Firewalls Don't Stop Dragons Podcast

Cold hard cash is becoming more and more rare these days. People just don't carry it around much any more. So how do you split a bill at a restaurant or buy from a street vendor? Many people today use mobile payment apps like Venmo, Apple Pay, PayPal, the Cash App, or a service promoted by many US banks called Zelle. While convenient, are these payment systems safe? Most of them actually are pretty secure (though some of them are not very private, like Venmo). But because most of these apps draw directly from your bank account, if you send money to the wrong person, either by mistake or because you were scammed, that money is pretty much gone. Ironically, this is very much like physical cash. Specifically, protections many people assume they have against fraudulent bank transactions don't really apply. You explicitly made the transfer and therefore many banks will not reimburse you for the loss. In other news: Optus confirms massive data breach; Optus breach triggers privacy regulation review in Australia; Facebook shuts down propaganda campaigns from Russia and China; Facebook warns 1M users of potential credential theft; Google will be migrating Fitbit customers to Google accounts; Microsoft adds new protections to warn you of PC password reuse and insecure storage; the FTC is pushing for new rules around location data collection and sharing; Google releases new tool to help purge personal information from its search results. Article Links [BleepingComputer] Optus confirms 2.1 million ID numbers exposed in data breach https://www.bleepingcomputer.com/news/security/optus-confirms-21-million-id-numbers-exposed-in-data-breach/[The Verge] Australia to overhaul privacy laws after massive data breach https://www.theverge.com/2022/9/26/23372868/australian-hack-disclosure-privacy-laws-optus-data-breach[Hacker News] Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China https://thehackernews.com/2022/09/facebook-shuts-down-covert-political.html[9to5mac.com] Facebook security warning for 1M users: Scam apps stole login credentials https://9to5mac.com/2022/10/07/facebook-security-warning/[Hacker News] Google to Make Account Login Mandatory for New Fitbit Users in 2023 https://thehackernews.com/2022/09/google-to-make-account-login-mandatory.html[Lifehacker] Microsoft Has a New Trick for Keeping Your Password Safe https://lifehacker.com/microsoft-has-a-new-trick-for-keeping-your-password-saf-1849580498[Bloomberg] FTC Joins Push for Rules on Trade of Smartphone Location Data https://www.bloomberg.com/news/articles/2022-09-16/location-data-rules-draw-ftc-s-attention-post-roe[The Verge] In 2023, Google can notify you if personal info pops up in search https://www.theverge.com/2022/9/28/23377208/google-results-about-you-notifications-personal-info[briankrebs] Report: Big U.S. Banks Are Stiffing Account Takeover Victims https://krebsonsecurity.com/2022/10/report-big-u-s-banks-are-stiffing-account-takeover-victims/ Further Info National Cybersecurity Awareness Month: https://www.cisa.gov/cybersecurity-awareness-monthConsumer Reports: payment apps: https://www.consumerreports.org/digital-payments/how-to-safely-pay-for-goods-and-services-with-someone-you-dont-know/  Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:42: News rundown0:02:49: 10 Million Optus users affected by breach0:06:04: Optus breached via open web interface0:10:28: Facebook shuts down political influence campaigns0:13:38: Facebook warns 1M users of potential credential the...

Cybersecurity is the only technical, professional occupation I know of where practitioners routinely sharpen their skills through open competitions. The contests are based on the classic capture the flag game - except the flags are all virtual and capturing them involves hacking computers. Also unlike most other technical careers, cybersecurity is a high-paying profession that doesn't require a university degree or formal training. There are literally hundreds of thousands of unfilled cybersecurity jobs right now. You can also just dabble in cybersecurity, making money from bug bounty programs. Or you can just hack for the fun of it - in a completely safe and legal environment. Jordan will tell you all about it in today's show! Jordan Wiens has been a reverse engineer, vulnerability researcher, network security engineer, three-time DEF CON CTF winner, even a technical magazine writer but now he's mostly a has-been CTF player who loves to talk about them. He has been the CTF expert for the first three years of HackASat and he was one of the founders of Vector 35, the company that makes Binary Ninja. Interview Links Hack-A-Sat 3: https://hackasat.com/ Satellite hacked using $25 hardware: https://threatpost.com/starlink-hack/180389/ Decommissioned satellite hacked to broadcast movie: https://www.independent.co.uk/tech/hack-satellite-hijack-def-con-b2147595.html Student Rick-Rolls school: https://www.malwarebytes.com/blog/news/2021/10/high-school-student-rickrolls-entire-school-district-and-gets-praised Hack-A-Sat 2 interview: https://podcast.firewallsdontstopdragons.com/2021/06/21/hacking-satellites-for-fun-profit/ Plaid CTF: https://plaidctf.com/ CTFTime.org: https://ctftime.org/ Pwnable.kr: https://pwnable.kr/ Pwnable.tw: https://pwnable.tw/ Reversing.kr: http://reversing.kr/ Shodan: https://www.shodan.io/Burp Suite: https://portswigger.net/burp Wireshark: https://www.wireshark.org/ Binary Ninja: https://binary.ninja/ Metasploit: https://www.metasploit.com/ Nmap: https://nmap.org/ Live Overflow: https://liveoverflow.com/ TryHackMe: https://tryhackme.com/  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Support my work! https://firewallsdontstopdragons.com/support/ Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequestGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:03: Interview setup0:04:25: What is Hack-A-Sat?0:08:44: How has the Hack-A-Sat program evolved?0:12:58: How did CTF's start out and when did they become popular?0:17:37: Why do we have so many unfilled cybersecurity jobs?0:21:15: Do you need a college degree to work in cybersecurity?0:29:39: What's a black hat hacker vs white hat? What's a red team or blue team?0:32:15: How do CTF's actually work? What is a flag and how do I capture it?0:38:05: Are they beginner CTFs that are free to try?0:44:38: What sorts of tools do hackers use in CTFs and in real hacking?0:51:57: How do hackers chain together multiple exploits?0:56:26: What's your advice to someone who would like to try a CTF?1:00:36: What's next for Hack-A-Sat?1:02:25: interview wrapup1:04:07: What is Rick-Rolling?1:05:23: Try a CTF, go to a hacker con!

Apple just released a major update to its iPhone operating system, iOS 16. This release has some really important security and privacy features, including Passkeys, Lockdown Mode and Safety Check. I’ll give you an overview of these features. In other news: D-Link routers have a major vulnerability that’s being actively exploited; Uber was completely pwned by a cocky 18-year old hacker; Morgan Stanley was fined $35 million for failing to delete user data from hundreds of hard drives before reselling them; Chrome and Edge may be sending your form data back to Google and Microsoft; a new voice AI tool lets you change your voice to sound like someone else; health apps are sharing your personal data and HIPAA isn’t helping; the US military is using yet another data broker to buy incredibly detailed information on almost all internet users; US border agents can search your phone and even copy your phone’s data, and may save that info for 15 years; your car is coughing up tons of personal and auto data to dozens of data companies; Intel’s new AI will be used to find students who are confused or even emotionally distressed. Article Links [BleepingComputer] Moobot botnet is coming for your unpatched D-Link router https://www.bleepingcomputer.com/news/security/moobot-botnet-is-coming-for-your-unpatched-d-link-router/[WIRED] The Uber Hack’s Devastation Is Just Starting to Reveal Itself https://www.wired.com/story/uber-hack-mfa-phishing/[Ars Technica] $35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned https://arstechnica.com/information-technology/2022/09/morgan-stanley-pays-35m-penalty-for-extensive-failure-to-safeguard-customer-data/[BleepingComputer] Google, Microsoft can get your passwords via web browser’s spellcheck https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/[Ars Technica] With Koe Recast, you can change your voice as easily as your clothing https://arstechnica.com/information-technology/2022/09/with-koe-recast-you-can-change-your-voice-as-easily-as-your-clothing/[The Washington Post] Health apps share your concerns with advertisers. HIPAA can’t stop it. https://www.washingtonpost.com/technology/2022/09/22/health-apps-privacy/[VICE] Revealed: U.S. Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data[Engadget] US border forces are seizing Americans’ phone data and storing it for 15 years https://www.engadget.com/us-border-forces-traveler-data-15-years-085106938.html[The Washington Post] How to prevent customs agents from copying your phone’s content https://www.washingtonpost.com/technology/2022/09/18/phone-data-privacy-customs/[The Markup] Who Is Collecting Data from Your Car? – The Markup https://themarkup.org/the-breakdown/2022/07/27/who-is-collecting-data-from-your-car[Protocol] Intel thinks its AI knows what students think and feel in class https://www.protocol.com/enterprise/emotion-ai-school-intel-edutechTip of the Week: https://firewallsdontstopdragons.com/ios-16-privacy-security/ Further Info Koe Recast web demo: https://koe.ai/recast/ 100-mile US border zone: https://www.aclu.org/other/constitution-100-mile-border-zone Tech Model Railroad Club: https://en.wikipedia.org/wiki/Tech_Model_Railroad_Club Send me your questions! https://firewallsdontstopdragons.com/dear-carey-podcast-qa/    Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

You may not be into cryptocurrency, but a recent incident involving a so-called "cryptocurrency mixer" has some important implications for privacy and free speech. Today we'll examine the relative anonymity of cryptocurrency transactions, tools that can be used to enhance that anonymity, and why the code that created these tools - and the services that might host them - must be protected under the First Amendment. Along the way, we'll explore the limits of free speech in the US and some interesting attempts to capture those rights. Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation, the leading nonprofit defending digital privacy, free speech, and innovation. Interview Links Coin Center article on Tornado Cash: https://www.coincenter.org/analysis-what-is-and-what-is-not-a-sanctionable-entity-in-the-tornado-cash-case/ Electronic Frontier Foundation: https://www.eff.org/ Code, Speech, and the Tornado Cash Mixer https://www.eff.org/deeplinks/2022/08/code-speech-and-tornado-cash-mixer Treasury Dept sued over Tornado Cash sanctions: https://fortune.com/2022/09/08/coinbase-employees-and-ethereum-backers-sue-u-s-treasury-over-tornado-cash-sanctions/  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:42: Interview setup0:02:43: How anonymous are cryptocurrency transactions?0:07:30: What is a cryptocurrency mixer and why would I use one?0:10:34: Kurt's thoughts on "going dark"0:12:45: Physical currency is not technically anonymous, either0:14:07: How did the White House try to fix this problem?0:15:27: Who is OFAC and what is the SDN list?0:16:57: Who or what is Tornado Cash?0:20:23: What about Tornado Cash drew scrunity from the US Gov't?0:22:08: How does all of this relate to free speech?0:26:22: One of the developers was arrested - what's the EFF's take on this?0:29:14: Is a platform responsible for illegal activities related to content they host?0:31:18: What's the limit of free speech when it comes to software code?0:41:00: What free speech rights to platforms themselves have?0:44:42: What about attempts to turn code into books or T-shirts to gain protection?0:48:04: What's next for the Tornado Cash case?0:55:12: Interview wrap-up0:55:46: Looking ahead

A little over 20 years ago, Charles Petzold wrote what would become a classic book on understanding modern computers and the software that drives them. Computers have become essential to daily life and inhabit more and more of the devices we use every day. Every "smart" device you own contains a computer running software. While these little silicon chips and the binary code running them seem like magic, they're really just a series of simple building blocks chained together to accomplish a task. Having a basic understanding of these concepts can give us a lot more perspective on how computers can be used and abused, programmed and subverted. When I learned that Charles was releasing a fully updated 2nd edition of Code, I asked him to come on the show to give us all a historical overview of computers and software. He graciously agreed. The concepts of computing and programming go back a lot further than you might think. Today we'll learn about this and much more. Charles Petzold is the author of the books Code, The Annotated Turing, and numerous programming tutorials involving Microsoft Windows. Interview Notes Code: The Hidden Language of Computer Hardware and Software: https://www.charlespetzold.com/books/ Companion website: https://codehiddenlanguage.com/ The Annotated Turing: https://www.charlespetzold.com/AnnotatedTuring/ Alan Turing: https://en.wikipedia.org/wiki/Alan_Turing Ada Lovelace: https://en.wikipedia.org/wiki/Ada_Lovelace Delay Line Mercury Storage: https://en.wikipedia.org/wiki/Delay-line_memory#Mercury_delay_lines Steganography: https://en.wikipedia.org/wiki/Steganography  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:08: Hold off on iOS 16 update0:02:47: Preview of today's interview0:05:49: Why did you write this book and who was your target audience?0:11:03: Why should we understand the basics of computing?0:12:39: What IS a "computer", fundamentally?0:16:35: Where did computers start, historically?0:19:21: What's the origin of software and programming computers?0:22:14: How did we store computer programs before hard drives?0:25:30: How did encoding enable us to communicate over large distances?0:30:00: How do we measure progress in computing?0:34:24: How did you decide how to lay out the concepts in the book?0:39:29: How can understanding computers help us be more secure?0:43:17: What does the future of computing look like?0:49:58: What will your next book be about?0:53:55: Interview wrap-up0:54:53: My Google rant0:58:03: A bit on steganography and codes0:59:41: Upcoming shows, schedule change

Password manager software maker LastPass suffered a data breach last week, which understandably made their customers very nervous - and caused some people to question the decision to put all their passwords in one digital basket. In today's show, I'll explain why this particular breach was not a threat to anyone's passwords and why you should still use a high quality password manager. In other news: Former security chief blows the whistle on Twitter; major VPN providers are pulling out of India over surveillance law issues; a set of popular Chrome extensions caught committing click fraud; Google's new Chrome extension restrictions threaten to hobble ad blockers; a father's Google accounts are deleted over false AI-flagged CSAM; US Federal Trade Commission sues a data broker over lax protection of location data; EFF finds another data broker selling location data to law enforcement; Google launches bug bounty program for open source software projects; DuckDuckGo's email privacy protection feature now available to all; Ohio judge rules that scanning students' rooms before tests is illegal; a flight to Cabo is nearly grounded thanks to a passenger sending dick pics to other passengers, including one of the pilots. Article Links [The Washington Post] Former security chief claims Twitter buried ‘egregious deficiencies’ https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/[9to5mac.com] Major VPN services shut down in India over anti-privacy law; Apple hasn’t yet commented https://9to5mac.com/2022/09/01/major-vpn-services/[BleepingComputer] Chrome extensions with 1.4 million installs steal browsing data https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/[BleepingComputer] AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules https://www.bleepingcomputer.com/news/security/adguard-s-new-ad-blocker-struggles-with-google-s-manifest-v3-rules/[The New York Times] A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html[Reuters] U.S. FTC sues data broker Kochava for alleged sale of sensitive data https://www.reuters.com/legal/us-ftc-sues-data-broker-kochava-alleged-sale-sensitive-data-2022-08-29/[Electronic Frontier Foundation] Data Broker Helps Police See Everywhere You’ve Been with the Click of a Mouse: EFF Investigation https://www.eff.org/press/releases/data-broker-helps-police-see-everywhere-youve-been-click-mouse-eff-investigation[Naked Security] LastPass source code breach – do we still recommend password managers? https://nakedsecurity.sophos.com/2022/08/29/lastpass-source-code-breach-do-we-still-recommend-password-managers/[Decipher] Google Launches Bug Bounty Program For Open Source Projects https://duo.com/decipher/google-launches-bug-bounty-program-for-its-open-source-projects[Spread Privacy] Protect Your Inbox: DuckDuckGo Email Protection Beta Now Open to All! https://spreadprivacy.com/protect-your-inbox-with-duckduckgo-email-protection/[The Verge] University can’t scan students’ rooms during remote tests, judge rules https://www.theverge.com/2022/8/23/23318067/cleveland-state-university-online-proctoring-decision-room-scan[VICE] Creeps Airdropping Dick Pics Just Made Flying Even Worse https://www.vice.com/en/article/3adag9/southwest-tiktok-video-pilot-airdropped-nudesTip of the Week: How to Prevent Cyberflashing https://firewallsdontstopdragons.com/how-to-prevent-cyberflashing/  Further Info Peppering Your Passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero!

Thirty years ago, a young hacker named Jeff Moss (aka The Dark Tangent) threw a party in the desert of Nevada to commemorate the demise of a bulletin board system called PlatinumNet. Unlike the other handful of hacker conferences in that time, this one would be on the West Coast and open to everyone. Over the next three decades, DEF CON would become the preeminent hacker convention for the US (possibly the world), drawing upwards of 30,000 attendees. Along with its more-corporate spinoff Black Hat and related BSides conference, the back-to-back conferences are affectionately referred to as Hacker Summer Camp. In today's show, I'll walk down memory lane with Jeff, discussing the ups and downs he's experienced and delve into what this has all meant to him, personally. Oh yeah... and also the incident involving strippers and hacking the power grid. Further Info Amulet of Entropy badge: ​https://amuletofentropy.com/ DEF CON documentary: https://www.youtube.com/watch?v=SUhyeY0FsvwMy first trip to DEF CON: https://podcast.firewallsdontstopdragons.com/2021/08/11/understanding-hackers-hacking/ Last year’s interview with Jeff Moss: https://podcast.firewallsdontstopdragons.com/2021/08/16/on-a-dark-tangent/ Hackers, book by Steven Levy: https://www.amazon.com/Hackers-Computer-Revolution-Steven-Levy/dp/1449388396Legion of Doom (LOD) vs Masters of Deception (MOD): ​​https://en.wikipedia.org/wiki/Great_Hacker_War SATAN tool: https://en.wikipedia.org/wiki/Security_Administrator_Tool_for_Analyzing_NetworksA brief history of hacking: https://encyclopedia.kaspersky.com/knowledge/a-brief-history-of-hacking/ Cap’N Crunch whistle: https://www.thingiverse.com/thing:2630646 Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:31: Hacker Summer Camp0:03:30: pre-interview things of note0:05:31: DEF CON, the early years0:12:02: How had DEF CON changed since the beginning?0:16:08: What's the closest DEF CON ever came to ending?0:24:44: Why is DEF CON so full of shennanigans?0:26:49: What has DEF CON meant to you, personally?0:32:02: Thoughts on the DEF CON culture0:37:13: What's your "Jeff sense" on choosing the best people?0:39:50: What's in the future for DEF CON?0:46:13: What speakers have you always wanted but couldn't get?0:51:04: learning more about hackers and hacking0:53:50: Where does "2600" come from?0:57:18: Important notes for new listeners

If it's August in Las Vegas, it's time for Hacker Summer Camp. There are three hacker conferences that coordinate to happen next to each other every year: BSides Las Vegas, Black Hat and DEF CON. My first trip to DEF CON was last year and I was hooked - I hope to go back every year. This was the big 30th anniversary of DEF CON and several of the news stories this week came from one of these hacker conferences. And next week I'll air my wonderful interview with DEF CON's CEO and Founder, Jeff Moss (aka The Dark Tangent). In the news this week: Several malicious Mac apps have slipped through Apple's App Store security checks and contain malware - you should delete them ASAP; iOS VPN apps aren't properly securing connections made before activating the VPN; TikTok's in-app browser injects JavaScript code that could enable it to snoop on your session, including capturing keystrokes; Cisco's network breach has lessons for all of us; Signal's use of phone numbers as identifiers highlighted due to breach at Twilio; a new jailbreak has been found on John Deere tractors that might allow farmers to service their own equipment; Amazon is planning to release a reality TV show based on Ring doorbell footage; a digital hallway pass allows schools to intrusively monitor its students; and law enforcement is tapping into DNA databases of the blood samples taken at birth by hospitals to solve crimes. Article Links [Tom's Guide] These Mac apps are secretly spreading malware — delete them now https://www.tomsguide.com/news/these-mac-apps-are-secretly-spreading-malware-delete-them-now[Ars Technica] iOS VPNs have leaked traffic for years, researcher claims [Updated] https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/[Forbes] TikTok’s In-App Browser Includes Code That Can Monitor Your Keystrokes, Researcher Says https://www.forbes.com/sites/richardnieva/2022/08/18/tiktok-in-app-browser-research/[None] Cisco Confirms Network Breach Via Hacked Employee Google Account https://threatpost.com/cisco-network-breach-google/180385/[TechCrunch] Signal says 1,900 users’ phone numbers exposed by Twilio breach https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/[Ars Technica] A new jailbreak for John Deere tractors rides the right-to-repair wave https://arstechnica.com/information-technology/2022/08/a-new-jailbreak-for-john-deere-tractors-rides-the-right-to-repair-wave/[VICE] 'Ring Nation' Is Amazon's Reality Show for Our Surveillance Dystopia https://www.vice.com/en/article/7k8x49/ring-nation-is-amazons-reality-show-for-our-surveillance-dystopia[VICE] A Tool That Monitors How Long Kids Are in the Bathroom Is Now in 1,000 American Schools https://www.vice.com/en/article/dy73n7/ehallpass-1000-thousand-schools-monitor-bathroom[WIRED] Police Used a Baby’s DNA to Investigate Its Father for a Crime https://www.wired.com/story/police-used-a-babys-dna-to-investigate-its-father-for-a-crime/Tip of the Week: https://firewallsdontstopdragons.com/be-my-guest-no-i-insist/ Further Info A few Amulets of Entropy are still left: https://hackerboxes.com/collections/past-hackerboxes/products/hackerbox-0080-entropySubscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:17: DEFCON 30 notes0:03:00: Quick security notes0:03:46: News run down0:06:50: Delete these Apple apps immediately0:10:44: iOS VPN apps fail to secure old connections0:15:00: TikTok's in-app browser a...

There's no doubt that the internet has enabled criminals to share illicit and vile content with ease. The advent of high-quality end-to-end encrypted communications has made sharing this material harder for law enforcement to police. But the solution is not to cripple this technology, which is essential for security, privacy and even democracy. Today I'll discuss this thorny issue with Dhanaraj Thakur from the Center for Democracy and Technology. We'll talk about several dangerous proposals currently being considered in the US and Europe, and some potential solutions that can limit criminal behavior while preserving security and our right to privacy. Dhanaraj Thakur is Research Director at the Center for Democracy & Technology, where he leads research that advances human rights and civil liberties online. Further Info Outside Looking In: Approaches to Content Moderation in End-to-End Encrypted Systems: https://cdt.org/insights/outside-looking-in-approaches-to-content-moderation-in-end-to-end-encrypted-systems/ End Run Around Your Rights: https://podcast.firewallsdontstopdragons.com/2021/12/13/end-run-around-your-rights/ Center for Democracy & Technology: https://cdt.org/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:19: Rebranding rolling out0:02:11: Why is content moderation coming to the fore?0:05:11: What are the types of content we're trying to control?0:08:30: How is automated copyright detection being abused by police?0:09:49: What are the phases of content moderation?0:12:01: How can content moderation scale on huge platforms?0:15:14: How does moderation differ inside vs outside the US?0:18:12: What is the platform liability for content?0:21:33: How good is automated content filtering?0:25:01: When does moderation become censorship?0:27:52: Can social media companies block or allow whatever they want?0:30:53: What does end-to-end encryption really mean?0:34:42: How important is metadata for identifying illicit content?0:37:26: What are the current legislative proposals around content moderation?0:41:13: How can we comply with these orders without losing privacy?0:46:09: So where do we draw the line?0:48:44: How did we police this before the internet?0:49:34: How can I learn more and get involved?0:51:57: Listener mailbag coming soon!0:52:49: Preview of coming shows

All software has bugs, so the more software you have installed, the more bugs you have. It's not just the bugs in any individual application, but it's also magnified by interactions between some applications. Thankfully, the converse is also true: the less software you have installed, the fewer bugs you have (statistically, anyway). How many apps have you installed because they were free? How many apps came installed with your PC that you never use? How about companion apps for products you no longer own? Or maybe apps you installed years ago that you've forgotten about. You need to review all of your apps and get rid of anything you aren't using. You can always reinstall them later, if necessary. But removing unused apps will also remove any software bugs and vulnerabilities that inevitably come with them. (It's also one less app to gather and sell personal data.) In other news: Amazon is looking to buy the maker of Roomba robotic vacuums that know the map of your home; Amazon is also hoping to buy a medical company to start directly providing healthcare; Google once again delays removing support for 3rd party cookies in Chrome; a candidate post-quantum computing encryption algorithm was defeated in an hour with a regular PC; open source software is used everywhere, but is getting very little security support; hackers act on patched bugs within minutes; our cars are collecting and sharing tons of detailed information about us and our driving habits; Samsung has implemented a "repair mode" to protect your data while your phone is in the shop; and a new Android malware is contained in several "cleaner" apps. Article Links [Mashable] Amazon vacuums up Roomba maker iRobot, sparking immediate privacy concerns https://mashable.com/article/amazon-irobot-acquisition-roomba-privacy[Time] Amazon's Dangerous Ambition to Dominate Healthcare https://time.com/6201575/amazons-dangerous-ambition-to-dominate-healthcare/[HackerNews] Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024 https://thehackernews.com/2022/07/google-delays-blocking-3rd-party.html[Ars Technica] Post-quantum encryption contender is taken out by single-core PC and 1 hour https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/[Ars Technica] Samsung’s “repair mode” lets technicians look at your phone, not your data https://arstechnica.com/gadgets/2022/07/samsungs-repair-mode-lets-technicians-look-at-your-phone-not-your-data/[Lawfare] Open-Source Security: How Digital Infrastructure Is Built on a House of Cards https://www.lawfareblog.com/open-source-security-how-digital-infrastructure-built-house-cards[ZDNet] Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/[The Markup] Who Is Collecting Data from Your Car? – The Markup https://themarkup.org/the-breakdown/2022/07/27/who-is-collecting-data-from-your-car[Ars Technica] T-Mobile to pay $500M for one of the largest data breaches in US history https://arstechnica.com/tech-policy/2022/07/t-mobile-to-pay-500m-for-one-of-the-largest-data-breaches-in-us-history/[Tom's Guide] Millions infected by 'auto-starting' Android malware — delete these apps now https://www.tomsguide.com/news/millions-infected-by-auto-starting-android-malware-delete-these-apps-nowTip of the Week: https://firewallsdontstopdragons.com/deleting-your-way-to-better-security/  Further Info Mac AppCleaner: https://freemacsoft.net/appcleaner/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your g...