Biz and Tech Podcasts > Technology > Firewalls Don’t Stop Dragons Podcast
A Podcast on Computer Security & Privacy for Non-Techies
Last Episode Date: 7 October 2024
Total Episodes: 397
Sometimes it’s obvious when your accounts are hacked. Maybe your money is gone. Maybe you can no longer log in using the password you know is correct. Maybe everyone you know has gotten a scam email from you that you didn’t send. But sometimes bad guys aren’t so obvious. They may lurk around in your accounts to gather information for identity theft or in hopes of gaining access to other more lucrative accounts. I'll tell you how to find out. In other news: CA governor vetoes opt-out signal bill but signs car privacy bill; 23andMe is in trouble and your data may be, too; PayPal opted you into data sharing without asking; Kaspersky deletes itself and installs UltraAV without asking; 100 million Americans had background data leaked; researchers add facial recognition tech to Meta's smart glasses; NIST updates password rules to with common sense changes; US & Microsoft seize 100+ web domains used by Russian hackers. Article Links [Ars Technica] Calif. Governor vetoes bill requiring opt-out signals for sale of user data https://arstechnica.com/tech-policy/2024/09/calif-gov-vetoes-attempt-to-require-new-privacy-option-in-browsers-and-oses/ [Teach Privacy] Bankruptcy Sale of DNA Data: From Toysmart to 23andMe https://teachprivacy.com/bankruptcy-sale-of-dna-data-from-toysmart-to-23andme/ [404 Media] Paypal Opted You Into Sharing Data Without Your Knowledge https://www.404media.co/paypal-personalized-shopping-opt-out/ [Bleeping Computer] Kaspersky deletes itself, installs UltraAV antivirus without warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ [Tom’s Guide] 100 million Americans just had their background check data exposed https://www.tomsguide.com/computing/online-security/100-million-americans-just-had-their-background-check-data-exposed-online-how-to-stay-safe [404 Media] Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers https://www.404media.co/someone-put-facial-recognition-tech-onto-metas-smart-glasses-to-instantly-dox-strangers/ [Ars Technica] NIST proposes barring some of the most nonsensical password rules https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/ [The Record] California passes car data privacy law to protect domestic abuse survivors https://therecord.media/california-car-data-privacy-law-domestic-abuse-tracking [Semafor] US, Microsoft seize more than 100 websites used by Russian hackers https://www.semafor.com/article/10/03/2024/us-microsoft-seize-more-than-100-websites-used-by-russian-hackers Tip of the Week: Indicators of Account Compromise: https://firewallsdontstopdragons.com/indicators-of-account-compromise/ Further Info Help me reach more people! https://fdsd.me/awareness2 Treasure Chest promotion: https://firewallsdontstopdragons.com/treasure-coin-promo/ How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ My article on removing your data from the web: https://firewallsdontstopdragons.com/osint-remediation/ CISA Cybersecurity Awareness Month resources: https://www.cisa.gov/resources-tools/resources/secure-our-world-resources-cybersecurity-awareness-month-2024-toolkit Stay Safe Online CAM site: https://staysafeonline.org/programs/cybersecurity-awareness-month/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents
Two security researchers showed how many modern VPN services are vulnerable to malicious misconfiguration, exposing some or all of your internet traffic. While this is not likely to impact most of us, it does expose the limitations of Virtual Private Networks and why they are not silver bullets for security of privacy - despite many marketing claims to the contrary. Today we'll discuss how TunnelVision works, how it can be mitigated, and how this affects different privacy threat models with the two researchers from Leviathan Security, Dani Cronce and Lizzie Moratti. Interview Notes Lizzie Moratti: https://www.linkedin.com/in/lmoratti/ Dani Cronce: https://www.linkedin.com/in/danicronce/ TunnelVision: https://www.tunnelvisionbug.com/ ProtonVPN threat model: https://protonvpn.com/blog/threat-model Dani’s GitHub: https://github.com/superit23 Leviathan Security blog: https://www.leviathansecurity.com/blog Veilid: https://veilid.com/ Willy Wonka scene: https://www.youtube.com/watch?v=pvS3j8VtanM Linux network namespaces: https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/ What is DeFi? https://www.investopedia.com/decentralized-finance-defi-5113835 Further Info Help me brainstorm ways to reach more people!: https://fdsd.me/awareness2 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:23: Reminder: brainstorming survey 0:01:47: Podcast chapter markers! 0:02:54: Interview setup 0:05:55: What is a VPN and what isits intended purpose? 0:10:27: If most connections are secured today, why do we need a VPN? 0:12:40: Why do we trust a VPN provider more than our internet access provider? 0:17:40: What are you trying to do with a VPN? 0:19:13: Who can see my internet traffic? 0:25:30: What is TunnelVision and what are the implications for VPN users? 0:29:42: What's a less technical way to understand TunnelVision? 0:33:06: Why might I not want all my traffic to go through the VPN? 0:35:02: How dangerous is TunnelVision for the average person? 0:42:30: How did the VPN companies respond? 0:51:19: What VPN features can mitigate the risk? 0:57:42: Have any VPN makers fixed this problem? Do OS vendors have responsibility here? 1:02:11: Do you have recommendations for VPNs? Is there new tech that might help here? 1:04:00: Would privacy regulations help here? 1:06:24: What are you working on next? 1:08:51: Interview wrap-up 1:13:31: Looking ahead
We often think of malware as a problem for our computers and perhaps our smartphones. But bad guys love to hack our home routers and IoT devices, as well. Thankfully, purging malware from those types of devices can usually be done just by rebooting them. (There's a reason tech support always asks you to try turning your device off and back on again.) I'll explain why this works and what you should do to protect your connected devices. In other news: I explain why most people are not in danger of their devices blowing up; a new Windows phishing campaign uses fake CAPTCHAs and PowerShell; LinkedIn started training their AI on your data before telling you how to opt out; Oracle's CEO touts his vision of ubiquitous AI surveillance; Ford seeks a patent to show you ads in your vehicle based on your conversations and other private data; Meta admits to scraping public Instagram and Facebook posts to train its AI; four great new iOS 18 privacy and security features; Apple Intelligence servers are very basic, for a reason; and the FBI shuts down a massive Chinese botnet. Article Links [WIRED] Your Phone Won’t Be the Next Exploding Pager https://www.wired.com/story/exploding-pagers-hezbollah-phones/ [briankrebs] This Windows PowerShell Phish Has Scary Potential https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/ [404media.co] LinkedIn Is Training AI on User Data Before Updating Its Terms of Service https://www.404media.co/linkedin-is-training-ai-on-user-data-before-updating-its-terms-of-service/ [theregister.com] Ellison declares Oracle 'all in' on AI mass surveillance https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/ [therecord.media] Ford seeks patent for tech that listens to driver conversations to serve ads https://therecord.media/ford-patent-application-in-vehicle-listening-advertising [9to5Mac] Meta scraped all public Facebook and Instagram posts since 2007 for AI training https://9to5mac.com/2024/09/11/meta-scraped-all-public-facebook-and-instagram-posts-since-2007-for-ai-training/ [TechRadar] I'm a privacy expert—here are the 4 iOS 18 features I'm excited about https://www.techradar.com/phones/im-a-privacy-experthere-are-the-4-ios-18-features-im-excited-about [9to5Mac] Apple Intelligence servers are really basic, says Craig Federighi – and that’s deliberate https://9to5mac.com/2024/09/12/apple-intelligence-servers-are-really-basic-says-craig-federighi-and-thats-deliberate/ [Gizmodo] FBI Shuts Down Botnet Run by Beijing-Backed Hackers That Hijacked Over 200,000 Devices https://gizmodo.com/fbi-shuts-down-botnet-run-by-beijing-backed-hackers-that-hijacked-over-200000-devices-2000500627 Tip of the Week: Malware Reboot Remedy Further Info Awareness Campaign Phase 2!: https://fdsd.me/awareness2 LinkedIn privacy settings: https://www.linkedin.com/mypreferences/d/categories/privacy Test your ad blocker(s): https://d3ward.github.io/toolz/adblock.html Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:31: Update Apple devices 0:01:36: Awareness Campaign teaser 0:02:04: News rundown 0:04:08: Your Phone Won’t Be the Next Exploding Pager 0:08:00: This Windows PowerShell Phish Has Scary Potential 0:12:34: LinkedIn Trains AI on Your Data Before Updating Its ToS 0:16:41: Ellison declares Oracle 'all in' on AI mass surveillance 0:20:15: Ford seeks patent for tech that listens to ...
You may be vaguely aware of the term 'quantum computing' from media reports. But what you may not have picked up on is that one of the primary uses for quantum computers may be to break data encryption. Furthermore, you may not realize that if three-letter agencies can save off our encrypted emails and messages now, this could mean they could read them in the future when sufficiently powerful quantum computing becomes viable. How does this work? And what can we do about it now to protect our privacy in the future? We'll dig into all of this today with Brandon Sundh from Tuta (formerly Tutanota), a prominent secure email company, who is already deploying such protections. Interview Notes Try Tuta! https://tuta.com/ Tuta’s quantum-safe crypto: https://tuta.com/blog/post-quantum-cryptography Quantum mechanics: https://en.wikipedia.org/wiki/Quantum_mechanics Schrödinger's cat: https://en.wikipedia.org/wiki/Schr%C3%B6dinger's_cat NIST post-quantum standards: https://csrc.nist.gov/projects/post-quantum-cryptography NSA pays RSA to weaken encryption?: https://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220/ Longer passwords are better: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/ Privacy Guides on Proton Wallet: https://www.privacyguides.org/articles/2024/09/08/proton-wallet-review/#why-does-this-exist Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:50: Some terminology first 0:07:33: What is quantum computing and what's it good for? 0:16:25: What are the currrent capabilities of quantum computers? 0:22:02: How long have we been working on quantum computers? 0:25:01: If QC is still so far off, why do we need to prepare now? 0:30:53: How do we design encryption to make it safe against quantum computers? 0:36:10: How can we be sure that the NSA isn't buillding backdoors into these algorithms? 0:41:11: Will post-quantum algorithms replace current ones or augment them? 0:45:51: How soon will quantum-safe crypto be roled out? 0:52:42: Who will be able to own and operate these quantum computers? 0:54:45: Are law enforcement agencies pushing back against quantum-safe crypto? 1:00:34: Who is more likely to win: coder makers or code breakers? 1:04:24: Wrap-up 1:05:55: Looking ahead
Mis- and disinformation is just a fact of modern life, but certain events can cause the practice to significantly increase - like a big election. This is a good time to review this phenomenon, learning how to recognize it, how to avoid being drawn in, and perhaps most importantly how to reduce its spread. In other news: Telegram's CEO was arrested in France; too many people keep saying Telegram is an secure messaging app when it's really not; if you think ads and tracking are bad now, wait till you hear all the ways modern TVs are monetizing their users; sextortion scams are using some new techniques to scam their victims; consumer groups have lobbied the FTC to create clear guidance on 'software tethering'; and California just approved a new privacy bill that will finally require companies to honor universal opt-out signals from apps and browsers. Article Links BBC] Telegram CEO Pavel Durov arrested at French airport https://www.bbc.com/news/articles/ckg2kz9kn93o [blog.cryptographyengineering.com] Is Telegram really an encrypted messaging app? https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/ [Ars Technica] Your TV set has become a digital billboard. And it’s only getting worse. https://arstechnica.com/gadgets/2024/08/tv-industrys-ads-tracking-obsession-is-turning-your-living-room-into-a-store/ [briankrebs] Sextortion Scams Now Include Photos of Your Home https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/ [advocacy.consumerreports.org] Consumer Reports, U.S. PIRG, and 15 other groups call on FTC to create clear guidance for ‘software tethering’ https://advocacy.consumerreports.org/press_release/ftc-software-tethering/ [Dark Reading] California Approves Privacy Bill Requiring Opt-Out Tools https://www.darkreading.com/data-privacy/california-privacy-bill-require-opt-out-tools Tip of the Week: Spotting Fake News https://firewallsdontstopdragons.com/the-truth-is-out-there/ Further Info My series on deleting your public data online: https://firewallsdontstopdragons.com/osint-reconnaissance/ Enabling Global Privacy Control (GPC): https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:14: News preview 0:05:22: Telegram CEO Pavel Durov arrested at French airport 0:09:47: Is Telegram really an encrypted messaging app? 0:19:57: Your TV set has become a digital billboard. And it’s only getting worse. 0:41:25: Sextortion Scams Now Include Photos of Your Home 0:48:06: Consumer groups call on FTC to create clear guidance for ‘software tethering’ 0:54:33: California Approves Privacy Bill Requiring Opt-Out Tools 0:59:22: Tip of the Week: Dealing with Misinformation 1:11:36: Looking ahead
Proton released three major new products this summer, all within the span of about a couple months: Proton Docs, Proton Wallet and Proton Scribe. Given that Proton is a privacy-focused company, some of these offerings seemed almost at odds with that mission. So today I ask Andy Yen (Proton's CEO) some questions about the privacy of their Bitcoin wallet and AI editing tool. We also discuss the new Proton Foundation and how it safeguards their privacy mission for the future. Finally, I ask Andy if they would consider acquiring Mozilla to save the Firefox browser and, in the wake of the blow back Signal received about protecting local access to messaging data, how Proton addresses the 'compromised machine' threat model. Interview Notes Proton Docs: https://proton.me/blog/docs-proton-drive Proton Wallet: https://proton.me/blog/proton-wallet-launch Proton Scribe: https://proton.me/blog/proton-scribe-writing-assistant Proton Foundation: https://proton.me/blog/proton-non-profit-foundation Techlore on Proton Wallet: https://www.youtube.com/watch?v=tESbBM2LZHM&t=1922s Seth for Privacy’s Andy Yen interview: https://optoutpod.com/episodes/protonwallet-andy-yen/ My interview on Easy Prey Podcast: https://www.easyprey.com/firewalls-dont-stop-dragons-with-carey-parker/ Techlore: https://www.techlore.tech/ Privacy Guides: https://www.privacyguides.org/ The New Oil: https://thenewoil.org/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:18: Interview setup 0:04:18: Why did you release so many new products all at once? 0:05:53: Did you develop Proton Docs from scratch? Will we get Proton Sheets, too? 0:10:09: What drove you to add AI features? How do you maintain privacy with AI? 0:17:07: Why did Proton feel the need to create another cryptocurrency wallet? 0:21:37: Who is the target audience for Proton Wallet? 0:28:38: As a privacy company, why go with Bitcoin, which is not really private? 0:39:34: Will you support Monero or Zcash? 0:40:40: Why did you restructure Proton as a foundation? What's the impact of this? 0:45:41: How is this new foundation different from others like Mozilla or Tor? 0:47:59: Would Proton ever consider acquiring Mozilla to save Firefox? 0:55:43: Does TunnelVision affect Proton VPN? How can we improve VPNs generally? 1:01:35: Signal was bashed for not encrypting local keys. How does Proton handle this? 1:05:25: What's coming next from Proton? 1:07:48: Interview wrap-up 1:10:54: Couple updates on Wallet, Scribe availability 1:11:50: Recommending other great privacy resources and Proton discussions 1:12:53: Upcoming shows 1:14:29: Upcoming podcast awareness campaign
The headlines have been on fire with stories about 3 billion people's data being leaked from a company you've never heard of. But like many such stories, the mainstream media gets a lot of the important details wrong and glosses over a lot of the important nuances. Today we're going to dive into what really happened and what you should do about it, whether your data was part of the breach or not. In other news: Illinois waters down its landmark biometric information law; US court rules geofence warrants are unconstitutional; FTC to investigate :surveillance pricing" and files rule impacting shady product reviews; the CFPB cracks down on some types of consumer data sales; and Consumer Reports evaluates several top data deletion services. Article Links [Reuters] Illinois governor approves business-friendly overhaul of biometric privacy law https://www.reuters.com/legal/government/illinois-governor-approves-business-friendly-overhaul-biometric-privacy-law-2024-08-05/ [TechCrunch] US appeals court rules geofence warrants are unconstitutional https://techcrunch.com/2024/08/13/us-appeals-court-rules-geofence-warrants-are-unconstitutional/ [Electronic Frontier Foundation] To Fight Surveillance Pricing, We Need Privacy First https://www.eff.org/deeplinks/2024/08/fight-surveillance-pricing-we-need-privacy-first [ftc.gov] Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials https://www.ftc.gov/news-events/news/press-releases/2024/08/federal-trade-commission-announces-final-rule-banning-fake-reviews-testimonials [natlawreview.com] CFPB Forecasts New Rule Cracking Down on Consumer Data Sales https://natlawreview.com/article/cfpb-forecasts-new-rule-cracking-down-consumer-data-sales [Los Angeles Times] Hackers may have stolen the Social Security numbers of every American. How to protect yourself https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number [troyhunt.com] Inside the "3 Billion People" National Public Data Breach https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/ [consumerreports.org] Evaluating People-Search Site Removal Services https://innovation.consumerreports.org/new-report-data-defense-evaluating-people-search-site-removal-services/ Tip of the Week: OSINT Final Steps https://firewallsdontstopdragons.com/osint-final-steps/ Other Helpful Links Have I Been Pwned: https://haveibeenpwned.com/ NPD Data Breach search tool: https://npd.pentester.com/ Privacy Guides data removal tools: https://www.privacyguides.org/en/data-broker-removals/ Techlore video on data removal: https://www.youtube.com/watch?v=tESbBM2LZHM Google’s Results About You: https://myactivity.google.com/results-about-you?pli=1 How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ How and why to plant your flag: https://firewallsdontstopdragons.com/why-you-need-to-plant-your-flag/ Strong passwords: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/ Backing up 2FA codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:00: News preview 0:06:33: Illinois governor approves business-friendly overhaul of biometric privacy law 0:11:18: US appeals court rules geofence warrants are unconstitutional ...
Finding your soul mate or even just a one-night stand can all be done digitally now - there's an app for that. Several, in fact. But in order to find the best match, you need to turn over a lot of extremely personal information. You probably also need to let the app track your location, so you're only matching people within some acceptable distance. You would hope that dating apps would be better than other apps at securing your private data... but are they? And are these services selling my data to advertisers? Today I answer these questions and many more with Zoë MacDonald from Mozilla's Privacy Not Included team who recently published a full report on this topic. Interview Notes Privacy Not Included report on dating apps: https://foundation.mozilla.org/en/privacynotincluded/articles/data-hungry-dating-apps-are-worse-than-ever-for-your-privacy/ Mozilla Foundation: https://foundation.mozilla.org/en/?form=donate-header Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/ Falling out of love with dating apps: https://www.theguardian.com/lifeandstyle/2023/oct/28/its-quite-soul-destroying-how-we-fell-out-of-love-with-dating-apps Using dating apps to locate someone: https://www.techradar.com/pro/privacy-flaw-in-top-dating-apps-could-have-revealed-user-location-down-to-2-metres How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:57:02: Wrap-up and looking ahead 0:02:06: Freeze your credit! 0:04:19: How do modern dating apps work, exactly? 0:08:19: How do they find compatible matches? 0:10:34: Do these apps require constant access to your current location? 0:14:50: How much information used by these apps is inferred vs explicitly requested? 0:17:59: Do these apps use inferred data to weed out bad actors? 0:20:36: How did you decide which apps to evaluate? 0:23:54: What were your key takeaways and most alarming findings? 0:25:57: Do apps owned by the same parent company have similar privacy policies? 0:27:28: How transparent are these apps about sharing your data? 0:29:08: Was there any correlation between app cost and monetizing your data? 0:31:20: Are dating apps better about securing your personal data? 0:33:53: Do any of the dating apps offer end-to-end encryption of DMs? 0:35:40: Do these services try to keep you from leaving the app? 0:39:03: Once you find a match, can you get a refund for unused subscription time? 0:40:28: How do new AI features on dating apps affect your privacy? 0:43:30: Have there been any major dating service data breaches? 0:45:05: How bad are these apps for romance scams like 'big butchering'? 0:47:10: If I still want to use a dating app, how do I maximize my privacy? 0:51:19: Can I use a service on the web only (no app)? Can I delete my data? 0:54:20: How well do dating apps actually work, in terms of finding a mate?
It's time once again for cybersecurity professionals to make the pilgrimage to the scorching desert of Las Vegas, Nevada for a week of tech conferences that we lovingly refer to as Hacker Summer Camp. Today I'll bring you my on-the-ground reporting from BSides and DEF CON. I'll also bring you part 2 of my series on Open Source Intelligence (OSINT) and how to purge your personal data from the web. In the news this week: Vegas hotels search hacker's rooms; Apple and others fix old but important browser bug; NFL rolls out more facial recognition at stadiums; Ford looks to patent car surveillance tech; automakers sold your data to brokers for pennies; border agents can no longer search your smartphone without a warrant; judge rules that Google is a monopoly. Article Links [404media.co] Hotel to Search Rooms During DEF CON Hacking Conference https://www.404media.co/hotel-to-search-rooms-during-def-con-hacking-conference/ [AppleInsider] Apple has closed an ancient macOS Safari security hole https://appleinsider.com/articles/24/08/07/apple-has-closed-an-ancient-macos-safari-security-hole [therecord.media] NFL to roll out facial authentication software league-wide https://therecord.media/nfl-to-roll-out-facial-authentication-league-wide [therecord.media] Ford wants patent for tech allowing cars to surveil and report speeding drivers https://therecord.media/ford-seeks-patent-cars-surveil-speeders-report-to-police [The New York Times] Automakers Sold Driver Data for Pennies, Senators Say https://www.nytimes.com/2024/07/26/technology/driver-data-sold-for-pennies.html [9to5Mac] Border agents cannot search smartphones without a warrant, rules federal court https://9to5mac.com/2024/07/29/cannot-search-smartphones-without-a-warrant/ [AppleInsider] Judge rules Google is a search and advertising monopoly https://appleinsider.com/articles/24/08/05/judge-rules-that-google-is-a-search-and-advertising-monopoly Tip of the Week: OSINT Remediation https://firewallsdontstopdragons.com/osint-remediation/ Further Info BSides Las Vegas: https://bsideslv.org/ DEF CON 32: https://defcon.org/html/defcon-32/dc-32-index.html UnDisruptible27: https://securityandtechnology.org/undisruptable27/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:26: Summer Camp Highlights 0:10:25: Hotel to Search Rooms During DEF CON 0:15:14: Apple has closed an ancient macOS Safari security hole 0:20:00: NFL to roll out facial authentication software league-wide 0:26:25: Ford wants patent for tech allowing cars to surveil and report speeding drivers 0:29:38: Automakers Sold Driver Data for Pennies, Senators Say 0:32:46: Border agents cannot search smartphones without a warrant, 0:36:44: Judge rules Google is a search and advertising monopoly 0:40:52: Tip of the Week: OSINT Remediation 0:54:25: EFF Tech Trivia update
Jack Daniel is a storyteller, wanderer, comic, bartender, blacksmith, luthier, historian, mechanic, and the world’s oldest millennial. He is also one of the founders of Security BSides. Jack has a colorful and interesting history, and today we'll learn about how and why he started BSides, delve into a little hacker conference history, talk about modern hackers and cybersecurity conferences and how he's seen them change over the years, and how hackers and their conferences are vastly different than the others. Interview Notes Jack Daniel: https://www.linkedin.com/in/jackadaniel/ BSides official site: https://bsides.org/ BSides Las Vegas (part of hacker summer camp): https://bsideslv.org/ InfoSecMap: https://infosecmap.com/ Cult of the Dead Cow interview: https://podcast.firewallsdontstopdragons.com/2023/08/07/cult-of-the-dead-cow/ Jeff Moss interview #1: https://podcast.firewallsdontstopdragons.com/2021/08/16/on-a-dark-tangent/ Jeff Moss interview #2: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/ CackalackyCon: https://cackalackycon.org/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:49: Interview lingo 0:04:05: How did you get into the world of cybersecurity and hacking? 0:12:40: Why did you start BSides? 0:17:43: What were some of the first BSides talks like? 0:21:42: What are the founding principles of BSides? 0:28:00: What approval do you need to start a BSides conference? 0:34:44: How have other hacker conferences influenced BSides and vice versa? 0:36:53: Is there a beef between BSides and Black Hat? 0:38:58: What's your connection with ShmooCon? 0:42:42: How have hackers and these conferences changed since the old days? 0:47:40: Discussion on responsible disclosure 0:50:39: Two different kinds of presenters 0:54:02: You might be a hacker if... 1:01:30: What's the best way to find a local hacker conference? 1:06:50: BSides is about community 1:08:29: Interview wrap-up 1:11:19: Patron content 1:11:53: Looking ahead
Discover new partners and
collaboration opportunities —right in your inbox.
Get notified about new partnerships