Firewalls Don't Stop Dragons Podcast

We’ve talked about encryption in just about every single one of these shows but we’ve never actually talked about what it means to encrypt something. Did you know that Julius Caesar used cryptography to send secret messages to his generals? You may have heard about the vaunted Enigma Machine used by the Germans in World War II, but how did it work? I’ll walk you through the basics of creating secret codes and how to crack them – the science of cryptography and cryptanalysis! Secret codes have one big problem, though: coded messages stick out like a sore thumb. When you capture a spy with a piece of paper full of gibberish, you can bet it’s a coded message. But what if you could hide your messages in plain site? That’s called steganography and I’ll explain how crafty people have hidden messages since the days of the Ancient Greeks. For Further Insight: The Code Book by Simon Singh The Code Breakers by David Kahn Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Wouldn’t it be great if you could speed up every single website you visit without paying a dime? Every time you go to a website, your computer or smartphone first has to look up how to get to get there – just like we used to have to look up people’s numbers in the phone book. The service we all use is the Domain Name System (DNS), and by default, your DNS provider is probably not very fast. Today, John Graham-Cumming (the CTO of Cloudflare) will carefully explain how this works and why his company’s 1.1.1.1 DNS service is so much faster than the default one you’re probably all using. Furthermore, Cloudflare’s service will keep your web surfing habits totally private – something your default service is almost surely NOT doing. John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, the San Francisco Chronicle, New Scientist and other publications. For Further Insight: Website: jgc.org Follow on Twitter: https://twitter.com/jgrahamc Cloudflare’s 1.1.1.1 DNS service Steve Gibson’s DNS Benchmarking tool: https://www.grc.com/dns/benchmark.htm DNS Perf speed check: https://www.dnsperf.com/

This was a huge week for location privacy rights. In a 5-4 ruling, the Supreme Court has ruled that law enforcement must now obtain a warrant to obtain your cell phone location history. You cell provider knows where you are 24/7 and keeps records of your whereabouts that can go back for years. Until this ruling, this location information was considered to be unprotected and could be freely provided to law enforcement without notice or permission. In related news, all major US cellular providers have voluntarily terminated agreements to provide your location to third party vendors due to several recent cases of abuse. On the other hand, Apple’s new iOS 12 will come with a feature that will automatically send detailed location information to 911 operators when you make an emergency call. We’ll talk about how end-to-encryption in WhatsApp has allowed girls in ISIS-controlled Syria to maintain their schooling. And if you have a really old web browser, it’s time to update it – at least if you still want to shop online!

Android devices are everywhere – not just smartphones, but smart TVs, DVRs, streaming TV boxes and tablets. And many of these devices a shipping with a wide open backdoor for hackers. The Android debug port is supposed to only be used during software development, but many manufacturers are shipping popular Android-based products with this debug interface wide open. Hackers can easily use this interface to hack these devices, often from anywhere on the planet. In other news, California is trying to follow Vermont’s lead by introducing consumer data protection regulations, but many huge tech companies are trying desperately to defeat the measure. I’ll update you on the VPNFilter malware that is affecting more and more of our home WiFi routers, yet another critical Adobe Flash bug, and a $99 “unbreakable” smart padlock that can be hacked in under two seconds. For Further Insight: Locking down your home routers: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

There are estimated to be 2500-4000 data brokers in the United States who are collecting, buying and selling your information. Vermont has become the first state to pass laws to regulate this data mining that is largely working in the dark with zero accountability. We need more laws like this and I’ll tell you what you can do in the meantime to take more control over your personal and private data. Also in the news, Apple has announced some fantastic new security and privacy features for it’s upcoming iOS and macOS releases, Facebook has screwed up again, turning posts from 14M people public when they were supposed to be private, and My Heritage DNA service annouces that its 92M customer passwords were stolen. For Further Insight: Opting out of data collection: https://www.stopdatamining.me/opt-out-list/ Opting out of marketing, phone calls: https://www.worldprivacyforum.org/2015/08/consumer-tips-top-ten-opt-outs/  Know that they have on you: https://www.aboutthedata.com/portal/registration/step1  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

When is a Virtual Private Network (VPN) not really private? Answer: When your VPN provider tracks where you go and sells that information to someone else. Today we’ll talk about a recent study that shows that many of the top free VPN services make their money by collecting and selling your browsing information. That seems to violate the “P” part of “VPN”, but let’s face it: if the product is free, then you are probably the product. I’ll help you find a VPN service that is truly private. In other news, Amazon’s Echo was recently caught recording a private conversation and sending it to a seemingly random person – should you be worried? Also, I’ll explain why shouting at your hard drives can cause corruption and tell you about a great new feature of the Privacy Badger browser plugin that will stop Facebook from tracking you. For Further Insight: Don’t shout at your hard drives: https://www.youtube.com/watch?v=tDacjrSCeq4 Choosing a truly private VPN: https://www.privacytools.io/#vpn Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Summer is upon us and for many of us that means travel – but before you even pack your bags, you need to listen to this podcast! In my interview with Michael Kaiser (the Executive Director of the National Cyber Security Alliance), we discuss all the cyber security and privacy issues you need to consider: before you go and while you’re traveling. Going abroad this summer? There are even more things you need to consider well before you leave! I also tell you why everyone needs to reboot their WiFi routers – by request of the FBI, no less! A Russian-made piece of malware called VPNFilter has infected half a million routers world-wise, and the remedy in most cases is simply to power-cycle or reboot your router. It’s easy to do and we should also take a few minutes to do it. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month (NCSAM) each October, Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT., the global online safety awareness and education campaign. NCSA builds efforts through public-private partnerships that address cybersecurity and privacy issues for a wide array of target audiences, including individuals, families and the education and business communities. In 2009, Mr. Kaiser was named one of SC Magazine’s information security luminaries. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: staysafeonline.org Follow on Twitter: https://twitter.com/MKaiserNCSA Facebook: https://www.facebook.com/staysafeonline/ LinkedIn: https://www.linkedin.com/in/michael-kaiser-3579752b NCSA’s Cyber Trip Advisor: https://www.stopthinkconnect.org/resources/preview/tip-sheet-ncsas-cyber-trip-advisor Reboot your router and set your admin password: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/

On May 25th, the European Union will begin enforcing the GDPR – a sweeping set of regulations designed to return control of user data back to the users. These rules apply to EU people, not EU companies – so if you have a business or website that deal with folks from the EU, then you need to comply with these rules. Note that even if it’s just a newsletter, you could be on the hook for damages if you didn’t obtain proper consent from your subscribers. Ruth Carter is an Arizona attorney and an authority on intellectual property, business startups, contracts, and internet law. She is an American Bar Association Legal Rebel, a Phoenix Business Journal 40 Under 40, and a Super Lawyers Southwest Rising Star. Ruth also wrote three best-selling books on guerrilla marketing and social media law including The Legal Side of Blogging: How Not to get Sued, Fired, Arrested, or Killed. Ruth is also a professional speaker and has spoken at South by Southwest, Content Marketing World, Intelligent Content Conference, Women in Travel Summit, BlogHer, Dad 2.0 Summit, Ungagged, Phoenix Comicon (now Phoenix Comic Fest), and BlogPaws. She's also been featured in the Wall Street Journal, Entrepreneur, CEO Blog Nation, U.S. News, and on NPR. For Further Insight: Website: GeekLawFirm.com Twitter: https://twitter.com/rbcarter LinkedIn: https://www.linkedin.com/in/ruthcarter Facebook: https://www.facebook.com/carterlawfirmpllc Book: https://www.amazon.com/The-Legal-Side-Blogging-ebook/dp/B009K4U5RU/  Terms of Service; Didn’t Read: https://tosdr.org/  Ruth’s blogs on complying with GDPR: http://carterlawaz.com/category/gdpr/  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Ever since WhatsApp was acquired by Facebook in 2014 for a staggering $19B, the extremely popular global messaging app has been losing its focus on privacy. WhatsApp co-founder Jan Koum (who grew up in the Soviet Union) has now left Facebook, and with him WhatsApp may have lost its last hope for retaining the user protections Koum carefully put in place. If you even considered leaving Facebook, you should consider leaving WhatsApp. In the news, we’ll talk about a software bug that may leave 350,000 internal defibrillators to hacking, the looming hail-Mary chance to save net neutrality, a new credit bureau you might want to freeze, more computer CPU chip bugs coming, a Twitter password change requirement, new iOS and Firefox privacy features, and getting into your next concert using just your face. For Further Insight:  Everything you need to know about credit freezes: https://krebsonsecurity.com/2018/05/another-credit-freeze-target-nctue-com/  Freezing your credit at NCTUE: 866-349-5355 Save Net Neutrality! https://battleforthenet.com  Try Signal! Get your friends to try it, too!! https://www.signal.org/  Blog article with more info: https://firewallsdontstopdragons.com/ditch-whatsapp-use-signal/  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Phil Zimmermann fought a multi-year court battle and risked years in jail in order to defend your right to privacy. Phil created an email encryption system called Pretty Good Privacy (PGP) in 1991 that is still the gold standard for private email today. I sat down with Phil to discuss his legacy and why we are truly in the Golden Age of Surveillance, despite claims by law enforcement that all communications are “going dark”. Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world. After the government dropped its case in early 1996, Zimmermann founded PGP Inc. That company was acquired by Network Associates Inc (NAI) in 1997. In 2002 PGP was acquired from NAI by a new company called PGP Corporation, where Zimmermann served as special advisor and consultant until its acquisition by Symantec in 2010. Since 2004, his focus has been on secure telephony for the Internet, developing the ZRTP protocol and creating products that use it, including Silent Phone and Zfone. Zimmermann is Co-founder of Silent Circle, a provider of secure communications services. For Further Insight: Website: https://www.philzimmermann.com/