inThirty

side channel attacks – we’ve kind of covered this, but it’s probably good to revisit it a bit. Good food for thought. Google buying Fitbit Who is gathering data about you? (Loyalty cards, cable boxes, isp dns)

In today’s episode we plug Adversarialfashion.com. Clothing to thwart license plate readers. Phishing scam: https://twitter.com/DigitalLawyer/status/1181348689756864513https://twitter.com/DigitalLawyer/status/1181348689756864513 Backing up.

We just fly threw the news topics this week. WhatsApp bug: https://amp.news.com.au/technology/online/hacking/whatsapp-users-urged-to-update-as-hackers-break-into-phones-just-by-sending-them-a-gif/news-story/6fc5159ad8a406c9d7d7383067d8f645 Twitter 2FA ...

We had nothing overly general to talk about, so we decided to talk about Candy. We used this picture:

Twitter’s CEO Jack Dorsey, was a victim of SIM Jacking. We spend our show talking about why SIM jacking is a thing, and how you can protect yourself.

We talk about how insurance companies are more inclined to pay ransomware than to deal with backups.

https://youtu.be/Bj_LL2C9rbE This week we are still having meeting problems, but we finally get things moving. We discuss CamScanner which infected many users with malware through the Android play store. Basically a bad API snuck malware in.

Hangouts officially closed shop to hosting video calls. We spent almost an hour trying different things to make something work. We still did a show, it isn’t great this week, but we didn’t want to give up. We are still trying different things,

It is the week before Defcon, and we just have some tidbits. Equifax $125 | https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement Capital One: https://www.theverge.com/2019/7/31/20748886/capital-one-breach-hack-thomps...

We talk about the two fines levied on companies. First is facebook at 5 Billion, and second is Equifax at 700 million. https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions

FaceApp is in the news again for putting some questionable things in their Terms of Service. We talk about the privacy issues, but more importantly, we discuss that this is normal.

A 0 day exploit hitting Zoom hit this week. Basically if you know what Zoom is, you are probably vulnerable. We talk about ways to reduce your attack surface when it comes to meeting softwares. https://medium.com/@jonathan.

All of these products that offer some sort of “better/safer internet” are just scams. We say why.

The EFF put out a guide on how to host your own security event. Since we do something like that, we discuss https://sec.eff.org/articles/first-training

Chrome is playing games with Adblock extensions again: https://www.vice.com/en_us/article/evy53j/google-struggles-to-justify-making-chrome-ad-blockers-worse https://www.theverge.com/2019/6/4/18650363/firefox-block-trackers-default-enhanced-tracking-pro...

Google found out that almost 100% of automated phishing attacks can be prevented with ANY form of 2FA: https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html

We got some big security holes for you this week. Last week ended with a WhatsApp bug. Update Now! https://arstechnica.com/information-technology/2019/05/whatsapp-vulnerability-exploited-to-infect-phones-with-israeli-spyware/ CPU.Fail: https://cpu.

So what privacy settings do you want in your smart cylinder?https://gizmodo.com/a-very-long-list-of-privacy-features-google-talked-abou-1834593900 Why is it a problem that “Works with Nest” is going away. https://variety.

I saw how Banksy authenticates his work, and we got to thinking about how we verified things in the past, and future. https://reprage.com/post/how-banksy-authenticates-his-work https://en.wikipedia.org/wiki/EURion_constellation Can you please fill out ...

The EFF put out a privacy focused feature request to several tech companies titled #FixItAlready. https://www.eff.org/deeplinks/2019/02/announcing-fix-it-already Can you please fill out our podtrac survey: http://survey.podtrac.com/start-survey.aspx?

This week: We talk wifi WPA3 vulnerabilities: https://gizmodo.com/new-super-secure-wifi-is-actually-full-of-security-hole-1833967122 Finally a settlement from the Pixel 6p: https://www.theverge.com/2019/4/11/18306552/google-huawei-nexus-6p-class-action...

Podtrac Survey: http://survey.podtrac.com/start-survey.aspx?pubid=B8NmaYB8k-kH&ver=standard Facebook internally stored passwords in plaintext: https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-...

First, update chrome… We explain why. This link doesn’t: https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/ Then Facebook says we care about security (Again): https://www.facebook.

There was a not so hidden microphone in Nest’s security base: https://www.androidauthority.com/nest-secure-google-assistant-mic-950134/ Should you lock people out of their account for insecure passwords? https://www.theinquirer.

Google and Facebook get slapped on the wrist by apple. https://arstechnica.com/gadgets/2019/01/facebook-and-google-offered-gift-cards-for-root-level-access-to-ios-users-data/ People throwing away their expensive wifi lightbulbs : https://limitedresults...

Should I buy a u2f device? Google Phishing Quiz: https://phishingquiz.withgoogle.com/ Google Chrome vs Adlbockers: https://twitter.com/matthew_d_green/status/1088106690313097217 How to make the library cards more convenient

Some Facebook meme wants us to post photos 10 years apart. https://www.wired.com/story/facebook-10-year-meme-challenge/ Verizon is making Remind pay more money: https://arstechnica.com/tech-policy/2019/01/verizon-price-hike-could-kill-free-texting-serv...

We discuss different ways to start the new year off right. Also, what to do with those holiday IoT devices And… Whatever this is: https://casthack.thehackergiraffe.com/

We have a bunch of new data breaches from Quora, Dunkin Donuts, Marriott, but no one says sorry. Bruce Schneier’s Bad Consumer Advice: https://www.schneier.com/blog/archives/2018/12/bad_consumer_se.html

Edit: I tried to take the hiss out. I hope it isn’t so bad. Porch pirates is a fairly new problem that ruins the holidays (or any day). Learn our tips and tricks on how you can minimize the problem.

  Mozilla published a gift guide based on privacy settings. We have a problem with it. https://foundation.mozilla.org/en/privacynotincluded/

Thanksgiving is fast approaching, so we give you this year’s guide to family tech support.

College Test Prep Scams: https://www.consumer.ftc.gov/blog/2018/10/college-test-prep-scams-are-happening Staying Safe while Shopping: https://www.cyber.nj.gov/be-sure-to-secure/staying-cyber-safe-while-shopping Police Break IronChat Crypto: https://ars...

  Signal tries to hide sender metadata: https://signal.org/blog/sealed-sender/ Google to enforce two years of security updates: https://www.theverge.com/2018/10/24/18019356/android-security-update-mandate-google-contract Attacking Google Authenticator:...

So we dial back the security, and discuss what happens when you want your stuff to be found

This week we talk more about the facebook scam about impersonation. Google+ has a breach which accelerates its demise. A certain rapper has a passcode of 000000. We discuss if that is good or bad.

Facebook had a breach: https://newsroom.fb.com/news/2018/09/security-update/ Facebook security settings: https://www.facebook.com/settings?tab=security Facebook Shadow Contact Info: https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shad...

We have a light week, but we must keep on keeping on. Faxploit: https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/ Fix: https://support.hp.com/us-en/document/c06097712 Fortnite Exploit: https://www.androidcentral.

  We recap Hacker Summer camp. The sights, the sounds, the random room searches. Room Searches: https://arstechnica.com/tech-policy/2018/08/security-theater-meets-def-con-as-room-searches-spark-controversy/ Voting Machines: https://thenextweb.

We teased this last week, and never got to it. 1) How to delete your tweets: https://gitlab.com/chaimtime/nuketweets I forked the project, but I can’t find the OP to credit. 2) Fornite sidesteps the play store. This is a bad idea: https://www.

  Google claims nobody has been phished since deploying U2F: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/ Russia Indictments shows the US is really good at hacking: https://twit.

Is Google Reading your email? Well, did you allow it in permissions: https://www.bbc.com/news/technology-44699263 Time to talk more about permissions: https://myaccount.google.com/permissi… WPA 3:  https://www.howtogeek.

At what point do you trust people. We spend this week talking about trust issues.

  Don’t leave your laptop open at Starbucks. Don’t back up your WhatsApp: https://www.buzzfeed.com/daveyalba/paul-manafort-whatsapp-encryption-icloud?utm_term=.pkoNzXwOP#.hw9da6VX0 PiHole – https://www.linuxincluded.

The FBI tells us to reboot our router (go on, we can wait) More Malware on Android phones Troy Hunt shows us the Password light https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-d...

we cover what this new PGP vulnerability is, we talk about a big goof from signal, and we finish with your cell phone location data: https://efail.de/ https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html https://krebsonsecurity.

Main story is how California police caught the serial killer using DNA tests. https://arstechnica.com/tech-policy/2018/04/gedmatch-a-tiny-dna-analysis-firm-was-key-for-golden-state-killer-case/ Pocketcasts gets a new home: https://blog.shiftyjelly.

  Ray Ozzie talks about an encryption model that he think will help law enforcement who produce a valid warrant. https://www.wired.com/story/crypto-war-clear-encryption/

  Talk given on April 17th, 2018 at the East Brunswick Public Library on Security and privacy. We did a very introductory topic of what it means to share your data with social media services. We discussed what it means to assess risk,

We are talking part 2 of the Facebook mess We are also quickly talking about: https://stopsesta.org/#facts https://www.eff.org/deeplinks/2018/03/secure-messaging-more-secure-mess https://www.bleepingcomputer.