ALPRs Are Everywhere

Firewalls Don't Stop Dragons Podcast

Player FM - Internet Radio Done Right

30 subscribers

Added seven years ago

المحتوى المقدم من Carey Parker. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Carey Parker أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

The Sarah Fraser Show

1
SISTER WIVES: The Brown Family Plans Garrison's Funeral, Gives NEW Details About His Passing. Justin Baldoni v Blake Lively UPDATES, First Pictures Of Micah Plath’s Broken Nose Have Surfaced!… 36:16

منذ 22 يومًا36:16

التشغيل لاحقا

قوائم

إعجاب

احب

36:16

DANMMMMM…Have I got a show for you! First, a lot of Sister Wives tea - new rumors have surfaced Janelle Brown is leaving the show. Plus, Gabe Brown gives a life update after losing and tragically finding his brother Garrison dead. Sadly, Garrison took his own life in March 2024. Then we head over to discuss the new Welcome To Plathville tea. The first pictures of Micah Plath have surfaced after being beat up by his brother Issac and it doesn’t look good for the future of his modeling career. Lastly, we discuss the latest in the Justin Baldoni v Blake Lively case, Justin is back on social media and it was the perfect social media return. Timestamps: 00:00:00 - Open and new Sister Wives news 00:05:43 - Janelle Brown leaving the show? Sister Wives Closet is officially closed 00:12:45 - A new pic of Micah Plath’s broken nose has surfaced 00:18:18 - Justin Baldoni back on social media and Taylor Swifts team is pissed at Justin Baldoni MY Go Big Podcasting Courses Are Here! Purchase Go Big Podcasting and learn to start, monetize, and grow your own podcast. USE CODE: MOM15 for 15% OFF (code expires May 11th, 2025) **SHOP my Amazon Marketplace - especially if you're looking to get geared-up to start your own Podcast!!!** https://www.amazon.com/shop/thesarahfrasershow Show is sponsored by: Download Cash App & sign up! Use our exclusive referral code TSFS in your profile, send $5 to a friend within 14 days, and you’ll get $10 dropped right into your account. Terms apply Horizonfibroids.com get rid of those nasty fibroids Gopurebeauty.com science backed skincare from head to toe, use code TSFS at checkout for 25% OFF your order Nutrafol.com use code TSFS for FREE shipping and $10 off your subscription Rula.com/tsfs to get started today. That’s R-U-L-A dot com slash tsfs for convenient therapy that’s covered by insurance. SkylightCal.com/tsfs for $30 OFF your 15 inch calendar Quince.com/tsfs for FREE shipping on your order and 365 day returns Warbyparker.com/tsfs make an appointment at one of their 270 store locations and head to the website to try on endless pairs of glasses virtually and buy your perfect pair Follow me on Instagram/Tiktok: @thesarahfrasershow ***Visit our Sub-Reddit: reddit.com/r/thesarahfrasershow for ALL things The Sarah Fraser Show!!!*** Advertise on The Sarah Fraser Show: thesarahfrasershow@gmail.com Got a juicy gossip TIP from your favorite TLC or Bravo show? Email: thesarahfrasershow@gmail.com Learn more about your ad choices. Visit megaphone.fm/adchoices…

منذ عام واحد 1:03:45

MP3•منزل الحلقة

There are many ways in which we are tracked in the real world, but one of the most ubiquitous and insidious technologies is Automated License Plate Readers. These camera systems are deployed in just about every city by both public and private organizations. Furthermore, the third parties who sell and operate these systems collect and collate data from around the country, making it available to law enforcement and marketing firms. Because these systems capture images of your car, they can also document the make, model and color, any distinguishing marks, and even bumper stickers. Today we'll discuss how and where these systems are deployed, who has access to the data, the repercussions of this mass surveillance and how it can go horribly wrong with my guests Adam Schwartz and Gowri Nayar from the Electronic Frontier Foundation. Interview Notes Donate to the EFF: https://supporters.eff.org/donate/join-eff-today The Human Toll of ALPR Errors: https://www.eff.org/deeplinks/2024/11/human-toll-alpr-errors EFF’s Street Level Surveillance: https://sls.eff.org/ Community Control of Police Surveillance (CCOPS): https://www.eff.org/issues/community-control-police-surveillance-ccops US 100-mile “border zone” facts: https://www.aclu.org/know-your-rights/border-zone Flock camera map: https://www.404media.co/the-open-source-project-deflock-is-mapping-license-plate-surveillance-cameras-all-over-the-world/ DeFlock: https://deflock.me Flock transparency page example: https://transparency.flocksafety.com/riverside-county-ca-sd Further Info Annual listener survey!! https://fdsd.me/survey2025 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:20: Intro 0:01:24: Listener survey and book giveaway 0:03:16: ShmooCon in DC this weekend 0:04:21: Interview setup 0:05:27: What prompted you to write about ALPRs? 0:08:11: How do ALPRs work and what info can they capture? 0:10:14: How long have ALPRs been around and how is EFF tracking their use? 0:11:34: Where are these systems deployed? How do we recognize them? 0:14:19: How does mobile ALPR data collection work? 0:15:58: Are police departments transparent about the use of ALPRs? 0:18:09: Is there a way know where ALPR systems are deployed? 0:20:46: How accurate are ALPRs? What are the consequences of failure? 0:22:37: Are license plate "hot lists" shared across jurisdictions? 0:25:41: Where is ALPR data stored? For how long? Who has access? 0:27:40: Is ALPR data shared among local and federal agencies? How often is the data abused? 0:31:04: Do the ALPR system operators sell this data to anyone else? 0:36:04: What legal expectation of privacy do I have in public spaces? 0:42:57: How does the legal "third party doctrine" apply to ALPR data? 0:45:01: How do we balance the need to catch bad guys with the use of surveillance tech? 0:50:18: Is there any surveillance tech that EFF feels should be banned outright? 0:52:17: Does EFF consult with law enforcement on deployment of surveillance tech? 0:53:05: If we're concerned about surveillance tech being deployed, what can we do? 0:58:19: Interview wrap-up 0:59:29: Notes on the "border zone" width in the US 1:01:09: Patron preview 1:02:01: Survey reminder 1:02:50: Looking ahead

402 حلقات

#Carey Parker #Security #Tech #Software Development #Second Half

ALPRs Are Everywhere

Firewalls Don't Stop Dragons Podcast

30 subscribers

published منذ عام واحد

MP3•منزل الحلقة

402 حلقات

#Carey Parker #Security #Tech #Software Development #Second Half

كل الحلقات

Firewalls Don't Stop Dragons Podcast

1
Life in the Panopticon 1:26:01

منذ يومين1:26:01

1:26:01

Tracking our faces and whereabouts is getting out of control. It’s a mass surveillance infrastructure that keeps growing in Borg-like fashion. Facial recognition and license plate readers are proliferating at a stupefying pace and companies like Flock are consolidating the collected data and packaging it up for sale to law enforcement agencies. Even if no human in these agencies were to abuse this data, it’s creating an irresistible target for scheming hackers and nation states keen on espionage. The longer we let this go, the harder it will be to stop. In today’s news: Asus routers are being hacked and you need to take action; 23andMe has been sold, along with its users’ genetic data; AI-generated videos have just become way more realistic; US government taps surveillance company to centralize all its citizen data; CFPB regulation limiting data brokers is axed; Kroger is packaging and selling its customer loyalty data; automated license plate reader data use is expanding in scary ways; Android phones gain key new security feature; EU court rules that real-time bidding data gathering is illegal; Montana is first state to plug data broker loophole; and I relate my recent privacy experience at the US border. Article Links [LifeHacker.com] If You Have an Asus Router, You Need to Check If It’s Been Hacked https://lifehacker.com/tech/asus-routers-hacked [404media.co] 23andMe Sale Shows Your Genetic Data Is Worth $17 https://www.404media.co/23andme-sale-shows-your-genetic-data-is-worth-17/ [lifehacker.com] You Are Not Prepared for This Terrifying New Wave of AI-Generated Videos https://lifehacker.com/tech/you-are-not-prepared-for-this-new-wave-of-ai-generated-videos [nytimes.com] Trump Taps Palantir to Compile Data on Americans https://www.nytimes.com/2025/05/30/technology/trump-palantir-data-americans.html [techcrunch.com] White House scraps plan to block data brokers from selling Americans’ sensitive data https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/ [therecord.media] Consumer Reports: Kroger using loyalty program to package, sell customer data https://therecord.media/kroger-using-loyalty-program-to-sell-customer-data [404media.co] A Texas Cop Searched License Plate Cameras Nationwide for a Woman Who Got an Abortion https://www.404media.co/a-texas-cop-searched-license-plate-cameras-nationwide-for-a-woman-who-got-an-abortion/ [404media.co] License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/ [arstechnica.com] Android phones will soon reboot themselves after sitting unused for 3 days https://arstechnica.com/gadgets/2025/04/android-phones-will-soon-reboot-themselves-after-sitting-unused-for-3-days/ [signal.org] By Default, Signal Doesn’t Recall https://signal.org/blog/signal-doesnt-recall/ [therecord.media] EU court rules that tracking-based online ads are illegal https://therecord.media/eu-court-rules-tracking-based-ads-illegal [eff.org] Montana Becomes First State to Close the Law Enforcement Data Broker Loophole https://www.eff.org/deeplinks/2025/05/montana-becomes-first-state-close-law-enforcement-data-broker-loophole Tip of the Week: https://firewallsdontstopdragons.com/border-insecurity-update/ The Atlantic: How to Disappear https://www.theatlantic.com/ideas/archive/2025/05/extreme-personal-data-privacy-protection/682867/ BADBOOL data removal service list: https://docs.google.com/spreadsheets/d/115L6LpQg_UX638IyUfdwGhRS7dIU3lKwz6fjAcDtE-0/edit?gid=0#gid=0 Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:01:50: Josh Corman interview promotion 0:03:04: How to Disappear 0:03:49: News rundown 0:07:32: If You Have an Asus Router, You Need to Check If It’s Been Hacked 0:19:01: 23andMe Sale Shows Your Genetic Data Is Worth $17 0:23:22: You Are Not Prepared for This Terrifying New Wave of AI-Generated Videos 0:28:42: Trump Taps Palantir to Compile Data on Americans 0:35:04: White House scraps plan to block data brokers from selling Americans’ sensitive data 0:38:08: Kroger using loyalty program to package, sell customer data 0:46:23: A Texas Cop Searched License Plate Cameras Nationwide for a Woman Who Got an Abortion 0:49:43: License Plate Reader Company Flock Is Building a Massive People Lookup Tool 0:55:15: Android phones will soon reboot themselves after sitting unused for 3 days 0:59:25: By Default, Signal Doesn’t Recall 1:03:13: EU court rules that tracking-based online ads are illegal 1:06:07: Montana Becomes First State to Close the Law Enforcement Data Broker Loophole 1:09:28: Tip of the Week: my border experience 1:22:30: Wrap up 1:24:10: Patron podcast preview 1:24:39: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Dividing Trust 1:10:19

منذ 9 أيام1:10:19

1:10:19

VPNs were not invented for privacy, despite the name – they were invented for security. Nevertheless, in recent years, they have been touted as privacy tools to thwart rampant and fanatical data gathering. With a regular VPN, this really just means you’re shifting your trust from your internet service provider to your VPN provider. But what if your encrypted data traffic was actually divided between two separate companies? The split trust model is a powerful way to protect your privacy and it’s the key technology behind new services like Apple’s Private Relay and Obscura VPN. Today we’ll discuss the benefits of this approach with Obscura’s founder, Carl Dong. Interview Notes Obscura VPN: https://obscura.net/ Wireguard: https://en.wikipedia.org/wiki/WireGuard Obscura Wireguard configuration tool: https://obscura.net/#faq-wireguard-config QUIC explainer video: https://www.youtube.com/watch?v=HnDsMehSSY4 Masque: https://datatracker.ietf.org/wg/masque/about/ Privacy Pass: https://privacypass.github.io/ Anubis: https://anubis.techaro.lol/docs/design/how-anubis-works/ How Onion Routing Works: https://firewallsdontstopdragons.com/how-onion-routing-works/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:01:16: Interview setup 0:04:46: Lingo definitions 0:09:48: Why do we need yet another VPN? 0:15:00: How does Obscura differ from Apple Private Relay and Tor? 0:21:59: How little info can you give to set up an Obscura account? 0:25:33: What is the Bitcoin Lightning Network? 0:27:30: How can we know how much logging a VPN provider is doing? 0:35:04: Does Obscura have the same quirks as regular VPNs? 0:42:10: How vulnerable are you to being taken down by governments? 0:46:11: What are the core technologies in Obscura? 0:50:49: What do you think about Safing’s IP-per-connection idea? 0:54:00: Are you planning to expand your partner VPNs? 0:56:41: How does Obscura handle the TunnelVision problem? 0:59:57: What is the roadmap for supporting other operating systems? 1:03:14: What’s next for Obscura? 1:04:32: Interview wrap-up 1:09:19: Patron podcast preview 1:09:50: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Slay Message Snoopers 45:24

منذ 16 يومًا45:24

45:24

There are way too many messenger apps today. It’s a sad state of affairs and I don’t see it getting better anytime soon. But the real problem (for me) is that almost all of the popular messenger apps aren’t really that secure and private. Most do not have end-to-end encryption (E2EE) at all or it’s not turned on by default. And frankly even the apps with E2EE are run by companies whose revenue model is based on monetizing your personal data. I’m going to suggest you try Signal. In other news: study finds Canadian’s health data being sold to drug makers; DOGE worker’s computer has been hacked; airlines are selling your data to ICE; a massive proxy botnet has been shut down; Google pays $1.4B to Texas over unauthorized tracking and data collection; Denver decides to stop using license plate readers of privacy concerns; jury orders NSO Group to pay hundreds of millions of dollars for hacking WhatsApp users. Article Links [cbc.ca] Millions of Canadians’ health data available for sale to pharmaceutical industry, study shows https://www.cbc.ca/news/health/health-data-records-pharmaceutical-private-clinics-1.7529955 [micahflee.com] DOGE bro Kyle Schutt’s computer infected by malware, credentials found in stealer logs https://micahflee.com/doge-bro-kyle-schutts-computer-infected-by-malware-credentials-found-in-stealer-logs/ [jacobin.com] Airlines Are Selling Your Data to ICE https://jacobin.com/2025/05/airlines-data-ice-trump-immigration/ [The Hacker News] BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html [The Hacker News] Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html [9news.com] Denver will stop using license plate reader cameras amid privacy worries https://www.9news.com/article/news/local/local-politics/license-plate-reader-camera-data-security-concerns/73-9c570252-9d1c-4e5c-b042-c12392aa1081 [arstechnica.com] Jury orders NSO to pay $167 million for hacking WhatsApp users https://arstechnica.com/security/2025/05/jury-orders-nso-to-pay-167-million-for-hacking-whatsapp-users/ Tip of the Week: Slay Snoopers: https://firewallsdontstopdragons.com/dragon-hacks-slay-snoopers/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:43: News preview 0:02:53: Millions of Canadians’ health data available for sale to pharmaceutical industry 0:08:39: DOGE engineer’s computer infected by malware 0:14:38: Airlines Are Selling Your Data to ICE 0:22:05: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in US, Dutch Operation 0:28:04: Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection 0:30:21: Denver will stop using license plate reader cameras amid privacy worries 0:34:54: Jury orders NSO to pay $167 million for hacking WhatsApp users 0:39:17: Tip of the Week: Slay Snoopers 0:44:31: Wrap-up…

Firewalls Don't Stop Dragons Podcast

1
Shelter from the Storm 1:16:42

منذ 23 يومًا1:16:42

1:16:42

Almost exactly two years ago, “Five Eyes” intelligence agencies discovered a successful and ongoing cyber attack on critical US infrastructure by a state-sponsored actor based in China. This group, associated with the People’s Liberation Army and known as Volt Typhoon, was tasked with quietly gaining persistent remote access to critical systems including water, power, communications, and transportation systems, as well as ports and government networks. The goal was to deter the US from interfering with a future invasion of Taiwan by China, either by crippling the US infrastructure or threatening to. Despite dire warnings from the four top cyber officials in a Jan 2024 Congressional hearing, the US is still woefully unprepared for such attacks. Josh Corman is leading an effort labeled UnDisruptable27 to greatly improve the resilience of our critical systems before 2027, the year China seems to be targeting to make their move. Interview Notes UnDisruptable27: https://securityandtechnology.org/undisruptable27/ Critical Effect conference (DC): http://critical-effect.org/ Congressional hearing, CCP cyber threat to national security: https://selectcommitteeontheccp.house.gov/committee-activity/hearings/hearing-notice-ccp-cyber-threat-american-homeland-and-national-security Josh’s RSA talk (2024): https://www.youtube.com/watch?v=dhJvslRRlFc UnDisruptable27 video 1: https://www.youtube.com/watch?v=GnozKc3gFsM UnDisruptable27 video 2: https://www.youtube.com/watch?v=d8UsrMRvt14 Cyber Resilience Corps: https://cltc.berkeley.edu/program/cyber-resilience-corps/ Cyber Volunteer Resource Center: https://www.cisa.gov/audiences/high-risk-communities/cybervolunteerresourcecenter Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:03:49: Lingo explanations 0:07:26: What is UnDisruptable27 and why did you start it? 0:16:47: How does this relate to China’s intention to invade Taiwan? 0:22:00: What at the psychological impacts of this sort of attack? 0:25:31: How long might it take to recover from this sort of attacK? 0:33:12: If this threat is so dire, why aren’t we scrambling to address it? 0:37:24: Do Russia, Iran and North Korea pose similar threats? 0:41:32: How can we surface single points of failure from secondary sources? 0:49:21: Can’t we also do this to our adversaries? Is that a deterrence? 0:53:45: What should our government be doing about this? 0:58:39: How can we incentivze private companies to take action? 1:01:55: What can we do, at home and in our communities? 1:07:19: What’s next for UnDisruptable27? 1:10:47: Some final thoughts 1:15:03: Patron bonus content 1:15:29: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Disable Your MAID 1:06:23

منذ 30 يومًا1:06:23

1:06:23

As we learned last week from Zach Edwards, our smartphones have a globally unique mobile ad ID, or MAID, that is automatically associated with everything we do on our phones… unless we take explicit steps to turn this off. Today I’ll tell you how this works and why you should disable this insidious form of tracking. In other news: the FTC warns us about a new type of scam; dating app Raw exposed sensitive user data; a determined reporter documents his efforts to disable all the AI features in his Google phone; “juice jacking” is back with a tricky twist; Apple’s AirPlay has a vulnerability whose fix may not reach all devices; Microsoft is pushing hard for passwordless accounts; Google Wallet allows you to verify your age without giving up personal info; and there’s a new and troubling update to the Signalgate saga. Article Links [lifehacker.com] The FTC Is Warning Consumers About a Scam on Discounted Monthly Bills https://lifehacker.com/money/ftc-monthly-services-scam [techcrunch.com] Dating app Raw exposed users’ location data and personal information https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information/ [cnet.com] I Tried to Turn Off the AI on My Pixel 9. It Wasn’t Easy https://www.cnet.com/tech/mobile/i-tried-to-turn-off-the-ai-on-my-pixel-9-it-wasnt-easy/ [arstechnica.com] iOS and Android juice jacking defenses have been trivial to bypass for years https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/ [wired.com] Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi https://www.wired.com/story/airborne-airplay-flaws/ [Bleeping Computer] Microsoft makes all new accounts passwordless by default https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/ [blog.google] It’s now easier to prove age and identity with Google Wallet https://blog.google/products/google-pay/google-wallet-age-identity-verifications/ [404media.co] Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages https://www.404media.co/mike-waltz-accidentally-reveals-obscure-app-the-government-is-using-to-archive-signal-messages/ Tip of the Week: Disable your Mobile Ad ID: https://firewallsdontstopdragons.com/disable-your-mobile-ad-id/ Bonus Links [consumerreports.org] Using Contactless Payments on Your Phone? Take These Smart Steps. https://www.consumerreports.org/money/digital-payments/using-contactless-payments-on-phone-take-these-smart-steps-a1152343770/ Micah Lee’s TM SGNL blogs: https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/ https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:00: Intro 0:01:09: News preview 0:03:38: FTC Warning Consumers About a Scam on Discounted Monthly Bills 0:06:51: Dating app Raw exposed users’ location data and personal information 0:13:31: I Tried to Turn Off the AI on My Pixel 9. It Wasn’t Easy 0:20:30: iOS and Android juice jacking defenses have been trivial to bypass for years 0:29:07: Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi 0:35:06: Microsoft makes all new accounts passwordless by default 0:40:35: It’s now easier to prove age and identity with Google Wallet 0:47:42: Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages 0:57:06: CR report on payment apps 0:57:54: Tip of the Week: Disable Your MAID 1:04:05: Looking ahead 1:05:00: Patron podcast preview…

Firewalls Don't Stop Dragons Podcast

1
Riding the Data Gravy Train 1:14:22

منذ 5 weeks1:14:22

1:14:22

Data brokers are out of control. While we think of them gathering data in order to target us with ads, they can actually use the targeted ad system (real-time bidding) to collect vast quantities of personal information. It’s a very shady business and the primary players are trying hard to obfuscate what they’re doing. Thankfully, we have people like my guest, Zach Edwards, whose investigations are ripping the cover off of these unscrupulous practices. Interview Notes Zach Edwards: https://www.linkedin.com/in/zedwards/ Zach at Silent Push: https://www.silentpush.com/team/zach-edwards/ Using email aliases: https://firewallsdontstopdragons.com/how-to-use-email-aliases-part-1/ Disable mobile ad ID (iOS): https://ssd.eff.org/module/how-to-get-to-know-iphone-privacy-and-security-settings#disable-ad-tracking Disable mobile ad ID (Android): https://ssd.eff.org/module/how-to-get-to-know-android-privacy-and-security-settings#disable-ad-tracking Further Info Dragon Coin Promo!! https://fdsd.me/promo425 Generate passphrases with a d20: https://d20key.com/#/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:00: Intro 0:01:15: Last call for dragon coins! 0:01:57: Interview setup 0:03:01: Lingo definitions 0:05:05: How did you get into ad tracking as a profession? 0:12:57: How does Real-Time Bidding work? 0:16:16: Who are the big players in this space? 0:28:25: How does RTB leak data about us? 0:42:47: How much info about us is actually inferred rather than explicit? 0:46:09: Who else is looking to get hold of this ad data? 0:50:33: How else is our data being abused? 0:54:13: How does my data being leaked impact other people? 0:56:04: Are government agencies doing enough to protect our data? 0:57:53: Have we managed to fix any of the RTB system problems? 0:59:56: Is there a way to have targeted ads AND privacy? 1:05:31: So what can we do about this? 1:09:26: Wrap-up: revisiting email aliases 1:12:51: Patron bonus content preview 1:13:33: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Travel Insecurity 1:05:30

منذ 6 weeks1:05:30

1:05:30

Going through border security today – even just returning to your own country – is not at simple and stress-free as it should be. The likelihood of our digital devices being searched by a border agent has increased in recent years and political sensitivities today can be high. Our devices have access to a ridiculous amount of extremely personal information. How can we protect ourselves? The answers aren’t great, but I’ll give the current best advice from immigration lawyers and civil rights groups. In other news: the Apple-UK data privacy court case will be at least partially public; some companies are ignoring automated opt-out signals; Waymo may use interior car video to train its AI; data breaches at Hertz and a Planned Parenthood medical lab; air travel group paints a picture of future use of facial recognition; San Francisco police have a new surveillance center; Ukraine drones come with anti-Russian malware; judge rules that ‘cell tower dumps’ require a warrant. Article Links [bbc.com] Apple-UK data privacy row should not be secret, court rules https://www.bbc.com/news/articles/cvgn1lz3v4no [innovation.consumerreports.org] New Report: Many Companies May Be Ignoring Opt-Out Requests Under State Privacy Laws https://innovation.consumerreports.org/new-report-many-companies-may-be-ignoring-opt-out-requests-under-state-privacy-laws/ [techcrunch.com] Waymo may use interior camera data to train generative AI models, but riders will be able to opt out https://techcrunch.com/2025/04/08/waymo-may-use-interior-camera-data-to-train-generative-ai-models-sell-ads/ [Bleeping Computer] US lab testing provider exposed health data of 1.6 million people https://www.bleepingcomputer.com/news/security/us-lab-testing-provider-exposed-health-data-of-16-million-people/ [9to5mac.com] PSA: Hertz belatedly says customer personal data stolen, inc credit card details https://9to5mac.com/2025/04/15/psa-hertz-belatedly-says-customer-personal-data-stolen-inc-credit-card-details/ [theguardian.com] Boarding Passes and Check in to Be Scrapped in Air Travel Shake-up Plans https://www.theguardian.com/world/2025/apr/11/boarding-passes-and-check-in-to-be-scrapped-in-air-travel-shake-up-plans [cbsnews.com] San Francisco Police’s new surveillance hub being credited with 20% drop in crime https://www.cbsnews.com/sanfrancisco/news/san-francisco-police-surveillance-hub-real-time-investigation-center/ [forbes.com] Russians Capture Ukrainian Drones Which Infect Their Systems With Malware https://www.forbes.com/sites/vikrammittal/2025/04/02/russians-capture-ukrainian-drones-which-infect-their-systems-with-malware/ [404media.co] Judge Rules Blanket Search of Cell Tower Data Unconstitutional https://www.404media.co/judge-rules-blanket-search-of-cell-tower-data-unconstitutional/ Tip of the Week: https://firewallsdontstopdragons.com/border-insecurity/ Further Info Dragon Coin Promo!! https://fdsd.me/promo425 Generate passphrases with a d20: https://d20key.com/#/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ How and why to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:24: Update Apple stuff 0:00:42: Dragon coin promo! 0:01:32: News preview 0:04:11: Apple-UK data privacy row should not be secret, court rules 0:08:14: Many Companies May Be Ignoring Opt-Out Requests 0:14:20: Waymo may use interior camera data to train generative AI models 0:19:56: US lab testing provider exposed health data of 1.6 million people 0:24:22: Hertz belatedly says customer personal data stolen, inc credit card details 0:27:18: Boarding Passes and Check in to Be Scrapped in Air Travel Shake-up Plans 0:30:58: San Francisco Police’s new surveillance hub being credited with 20% drop in crime 0:38:06: Russians Capture Ukrainian Drones Which Infect Their Systems With Malware 0:42:34: Judge Rules Blanket Search of Cell Tower Data Unconstitutional 0:46:31: Tip of the Week: Travel Insecurity 1:03:57: Wrap-up 1:04:17: Merlin’s Musings preview 1:04:59: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Life on the Blue Team 1:05:18

منذ 7 weeks1:05:18

1:05:18

It’s easy to be a Monday morning quarterback, even with cybersecurity. But defending a business, of any size, against cyber threats today is hard. Like, really hard. Defenders have to succeed every single time; attackers only need to succeed once. And then your company makes the headlines. Today we’ll delve into the world of the “blue team” – the defenders who are charged with protecting your data and the services you depend on – with cyber expert Oz Jones. Along the way, we’ll learn valuable lessons for everyone. Interview Notes Oz Jones on LinkedIn: https://www.linkedin.com/in/4f5a/ Troy Hunt got pwned: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/ CIS Controls: https://www.cisecurity.org/controls Marsh’s Top 12 controls: https://www.marsh.com/en-gb/services/cyber-risk/insights/cyber-resilience-twelve-key-controls-to-strengthen-your-security.html Further Info Dragon Coin Promo!! https://fdsd.me/promo425 Generate passphrases with a d20: https://d20key.com/#/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:29: Patron promo is LIVE! 0:01:16: Correction 0:01:49: Interview setup 0:04:44: Jargon definitions 0:06:39: How did you get into cyber incident response? 0:09:56: What does it mean to be on the Blue Team? 0:13:25: What are the most impactful cyber threats to companies today? 0:16:34: Are people or companies most as risk for ransomware attacks? 0:19:57: What impact has cyber insurance had on cyber security? 0:21:02: What are the most common types of attacks on companies? 0:23:59: How should companies educate their employees about cyber threats? 0:30:48: How does working from home or using personal devices impact cyber attacks? 0:35:22: How can you protect your company against supply chain attacks? 0:38:45: What resources are available to help companies prepare? 0:41:07: How can we detect attacks and malware infections? 0:44:22: After an attack, how do you respond? 0:48:05: What are my legal obligations for notifying my customers? 0:50:25: Are table top simulations useful? 0:52:07: Are there incident response consultants you can hire? 0:53:05: Can you recommend some helpful resources? 0:56:11: As consumers, how can we make better choices? 0:58:22: Interview wrap-up 1:01:51: Troy Hunt was pwned 1:03:04: Patron bonus preview 1:04:32: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Differential Privacy 1:12:05

منذ 8 weeks1:12:05

1:12:05

When we collect a lot of personal data, say via the US Census, the goal is to glean important aggregate information and statistics, while somehow preserving the anonymity and privacy of the individual respondents. There’s a rigorous mathematical process for doing this – that’s actually not that hard to understand – called Differential Privacy. I’ll explain how it works. In the news: iOS has a new location privacy setting; Google confirms it’s rolling out AI to Gmail; Windows makes it much harder to avoid creating a Microsoft Account; WhatsApp is rolling out AI in Europe with no way to opt out; Switzerland is considering undermining encrypted communications; 23andMe is going bankrupt – it’s time to delete your data; France rejects a backdoor mandate; and finally, I have a lot to say about the US officials’ Signal chat debacle. Article Links [9to5mac.com] iOS 18.4 includes a new location services privacy setting for your iPhone https://9to5mac.com/2025/04/02/ios-iphone-new-location-services-privacy-toggle/ [forbes.com] Google Confirms Gmail Upgrade—3 Billion Users Must Now Decide https://www.forbes.com/sites/zakdoffman/2025/03/22/google-confirms-gmail-upgrade-3-billion-users-must-now-decide/ [windowscentral.com] Microsoft will force Windows 11 installs to use a Microsoft Account — confirms removal of popular setup bypass https://www.windowscentral.com/software-apps/windows-11/microsoft-will-force-windows-11-installs-to-use-a-microsoft-account-confirms-removal-of-popular-setup-bypass [Bleeping Computer] WhatsApp’s Meta AI is now rolling out in Europe, and it can’t be turned off https://www.bleepingcomputer.com/news/artificial-intelligence/whatsapps-meta-ai-is-now-rolling-out-in-europe-and-it-cant-be-turned-off/ [techradar.com] Secure encryption and online anonymity are now at risk in Switzerland – here’s what you need to know https://www.techradar.com/vpn/vpn-privacy-security/secure-encryption-and-online-anonymity-are-now-at-risk-in-switzerland-heres-what-you-need-to-know [arstechnica.com] FTC: 23andMe buyer must honor firm’s privacy promises for genetic data https://arstechnica.com/tech-policy/2025/04/ftc-watching-23andme-bankruptcy-sale-for-impact-on-users-genetic-data/ [schneier.com] The Signal Chat Leak and the NSA https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html [eff.org] A Win for Encryption: France Rejects Backdoor Mandate https://www.eff.org/deeplinks/2025/03/win-encryption-france-rejects-backdoor-mandate How Differential Privacy Works: https://firewallsdontstopdragons.com/how-differential-privacy-works/ Further Info Dragon Coin Promo!! https://fdsd.me/promo425 Generate passphrases with a d20: https://d20key.com/#/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:28: Coin promo teaser 0:02:47: News preview 0:05:21: iOS 18.4 includes a new location services privacy setting 0:10:09: Google Confirms Gmail AI Upgrade 0:16:41: Microsoft will force Windows 11 installs to use a Microsoft Account 0:20:57: WhatsApp’s Meta AI is now rolling out in Europe 0:23:32: Secure encryption and online anonymity are now at risk in Switzerland 0:27:33: FTC: 23andMe buyer must honor firm’s privacy promises for genetic data 0:35:09: The Signal Chat Leak 0:53:05: A Win for Encryption: France Rejects Backdoor Mandate 0:56:14: Tip of the Week: Differential Privacy 1:06:20: Coin promo details 1:11:04: Merlin’s Musings topic 1:11:29: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Microscoping Our Apps 1:10:56

منذ 9 weeks1:10:56

1:10:56

We’ve been installing apps on our smartphones for almost two decades now. The iPhone and Android app stores kicked off in 2008 and we still, to this day, have no real way to know what’s in them. It turns out that most apps are an amalgamation of software libraries and development kits from various third party vendors, so often even the makers of apps don’t fully understand the makeup of their products. Lisa LeVasseur from Internet Safety Labs has worked to build tools to dissect and inspect our apps and help us understand what they’re really doing. Interview Notes Internet Safety Labs: https://internetsafetylabs.org/ App Microscope: https://appmicroscope.org/ Interview with Dr. Johnny Ryan on real-time bidding: https://podcast.firewallsdontstopdragons.com/2021/08/02/selling-you-out-to-the-highest-bidder/ Dark Patterns interview: https://podcast.firewallsdontstopdragons.com/2020/11/16/dark-patterns-part-1/ Using Burp Suite to intercept HTTP traffic: https://portswigger.net/burp/documentation/desktop/getting-started/intercepting-http-traffic Exodus Privacy: https://exodus-privacy.eu.org/en/ Henrietta Lacks: https://en.wikipedia.org/wiki/Henrietta_Lacks Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support My social media: https://firewallsdontstopdragons.com/contact/ Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:31: Note on 23andMe 0:01:35: Follow my social media 0:01:58: Signal debacle 0:02:39: Interview setup 0:07:06: What is Internet Safety Labs and what do you do there? 0:09:49: What are the privacy risks with EdTech? 0:16:31: How did the pandemic impact EdTech software? 0:19:02: How does the “notice and consent” model work with EdTech software? 0:25:26: Do app makers even know what’s in their own software? 0:28:11: How do ads inside our apps get there? 0:30:45: How does App Microscope work? 0:32:33: How does safety differ from security? 0:34:37: What can you learn from the data and metadata an app generates? 0:37:22: Do you study “dark patterns” in apps? 0:41:42: How do you determine the software makeup of a given app? 0:47:10: How accurate are the app privacy “nutrition” labels? 0:51:58: How important are the non-technical aspects of an app for safety? 0:56:33: How do I use the App Microscope tool? 1:00:38: How can we support your efforts? 1:04:41: Interview follow-up 1:08:51: Burp Suite info 1:09:32: Patron bonus preview 1:10:27: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
It’s Tax (Scam) Time Again 58:32

منذ 10 weeks58:32

58:32

Tax time is once again upon us here in the USA, which means that the tax scammers are coming out of the woodwork. Many will claim to be representing the IRS, claiming that there is an urgent need to fix a problem with your return, threatening penalties if you don't pay them money. Others will simply try to file fake returns in your name, but send the massive false refund checks to themselves. I'll help you spot and avoid these scams. In other news: Apple's Passwords app was vulnerable to phishing attacks (now fixed); Amazon is forcing Echo owners to share voice recordings; the Bluetooth chip "backdoor" that wasn't; Captchas were used by Google to translate books and Street View images; ICE uses third party tool to scrape tons of your data; beware of online file converters; Clearview AI attempted to buy millions of mugshots; RCS messaging will soon allow end-to-end encrypted chats between iPhones and Android phones. Article Links [9to5mac.com] Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch https://9to5mac.com/2025/03/18/apples-passwords-app-was-vulnerable-to-phishing-attacks-for-nearly-three-months-after-launch/ [arstechnica.com] Everything You Say to Your Echo Will Soon Be Sent to Amazon, and You Can’t Opt Out https://arstechnica.com/gadgets/2025/03/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-on-march-28/ [darkmentor.com] The ESP32 "backdoor" that wasn't https://darkmentor.com/blog/esp32_non-backdoor/ [techradar.com] Captcha if you can: how you’ve been training AI for years without realising it https://www.techradar.com/news/captcha-if-you-can-how-youve-been-training-ai-for-years-without-realising-it [404media.co] The 200+ Sites an ICE Surveillance Contractor is Monitoring https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/ [malwarebytes.com] Warning over free online file converters that actually install malware https://www.malwarebytes.com/blog/news/2025/03/warning-over-free-online-file-converters-that-actually-install-malware [404media.co] Facial Recognition Company Clearview Attempted to Buy Social Security Numbers and Mugshots for its Database https://www.404media.co/facial-recognition-company-clearview-attempted-to-buy-social-security-numbers-and-mugshots-for-its-database/ [appleinsider.com] RCS messaging will get end-to-end encryption on iPhone https://appleinsider.com/articles/25/03/14/rcs-messaging-will-get-end-to-end-encryption-on-iphone Tip of the Week: https://firewallsdontstopdragons.com/its-tax-scam-time/ Further Info Data Diva interview: https://www.debbiereynoldsconsulting.com/podcast/e228-carey-parker Malwarebytes interview: https://www.malwarebytes.com/blog/podcast/2025/03/what-google-chrome-knows-about-you-with-carey-parker-lock-and-code-s06e06 Amazon Mechanical Turk: https://en.wikipedia.org/wiki/Amazon_Mechanical_Turk My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:00: Intro 0:00:21: Guest appearances 0:01:22: News preview 0:03:50: Apple’s Passwords app was vulnerable to phishing attacks for nearly three months 0:10:41: Everything You Say to Your Echo Will Soon Be Sent to Amazon, and You Can’t Opt Out 0:21:30: The ESP32 "backdoor" that wasn't 0:29:16: Captcha if you can: how you’ve been training AI for years without realising it 0:35:08: The 200+ Sites an ICE Surveillance Contractor is Monitoring 0:43:10: Warning over free online file converters that actually install malware…

Firewalls Don't Stop Dragons Podcast

1
All Things Secured 1:04:37

منذ 11 weeks1:04:37

1:04:37

Josh Summers lived in China for many years and learned a lot about privacy and security. Since he left, he's made it his mission to share this knowledge through his website and YouTube channel called All Things Secured - helping regular, everyday people like you and me to protect our data and devices. Today we'll talk specifically about improving your security and privacy on iPhones and Android phones, and even some alternatives outside the Apple and Google ecosystems. Interview Notes All Things Secured: https://www.allthingssecured.com/ All Things Secured YouTube: https://www.youtube.com/@AllThingsSecured Apple iPhone Lockdown Mode: https://support.apple.com/en-us/105120 Apple Stolen Device Protection: https://support.apple.com/en-us/120340 Apple Advanced Data Protection: https://support.apple.com/en-us/108756 Android Theft Protection: https://blog.google/products/android/android-theft-protection/ Google Advanced Protection Program: https://landing.google.com/advancedprotection/faq/ iPhone hide/lock apps: https://support.apple.com/guide/iphone/lock-or-hide-or-an-app-iph00f208d05/ios Cryptomator: https://cryptomator.org/ OsmAnd maps: https://osmand.net/ Jitsi video conferencing: https://jitsi.org/ Hoody AI: https://hoody.com/ai DuckDuckGo AI: https://duck.ai/ GrapheneOS: https://grapheneos.org/ Further Info Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents 0:00:14: intro 0:00:27: Couple quick news items 0:01:59: Interview setup 0:02:47: How did you come to start All Things Secured? 0:04:41: What's is like living in China, from a privacy perspective? 0:07:26: What are the basic security and privacy risks with a smartphone? 0:11:21: How do iPhones compare to Android phones? 0:13:35: How does Android's multi-level ecosystem impact security? 0:16:42: How secure are smartphones against remote attacks? 0:19:39: Can you protect your smartphone against direct physical access? 0:25:20: What are some of the latest and greatest smartphone security features? 0:35:51: What if we don't trust Apple or Google's security? 0:40:05: If we don't trust Apple or Google apps, which ones should we consider using? 0:45:35: How can we protect our privacy with AI? 0:53:08: Are there better smartphone options beyond iOS and Android? 0:56:27: What worries you most? What gives you hope? 0:58:54: How can we learn more from you? 1:00:01: Interview wrap-up 1:00:55: Patron bonus content 1:01:55: Guest appearances 1:02:47: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Slay Browser Ads Forever 1:07:31

منذ 12 weeks1:07:31

1:07:31

Google's Chrome browser is rolling out changes that will hamstring ad blockers - so there's never been a better time to try a better browser. There are a handful of good options, but I'm going to recommend that you try Firefox with a fantastic ad blocker called uBlock Origin. If you've never tried this powerful combination, you won't believe what you've been missing. In other news: the UK scrubs all encryption advice from government sites; Signal's CEO threatens to leave Sweden over backdoor demands; UK private health services hit by Medusa ransomware; Australian IVF provider has patient data stolen; Brazil gives Apple 90 days to allow side loading of apps; millions of Android TVs hijacked by a botnet; Qualcomm and Google team up to offer 8 years of Android updates; Google rolls out AI voice call scam detector; and confusion over Trump admin orders regarding Russia cyber threats. Article Links [techcrunch.com] UK quietly scrubs encryption advice from government websites https://techcrunch.com/2025/03/06/uk-quietly-scrubs-encryption-advice-from-government-websites/ [swedenherald.com] Signal's CEO: Then We're Leaving Sweden https://swedenherald.com/article/signals-ceo-then-were-leaving-sweden [theregister.com] Medusa ransomware gang demands $2M from UK private health services provider https://www.theregister.com/2025/02/20/medusa_hcrg_ransomware/ [techcrunch.com] Hackers publish sensitive patient data allegedly stolen from Australian IVF provider Genea https://techcrunch.com/2025/02/26/hackers-publish-sensitive-patient-data-allegedly-stolen-from-australian-ivf-provider-genea/ [9to5mac.com] Brazilian court gives Apple 90 days to allow sideloading on iOS https://9to5mac.com/2025/03/06/brazilian-court-apple-sideloading-ios/ [tomsguide.com] Millions of Android TVs hijacked in massive botnet https://www.tomsguide.com/computing/online-security/millions-of-android-tvs-hijacked-in-massive-botnet-how-to-see-if-yours-is-at-risk [arstechnica.com] Qualcomm and Google team up to offer 8 years of Android updates https://arstechnica.com/gadgets/2025/02/qualcomm-and-google-team-up-to-offer-8-years-of-android-updates/ [The Hacker News] Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud https://thehackernews.com/2025/03/google-rolls-out-ai-scam-detection-for.html [zetter-zeroday.com] Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/ [theregister.com] uBlock Origin dead for many as Google purges Manifest v2 extensions https://www.theregister.com/2025/02/24/google_v2_eol_v3_rollout/ Tip of the Week: Slay Browser Ads: https://firewallsdontstopdragons.com/dragon-hacks-slay-browser-ads/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Check out my dragon challenge coin: https://fdsd.me/coin2 Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:00:26: Update your Android devices 0:00:47: News rundown 0:02:50: UK quietly scrubs encryption advice from government websites 0:08:45: Signal's CEO: Then We're Leaving Sweden 0:11:01: Medusa ransomware gang hits UK health services provider 0:15:32: Hackers publish patient data allegedly from Australian IVF provider 0:19:13: Brazilian court gives Apple 90 days to allow sideloading on iOS 0:22:32: Millions of Android TVs hijacked in massive botnet 0:32:17: Qualcomm and Google offer 8 years of Android updates 0:39:18: Google Rolls Out AI Scam Detection for Android…

Firewalls Don't Stop Dragons Podcast

1
Back to The L0pht 1:03:21

منذ 13 weeks1:03:21

1:03:21

Today, we travel back in time and back to The L0pht with one of the original founders of L0pht Heavy Industries, Weld Pond (aka Chris Wysopal). We'll talk about how hacker culture has impacted modern technology, cybersecurity practices and digital rights, while sprinkling in some classic and hilarious stories from hacker history by someone who lived them. Interview Notes Veracode: https://www.veracode.com/ L0pht.com: https://l0pht.com/ L0pht Congressional testimony 1998: https://www.youtube.com/watch?v=VVJldn_MmMY DEF CON 26 reunion panel: https://archive.org/details/youtube-noE4o-roAWM MIT Lockpicking guide: https://archive.org/details/mit-guide-to-lock-picking-v05/mode/2up The Open Organisation Of Lockpickers (TOOOL): https://toool.us/ 2600: https://www.2600.com/ Classic engineering references: https://bitsavers.org/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:16: intro 0:00:40: Interview setup 0:03:19: How did you come to be in The L0pht? 0:08:36: How did meeting in real life as well as online affect L0pht's dynamics? 0:09:34: How did you find so much free and adandoned computer hardware? 0:13:44: How did you manage to just drive your van in the NSA parking lot? 0:19:20: What has been the lasting impact of your Congressional testimony in 1998? 0:21:45: How did you come to invite cyber czar Richard Clarke to The L0pht? 0:27:17: How have hackers pushed back against overreach from corporations? 0:36:05: Why are lockpicking and computer hacking so closely related? 0:40:55: Is it easier or harder to be a hacker today versus when you started? 0:45:56: Are we still fighing the Crypto Wars of the 90s? Are we winning? 0:51:17: Are there any glaring misconceptions about The L0pht you'd like to fix? 0:55:16: Where are The L0pht folks now and what are they up to? 0:57:51: Interview wrap-up 1:00:59: Patron bonus preview 1:01:35: Looking ahead…

Firewalls Don't Stop Dragons Podcast

1
Onion Routing 1:13:45

منذ 14 weeks1:13:45

1:13:45

Not all Privacy Enhancing Technologies are new - but this one is probably new to you. Onion routing was developing in the 1990's by the US government and is the basis for the Tor Network. Onion routing does one thing very well: it masks your actual IP address. While you can use a VPN for this purpose, onion routing adds a different layer of anonymity - and it's just a cool technology. Today I'll explain how it works, how to use it, and the pros and cons of doing so. In other news: Bitly is leveraging its URL-shortening empire to monetize your links; a major car company is experimenting with in-car pop up ads; a cautionary tale about law enforcement's access to private phone data; Russian spies are using a clever new phishing technique to gain access to Microsoft 365 accounts; Apple pulls its Advanced Data Protection feature from the UK market in response to demands to 'backdoor' its encryption; and whatever your political beliefs, the chaos and careless changes made by the DOGE group are seriously undermining national security. Article Links [tedium.co] Broken Bits https://tedium.co/2025/02/07/bitly-terms-of-service-change/ [techstory.in] Stellantis Introduces Pop-Up Ads in Vehicles, Sparking Outrage Among Owners https://techstory.in/stellantis-introduces-pop-up-ads-in-vehicles-sparking-outrage-among-owners/ [arstechnica.com] No warrant or crimes—but Oregon woman’s nudes were shared after illegal phone search https://arstechnica.com/tech-policy/2025/02/no-warrant-or-crimes-but-oregon-womans-nudes-were-shared-after-illegal-phone-search/ [arstechnica.com] Russian spies use device code phishing to hijack Microsoft accounts https://arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/ [bbc.com] Apple pulls data protection tool after UK government security row https://www.bbc.com/news/articles/cgj54eq4vejo [schneier.com] DOGE as a National Cyberattack https://www.schneier.com/blog/archives/2025/02/doge-as-a-national.html Tip of the Week: How Onion Routing Works: https://firewallsdontstopdragons.com/how-onion-routing-works/ Further Info Safe link shortener: https://kutt.it/ Read before using the Tor Browser: https://www.privacyguides.org/en/tor/ Tor Browser: https://www.torproject.org/download/ Onion sites that don’t suck: https://github.com/neilzone/onion-sites-that-dont-suck My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: News preview 0:02:19: Broken Bits 0:13:50: Stellantis Introduces Pop-Up Ads in Vehicles 0:20:28: Oregon woman’s nudes were shared after illegal phone search 0:28:03: Russian spies use device code phishing to hijack Microsoft accounts 0:35:07: Apple pulls data protection tool after UK government security row 0:45:58: DOGE as a National Cyberattack 0:59:54: Tip of the Week: Onion Routing 1:11:53: Wrap-up…

مرحبًا بك في مشغل أف ام!

يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.