04:37: Patron perks 1:05:02: Preview of upcoming shows