Firewalls Don't Stop Dragons Podcast

In today's show, I'll discuss the Capitol One hack that affected over 100 million card users and applicants. I'll also cover the latest in the backlash against Apple, Google and Amazon over humans listening in on your private digital assistant voice recordings. The Ring doorbell, whose parent company was bought by Amazon, is quickly becoming a darling of local law enforcement agencies due to its ability to share surveillance footage. School districts are being hit with ransomware and being bilked for hundreds of thousands of dollars. And finally, Netflix has created a sobering documentary about the Facebook and Cambridge Analytics scandal, covering not just the 2016 US elections but also Brexit and many other voter influence campaigns around the globe. Further Info: The Great Hack on Netflix: https://www.netflix.com/Title/80117542RSA Conference Blog book review: https://www.rsaconference.com/blogs/bens-book-of-the-month-review-of-firewalls-dont-stop-dragons-a-step-by-step-guide-to-computer-security-for-non-techiesApress Beginner's Book series: https://www.amazon.com/stores/page/7383A13D-EAFC-426B-A944-5B6C1B6886E9

Two years after the massive Equifax breach, the Federal Trade Commission (FTC) has reached a tentative settlement that will purportedly provide some restitution to the 148 million Americans who whose data was leaked. Unfortunately, there are lots of little devils in the details - not to mention the this settlement has yet to be approved. However, you can (and probably should) go ahead and submit your claim. I'll give you all the details and tell you how do it. In other news, Firefox is coming out with a premium, for-pay version of its privacy-centric web browser, the Pentagon has revealed technology that will allow them to identify people surreptitiously from up to 200 meters away, some of your Apple's Siri recordings are being listened to by real humans, I'll give my take on the FaceApp scandal, and finally, if you have a Logitech wireless keyboard or mouse, you're going to watch to update the software to patch a nasty bug. Further Info: Logitech Wireless Keyboard/Mouse security update: https://support.logi.com/hc/en-001/community/posts/360032078393-Logitech-Response-to-Research-FindingsEquifax settlement claim site: https://www.equifaxbreachsettlement.com/Free (official) annual credits reports: https://www.annualcreditreport.com/index.action

In the second half of my interview with Winston Privacy CEO Richard Stokes, we talk about why your data is so valuable to advertisers and what you can do to limit all this tracking. In particular, we'll discuss the Winston box which acts as a sort of force field around your home network, preventing all your "smart" and "internet of things" devices from reporting on your every move. Richard is the CEO and founder of Winston Privacy. Previously, he was the founder of AdGooroo.com, one of the first digital market research services, and later became the Global Head of Innovation for Kantar Media. He founded Winston Privacy in response to the increasing abuses of privacy taking place in the AdTech industry. Additionally, he's the author of "The Ultimate Guide to Pay-Per-Click Advertising". He has a Computer Science degree from the University of Illinois at Champaign-Urbana and an MBA from Kellogg / Northwestern University. Further Info: Winston Privacy: https://winstonprivacy.com/Pre-Order: https://www.indiegogo.com/projects/winston-take-back-control-of-your-online-privacy#/

Protecting your privacy today is hard. It's really hard. It's too hard. Every 'smart' device you own is tattling on you, constantly, to dozens of companies. Your phone, your tablet, your PC, your TV, your streaming box, your DVR, your smart thermostat, your internet-connected medical devices... The list goes on and it gets longer every day. What if you could not only see all these illicit communications but also block them all, in one feel swoop? In part one of my interview with Richard Stokes, this former AdTech CEO will reveal what finally caused him to not only leave the industry but to develop a promising new product that puts users back in control of their privacy. Richard is the CEO and founder of Winston Privacy. Previously, he was the founder of AdGooroo.com, one of the first digital market research services, and later became the Global Head of Innovation for Kantar Media. He founded Winston Privacy in response to the increasing abuses of privacy taking place in the AdTech industry. Additionally, he's the author of "The Ultimate Guide to Pay-Per-Click Advertising". He has a Computer Science degree from the University of Illinois at Champaign-Urbana and an MBA from Kellogg / Northwestern University. Further Info: Winston Privacy: https://winstonprivacy.com/Pre-Order: https://www.indiegogo.com/projects/winston-take-back-control-of-your-online-privacy#/

The US government is once again looking to break or hobble encrypted communications in the name of national security and law enforcement. They claim that we're "going dark" - that modern end-to-end encryption used in apps like Signal and Wickr that protect user privacy are preventing them from keeping us safe and bringing the bad guys to justice. Cryptographers and technology companies have soundly squashed the idea of putting "backdoors" in these systems that supposedly only the "good guys" can go through. But now these agencies have come up with a proposal that neatly sidesteps these issues: they simply want to be added as another "end" to the end-to-end scrambled session. A "ghost" in the chat, and BCC that neither of the original participants are made aware of. But this has several problems, as well. In other news, FigLeaf has conducted a survey of users about online privacy that shows major shifts in thinking since just before the Cambridge Analytica/Facebook scandal; "pre-saving" new releases on Spotify and other music streaming services is allowing music companies unbelievable access to your personal info; and Mozilla (maker of Firefox) has created a creative tool that let's you fool online advertisers into thinking you're someone completely different.

Why do most VPN apps suck so badly? How do you know which VPN service providers you can trust with your privacy? How is it that our internet service providers know so much about our web surfing habits? Today I explore these questions and more with John Graham-Cumming, the CTO of the internet performance and security company. He will also tell us about a new VPN service coming soon from Cloudflare called Warp that may finally address all of these problems. John is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The Geek Atlas. Further Info: Cloudflare's 1.1.1.1 App: https://1.1.1.1/Cloudflare's Crypto Week Blog: https://blog.cloudflare.com/welcome-to-crypto-week-2019/ Big Brother 2.0: https://firewallsdontstopdragons.com/big-brother-2-0/

How many of your "smart" devices are smart enough to update their own software? For that matter, how many of them can upgrade at all? It's a good bet that most of them run some flavor of the free and open-source Linux operating system. A nasty bug was just found that affects almost all Linux systems, allowing a simple remote command to bring the system to its knees. There have been other bugs found in Linux and there will be more. If your device's software can't be updated, it will always be vulnerable. I'll go over some basic IoT security tips to mitigate your vulnerability, but in the end, older IoT devices that can't be upgraded should just be pitched. In other news, Firefox just patched two critical vulnerabilities, Dell's built-in remote assistance software can be remotely hacked, Venmo transactions are still painfully public by default, a Spanish soccer apps turns its fans into unwitting narcs, and Facebook has launched a new cryptocurrency called Libra.

In today's show I have a sobering discussion with the EFF's Eva Galperin about the rise of stalkerware (sometimes called "spouseware"). It's become all too easy for abusive, unscrupulous people to spy on their significant others, tracking their every move, monitoring all their communications. We'll talk about how our phones can be subverted and what measures you can take to prevent it. Eva also provides practical and prudent advice for people who suspect they may be victims of stalkerware. Eva Galperin is EFF's Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF's Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages. Further Info Surveillance Self Defense: https://ssd.eff.org/EFF Newsletter: https://supporters.eff.org/subscribeDonate to the EFF: https://supporters.eff.org/donate/

Google Chrome is the most popular web browser on the planet by far, used by about two thirds of all web surfers. But Google is an advertising company and ad blockers are a direct threat to their business model. Google is planning to make a highly controversial change to Chrome's plugin framework that would break some popular ad blocking extensions like uBlock Origin, forcing them to use much less effective techniques for blocking ads. Compare that to Mozilla's Firefox browser, which just announced even more built-in tracking and ad-blocking capabilities - many of which will be on by default. The evidence is clear: Firefox respects your privacy and is giving your more and more tools with which to protect it; Chrome is doing the opposite. It's time to switch to Firefox and ditch Chrome. In other news, Maine has just signed bill into law which will require internet service providers to get your explicit consent before collecting and selling your web surfing data, Apple has announced several privacy-enhancing features to debut in iOS 13 this fall, and Windows Remote Desktop Services are under attack by hackers. Further Info: Patch your old Windows Systems Now! https://firewallsdontstopdragons.com/a-worrisome-windows-worm/Switch from Google Chrome to Firefox: https://firewallsdontstopdragons.com/its-time-switch-to-firefox/Firefox's content blocking settings: https://support.mozilla.org/en-US/kb/content-blocking

Is it possible to hide your tracks online? Is it even worth the effort to try? How do you know which companies, products and services you can trust? Is government regulation the answer? We'll address all of these questions today in part 2 of my interview with David Ruiz. David will give you several great resources for getting more informed and also for getting more involved in the fight for privacy. David Ruiz is a pro-privacy, pro-security writer for Malwarebytes Labs, where he covers online privacy, legislation, and the interplay between technology and the law. Further Info Who Has Your Back? https://www.eff.org/who-has-your-back-2018Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/Terms of Service; Didn't Read: https://tosdr.org/Malwarebytes poll on privacy: https://blog.malwarebytes.com/security-world/2019/03/labs-survey-finds-privacy-concerns-distrust-of-social-media-rampant-with-all-age-groups/Top 6 Takeaways from poll: https://blog.malwarebytes.com/101/2019/05/the-top-six-takeaways-for-user-privacy/Help me to help you! https://www.patreon.com/FirewallsDontStopDragons