Firewalls Don't Stop Dragons Podcast

The Mayor of Tampa, Florida, had this Twitter account hacked due to "the usual weaknesses, including poor passwords." The hackers used the account to tweet pornographic images and even an incoming ballistic missile alert. Comcast's Xfinity Mobile service used a default account security PIN of "0000", which allowed several customers to have their accounts taken over. You not only need strong passwords, you need strong second factor authentication. That's defense in depth. In other news, Microsoft's Edge browser was found to have a whitelist for almost 60 websites that bypass the Flash Player click-to-run protections, a Canadian province is allowing the mass sale of anonymized medical records, the fast Thunderbolt USBC ports are found to be vulnerable to a memory access hack called Thunderclap.

Artificial Intelligence (AI) has been around for decades, but has only recently begun to fulfill the promise of truly replicating human-like decision making. The Information Age has generated enormous quantities of data and modern technology has given us unprecedented power to ingest and analyze this data. AI systems today control airplanes, financial and insurance systems, and even criminal sentencing recommendations. We can use AI to conduct law enforcement and intelligence gather operations. AI has even generated audio, video and photos that are completely fake but nearly impossible for a human to detect. Our guest today, Lorraine Kisselburgh, is working with international organization to define common-sense guidelines for the creation and use of these AI systems, to maximize potential and minimize abuse. Lorraine Kisselburgh (Ph.D., Purdue University) is a Scholar with the Electronic Privacy Information Center in Washington, D.C., a former professor of media, technology, and society, and a visiting lecturer in the Center for Entrepreneurship at Purdue University. She studies the social implications of emerging technologies, including privacy and ethics in emerging technology contexts. Her research has been awarded funding from the National Science Foundation and the Department of Homeland Security, and recognized by the National Academy of Engineering. She currently serves on the executive committee of Association of Computing Machinery’s (ACM) US Technology Policy Committee (USTPC) and was a member of the ACM Task Force on Code of Ethics. Email: lorraine@purdue.eduWebsite: www.lkisselburgh.netTwitter: @lkisselburgh, @EPICPrivacyFacebook: EPICPrivacy Further Information: Universal Guidelines for AI: https://thepublicvoice.org/AI-universal-guidelines/Electronic Privacy Informantion Center (EPIC): https://www.epic.org/"Deep Fake" Obama PSA: https://www.youtube.com/watch?v=cQ54GDm1eL0 Lyrebird fake Trump and Obama voices: https://soundcloud.com/user-535691776/dialogOpenAI fake news articles: https://arstechnica.com/information-technology/2019/02/researchers-scared-by-their-own-work-hold-back-deepfakes-for-text-ai/AI Now Institute: https://ainowinstitute.org/Berkman Klein Center for Internet and Society: https://cyber.harvard.edu/Data & Society Intelligence and Autonomy Initiative: https://autonomy.datasociety.net/WEF’s AI and Machine Learning: https://www.weforum.org/communities/artificial-intelligence-and-machine-learning

The European Union has recalled a GPS smart watch meant to be worn by children so that their parents can keep tabs on them. Unfortunately, due to horrible security, anyone can track these watches - and even send messages to the children. The Internet of Things (IoT) is well-known for having lax or non-existent security protections. Connecting our children's toys to the internet in this manner is raising serious (and valid) privacy concerns. In other news, there's a devious new Facebook and Google phishing scam that would fool many pros, the Chrome browser will soon help you spot fake look-alike websites, Apple cracks down on apps that surreptitiously record their users' interactions with their apps, and many modern Android phones are vulnerable to hacking simply by loading a malicious image. Help Me to Help You! Visit my page on Patreon for details: https://www.patreon.com/FirewallsDontStopDragons

Last week I told you about the literally billions of email addresses and passwords that were released by hackers as "Collections 1-5". I also told you how you can check to see if your information was contained in these (or other dumped data) by checking haveibeenpwnd.com. And today I'm interviewing the man behind this wonderful, free service: Troy Hunt! He tells us how he gets his hands on all of this data and what we should be doing to mitigate the damage from these inevitable breaches. The worst thing you can do? Reusing passwords on multiple sites! In today's episode, I also reveal the winners of my Pod-Centennial contest! Five lucky people will be getting signed copies of my book, signed copies of Bruce Schneier's latest book (Click Here to Kill Everybody), and a selection of other cybersecurity books! Troy Hunt is an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. You'll regularly find Troy in the press talking about security and even testifying before US Congress on the impact of data breaches. Further Info HaveIBeenPwned.comEthics of running a data breach search service: https://www.troyhunt.com/the-ethics-of-running-a-data-breach-search-service/Authentication evolved: https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

Last week we saw perhaps the single largest data breach dump in history, close on the heels of another massive data disclosure from the same group. Dubbed "Collections 1-5", together these data dumps represent literally billions of unique user email addresses and passwords. Using the online tool Have I Been Pwned will tell you whether your email address or password is contained in this hacker's treasure trove. I will also tell you how you can mitigate the damage from this and future breaches. In other news, Apple's FaceTime app contains a huge bug that could let other people eavesdrop on you and potentially even view you through your camera; Google and Firefox are offering competing visions of browser privacy with controversial new features; and a recent Mac malvertising campaign is using a classic technique called steganography to disguise its malicious intentions. Further Information Have I Been Pwned: https://haveibeenpwned.com/Pod-Centennial Contest Details: https://firewallsdontstopdragons.com/celebrate-my-pod-centennial/CLICK HERE TO ENTER the PodCentennial Contest!

We're celebrating international Data Privacy Day along with the 100th episode of Firewalls Don't Stop Dragons! And what a show we have! My guest today is none other than Bruce Schneier: internationally renowned security technologist and author of 14 books, including the best-seller Click Here to Kill Everybody)! Bruce and I discuss the current state of data privacy and what it's going to take to rein in the corporations that are buying and selling our data with abandon. In this show I will also walk through my personal privacy checklist, including several things you could do RIGHT NOW to improve your online privacy. Along the way, I will share some tips from some of my favorite past guests on the show. But that's not all! To celebrate my Pod-Centennial, I'm giving away 5 signed copies of my book as well as 5 signed copies of Bruce's latest book, a stack of some of my favorite cybersecurity books, and MORE! You have to listen to this show to learn how to enter the contest - so there's no better time to subscribe and listen! Further Information: Transcript of my interview with Bruce Schneier: http://podcast.firewallsdontstopdragons.com/wp-content/uploads/2019/01/Ep100-interview.txtData Privacy Day Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/Pod-Centennial Contest Details: https://firewallsdontstopdragons.com/celebrate-my-pod-centennial/CLICK HERE TO ENTER Bruce Schneier interview transcriptDownload

Ancestry analysis firm 23andMe has just inked a 4-year, $300M deal to share its DNA samples with the colossal pharmaceutical company GlaxoSmithKline. What are they going to do your genetic material? Good question. Did you carefully read and understand your Terms of Service? Sure you did. I'll tell you how you can ask 23andMe (or Ancestry.com) to discard your samples. In other news, some users are finding that they aren't allowed to delete their Facebook apps from their phones, a new federal case has strengthened your privacy rights when it comes to phone searches, and the Weather Channel app has been selling your location data to third parties.

Last month Australia passed a sweeping surveillance law, quickly and without meaningful debate, called the Assistance and Access Act. Like the UK's Investigatory Powers Act of 2016. this law aims to give authorities unprecedented power to force makers of messaging services to break their software and lie to their users. Danny O'Brien, International Director for the Electronic Frontier Foundation, helps us understand the true implications of these law and why they are truly harmful to democracy. Guest Information Danny O'Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped make the UK Parliament more transparent with FaxYourMP. He was EFF's activist from 2005 to 2007, and its international outreach coordinator from 2007-2009. After three years working to protect at-risk online reporters with the Committee to Protect Journalists, he returned to EFF in 2013 to supervise EFF's global strategy. He is also the co-founder of the Open Rights Group, Britain's own digital civil liberties organization. Twitter: @EFF, @malaWebsite: https://www.eff.org/ Further Information: Truly Secure Messaging: https://firewallsdontstopdragons.com/truly-secure-mobile-calls-and-messaging-for-free/Why Privacy Matters (TED Talk): https://www.ted.com/talks/glenn_greenwald_why_privacy_mattersThe Value of Privacy: https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.htmlDonate to the EFF! https://supporters.eff.org/donate/join-4

Just because you're not paranoid doesn't mean they're not following you. A new study finds that Android phones tattle on you up to 340 times a day.

It's that time of year again - time to make your New Years Resolutions! You know all those really important things I've been telling you to do, but you haven't done? Well, I'm listing out the top ones on today's show - and challenging each of you to check them off this year! There's also a lot of news to catch you up on: why the green padlock symbol doesn't mean what you think it does, an update on the SuperMicro computer spy chips, fitness apps stealing $120 from its users, scammers calling seniors pretending to be grandkids, US border agents not taking care of your private data, and a stunning NY Times study about all the apps that are tracking your location Further Reading NY Times article on location tracking: https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.htmlReview my podcast! https://itunes.apple.com/us/podcast/firewalls-dont-stop-dragons-podcast/id1213366517?mt=2# Worst passwords of 2018: https://www.teamsid.com/100-worst-passwords/