Firewalls Don't Stop Dragons Podcast

Chris Romeo regales us with tales of safe-cracking robots, demonic car washes, possessed Teslas, and hacking of voting machines! Where did this all happen? At the hacker conferences, of course! We’ll help you understand how hackers really think and what they really do every year in Las Vegas at the DEFCON and BlackHat conferences. Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring security belt programs to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Security Advocates, empowering engineers to “build security in” to all products at Cisco. He led the creation of Cisco’s internal, end-to-end security belt program launched in 2012. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP. For Further Insight: Website, www.securityjourney.com Follow on Twitter, @SecurityJourney Facebook, https://www.facebook.com/SecJourney/ Additional Resources: Hackers: Heroes of the Computer Revolution by Steven Levy WITH HOVER… YOUR PRIVACY IS INCLUDED Get 10% off your first domain name order!

In this final segment, we address the classic conundrum: law enforcement believes that your servers hold key information that would prevent a devastating terror attack, but revealing the information may violate the privacy of the client, or even other unrelated people. What do you do? Ladar Levison answers that very question. Prior to the interview, I explain what “secure email” really means and what it entails – it’s not nearly as simple as it might seem. And time is running out to submit your backup horror stories or maybe success stories! Send your tales to CareyParker@AmericaOutLoud.com for your chance to win a free copy of my book! Ladar Levison serves as the founder, president, and chief executive of Lavabit, where he has worked the past 12 years. Lavabit was created because Mr. Levison believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. Presently, Mr. Levison is focused on Lavabit’s Dark Mail Initiative, which aims to make end-to-end email encryption automatic and ubiquitous, while continuing to vigorously advocate for the privacy and free speech rights of all. For Further Insight: Website: www.lavabit.com Follow on Twitter: https://twitter.com/kingladar Additional Resources: Sign up for Lavabit secure email: https://lavabit.com/ Learn more about secure email: https://easycrypt.co/email-privacy-crash-course-part-1-introduction/

Ladar Levison is the CEO and Founder of Lavabit – a secure email service whose most famous customer was Edward Snowden. In part one of my two-part interview with Ladar, we discuss what happened when the FBI came knocking on his door, demanding access to his private security keys. Ladar shares some deep insights into the notion of privacy and intelligence gathering in this country, and how to strike the proper balance. I will also update you on the hot news from two top hacker conferences, including a nasty Mac virus and a bug in Broadcom WiFi chips found in over 1 BILLION devices worldwide. And I will tell you about one of the oldest and best fact-checking sites on the web, and why they need your help. For Further Insight: Website: www.lavabit.com Follow on Twitter: https://twitter.com/kingladar Additional Resources: Sign up for Lavabit secure email: https://lavabit.com/ How to remove Flash: http://firewallsdontstopdragons.com/ditch-flash/ The web’s original fact checker: http://snopes.com/

Is trust just an emotion or is it more than that? In this week’s episode, I speak at length with Jeffrey Ritter: a lawyer, diplomat, researcher and author of the book “Achieving Digital Trust”. We get to the heart of what it means to trust, how trust is gained and lost, and how living in the Information Age has had such a profound impact on all of the above. Jeffrey has some deep insights on how we can cope with the high rate of data and decision making inherent in this modern life – and shares some interesting stories along the way! Jeffrey Ritter currently serves as an External Lecturer at two of the world’s great universities for computer science, Johns Hopkins University and the University of Oxford, where he teaches graduate level courses in privacy engineering, information governance, and information security policy design. His career includes legal services to global corporations, leadership in the work of the United Nations and the American Bar Association, and ongoing academic research and writing on digital trust. I’ll also tell you how you can share your financial account information more securely using aggregator accounts and how to win a free copy of my book by sending me your best computer backup stories! Send your stories to CareyParker@AmericaOutLoud.com. For Further Insight: Website: www.jeffreyritter.com Follow on Twitter: https://twitter.com/Jeffrey_Ritter LinkedIn: https://www.linkedin.com/in/jeffreyritter/ Achieving Digital Trust: The New Rules for Business at the Speed of Light, is available on Amazon.com

What could be more crucial to a democracy than a voting system we can trust? Today I speak with Barbara Simons, President of VerifiedVoting.org, on why so many of our US election systems are vulnerable to hacking without leaving a trace. The solutions to these issues are well known and straightforward, and yet we can’t seem to come together in a unified way to implement them. We’ll discuss why the current systems are so bad, what needs to be done, and tell you what you can do to help. I will also tell you about a new file backup tool from Google, 14M Verizon customer records found online with no protection, why you might be wary about leaving your keys lying around in plain sight, and how to improve your privacy with Post-It Notes! Barbara Simons has been on the Board of Advisors of the U.S. Election Assistance Commission since 2008. She published Broken Ballots: Will Your Vote Count?, a book on voting machines co-authored with Douglas Jones. She also co-authored the report that led to the cancellation of Department of Defense’s Internet voting project (SERVE) in 2004 because of security concerns. In 2015 she co-authored the report of the U.S. Vote Foundation entitled The Future of Voting: End-to-End Verifiable Internet Voting, which included in its conclusions that “every publicly audited, commercial Internet voting system to date is fundamentally insecure.” Simons is a former President of the Association for Computing Machinery (ACM), the oldest and largest international educational and scientific society for computing professionals. She is President of Verified Voting and is retired from IBM Research. Get 10% off your first domain name order!   For Further Insight: Web site: VerifiedVoting.org Follow on Twitter: https://twitter.com/VerifiedVoting Further Reading: Does your state have proper voting machines? Do they have procedures for audits? https://www.verifiedvoting.org/ Google’s backup service: https://techcrunch.com/2017/07/12/google-launches-a-new-backup-sync-desktop-app-for-uploading-files-and-photos-to-the-cloud/ Change your Verizon PIN: https://www.verizonwireless.com/support/account-pin-faqs/ Copy a key with a photo: https://www.key.me/ Lose all your photos when your hard drive crashed? Did a cloud backup save your bacon when you had your phone stolen? Tell me your best backup stories for a chance to win a free copy of my book! Send them to CareyParker@AmericaOutLoud.com!

Passwords are the bane of our modern existence. Why the hell haven’t we figured out a better way to prove who we are? Today is the first in a series of educational shows that I’ve dubbed Castle Defense 101: Defending Your Digital Drawbridge. In our inaugural session, we’ll take a deep dive into the problem of passwords. What really makes a good password and how do I choose one? How can I possibly remember all these passwords? How often do I need to change my password? Why do we even need passwords, anyway – can’t we just use fingerprints or something? I will answer all of these questions and then some. I’ll even tell you why you should only ever know one single password! And finally, I’ll tell you how you can win a free copy of my book, Firewalls Don’t Stop Dragons! Domain names SAVE10% off your first order! For Further Insight: Some excellent password managers: LastPass , 1Password , Dashlane , Passwords Are Dead Long Live Passwords Firewalls Don't Stop Dragons: A Step-By-Step Guide to Computer Security for Non-Techies

Lawrence Abrams is the creator and CEO of Bleeping Computer, and he and I delve into the latest malware sweeping the globe called NotPetya (among other things). The supposed ransomware appears to be just plain mean, destroying all the data on your hard drive whether you pay the ransom or not. We’ll tell you what you need to know, including how to protect yourself and what to do if you think you might be infected. We talk about the usefulness of anti-virus software and give you the info you need to pick the right one for you. Finally, in my Tip of the Week, I explain why you need more than one account on your computer and how it can help to mitigate and isolate malware attacks. Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence’s area of expertise includes malware research, ransomware, and computer forensics. For Further Insight: Web site: BleepingComputer.com Twitter: https://twitter.com/BleepinComputer Facebook: https://www.facebook.com/BleepingComputer LinkedIn: https://www.linkedin.com/in/lawrence-abrams-43074a10/ Further Reading: BleepingComputer’s how to remove malware Windows antivirus software: Malwarebytes, ESET, Emsisoft, Kaspersky Creating non-admin accounts: Windows or MacOS

Are you ready for the next YouTube, Netflix or Hulu? Then you need to fight to save net neutrality. Today I discuss the threatened gutting of the hard-fought net neutrality rules with Ernesto Falcon from the Electronic Frontier Foundation. The new FCC chairman, Ajit Pai, is looking to undo the protections put into place that would allow the next Internet startup to compete on a level playing field. Internet Service Providers would like to put their massive thumbs on the digital scale, tipping the advantage to companies that can afford to pay or even to favor their own content. Now that we have deep-pocketed incumbents, we need net neutrality rules to allow the new guys a chance to compete fairly. In the news, we’ll discuss the 198M voter profiles that were left unprotected on the web, Microsoft’s abandonment of SMBv1 (that’s a good thing), Google’s move to respect your email privacy, and Girl Scouts becoming cyber experts! In my Tip of the Week, I’ll tell you how to avoid giving away too much information when needing to sign up to access web content. Prior to joining EFF, Ernesto worked as a legislative staffer for two Members of Congress (2004-2010). He then became Vice President of Government Affairs at Public Knowledge where he advocated on behalf of consumers on copyright issues and broadband competition. During his tenure, Public Knowledge was successful in achieving one of the largest consumer victories in telecom policy by defeating AT&T’s merger with T-Mobile. The following year, PK and EFF scored a major victory for consumers by rallying the Internet community to defeat the Stop Online Piracy Act (SOPA). After eight years in Washington DC, he returned to his home state of California to go to law school at McGeorge School of Law in order to strengthen his digital rights advocacy. Now, as an attorney, he is excited to rejoin the fight for consumers and Internet freedom. For Further Insight: Website: https://eff.org/ Follow on Twitter: https://twitter.com/EFFFalcon Additional Resources: Tell the FCC not to gut net neutrality: https://DearFCC.org Tell your representatives, too: https://act.eff.org/action/tell-congress-don-t-surrender-the-internet FOSCAM security vulnerabilities: http://thehackernews.com/2017/06/online-ip-camera-hacking.html Disposable and shared email accounts: mailinator.com, 10minutemail.com, bugmenot.com

If you use public WiFi of any sort at the hotel, airport, or coffee shop (AND WHO DOESN'T), then you need to pay attention. A VPN could be a viable answer to protect your data and your devices. The other big challenge is your Internet Service Provider at home is probably capturing and selling your web browsing info – there is something you can do at home to protect yourself as well. Dave Peck helped to create one of the best Virtual Private Network products on the market, and today he and I will discuss why you need a VPN and how to pick one. Dave is an independent software developer and co-founder of GetCloak.com, a very easy-to-use VPN service. Not clicking on links apparently isn’t good enough anymore – now you can’t even hover over them! Also, Microsoft and Adobe have some software updates that fix critical bugs in Windows and Flash. And for the Tip of the Week, I’ll tell you why you really just need to uninstall Flash completely and how to do it. Transfer your domain names and save 40% in June! https://hover.com/transfermydomain For Further Insight: Web site: https://davepeck.org/ Follow on Twitter: https://twitter.com/dangerdave Further Reading: Why It’s Hard to Pick a VPN: https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-vpn-provider/ Cloak VPN: https://www.getcloak.com/ TunnelBear VPN: https://www.tunnelbear.com/ VyprVPN: http://www.goldenfrog.com/vyprvpn/special/vpn-seasonal-special?offer_id=78&aff_id=3809 How to Uninstall Flash: http://firewallsdontstopdragons.com/ditch-flash/ How to Uninstall Shockwave: https://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/

The Internet of Things will soon include cars… what could possibly go wrong? If all the cars on the road could tell each other what they were doing, would that make us safer? Maybe. But if your car is constantly broadcasting this information, that would also make it trivial to track you everywhere you go. Worse yet, any time you put something on a network, it is immediately a target for hackers. Crashing a computer is one thing; crashing a car is quite different, but this is quickly becoming a reality we have to deal with. I will also tell you about an interesting new ‘travel mode’ feature from 1Password and talk about the Fireball adware that is already on over 250 million computers. We’ll wrap up with a new Tip of the Week, just in time for summer storm season! Jamie Williams is a staff attorney at the Electronic Frontier Foundation, where she is part of the civil liberties team. Jamie focuses on the First and Fourth Amendment implications of new technologies. She also co-taught Internet Law at University of California Berkeley, School of Law. Jamie joined EFF in 2014 as a Frank Stanton Legal Fellow. Prior to joining EFF, Jamie clerked for Judge Saundra Brown Armstrong in the Northern District of California. Before her clerkship, she was a litigation associate at Paul Hastings LLP and an attorney law clerk at the Alameda County Public Defender. Jamie has a J.D. from the University of California, Berkeley School of Law (Boalt Hall) and a B.A. in journalism from the University of Wisconsin, Madison. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: www.eff.org Follow on Twitter: https://twitter.com/jamieleewi LinkedIn: https://www.linkedin.com/in/jamie-williams-60635555/ Further Reading: EFF article on v2v communication issues: https://www.eff.org/deeplinks/2017/05/danger-ahead-governments-plan-vehicle-vehicle-communication-threatens-privacy Automated License Plate Readers: https://www.eff.org/sls/tech/automated-license-plate-readers/faq#faq-Are-private-companies-using-ALPRs Who has your back? https://www.eff.org/who-has-your-back-2016 Finding and removing Fireball adware: http://computerfixguide.com/how-can-i-remove-fireball-malware-effectively/ Best UPS: http://thewirecutter.com/reviews/best-uninterruptible-power-supply-ups/