![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
382 episodes
![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
Firewalls Don't Stop Dragons Podcast Carey Parker
-
- Technology
Every week, this podcast brings you the cybersecurity and privacy news you need, in a manner that's easy for anyone to understand and even entertaining! The host also interviews top industry leaders, to dig deeper into important topics and recent events. It all that weren't enough, the host also passes along top tips for defending your digital realm.
-
Means of Control
Every day, we generate tons of digital exhaust: our web browsing, GPS location, online and in-store purchases, emails and messages, social media posts and feed viewing habits, and much, much more. Online marketers and data brokers have been living off these breadcrumbs for years. The intelligence and law enforcement agencies have found this data to be incredibly revealing, and they can buy most of this data on the open market without requiring any sort of warrant - and they have. This has important implications for democratic societies that value privacy and freedom. I'll discuss how this mass surveillance works and what it means for all of us with Byron Tau, author of the book "Means of Control".
Interview Notes
Means of Control: https://www.amazon.com/Means-Control-Alliance-Government-Surveillance/dp/0593443225
Byron Tau at NOTUS: https://www.notus.org/byron-tau
Puking Monkey’s DEF CON presentation: https://www.youtube.com/watch?v=T43Ti7c11lY
Make your EZ Pass “moo”: https://hackaday.com/2013/09/16/modified-e-zpass-detects-reads-far-from-toll-booths/
Official US policy on collecting public info on citizens: https://www.dni.gov/index.php/newsroom/press-releases/press-releases-2024/3815-odni-releases-ic-policy-framework-for-commercially-available-information
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:58: Update your Windows PCs
0:01:32: Interview setup
0:04:59: How might the collection of online data impact a regular person?
0:10:13: What sorts of things can all this data reveal about us?
0:15:44: How much can we learn by tracking a person's location?
0:17:38: What is 'gray data'?
0:22:40: Our data can be saved virtually forever - what are the ramifications?
0:26:30: How are data gathering rules different for law enforcement vs intelligence agencies?
0:32:54: When did data brokers start selling our info to government agencies?
0:39:22: Is it legal for these agencies to act as data brokers themselves?
0:42:12: What laws have impacted this sort of data collection in the US?
0:44:49: How and why do these agencies hide this data collection?
0:51:02: Are governments sharing data to skirt local restrictions?
0:54:54: How have these spy programs evolved since 9/11?
1:00:28: Have government agencies lobbied Congress against federal privacy laws??
1:03:20: How can we limit data collection and increase our privacy?
1:06:24: Could the Big Tech backlash help get a privacy law passed?
1:08:33: What are you working on next? -
Backup Your Cloud Data
Until recently, most of our important data lived primarily on our devices. Backing up that data often meant choosing a cloud backup service. But today, many of our most important photos and files are actually stored in the cloud. While cloud servers are supposed to be more robust than home computers with flaky hard drives and smartphones that get lost or stolen, it also means that someone else is in control of that data. Cloud services go offline, get bought out or even shut down. We now need to be sure to back up our cloud data, too.
In other news: 23andMe breach under investigation by US and Canada; cops release personal location info to FOIA request; hacker gains access to Tile customer data; more car privacy updates; Microsoft Recall backlash highlights our distrust; report shows Microsoft favoring profits over security; Mac Bartender app shadily changes ownership; new Apple privacy features coming.
Article Links
[malwarebytes.com] 23andMe data breach under joint investigation in two countries https://www.malwarebytes.com/blog/news/2024/06/23andme-data-breach-under-joint-investigation-in-two-countries
[theregister.com] Crooks threaten to leak 3B personal records 'stolen from background check firm' https://www.theregister.com/2024/06/03/usdod_data_dump/
[404media.co] Cops Released a Car’s Travel History to a Total Stranger https://www.404media.co/cops-released-a-cars-travel-history-to-a-total-stranger/
[404media.co] Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/
[The New York Times] Is Your Driving Being Secretly Scored? https://www.nytimes.com/2024/06/09/technology/driver-scores-insurance-data-apps.html
[Windows Central] A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-straw
[ProPublica] Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
[AppleInsider] Adobe's new terms of service unacceptably gives them access to all of your projects, for free https://appleinsider.com/articles/24/06/06/adobes-new-terms-of-service-unacceptably-gives-them-access-to-all-of-your-projects-for-free
[MacRumors] PSA: Bartender Mac App Under New Ownership, But Lack of Transparency Raises Concerns https://www.macrumors.com/2024/06/04/bartender-mac-app-new-owner/
[9to5Mac] iOS 18 includes these new privacy features: Lock and hide apps, improved contact permissions, more https://9to5mac.com/2024/06/10/ios-18-includes-these-new-privacy-features-lock-and-hide-apps-improved-contact-permissions-more/
Tip of the Week: Backup Your Cloud Data: https://firewallsdontstopdragons.com/how-to-backup-cloud-data/
Further Info
Under New Management plugin: https://github.com/classvsoftware/under-new-management
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch -
Anom: The FBI’s Phone Company
Encrypted communications are important for everyone, even if you have nothing to hide. But they're also important when you're trying to hide global criminal operations. Drug smugglers and money launderers have special needs when it comes to secure messaging. Several phone companies were created to address this market. Unfortunately for the criminals, the most popular one - Anom - was secretly run by the FBI. Today Joseph Cox from 404 Media will tell us about this astoundingly audacious sting operation, which is the basis for his book, Dark Wire.
Interview Notes
Order Dark Wire: https://a.co/d/h9o7ump
Anom website (right before take down): https://web.archive.org/web/20210507151115/http://anom.io/
Phantom Secure website (circa 2017): https://web.archive.org/web/20170330122723/http://phantomsecure.com/
Vice Anom story: https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor
Anom phone video: https://www.youtube.com/watch?v=EA1KS-xh0n0
Operation Trojan Shield: https://en.wikipedia.org/wiki/Operation_Trojan_Shield
Trojan Shield press conference: https://www.youtube.com/watch?v=S89O0nis_ss
Encrochat: https://en.wikipedia.org/wiki/EncroChat
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:54: Migrating to Mastodon
0:02:24: Embracing the dark... mode
0:02:45: Countdown to 400
0:03:28: Interview setup
0:04:30: How did this all start with you on an obscure forum for criminals?
0:08:34: What was Operation Trojan Shield?
0:10:49: How did the FBI start a secure phone company?
0:12:41: What were some of Anom's key tech features?
0:15:26: Where did they get the Arcane Operating System?
0:17:56: How did the 'duress' feature work?
0:20:18: How did Anom copy encrypted messages without being detected?
0:24:35: How were these phones marketed to criminals?
0:28:10: What does these phones cost?
0:30:09: What were the legal aspects for this multi-national operation?
0:34:49: How did they use this intelligence without revealing the source?
0:39:38: Did the criminals ever suspect the phones?
0:42:04: How did this all come to an end?
0:46:14: So, are we 'going dark' or not?
0:49:27: What lessons did the FBI take away from all this?
0:51:36: Can we still trust things like Signal and Proton?
0:55:39: What's your next big story or book? -
Migrate to Mastodon
Most major social media platforms are a hot mess. Your feed is filled with tons of crap you never asked to see and your data is mined mercilessly to serve you targeted ads. The promise of having a place to trade interesting posts with friends and family is now muddied up with sponsored content chosen by hidden algorithms optimized to keep you scrolling. It doesn't have to be that way. I've found something much better, and I'm inviting you to come join me.
In other news: Ticketmaster breach leaks data on half a billion users; the iOS bug that resurrected deleted photos explained; GPT-4 can write working malware based only on CVE bug descriptions; Slack customers upset to learn that their data was being used to train AI systems; WiFi location service can be used to track mobile routers; police are trialing new devices that can track and identify you based on multiple electronic signals; new Windows AI feature records everything you do on your PC; Microsoft rolling out welcome changes to admin privilege use; Google adding several privacy and security features to Android 15; and iVerify how has an Android app.
Article Links
[Mashable] Ticketmaster hacked. Breach affects more than half a billion users. https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack
[9to5Mac] Security Bite: Here’s the iOS 17.5 bug that resurfaced deleted photos https://9to5mac.com/2024/05/26/security-bite-heres-the-ios-17-5-bug-that-resurfaced-deleted-photos/
[Dark Reading] GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories
[securityweek.com] User Outcry as Slack Scrapes Customer Data for AI Model Training https://www.securityweek.com/user-outcry-as-slack-scrapes-customer-data-for-ai-model-training/
[9to5Mac] Apple Location Services vulnerability can enable troop movements to be tracked https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/
[Forbes] New Police Tech Can Detect Phones, Pet Trackers And Library Books In A Moving Car https://www.forbes.com/sites/thomasbrewster/2024/05/14/police-car-surveillance-tech-uncovers-phones-pet-trackers-and-library-books/
[Ars Technica] New Windows AI feature records everything you’ve done on your PC https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/
[PCWorld] Microsoft battens security hatches on Windows admin accounts https://www.pcworld.com/article/2344405/microsoft-battens-security-hatches-on-oft-used-windows-admin-accounts.html
[Lifehacker] Google Is Rolling Out Some Great Privacy Features to Android This Year https://lifehacker.com/tech/google-is-rolling-out-some-great-privacy-features-with-android-15
[iverify.io] iVerify Basic is now on Android! https://www.iverify.io/post/iverify-basic-is-now-on-android
Tip of the Week: Move to Mastodon https://firewallsdontstopdragons.com/how-to-move-to-mastodon/
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd. -
Why Privacy Matters
Our privacy has never been more threatened. While some of us are vaguely aware of this, most of the rampant data collection and sharing is completely opaque. And the consequences are more dire than most of us realize. We can't afford to be complacent. We need to push back, to ask questions, and make better choices. Privacy-respecting apps and services do exist today. Making a deliberate and overt decision to use them will force the market (and our elected representatives) to take notice. My guest Naomi Brockwell from NBTV will make a compelling case for privacy and reclaiming control of our data, including several top notch tips for doing so.
Interview Notes
Naomi Brockwell’s NBTV: https://www.nbtv.media/
A World Without Privacy: https://www.nbtv.media/episodes/a-world-without-privacy
A Beginner’s Introduction to Privacy: https://www.amazon.com/Beginners-Introduction-Privacy-Naomi-Brockwell-ebook/dp/B0BQHS8MFS
Who can access your car remotely? https://www.youtube.com/watch?v=Ff9pmaSdZV8
Naomi Brockwell on All Things Secured: https://www.youtube.com/watch?v=D0WjIWBQEBM
Michael Bazzell’s Extreme Privacy resources: https://inteltechniques.com/links.html
Try Proton! https://firewallsdontstopdragons.com/its-time-to-try-proton/
Try Signal! https://firewallsdontstopdragons.com/how-to-switch-to-signal/
Further Info
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:02:58: How did you become a privacy evangelist?
0:06:51: What are some of the most mind-blowing ways we leak personal data?
0:09:56: What were some of Orwell's most prescient predictions in 1984?
0:15:49: How is surveillance different in real life from 1984?
0:22:23: How does data collection skew the power balance between citizens and authorities?
0:26:36: How do you counter the "I have nothing to hide" argument?
0:29:55: Why is it so important to normalize the use of privacy tools?
0:33:46: What changes do you recommend and what are the impacts for making them?
0:45:48: If you've given away tons of personal data already, is it too late?
0:50:07: What can we do to push vendors to respect our privacy more?
0:57:49: What's the future of privacy look like?
1:00:15: Post-interview notes
1:06:11: Looking ahead -
How to Choose a PIN
Security experts talk at length about how to choose a good password - but we don't often talk about how to choose a good PIN code. A recent analysis by a researcher shows popular patterns humans use when choosing PIN codes, and therefore what you should avoid doing.
In the news: MediSecure e-Rx firm hit by data breach; CISA warns of active D-Link router exploit; a couple cases of insecure APIs being abused; 53k Nissan employees' SSN's leaked; new macOS malware called Cuckoo; Ascension Healthcare suffers cyberattack; Proton user's poor OpSec gives him away; TunnelVision VPN attack exploits DHCP feature; Maryland & Vermont pass data privacy laws; tracker detection feature debuts on iPhone & Android.
Article Links
[BleepingComputer] MediSecure e-script firm hit by ‘large-scale’ data breach https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/
[The Hacker News] CISA Warns of Actively Exploited D-Link Router Vulnerabilities https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html
[Ars Technica] How I upgraded my water heater and discovered how bad smart home security can be https://arstechnica.com/gadgets/2024/05/how-i-upgraded-my-water-heater-and-discovered-how-bad-smart-home-security-can-be/
[BleepingComputer] Dell API abused to steal 49 million customer records in data breach https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/
[infosecurity-magazine.com] 53,000 Nissan Employees' Social Security Numbers Exposed https://www.infosecurity-magazine.com/news/employees-social-security-nissan/
[Tom's Guide] New Cuckoo macOS malware can take over all Macs and steal your passwords https://www.tomsguide.com/computing/malware-adware/new-cuckoo-macos-malware-can-take-over-all-macs-and-steals-your-passwords-too-dont-fall-for-this
[Dark Reading] Ascension Healthcare Suffers Major Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack
[restoreprivacy.com] Proton Mail Discloses User Data Leading to Arrest in Spain https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/
[Ars Technica] Novel attack against virtually all VPN apps neuters their entire purpose https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
[mullvad.net] Evaluating the impact of TunnelVision https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision
[epic.org] Vermont Passes Landmark Data Privacy Bill https://epic.org/vermont-passes-landmark-data-privacy-bill/
[epic.org] Governor Moore Signs Maryland Online Data Privacy Act https://epic.org/governor-moore-signs-maryland-online-data-privacy-act/
[9to5Mac] Here’s how the new Cross-Platform Tracking Detection works https://9to5mac.com/2024/05/13/cross-platform-tracking-detection-ios-17-5/
Tip of the Week: How to Choose a PIN https://firewallsdontstopdragons.com/how-to-choose-a-pin/
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch