Firewalls Don't Stop Dragons Podcast

WikiLeaks dumped almost 9000 pages of secret CIA documents on the web for all to see, detailing dozens of secret hacking tools and techniques. What does this all mean for you and me? In this week’s interview, I speak with Daniel Davis from the privacy-preserving web search engine company DuckDuckGo. We discuss how crafty marketing services are attempting to track everywhere you go on the web in an effort to show you highly targeted (and highly profitable) advertising. We explain how it all works and give you several tips on how you can protect your privacy. Daniel Davis is Community Manager at DuckDuckGo, the search engine that doesn't track you. Working with both contributing developers and end users, he's passionate about spreading the benefits of open source and online privacy. For Further Insight: Website: https://duckduckgo.com The company's blog: https://spreadprivacy.com Follow on Twitter: https://twitter.com/duckduckgo Connect on Linkedin: https://www.linkedin.com/company/duck-duck-go Send me your questions! I’ll answer them online at the end of each show. CareyParker@americaoutloud.com TRANSCRIPT OF FULL INTERVIEW Carey: Hello, everybody. This is Carey Parker, and welcome to another edition of Firewalls Don't Stop Dragons. We've got a little bit of news to catch up on first, and then we will be having an excellent interview with Daniel Davis from DuckDuckGo. So I definitely think the big news this week is the massive dump of documents, secret documents from the CIA on WikiLeaks. What's been dubbed “The Vault Seven Dump” I guess, or Vault Seven Documents.  Something like almost 9,000 pages of internal secret CIA documents that were released by WikiLeaks. There's a lot of really interesting aspects to this. So it's a great news topic for the weekend. Let's talk about this a little bit, and what we know, what we don't know, what's important, and frankly, what's not so important. So first of all, in case you haven't heard, WikiLeaks published a bunch of documents, what they actually is the first of many more to come of what appeared to be internal CIA documents detailing tools and techniques that they use to hack into people's devices. That would be smartphones, computers, home routers, even televisions, which we'll talk about here in a minute.  So far, we believe this information is probably real. This information also kind of appears to be at least one to two years old, which has some silver lining benefits in that most of the stuff that's detailed there as far as we know is probably mostly fixed. Most of these kind of vulnerabilities and exploits, things we call Zero Day Vulnerabilities or Zero Day Exploits, get patched over time. Because these companies care about security, they learn about these bugs and they fix them. It's the bugs that allow hackers and groups like the CIA to get into our devices and make them do things they weren't supposed to do.  Zero Day, by the way, is a term you'll hear a lot. The idea, the meaning of the term is that it's the first day of knowing about something that has been out there for certain amount of time. So the bad guys probably know about it, but it's the first time we know about it. So it's the Day Zero. So they're called Zero Day Exploits.  What else do we know? Well, we really don't know who leaked it. I mean obviously WikiLeaks published it. We don't know who gave this information to WikiLeaks, so was it somebody working within the CIA who's doing a whistleblower kind of a thing? Or was it some foreign government that hacked into the CIA and decided it would be a good idea to embarrass the CIA by publishing this information. We really don't know.  We also don't know why it was leaked, because we don't know who … We can't even really speculate as to why this might have been released. Those are very important questions to ask and understand at some point, but at this point, from what I've read, we don't know either. We also don't know who,

“Phishing” is one of the most common and most effective ways for the bad guys to get your passwords or credit card information. In this episode, I’ll be discussing this classic hacking tactic that has grown by leaps and bounds in just the last year – one report said phishing attacks grew over 250% in the first quarter of 2016 alone. Secretary of Homeland Security Jeh Johnson recently said that “the most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing.” Tune in to find out what phishing is all about and how best to protect yourself! In the news this week, we ask the question: Can drones steal your computer information by video taping the flashing light on your PC?? (Spoiler alert: Look up Betteridge's Law of Headlines.) Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring security belt programs to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Security Advocates, empowering engineers to “build security in” to all products at Cisco. He led the creation of Cisco’s internal, end-to-end security belt program launched in 2012. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP. For Further Insight: Website, www.securityjourney.com Follow on Twitter, @SecurityJourney Facebook, https://www.facebook.com/SecJourney/

The media was once again telling everyone to light their hair on fire over the latest web bug that threatens to expose all of our private information – a bug they called CloudBleed. In this show, I use this particular web vulnerability to discuss how the media so often gets the reporting on these things totally wrong. In today’s world, where every headline is dire and begs to be clicked on, the phrase “if it bleeds it leads” has never been more true. We’ll talk about just what CloudBleed is and why the chances of it affecting you are likely very small – despite what most of the articles would have you believe. Meet Carey Parker, he is a software engineer, cyber security expert and published author of the book, and now podcast Firewalls Don’t Stop Dragons, A Guide to Computer Security for non-techies. His primary goal is to help everyday non-technical people and small businesses understand how to be proactive in securing their computers and protecting their online privacy. For Further Insight: Glenn Greenwald, Why Privacy Matters, TED Talk NEW SHOW: FIREWALLS DON'T STOP DRAGONS