Firewalls Don't Stop Dragons Podcast

Cameras are everywhere. Every person you pass on the street has a camera on their phone and security cameras are everywhere. They're so cheap and small now, and most of them are connected to the cloud. Not only does that mean they basically have unlimited storage, but it also opens the door for computers to process those images and footage looking for faces. Today, I'll speak with Nate Wessler from the ACLU about the implications of this technological perfect storm on our privacy and what rights we actually have today with regard to facial recognition and use of these systems by law enforcement. Nate Wessler is a deputy director with the ACLU’s Speech, Privacy, and Technology Project, where he focuses on litigation and advocacy around surveillance and privacy issues, including government searches of electronic devices, requests for sensitive data held by third parties, and use of surveillance technologies. Further Info ACLU suit against Clearview AI: https://iapp.org/news/a/aclu-files-class-action-vs-clearview-ai-under-biometric-privacy-law/Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:41: DEF CON updates0:03:18: Interview start0:05:46: Carpenter v. US case0:10:13: What's my expectation of privacy in public spaces?0:17:30: Private right of action0:18:58: What rights do I have for online photos of me?0:21:54: Aren't we enabling facial recognition by tagging people?0:23:47: Is there any solution beyond regulation?0:27:16: Who is Clearview AI and what are they doing?0:32:24: ACLU's lawsuit win against Clearview AI0:38:57: Is it possible to limit this tech to just "the good guys"?0:43:00: This guy looks like Woody Harrelson!0:47:07: What about the good uses for this tech?0:53:09: What about 1-to-1 facial matching services?0:56:20: So what can we, as citizens, do about all of this?0:58:22: When should we reach out to the ACLU?1:00:26: Wrap up

The "rolling code" technology used to remotely open and lock your car is supposed to prevent hacking. Unfortunately, Honda has a pretty serious vulnerability in their cars that apparently allows anyone with a little talent and cheap hacking tools to get into your car - and maybe even start it (though not actually drive it away). If correct, this vulnerability affects probably all Hondas made over the last 10 years. So far, Honda has denied that this is a problem, but many researchers have reproduced the hack. In other news: cheap, Chinese-made GPS vehicle trackers are vulnerable to remote hacking; Chrome, Edge and Safari browsers fix serious 0-day bugs; Twitter data breach info on 5.4M users is up for sale on the dark web; Windows getting a crucial security update to make important security feature on by default; the Conti ransomware gang is attacking the entire country of Costa Rica; Facebook quickly bypasses Firefox's URL tracking removal feature; Tor Browser adds a useful feature that will help people in repressive countries; Google appears ready to stop blocking political spam emails; Amazon admits to giving Ring video to law enforcement without consent or a warrant; a complicated, targeted web browser trick can be used to identify website visitors. Article Links [U.S. News & World Report] Researchers: Chinese-Made GPS Tracker Highly Vulnerable https://www.usnews.com/news/business/articles/2022-07-19/researchers-chinese-made-gps-tracker-highly-vulnerable[Ars Technica] 0-day used to infect Chrome users could pose threat to Edge and Safari users, too https://arstechnica.com/information-technology/2022/07/exploit-seller-used-chrome-exploit-and-2-other-0-days-to-infect-journalists/[9to5mac.com] Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k https://9to5mac.com/2022/07/22/twitter-data-breach/[ZDNet] Windows 11 is getting a new security setting to block ransomware attacks https://www.zdnet.com/article/windows-11-is-getting-a-new-security-setting-to-block-ransomware-attacks/[ThreatPost] Conti’s Reign of Chaos: Costa Rica in the Crosshairs https://threatpost.com/contis-costa-rica/180258/[Schneier Blog] Facebook Is Now Encrypting Links to Prevent URL Stripping https://www.schneier.com/blog/archives/2022/07/facebook-is-now-encrypting-links-to-prevent-url-stripping.html[None] Tor Browser Adds Automatic Censorship Circumvention https://www.infosecurity-magazine.com/news/tor-browser-automatic-censorship/[Inc. Magazine] Google Revealed Plans for a Big Change to Gmail That Almost Nobody Wants. You Have 19 Days to Object https://www.inc.com/bill-murphy-jr/google-revealed-plans-for-a-big-change-to-gmail-that-almost-nobody-wants-you-have-19-days-to-object.html[The Intercept] Amazon Admits Giving Ring Camera Footage to Police Without a Warrant or Consent https://theintercept.com/2022/07/13/amazon-ring-camera-footage-police-ed-markey/[The Drive] I Tried the Honda Keyfob Hack on My Own Car. It Totally Worked https://www.thedrive.com/news/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked[WIRED] A New Attack Can Unmask Anonymous Users on Any Major Browser https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/Tip of the Week: More Uses for Password Vaults: https://firewallsdontstopdragons.com/more-uses-for-password-vaults/ Further Info Amulet of Entropy!!: https://amuletofentropy.com/ Peppering your passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:02: Bad Bugs in GPS Vehicle Trackers0:07:16: Zero-Day Bugs in Chrome, Edge,

We take that little box that connects our home to the internet for granted. But in reality, it's often the only thing hiding our computers and vulnerable IoT devices from automated, remote attacks. This "internet background radiation" is ever present - a massive network of malicious or compromised devices, constantly scanning the internet for exposed and ill-protected systems. Today, we'll discuss routers, firewalls and other common aspects of home network security with the CEO of CrowdSec. He'll also explain how we can enable these devices to share information in a sort of global neighborhood watch program, distributing information about bad actors to better protect us all. Philippe Humeau graduated as an IT security engineer in 1999 in Cyber security. He then created his first company, dedicated to red team penetration testing and high-security hosting. After selling his first company, his eternal crushes for Cybersecurity led him to create CrowdSec in 2020. This open-source editor creates a participative IPS which generates a global, crowd-powered CTI. Further Info CrowdSec: https://crowdsec.net/ CrowdSec code repository: https://github.com/crowdsecurity/crowdsec Lulu reverse firewall: https://objective-see.org/products/lulu.html Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Amulet of Entropy!!:https://amuletofentropy.com/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:46: Update on Firefox Total Cookie Protection0:03:50: DEF CON coming soon0:04:47: Interview start0:06:49: What does a firewall do?0:10:18: Should I enable the firewall on my computer, too?0:14:18: What is Universal Plug and Play (uPnP?)0:16:04: What is Network Address Translation (NAT)?0:20:16: Hacker vs Cybercriminal?0:21:17: Internet Background Radiation0:26:19: Creating network silos0:29:28: Attacks from within0:32:15: Botnets and DDoS attacks0:35:37: What are the biggest network threats today?0:40:16: Who are the main threat actors?0:45:09: How does Crowdsec work?0:49:36: How quickly do agents share info?0:51:37: How does Crowdsec make money?0:53:03: Can you use Crowdsec on home routers?0:55:28: Are things getting better or worse?0:57:43: Top security tips?1:01:45: How do you poke a hole in a firewall?1:04:01: Setting up guest network1:07:48: Reverse firewalls1:09:07: Final word

This week we'll talk about three significant new data breaches. Each of these data leaks are important in different ways, but the trend is clear: data wants to be free. First of all, we need to stop collecting so damn much of it. But second, we need to make it more expensive for data-collectors who are criminally negligent with the protection of our data. Right now, it's cheaper to let it escape than to spend time, effort and money to protect it. (In my Tip of the Week, I'll tell you about a great free tool that will let you protect your own data.) In other news: Google patches some serious zero-day Chrome bugs and I'll explain how they work; personal data for many California gun owners was leaked; Marriott suffered yet another customer data breach; personal data on over 1 billion people in China is up for sale; Crypto exchange Coinbase is sharing info with US immigration enforcers; a sophisticated malware named ZouRAT is infecting SOHO routers; a new Windows worm appears to be coming from infected USB devices; a free decryptor has been released for AstraLocker and Yashma ransomware; Apple's new Lockdown mode shows real promise; and the US Immigration and Customs Enforcement agency has become a full-tilt mass surveillance organization. Article Links [Naked Security] Google patches “in-the-wild” Chrome zero-day – update now! https://nakedsecurity.sophos.com/2022/07/05/google-patches-in-the-wild-chrome-zero-day-update-now/[Gizmodo] California Gun Owners Had Lots of Their Data Exposed by the State Government https://gizmodo.com/california-gun-owners-data-exposed-state-justice-dept-1849124116[TechCrunch] Hotel giant Marriott confirms yet another data breach https://techcrunch.com/2022/07/06/marriott-breach-again/[ZDNet] Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web https://www.zdnet.com/article/giant-data-breach-leaked-personal-data-of-one-billion-people-has-been-spotted-for-sale-on-the-dark-web/[The Intercept] Cryptocurrency Titan Coinbase Providing “Geo Tracking Data” to ICE https://theintercept.com/2022/06/29/crypto-coinbase-tracer-ice/[Ars Technica] A wide range of routers are under attack by new, unusually sophisticated malware https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/[PCM] Hundreds of Windows Networks Are Infected With Raspberry Robin Worm https://www.pcmag.com/news/hundreds-of-windows-networks-are-infected-with-raspberry-robin-worm[BleepingComputer] Free decryptor released for AstraLocker, Yashma ransomware victims https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-astralocker-yashma-ransomware-victims/[9to5mac.com] Firefox now lets users remove tracking parameters from URLs to enhance privacy https://9to5mac.com/2022/06/29/tracking-parameters-urls-firefox/[Ars Technica] Why Lockdown mode from Apple is one of the coolest security ideas ever https://arstechnica.com/information-technology/2022/07/introducing-lockdown-from-apple-the-coolest-defense-youll-probably-never-use/Data-Driven Deportation in the 21st Century https://americandragnet.org/Tip of the Week: https://firewallsdontstopdragons.com/creating-a-file-vault-with-cryptomator/ Further Info Cryptomator: https://cryptomator.org/ Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Seth interview on cryptocurrency: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/  Amulet of Entropy!!:https://amuletofentropy.com/ No More Ransom. A non-profit devoted to helping break ransomware crypto so that victims don’t have to pay.ID Ransomware. A tool for identifying which ransomware you’ve been infected with and then guiding you to other resources for help.Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your...

While many of us prefer order in our lives, at least most of the time, we sometimes need a little chaos. Specifically, we need a source of true randomness in order to properly drive many of our cryptographic systems - to secure our digital communications, for example. And while computers are very good at doing what we tell them to do, they suck at being unpredictable. Therefore we have to find other ways to inject a little chaos. Today I will discuss these concepts with Joe Long, founder and CEO of HackerBoxes.com. Along the way, we'll share stories of hardware hacking and our love of electronics tinkering. And then we'll reveal a totally geeky project we've been working on together for many months now that we dubbed the Amulet of Entropy! Joe Long is a professional engineer, patent attorney, and hardware hacker.  He has decades of expertise in electronics which he has taught to over a million students around the world.  Joe is the founder of HackerBoxes - a company that provides kits, workshops, and monthly subscription boxes for building and learning electronics. Further Info Amulet of Entropy!!: https://amuletofentropy.com/HackerBox #0080: https://hackerboxes.com/products/hackerbox-0080-entropy Amulet GitHub repo: https://github.com/FirewallDragon/amulet-of-entropyHackerBoxes: https://hackerboxes.com/ Forrest Mims electronics books: https://www.forrestmims.com/ Humble Bundle electronics books: https://www.humblebundle.com/books/boards-coding-make-co-books HackADay: https://hackaday.com/DEF CON 30: https://defcon.org/html/defcon-30/dc-30-index.html Firewalls Don’t Stop Dragons book: https://www.amazon.com/gp/product/1484261887 Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:23: Start of interview0:05:42: What is a hardware hacker?0:09:09: What got you into electronics?0:14:49: What do you need to get into electronics?0:21:46: What is entropy?0:24:36: Where do we find entropy in everyday life?0:28:18: Why is entropy important for cryptography?0:30:58: Why do computers suck at randomness?0:35:18: So how do we find true random values?0:38:42: What happens randomness fails?0:41:17: How we use patterns to efficiently encode things0:46:44: The Amulet of Entropy!0:51:53: Designing the project0:55:33: Fun uses of entropy0:56:41: How do I get one??0:57:53: Outro1:01:06: DEF CON 30 talk1:01:45: Electronics resources for newbies

Firefox officially rolled out its Total Cookie Protection feature last week, which is a clever and elegant solution for blocking tracking using third party cookies. Unfortunately... it doesn't seem to be working for me when I tested it. There are at least a couple reasons for why this might be, and a workaround, both of which I will discuss in today's Tip of the Week. Also: A drunk employee lost a flash drive with half a million customer's data in Japan; a TikTok leak appears to show that even with US user data being "moved" to US soil, engineers in China can still access it; a new voicemail scam tries to trick you into giving up your Microsoft account credentials; MEGA fixes several flaws which might allow a rogue employee to view your data; 56 security flaws in industrial systems could impact thousands of devices around the world; Google Password Manager now allows for client-side encryption; Microsoft's Defender is now available for non-Windows devices (for a fee); T-Mobile is the latest to use its privileged position to hoover up and sell customer data; spyware companies are proliferating; Facebook is receiving sensitive medical info from it's Meta Pixel; and vacation rentals are sadly great places for spycams, and I'll help you try to spot them. Article Links [The Guardian] Japanese city worker loses USB containing personal details of every resident https://www.theguardian.com/world/2022/jun/24/japanese-city-worker-loses-usb-containing-personal-details-of-every-resident[Gizmodo] TikTok Leak Alleges User Data Isn't Private: ‘Everything Is Seen in China’ https://gizmodo.com/tiktok-china-oracle-bytedance-1849078477[Threatpost] Voicemail Scam Steals Microsoft Credentials https://threatpost.com/voicemail-phishing-scam-steals-microsoft-credentials/180005/[BleepingComputer] MEGA fixes critical flaws that allowed the decryption of user data https://www.bleepingcomputer.com/news/security/mega-fixes-critical-flaws-that-allowed-the-decryption-of-user-data/[BleepingComputer] Icefall: 56 flaws impact thousands of exposed industrial devices https://www.bleepingcomputer.com/news/security/icefall-56-flaws-impact-thousands-of-exposed-industrial-devices/[9to5Google] Google Password Manager starts offering on-device encryption on Android, iOS, and Chrome https://9to5google.com/2022/06/21/google-password-on-device-encryption/[PCM] WTF? Do I Have to Pay for Microsoft's Defender Antivirus Now? https://www.pcmag.com/news/wtf-do-i-have-to-pay-for-microsofts-defender-antivirus-now[The Verge] T-Mobile is selling your app usage data to advertisers — here’s how to opt out https://www.theverge.com/2022/6/24/23181851/t-mobile-browsing-data-app-insights-marketing-opt-out[WIRED] Google Warns of New Spyware Targeting iOS and Android Users https://www.wired.com/story/hermit-spyware-rcs-labs/[The Markup] Facebook Is Receiving Sensitive Medical Information from Hospital Websites – The Markup https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites[USA TODAY] How to spot hidden surveillance cameras in your Airbnb, VRBO, or vacation rentals https://www.usatoday.com/story/tech/columnist/komando/2022/06/23/how-check-hidden-cameras-airbnb-vrbo-vacation-rentals/7652726001/ Further Info Tip of the Week: Total Cookie Protection? https://firewallsdontstopdragons.com/total-cookie-protection/Cookie Forensics Test: https://www.grc.com/cookies/forensics.htm Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:17: News topic summary0:04:47: Drunk worker loses customer data0:08:00: TikTok phone call leak0:12:04: Microsoft voicemail scam0:16:23: ...

Everyone hates dealing with passwords, and yet they've been the de facto standard of computer authentication for decades. But there's light at the end of this long tunnel. There is a passwordless future where we can log in to our accounts using just our smartphones. In this future, it won't matter if websites are breached because there will be no password databases to steal. Even phishing will be a thing of the past. And thankfully, that future isn't far away. Today I'll discuss where we are, how we got here, and where we're going with Yubico's Derek Hanson. Derek Hanson has been involved in the identity and security industry for over ten years.  He has been building networks and deploying computer systems since the mid-90s and now is an advocate for how you can best protect them. And he is now the VP of Solutions Architecture and Alliances at Yubico. Further Info Yubico/YubiKey: https://www.yubico.com/ NIST password guidelines: https://www.infosecurity-magazine.com/blogs/nist-password-guidelines/ OPM fingerprint database hack: https://www.wired.com/2015/09/opm-now-admits-5-6m-feds-fingerprints-stolen-hackers/ WebAuthn: https://webauthn.guide/ FIDO: https://fidoalliance.org/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/ Table of Contents (new!) Use these timestamps to jump to a particular section of the show. 0:01:01: Welcome new patrons!0:01:41: New table of contents0:03:40: Update Windows ASAP0:04:03: Pre-interview notes0:04:34: Interview start0:06:21: Why do we still use passwords?0:11:26: Why don't more people use password managers?0:15:25: NIST updates password recommendations0:17:50: Should we use biometrics for authentication?0:23:40: How do passwordless systems compare to what we have now?0:29:00: How does authentication work in a passwordless system?0:32:50: Have we settled on a single passwordless standard?0:37:24: How well is this new standard supported?0:40:41: How do I use this passwordless technology?0:43:00: How soon will we see passwordless logins?0:46:22: Which 2FA system is best and will we still need this going forward?0:51:33: What current technologies are best for securing our accounts?0:55:18: How do hardware keys work?1:00:42: OPM fingerprint hack1:01:48: Bonus content preview1:02:02: Upcoming shows

I preach about using password managers constantly - because they really are a fantastic tool for increasing your security. Humans suck at creating memorable passwords that are not also easy to guess. But the idea of putting all your juicy secrets into a digital vault that is controlled by a third party and synchronizing through the cloud may not sit well with you. And I totally get that. It's a very valid concern. But what if there were a way to have your cake and eat it, too? (I never understood that expression... what good is having cake if you can't eat it, right?) I'll explain a simple technique using cryptographic "pepper" that will allow you to use a password manager, even if you don't trust it. In other news: US water utilities are woefully unprepared for cyberattacks; paper ballots are essential for secure elections, but not sufficient; PDFs are being used to cleverly hide keylogging malware; Chinese hackers have infiltrated many global telecom companies for years; Australia's new "secure" digital driver's license is anything but; the FBI manages to recover half of the Colonial Pipeline ransom; a new facial search engine is on the scene, with even less protections than Clearview AI; and the Tim Horton's app stole a heck of a lot of user location data from its customers. Article Links U.S. Water Utilities Prime Cyberattack Target, Experts | Threatpost https://threatpost.com/water-cyberattack-target/179935/Do Ballot Barcodes Threaten Election Security? https://cdt.org/insights/do-ballot-barcodes-threaten-election-security/[BleepingComputer] PDF smuggles Microsoft Word doc to drop Snake Keylogger malware https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/[MIT Technology Review] Chinese hackers exploited years-old software flaws to break into telecom giants https://www.technologyreview.com/2022/06/08/1053375/chinese-hackers-exploited-years-old-software-flaws-to-break-into-telecom-giants/[Ars Technica] “Tough to forge” digital driver’s license is… easy to forge https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/FBI Recovers $2.3 Million of Colonial Pipeline Ransomware Payment; Some Que https://www.cpomagazine.com/cyber-security/fbi-recovers-2-3-million-of-colonial-pipeline-ransomware-payment-some-questions-about-the-attack-answered/[The Mercury News] A face search engine anyone can use is alarmingly accurate https://www.mercurynews.com/2022/05/28/a-face-search-engine-anyone-can-use-is-alarmingly-accurate-2[CTV News] Tim Hortons app collected vast amounts of sensitive data: privacy watchdogs https://www.ctvnews.ca/business/tim-hortons-app-collected-vast-amounts-of-sensitive-data-privacy-watchdogs-1.5927716Pepper Your Passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/  Further Info Only FIVE DAYS LEFT to get your dragon coin! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/ Techlore interview: https://youtu.be/-GubGbuWBfk Exploits of a Mom (XKCD “Bobby Tables” cartoon): https://xkcd.com/327/Bobby Tables explanation: https://www.explainxkcd.com/wiki/index.php/Little_Bobby_Tables Generate secure passphrases! https://d20key.com/#/Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker

Everyone has heard of Bitcoin, but almost no one understands what the heck is actually is. Today I'm interviewing Seth from Seth for Privacy who knows cryptocurrency backwards and forwards. Seth is also a privacy advocate who understands the broader implications of digital currency. I'll ask him to explain how cryptocurrency works, what the blockchain is, how crypto mining affects our environment, whether cryptocurrency is truly anonymous, and how cryptocurrency has any value whatsoever - and much more! Seth is a privacy educator, Monero contributor, and host of the Opt Out podcast. Further Info Opt Out podcast, https://optoutpod.comSeth’s bio: https://sethforprivacy.com/about/ Seth’s Twitter feed: https://twitter.com/sethforprivacy Why Cryptocurrencies? https://whycryptocurrencies.com/toc.html Local Monero: https://localmonero.co/ Cryptocurrency ATMs: https://coinatmradar.com/ Bitcoin energy consumption: https://niccarter.info/topics/#energy Was Bitcoin Created by This International Drug Dealer? https://www.wired.com/story/was-bitcoin-created-by-this-international-drug-dealer-maybe/ XKCD comic - $5 wrench: https://xkcd.com/538/ Byzantine Generals Problem: https://en.wikipedia.org/wiki/Byzantine_fault Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site https://www.wired.com/story/tracers-in-the-dark-welcome-to-video-crypto-anonymity-myth/ Hot Wallets vs Cold Wallets: https://appleinsider.com/articles/22/06/04/crypto-101-the-difference-between-hot-and-cold-wallets Microsoft unpatched vulnerability: https://www.kaspersky.com/blog/follina-cve-2022-30190-msdt/44461/  Dragon Coins & Passphrases Get your Dragon Challenge Coin!! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/ Generate secure passphrases! https://d20key.com/#/

Modern smartphones have a potentially life-saving feature called "SOS" or "Emergency" mode that can give first responders critical medical information and automatically dial your country's emergency phone number. It can report your location and even notify selected contacts. In today's show, I'll share a story from one woman who believes this mode saved her life. It's easy to use and set up, but it won't do you any good if you don't know about it. I'll tell you everything you need to know. In other news: Clearview AI is looking to expand its services to schools, banks and other institutions that wish to authenticate people; MasterCard is launching a new facial recognition system that will allow users to pay "with a smile"; the US Department of Justice has finally issued long-overdue guidance on common sense limitations for prosecuting security researchers and regular people who might run afoul of the tragically over-broad Computer Fraud and Abuse Act (CFAA); Twitter has been fined and Google has been sued for abusing customer data; local governments forced children to use EdTech software that surreptitiously harvested their data and fed them behavior-based ads; DuckDuckGo is in damage control over reports that it isn't blocking some Microsoft web tracking due to an agreement which they legally can't discuss; there's a new Wells Fargo phishing campaign going around which seeks to gather tons of data that would easily enable identity thefts; and a security researcher has found a bug with the OAuth single-sign on functionality used by Facebook. Article Links [Gizmodo] Clearview AI Says It's Bringing Facial Recognition to Schools https://gizmodo.com/clearview-ai-facial-recognition-privacy-1848975528[The Guardian] Mastercard launches ‘smile to pay’ system amid privacy concerns https://www.theguardian.com/technology/2022/may/17/mastercard-launches-smile-to-pay-amid-privacy-concerns[The Verge] Justice Department pledges not to charge security researchers with hacking crimes https://www.theverge.com/2022/5/19/23130910/justice-department-cfaa-hacking-law-guideline-limits-security-research[NPR] Twitter agrees to pay $150 million after FTC, DOJ accuse company of mishandling data https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc[None] Governments Harm Children’s Rights in Online Learning https://www.hrw.org/news/2022/05/25/governments-harm-childrens-rights-online-learning[Review Geek] DuckDuckGo Isn’t as Private as You Thought https://www.reviewgeek.com/118915/duckduckgo-isnt-as-private-as-you-thought/[Sky] Google sued for using the NHS data of 1.6 million Brits 'without their knowledge or consent' https://news.sky.com/story/google-sued-for-using-the-nhs-data-of-1-6-million-brits-without-their-knowledge-or-consent-12614525[None] Bank phishing and identity theft https://usa.kaspersky.com/blog/wells-fargo-phishing-identity-theft/26473/[Forbes] Security Warning For Facebook Users Who Login With Gmail OAuth Code https://www.forbes.com/sites/gordonkelly/2022/05/21/google-gmail-security-facebook-oauth-login-warning/[9to5mac.com] iPhone SOS credited with saving woman during assault attempt – Here’s how to set it up https://9to5mac.com/2022/05/24/iphone-sos-how-to-set-it-up/Set up Emergency mode, Apple iPhone: https://support.apple.com/en-us/HT208076Set up Emergency mode, Google Pixel: https://support.google.com/pixelphone/answer/7055029Set up Emergency mode, Samsung Galaxy: https://www.samsung.com/us/support/answer/ANS00050849/  Further Info Get your Dragon Challenge Coin!! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/ Generate secure passphrases! https://d20key.com/#/Amulet of Entropy teaser #2: https://twitter.com/HackerBoxes/status/1530341605567242240?s=20&t=OWW931j-mZk8cMRc6yp9bA Stop Using “Sign in with”: https://firewallsdontstopdragons.com/stop-using-sign-in-with/ EFF on facial recognition technology: ​​https://www.eff.org/deeplinks/2021/10/face-recognition-isnt-just-face-ide...