Firewalls Don't Stop Dragons Podcast

We take that little box that connects our home to the internet for granted. But in reality, it’s often the only thing hiding our computers and vulnerable IoT devices from automated, remote attacks. This “internet background radiation” is ever present – a massive network of malicious or compromised devices, constantly scanning the internet for exposed and ill-protected systems. Today, we’ll discuss routers, firewalls and other common aspects of home network security with the CEO of CrowdSec. He’ll also explain how we can enable these devices to share information in a sort of global neighborhood watch program, distributing information about bad actors to better protect us all. Philippe Humeau graduated as an IT security engineer in 1999 in Cyber security. He then created his first company, dedicated to red team penetration testing and high-security hosting. After selling his first company, his eternal crushes for Cybersecurity led him to create CrowdSec in 2020. This open-source editor creates a participative IPS which generates a global, crowd-powered CTI. Further Info CrowdSec: https://crowdsec.net/  CrowdSec code repository: https://github.com/crowdsecurity/crowdsec  Lulu reverse firewall: https://objective-see.org/products/lulu.html  Donate directly with Monero! https://firewallsdontstopdragons.com/contact/  Amulet of Entropy!!:https://amuletofentropy.com/  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:46: Update on Firefox Total Cookie Protection 0:03:50: DEF CON coming soon 0:04:47: Interview start 0:06:49: What does a firewall do? 0:10:18: Should I enable the firewall on my computer, too? 0:14:18: What is Universal Plug and Play (uPnP?) 0:16:04: What is Network Address Translation (NAT)? 0:20:16: Hacker vs Cybercriminal? 0:21:17: Internet Background Radiation 0:26:19: Creating network silos 0:29:28: Attacks from within 0:32:15: Botnets and DDoS attacks 0:35:37: What are the biggest network threats today? 0:40:16: Who are the main threat actors? 0:45:09: How does Crowdsec work? 0:49:36: How quickly do agents share info? 0:51:37: How does Crowdsec make money? 0:53:03: Can you use Crowdsec on home routers? 0:55:28: Are things getting better or worse? 0:57:43: Top security tips? 1:01:45: How do you poke a hole in a firewall? 1:04:01: Setting up guest network 1:07:48: Reverse firewalls 1:09:07: Final word

This week we’ll talk about three significant new data breaches. Each of these data leaks are important in different ways, but the trend is clear: data wants to be free. First of all, we need to stop collecting so damn much of it. But second, we need to make it more expensive for data-collectors who are criminally negligent with the protection of our data. Right now, it’s cheaper to let it escape than to spend time, effort and money to protect it. (In my Tip of the Week, I’ll tell you about a great free tool that will let you protect your own data.) In other news: Google patches some serious zero-day Chrome bugs and I’ll explain how they work; personal data for many California gun owners was leaked; Marriott suffered yet another customer data breach; personal data on over 1 billion people in China is up for sale; Crypto exchange Coinbase is sharing info with US immigration enforcers; a sophisticated malware named ZouRAT is infecting SOHO routers; a new Windows worm appears to be coming from infected USB devices; a free decryptor has been released for AstraLocker and Yashma ransomware; Apple’s new Lockdown mode shows real promise; and the US Immigration and Customs Enforcement agency has become a full-tilt mass surveillance organization. Article Links [Naked Security] Google patches “in-the-wild” Chrome zero-day – update now! https://nakedsecurity.sophos.com/2022/07/05/google-patches-in-the-wild-chrome-zero-day-update-now/ [Gizmodo] California Gun Owners Had Lots of Their Data Exposed by the State Government https://gizmodo.com/california-gun-owners-data-exposed-state-justice-dept-1849124116 [TechCrunch] Hotel giant Marriott confirms yet another data breach https://techcrunch.com/2022/07/06/marriott-breach-again/ [ZDNet] Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web https://www.zdnet.com/article/giant-data-breach-leaked-personal-data-of-one-billion-people-has-been-spotted-for-sale-on-the-dark-web/ [The Intercept] Cryptocurrency Titan Coinbase Providing “Geo Tracking Data” to ICE https://theintercept.com/2022/06/29/crypto-coinbase-tracer-ice/ [Ars Technica] A wide range of routers are under attack by new, unusually sophisticated malware https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/ [PCM] Hundreds of Windows Networks Are Infected With Raspberry Robin Worm https://www.pcmag.com/news/hundreds-of-windows-networks-are-infected-with-raspberry-robin-worm [BleepingComputer] Free decryptor released for AstraLocker, Yashma ransomware victims https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-astralocker-yashma-ransomware-victims/ [9to5mac.com] Firefox now lets users remove tracking parameters from URLs to enhance privacy https://9to5mac.com/2022/06/29/tracking-parameters-urls-firefox/ [Ars Technica] Why Lockdown mode from Apple is one of the coolest security ideas ever https://arstechnica.com/information-technology/2022/07/introducing-lockdown-from-apple-the-coolest-defense-youll-probably-never-use/ Data-Driven Deportation in the 21st Century https://americandragnet.org/ Tip of the Week: https://firewallsdontstopdragons.com/creating-a-file-vault-with-cryptomator/ Further Info Cryptomator: https://cryptomator.org/  Donate directly with Monero! https://firewallsdontstopdragons.com/contact/  Seth interview on cryptocurrency: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/   Amulet of Entropy!!:https://amuletofentropy.com/  No More Ransom. A non-profit devoted to helping break ransomware crypto so that victims don’t have to pay. ID Ransomware. A tool for identifying which ransomware you’ve been infected with and then guiding you to other resources for help. Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:19: website facelift 0:01:35: Added Monero “tip jar” support option 0:02:02: Amulet of Entropy update 0:02:38: News overview 0:04:24: Chrome 0-day bugs with explanation 0:12:27: California gun owner info leaked 0:15:23: Another Marriott data breach 0:17:36: Personal data of 1 Billion people leaked 0:20:13: Coinbase providing info to ICE 0:25:28: Routers under attack by ZouRAT 0:31:06: New Windows network worm 0:34:23: Free decryptor for AstraLock ransomware 0:37:50: Firefox removes tracking parameters 0:40:04: Apple’s new Lockdown mode 0:45:19: Data Driven Deportation 0:48:39: Tip of the Week 0:54:19: Outro 0:54:38: How to donate Monero 0:56:16: podcast review 0:57:24: Previews

While many of us prefer order in our lives, at least most of the time, we sometimes need a little chaos. Specifically, we need a source of true randomness in order to properly drive many of our cryptographic systems – to secure our digital communications, for example. And while computers are very good at doing what we tell them to do, they suck at being unpredictable. Therefore we have to find other ways to inject a little chaos. Today I will discuss these concepts with Joe Long, founder and CEO of HackerBoxes.com. Along the way, we’ll share stories of hardware hacking and our love of electronics tinkering. And then we’ll reveal a totally geeky project we’ve been working on together for many months now that we dubbed the Amulet of Entropy! Joe Long is a professional engineer, patent attorney, and hardware hacker.  He has decades of expertise in electronics which he has taught to over a million students around the world.  Joe is the founder of HackerBoxes – a company that provides kits, workshops, and monthly subscription boxes for building and learning electronics. Further Info Amulet of Entropy!!: https://amuletofentropy.com/ HackerBox #0080: https://hackerboxes.com/products/hackerbox-0080-entropy  Amulet GitHub repo: https://github.com/FirewallDragon/amulet-of-entropy HackerBoxes: https://hackerboxes.com/  Forrest Mims electronics books: https://www.forrestmims.com/  Humble Bundle electronics books: https://www.humblebundle.com/books/boards-coding-make-co-books  HackADay: https://hackaday.com/ DEF CON 30: https://defcon.org/html/defcon-30/dc-30-index.html  Firewalls Don’t Stop Dragons book: https://www.amazon.com/gp/product/1484261887  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:23: Start of interview 0:05:42: What is a hardware hacker? 0:09:09: What got you into electronics? 0:14:49: What do you need to get into electronics? 0:21:46: What is entropy? 0:24:36: Where do we find entropy in everyday life? 0:28:18: Why is entropy important for cryptography? 0:30:58: Why do computers suck at randomness? 0:35:18: So how do we find true random values? 0:38:42: What happens randomness fails? 0:41:17: How we use patterns to efficiently encode things 0:46:44: The Amulet of Entropy! 0:51:53: Designing the project 0:55:33: Fun uses of entropy 0:56:41: How do I get one?? 0:57:53: Outro 1:01:06: DEF CON 30 talk 1:01:45: Electronics resources for newbies

Firefox officially rolled out its Total Cookie Protection feature last week, which is a clever and elegant solution for blocking tracking using third party cookies. Unfortunately… it doesn’t seem to be working for me when I tested it. There are at least a couple reasons for why this might be, and a workaround, both of which I will discuss in today’s Tip of the Week. Also: A drunk employee lost a flash drive with half a million customer’s data in Japan; a TikTok leak appears to show that even with US user data being “moved” to US soil, engineers in China can still access it; a new voicemail scam tries to trick you into giving up your Microsoft account credentials; MEGA fixes several flaws which might allow a rogue employee to view your data; 56 security flaws in industrial systems could impact thousands of devices around the world; Google Password Manager now allows for client-side encryption; Microsoft’s Defender is now available for non-Windows devices (for a fee); T-Mobile is the latest to use its privileged position to hoover up and sell customer data; spyware companies are proliferating; Facebook is receiving sensitive medical info from it’s Meta Pixel; and vacation rentals are sadly great places for spycams, and I’ll help you try to spot them. Article Links [The Guardian] Japanese city worker loses USB containing personal details of every resident https://www.theguardian.com/world/2022/jun/24/japanese-city-worker-loses-usb-containing-personal-details-of-every-resident [Gizmodo] TikTok Leak Alleges User Data Isn’t Private: ‘Everything Is Seen in China’ https://gizmodo.com/tiktok-china-oracle-bytedance-1849078477 [Threatpost] Voicemail Scam Steals Microsoft Credentials https://threatpost.com/voicemail-phishing-scam-steals-microsoft-credentials/180005/ [BleepingComputer] MEGA fixes critical flaws that allowed the decryption of user data https://www.bleepingcomputer.com/news/security/mega-fixes-critical-flaws-that-allowed-the-decryption-of-user-data/ [BleepingComputer] Icefall: 56 flaws impact thousands of exposed industrial devices https://www.bleepingcomputer.com/news/security/icefall-56-flaws-impact-thousands-of-exposed-industrial-devices/ [9to5Google] Google Password Manager starts offering on-device encryption on Android, iOS, and Chrome https://9to5google.com/2022/06/21/google-password-on-device-encryption/ [PCM] WTF? Do I Have to Pay for Microsoft’s Defender Antivirus Now? https://www.pcmag.com/news/wtf-do-i-have-to-pay-for-microsofts-defender-antivirus-now [The Verge] T-Mobile is selling your app usage data to advertisers — here’s how to opt out https://www.theverge.com/2022/6/24/23181851/t-mobile-browsing-data-app-insights-marketing-opt-out [WIRED] Google Warns of New Spyware Targeting iOS and Android Users https://www.wired.com/story/hermit-spyware-rcs-labs/ [The Markup] Facebook Is Receiving Sensitive Medical Information from Hospital Websites – The Markup https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites [USA TODAY] How to spot hidden surveillance cameras in your Airbnb, VRBO, or vacation rentals https://www.usatoday.com/story/tech/columnist/komando/2022/06/23/how-check-hidden-cameras-airbnb-vrbo-vacation-rentals/7652726001/ Further Info Tip of the Week: Total Cookie Protection? https://firewallsdontstopdragons.com/total-cookie-protection/ Cookie Forensics Test: https://www.grc.com/cookies/forensics.htm  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:17: News topic summary 0:04:47: Drunk worker loses customer data 0:08:00: TikTok phone call leak 0:12:04: Microsoft voicemail scam 0:16:23: MEGA fixes critical encryption flaws 0:21:28: Icefall vulnerabilities 0:27:15: Google Password Manager on-device encryption 0:29:58: MIcrosoft Defender for Individuals 0:34:25: T-Mobile tracks and sells app usage data 0:37:10: Spyware industry is rampant 0:41:14: Facebook getting sensitive medical information 0:46:21: How to spot hidden spy cameras in vacation rentals 0:55:16: Tip of the Week: Total Cookie Protection 1:01:33: 2022 Mid-year goals update 1:03:06: Preview of upcoming shows 1:04:00: Dragon coins will start shipping!

Everyone hates dealing with passwords, and yet they’ve been the de facto standard of computer authentication for decades. But there’s light at the end of this long tunnel. There is a passwordless future where we can log in to our accounts using just our smartphones. In this future, it won’t matter if websites are breached because there will be no password databases to steal. Even phishing will be a thing of the past. And thankfully, that future isn’t far away. Today I’ll discuss where we are, how we got here, and where we’re going with Yubico’s Derek Hanson. Derek Hanson has been involved in the identity and security industry for over ten years.  He has been building networks and deploying computer systems since the mid-90s and now is an advocate for how you can best protect them. And he is now the VP of Solutions Architecture and Alliances at Yubico. Further Info Yubico/YubiKey: https://www.yubico.com/  NIST password guidelines: https://www.infosecurity-magazine.com/blogs/nist-password-guidelines/  OPM fingerprint database hack: https://www.wired.com/2015/09/opm-now-admits-5-6m-feds-fingerprints-stolen-hackers/  WebAuthn: https://webauthn.guide/  FIDO: https://fidoalliance.org/  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ Table of Contents (new!) Use these timestamps to jump to a particular section of the show. 0:01:01: Welcome new patrons! 0:01:41: New table of contents 0:03:40: Update Windows ASAP 0:04:03: Pre-interview notes 0:04:34: Interview start 0:06:21: Why do we still use passwords? 0:11:26: Why don’t more people use password managers? 0:15:25: NIST updates password recommendations 0:17:50: Should we use biometrics for authentication? 0:23:40: How do passwordless systems compare to what we have now? 0:29:00: How does authentication work in a passwordless system? 0:32:50: Have we settled on a single passwordless standard? 0:37:24: How well is this new standard supported? 0:40:41: How do I use this passwordless technology? 0:43:00: How soon will we see passwordless logins? 0:46:22: Which 2FA system is best and will we still need this going forward? 0:51:33: What current technologies are best for securing our accounts? 0:55:18: How do hardware keys work? 1:00:42: OPM fingerprint hack 1:01:48: Bonus content preview 1:02:02: Upcoming shows

I preach about using password managers constantly – because they really are a fantastic tool for increasing your security. Humans suck at creating memorable passwords that are not also easy to guess. But the idea of putting all your juicy secrets into a digital vault that is controlled by a third party and synchronizing through the cloud may not sit well with you. And I totally get that. It’s a very valid concern. But what if there were a way to have your cake and eat it, too? (I never understood that expression… what good is having cake if you can’t eat it, right?) I’ll explain a simple technique using cryptographic “pepper” that will allow you to use a password manager, even if you don’t trust it. In other news: US water utilities are woefully unprepared for cyberattacks; paper ballots are essential for secure elections, but not sufficient; PDFs are being used to cleverly hide keylogging malware; Chinese hackers have infiltrated many global telecom companies for years; Australia’s new “secure” digital driver’s license is anything but; the FBI manages to recover half of the Colonial Pipeline ransom; a new facial search engine is on the scene, with even less protections than Clearview AI; and the Tim Horton’s app stole a heck of a lot of user location data from its customers. Article Links U.S. Water Utilities Prime Cyberattack Target, Experts | Threatpost https://threatpost.com/water-cyberattack-target/179935/ Do Ballot Barcodes Threaten Election Security? https://cdt.org/insights/do-ballot-barcodes-threaten-election-security/ [BleepingComputer] PDF smuggles Microsoft Word doc to drop Snake Keylogger malware https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/ [MIT Technology Review] Chinese hackers exploited years-old software flaws to break into telecom giants https://www.technologyreview.com/2022/06/08/1053375/chinese-hackers-exploited-years-old-software-flaws-to-break-into-telecom-giants/ [Ars Technica] “Tough to forge” digital driver’s license is… easy to forge https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/ FBI Recovers $2.3 Million of Colonial Pipeline Ransomware Payment; Some Que https://www.cpomagazine.com/cyber-security/fbi-recovers-2-3-million-of-colonial-pipeline-ransomware-payment-some-questions-about-the-attack-answered/ [The Mercury News] A face search engine anyone can use is alarmingly accurate https://www.mercurynews.com/2022/05/28/a-face-search-engine-anyone-can-use-is-alarmingly-accurate-2 [CTV News] Tim Hortons app collected vast amounts of sensitive data: privacy watchdogs https://www.ctvnews.ca/business/tim-hortons-app-collected-vast-amounts-of-sensitive-data-privacy-watchdogs-1.5927716 Pepper Your Passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/  Further Info Only FIVE DAYS LEFT to get your dragon coin! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/  Techlore interview: https://youtu.be/-GubGbuWBfk  Exploits of a Mom (XKCD “Bobby Tables” cartoon): https://xkcd.com/327/ Bobby Tables explanation: https://www.explainxkcd.com/wiki/index.php/Little_Bobby_Tables  Generate secure passphrases! https://d20key.com/#/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker

Everyone has heard of Bitcoin, but almost no one understands what the heck is actually is. Today I’m interviewing Seth from Seth for Privacy who knows cryptocurrency backwards and forwards. Seth is also a privacy advocate who understands the broader implications of digital currency. I’ll ask him to explain how cryptocurrency works, what the blockchain is, how crypto mining affects our environment, whether cryptocurrency is truly anonymous, and how cryptocurrency has any value whatsoever – and much more! Seth is a privacy educator, Monero contributor, and host of the Opt Out podcast. Further Info Opt Out podcast, https://optoutpod.com Seth’s bio: https://sethforprivacy.com/about/  Seth’s Twitter feed: https://twitter.com/sethforprivacy  Why Cryptocurrencies? https://whycryptocurrencies.com/toc.html  Local Monero: https://localmonero.co/  Cryptocurrency ATMs: https://coinatmradar.com/  Bitcoin energy consumption: https://niccarter.info/topics/#energy  Was Bitcoin Created by This International Drug Dealer? https://www.wired.com/story/was-bitcoin-created-by-this-international-drug-dealer-maybe/  XKCD comic – $5 wrench: https://xkcd.com/538/  Byzantine Generals Problem: https://en.wikipedia.org/wiki/Byzantine_fault  Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site https://www.wired.com/story/tracers-in-the-dark-welcome-to-video-crypto-anonymity-myth/  Hot Wallets vs Cold Wallets: https://appleinsider.com/articles/22/06/04/crypto-101-the-difference-between-hot-and-cold-wallets  Microsoft unpatched vulnerability: https://www.kaspersky.com/blog/follina-cve-2022-30190-msdt/44461/  Dragon Coins & Passphrases Get your Dragon Challenge Coin!! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/  Generate secure passphrases! https://d20key.com/#/

Modern smartphones have a potentially life-saving feature called “SOS” or “Emergency” mode that can give first responders critical medical information and automatically dial your country’s emergency phone number. It can report your location and even notify selected contacts. In today’s show, I’ll share a story from one woman who believes this mode saved her life. It’s easy to use and set up, but it won’t do you any good if you don’t know about it. I’ll tell you everything you need to know. In other news: Clearview AI is looking to expand its services to schools, banks and other institutions that wish to authenticate people; MasterCard is launching a new facial recognition system that will allow users to pay “with a smile”; the US Department of Justice has finally issued long-overdue guidance on common sense limitations for prosecuting security researchers and regular people who might run afoul of the tragically over-broad Computer Fraud and Abuse Act (CFAA); Twitter has been fined and Google has been sued for abusing customer data; local governments forced children to use EdTech software that surreptitiously harvested their data and fed them behavior-based ads; DuckDuckGo is in damage control over reports that it isn’t blocking some Microsoft web tracking due to an agreement which they legally can’t discuss; there’s a new Wells Fargo phishing campaign going around which seeks to gather tons of data that would easily enable identity thefts; and a security researcher has found a bug with the OAuth single-sign on functionality used by Facebook. Article Links [Gizmodo] Clearview AI Says It’s Bringing Facial Recognition to Schools https://gizmodo.com/clearview-ai-facial-recognition-privacy-1848975528 [The Guardian] Mastercard launches ‘smile to pay’ system amid privacy concerns https://www.theguardian.com/technology/2022/may/17/mastercard-launches-smile-to-pay-amid-privacy-concerns [The Verge] Justice Department pledges not to charge security researchers with hacking crimes https://www.theverge.com/2022/5/19/23130910/justice-department-cfaa-hacking-law-guideline-limits-security-research [NPR] Twitter agrees to pay $150 million after FTC, DOJ accuse company of mishandling data https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc [None] Governments Harm Children’s Rights in Online Learning https://www.hrw.org/news/2022/05/25/governments-harm-childrens-rights-online-learning [Review Geek] DuckDuckGo Isn’t as Private as You Thought https://www.reviewgeek.com/118915/duckduckgo-isnt-as-private-as-you-thought/ [Sky] Google sued for using the NHS data of 1.6 million Brits ‘without their knowledge or consent’ https://news.sky.com/story/google-sued-for-using-the-nhs-data-of-1-6-million-brits-without-their-knowledge-or-consent-12614525 [None] Bank phishing and identity theft https://usa.kaspersky.com/blog/wells-fargo-phishing-identity-theft/26473/ [Forbes] Security Warning For Facebook Users Who Login With Gmail OAuth Code https://www.forbes.com/sites/gordonkelly/2022/05/21/google-gmail-security-facebook-oauth-login-warning/ [9to5mac.com] iPhone SOS credited with saving woman during assault attempt – Here’s how to set it up https://9to5mac.com/2022/05/24/iphone-sos-how-to-set-it-up/ Set up Emergency mode, Apple iPhone: https://support.apple.com/en-us/HT208076 Set up Emergency mode, Google Pixel: https://support.google.com/pixelphone/answer/7055029 Set up Emergency mode, Samsung Galaxy: https://www.samsung.com/us/support/answer/ANS00050849/  Further Info Get your Dragon Challenge Coin!! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/  Generate secure passphrases! https://d20key.com/#/ Amulet of Entropy teaser #2: https://twitter.com/HackerBoxes/status/1530341605567242240?s=20&t=OWW931j-mZk8cMRc6yp9bA  Stop Using “Sign in with”: https://firewallsdontstopdragons.com/stop-using-sign-in-with/  EFF on facial recognition technology: ​​https://www.eff.org/deeplinks/2021/10/face-recognition-isnt-just-face-identification-and-verification  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/

There’s a lot we can glean from history but sometimes it’s not as obvious as you might think. For example, did you know that until the mid-1800’s, most of Americans hated tomatoes and that ketchup was originally made from mushrooms? The story behind how Americans came to love tomatoes is quite fascinating, but what is perhaps most interesting is the way our guest applies this knowledge to the realm of cybersecurity. Today we will also learn how one of the most powerful cryptographic techniques to this day originated in the time of the telegraph. Along the way, we’ll discuss how humans choose their passwords, how they should be creating passwords, and how often we should be changing our passwords. Anthony Collette is a Senior Consent Form Editor at the largest Institutional Review Board (IRB) in the United States. This regulatory agency has reviewed over 1,000 COVID-19 research studies, conducted at more than 12,000 locations. Mr. Collette analyzes complex medical documents, synthesizes the central concepts, and translates technical jargon into relatable language directed to the non-technical research participant. These skills transfer perfectly to the task of analyzing and understanding the conflicting and often outdated advice given about passwords, stripping away what’s unnecessary, and getting down to the actionable core of the issues. Interview Links Anthony Collette: https://www.linkedin.com/in/tonycollette/  Loistava Information Security website: www.LositavaInfoSecurity.com CASTALOT™ Dice Landing Page: https://www.castalotdice.com?utm_source=dragons1  CASTALOT™ Dice Facebook VIP Group: https://www.facebook.com/groups/1317312032055849 The History of Tomatoes in America: https://www.amazon.com/Tomato-America-History-Culture-Cookery/dp/1570030006/  NY Times, Secret Life of Passwords: https://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html  A Look at Telegraph Codes (Steven Bellovin): https://www.cs.columbia.edu/~smb/papers/codebooks.pdf  DFLEKT Keyless Entry Protection: https://www.duku.co.uk/dflekt Further Info Get your Dragon Challenge Coin!! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/  Generate secure passphrases! https://d20key.com/#/  Amulet of Entropy teaser: https://twitter.com/HackerBoxes/status/1523318662807298051?s=20&t=dwQFy7ieRMGjRCqgAR7btQ

When we surf the web today – on our computers or smartphones – we are mercilessly tracked. Marketing firms and data brokers are hoovering up ungodly amounts of our personal data, selling it, trading it and mining it to derive even more about us. Many offer some way to limit or stop this wanton data collection, but good luck figuring out how – let alone even knowing who to ask. Wouldn’t it be nice if you could just click one button and tell everyone to leave you alone? Of course, we tried this a decade ago with Do Not Track, but there were no regulations in place to require companies to respect it. While we have a long way to go, some regions do now have privacy laws – and now we have a new way to invoke our privacy rights: Global Privacy Control. Today, I’ll tell you how to enable this on your devices and tell data miners to get lost. In other news: Clearview AI has been forced to cut back on its creepy facial recognition software; the EU is proposing dangerous new surveillance requirements in the name of child safety; if you have an HP computer, you need to check for BIOS software updates ASAP; automated vehicles are outfitted with tons of video cameras, and law enforcement have been using this data for investigations; thousands of popular websites are saving data from online forms even if you don’t click ‘submit’; the CDC has been buying cell phone location data to track compliance with covid curfews and more; data from period-tracking apps may soon be used against people seeking abortions if Roe v. Wade is struck down in the US; Facebook is ending some location-based services (though still collecting your location data); Chinese hackers have stolen hundreds of billions of dollars in intellectual property, including military, manufacturing and pharmaceutical info; and mental health apps aren’t taking proper care of your very personal data. Article Links [Engadget] Clearview AI agrees to limit sales of facial recognition data in the US https://www.engadget.com/clearview-ai-agrees-to-limit-sales-of-facial-recognition-data-in-the-us-173357030.html [Electronic Frontier Foundation] The EU Commission’s New Proposal Would Undermine Encryption And Scan Our Messages https://www.eff.org/deeplinks/2022/05/eu-commissions-new-proposal-would-undermine-encryption-and-scan-our-messages [TechSpot] HP pushes out BIOS update addressing high-severity vulnerabilities affecting 200+ models https://www.techspot.com/news/94561-hp-pushes-out-bios-update-addressing-high-severity.html [VICE] San Francisco Police Are Using Driverless Cars As Mobile Surveillance Cameras https://www.vice.com/en/article/v7dw8x/san-francisco-police-are-using-driverless-cars-as-mobile-surveillance-cameras [WIRED] Thousands of Popular Websites See What You Type—Before You Hit Submit https://www.wired.com/story/leaky-forms-keyloggers-meta-tiktok-pixel-study/ [None] CDC tracked Americans’ phones to see if they followed COVID-19 lockdowns https://www.mlive.com/news/2022/05/cdc-tracked-americans-phones-to-see-if-they-followed-covid-19-lockdowns.html [VICE] Data Broker SafeGraph Stops Selling Location Data of People Who Visit Planned Parenthood https://www.vice.com/en/article/88gyn5/data-broker-safegraph-stops-selling-location-data-of-people-who-visit-planned-parenthood [NPR] How period tracking apps and data privacy fit into a post-Roe v. Wade climate https://www.npr.org/2022/05/10/1097482967/roe-v-wade-supreme-court-abortion-period-apps [9to5mac.com] Facebook to discontinue Nearby Friends and other location-based features https://9to5mac.com/2022/05/05/facebook-to-discontinue-nearby-friends-and-other-location-based-features/ [CBS News] Chinese hackers took trillions in intellectual property from about 30 multinational companies https://www.cbsnews.com/news/chinese-hackers-took-trillions-in-intellectual-property-from-about-30-multinational-companies/ [The Verge] Mental health apps have terrible privacy protections, report finds https://www.theverge.com/2022/5/2/23045250/mozilla-mental-health-app-privacy-analysis Further Info HP Software Updates: https://support.hp.com/us-en/drivers  Data Broker SafeGraph Stops Selling Location Data of People Who Visit Planned Parenthood https://www.vice.com/en/article/88gyn5/data-broker-safegraph-stops-selling-location-data-of-people-who-visit-planned-parenthood  What Companies Can Do Now to Protect Digital Rights In A Post-Roe World https://www.eff.org/deeplinks/2022/05/what-companies-can-do-now-protect-digital-rights-post-roe-world  Leaky Forms Inspector plugin: https://homes.esat.kuleuven.be/~asenol/leaky-forms/#leak-inspector  Nice review of my book: https://indubitablyodin.medium.com/firewalls-dont-stop-dragons-a26abcdc7cb0  Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/