Firewalls Don't Stop Dragons Podcast

Bitcoin has been all over the news lately, and rightly so. The digital “coin” was worth $1000 a year ago, and peaked at nearly $20,000 last month - an increase of 2000% in one year! And yet it’s lost almost half that value in the last two weeks. What is Bitcoin, anyway? Should you invest in it? How would you even do that if you wanted to? I’ve invited Berkley security researcher Nick Weaver back to the program to answer these questions and many more! Nick’s an enlightened and entertaining guest, and he pulls no punches. And trust me, Nick has some very strong opinions on cryptocurrencies like Bitcoin and the crazy market dynamics surrounding them! Nick Weaver received a B.A. in Astrophysics and Computer Science in 1995, and his Ph.D. in Computer Science in 2003 from the University of California at Berkeley. Although his dissertation was on novel FPGA architectures, he also was highly interested in Computer Security, including postulating the possibility of very fast computer worms in 2001. In 2003, he joined the International Computer Science Institute (ICSI), first as a postdoc and then as a staff researcher. His primary research focus is on network security, notably worms, botnets, and other internet-scale attacks, and network measurement. Other areas have included both hardware acceleration and software parallelization of network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user's network connection. For Further Insight: Website: http://www1.icsi.berkeley.edu/~nweaver Follow on Twitter: https://twitter.com/ncweaver Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Despite being available for seven years, less than 10% of Google users have taken advantage of two-factor authentication. And yet, two-factor (or “two-step”) authentication is probably the best option today for most people to truly lock down their most important online accounts. I’ll tell you why it’s so effective and explain how you set it up. We’ll also talk about the security news of the week including yet another Intel chip bug that could allow bad guys to hack your laptop in under 30 seconds, a high-tech targeted attack on WhatsApp and Signal users, a Netflix phishing campaign that’s trying to get your credit card info, and a nasty bit of Mac malware that can compromise all your web communications. For further Insight: Sites that support two-factor auth: https://twofactorauth.org/ Setting up and using Google Authenticator: http://firewallsdontstopdragons.com/two-factor-authentication/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

When can anyone search through your most intimate records and belongings? When you throw them away, of course! The US Supreme Court has already ruled that the Fourth Amendment doesn’t protect your garbage can or recycle bin. Today we talk about a very interesting case in Oregon where local reporters turned the tables on the authorities, with very interesting results. I’ll also update you on the latest WiFi security standards, a police department that awarded cybersecurity quiz takers with infected USB drives, and some welcome (but limited) changes to border search policies for electronic devices. For Further Insight:  Portland dumpster diving: http://www.wweek.com/portland/article-1616-rubbish.html-2 Picking a good shredder: http://firewallsdontstopdragons.com/take-out-trash-securely/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

This week a couple of truly nasty computer hardware bugs were revealed by security researchers. Dubbed Meltdown and Spectre, the exploits take advantage of performance features found in Intel CPU chips as far back as 1995 and most other modern CPUs from AMD and ARM. Luckily, chip and software makers have been working in the background for months on fixes and mitigations, and many of them have already been deployed. I’ll walk you through what these bugs are, what they actually mean to you, and what you can do to limit your exposure to them. Sadly, this is probably just the first of many hardware bugs that will be revealed - and hardware bugs are often very hard if not impossible to fix without simply replacing the entire device. For Further Insight: Official website for Meltdown/Spectre: https://meltdownattack.com/ Helpful list of affected systems and current state of fixes: https://gizmodo.com/check-this-list-to-see-if-you-re-still-vulnerable-to-me-1821780843 How to surf the web safely: http://firewallsdontstopdragons.com/browser-safety-choose-weapon/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Can law enforcement force you to divulge your passwords? How do you limit the scope of a search warrant on an iPhone? Is powerful encryption technology creating ‘warrant-free zones’ in cyberspace? Or are we actually in the Golden Age of Surveillance? Today I speak with Andrew Crocker (Staff Attorney at the Electronic Frontier Foundation) about how our Constitutional rights work in cyberspace. We’ll talk about the locked iPhone in the Texas mass shooting case and discuss how it relates to the San Bernardino case from 2015 and the Crypto Wars of the 1990’s. Andrew Crocker is a staff attorney on the Electronic Frontier Foundation’s civil liberties team. He focuses on EFF’s national security and privacy docket, as well as the Coders' Rights Project. While in law school, Andrew worked at the Berkman Center for Internet and Society, the American Civil Liberties Union’s Speech, Privacy, and Technology Project, and the Center for Democracy and Technology. He received his undergraduate and law degrees from Harvard University and an M.F.A. in creative writing from New York University. For Further Insight: Website: https://www.eff.org/ Follow on Twitter: https://twitter.com/agcrocker, https://twitter.com/EFF Donate to the EFF! https://supporters.eff.org/donate Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

It’s that time of year again - time for New Years Resolutions! While you consider going to the gym or maybe drinking a little less, we’re in the Information Age now - and that means you need to get your digital house in order, too! In our first show of 2018, I’ll give you several great projects to improve your cybersecurity and privacy - some easy, some that will take some time - but all of them are crucial in today’s world of hackers and prying eyes. With these top tips, you’ll be protected against malware, computer crashes, mass surveillance, and overzealous marketers! For Further Insight: LastPass password manager: https://www.lastpass.com/ TunnelBear VPN: https://www.tunnelbear.com/ Firefox web browser: https://www.mozilla.org/en-US/firefox/ Backblaze cloud backup: https://www.backblaze.com/cloud-backup.html#af9kxp Signal secure messaging app: https://signal.org/ ProtonMail: https://protonmail.com/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

While you have some down time over the holidays, it’s a great opportunity to learn something new. I humbly suggest some cybersecurity and privacy “homework” that is both entertaining and educational! Like watching documentaries? Maybe you prefer to curl up by the fire with a good book? I’ve got you covered! In the news this week, we have yet another staggeringly large data breach - though it’s not clear whether the bad guys found it before it was locked down. Is your iPhone 6 or 7 running slower than it used to? You may not be imagining it - Apple did it on purpose, and I explain why. For Further Insight: EFF’s Surveillance Self-Defense: https://ssd.eff.org/en Stay Safe Online: https://staysafeonline.org/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Net Neutrality suffered a severe but expected setback this week when the new FCC repealed the protections enacted in 2015 by a 3-2 party line vote, without any public hearings or investigation into flawed comment system. Call your Congressman! Bitcoin value has soared in the last few months… but what the heck is a Bitcoin? I’ll explain what all the buzz is about. I’ll also tell you about massive database of 1.4 billion cracked passwords and give you several tips for buying those last-minute holiday gifts online! For Further Insight: 11 Lies about Net Neutrality: https://www.popsci.com/net-neutrality-lies Net Neutrality isn’t dead: https://www.battleforthenet.com/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Many of the most important voices on the web today are individuals or small, low-budget organizations: human rights groups, investigative journalists, political dissidents, and fighters for democracy in repressive regimes. These groups don’t have the wherewithal to defend themselves against hackers and bad state actors that would prefer their voices not be heard. Projects like Cloudflare’s Galileo and Google’s Shield help these at-risk groups to weather the heaviest of Internet storms, making sure that their voices cannot be silenced - without having to pay a dime. Doug Kramer, General Counsel for Cloudflare, helps us understand why these projects and groups are so important and how these programs help to protect their websites from attack. Doug Kramer is General Counsel of Cloudflare, where he is responsible for managing the legal, policy, and trust and safety teams. In this role, Doug helps address the broad range of issues that touch the company's operations around the world. Prior to joining Cloudflare, Doug worked for seven years in senior positions in the Obama Administration, including as Deputy Assistant to the President and White House Staff Secretary, as the Deputy Administrator of the US Small Business Administration, and General Counsel at USAID. He previously worked in private practice in Washington, DC and Kansas City. He received Bachelor’s degree in Philosophy and English from Georgetown University and his J.D. from University of Chicago Law School. For Further Insight: Website: https://www.cloudflare.com Project Galileo: https://www.cloudflare.com/galileo/ Project Shield: https://projectshield.withgoogle.com/public/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

The gift-giving season is upon us and technology presents are always popular! But what you may not realize that the hackers and marketers out there are secretly hoping you’ll give your friends and family certain gifts, too! In this special holiday episode, I’ll tell you about some of the best and the worst holiday gifts and accessories, from a security and privacy viewpoint. Thinking about giving someone a DNA analysis kit? You might want to think again! Which computers and smart devices are the most secure? And are there products I can buy to help make them more secure? You bet! Tune in - I’ve got you covered! For Further Insight: Read this before buying a DNA test: https://vitals.lifehacker.com/what-you-should-know-before-you-gift-someone-a-dna-test-1820774515 Best WiFi Routers: https://thewirecutter.com/reviews/best-wi-fi-router/ Setting your Router’s DNS to Quad9: http://firewallsdontstopdragons.com/evading-malware-quad9-dns/ Data and Goliath: https://www.schneier.com/books/data_and_goliath/ Little Brother: https://craphound.com/littlebrother/download/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons