Firewalls Don't Stop Dragons Podcast

We didn't use to think too much about physical computer security because most computers were safely stored in our homes or businesses. But many people today use laptops which can be lost or stolen while traveling or toting them back and forth to work. Having physical access to a computer makes it much easier for bad guys to hack into them and steal our data. By "sniffing" the data signals on the wires in computer motherboards, bad guys can actually pull out security keys that would allow them to bypass encrypted hard drives and account authentication. To combat this, Microsoft's Pluton project makes this data exfiltration much, much harder by embedding the security circuitry directly into the CPU chip where the "wires" are microscopic and embedded in plastic casings. Tony Chen is a software engineer and security architect in the Microsoft core operating systems team. He's was the development lead responsible for Xbox One security that worked with the hardware team and AMD to successfully launch the Xbox One console in 2013 which has not been hacked for piracy or cheating for over 5 years. Further Info MIcrosoft's Pluton project: https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/ Podcast 5th Anniversary Giveaway! https://firewallsdontstopdragons.com/5th-anniversary-giveaway/Malwarebytes Lock & Code podcast: https://blog.malwarebytes.com/category/podcast/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

As my de-Google project progresses, I realized that I skipped the most important step: reconnaissance. Before you can de-Google your life, you need to first make a list of the Google products and services you interact with - and not all of them have "Google" in their names. Google also owns YouTube, Waze, Nest, Fitbit, Chromebooks, and much more. Furthermore, you need to know and understand what information Google already knows about you. And while you're doing that, you should delete all the existing data and prevent further collection. Thankfully, Google provides several tools to help you do this (most likely due to regulations like GDPR and CCPA). I'll help you create your personal de-Google to-do list. In other news: today I'm launching a massive giveaway promotion to celebrate the 5th anniversary of the podcast!! Also, 100 million Samsung phones shipped with horrible security flaws; Nvidia hackers are pressuring the company to turn off cryptocurrency mining limitations; the (Russian) Conti and TrickBot ransomware operations have been hacked; details of 120,000 Russian soldiers in Ukraine have been leaked (on purpose); the US Senate has passed landmark cybersecurity legislation in light of the rising cyber warfare threat; and the ACLU has published a sobering report about a mass surveillance company called Flock (no relation to Google's FLoC). Article Links 100 Million Samsung Phones Shipped With Flawed Encryption https://www.cpomagazine.com/cyber-security/100-million-samsung-phones-shipped-with-flawed-encryption-galaxy-s8-to-s21-series-cryptographic-keys-trivial-to-expose/ Nvidia Hackers Threaten to Release Mining-Limiter Killer https://www.tomshardware.com/news/nvidia-hackers-threaten-to-release-lhr-performance-limiter Conti Ransomware source code leaked by Ukrainian researcher https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/ Details of '120,000 Russian soldiers' leaked by Ukrainian media https://www.theregister.com/2022/03/02/russian_soldier_leaks/ Senate passes cybersecurity act forcing orgs to report cyberattacks, ransom payments https://www.zdnet.com/article/senate-passes-cybersecurity-act-forcing-critical-infrastructure-orgs-to-report-cyberattacks-ransom-payments/ Fast-Growing Company Flock is Building a New AI-Driven Mass-Surveillance System https://www.aclu.org/report/fast-growing-company-flock-building-new-ai-driven-mass-surveillance-system My De-Google Strategy: https://firewallsdontstopdragons.com/my-de-google-strategy/ Lawrence Lessig’s article: https://medium.lessig.org/crowdsourced-war-b5774c0ca7b5  Further Info 5th Anniversary Giveaway!! Details will be posted this week on my blog - keep your eye out on my main website! https://firewallsdontstopdragons.com/ Check out Techlore: https://techlore.tech/ Conti Ransomware report from Krebs On Security: https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/ https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/ https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

Your cell phone is a super computer and phenomenally powerful tracking device. Even George Orwell wouldn't have dreamed that telescreens would be pocket sized and that citizens would willingly carry them 24/7. That one device knows all about you and has access to your most personal and critical information, including contacts, emails, social media, financial accounts, medical information, and much more. Furthermore, these devices are often used to secure our accounts through two-factor authentication. Stealing or cloning someone's mobile phone can have dire consequences. Therefore, it's crucial that we protect it. Today, I'll speak with Habeeb Awan whose company Efani is dedicated to providing secure phones and cell service to its VIP clientele, and we'll get his insights into the security risks and mitigation techniques of the mobile world. Haseeb Awan built one of the first and largest bitcoin ATMs - Bitaccess - which has 8000+ locations in 15 countries. He is also the CEO of Efani, America's most secure and private cell phone service, which protects people against SIM Swaps, eavesdropping, and location tracking. Further Info Efani: https://www.efani.com/ My Startpage interview: https://www.startpage.com/privacy-please/privacy-advocate-articles/privacy-in-action-carey-parker-author-and-podcast-hostSubscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

One of my big goals for 2022 was to minimize my Google footprint. In the last news show, I covered Google Search, Chrome and Android. In today's show, I'll tackle two other big ones: Google's email (Gmail) and calendar (Gcal) services (and Google's contacts, for good measure). I actually replaced Gmail with two different services, because they each address two different needs I have. In others news: Microsoft finally disables Word and Excel macros by default for any file downloaded from the internet; the IRS backs off it's requirement for using facial recognition to authenticate to the IRS website; Missouri's prosecutor declines to prosecute the reporter who pointed out a state website which gave away social security numbers for some state employees; Kashmir Hill compares the relative privacy and tracking capabilities of AirTags, Tile and a cheap GPS tracker; two US senators are decrying a newly declassified report of a CIA program that surveils American citizens in bulk; a remote test proctoring company sinks to new lows; hundreds of Android apps were found to be tracking you using ultrasonic signals; and Google will be implementing a new privacy feature in Android that it claims is just as private as Apple's App Tracking Transparency, but will somehow preserve the ad-based web economy. Article Links Microsoft's Small Step to Disable Macros Is a Huge Win for Security https://www.wired.com/story/microsoft-disables-macros-default-security-phishing/ IRS To Ditch Biometric Requirement for Online Access https://krebsonsecurity.com/2022/02/irs-to-ditch-biometric-requirement-for-online-access/ Missouri prosecutor won't press charges against reporter who found flaw in state website https://www.kcur.org/politics-elections-and-government/2022-02-14/missouri-prosecutor-wont-press-charges-against-reporter-who-found-flaw-in-state-website New test shows AirTag’s safety precautions are far better than Tile, other GPS trackers https://9to5mac.com/2022/02/11/airtag-safety-vs-tile/ T2 Mac security vulnerability means passwords can now be cracked https://9to5mac.com/2022/02/17/t2-mac-security-vulnerability-passware/ Senators say CIA has been collecting data in bulk in secret program https://thehill.com/homenews/administration/593833-senators-say-cia-has-been-collecting-american-data-in-bulk-in-secret A Network of Fake Test Answer Sites Is Trying to Incriminate Students https://themarkup.org/machine-learning/2022/02/15/a-network-of-fake-test-answer-sites-is-trying-to-incriminate-students Hundreds of apps spying on users with ultrasonic tracking technology https://www.komando.com/gadgets/hundreds-of-apps-spying-on-users-with-ultrasonic-tracking-technology/402030/ Google's New Plan for Android Privacy Doesn't Sound All That Private https://gizmodo.com/google-android-privacy-sandbox-apple-ios-meta-1848547922?rev=1645048008531 De-Google My LIfe (part 2): https://firewallsdontstopdragons.com/de-google-my-life-part-2/  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

You may not know it, but our world has already been basically taken over by free and open source software, or FOSS - specifically, the Linux operating system. Just about every single electronic appliance or device today, from your smartphone to your smart toaster, is running some flavor of the Linux operating system. Furthermore, open source software projects are the bedrock of many for-profit software applications, operating systems, mobile apps and web apps. It's everywhere, and yet you probably know very little about it. Today, Sean O'Brien will give us a little FOSS history lesson, explain why supporting this movement is so important, and even tell us how we might replace some pricey and user-hostile popular software with top-notch free and open alternatives. Sean O’Brien is a lecturer in Cybersecurity at Yale Law School and Chief Security Officer at Panquake.com  He is a Visiting Fellow at the Information Society Project at Yale Law School, where he founded and leads the Privacy Lab initiative.  He has been involved in Free and Open-Source Software (FOSS) for approximately two decades, including volunteer work for the Free Software Foundation and FreedomBox Foundation. Show Links Panquake: https://panquake.com/ Yale Privacy Lab: https://privacylab.yale.edu/ It’s FOSS website: https://itsfoss.com/ Free Software Foundation: https://www.fsf.org/ Intro to Linux classes: https://itsfoss.com/free-linux-training-courses/ Windows Subsystem for Linux: https://docs.microsoft.com/en-us/windows/wsl/about System 76: https://system76.com/Purism: https://puri.sm/ Lineage OS: https://lineageos.org/Graphene OS: https://grapheneos.org/ Calyx OS: https://calyxos.org/ F-Droid: https://f-droid.org/ LibreOffice: https://www.libreoffice.org/ VLC Media Player: https://www.videolan.org/vlc/ Audacity audio editor: https://www.audacityteam.org/GIMP photo editor: https://www.gimp.org/ Inkscape illustrator: https://inkscape.org/ CryptPad: https://cryptpad.fr/  Further Info Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

One of my New Year's Resolutions for 2022 is to minimize my Google footprint. In reality, it's very difficulty to completely avoid Google products, if you include things like Google Analytics, Google's cloud computing, and other services that we may not directly choose. But thankfully, there are many excellent, privacy-respecting alternatives to Google's more well-known products and services. In today's show, I'll start with some of the most basic ones: Google Search, Google Chrome browser, and Android. In other news: Google beats Apple to offering a way to disable insecure 2G cellular connections; people are selling "silent" AirTags that won't beep to let you know they're near (which could be better for stalking people); Facebook reported its first ever loss in subscribers along with a $10 billion loss due to people opting out of ad tracking; privacy advocates scored a huge win in the European Union against advertisers collecting and sharing your data; the IRS may be rethinking its coming requirement for facial recognition-based authentication after pushback; the FBI admits to evaluating NSO Group's nasty Pegasus cell phone spyware; Kaspersky finds several serious vulnerabilities in wearable medical devices; and Google has abandoned its FLoC web tracking system for a much more privacy-respecting version called Topics. Article Links EFF praises Android’s new 2G kill switch, wants Apple to follow suit https://arstechnica.com/gadgets/2022/01/eff-praises-androids-new-2g-kill-switch-wants-apple-to-follow-suit/Sale of 'Silent AirTags' on eBay and Etsy Raises Privacy Concerns https://www.macrumors.com/2022/02/03/silent-airtags-privacy-concerns/Facebook lost daily users for the first time ever last quarter https://www.theverge.com/2022/2/2/22914970/facebook-app-loses-daily-users-first-time-earnings A Change by Apple Is Tormenting Internet Companies, Especially Meta https://www.nytimes.com/2022/02/03/technology/apple-privacy-changes-meta.html Regulators find Europe’s ad-tech industry acted unlawfully https://www.engadget.com/european-union-gdpr-ad-tech-unlawful-iccl-iab-europe-125735068.htmlTreasury Weighing Alternatives to ID.me Over Privacy Concerns https://www.bloomberg.com/news/articles/2022-01-28/treasury-weighing-id-me-alternatives-over-privacy-concerns FBI acknowledges it tested NSO Group’s spyware https://www.washingtonpost.com/technology/2022/02/02/pegasus-fbi-nso-test/ Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft https://threatpost.com/unpatched-security-bugs-medical-wearables-patient-tracking-data-theft/178150/ Google abandons FLoC, introduces Topics API to replace tracking cookies https://www.theverge.com/2022/1/25/22900567/google-floc-abandon-topics-api-cookies-tracking De-Google My Life, Part 1: https://firewallsdontstopdragons.com/de-google-my-life-part-1/Apple’s new Personal Safety User Guide: https://support.apple.com/guide/personal-safety/welcome/web  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

We tell our search engines a lot of very personal things. They arguably know more about us than our best friends and significant others do. A history of your search terms can reveal so much about you, especially when viewed over the course of days, months and even years. And unfortunately, companies like Google use this privileged position to better target us with advertisements. This may seem innocuous, today's guest, Kelly Finnerty, will explain how this data collection can lead to some truly creepy outcomes and even emotional harm. But it doesn't have to be that way. There are search engines and other tools that don't track your history and sell you out. And there is hope for a brighter, privacy-respecting future. Kelly Finnerty is the director of brand for Startpage, a global privacy technology company that provides search and browsing products that protect people's personal data. Kelly is a #techforgood advocate that believes privacy is a worldwide human right. Episode Links Startpage browser extension: https://add.startpage.com/protection/ What does your search engine know about you? https://www.startpage.com/privacy-please/startpage-articles/what-does-your-search-engine-know-about-you Startpage data flow: https://support.startpage.com/index.php?/en/Knowledgebase/Article/View/1276/0/how-startpage-processes-and-protects-your-dataInterview with System1 CEO: https://thinkprivacy.ch/system1-interview/ Terms of Service; Didn’t Read: https://tosdr.org/ EFF’s Surveillance Self Defense: https://ssd.eff.org/  Further Info Annual listener survey: https://bit.ly/Firewalls-survey-2022Carey’s 2022 Privacy Blog: https://firewallsdontstopdragons.com/data-privacy-week-2022/ Carey’s Privacy Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/ Data Privacy Week: https://staysafeonline.org/data-privacy-week/Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

Personal data privacy isn't going to just happen on its own. We have to somehow collectively construct it. But how? Will it require regulation or can consumers drive change by consciously choosing privacy-respecting products and services? When it comes to regulations, why are things so different in the European Union versus the US and other global markets? What do privacy teams look like in modern corporations and how should they function? I'll pose these and many other questions to my guest, Whitney Merrill, who brings unique experience on privacy from both the private sector and the federal government. Whitney Merrill is a data protection officer, privacy attorney, hacker, and the co-founder of the Crypto & Privacy Village. She loves privacy and is glad the world is getting excited about it, too. Podcast Links Carey’s 2022 Privacy Blog: https://firewallsdontstopdragons.com/data-privacy-week-2022/ Carey’s Privacy Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/ Data Privacy Week: https://staysafeonline.org/data-privacy-week/FTC Privacy & Security: https://www.ftc.gov/tips-advice/business-center/privacy-and-security EFF Surveillance Self Defense Guide: https://ssd.eff.org/ACLU Privacy & Technology: https://www.aclu.org/issues/privacy-technology IAPP Resources: https://iapp.org/resources/ European Data Protection Board: https://edpb.europa.eu/edpb_en Data Protocol: https://dataprotocol.com/ The Gamification of Everything: https://lifehacker.com/how-gamification-of-everything-is-manipulating-you-and-1848352808  Further Info Annual listener survey: https://bit.ly/Firewalls-survey-2022Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

Of course, every week should be "data privacy week", but we do set aside a specific time each year to focus on privacy - particularly educating as many people as possible about it. Until this year, we only dedicated one day for this - but as of 2022, it's been promoted to an entire week! Data Privacy Week runs from January 24-28, so today I'm going to prep you for it with several of my top privacy protection tips! In the news: the FBI uses foreign intelligence services to sidestep US surveillance restrictions; Russia takes down the REvil ransomware outfit as the United State's request; Google gives Android users the ability to disable insecure 2G cell connections; Subaru is sued in Illinois for capturing driver's biometric information with consent; lawmakers propose legislation to simplify and standardize terms of services agreements; and the Ponemon Institute releases the results of a recent poll on what people worry about with relation to privacy and what they feel should be done about it. Article Links Using Foreign Nationals to Bypass US Surveillance Restrictions https://www.schneier.com/blog/archives/2022/01/using-foreign-nationals-to-bypass-us-surveillance-restrictions.html Russia’s FSB says it has taken down REvil hacker group at US request https://www.theverge.com/2022/1/14/22883675/russia-fsb-revil-hacker-group-ransomware-us-request-fbi-doj VICTORY: Google Releases “disable 2g” Feature for New Android Smartphones https://www.eff.org/deeplinks/2022/01/victory-google-releases-disable-2g-feature-new-android-smartphones Class action: Subaru DriverFocus system improperly scans driver's faces, eyes https://cookcountyrecord.com/stories/613746211-class-action-subaru-driverfocus-system-improperly-scans-driver-s-faces-eyes Lawmakers Come After Companies’ Terms of Service With New TLDR Bill https://www.gizmodo.com.au/2022/01/lawmakers-come-after-companies-terms-of-service-with-new-tldr-bill/ New Ponemon Institute Report Indicates Major Consumer Privacy Gap https://www.cpomagazine.com/data-privacy/new-ponemon-institute-report-indicates-major-consumer-privacy-gap/  Further Info Data Privacy Week: https://staysafeonline.org/data-privacy-week/about-dpw/ My Data Privacy checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/ DNA service impacts: https://thenib.com/its-all-relatives/ Annual listener survey: https://bit.ly/Firewalls-survey-2022Hunting for Stingrays podcast: https://podcast.firewallsdontstopdragons.com/2021/04/19/hunting-for-stingrays-part-1/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

It's the start of a brand new calendar year! And therefore it's time to engage in that annual ritual of planning to do better this year by making our list of New Year's Resolutions. To help you with the cybersecurity and privacy items on your list (an area where we all need major improvement), I will share with you my personal list of cyber goals for 2022. Yes, even security advocates can suffer from the "do as I say, not as I do" syndrome. We're all human, and there are plenty of things that I still need to get done - things that you probably need to do, too. I'll also catch you up on the latest security and privacy news: several articles popped up about a supposed data breach at LastPass that turned out to be incorrect; the US Federal Trade Commission is getting very serious about fining companies with lax cybersecurity practices in light of the Log4J/Log4Shell nightmare; clever scammers in Texas are tricking motorists into paying the wrong people for parking; Norton 360 and other antivirus software packages have started pre-installing cryptocurrency mining software on their customers' computers; TurboTax is the second major tax-filing software service to drop out of the federal Free File program; Google's adoption of the Manifest V3 specification gives users yet another reason not to use their Chrome browser; and a lawsuit in California alleges that Google's exclusive search engine deal with Apple is stifling competition and harming consumers. Article Links LastPass says there’s no data breach, so your passwords were not hacked https://bgr.com/tech/lastpass-says-theres-no-data-breach-so-your-passwords-were-not-hacked/?bgr-partner=flipboard FTC to Go After Companies that Ignore Log4j https://threatpost.com/ftc-pursue-companies-log4j/177368/ QR code scammers hitting on-street parking in Texas cities https://www.click2houston.com/news/local/2022/01/05/qr-code-scammers-hitting-on-street-parking-in-texas-cities-this-is-what-houston-officials-want-you-to-know/ Norton 360 Now Comes With a Cryptominer https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ 500M Avira Antivirus Users Introduced to Cryptomining https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/ Want to file your tax return for free? TurboTax opts out of major program https://www.freep.com/story/money/personal-finance/susan-tompor/2022/01/05/how-file-your-tax-return-free-turbotax/9077019002/ Podcast on Free File report from Pro Publica: https://podcast.firewallsdontstopdragons.com/2020/01/13/why-free-file-isnt-free/ Google makes the perfect case for why you shouldn't use Chrome https://www.techrepublic.com/article/google-makes-the-perfect-case-for-why-you-shouldnt-use-chrome/ Google Basically Pays Apple to Stay Out of the Search Engine Business, Class Action Lawsuit Alleges https://www.macrumors.com/2022/01/05/google-pays-apple-stay-out-of-search/ Betty White on MFA: https://www.youtube.com/watch?v=DmIDtDAYTPA  Further Info Annual listener survey: https://bit.ly/Firewalls-survey-2022Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/or privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/