Firewalls Don't Stop Dragons Podcast

You know the best way to limit what malware can do on your system? Limit what YOU can do! Software on computers generally inherits the privileges of the current user. The problem is that the default account that comes with all computers has full administrator privileges – you can do anything. And whatever you can do, malware can also do. The solution is to always have a non-admin account that you use for day-to-day activities, reserving your admin account for very special tasks. According to experts, using a non-admin account could have mitigated 80% of critical Microsoft bugs in 2017. I’ll also talk about Chrome’s new “ad filter” that falls well short, a bug on Apple devices that will allow a single character to crash your messaging apps, a new “turducken” Microsoft vulnerability, a nasty Skype bug that Microsoft claims takes “too much effort to fix”, and a new Facebook app feature called “protect” that should really be called “spy”. For Further Insight: How to set up non-admin accounts: http://firewallsdontstopdragons.com/use-non-admin-account/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Do you know where your software’s been? If you’re downloading your apps and driver software from third parties, you may be getting more than you bargained for. Software download sites may be attaching unwanted extras to your installers in order to make money. And bad guys are also hacking these sites to trick you into downloading malware. I’ll tell you how to ensure your software is pristine. In other news, Equifax admits that it lost even more sensitive information in the massive hack that affected over 145 million customers last year. Some key Apple source code in revealed that may help hackers attack your iPhone. And Lenovo announces critical bugs in the WiFi software on many of its ThinkPad laptops.

Our mobile phones today are chock full of private information and are constantly tattling about our whereabouts and activities. Most phones today have GPS, WiFi, Bluetooth, motion detectors, magnetic field detectors, microphones, cameras, and of course cellular radios. Some even have facial recognition built right in. With all this personal data and telemetry information, is it even possible to prevent tracking and information leakage? CLICK FOR FULL TRANSCRIPT OF INTERVIEW Today we discuss these topics and more with Daniel Davis from DuckDuckGo – a company dedicated to protecting your privacy. He and I discuss DuckDuckGo’s new privacy-focused smartphone app, along with other tips and techniques to guard your privacy on your mobile devices. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet takes you. CLICK FOR FULL TRANSCRIPT OF INTERVIEW For Further Insight: Website: https://duckduckgo.com Twitter URL: https://twitter.com/duckduckgo LinkedIn URL: https://www.linkedin.com/company/duck-duck-go New DuckDuckGo mobile app: https://duckduckgo.com/app DuckDuckGo privacy guides: https://spreadprivacy.com/tag/device-privacy-tips/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

It's that time of year again: tax time. And that means it's also high season for identity thieves and scammers. Millions of people are affected by fake tax return filings every year. Phone and email scams lure unsuspecting victims to give away their money or identity. In today’s episode, I’ll tell you how to protect yourself. In this week’s news, we’ll talk about why California won’t let you cover your license plate while parked, discuss yet another Adobe Flash bug, and explain how fitness trackers may be revealing covert military sites around the world. For Further Insight:  Full blog article on tax return fraud: https://firewallsdontstopdragons.com/preventing-tax-return-fraud/ Think someone filed a fraudulent tax return in your name? Check this article: https://krebsonsecurity.com/2018/01/file-your-taxes-before-scammers-do-it-for-you/ Set up your MySSA account, even if you’re years away from retirement: https://www.ssa.gov/myaccount/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Data Privacy Day is upon us, and today is the day you take back your online privacy. And I’m going to help you do it. There’s no more standing on the sidelines and hoping someone else will fix this for you. You need to get off your butt and do something – and today is the day to do it. Corporations have sold loads of compelling and powerful “free” tools and services. But if the product is free, then you are the product. Making us watch ads was all well and good, until those ads started watching us back. They’ve gone too far and now we are duty-bound to push back. Privacy is a human right and our privacy has never been more in jeopardy that right now. Now is the time to assert your rights and make your voices heard. For Further Insight: http://firewallsdontstopdragons.com/data-privacy-day-checklist/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Bitcoin has been all over the news lately, and rightly so. The digital “coin” was worth $1000 a year ago, and peaked at nearly $20,000 last month – an increase of 2000% in one year! And yet it’s lost almost half that value in the last two weeks. What is Bitcoin, anyway? Should you invest in it? How would you even do that if you wanted to? I’ve invited Berkley security researcher Nick Weaver back to the program to answer these questions and many more! Nick’s an enlightened and entertaining guest, and he pulls no punches. And trust me, Nick has some very strong opinions on cryptocurrencies like Bitcoin and the crazy market dynamics surrounding them! Nick Weaver received a B.A. in Astrophysics and Computer Science in 1995, and his Ph.D. in Computer Science in 2003 from the University of California at Berkeley. Although his dissertation was on novel FPGA architectures, he also was highly interested in Computer Security, including postulating the possibility of very fast computer worms in 2001. In 2003, he joined the International Computer Science Institute (ICSI), first as a postdoc and then as a staff researcher. His primary research focus is on network security, notably worms, botnets, and other internet-scale attacks, and network measurement. Other areas have included both hardware acceleration and software parallelization of network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user's network connection. For Further Insight: Website: http://www1.icsi.berkeley.edu/~nweaver Follow on Twitter: https://twitter.com/ncweaver Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Despite being available for seven years, less than 10% of Google users have taken advantage of two-factor authentication. And yet, two-factor (or “two-step”) authentication is probably the best option today for most people to truly lock down their most important online accounts. I’ll tell you why it’s so effective and explain how you set it up. We’ll also talk about the security news of the week including yet another Intel chip bug that could allow bad guys to hack your laptop in under 30 seconds, a high-tech targeted attack on WhatsApp and Signal users, a Netflix phishing campaign that’s trying to get your credit card info, and a nasty bit of Mac malware that can compromise all your web communications. For further Insight: Sites that support two-factor auth: https://twofactorauth.org/ Setting up and using Google Authenticator: http://firewallsdontstopdragons.com/two-factor-authentication/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

When can anyone search through your most intimate records and belongings? When you throw them away, of course! The US Supreme Court has already ruled that the Fourth Amendment doesn’t protect your garbage can or recycle bin. Today we talk about a very interesting case in Oregon where local reporters turned the tables on the authorities, with very interesting results. I’ll also update you on the latest WiFi security standards, a police department that awarded cybersecurity quiz takers with infected USB drives, and some welcome (but limited) changes to border search policies for electronic devices. For Further Insight:  Portland dumpster diving: http://www.wweek.com/portland/article-1616-rubbish.html-2 Picking a good shredder: http://firewallsdontstopdragons.com/take-out-trash-securely/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

This week a couple of truly nasty computer hardware bugs were revealed by security researchers. Dubbed Meltdown and Spectre, the exploits take advantage of performance features found in Intel CPU chips as far back as 1995 and most other modern CPUs from AMD and ARM. Luckily, chip and software makers have been working in the background for months on fixes and mitigations, and many of them have already been deployed. I’ll walk you through what these bugs are, what they actually mean to you, and what you can do to limit your exposure to them. Sadly, this is probably just the first of many hardware bugs that will be revealed – and hardware bugs are often very hard if not impossible to fix without simply replacing the entire device. For Further Insight: Official website for Meltdown/Spectre: https://meltdownattack.com/ Helpful list of affected systems and current state of fixes: https://gizmodo.com/check-this-list-to-see-if-you-re-still-vulnerable-to-me-1821780843 How to surf the web safely: http://firewallsdontstopdragons.com/browser-safety-choose-weapon/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Can law enforcement force you to divulge your passwords? How do you limit the scope of a search warrant on an iPhone? Is powerful encryption technology creating ‘warrant-free zones’ in cyberspace? Or are we actually in the Golden Age of Surveillance? Today I speak with Andrew Crocker (Staff Attorney at the Electronic Frontier Foundation) about how our Constitutional rights work in cyberspace. We’ll talk about the locked iPhone in the Texas mass shooting case and discuss how it relates to the San Bernardino case from 2015 and the Crypto Wars of the 1990’s. Andrew Crocker is a staff attorney on the Electronic Frontier Foundation’s civil liberties team. He focuses on EFF’s national security and privacy docket, as well as the Coders' Rights Project. While in law school, Andrew worked at the Berkman Center for Internet and Society, the American Civil Liberties Union’s Speech, Privacy, and Technology Project, and the Center for Democracy and Technology. He received his undergraduate and law degrees from Harvard University and an M.F.A. in creative writing from New York University. For Further Insight: Website: https://www.eff.org/ Follow on Twitter: https://twitter.com/agcrocker, https://twitter.com/EFF Donate to the EFF! https://supporters.eff.org/donate Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons