Firewalls Don't Stop Dragons Podcast

It's easy to tell people to use this or that privacy tool, but this always assumes that you trust the service that is providing that tool. How can mere mortals ever hope to obtain sufficient knowledge of the inner workings of these products and service providers that would allow them to make an informed decision? Today, I'll ask Adrianus Warmenhoven from Nord VPN that question, along with questions about normalizing surveillance and what privacy really means in our digital internet society. Adrianus Warmenhoven is a Defensive Strategist and Threat Intelligence Manager at NordVPN. He is responsible for getting the most relevant IOCs (Indicators of Compromise), malware samples and their indicators and generally mapping out the threat landscape for the company’s customers. Interview Links Nord VPN: https://nordvpn.com/The Follower: https://driesdepoorter.be/thefollower/ Five-Eyes Countries: https://en.wikipedia.org/wiki/Five_Eyes Electronic Frontier Foundation: https://www.eff.org/ Mozilla Foundation: https://foundation.mozilla.org/en/ Give thanks and donate: https://firewallsdontstopdragons.com/give-thanks-donate/  Further Info Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:26: Elon Musk buys Twitter0:01:31: What is Mastodon?0:02:36: Interview preview0:04:13: Tell us about Nord and what you do there0:05:25: What is most misunderstood about privacy?0:07:53: How does my privacy overlap your privacy?0:10:08: What threats to privacy aren't getting enough attention?0:13:02: Doesn't capitalism require companies to monetize our data?0:16:26: Is it possible compartmentalize our lives today?0:18:32: Why can't we learn that just because we can doesn't mean we should?0:22:09: How does privacy in the physical world differ from online?0:24:21: Have we normalized surveillance for the younger generation?0:30:22: How do we know which companies to trust with our privacy?0:38:11: How can companies avoid gathering user data?0:42:47: How important is transparency for consumers?0:45:48: How do VPNs work and how do they fail?0:48:46: How important is it for privacy companies to be in favorable jurisdictions?0:52:19: How can I get more involved with privacy rights?0:56:03: What gives you hope?0:57:59: Bonus content0:58:54: Interview wrapup1:01:51: Give thanks and donate1:03:17: Dear Carey - ask me a question1:04:13: Upcoming stuff

This is going to sound bonkers, even though you're used to so many things tracking you... web pages, emails, and apps... but I'm here to tell you that while you're watching your TV, your TV is also watching you. Or I guess more accurately, your TV is watching what you're watching. Even if you're not using the built-in smart apps, if you're just piping pixels in from an external box, your TV can recognize the movies and shows being displayed. And it's taking meticulous taking notes and selling that data. It's called Automatic Content Recognition and "post-purchase monetization". It's sorta like the Shazam music recognition app, but for TV shows and movies. I'll tell you what you can do to stop it. In other news: a tricky new ransomware campaign is targeting home Windows users; Signal is removing support for SMS text messaging; Toyota user app data was exposed for years; the White House unveiled a new cybersecurity rating system for consumer products; Apple privacy is better than most, but still falls short; a privacy researcher tries and fails to keep her pregnancy secret from marketers; companies in the UK are tailoring real-life billboards using cameras and AI; relief funds were sent to people impacted by Hurricane Ian using AI algorithms; Facebook's new VR headset will mine your facial expressions for marketing; Wired article gives tips for avoiding student surveillance tools. Article Links [ZDNet] This unusual ransomware attack targets home PCs, so beware https://www.zdnet.com/article/this-unusual-ransomware-attack-targets-home-pcs-so-beware/[Signal] Removing SMS support from Signal Android (soon) https://signal.org/blog/sms-removal-android/[BleepingComputer] Toyota discloses data leak after access key exposed on GitHub https://www.bleepingcomputer.com/news/security/toyota-discloses-data-leak-after-access-key-exposed-on-github/[CyberScoop] White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star https://www.cyberscoop.com/white-house-to-unveil-internet-of-things-labeling/[The Atlantic] I Tried to Keep My Pregnancy Secret https://www.theatlantic.com/ideas/archive/2022/10/can-you-hide-your-pregnancy-era-big-data/671692/[The Guardian] Apple says it prioritizes privacy. Experts say gaps remain https://www.theguardian.com/technology/2022/sep/23/apple-user-data-law-enforcement-falling-short[VICE] Companies in the UK Are Mining Users’ Personal Data to Place Billboard Ads https://www.vice.com/en/article/n7zqmb/companies-in-the-uk-are-mining-users-personal-data-to-place-billboard-ads[WIRED UK] Hurricane Ian Destroyed Their Homes. Algorithms Sent Them Money https://www.wired.co.uk/article/hurricane-ian-destroyed-homes-google-algorithms-sent-money[Gizmodo] Meta’s New Headset Will Track Your Eyes for Targeted Ads https://gizmodo.com/meta-quest-pro-vr-headset-track-eyes-ads-facebook-1849654424[WIRED] How to Protect Yourself If Your School Uses Surveillance Tech https://www.wired.com/story/how-to-protect-yourself-school-surveillance-tech-privacy/Tip of the Week: https://firewallsdontstopdragons.com/your-tv-is-watching-you/ Further Info Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:27: News rundown0:03:40: Sneaky new Windows ransomware targets home users0:07:20: Signal drops support for SMS on Android0:14:53: Toyota leak exposed car app data for 5 years0:18:27: White House cybersecurity product labeling initiative0:21:54: Privacy scholar tries and fails to keep pregnancy secret0:28:28: Apple still had glaring privacy holes0:33:...

We talk a lot about security and privacy on my show, but we don't talk enough about these subjects in relation to students and schools. Schools are tragically underfunded and can't afford to hire cybersecurity experts, let alone privacy experts. Students are minors who lack the legal rights and life experience to push back against horrific privacy invasions brought on by remote learning and in-home test proctoring. The laws in the US are woefully outdated and we too often assume that what is legal is the same as what is right and just. Today, I'll discuss these challenges and ethical dilemmas with Doug Levin. Doug Levin is co-founder and national director of the K12 Security Information eXchange (K12 SIX), a national non-profit dedicated solely to helping schools protect themselves from emerging cybersecurity threats. Interview Links: K12 SIX: https://www.k12six.org/Annual “State of K-12 Cybersecurity Report’: https://www.k12six.org/the-report K-12 Essentials Series: https://www.k12six.org/essentials-series Public event calendar: https://www.k12six.org/events US Department of Education, Privacy Technical Assistance Center: https://studentprivacy.ed.gov/ CISA K-12 Cybersecurity Resources: https://www.cisa.gov/stopransomware/k-12-resources CISA Back to School Campaign: https://www.cisa.gov/r8-virtual-back-school-campaign-2022 US GAO: “Critical Infrastructure Protection: Education Should Take Additional Steps to Help Protect K-12 Schools from Cyber Threats” https://www.gao.gov/products/gao-22-105024 EFF: Student Privacy Resources https://www.eff.org/issues/student-privacy CDT: Student Privacy Resources https://cdt.org/area-of-focus/privacy-data/student-privacy/ EPIC: Student Privacy https://epic.org/issues/data-protection/student-privacy /Algorithmic Justice League: https://www.ajl.org/ The Markup: https://themarkup.org/machine-learning/2022/01/19/help-us-investigate-the-ed-tech-industry Fight for the Future, which e.g., runs this campaign: https://www.baneproctoring.com/ ACLU: https://www.nyclu.org/en/issues/education-policy-center/technology-schools  Further Info Send me your questions! https://fdsd.me/qna Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:03:24: Pre-interview definition of terms0:05:07: What is K12SIX about?0:10:52: What are the biggest security threats for schools?0:17:15: What about security threats for teachers and students?0:21:58: What are your top security recommendations for schools?0:30:01: What are the major impediments for schools improving cybersecurity?0:33:20: How can schools systems best share info and help one another?0:37:41: What are the main privacy threats for students?0:46:25: How is student data being used (or abused)?0:48:36: How do AI systems fail when it comes to minority populations?0:51:32: How can students and parents assert their privacy rights?0:56:03: What resources can you recomment for schools and students?0:59:39: Interview wrap-up1:00:40: Not reusing user names and passwords1:02:20: Preview of upcoming shows, promotions

Cold hard cash is becoming more and more rare these days. People just don't carry it around much any more. So how do you split a bill at a restaurant or buy from a street vendor? Many people today use mobile payment apps like Venmo, Apple Pay, PayPal, the Cash App, or a service promoted by many US banks called Zelle. While convenient, are these payment systems safe? Most of them actually are pretty secure (though some of them are not very private, like Venmo). But because most of these apps draw directly from your bank account, if you send money to the wrong person, either by mistake or because you were scammed, that money is pretty much gone. Ironically, this is very much like physical cash. Specifically, protections many people assume they have against fraudulent bank transactions don't really apply. You explicitly made the transfer and therefore many banks will not reimburse you for the loss. In other news: Optus confirms massive data breach; Optus breach triggers privacy regulation review in Australia; Facebook shuts down propaganda campaigns from Russia and China; Facebook warns 1M users of potential credential theft; Google will be migrating Fitbit customers to Google accounts; Microsoft adds new protections to warn you of PC password reuse and insecure storage; the FTC is pushing for new rules around location data collection and sharing; Google releases new tool to help purge personal information from its search results. Article Links [BleepingComputer] Optus confirms 2.1 million ID numbers exposed in data breach https://www.bleepingcomputer.com/news/security/optus-confirms-21-million-id-numbers-exposed-in-data-breach/[The Verge] Australia to overhaul privacy laws after massive data breach https://www.theverge.com/2022/9/26/23372868/australian-hack-disclosure-privacy-laws-optus-data-breach[Hacker News] Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China https://thehackernews.com/2022/09/facebook-shuts-down-covert-political.html[9to5mac.com] Facebook security warning for 1M users: Scam apps stole login credentials https://9to5mac.com/2022/10/07/facebook-security-warning/[Hacker News] Google to Make Account Login Mandatory for New Fitbit Users in 2023 https://thehackernews.com/2022/09/google-to-make-account-login-mandatory.html[Lifehacker] Microsoft Has a New Trick for Keeping Your Password Safe https://lifehacker.com/microsoft-has-a-new-trick-for-keeping-your-password-saf-1849580498[Bloomberg] FTC Joins Push for Rules on Trade of Smartphone Location Data https://www.bloomberg.com/news/articles/2022-09-16/location-data-rules-draw-ftc-s-attention-post-roe[The Verge] In 2023, Google can notify you if personal info pops up in search https://www.theverge.com/2022/9/28/23377208/google-results-about-you-notifications-personal-info[briankrebs] Report: Big U.S. Banks Are Stiffing Account Takeover Victims https://krebsonsecurity.com/2022/10/report-big-u-s-banks-are-stiffing-account-takeover-victims/ Further Info National Cybersecurity Awareness Month: https://www.cisa.gov/cybersecurity-awareness-monthConsumer Reports: payment apps: https://www.consumerreports.org/digital-payments/how-to-safely-pay-for-goods-and-services-with-someone-you-dont-know/  Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:42: News rundown0:02:49: 10 Million Optus users affected by breach0:06:04: Optus breached via open web interface0:10:28: Facebook shuts down political influence campaigns0:13:38: Facebook warns 1M users of potential credential the...

Cybersecurity is the only technical, professional occupation I know of where practitioners routinely sharpen their skills through open competitions. The contests are based on the classic capture the flag game - except the flags are all virtual and capturing them involves hacking computers. Also unlike most other technical careers, cybersecurity is a high-paying profession that doesn't require a university degree or formal training. There are literally hundreds of thousands of unfilled cybersecurity jobs right now. You can also just dabble in cybersecurity, making money from bug bounty programs. Or you can just hack for the fun of it - in a completely safe and legal environment. Jordan will tell you all about it in today's show! Jordan Wiens has been a reverse engineer, vulnerability researcher, network security engineer, three-time DEF CON CTF winner, even a technical magazine writer but now he's mostly a has-been CTF player who loves to talk about them. He has been the CTF expert for the first three years of HackASat and he was one of the founders of Vector 35, the company that makes Binary Ninja. Interview Links Hack-A-Sat 3: https://hackasat.com/ Satellite hacked using $25 hardware: https://threatpost.com/starlink-hack/180389/ Decommissioned satellite hacked to broadcast movie: https://www.independent.co.uk/tech/hack-satellite-hijack-def-con-b2147595.html Student Rick-Rolls school: https://www.malwarebytes.com/blog/news/2021/10/high-school-student-rickrolls-entire-school-district-and-gets-praised Hack-A-Sat 2 interview: https://podcast.firewallsdontstopdragons.com/2021/06/21/hacking-satellites-for-fun-profit/ Plaid CTF: https://plaidctf.com/ CTFTime.org: https://ctftime.org/ Pwnable.kr: https://pwnable.kr/ Pwnable.tw: https://pwnable.tw/ Reversing.kr: http://reversing.kr/ Shodan: https://www.shodan.io/Burp Suite: https://portswigger.net/burp Wireshark: https://www.wireshark.org/ Binary Ninja: https://binary.ninja/ Metasploit: https://www.metasploit.com/ Nmap: https://nmap.org/ Live Overflow: https://liveoverflow.com/ TryHackMe: https://tryhackme.com/  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Support my work! https://firewallsdontstopdragons.com/support/ Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequestGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:03: Interview setup0:04:25: What is Hack-A-Sat?0:08:44: How has the Hack-A-Sat program evolved?0:12:58: How did CTF's start out and when did they become popular?0:17:37: Why do we have so many unfilled cybersecurity jobs?0:21:15: Do you need a college degree to work in cybersecurity?0:29:39: What's a black hat hacker vs white hat? What's a red team or blue team?0:32:15: How do CTF's actually work? What is a flag and how do I capture it?0:38:05: Are they beginner CTFs that are free to try?0:44:38: What sorts of tools do hackers use in CTFs and in real hacking?0:51:57: How do hackers chain together multiple exploits?0:56:26: What's your advice to someone who would like to try a CTF?1:00:36: What's next for Hack-A-Sat?1:02:25: interview wrapup1:04:07: What is Rick-Rolling?1:05:23: Try a CTF, go to a hacker con!

Apple just released a major update to its iPhone operating system, iOS 16. This release has some really important security and privacy features, including Passkeys, Lockdown Mode and Safety Check. I’ll give you an overview of these features. In other news: D-Link routers have a major vulnerability that’s being actively exploited; Uber was completely pwned by a cocky 18-year old hacker; Morgan Stanley was fined $35 million for failing to delete user data from hundreds of hard drives before reselling them; Chrome and Edge may be sending your form data back to Google and Microsoft; a new voice AI tool lets you change your voice to sound like someone else; health apps are sharing your personal data and HIPAA isn’t helping; the US military is using yet another data broker to buy incredibly detailed information on almost all internet users; US border agents can search your phone and even copy your phone’s data, and may save that info for 15 years; your car is coughing up tons of personal and auto data to dozens of data companies; Intel’s new AI will be used to find students who are confused or even emotionally distressed. Article Links [BleepingComputer] Moobot botnet is coming for your unpatched D-Link router https://www.bleepingcomputer.com/news/security/moobot-botnet-is-coming-for-your-unpatched-d-link-router/[WIRED] The Uber Hack’s Devastation Is Just Starting to Reveal Itself https://www.wired.com/story/uber-hack-mfa-phishing/[Ars Technica] $35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned https://arstechnica.com/information-technology/2022/09/morgan-stanley-pays-35m-penalty-for-extensive-failure-to-safeguard-customer-data/[BleepingComputer] Google, Microsoft can get your passwords via web browser’s spellcheck https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/[Ars Technica] With Koe Recast, you can change your voice as easily as your clothing https://arstechnica.com/information-technology/2022/09/with-koe-recast-you-can-change-your-voice-as-easily-as-your-clothing/[The Washington Post] Health apps share your concerns with advertisers. HIPAA can’t stop it. https://www.washingtonpost.com/technology/2022/09/22/health-apps-privacy/[VICE] Revealed: U.S. Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data[Engadget] US border forces are seizing Americans’ phone data and storing it for 15 years https://www.engadget.com/us-border-forces-traveler-data-15-years-085106938.html[The Washington Post] How to prevent customs agents from copying your phone’s content https://www.washingtonpost.com/technology/2022/09/18/phone-data-privacy-customs/[The Markup] Who Is Collecting Data from Your Car? – The Markup https://themarkup.org/the-breakdown/2022/07/27/who-is-collecting-data-from-your-car[Protocol] Intel thinks its AI knows what students think and feel in class https://www.protocol.com/enterprise/emotion-ai-school-intel-edutechTip of the Week: https://firewallsdontstopdragons.com/ios-16-privacy-security/ Further Info Koe Recast web demo: https://koe.ai/recast/ 100-mile US border zone: https://www.aclu.org/other/constitution-100-mile-border-zone Tech Model Railroad Club: https://en.wikipedia.org/wiki/Tech_Model_Railroad_Club Send me your questions! https://firewallsdontstopdragons.com/dear-carey-podcast-qa/    Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

You may not be into cryptocurrency, but a recent incident involving a so-called "cryptocurrency mixer" has some important implications for privacy and free speech. Today we'll examine the relative anonymity of cryptocurrency transactions, tools that can be used to enhance that anonymity, and why the code that created these tools - and the services that might host them - must be protected under the First Amendment. Along the way, we'll explore the limits of free speech in the US and some interesting attempts to capture those rights. Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation, the leading nonprofit defending digital privacy, free speech, and innovation. Interview Links Coin Center article on Tornado Cash: https://www.coincenter.org/analysis-what-is-and-what-is-not-a-sanctionable-entity-in-the-tornado-cash-case/ Electronic Frontier Foundation: https://www.eff.org/ Code, Speech, and the Tornado Cash Mixer https://www.eff.org/deeplinks/2022/08/code-speech-and-tornado-cash-mixer Treasury Dept sued over Tornado Cash sanctions: https://fortune.com/2022/09/08/coinbase-employees-and-ethereum-backers-sue-u-s-treasury-over-tornado-cash-sanctions/  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:42: Interview setup0:02:43: How anonymous are cryptocurrency transactions?0:07:30: What is a cryptocurrency mixer and why would I use one?0:10:34: Kurt's thoughts on "going dark"0:12:45: Physical currency is not technically anonymous, either0:14:07: How did the White House try to fix this problem?0:15:27: Who is OFAC and what is the SDN list?0:16:57: Who or what is Tornado Cash?0:20:23: What about Tornado Cash drew scrunity from the US Gov't?0:22:08: How does all of this relate to free speech?0:26:22: One of the developers was arrested - what's the EFF's take on this?0:29:14: Is a platform responsible for illegal activities related to content they host?0:31:18: What's the limit of free speech when it comes to software code?0:41:00: What free speech rights to platforms themselves have?0:44:42: What about attempts to turn code into books or T-shirts to gain protection?0:48:04: What's next for the Tornado Cash case?0:55:12: Interview wrap-up0:55:46: Looking ahead

A little over 20 years ago, Charles Petzold wrote what would become a classic book on understanding modern computers and the software that drives them. Computers have become essential to daily life and inhabit more and more of the devices we use every day. Every "smart" device you own contains a computer running software. While these little silicon chips and the binary code running them seem like magic, they're really just a series of simple building blocks chained together to accomplish a task. Having a basic understanding of these concepts can give us a lot more perspective on how computers can be used and abused, programmed and subverted. When I learned that Charles was releasing a fully updated 2nd edition of Code, I asked him to come on the show to give us all a historical overview of computers and software. He graciously agreed. The concepts of computing and programming go back a lot further than you might think. Today we'll learn about this and much more. Charles Petzold is the author of the books Code, The Annotated Turing, and numerous programming tutorials involving Microsoft Windows. Interview Notes Code: The Hidden Language of Computer Hardware and Software: https://www.charlespetzold.com/books/ Companion website: https://codehiddenlanguage.com/ The Annotated Turing: https://www.charlespetzold.com/AnnotatedTuring/ Alan Turing: https://en.wikipedia.org/wiki/Alan_Turing Ada Lovelace: https://en.wikipedia.org/wiki/Ada_Lovelace Delay Line Mercury Storage: https://en.wikipedia.org/wiki/Delay-line_memory#Mercury_delay_lines Steganography: https://en.wikipedia.org/wiki/Steganography  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:08: Hold off on iOS 16 update0:02:47: Preview of today's interview0:05:49: Why did you write this book and who was your target audience?0:11:03: Why should we understand the basics of computing?0:12:39: What IS a "computer", fundamentally?0:16:35: Where did computers start, historically?0:19:21: What's the origin of software and programming computers?0:22:14: How did we store computer programs before hard drives?0:25:30: How did encoding enable us to communicate over large distances?0:30:00: How do we measure progress in computing?0:34:24: How did you decide how to lay out the concepts in the book?0:39:29: How can understanding computers help us be more secure?0:43:17: What does the future of computing look like?0:49:58: What will your next book be about?0:53:55: Interview wrap-up0:54:53: My Google rant0:58:03: A bit on steganography and codes0:59:41: Upcoming shows, schedule change

Password manager software maker LastPass suffered a data breach last week, which understandably made their customers very nervous - and caused some people to question the decision to put all their passwords in one digital basket. In today's show, I'll explain why this particular breach was not a threat to anyone's passwords and why you should still use a high quality password manager. In other news: Former security chief blows the whistle on Twitter; major VPN providers are pulling out of India over surveillance law issues; a set of popular Chrome extensions caught committing click fraud; Google's new Chrome extension restrictions threaten to hobble ad blockers; a father's Google accounts are deleted over false AI-flagged CSAM; US Federal Trade Commission sues a data broker over lax protection of location data; EFF finds another data broker selling location data to law enforcement; Google launches bug bounty program for open source software projects; DuckDuckGo's email privacy protection feature now available to all; Ohio judge rules that scanning students' rooms before tests is illegal; a flight to Cabo is nearly grounded thanks to a passenger sending dick pics to other passengers, including one of the pilots. Article Links [The Washington Post] Former security chief claims Twitter buried ‘egregious deficiencies’ https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/[9to5mac.com] Major VPN services shut down in India over anti-privacy law; Apple hasn’t yet commented https://9to5mac.com/2022/09/01/major-vpn-services/[BleepingComputer] Chrome extensions with 1.4 million installs steal browsing data https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/[BleepingComputer] AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules https://www.bleepingcomputer.com/news/security/adguard-s-new-ad-blocker-struggles-with-google-s-manifest-v3-rules/[The New York Times] A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html[Reuters] U.S. FTC sues data broker Kochava for alleged sale of sensitive data https://www.reuters.com/legal/us-ftc-sues-data-broker-kochava-alleged-sale-sensitive-data-2022-08-29/[Electronic Frontier Foundation] Data Broker Helps Police See Everywhere You’ve Been with the Click of a Mouse: EFF Investigation https://www.eff.org/press/releases/data-broker-helps-police-see-everywhere-youve-been-click-mouse-eff-investigation[Naked Security] LastPass source code breach – do we still recommend password managers? https://nakedsecurity.sophos.com/2022/08/29/lastpass-source-code-breach-do-we-still-recommend-password-managers/[Decipher] Google Launches Bug Bounty Program For Open Source Projects https://duo.com/decipher/google-launches-bug-bounty-program-for-its-open-source-projects[Spread Privacy] Protect Your Inbox: DuckDuckGo Email Protection Beta Now Open to All! https://spreadprivacy.com/protect-your-inbox-with-duckduckgo-email-protection/[The Verge] University can’t scan students’ rooms during remote tests, judge rules https://www.theverge.com/2022/8/23/23318067/cleveland-state-university-online-proctoring-decision-room-scan[VICE] Creeps Airdropping Dick Pics Just Made Flying Even Worse https://www.vice.com/en/article/3adag9/southwest-tiktok-video-pilot-airdropped-nudesTip of the Week: How to Prevent Cyberflashing https://firewallsdontstopdragons.com/how-to-prevent-cyberflashing/  Further Info Peppering Your Passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero!

Thirty years ago, a young hacker named Jeff Moss (aka The Dark Tangent) threw a party in the desert of Nevada to commemorate the demise of a bulletin board system called PlatinumNet. Unlike the other handful of hacker conferences in that time, this one would be on the West Coast and open to everyone. Over the next three decades, DEF CON would become the preeminent hacker convention for the US (possibly the world), drawing upwards of 30,000 attendees. Along with its more-corporate spinoff Black Hat and related BSides conference, the back-to-back conferences are affectionately referred to as Hacker Summer Camp. In today's show, I'll walk down memory lane with Jeff, discussing the ups and downs he's experienced and delve into what this has all meant to him, personally. Oh yeah... and also the incident involving strippers and hacking the power grid. Further Info Amulet of Entropy badge: ​https://amuletofentropy.com/ DEF CON documentary: https://www.youtube.com/watch?v=SUhyeY0FsvwMy first trip to DEF CON: https://podcast.firewallsdontstopdragons.com/2021/08/11/understanding-hackers-hacking/ Last year’s interview with Jeff Moss: https://podcast.firewallsdontstopdragons.com/2021/08/16/on-a-dark-tangent/ Hackers, book by Steven Levy: https://www.amazon.com/Hackers-Computer-Revolution-Steven-Levy/dp/1449388396Legion of Doom (LOD) vs Masters of Deception (MOD): ​​https://en.wikipedia.org/wiki/Great_Hacker_War SATAN tool: https://en.wikipedia.org/wiki/Security_Administrator_Tool_for_Analyzing_NetworksA brief history of hacking: https://encyclopedia.kaspersky.com/knowledge/a-brief-history-of-hacking/ Cap’N Crunch whistle: https://www.thingiverse.com/thing:2630646 Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:31: Hacker Summer Camp0:03:30: pre-interview things of note0:05:31: DEF CON, the early years0:12:02: How had DEF CON changed since the beginning?0:16:08: What's the closest DEF CON ever came to ending?0:24:44: Why is DEF CON so full of shennanigans?0:26:49: What has DEF CON meant to you, personally?0:32:02: Thoughts on the DEF CON culture0:37:13: What's your "Jeff sense" on choosing the best people?0:39:50: What's in the future for DEF CON?0:46:13: What speakers have you always wanted but couldn't get?0:51:04: learning more about hackers and hacking0:53:50: Where does "2600" come from?0:57:18: Important notes for new listeners