Firewalls Don't Stop Dragons Podcast

Unless you've been living under a rock, you know that ransomware is one of the most common and most lucrative cybersecurity rackets today. But despite all the press, ransomware is massively under-reported because companies don't want bad press. And in most cases, unless it can be proven that data was actually stolen, companies are under no legal obligation to inform the data subjects (you) of these hacks. In part one of my interview with Renee Dudley from ProPublica, we'll discuss the current state of the ransomware problem and the emergence of cyber insurance and incident response companies to deal with the threat and recover from attacks. And we'll also see that not all players are above board about what they do. Renee Dudley is a tech reporter at ProPublica. Before joining ProPublica in 2018, she was a member of the enterprise team at Reuters, where she reported extensively on issues with college-entrance exams. Before joining Reuters in 2015, she worked as a reporter in New York for Bloomberg News and in South Carolina for The (Charleston) Post and Courier and The (Hilton Head) Island Packet. At Bloomberg, she uncovered questionable accounting and unauthorized sales practices at Walmart Inc. In Charleston, her reporting led to the indictment and resignation of South Carolina’s most powerful politician. She received the Society of Professional Journalists’ Pulliam Award in 2010 for her work upholding First Amendment rights while reporting for The Island Packet. Further Information: ProPublica on ransomware: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacksMike Gillespie to the rescue: https://www.propublica.org/article/the-ransomware-superhero-of-normal-illinoisID Ransomware: https://id-ransomware.malwarehunterteam.com/No More Ransom: https://www.nomoreransom.org/Bleeping Computer: https://www.bleepingcomputer.com/

TikTok is the hot new social media service (Snapchat and Instragram are so last year), particularly in Asian countries like India. But India just banned this and several other apps from China over privacy concerns - and I have a feeling they won't be the last. The TikTok app was just revealed to be copying the user's clipboard contents every few seconds for some completely unknown reason (and TikTok's explanation was lame). While it has supposedly "fixed" this, another researcher claims to have reverse engineered the TikTok app and found that it's pulling all sorts of other user data - enough to put Facebook and Google to shame. Short answer? Delete this app. And there's a ton of other news this week: Zoom changes course on end-to-end encryption for free users, with a couple catches; I have more info on the recent Netgear router vulnerability affecting dozens of their products; Adobe Flash will be erased from the Earth by year's end; Oracle's BlueKai data mining subsidiary left a ton of personal data exposed with no password; Sen. Sherrod Brown (D-Ohio) has a wonderful privacy proposal that will probably never pass Congress; new Mac malware uses a trick to get around Apple's app security; Microsoft shoves its new Edge browser down its users' virtual throats; and Comcast is the first ISP to qualify for Mozilla's Trusted Recursive Resolver program (DNS over HTTPS) and might switch out Cloudflare without asking you. Further Info: Netgear router fix info:https://bit.ly/netgear-fixhttps://bit.ly/netgear-passwords Humble Bundle - LAST CHANCE! https://www.humblebundle.com/books/protect-your-stuff-apress-books

In the second half of my interview with Eduard Goodman and Adam Levin from Cyberscout, we discuss the privacy aspects of our new work- and learn-from-home reality. How much privacy should you really expect? What are your legal rights? What should we beware of when using a single device for both work and personal things? How much should companies be willing to spend to make sure their employees and intellectual property are well protected while working from home? How do we avoid, as a democracy, giving up too much privacy with hopes it will make us more secure? Will we ever get that privacy back? We discuss all of this and much more! Eduard Goodman is the Chief Legal Counsel and Global Privacy Officer for CyberScout, a global leader in identity theft resolution, data defense and employee benefits services. An internationally trained attorney and data protection expert, Goodman has more than twenty years of experience in global privacy law and cybersecurity. Adam Levin is a consumer advocate with more than 30 years of experience in security, privacy, personal finance and many other things. He is the former director of the New Jersey Division of Consumer Affairs and current chairman and founder of CyberScout. He is also the author of the book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Further Info: CyberScout: https://www.cyberscout.com/enMy Apress Humble Bundle: https://www.humblebundle.com/books/protect-your-stuff-apress-booksPatreon: https://www.patreon.com/FirewallsDontStopDragons

Today I speak with not one but two experts on security and privacy to get their insights, stories and tips on staying safe from scammers and hackers in our new COVID19 pandemic reality. These guys have dealing with cyber incidents every day and bring some unique perspectives. In some ways, it's same stuff, different day; but the pandemic, economy woes and general civil unrest have given the bad guys some fertile material for working their craft. Eduard Goodman is the Chief Legal Counsel and Global Privacy Officer for CyberScout, a global leader in identity theft resolution, data defense and employee benefits services. An internationally trained attorney and data protection expert, Goodman has more than twenty years of experience in global privacy law and cybersecurity. Adam Levin is a consumer advocate with more than 30 years of experience in security, privacy, personal finance and many other things. He is the former director of the New Jersey Division of Consumer Affairs and current chairman and founder of CyberScout. He is also the author of the book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Further Info: CyberScout: https://www.cyberscout.com/enMy Apress Humble Bundle: https://www.humblebundle.com/books/protect-your-stuff-apress-booksPatreon: https://www.patreon.com/FirewallsDontStopDragons

With the US general election just over 20 weeks away and no vaccine in sight for the coronavirus, it's time to think very seriously about how you're going to vote. Even if you think you want to vote in person this November, you should have a backup plan: voting by mail. This means that you'll need to register for an absentee ballot - and the sooner you do so, the better prepared your state and county will be. I'll tell you everything you need to know to get your absentee ballot. In other news: Microsoft, IBM and Amazon have taken very welcome steps to curbing the use of facial recognition for law enforcement purposes; the FBI is once again warning us about banking hacks, this time related to mobile apps; the Brave browser was busted "accidentally" trying to cash in on your browsing; Google is being sued for $5B over its Chrome browser tracking while in incognito mode; and Zoom is rolling out full end-to-end encryption on its video conferencing solution... if you're willing to pay. Further Info: Get your absentee ballot: https://www.vote.org/Support election reform: https://www.verifiedvoting.org/Support fair and open voting: https://fairfight.com/ Vote at home: https://www.voteathome.org/

We've established that we have a high speed internet access problem - now what can we do about it? In part 2 of my interview with the EFF's Ernesto Falcon, we'll talk about how broadband fiber-based internet is a critical piece of national infrastructure, not unlike the highway system. It enables and supports industry and innovation, and ubiquitous access would greatly increase our ability to learn and work remotely. We talk about the politics and economics behind all of this, including some interesting solutions involving both the government and private corporations. Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy. He represents EFF’s advocacy, on behalf of its members and all consumers, for a free and open Internet before state legislatures and Congress. Ernesto’s work includes pushing the state of California to pass the strongest net neutrality law in the country in response to federal repeal efforts, as well as leading EFF's research and advocacy to promote universally available, affordable, and competitive fiber broadband networks. Further Info: Electronic Frontier Foundation: https://www.eff.org/Why cable companies hate California's SB1130 bill: https://www.eff.org/deeplinks/2020/05/why-cable-companies-oppose-californias-universal-fiber-effort-sb-1130

The COVID-19 era has exposed several weaknesses in American infrastructure and exacerbated the gulf between the haves and the have-nots. Perhaps nowhere is this more evident than the digital divide: access to high speed internet. While much of the country was able to work and learn from home, for too many communities this was simply not an option due to poor or non-existent broadband access. In today's show, Ernesto Omar Falcon from the EFF explains the political and economic reasons we got into this mess. Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy. He represents EFF’s advocacy, on behalf of its members and all consumers, for a free and open Internet before state legislatures and Congress. Ernesto’s work includes pushing the state of California to pass the strongest net neutrality law in the country in response to federal repeal efforts, as well as leading EFF's research and advocacy to promote universally available, affordable, and competitive fiber broadband networks. Further Info: Electronic Frontier Foundation: https://www.eff.org/Why cable companies hate California's SB1130 bill: https://www.eff.org/deeplinks/2020/05/why-cable-companies-oppose-californias-universal-fiber-effort-sb-1130

The FBI is once again trash-talking Apple for not helping them in their investigation of a terrorist - this time, the alleged perpetrator of the Pensacola shooting. However, like the San Bernardino shooting a few years ago, Apple has actually done everything in its power to aid law enforcement. The issue is the "in its power" part. The FBI and DOJ would prefer that Apple (and therefore they) would have more power to unlock and decrypt iOS devices. We'll discuss this and a recent ruling against the FBI in another phone-related case. In other news: the Senate narrowly defeated a bill amendment that would protect your web history from government surveillance; 83% of users store their passwords in their heads (meaning their passwords suck); Firefox will soon tell you when sign-up forms are truncating your long passwords; Microsoft warns of a nasty new COVID-19-related phishing scheme that can take over your entire computer; and secure messaging app Signal has added a new security PIN to protect your account and make transferring to a new device easier.

Intel created the Thunderbolt protocol to give us blazingly fast data transfer and other interesting features. Thunderbolt usually comes with the newer USB-C ports, common on laptops, especially Macbooks. Unfortunately, researchers have found a major flaw affecting all computers that will allow bad guys to gain access to your computer in just a few minutes with a few hundred dollars of common equipment. Most computers built in 2019 and later are capable of blocking this attack, but not many have implemented it. Apple computers are safe, unless they're in Bootcamp mode running Windows or Linux. I'll go over the details of this "evil maid" attack and provide several tips for securing your computers. In other news: Mozilla is adding a couple cool new privacy features to Firefox; Microsoft is rolling out some security and privacy in its coming May release; Google Authenticator finally provides a way to transfer accounts (sorta); Clearview AI is quickly backpedaling is data collection on Illinois residents; and Bruce Schneier explains why the Apple/Google contact tracing app will be basically useless. Further Info: My Duke OLLI lecture on COVID19 scams and privacy: https://duke.zoom.us/rec/share/-pFnFpPwz31LZ9Lg72CPX58rIdTaX6a82ncZ_qAKnn7ycTkgCcknURAXsgLmOR0

In part two of my interview with Malwarebyte's David Ruiz, he tells us how to avoid the scams we discussed last week. And then we move on to discuss the potentially serious privacy issues that could come from the emerging surveillance regimes, designed to help us curb the spread of the coronavirus. David Ruiz is a content writer for Malwarebytes, covering online privacy, cybersecurity, and the laws - and proposed legislation - that regulate how data is stored, shared and accessed. He previously worked for Electronic Frontier Foundation, where he wrote and analyzed policy about NSA surveillance, encryption, and cross-border data transfer. Further Info: Malwarebytes blog: https://blog.malwarebytes.com/author/davidruiz/Malwarebytes antivirus: https://www.malwarebytes.com/for-home/products/Malwarebytes "Lock and Code" podcast: https://podcasts.apple.com/us/podcast/lock-and-code/id1500049667