Firewalls Don't Stop Dragons Podcast

In January of this year, Malwarebytes (a world-class antivirus software maker) conducted a massive poll on privacy that included 4000 people from 66 different countries. On today's show, I will delve into the key takeaways from this poll and some rather (pleasantly) surprising results. (Tune in next week for part 2.) David Ruiz is a pro-privacy, pro-security writer for Malwarebytes Labs, where he covers online privacy, legislation, and the interplay between technology and the law. Further Info Malwarebytes poll on privacy: https://blog.malwarebytes.com/security-world/2019/03/labs-survey-finds-privacy-concerns-distrust-of-social-media-rampant-with-all-age-groups/Top 6 Takeaways from poll: https://blog.malwarebytes.com/101/2019/05/the-top-six-takeaways-for-user-privacy/

It shouldn't surprise you to learn that Google can read your Gmail. You may even realize that Google is scanning your emails for things like trip itineraries, which allows them to automatically add flights and hotel reservations to your Google Calendar, for example. But you may not realize how much other juicy info is there to be mined, like online purchases. Every email receipt you've received since you've had your Gmail account has almost surely been parsed and indexed. In today's show, I'll tell you how you can view this history and even delete it (painful as it may be). In other news, an FCC commissioner has released an update on the selling of location data by cell phone providers, San Francisco is poised to become the first major US city to ban the government use of facial recognition systems, and many popular games have been found to give away tons of user data. Further Info Check your Google purchase history: https://myaccount.google.com/purchases

Facebook co-founder Chris Hughes makes a heartfelt and cogent argument for breaking up the world's dominant social media company, Facebook. The litmus test for the US Government has focused too much on impact to consumer pricing, which has little to do with "free" services such as Facebook. It's time to also consider social and consumer impact. In other news, a photo storage service has been caught using your images to train facial recognition systems without proper disclosure, Google has unveiled plans to allow users to auto-delete certain sensitive user data after a specified number of months, and Facebook has cranked up the creepy factor by encouraging you to identity up to nine of your friends that you are secretly crushing on. Further Info New York Times Privacy Project: https://www.nytimes.com/2019/05/07/opinion/google-sundar-pichai-privacy.htmlIt's Time to Break Up Facebook: https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.htmlFirewalls Don't Stop Dragons links & errata: https://github.com/Apress/firewalls-dont-stop-dragons

A disturbing study in the JAMA Network Open journal showed that almost all of 36 mental health apps they downloaded were sharing your data to some extent - many without proper or even any disclosure. Many shared basic data with Facebook and Google, and a few shared very sensitive information like health diaries and self reports of substance abuse. I'll give you some tips on how you can protect yourself. In other news, Firefox plugins were all shut off over the weekend due to a Mozilla certificate expiring, bad guys are using Google ads to trick you into paying money to fake customer support sites, data from 80M US households was found lying around on Microsoft servers, and Princeton has a cool new app that will tell you which of your IoT devices may be snitching on you. Further Info Terms of Service; Didn't Read: https://tosdr.org/ Princeton IoT Inspector: https://iot-inspector.princeton.edu/Spring Cleaning for you apps: https://firewallsdontstopdragons.com/close-security-holes/

Facebook has once again gone too far and, when caught, asked for forgiveness and promised to change. First it was revealed that Facebook has been requesting since May 2016 that new users provide their email account passwords in order to verify their email addresses - without giving any obvious way to opt out. When caught, they said they would stop doing this. However, it was then revealed that Facebook "unintentionally" hoovered up the email contact lists of 1.5 million Facebook users that gave them their email passwords! I'll tell you how you can review and delete any contacts you've shared (intentionally or otherwise) with Facebook... as well as how to just delete Facebook! In other news, Microsoft has dropped the requirement to periodically change your password in Windows 10, another IoT vulnerability has been found that affects millions of devices, I have an update on the supposed Amazon employee Echo spying, and finally I'll explain why browser makers are throwing in the towel and allowing 'ping' tracking (and how you can still block this).

How do you deal with the threat of identity theft? Follow Adam Levin's 3 M's: 1) minimize your exposure, 2) monitor your accounts, and 3) manage the damage. We discuss these techniques and much more in part two of my interview with Adam Levin, author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Adam Levin is a consumer advocate with more than 40 years of experience in security, privacy, personal finance and many other things. He is the former director of the New Jersey Division of Consumer Affairs and current chairman and founder of CyberScout. You may have seen Adam on one of his several TV appearances, as well. Further Info: Adam Levin's website: https://adamlevin.com/Adam's book, Swiped: https://adamlevin.com/swiped-book-adam-levin/CyberScout: https://www.cyberscout.com/ Bruce Schneier's Data and GoliathKevin Mitnick's The Art of InvisibilityBrian Kreb's Spam Nation and his blogIdentity Theft Resource CenterConsumer Federation of AmericaPrivacy Rights Clearinghouse

Identity theft is arguably one of the worst cyber crimes in terms of deep and lasting impact to the victim. This runs the gamut from simple credit card fraud to committing crimes in someone else's name. We'll talk about the entire spectrum today in part one of my interview with Adam Levin, author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Adam Levin is a consumer advocate with more than 40 years of experience in security, privacy, personal finance and many other things. He is the former director of the New Jersey Division of Consumer Affairs and current chairman and founder of CyberScout. You may have seen Adam on one of his several TV appearances, as well. Further Info: Adam Levin's website: https://adamlevin.com/Adam's book, Swiped: https://adamlevin.com/swiped-book-adam-levin/CyberScout: https://www.cyberscout.com/

Bad guys have been using scary emails and pop-up messages to bilk unsuspecting victims of millions of dollars for a long time now. But recent scams purporting to be from the CIA have taken things to a new level. In today's show, I'll walk you through one variant of this scam and teach you how to spot similar scare scams. In other news, government spyware has made its way into everyday apps on the Google Play Store, WinRAR has a serious bug that you need to patch, hundreds of millions of Facebook records were found lying around unprotected in the cloud, ASUS computer users were targeted by ShadowHammer malware, and Cloudflare has a new mobile VPN app you should take a look at. Further Info Install and configure Cloudflare's 1.1.1.1 DNS: https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/ASUS malware checker: https://shadowhammer.kaspersky.com/

How often have you run across something so obviously bad or behind the times that you just want to scream: Hey, fix this already! Electronic Frontier Foundation to the rescue! Gennie Gebhart explains the EFF's new #FixItAlready campaign - a "most wanted" list of no-brainer bugs and shortcomings in today's most popular services and products that just should not be. Examples include no end-to-end encryption of Twitter DMs, using two-factor Facebook phone numbers for marketing, and not being able to set your own password on iCloud or Windows 10 hard drive encryption. Gennie Gebhart is the Associate Director of Research at the Electronic Frontier Foundation, where she does research and advocacy on consumer privacy and security issues. She holds a Master of Library and Information Science from the University of Washington. Further Info: Fix It Already! https://fixitalready.eff.org/Donate to EFF: https://supporters.eff.org/donate/join-eff-4

What happens to your digital life when you die? The answer is only slightly less philosophical than what happens to your soul. The laws, as least in the US, haven't kept up with the times and there aren't clear rules for who has legal rights to your online accounts or the files you've stored in the cloud. In today's episode, I'll tell you how to prepare for your inevitable digital afterlife. In other news, Facebook revealed that 100's of millions of its users passwords were left open on internal servers, ransomware has hit one of the world's largest producers of aluminum, the Pwn2Own bug hunt contest shows us how to do responsible disclosures, a critical flaw has been found in implanted defibrillators leaving them vulnerable to hacking, and DARPA is hoping to fix our broken voting systems. Further Reading My blog article on Digital Afterlife: https://firewallsdontstopdragons.com/preparing-for-your-digital-afterlife/Facebook's password screwup: https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/Critical defibrillator bugs: https://arstechnica.com/information-technology/2019/03/critical-flaw-lets-hackers-control-lifesaving-devices-implanted-inside-patients