inThirty

We recap 2021.

We discuss Log4J https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/ https://github.com/YfryTchsGD/Log4jAttackSurface https://www.minecraft.net/en-us/article/minecraft-java-edi

This is our holiday update on what you should do this year to help your family with their technology.

We talk about how NJ is going to allow you to put your car registration in Apple Wallet. On the surface it looks good, but in reality, why? https://www.nj.com/traffic/2021/11/new-nj-vehicle-registrati

On today’s show we talk about security products you don’t need. https://www.vice.com/en/article/xgxnwk/you-probably-dont-need-a-vpn

On today’s show we cover all the news that literally broke in the last three days:1) Epik Hack: https://threatpost.com/epik-confirms-hack-data/174872/2) Facebook WhistleBlower: https://gizmodo.com/9-h

We cover three stories about potential violations of privacy, but maybe not? https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authoritie

We cover two big news stories: 1) Tmobile lost everyone’s data | https://arstechnica.com/gadgets/2021/08/hackers-who-breached-t-mobile-stole-personal-data-for-49-million-accounts/ 2) Last Week Tonight

We are trying something new. We want to put together a series of videos for those who may want to move into the infosec area. This video is just an overview of simple things you can do. We plan on tal

Today we are talking about the freedom phone. A new phone without “Censorship from Big Tech.” This is a scam, but why? We discuss: https://freedomphones.net/ https://www.aliexpress.com/item/1005001468

The big topic of the week is that if you had a Western Digital MyBook from 2015, there was a bug/exploit that wiped all your data. We talk about the bug, and whose fault it is (WD). Then we finished u

We cover two recent stories on what we call “Good Police Work.” Without breaking encryption, the police find ways to catch criminals. How the FBI Tricked Criminals into Using its Messaging App https:/

We go on a rant about cookies, and the cookie laws. Countries are talking about simplifying the law to create “acceptable cookie levels” in browsers, this means you’ll need to set this for every devic

In this episode we discuss patents. We focus on patent trolls and software patents. https://www.ted.com/talks/drew_curtis_how_i_beat_a_patent_troll/transcript?language=en#t-279192 https://blog.cloudfl

In this episode we discuss the Colonial Gas Pipeline ransomware attack. https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/

Our two main stories is how Signal found a Cellebrite hardware analyzer. Then they say they found a bunch of vulnerabilities https://signal.org/blog/cellebrite-vulnerabilities/

Signal is testing a new payment method that we are not thrilled about. Yes, they want to solve a hard problem, but we don’t think this is it. We end with the Google vs Oracle decision. https://signal.org/blog/update-on-beta-testing-payments/ https://en...

We talk about two significant user leaks that happened recently. Facebook: https://krebsonsecurity.com/2021/04/are-you-one-of-the-533m-people-who-got-facebooked/ Ubiquiti: https://krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-in...

We talk mainly about privacy in today’s show. One thing I’ve been thinking about is literally how do you prove your vaccination status. Seriously! Not just the card, but actual proof

TLDR: Give up on securing email. Its a trashfire and wasn’t design with security in mind. Everything about email from the protocol, to the clients, to the layers and layers of stuff built on top of it isn’t designed with security in mind.

LastPass has decided to start charging for something that was once free. We discuss your options in the free space. Browser based password management is fine, but a third party is better. Bitwarden is free and open source.

Forbes put out an article on how Signal has some weaknesses using the after first unlock theory.TL;DR – Yes, but not limited to signal. Power off your phone if you are worried. https://www.forbes.com/sites/thomasbrewster/2021/02/08/can-the-fbi-can-hack...

Chaim talks about Fitness+ with Casey Liss. How do two non entirely in shape tech nerds feel about Apple’s new offering. TL;DR we like it. Special thanks to Casey Liss | https://www.caseyliss.com/ Casey’s initial Fitness+ Review | https://pca.

There was more news from the WhatsApp privacy fallout that we decided to have another show. As you know, we have moved to signal. If you want an invite, tweet the show, or find one of us. TL;DR, if you are using whatsapp to send cat photos to your fami...

We look at Apple’s new “Nutrition Facts” and try to figure out if they are actually useful (yes, but not really). We discuss the changes with WhatsApp, and where to move to. https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/ https://arst...

We start off on an article done by the BBC saying that Cellebrite has broken the signal encryption. Clearly, that is an issue if true. Turns out Signal quickly responds with an emphatic no, with evidence. Here is the BBC article: https://www.bbc.

We discuss the solarwinds hack: https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/ https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/ https://krebsonsecurity.

We talk about Black Friday and our non shopping. Youtube-DL is back Finally we discuss Microsoft’s productivity score. A tone deaf way to monitor your work.

We promote a socially distant Thanksgiving, but explain some virtual things you do to help friends and family.

On this show we start off with updates to signal, and signal groups. Our main story is the t2 chip unfixable flaw.

What is Open Source?What benefits?What detriments?Licensing?Non-code assets?Creative Commons?

We go back to an early topic on DNS. What is DNS? How it works? What how new secure features of DNS can help you stay private.

Yes, we talked about contact tracing in the past, but we got a request from the WhatsApp group to do it again. https://www.wired.com/story/why-contact-tracing-apps-not-slowed-covid-us/ Problems we discuss: %age of people who would need to install this,...

Virtual School starts up for many next week, and we have ideas on what you can do to help your kids be secure while learning.

This being the week before defcon, we discuss what we expect at the virtual defcon: Teens charged with the twitter hack: https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles-twitter-hack Garmin paid the ransomware for their user...

We try to describe what happened on twitter that lead to the account takeovers: https://www.schneier.com/blog/archives/2020/07/on_the_twitter_.html Cloudflare takes the internet down: https://blog.cloudflare.

Show notes: These are the show notes we wrote before talking about the topic. I tried to take out the inaccuracies, but some may remain. CISC – Complete Instruction Set Computing RISC – Reduced Instruction Set Computing Instructions are the abilities o...

I feel like we discussed this topic before, but yes, we talk about coffee. Since security news is sparse right now, we take a sidebar on a topic that is near and dear to our heart. Zoom adds E2EE for everyone: https://blog.zoom.

We talk about Google’s and Apple’s Contact Tracing endeavors. While I’m okay with it, Tom rips it to shreds, based on the obvious privacy issues and false positives. I know I messed up the intro.

I decided to relearn everything about networking, and got myself a Ubiquiti Dream Machine. I share my experiences. I really do like it. There are a ton of features, I didn’t know I needed. However, there are some quirks,

Bitwarden is a “new to us” password manager. We discuss it, and recommend the software. We still recommend LastPass as well, however, if you want a better free option, and cheaper premium options, Bitwarden is worth a look.

As a teacher who had to move to distance learning, I can’t tell you how awesome office 365 is. While I thought Google was doing it right, Microsoft secretly has hit it out of the park. This is not an ad for office 365,

Zoom not end to end encrypted: https://www.theverge.com/2020/3/31/21201234/zoom-end-to-end-encryption-video-chats-meetings Zoom Mac Malware (Should be fixed): https://www.engadget.com/2019-07-10-apple-mac-update-removes-zoom-exploit.

We discuss virtual meetings in the age of people now having to learn how to do this.

Topics are going to get slow until even the hackers venture to do things. We decided to talk about things we can do while riding out the virus.

Another back to basics episode about VPNs, but with a new contender.Wireguard is awesome. Like straight up fast, secure, and awesome. https://www.wireguard.com/ https://pivpn.io

In this episode we talk about antivirus, and the lack of need for it. That is correct, we are saying to ditch commercial antivirus and use the built in offerings.

https://www.forbes.com/sites/zakdoffman/2020/01/30/severe-perfect-100-microsoft-flaw-confirmed-this-is-a-cloud-security-nightmare/ https://arstechnica.com/tech-policy/2020/01/ajit-pai-carrier-sales-of-phone-location-data-is-illegal-fcc-plans-punishment...

Microsoft support database leak: https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/ Lastpass is having issues: https://www.bleepingcomputer.com/news/security/lastpass-mistakenly-removes-extension-from-chrome-sto...

We talk about a few nasty bugs. One in Citrix, one in firefox that are being actively exploited. We then talk about how easy it is to be SIM jacked https://www.zdnet.com/article/this-free-windows-10-upgrade-offer-still-works-heres-why-and-how-to-get-it...