Firewalls Don't Stop Dragons Podcast

October is National Cybersecurity Awareness Month! The theme this year is: if you connect it, protect it! And given how popular IoT devices are these days, and also how horrid their security usually is, this advice has never been more important. In today's show, I'll walk through some top cyber tips for protecting your devices and your home network. And there's a TON of news, as well: I'll update you on the "App Fairness" campaign from Epic, Protonmail, Spotify and others; watch out for fake Android messaging apps made to look like Threema or Telegram; Google's Chrome browser gets slammed for its poor privacy protections; Google is now giving out lists of people who searched on particular terms to law enforcement; Amazon is adding some new privacy options to their Alexa products, while also introducing a super-creepy home spy drone; should you let your insurance company track you? (spoiler: no); and Apple's T2 chip is found to have a severe, unfixable security flaw. Further Info: Cybersecurity & Infr

What do Apple, Tyson Foods and Worldwide Wrestling (WWE) all have in common? And what is "chickenization"? In part 2 of my interview with Cory Doctorow, he explains how some markets in the US economy are completely distorted by dominant sellers as well as dominant buyers. Seeing all of these specific markets as facets of a single economic problem, we can find common cause and perhaps a common solution. Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist. He is the author of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE, the nonfiction business book INFORMATION DOESN’T WANT TO BE FREE, and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His latest book is POESY THE MONSTER SLAYER, a picture book for young readers. His next book is ATTACK SURFACE, an adult sequel to LITTLE BROTHER. He maintains a daily blog at Pluralistic.net. He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliat

Apple and Epic Games are locked in an epic legal (and PR) battle that may determine the future of the App Store, the Google Play Store, and several other game distribution networks. At the heart of this debate is the disproportionate influence the app store owner has over the apps in their store, including demanding a hefty cut of the app maker's profits. How did we get to this place? How does this distort the market for software? When did "contempt of business model" become a felony? Today I'll discuss this and more with EFF's Cory Doctorow. Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist. He is the author of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE, the nonfiction business book INFORMATION DOESN’T WANT TO BE FREE, and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His latest book is POESY THE MONSTER SLAYER, a picture book for young readers. His next book is ATTACK SURFACE, an adult sequel to LITT

If you're a Windows PC user, you know the term "bloatware", or maybe "crapware". Every consumer PC comes chock full of it. Free trials of games, cloud storage services and antivirus software. Half a dozen "helper" apps from the PC manufacturer. Pre-installed calling, chat, and shopping services. It's a mess. But they're not just annoying. They can slow down your computer's startup and shutdown, and waste precious battery life on laptops. Today I'll share two ways to take out this trash. In other news: Android 11 and iOS 14 are out, and have neat new security and privacy features; Google is blocking W3C efforts to improve your privacy while also blocking resource-hogging ads in Chrome and blocking stalkerware apps in the Google Play Store; the FBI is now worried that video doorbells may actually let people spy on them; Facebook will try to ban deepfake political videos; and the US House unanimously passes a much-needed IoT security bill.

Enterprising scammers have found some very clever ways to trick you into believing your computer needs fixing, when in reality it's just fine. Using various techniques, fake web pop-up alerts can cause your browser or computer to seem sluggish or malfunctioning. And then you get a helpful pop-up alerting you of a serious problem and offering to help you fix it - for a fee. I'll tell you how to spot these fakes and how to recover from the issues they've inflicted. In other news: there's a new and nasty Bluetooth bug, Emotet malware infections are spiking, Apple accidentally notarized malware in its App Store, Apple chooses to delay it's key privacy feature on iOS 14 due to push back from marketing companies like Facebook, the Epic/Apple battle ratchets up yet again, a US circuit court rules that warrantless wiretapping is illegal, Portland enacts the country's strictest ban on facial recognition technology, and the secure messaging app Threema has decided to go open source. Further Info: Order the 4th

Did you know that Google's search can track you on a non-Chrome browser, even if you block third party cookies? And did you also know that there's a gaping privacy hole in web surfing that even a VPN may not fix? Is it possible to defeat browser fingerprinting? In the second half of my interview with Mozilla's Chief Security Officer Marshall Erwin, we'll answer these questions and much more. Marshall will give us his personal privacy tips and tell us about some upcoming Firefox features. And perhaps most importantly, he'll tell us what we can do to support Mozilla and Firefox. Marshall Erwin is the Chief Security Officer at the Mozilla Corporation, where he leads teams responsible for protecting Mozilla and its users. He also drives policy initiatives on encryption, government vulnerability disclosure, malicious online content, and online political advertising, as well as product initiatives to protect people from pervasive web tracking. Prior to joining Mozilla, Marshall worked in a variety of positions r

If you really care about online privacy, you can't use Google's Chrome browser. Google is an advertising company. Everything else they do is in support of that core business. If you want a secure, fast browser that is actually focused on protecting your privacy, you want to be using Mozilla's Firefox browser. Today I'll be speaking with Mozilla's Chief Security Officer, Marshall Erwin. We'll trace Firefox's heritage back to the stalwart Netscape Navigator and then dive into the ugly world of ubiquitous web tracking, by both governments and corporations. Are we really going dark? Why is privacy important? Are targeted ads really worth that much more than "dumb" ads? Marshall Erwin is the Chief Security Officer at the Mozilla Corporation, where he leads teams responsible for protecting Mozilla and its users. He also drives policy initiatives on encryption, government vulnerability disclosure, malicious online content, and online political advertising, as well as product initiatives to protect people from per

Epic - the maker of the massively popular game Fortnite - has thrown down the proverbial gauntlet. It has decided that it no longer wishes to cut Apple in for 30% of its profits... Which is exactly what all app developers do - and have explicitly and contractually agreed to do - in return for using Apple's platform, tools, software development kits, and security testing. Apple provides this and access to billions of users. Microsoft, Sony and Google charge the same 30% in their app stores. But Epic claims that Apple's cut is too much, and has deliberately picked a legal fight with Apple (and Google) to try to get more favorable terms or be allowed to run a private Epic store. It's complex and nuanced, but I'll wade into the muddy and turbulent waters on today's show. In other news: There's a tricky new Outlook email phishing scam going around, Jack Daniels has been hacked and asked to pay millions in ransom, Google had a big outage, your location data is for sale to corporations as well as government agenc

Can Facebook or Google really promise to keep your data private in this era of mass surveillance by the likes of the NSA and GCHQ? Max Schrems doesn't think so, and he's convinced the EU Court of Justice of the same thing. There's no way to protect user data when intelligence agencies are hoovering up all our communications and storing them on massive server farms forever. In part 2 of my chat with EFF's Danny O'Brien, we'll talk about the two Shrems cases in the EU and what the recent ruling against Privacy Shield will mean for all of us. Danny O'Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped found the Open Rights Group, Britain's own digital rights organization. He was EFF's activist from 2005 to 2007, its international outreach coordinator from 2007-2009, and international director from 2013-2019. He now supervises EFF's medium and long-term strategy, with an eye to maintaining t

What good are privacy laws when we all know that intelligence agencies don't play by the rules? How can any company promise to keep our data safe when we know that agencies like the NSA and GCHQ are hoovering it all up? That's the essential argument behind the Max Schrems cases at the European Court of Justice. And the EU court agrees. In part 1 of my interview with EFF's Danny O'Brien, we'll talk about how we got here and how the parallel development of data mining and mass surveillance led us to these (successful) court challenges. Danny O'Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped found the Open Rights Group, Britain's own digital rights organization. He was EFF's activist from 2005 to 2007, its international outreach coordinator from 2007-2009, and international director from 2013-2019. He now supervises EFF's medium and long-term strategy, with an eye to maintaining the org

When most people think of protecting their computers, they think of antivirus software. Viruses are a real problem, of course, but how well do antivirus (AV) apps protect you? And are there any downsides to using AV software? Turns out there are plenty - so many that the cons probably outweigh the pros for most people, on Apple Mac or on Windows PC. Don't believe me? Listen to this show and then decide. In other news: Google is finally bringing its Google One storage app to iOS, but don't use it; Netgear has declared that at least 45 of their highly vulnerably routers will never be fixed; and if you've purchased anything from Amazon, you have a public profile - and you should review what others can see about you. Further Info: Cryptomator: https://cryptomator.org/Sync.com secure cloud storageNetgear routers you should get rid of: https://www.tomsguide.com/news/netgear-routers-no-fixesMy "pros & cons of AV" article: https://firewallsdontstopdragons.com/the-pros-and-cons-of-anti-virus-software/

Last week, Twitter was massively hacked - apparently just to launch a Bitcoin scam (though that story is still developing). Famous people's accounts were taken over, including Joe Biden, Barack Obama, Bill Gates, Elon Musk and several popular brand name accounts. (President Trump's account was not taken over due to enhanced security measures.) But beyond the details of the hack, we need to look at the bigger picture and what this hack should be telling us about these totally unregulated social media giants with zero accountability. We'll dig into that in today's show. In other news: account credential dumps have significantly increased on the dark web, including over 140 million MGM Resort creds; Windows 10 suffers another maddening bug, but there's a workaround; Signal has stirred up a lot of controversy with a recent change; a massive wifi router study revealed widespread security problems; and I'll go over some of the cool new privacy features coming in iOS 14 and macOS Big Sur. Further Info: Wind

In the second part of my interview with Renee Dudley from ProPublica, we delve into the cyber insurance and ransomware incident response industries, including how some of these companies are being less than forthcoming about their services. In fact, it appears that several "incident response" companies are simply paying the ransom and then charging companies a fee on top of that. We'll talk about how cyber insurance works and how to decide whether or not it's for you. And Renee will also give us some tips on choosing an incident response firm and what red flags to watch out for. Renee Dudley is a tech reporter at ProPublica. Before joining ProPublica in 2018, she was a member of the enterprise team at Reuters, where she reported extensively on issues with college-entrance exams. Before joining Reuters in 2015, she worked as a reporter in New York for Bloomberg News and in South Carolina for The (Charleston) Post and Courier and The (Hilton Head) Island Packet. At Bloomberg, she uncovered questionable accou

Unless you've been living under a rock, you know that ransomware is one of the most common and most lucrative cybersecurity rackets today. But despite all the press, ransomware is massively under-reported because companies don't want bad press. And in most cases, unless it can be proven that data was actually stolen, companies are under no legal obligation to inform the data subjects (you) of these hacks. In part one of my interview with Renee Dudley from ProPublica, we'll discuss the current state of the ransomware problem and the emergence of cyber insurance and incident response companies to deal with the threat and recover from attacks. And we'll also see that not all players are above board about what they do. Renee Dudley is a tech reporter at ProPublica. Before joining ProPublica in 2018, she was a member of the enterprise team at Reuters, where she reported extensively on issues with college-entrance exams. Before joining Reuters in 2015, she worked as a reporter in New York for Bloomberg News and

TikTok is the hot new social media service (Snapchat and Instragram are so last year), particularly in Asian countries like India. But India just banned this and several other apps from China over privacy concerns - and I have a feeling they won't be the last. The TikTok app was just revealed to be copying the user's clipboard contents every few seconds for some completely unknown reason (and TikTok's explanation was lame). While it has supposedly "fixed" this, another researcher claims to have reverse engineered the TikTok app and found that it's pulling all sorts of other user data - enough to put Facebook and Google to shame. Short answer? Delete this app. And there's a ton of other news this week: Zoom changes course on end-to-end encryption for free users, with a couple catches; I have more info on the recent Netgear router vulnerability affecting dozens of their products; Adobe Flash will be erased from the Earth by year's end; Oracle's BlueKai data mining subsidiary left a ton of personal data expo

In the second half of my interview with Eduard Goodman and Adam Levin from Cyberscout, we discuss the privacy aspects of our new work- and learn-from-home reality. How much privacy should you really expect? What are your legal rights? What should we beware of when using a single device for both work and personal things? How much should companies be willing to spend to make sure their employees and intellectual property are well protected while working from home? How do we avoid, as a democracy, giving up too much privacy with hopes it will make us more secure? Will we ever get that privacy back? We discuss all of this and much more! Eduard Goodman is the Chief Legal Counsel and Global Privacy Officer for CyberScout, a global leader in identity theft resolution, data defense and employee benefits services. An internationally trained attorney and data protection expert, Goodman has more than twenty years of experience in global privacy law and cybersecurity. Adam Levin is a consumer advocate with more tha

Today I speak with not one but two experts on security and privacy to get their insights, stories and tips on staying safe from scammers and hackers in our new COVID19 pandemic reality. These guys have dealing with cyber incidents every day and bring some unique perspectives. In some ways, it's same stuff, different day; but the pandemic, economy woes and general civil unrest have given the bad guys some fertile material for working their craft. Eduard Goodman is the Chief Legal Counsel and Global Privacy Officer for CyberScout, a global leader in identity theft resolution, data defense and employee benefits services. An internationally trained attorney and data protection expert, Goodman has more than twenty years of experience in global privacy law and cybersecurity. Adam Levin is a consumer advocate with more than 30 years of experience in security, privacy, personal finance and many other things. He is the former director of the New Jersey Division of Consumer Affairs and current chairman and founde

With the US general election just over 20 weeks away and no vaccine in sight for the coronavirus, it's time to think very seriously about how you're going to vote. Even if you think you want to vote in person this November, you should have a backup plan: voting by mail. This means that you'll need to register for an absentee ballot - and the sooner you do so, the better prepared your state and county will be. I'll tell you everything you need to know to get your absentee ballot. In other news: Microsoft, IBM and Amazon have taken very welcome steps to curbing the use of facial recognition for law enforcement purposes; the FBI is once again warning us about banking hacks, this time related to mobile apps; the Brave browser was busted "accidentally" trying to cash in on your browsing; Google is being sued for $5B over its Chrome browser tracking while in incognito mode; and Zoom is rolling out full end-to-end encryption on its video conferencing solution... if you're willing to pay. Further Info: Get y

We've established that we have a high speed internet access problem - now what can we do about it? In part 2 of my interview with the EFF's Ernesto Falcon, we'll talk about how broadband fiber-based internet is a critical piece of national infrastructure, not unlike the highway system. It enables and supports industry and innovation, and ubiquitous access would greatly increase our ability to learn and work remotely. We talk about the politics and economics behind all of this, including some interesting solutions involving both the government and private corporations. Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy. He represents EFF’s advocacy, on behalf of its members and all consumers, for a free and open Internet before state legislatures and Congress. Ernesto’s work includes pushing the state of California to pass the strongest net neutrality law in the count

The COVID-19 era has exposed several weaknesses in American infrastructure and exacerbated the gulf between the haves and the have-nots. Perhaps nowhere is this more evident than the digital divide: access to high speed internet. While much of the country was able to work and learn from home, for too many communities this was simply not an option due to poor or non-existent broadband access. In today's show, Ernesto Omar Falcon from the EFF explains the political and economic reasons we got into this mess. Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy. He represents EFF’s advocacy, on behalf of its members and all consumers, for a free and open Internet before state legislatures and Congress. Ernesto’s work includes pushing the state of California to pass the strongest net neutrality law in the country in response to federal repeal efforts, as well as leading EF