372 episodes

Every week, this podcast brings you the cybersecurity and privacy news you need, in a manner that's easy for anyone to understand and even entertaining! The host also interviews top industry leaders, to dig deeper into important topics and recent events. It all that weren't enough, the host also passes along top tips for defending your digital realm.

Firewalls Don't Stop Dragons Podcast Carey Parker

    • Technology
    • 4.9 • 48 Ratings

Every week, this podcast brings you the cybersecurity and privacy news you need, in a manner that's easy for anyone to understand and even entertaining! The host also interviews top industry leaders, to dig deeper into important topics and recent events. It all that weren't enough, the host also passes along top tips for defending your digital realm.

    Protecting Kids Online

    Protecting Kids Online

    There's a lot of nasty stuff online - things we would prefer our kids not see, at least not until they're mature enough to handle it. Our elected representatives have proposed various regulations to try to protect kids online, and while this is obviously a laudable goal, the devil is always in the details. Many of the proposed solutions have serious negative consequences for both kids and adults, chilling free speech and blocking useful content. I'll discuss the latest iteration of these proposed solutions in the US called the Kids Online Safety Act (KOSA) as well as the similar Online Safety Act in the UK. With me is Joe Mullin, senior policy analyst at the Electronic Frontier Foundation (EFF).







    Interview Notes









    Joe Mullin (EFF): https://www.eff.org/about/staff/joe-mullin 







    EFF on KOSA: https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act 







    EFF on KOSA in depth: https://www.eff.org/deeplinks/2024/03/analyzing-kosas-constitutional-problems-depth 







    Contact Congress: https://www.eff.org/congress 







    EFF on CA ballot initiative: https://www.eff.org/deeplinks/2024/02/eff-opposes-california-initiative-would-cause-mass-censorship 







    EFF submission to Ofcom: https://www.eff.org/deeplinks/2024/03/effs-submission-ofcoms-consultation-illegal-harms 







    Santa Clara Principles for online content moderation: https://santaclaraprinciples.org/ 









    Further Info









    Treasure & Coin Promo: https://fdsd.me/promo424 







    Send me your questions! https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 







    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Support our mission! https://fdsd.me/support 







    Generate secure passphrases! https://d20key.com/#/









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:00:56: Eclipse!







    0:01:50: Treasure & Coin promo update







    0:02:29: Interview preview







    0:03:41: What are the primary concerns today with kids on the internet?







    0:08:24: What laws already exist to protect kids online?







    0:17:05: What are the key provisions of KOSA?







    0:25:04: What content is KOSA trying to restrict based on age?







    0:34:22: What did we learn from the UK's Online Safety Act?







    0:38:47: Doesn't KOSA interfere with Section 230?







    0:44:41: How does KOSA impact content access for adults?







    0:50:17: Are our representatives seeking insights from groups like EFF?







    0:54:58: Are there onlione safety regulations EFF could support?







    0:58:55: Do you have any advice for parents on protecting their kids online?







    1:06:55: Interview wrap-up







    1:08:59: Patron bonus content







    1:09:28: Looking ahead

    • 1 hr 10 min
    Answering Listener Questions

    Answering Listener Questions

    Today I answer some of the most interesting listener questions from the past several months, including: how to do you get SMS 2FA codes while traveling abroad; should I periodically change all my passwords; how do hackers attack IoT devices inside my home network; can a website fingerprint me based on a hardware security key; can you recommend an email client that protects your privacy; if I give my IoT device permission to see my local network, does that include the guest network; how to hackers find vulnerabilities and figure out how to attack them; why can't I use my VPN on an airplane to stream Netflix; how can I protect my cryptocurrency and smartphone. Also, I give my take on the crazy TikTok ban legislation.







    Links









    New Year’s Resolutions for 2024: https://firewallsdontstopdragons.com/new-years-resolutions-for-2024/ 







    GRC’s Shields Up! Tool: https://www.grc.com/shieldsup 







    Secure your home network: https://firewallsdontstopdragons.com/secure-your-network-part-1-scan/ 







    My Take on TikTok Ban: https://firewallsdontstopdragons.com/my-take-on-tiktok-ban/







    The TikTok Situation is a Mess: https://lifehacker.com/tech/the-tiktok-situation-is-a-mess 







    EFF on TikTok: https://www.eff.org/deeplinks/2024/03/5-big-unanswered-questions-about-tiktok-bill  







    The US Wants to Ban TikTok: https://www.404media.co/the-u-s-wants-to-ban-tiktok-for-the-sins-of-every-social-media-company/









    Further Info









    Send me your questions! https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 







    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Support our mission! https://fdsd.me/support 







    Generate secure passphrases! https://d20key.com/#/ 









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:00:38: Couple quick updates







    0:02:37: Getting SMS 2FA codes while traveling abroad







    0:07:37: Should I periodically change all my passwords?







    0:13:23: How do hackers attack IoT devices inside my home network?







    0:19:10: Can a website fingerprint me based on a hardware security key?







    0:24:42: Can you recommend an email client that protects your privacy?







    0:29:30: If I give my IoT device permission to see my local network, does that include the guest network?







    0:33:18: How to hackers find vulnerabilities and figure out how to attack them?







    0:37:35: Why can't I use my VPN on an airplane to stream Netflix?







    0:43:57: How can I protect my cryptocurrency and smartphone?







    0:50:05: AT&T breach update







    0:50:56: My Take on TikTok







    0:57:28: Wrap-up

    • 58 min
    He Said She Said

    He Said She Said

    Today I talk with Justin and Jodi Daniels about that state of privacy today, how we can help consumers and companies better understand the importance of privacy and security, and how companies are dealing with these aspects internally. We talk about the state of privacy regulations (or the lack thereof), why companies are failing to protect their customers, and what we can do about that.







    Justin and Jodi host a podcast together called She Said Privacy, He Said Security. They've also co-written a book called "Data Reimagined: Building trust one byte at a time".







    Interview Notes









    Justin & Jodi Daniels’ podcast: https://redcloveradvisors.com/podcasts/







    Justin Daniels: https://www.linkedin.com/in/justinsdaniels/







    Jodi Daniels: https://www.linkedin.com/in/jodihoffmandaniels/ 







    Red Clover Advisors: https://redcloveradvisors.com/







    Baker Donelson: https://www.bakerdonelson.com/ 







    Data Reimagined book: https://redcloveradvisors.com/book-sales/ 







    International Association of Privacy Professionals (IAPP): https://iapp.org/ 







    Information Commissioner’s Office (ICO): https://ico.org.uk/ 







    YourAdChoices (AboutAds.info): https://youradchoices.com/ 







    How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ 







    Jeff Jockisch top 10: https://www.linkedin.com/posts/jozian_privacypodcast-peopleschoice-privacyawards-activity-7155591864593637376-Q3bi/ 









    Further Info









    Coin & Treasure Promo: https://fdsd.me/promo424







    Send me your questions: https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Support our mission! https://fdsd.me/support 







    Generate secure passphrases! https://d20key.com/#/ 









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:01:33: Interview setup







    0:03:31: Tell me about your podcast and how you got into this space.







    0:06:40: How do you explain privacy to regular, everyday people?







    0:09:37: How can we help people better understand the need for privacy?







    0:11:10: What are the newest threats to our privacy?







    0:14:58: So how do we know what to trust?







    0:17:07: What mistakes do companies make when crafting and implementing privacy policies?







    0:21:37: How should companies embrace privacy?







    0:25:51: What's life like for a Chief Privacy Officer today?







    0:30:22: Can we blame companies for monetizing our data since it's legal to do so?







    0:34:01: How do we combat privacy problems with security tech?







    0:37:11: Why can't the US government pass a federal privacy law?







    0:42:54: Would it help to pass laws that mandate transparency?







    0:46:11: What about a universal opt-out mechanism?







    0:47:24: Is mainstream media covering privacy and security properly?

    • 1 hr
    Account Security is Broken

    Account Security is Broken

    Passwords, two-factor authentication and even passkeys don't matter if you can access someone's account by answering three simple account recovery questions. Also, just about every account today has a way to reset your password, no matter how strong it is, if you can gain access to someone's email account. Until we can remove these weak links, it doesn't matter how secure our regular authentication schemes are.







    In the news: old A&T breach data is making the rounds; Apple Silicon chips have a security flaw baked into the hardware; two very popular digital safe locks come with backdoor codes; Twitter/X is failing to properly check posted links that redirect to scam sites; a court rules that external continuous camera surveillance of your house doesn't require a warrant; searches for VPNs spike after PornHub pulls out of Texas; a blockbuster NY Times article brings much needed attention to data collection in cars; AirBnB implements a blanket camera ban.







    And I announce a killer new patron promotion! Click this link! https://fdsd.me/promo424







    Article Links









    [restoreprivacy.com] AT&T Investigating Potential Breach Following Leak of 73.4 Million Records https://restoreprivacy.com/att-investigating-breach-following-leak-of-73-4-million-records/



    HaveIBeenPwned.com: https://haveibeenpwned.com/ 











    [9to5Mac] Unpatchable security flaw in Apple Silicon Macs breaks encryption https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/







    [404media.co] Massively Popular Safe Locks Have Secret Backdoor Codes https://www.404media.co/massively-popular-safe-locks-have-secret-backdoor-codes/







    [Lifehacker] It's Not Safe to Click Links on X https://lifehacker.com/tech/its-not-safe-to-click-links-on-x







    [Gizmodo] The Feds Can Film Your Front Porch for 68 Days Without a Warrant, Says Court https://gizmodo.com/feds-can-film-your-front-porch-without-warrant-1851352414







    [CNN] Searches for VPNs spike in Texas after Pornhub pulls out of the state https://www.cnn.com/2024/03/15/tech/vpn-searches-spike-texas-pornhub







    [The New York Times] Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html







    [Lifehacker] Airbnb's New Security Camera Ban Is a Big Deal https://lifehacker.com/tech/airbnbs-new-security-camera-ban







    Tip of the Week: https://firewallsdontstopdragons.com/account-security-is-broken/









    Further Info









    Become a Patron! (promo): https://fdsd.me/promo424 







    Lock & Code Podcast: https://www.malwarebytes.com/blog/podcast/2024/03/securing-your-home-network-is-long-tiresome-and-entirely-worth-it-with-carey-parker-lock-and-code-s05e07







    Send me your questions! https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Generate secure passphrases! https://d20key.com/#/ 









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:04:05: News preview







    0:06:12: AT&T Investigating Potential Breach Following Leak of 73.4 Million Records







    0:11:24: Unpatchable security flaw in Apple Sil...

    • 1 hr 3 min
    Health Data Privacy

    Health Data Privacy

    The United States has no general data privacy laws. However, we do have some sector-specific regulations, including HIPAA for health data. But there are many misconceptions about HIPAA. For example, the "P" in HIPAA does not stand for Privacy - it stands for Portability. So, what information does HIPAA cover? Which healthcare and related service providers are governed by HIPAA? And most importantly, what can you do to protect your medical and health data? Today we'll dive deep into this subject with Kate Black, a data, privacy & health lawyer and a strategic advisor in the health data field.







    Interview Notes









    Kate Black: https://www.linkedin.com/in/kate-black-sfo/ 







    Washington’s My Health, My Data law: https://hintzelaw.com/blog/2023/4/9/wa-my-health-my-data-act-pt1-overview 







    HIPAA rights: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html 







    STAT medical news: https://www.statnews.com/ 









    Further Info









    Check out my dragon challenge coins! https://fdsd.me/coin2







    Send me your questions! https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 







    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Support our mission! https://fdsd.me/support 







    Generate secure passphrases! https://d20key.com/#/ 









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:03:29: What is covered by HIPAA? What isn't covered?







    0:06:51: Can I sign away my HIPAA rights?







    0:08:08: Who in my medical provider's office can access my data?







    0:10:23: How audits HIPAA compliance?







    0:11:47: How is my health data shared between providers?







    0:14:49: Are certain types of health data treated differently?







    0:15:23: How does health privacy work for minors?







    0:16:53: Outside of health providers, who else can access my data?







    0:20:56: How does HIPAA compare to other sector-specific privacy laws?







    0:22:20: Do secondary providers share back with my primary care physician?







    0:24:42: Who stores and protects my digital medical records?







    0:27:46: How are third party providers audited for privacy and security?







    0:29:56: Are HIPAA security requirements keeping up with the times?







    0:33:13: Do I have full access to my complete medical record?







    0:36:52: How do marketers get my health data?







    0:39:51: What laws govern inferred health information?







    0:45:48: Do pharmacies sell health data to marketers?







    0:48:57: How private are online medical portals and checkin services?







    0:53:35: How concerned should we be about using DNA analysis services?







    0:59:17: How can we improve our health privacy laws?







    1:00:30: What are your personal tips for protecting health data?







    1:02:37: If I think someone has abused my data, what can I do?

    • 1 hr 8 min
    Backing Up 2FA Seeds

    Backing Up 2FA Seeds

    Two-factor authentication (2FA) is a fantastic way to improve the security of your online accounts. However, if you lose access to the device containing your authenticator app, you may lose access to your 2FA-protected accounts. You need to backup the seed codes used to set up each account. I'll give you several methods for doing this.







    In the news: FBI uses smartphone push notifications to track down criminals; Roku TVs block all access until users consent to force arbitration; cheap video doorbells have horrible security; AI can be used to determine where photos were taken; vending machine caught using facial recognition; what happens to your data when a data broker goes bankrupt; your personal information that is publicly available; New Jersey passes motor vehicle data deletion law; Proton Mail's new email aliasing feature; in Canada, police now need warrant to get a person's IP address; US cracks down on commercial spyware firm; NSO Group forced to hand over source code to Meta in legal case; Authy is shutting down its desktop app.







    Article Links









    [The Washington Post] The FBI’s new tactic: Catching suspects with push alerts https://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/







    [TechCrunch] Roku disables TVs and streaming devices until users consent to forced arbitration https://techcrunch.com/2024/03/05/roku-disables-tvs-and-streaming-devices-until-users-consent-to-forced-arbitration/







    [Consumer Reports] These Video Doorbells Have Terrible Security https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/







    [NPR] Artificial intelligence can find your location in photos, worrying privacy experts https://www.npr.org/2023/12/19/1219984002/artificial-intelligence-can-find-your-location-in-photos-worrying-privacy-expert







    [Ars Technica] Vending machine error reveals secret face image database of college students https://arstechnica.com/tech-policy/2024/02/vending-machine-error-reveals-secret-face-image-database-of-college-students/







    [The Markup] What Happens to Your Sensitive Data When a Data Broker Goes Bankrupt? – The Markup https://themarkup.org/privacy/2024/02/23/what-happens-to-your-sensitive-data-when-a-data-broker-goes-bankrupt







    [Lifehacker] All of Your Information That’s Publicly Available (and What You Can Do About It) https://lifehacker.com/tech/all-your-information-thats-publicly-available-what-to-do-about-it







    [privacy4cars.com] “Motor Vehicle Data Deletion Act” of New Jersey https://privacy4cars.com/nj-law/







    [Lifehacker] Proton Mail Now Lets You Hide Your Real Email Address https://lifehacker.com/tech/how-to-set-up-email-aliases-proton-mail







    [CBC] Police now need a warrant to get a person's IP address, Supreme Court rules https://www.cbc.ca/news/politics/supreme-court-privacy-ipaddress-1.7130727







    [The Hacker News] U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists https://thehackernews.com/2024/03/us-cracks-down-on-predatory-spyware.html







    [9to5Mac] iPhone spyware company NSO suffers major defeat in US court, in Meta lawsuit https://9to5mac.com/2024/03/01/iphone-spyware-company-nso-must-reveal-code/







    [The Verge] Authy is shutting down its desktop app https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down







    Tip of the Week: Backing Up Your 2FA Seed Codes https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/







    Command line tool to extract codes from Authy: https://gist.github.

    • 1 hr 6 min

Customer Reviews

4.9 out of 5
48 Ratings

48 Ratings

Lisbon P ,

Knowledgeable and so very helpful

I listen to Carey every night , so much insight to all this security ,this elderly person couldn’t believe it. I have your latest book and absolutely love it and pass lots of info to my friends .your book is a must read for everyone and your podcast is must hear.Thank you Carey

Signed Lisbon

Marc601 ,

My favorite

My favorite cyber security, privacy podcast. Mr. Parker is very knowledgeable, clean, and leaves politics out of the discussion. He explains things in easy to understand ways. His book is wonderful too. Thanks Mr. Parker, you’re the best.

Rerye1 ,

My new go-to privacy and security spot

Stumbled on FDSG from Lock and Code podcast. So helpful to listen to well-researched info while doing house chores! Join me in donating, as this podcast is produced at cost. At highest risk are Seniors— learn more at AARP. I know too many completely unaware— or admittedly lazy — or both, about protecting themselves. I know a senior who handed all her passwords over to a scammer. I warned her before she went ahead, but she would not believe me. Still does not, with scammers laughing all the way to the bank.

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
In Her Ellement
Boston Consulting Group BCG
Acquired
Ben Gilbert and David Rosenthal
Hard Fork
The New York Times
Deep Questions with Cal Newport
Cal Newport

You Might Also Like

Surveillance Report
Techlore & The New Oil
The 404 Media Podcast
404 Media
WIRED Security
WIRED
Click Here
Recorded Future News
Security Now (Audio)
TWiT
Malicious Life
Malicious Life