Firewalls Don't Stop Dragons Podcast

If a vote falls in a ballot box, but there’s no one there to see it - does it count? Marian Schneider, President of Verified Voting, explains why so many of our national voting systems have absolutely no way of being audited. Digital technology has been a wonderful boon for this world, but when it comes to something as fundamental to democracy as casting a vote, you simply must have a physical record that you can verify by hand if necessary. It may already be too late for the 2018 midterm elections, but we simply must have this fixed for 2020. We’ll tell you how you can get involved and make a real difference. This is a non-partisan issue that affects us all. As the President of Verified Voting, Marian Schneider brings a strong grounding in the legal and constitutional elements governing voting rights and elections, as well as experience in election administration at the state level. Immediately before becoming President of Verified Voting, Marian served as Special Advisor and Deputy Secretary for Elections and Administration, to Pennsylvania Gov. Tom Wolf. Marian received her J.D. from The George Washington University, where she was a member of the Law Review, and earned her B.A. degree cum laude from the University of Pennsylvania. For Further Insight: Website: www.verifiedvoting.org Follow on Twitter: https://twitter.com/VerifiedVoting Facebook: https://www.facebook.com/VerifiedVoting/

Facebook has wants your face. Guess we should have seen that coming. While Facebook has been using face recognition for years now, it began notifying users in December of much broader use of this technology. Of course, they will tell you that you are the prime beneficiary, but by accepting this new feature you may be enabling Facebook to do much more. Tune in and I’ll tell you all about it, including how to turn it off! We’ll also discuss how Apple is taking heat for moving some of its iCloud customers’ encryption keys to China, some great new privacy features coming soon to both Firefox and Android, and how you can see all your snail mail online (and maybe others can, too). For Further Insight:  How to turn off FB facial recognition: https://mashable.com/2018/02/28/how-to-turn-off-facebook-face-recognition/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Should you cover your webcam? Is anti-virus software worth the money? How do you know if you’ve been hacked? How do you know what software you can trust? We’ll cover all of these topics and more with Patrick Wardle, a computer security expert and ex-NSA hacker. While Patrick’s focus is Mac security, we also discuss PCs and mobile devices, and much more! Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, and as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users. For Further Insight: Website: https://objective-see.com/ Twitter URL: https://twitter.com/patrickwardle Optional guest headshot: https://2016.zeronights.org/wp-content/uploads/2016/09/Patrick_Wardle.jpeg Support Patrick! https://www.patreon.com/objective_see Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

You know the best way to limit what malware can do on your system? Limit what YOU can do! Software on computers generally inherits the privileges of the current user. The problem is that the default account that comes with all computers has full administrator privileges - you can do anything. And whatever you can do, malware can also do. The solution is to always have a non-admin account that you use for day-to-day activities, reserving your admin account for very special tasks. According to experts, using a non-admin account could have mitigated 80% of critical Microsoft bugs in 2017. I’ll also talk about Chrome’s new “ad filter” that falls well short, a bug on Apple devices that will allow a single character to crash your messaging apps, a new “turducken” Microsoft vulnerability, a nasty Skype bug that Microsoft claims takes “too much effort to fix”, and a new Facebook app feature called “protect” that should really be called “spy”. For Further Insight: How to set up non-admin accounts: http://firewallsdontstopdragons.com/use-non-admin-account/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Do you know where your software’s been? If you’re downloading your apps and driver software from third parties, you may be getting more than you bargained for. Software download sites may be attaching unwanted extras to your installers in order to make money. And bad guys are also hacking these sites to trick you into downloading malware. I’ll tell you how to ensure your software is pristine. In other news, Equifax admits that it lost even more sensitive information in the massive hack that affected over 145 million customers last year. Some key Apple source code in revealed that may help hackers attack your iPhone. And Lenovo announces critical bugs in the WiFi software on many of its ThinkPad laptops.

Our mobile phones today are chock full of private information and are constantly tattling about our whereabouts and activities. Most phones today have GPS, WiFi, Bluetooth, motion detectors, magnetic field detectors, microphones, cameras, and of course cellular radios. Some even have facial recognition built right in. With all this personal data and telemetry information, is it even possible to prevent tracking and information leakage? CLICK FOR FULL TRANSCRIPT OF INTERVIEW Today we discuss these topics and more with Daniel Davis from DuckDuckGo - a company dedicated to protecting your privacy. He and I discuss DuckDuckGo’s new privacy-focused smartphone app, along with other tips and techniques to guard your privacy on your mobile devices. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet takes you. CLICK FOR FULL TRANSCRIPT OF INTERVIEW For Further Insight: Website: https://duckduckgo.com Twitter URL: https://twitter.com/duckduckgo LinkedIn URL: https://www.linkedin.com/company/duck-duck-go New DuckDuckGo mobile app: https://duckduckgo.com/app DuckDuckGo privacy guides: https://spreadprivacy.com/tag/device-privacy-tips/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

It's that time of year again: tax time. And that means it's also high season for identity thieves and scammers. Millions of people are affected by fake tax return filings every year. Phone and email scams lure unsuspecting victims to give away their money or identity. In today’s episode, I’ll tell you how to protect yourself. In this week’s news, we’ll talk about why California won’t let you cover your license plate while parked, discuss yet another Adobe Flash bug, and explain how fitness trackers may be revealing covert military sites around the world. For Further Insight:  Full blog article on tax return fraud: https://firewallsdontstopdragons.com/preventing-tax-return-fraud/ Think someone filed a fraudulent tax return in your name? Check this article: https://krebsonsecurity.com/2018/01/file-your-taxes-before-scammers-do-it-for-you/ Set up your MySSA account, even if you’re years away from retirement: https://www.ssa.gov/myaccount/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Data Privacy Day is upon us, and today is the day you take back your online privacy. And I’m going to help you do it. There’s no more standing on the sidelines and hoping someone else will fix this for you. You need to get off your butt and do something - and today is the day to do it. Corporations have sold loads of compelling and powerful “free” tools and services. But if the product is free, then you are the product. Making us watch ads was all well and good, until those ads started watching us back. They’ve gone too far and now we are duty-bound to push back. Privacy is a human right and our privacy has never been more in jeopardy that right now. Now is the time to assert your rights and make your voices heard. For Further Insight: http://firewallsdontstopdragons.com/data-privacy-day-checklist/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Bitcoin has been all over the news lately, and rightly so. The digital “coin” was worth $1000 a year ago, and peaked at nearly $20,000 last month - an increase of 2000% in one year! And yet it’s lost almost half that value in the last two weeks. What is Bitcoin, anyway? Should you invest in it? How would you even do that if you wanted to? I’ve invited Berkley security researcher Nick Weaver back to the program to answer these questions and many more! Nick’s an enlightened and entertaining guest, and he pulls no punches. And trust me, Nick has some very strong opinions on cryptocurrencies like Bitcoin and the crazy market dynamics surrounding them! Nick Weaver received a B.A. in Astrophysics and Computer Science in 1995, and his Ph.D. in Computer Science in 2003 from the University of California at Berkeley. Although his dissertation was on novel FPGA architectures, he also was highly interested in Computer Security, including postulating the possibility of very fast computer worms in 2001. In 2003, he joined the International Computer Science Institute (ICSI), first as a postdoc and then as a staff researcher. His primary research focus is on network security, notably worms, botnets, and other internet-scale attacks, and network measurement. Other areas have included both hardware acceleration and software parallelization of network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user's network connection. For Further Insight: Website: http://www1.icsi.berkeley.edu/~nweaver Follow on Twitter: https://twitter.com/ncweaver Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Despite being available for seven years, less than 10% of Google users have taken advantage of two-factor authentication. And yet, two-factor (or “two-step”) authentication is probably the best option today for most people to truly lock down their most important online accounts. I’ll tell you why it’s so effective and explain how you set it up. We’ll also talk about the security news of the week including yet another Intel chip bug that could allow bad guys to hack your laptop in under 30 seconds, a high-tech targeted attack on WhatsApp and Signal users, a Netflix phishing campaign that’s trying to get your credit card info, and a nasty bit of Mac malware that can compromise all your web communications. For further Insight: Sites that support two-factor auth: https://twofactorauth.org/ Setting up and using Google Authenticator: http://firewallsdontstopdragons.com/two-factor-authentication/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons