Firewalls Don't Stop Dragons Podcast

What happens to your digital life when you die? The answer is only slightly less philosophical than what happens to your soul. The laws, as least in the US, haven't kept up with the times and there aren't clear rules for who has legal rights to your online accounts or the files you've stored in the cloud. In today's episode, I'll tell you how to prepare for your inevitable digital afterlife. In other news, Facebook revealed that 100's of millions of its users passwords were left open on internal servers, ransomware has hit one of the world's largest producers of aluminum, the Pwn2Own bug hunt contest shows us how to do responsible disclosures, a critical flaw has been found in implanted defibrillators leaving them vulnerable to hacking, and DARPA is hoping to fix our broken voting systems. Further Reading My blog article on Digital Afterlife: https://firewallsdontstopdragons.com/preparing-for-your-digital-afterlife/Facebook's password screwup: https://krebsonsecurity.com/2019/03/facebook-stored-hundr

In second half of my interview with EFF's Bill Budington, Bill helps us understand how we can at least attempt to disguise ourselves on the web and basically try to blend in with the crowd. We'll also see how tools like EFF's Panopticlick can hep us pinpoint the things that are making us stand out, which enables us to be tracked more easily. Finally, we'll discuss several browsers and plugins that can help you preserve your privacy. If you missed Part 1, you can listen to it here: http://podcast.firewallsdontstopdragons.com/2019/03/10/enter-the-panopticon-pt1/. Guest Bio: Bill is a Senior Staff Technologist at the Electronic Frontier Foundation (EFF). He works on privacy and security-enhancing projects, such as the HTTPS Everywhere browser add-on and Panopticlick, a tool that alerts users users to how vulnerable they are to browser tracking. He has also contributed to projects such as Let's Encrypt and SecureDrop. Further Info: Is your browser giving you away? EFF's Panopticlick will tell you:

In the first part of my discussion with Bill Budington from the EFF, we're going to talk about some of the key ways in which we are tracked around the web as we surf from site to site. I'll ask Bill who is tracking up, why they're tracking us, and we'll get into some of the clever and downright devious methods by which we are tracked and recognized on the web. In part 2 (next week) Bill will help us understand why it's so hard to disguise ourselves on the web and how tools like EFF's Panopticlick can show us what's going on under the covers. We'll also offer up some solutions or at least mitigations for all this tracking. Guest Bio: Bill is a Senior Staff Technologist at the Electronic Frontier Foundation (EFF). He works on privacy and security-enhancing projects, such as the HTTPS Everywhere browser add-on and Panopticlick, a tool that alerts users users to how vulnerable they are to browser tracking. He has also contributed to projects such as Let's Encrypt and SecureDrop. Further Info: Is yo

The Mayor of Tampa, Florida, had this Twitter account hacked due to "the usual weaknesses, including poor passwords." The hackers used the account to tweet pornographic images and even an incoming ballistic missile alert. Comcast's Xfinity Mobile service used a default account security PIN of "0000", which allowed several customers to have their accounts taken over. You not only need strong passwords, you need strong second factor authentication. That's defense in depth. In other news, Microsoft's Edge browser was found to have a whitelist for almost 60 websites that bypass the Flash Player click-to-run protections, a Canadian province is allowing the mass sale of anonymized medical records, the fast Thunderbolt USBC ports are found to be vulnerable to a memory access hack called Thunderclap.

Artificial Intelligence (AI) has been around for decades, but has only recently begun to fulfill the promise of truly replicating human-like decision making. The Information Age has generated enormous quantities of data and modern technology has given us unprecedented power to ingest and analyze this data. AI systems today control airplanes, financial and insurance systems, and even criminal sentencing recommendations. We can use AI to conduct law enforcement and intelligence gather operations. AI has even generated audio, video and photos that are completely fake but nearly impossible for a human to detect. Our guest today, Lorraine Kisselburgh, is working with international organization to define common-sense guidelines for the creation and use of these AI systems, to maximize potential and minimize abuse. Lorraine Kisselburgh (Ph.D., Purdue University) is a Scholar with the Electronic Privacy Information Center in Washington, D.C., a former professor of media, technology, and society, and a visiting lec

The European Union has recalled a GPS smart watch meant to be worn by children so that their parents can keep tabs on them. Unfortunately, due to horrible security, anyone can track these watches - and even send messages to the children. The Internet of Things (IoT) is well-known for having lax or non-existent security protections. Connecting our children's toys to the internet in this manner is raising serious (and valid) privacy concerns. In other news, there's a devious new Facebook and Google phishing scam that would fool many pros, the Chrome browser will soon help you spot fake look-alike websites, Apple cracks down on apps that surreptitiously record their users' interactions with their apps, and many modern Android phones are vulnerable to hacking simply by loading a malicious image. Help Me to Help You! Visit my page on Patreon for details: https://www.patreon.com/FirewallsDontStopDragons

Last week I told you about the literally billions of email addresses and passwords that were released by hackers as "Collections 1-5". I also told you how you can check to see if your information was contained in these (or other dumped data) by checking haveibeenpwnd.com. And today I'm interviewing the man behind this wonderful, free service: Troy Hunt! He tells us how he gets his hands on all of this data and what we should be doing to mitigate the damage from these inevitable breaches. The worst thing you can do? Reusing passwords on multiple sites! In today's episode, I also reveal the winners of my Pod-Centennial contest! Five lucky people will be getting signed copies of my book, signed copies of Bruce Schneier's latest book (Click Here to Kill Everybody), and a selection of other cybersecurity books! Troy Hunt is an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. You'll regularly find Troy in the press talking about security and even testifyi

Last week we saw perhaps the single largest data breach dump in history, close on the heels of another massive data disclosure from the same group. Dubbed "Collections 1-5", together these data dumps represent literally billions of unique user email addresses and passwords. Using the online tool Have I Been Pwned will tell you whether your email address or password is contained in this hacker's treasure trove. I will also tell you how you can mitigate the damage from this and future breaches. In other news, Apple's FaceTime app contains a huge bug that could let other people eavesdrop on you and potentially even view you through your camera; Google and Firefox are offering competing visions of browser privacy with controversial new features; and a recent Mac malvertising campaign is using a classic technique called steganography to disguise its malicious intentions. Further Information Have I Been Pwned: https://haveibeenpwned.com/Pod-Centennial Contest Details: https://firewallsdontstopdragons.com/c

We're celebrating international Data Privacy Day along with the 100th episode of Firewalls Don't Stop Dragons! And what a show we have! My guest today is none other than Bruce Schneier: internationally renowned security technologist and author of 14 books, including the best-seller Click Here to Kill Everybody)! Bruce and I discuss the current state of data privacy and what it's going to take to rein in the corporations that are buying and selling our data with abandon. In this show I will also walk through my personal privacy checklist, including several things you could do RIGHT NOW to improve your online privacy. Along the way, I will share some tips from some of my favorite past guests on the show. But that's not all! To celebrate my Pod-Centennial, I'm giving away 5 signed copies of my book as well as 5 signed copies of Bruce's latest book, a stack of some of my favorite cybersecurity books, and MORE! You have to listen to this show to learn how to enter the contest - so there's no better time to s

Ancestry analysis firm 23andMe has just inked a 4-year, $300M deal to share its DNA samples with the colossal pharmaceutical company GlaxoSmithKline. What are they going to do your genetic material? Good question. Did you carefully read and understand your Terms of Service? Sure you did. I'll tell you how you can ask 23andMe (or Ancestry.com) to discard your samples. In other news, some users are finding that they aren't allowed to delete their Facebook apps from their phones, a new federal case has strengthened your privacy rights when it comes to phone searches, and the Weather Channel app has been selling your location data to third parties.

Last month Australia passed a sweeping surveillance law, quickly and without meaningful debate, called the Assistance and Access Act. Like the UK's Investigatory Powers Act of 2016. this law aims to give authorities unprecedented power to force makers of messaging services to break their software and lie to their users. Danny O'Brien, International Director for the Electronic Frontier Foundation, helps us understand the true implications of these law and why they are truly harmful to democracy. Guest Information Danny O'Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped make the UK Parliament more transparent with FaxYourMP. He was EFF's activist from 2005 to 2007, and its international outreach coordinator from 2007-2009. After three years working to protect at-risk online reporters with the Committee to Protect Journalists, he returned to EFF in 2013 to supervise EFF's global strat

Just because you're not paranoid doesn't mean they're not following you. A new study finds that Android phones tattle on you up to 340 times a day.

It's that time of year again - time to make your New Years Resolutions! You know all those really important things I've been telling you to do, but you haven't done? Well, I'm listing out the top ones on today's show - and challenging each of you to check them off this year! There's also a lot of news to catch you up on: why the green padlock symbol doesn't mean what you think it does, an update on the SuperMicro computer spy chips, fitness apps stealing $120 from its users, scammers calling seniors pretending to be grandkids, US border agents not taking care of your private data, and a stunning NY Times study about all the apps that are tracking your location Further Reading NY Times article on location tracking: https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.htmlReview my podcast! https://itunes.apple.com/us/podcast/firewalls-dont-stop-dragons-podcast/id1213366517?mt=2# Worst passwords of 2018: https://www.teamsid.com/100-worst-passwords/

Several US states are trialing programs to replace the venerable plastic driver's license card with a new smartphone app. Unlike the "dumb" physical cards, the app would always be up to date. One study showed that 77% of all US adults have a smartphone. If you're an adult under the age of 30, that percentage jumps to 94%. But as our guest, Chad Marlow, explains this is a solution in search of a problem. It comes with significant risks for both privacy and democracy. Guest Info: Chad Marlow (ACLU) Chad Marlow is a senior advocacy and policy counsel at the ACLU. He principally focuses on privacy, surveillance, and technology issues. His work on issues ranging from net neutrality and police body cameras to government surveillance and consumer privacy has been a frequent subject of national and international media coverage. He is the author of fifteen ACLU model bills. He spearheaded the ACLU’s nationwide #TakeCTRL and Community Control Over Police Surveillance (CCOPS) campaigns. Twitter: @chadaaronmarl

It's bad enough that online ads are watching us, but now billboards and other real world ads are watching us, too. Using video cameras and signals from our smart devices, marketers are tailoring their billboards and digital signage based on our appearance and even our identity. Sean O'Brien from Yale Privacy Lab explains how this is done and the significant privacy implications of this practice. He'll also tell you how you to protect our privacy. Sean O'Brien is a Lecturer in Law at Yale Law School with expertise in cybersecurity, privacy, and mobile device forensics. He is Director of Business Development at Purism SPC, a company dedicated to digital privacy and security and founder of Yale Privacy Lab. Twitter: @YalePrivacyLab Yale Privacy Lab: https://privacylab.yale.edu Citizen FOSS guide: https://github.com/YalePrivacyLab/citizen-foss Original article from Medium: https://medium.com/s/thenewnew/irl-ads-are-taking-scary-inspiration-from-social-media-7088e8241beb

Marriott reports this week that it has exposed up to 500 million Starwood guests’ data going back as far as 2014. Affected hotels include Sheraton, Westin, W Hotels, Starwood timeshares and more, While it’s still not clear how much data may have been stolen, what is clear is that corporations are still not guarding their data properly. In today’s show, I’ll tell you what sort of customer information was vulnerable and what you can do to protect yourself. In other news, Ford’s CEO voices plans to monetize their customers’ data, the USPS has a mail preview service that you’ll want to sign up for before the bad guys do it on your behalf, and if you’ve ever had the creepy feeling that customer support reps can see what you’re typing in chat support before you send it… it’s because they can! More Info: Starwood's breach info page: https://info.starwoodhotels.com How to freeze your credit: https://firewallsdontstopdragons.com/using-credit-freeze-for-self-defense/ Best & Worst gifts for 2018: https://firewal

Our mobile phones today are chock full of private information and are constantly tattling about our whereabouts and activities. Most phones today have GPS, WiFi, Bluetooth, motion detectors, magnetic field detectors, microphones, cameras, and of course cellular radios. Some even have facial recognition built right in. With all this personal data and telemetry information, is it even possible to prevent tracking and information leakage? Today we discuss these topics and more with Daniel Davis from DuckDuckGo - a company dedicated to protecting your privacy. He and I discuss DuckDuckGo’s new privacy-focused smartphone app, along with other tips and techniques to guard your privacy on your mobile devices. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet takes you. For Further Insight: Web

The gift-giving season is once again upon us! “Smart” devices make great presents, but you want to make sure that you’re not also giving a gift to the hackers out there! In this special, annual holiday episode, I’ll tell you about some of the best and the worst holiday gifts and accessories, from a security and privacy viewpoint. Thinking about giving someone a DNA analysis kit? You might want to think twice! Which computers and smart devices are the most secure? And are there products I can buy to help make them more secure? You bet! I have all the angles covered for you in this week’s show! See also my blog article: The Best & Worst Gifts for 2018

Just because the caller ID says it’s the IRS or the Social Security Administration, don’t believe it. It’s almost surely a scammer trying to get your money or information. Government agencies don’t call people to confirm information in their records about you or with threats if you don’t pay up. And the caller ID information you see often has no relation whatsoever to who is actually calling or where they’re calling from. In today’s episode, I’ll tell you how to handle these scammer calls. I’ll also tell you about a massive, nationwide database of biometrics that was just created, how Consumer Reports and Mozilla are helping you to make smart security and privacy decisions on new products, and how a PhD from MIT is on a mission to fix our horrendously insecure voting systems.

Your physical world is governed by many laws and regulations that protect your freedom and privacy. Why should the digital world be any different? Todd Weaver, CEO and Found of Purism, explains how Big Tech managed to write the rules for the digital world and why those rules are at odds with your freedom, security and privacy. But it doesn’t have to be this way. As citizens, we can force those representing us to protect our digital civil rights. As consumers, we have options for computers and smartphones you can buy right now that will assert your digital civil rights. Serial entrepreneur and successful businessman, Todd has been recognized for his visionary strategy, technical leadership, and relentless drive, with more than 20 years of entrepreneurial experience, using, installing, and promoting Free Software. Todd has consistently predicted market directions and executed disruptive technologies in a wide range of industries, including in-store entertainment, collaborative financial solutions, and starting