Firewalls Don't Stop Dragons Podcast

The internet is on fire this week. The worst cybersecurity vulnerability of the last ten years (and perhaps more) has kicked the internet ant hill. Companies around the globe – big and small – are scrambling to repair a gaping hole in a ridiculously mundane but widely popular open source tool called Log4J. What it is and what does it mean for you? I’ll get into all of that today. In other news: many popular wireless home routers are riddled with security bugs (update your firmware now); family “safety” app Life360 is selling your detailed location data; Consumer Reports released a comprehensive report on VPN security and privacy; Firefox just got a lot more secure; LastPass is once again an independent company; Apple released a lot of cool security and privacy features for iOS and macOS; and Verizon just opted you into a program for tracking you – and how you can opt out. (I’ll touch on T-Mobile and AT&T tracking, too.) Article Links Op-Ed: What a house cat can teach us about cybersecurity https://www.latimes.com/opinion/story/2021-11-07/op-ed-what-a-house-cat-can-teach-us-about-cybersecurity  Nine WiFi routers used by millions were vulnerable to 226 flaws https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/  The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users https://themarkup.org/privacy/2021/12/06/the-popular-family-safety-app-life360-is-selling-precise-location-data-on-its-tens-of-millions-of-user  Consumer Reports exhaustive report on VPNs https://www.consumerreports.org/vpn-services/mullvad-ivpn-mozilla-vpn-top-consumer-reports-vpn-testing-a9588707317/  The new Firefox 95 might be the most secure web browser on the market https://www.techrepublic.com/article/the-new-firefox-95-might-be-the-most-secure-web-browser-on-the-market/  The Log4Shell 0-day, four days on: What is it, and how bad is it really? https://arstechnica.com/information-technology/2021/12/the-log4shell-zeroday-4-days-on-what-is-it-and-how-bad-is-it-really/  Widely-Used Kronos Payroll Provider Down for “Weeks” Due to Ransomware Attack; Was Log4Shell Involved? https://www.cpomagazine.com/cyber-security/widely-used-kronos-payroll-provider-down-for-weeks-due-to-ransomware-attack-was-log4shell-involved/  LastPass is going to become an independent company https://www.theverge.com/2021/12/14/22833319/lastpass-independent-company-logmein How to Use App Privacy Report in the iOS 15.2 Beta https://www.macrumors.com/guide/app-privacy-report/ iOS 15.2 Beta 2 Lets Your Family Access Your Data If You Pass Away https://www.macrumors.com/2021/11/09/ios-15-2-legacy-contact/  Hide My Email Available in Mail App With New iOS 15.2 and macOS Monterey 12.1 Betas https://www.macrumors.com/2021/11/09/macos-monterey-12-1-beta-2-hide-my-email/  iOS 15.2 Beta Adds Messages Communication Safety Feature for Kids https://www.macrumors.com/2021/11/09/apple-messages-communication-safety-ios-15-2/  Verizon May Have Just Enrolled You in a Data-Collection Scheme–Here’s How to Get Out https://gizmodo.com/verizon-may-have-just-enrolled-you-in-a-data-collection-1848156157  Further Info Still looking for holiday gifts? https://firewallsdontstopdragons.com/best-worst-gifts-2021/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/

The rampant collection and sharing of personal data is not just a creepy nuisance. Surveillance capitalism has actually had seriously deleterious effects on society and democracy. In the United States, we have certain rights enshrined in the Constitution that are supposed to protect citizens against unreasonable search and seizure. Law enforcement and intelligence agencies are supposed to have to jump through some non-trivial legal hoops in order to access our personal data. But with a massive market for gathering and correlating your location, purchase history, web surfing habits, search history, and more, it’s become trivial to circumvent these pesky road blocks by just buying the information from data brokers. In an important and landmark report from the Center for Democracy and Technology, the end run around our supposed rights has become frighteningly clear. Today I speak with Dhanaraj Thakur about this report and what it means for our democracy. Dhanaraj Thakur is Research Director at the Center for Democracy & Technology, where he leads research that advances human rights and civil liberties online. Further Info CDT Report on Legal Loopholes: https://cdt.org/insights/report-legal-loopholes-and-data-for-dollars-how-law-enforcement-and-intelligence-agencies-are-buying-your-data-from-brokers/  Center for Democracy  & Technology: https://cdt.org/  Patriot Act Turns 20 panel discussion: https://www.youtube.com/watch?v=xaUIvxLdGCQ My particular question at the panel: https://www.youtube.com/watch?v=xaUIvxLdGCQ&t=4783s  Best & Worst Gifts Guide for 2021: https://firewallsdontstopdragons.com/best-worst-gifts-2021/  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/

Transparency is critical when it comes to trust – and right now, particularly in the United States, we’re having some real issues with trust in our elections. Most of our election systems today are completely opaque in terms of their hardware and software design because they’re made by private companies who want to protect their intellectual property. But this secrecy also seriously impedes independent third parties from being able to test and verify these devices that are crucial to our democracy, and therefore contributes to the distrust in our election outcomes. Microsoft is working to change this with a program called ElectionGuard – a free and open source software framework that would allow any company (existing or new) to create robust and secure election systems. Not only can security researchers, journalists and democracy activists review and test the code, but the system actually provides technical capabilities that would allow voters and watchdog groups with a secure and private method for verifying that all votes were counted correctly. And that’s just part of what Microsoft is doing to defend democratic processes as part of their Democracy Forward program. Ethan Chumley is a Senior Security Strategist for Microsoft’s Democracy Forward Program, leading the team’s Critical Institution cybersecurity programs. He works at the intersection of cybersecurity, policy, and technology in support of open and secure elections by working with political campaigns, elections organizations, think tanks, NGOs, disinformation researchers, and tech industry partners. Further Info Microsoft ElectionGuard: https://www.electionguard.vote/  Microsoft’s Democracy Forward program: https://news.microsoft.com/on-the-issues/topic/defending-democracy-program/ Contact Microsoft about ElectionGuard: electionguard@microsoft.com  Contact Microsoft about protecting elections: protectelections@microsoft.com  ElectionGuard code: https://github.com/microsoft/electionguard  Harri Hursti interview: https://podcast.firewallsdontstopdragons.com/2021/11/08/restoring-trust-in-our-elections/  Article on brute forcing debit card numbers: https://www.techspot.com/news/92476-hackers-brute-force-guessing-payment-card-numbers-there.html  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/

Credit cards are more secure than debit cards. I’ve said this in my book, my podcast, my blog and my seminars. Credit card transactions are loans – you’re not out any money if a fraudulent charge comes through (assuming you or the credit card company catches it first). With debit cards, any fraud activity will actually take your money from your account – it’s gone and you have to convince your bank to give it back. And so, I almost never use my debit card. And yet, I was still hacked. My card wasn’t stolen or cloned with a skimmer. The number wasn’t leaked in a hack. The bad guys somehow managed to guess my card number. And then they got clever and drained my bank account. I’ll give you the details today and give you some pointers for avoiding being bitten the same way I was. In other news: bad guys have come up with some very clever ways to drain your bank accounts using Zelle and text messages; they’ve also used similar techniques to disable the Find My feature on stolen iPhones; Apple is suing Israeli hacking company NSO Group over their Pegasus spyware; attackers apparently don’t try guessing passwords longer than about 10 characters; GoDaddy admits to a major breach, but in a dumb way; there’s a nasty new Windows bug that was give up by an upset security researcher; there’s a powerful IoT malware that appears to be lurking on the internet; Microsoft Windows is doing some shady stuff to force you to use Edge browser and give up your data; and Vizio makes more money off your TV data than off the TV itself. Article Links The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/  iPhone thieves are using this trick to disable Find My on stolen devices https://www.imore.com/iphone-thieves-are-using-trick-disable-find-my-stolen-devices  Apple sues NSO Group for attacking iPhones with Pegasus spyware https://www.theverge.com/2021/11/23/22798917/apple-nso-group-spyware-pegasus-cybersecurity-research  Apple will alert users exposed to state-sponsored spyware attacks https://appleinsider.com/articles/21/11/25/apple-will-alert-users-exposed-to-state-sponsored-spyware-attacks  Attackers don’t bother brute-forcing long passwords https://therecord.media/attackers-dont-bother-brute-forcing-long-passwords-microsoft-engineer-says/  GoDaddy admits to password breach: check your Managed WordPress site! https://nakedsecurity.sophos.com/2021/11/23/godaddy-admits-to-password-breach-check-your-managed-wordpress-site/  New Windows zero-day with public exploit lets you become an admin https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/  This mysterious malware could threaten millions of routers and IoT devices https://www.zdnet.com/article/this-mysterious-malware-could-threaten-millions-of-routers-and-iot-devices/  Microsoft Enables Edge Sync By Default, Hoovering Up Your Data in the Process https://www.extremetech.com/computing/329162-microsoft-enables-edge-sync-by-default-hoovering-up-your-data-in-the-process?source=Computing  Vizio is making more money selling your data than it is selling TVs https://knowtechie.com/vizio-is-making-more-money-selling-your-data-than-it-is-selling-tvs/  My Debit Card Was Hacked: https://firewallsdontstopdragons.com/my-debit-card-was-hacked/ Further Info HUGE sale on my book! 9.99/6.99: https://link.springer.com/book/10.1007/978-1-4842-6189-7 Give Thanks and Donate https://firewallsdontstopdragons.com/give-thanks-donate/ Best & Worst Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ 

When you think about improving your privacy and protecting your personal information, it’s important to realize that it will also improve your security. According to Craig Danuloff, CEO of The Privacy Co. and maker of the Priiv app, privacy harms fall into at least four different buckets: personal data leaks (embarrassment and reputation harm), online tracking (targeted ads and manipulation), financial accounts (including fraud and identity theft), and harassment (stalking, bullying, even physical threats). Today Craig will offer his opinions on the state of privacy today and provide several of his top tips for protecting your privacy and increasing your security. Craig Danuloff is a technology entrepreneur who has founded a series of tech companies including desktop publishing, e-commerce, ad-tech, identity, and now consumer privacy. Craig is a graduate of the University of Colorado Leeds School of Business, and the author of over 20 computer books. Further Info Priiv app: https://www.theprivacy.co/priiv HUGE sale on my book! 9.99/6.99: https://link.springer.com/book/10.1007/978-1-4842-6189-7 Give Thanks and Donate https://firewallsdontstopdragons.com/give-thanks-donate/ Best & Worst Gift Guide for 2021: https://firewallsdontstopdragons.com/best-worst-gifts-2021/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/

The gift-giving season is officially upon us, and with covid supply chain issues, if you’re going to order gifts, you need to get on it. And in today’s show, I’ll share the highlights of my annual Best & Worst Gift Guide where I focus on the privacy and security of popular gifts. You won’t be surprised at a lot of the items on my naughty list, but I’ll bet you’ll find some interesting ideas from the nice list that you can give your loved ones this holiday season. I will also cover several news items – many of them actually good news! A new bipartisan bill would allow people to disable news feeds based on algorithms; Apple has dialed back some of it’s well-intentioned but poorly-implemented child safety features; Facebook will remove many sensitive categories for targeted ads and stop using facial recognition; several people associate with the Kaseya ransomware hack have been arrested; and 23andme’s DNA database (your DNA) may be leveraged foro a lucrative pharmaceutical business. Article Links New bipartisan bill takes aim at algorithms https://www.axios.com/algorithm-bill-house-bipartisan-5293581e-430f-4ea1-8477-bd9adb63519c.html  Apple Has Listened And Will Retract Some Harmful Phone-Scanning https://www.eff.org/deeplinks/2021/11/apple-has-listened-and-will-retract-some-harmful-phone-scanning  Facebook-parent Meta will remove the ability to target ads based on sensitive categories https://www.cnn.com/2021/11/09/tech/meta-facebook-ad-targeting-change/index.html  Facebook shutting down face recognition efforts & deleting data https://appleinsider.com/articles/21/11/02/facebook-shutting-down-face-recognition-efforts-deleting-data  Meta to continue use of facial recognition technology: https://appleinsider.com/articles/21/11/04/meta-to-continue-use-of-facial-recognition-technology  Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague https://nakedsecurity.sophos.com/2021/11/08/kaseya-ransomware-suspect-nabbed-in-poland-6m-seized-from-absent-colleague/  All Those 23andMe Spit Tests Were Part of a Bigger Plan https://www.bloomberg.com/news/features/2021-11-04/23andme-to-use-dna-tests-to-make-cancer-drugs  Further Info My annual Best & Worst Gift Guide is out for 2021! https://firewallsdontstopdragons.com/best-worst-gifts-2021/ Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/

Nothing is arguably more fundamental to a democracy than voting. But it’s not enough to have a secure election. The electorate also needs to trust that the results are valid. In the United States today, that trust is in short supply – many people believe that the 2020 election was rigged. On one hand, many of our electronic voting systems are demonstrably insecure and trivially capable of being hacked. On the other, our cybersecurity experts, government agencies and election officials are telling us that the 2020 election was one of the most secure in US history and voter fraud almost never happens. So which is it? How do we reconcile these two seemingly incongruent positions? Today I’ll ask these questions and more of computer and election security guru Harri Hursti. Harri has investigated and hacked several popular election systems used in the US and runs the Voting Machine Hacking Village at the annual DEF CON hacking conference. He’s also officially observed many elections around the world and participated in several high profile audits. As if that weren’t enough, Harri’s been featured in two separate HBO documentaries on election security and is co-founder of the Election Integrity Foundation. I met Harri at DEF CON 29 and I was thrilled when he agreed to come on the show. Further Info Harri Hursti: https://en.wikipedia.org/wiki/Harri_Hursti  Election Integrity Foundation https://electionintegrityfoundation.org/  California voting system review (“top to bottom”): https://www.sos.ca.gov/elections/voting-systems/oversight/top-bottom-review  Ohio voting system review (“Everest”): https://www.eac.gov/documents/2017/03/21/everest-report-state-voting-systems-voting-technology  New Hampshire election audit: http://doj.nh.gov/sb43/documents/20210713-sb43-forensic-audit-report.pdf  Kill Chain: The Cyber War on America’s Elections (HBO documentary, 2020) https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections  Hacking Democracy (HBO documentary, 2006) https://www.youtube.com/watch?v=b_gb_w_L9NE  Election Administration and Voting Survey 2020: https://www.eac.gov/research-and-data/studies-and-reports  Voluntary Voting System Guidelines: https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines  CISA, Election Security Rumor vs Reality: https://www.cisa.gov/rumorcontrol  2020 election security reports: https://www.brennancenter.org/our-work/research-reports/its-official-election-was-secure  DEF CON 25 Voting Machine Hacking Village Report: https://archive.org/download/DEFCON25VotingVillageReport/DEF%20CON%2025%20voting%20village%20report.pdf  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ 

There were lots of scary computer security and privacy stories in the news this week, coinciding nicely with Halloween. We’ll start off with an unfortunate new cybersecurity term: killware. This is software whose end result is actual physical harm to human beings, including death. Sadly, this is now a thing. And I don’t know about you, but Mark Zuckerberg’s vision of the future (the “metaverse”) is pretty damn scary, too. In other news: a hacker seems to have stolen the government identity information for every person in Argentina; a New York Times journalist explains how his iPhone has been hacked multiple times by the NSO Group and what he does to protect himself (and his sources); the FBI, the Secret Service and other “like-minded countries” seem to have finally taken down the REvil ransomware gang for good; Facebook has changed its name to “Meta”; link previews in chat apps can actually cause serious security and privacy problems; Delta Airlines and UK schools are normalizing the use of facial recognition for mundane purposes; your ISP is collecting tons of information about you in the US because we let them; and finally, I demystify and debunk the “dangers” of QR codes. Article Links Killware: What You Need to Know https://adamlevin.com/2021/10/15/killware-what-you-need-to-know/ Hacker steals government ID database for Argentina’s entire population https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/  NYT journalist describes his iPhone being hacked, and the precautions he now takes https://9to5mac.com/2021/10/25/nyt-journalist-describes-his-iphone-being-hacked-and-the-precautions-he-now-takes/  FBI, others crush REvil using ransomware gang’s favorite tactic against it https://arstechnica.com/tech-policy/2021/10/fbi-others-crush-revil-using-ransomware-gangs-favorite-tactic-against-it/  Facebook changes its name to Meta: https://www.inc.com/jason-aten/5-things-mark-zuckerberg-said-about-his-plan-for-metaverse-that-should-make-you-very-worried.html  Link Previews in Popular Messaging Apps May Lead to Security Vulnerabilities https://www.macrumors.com/2020/10/26/link-previews-may-lead-to-security-vulnerabilities/  Delta Air Lines partners with TSA PreCheck to launch biometrics-based bag drops https://finance.yahoo.com/news/delta-air-lines-partners-tsa-164655619.html  UK schools are using facial recognition to take pupils’ lunch money https://www.theverge.com/2021/10/18/22732330/uk-schools-facial-recognition-lunch-payments-north-ayrshire  Location Data Firm Got GPS Data From Apps Even When People Opted Out https://www.vice.com/en/article/5dgmqz/huq-location-data-opt-out-no-consent  Internet service providers have so much data on you https://www.protocol.com/policy/isp-ftc-data  Beware QR Code… Articles: https://firewallsdontstopdragons.com/beware-qr-code-articles/  Further Info Only ONE DAY LEFT to snag your challenge coin!! The promotion ends at 11pm Eastern Time on Tuesday, November 2nd! https://firewallsdontstopdragons.com/my-challenge-coins-are-back/  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/

Today, we’re surrounded by strong encryption. Thanks to efforts like Let’s Encrypt, almost all web communications today at encrypted. And thanks to wonderful privacy communications tools like Signal, we can share private thoughts instantly and securely with anyone on the planet. But this was not always the case. This secure, private, encryption-enabled future we’re living now was far from certain 30 years ago when Phil Zimmermann created and freely released his email encryption tool Pretty Good Privacy (PGP). If not for Phil and a handful of others, we could very easily have lost the Crypto Wars of the 1990’s and authoritarian mass surveillance could have been the norm. In today’s show, Phil and I walk through the creation of PGP, the technological and political climate of that day, and the nerve-racking few years where Phil faced potential jail time for releasing “munitions grade” encryption to the world. We’ll also discuss the literally life-saving impacts PGP has had over these last 30 years and how global law enforcement agencies and liberal democratic governments have revived the Crypto Wars. Phil Zimmermann is the creator of Pretty Good Privacy, which is still widely regarded as the gold standard for secure email communication. Phil went on to form Silent Circle and win several prestigious awards including US Privacy Champion and was inducted into the Cybersecurity Hall of Fame. Further Info Phil Zimmermann’s website: https://philzimmermann.com/  Phil’s announcement for the 30th anniversary of PGP: https://philzimmermann.com/EN/news/index.html PGP Web of Trust: https://en.wikipedia.org/wiki/Web_of_trust  SNL Bass-o-matic skit: https://www.nbc.com/saturday-night-live/video/bassomatic/n8631  National Cybersecurity Awareness Month resources: https://www.cisa.gov/cybersecurity-awareness-month-resources  Only ONE WEEK LEFT to snag your challenge coin!! https://firewallsdontstopdragons.com/my-challenge-coins-are-back/  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ 

Facebook had a horrible, no-good, very bad week. Not only did Facebook, Instagram and WhatsApp go completely offline for about six hours, a whistleblower came forward to show the world what most of us already knew: Facebook values money over its users’ well being. And I have another story that backs that up, as well – one that you almost surely did not hear about. In other news: the FTC tells app makers to fess up when users private data gets loose; the governor of Missouri wants to sue a newspaper for revealing a horrible security flaw that exposed teachers’ social security numbers; Apple’s attempts to prevent user tracking on iOS are being undermined by unscrupulous apps; a company that you’ve never heard of with access to almost all cellular text messages was hacked over the course of five years; the VPN maker and VPN review industries are awash in conflicts of interest; Windows 11 is finally out, but it’s not clear if and whether you should upgrade to it; and Firefox is searching for more ways to make money and stay alive, including adding more sponsored search suggestions for you to consider. Article Links FTC says health apps must notify consumers about data breaches — or face fines https://techcrunch.com/2021/09/16/ftc-says-health-apps-must-notify-consumers-if-their-data-is-breached-or-face-fines/  Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/  Investigation Finds Apple App Tracking Rules May Be Ineffective; IDFA Blocked, but Apps Frequently Access Other Identifiers https://www.cpomagazine.com/data-privacy/investigation-finds-apple-app-tracking-rules-may-be-ineffective-idfa-blocked-but-apps-frequently-access-other-identifiers/  Company That Routes Billions of Text Messages Quietly Says It Was Hacked https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked  Consolidation of the VPN industry spells trouble for the consumer, https://blog.windscribe.com/consolidation-of-the-vpn-industry-spells-trouble-for-the-consumer-57e638634cf0/ Facebook has finally given a reason for the six-hour outage Monday https://www.theverge.com/2021/10/4/22709806/facebook-says-the-six-hour-outage  Understanding How Facebook Disappeared from the Internet: https://blog.cloudflare.com/october-2021-facebook-outage/  Facebook bans developer behind Unfollow Everything tool https://www.theverge.com/2021/10/8/22716044/facebook-unfollow-everything-tool-louis-barclay-banned-for-life Facebook whistleblower Frances Haugen tells lawmakers that meaningful reform is necessary ‘for our common good’ https://www.washingtonpost.com/technology/2021/10/05/facebook-senate-hearing-frances-haugen/  Windows 11 compatibility: Check if your PC meets Microsoft’s requirements https://www.cnet.com/tech/computing/windows-11-compatibility-check-if-your-pc-meets-microsofts-requirements/  Firefox Now Sends Your Address Bar Keystrokes to Mozilla https://www.howtogeek.com/760425/firefox-now-sends-your-address-bar-keystrokes-to-mozilla/  BONUS: Trust, but verify: An in-depth analysis of ExpressVPN’s terrible, horrible, no good, very bad week https://www.zdnet.com/article/trust-but-verify-an-in-depth-analysis-of-expressvpns-terrible-horrible-no-good-very-bad-week/  Further Info National Cybersecurity Awareness Month resources: https://www.cisa.gov/cybersecurity-awareness-month-resources  Only two weeks left to snag a challenge coin!! https://firewallsdontstopdragons.com/my-challenge-coins-are-back/  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/