• Firewalls Don't Stop Dragons Podcast

  • 著者: Carey Parker
  • ポッドキャスト

Firewalls Don't Stop Dragons Podcast

著者: Carey Parker
無料で聴く

  • サマリー

  • A Podcast on Computer Security & Privacy for Non-Techies
    © Wawasee Media, LLC
    続きを読む 一部表示
activate_samplebutton_t1
エピソード
  • TunnelVision, VPNs and You

    TunnelVision, VPNs and You
    2024/09/30
    Two security researchers showed how many modern VPN services are vulnerable to malicious misconfiguration, exposing some or all of your internet traffic. While this is not likely to impact most of us, it does expose the limitations of Virtual Private Networks and why they are not silver bullets for security of privacy - despite many marketing claims to the contrary. Today we'll discuss how TunnelVision works, how it can be mitigated, and how this affects different privacy threat models with the two researchers from Leviathan Security, Dani Cronce and Lizzie Moratti. Interview Notes Lizzie Moratti: https://www.linkedin.com/in/lmoratti/ Dani Cronce: https://www.linkedin.com/in/danicronce/ TunnelVision: https://www.tunnelvisionbug.com/ ProtonVPN threat model: https://protonvpn.com/blog/threat-model Dani’s GitHub: https://github.com/superit23 Leviathan Security blog: https://www.leviathansecurity.com/blog Veilid: https://veilid.com/ Willy Wonka scene: https://www.youtube.com/watch?v=pvS3j8VtanM Linux network namespaces: https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/ What is DeFi? https://www.investopedia.com/decentralized-finance-defi-5113835 Further Info Help me brainstorm ways to reach more people!: https://fdsd.me/awareness2 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:23: Reminder: brainstorming survey 0:01:47: Podcast chapter markers! 0:02:54: Interview setup 0:05:55: What is a VPN and what isits intended purpose? 0:10:27: If most connections are secured today, why do we need a VPN? 0:12:40: Why do we trust a VPN provider more than our internet access provider? 0:17:40: What are you trying to do with a VPN? 0:19:13: Who can see my internet traffic? 0:25:30: What is TunnelVision and what are the implications for VPN users? 0:29:42: What's a less technical way to understand TunnelVision? 0:33:06: Why might I not want all my traffic to go through the VPN? 0:35:02: How dangerous is TunnelVision for the average person? 0:42:30: How did the VPN companies respond? 0:51:19: What VPN features can mitigate the risk? 0:57:42: Have any VPN makers fixed this problem? Do OS vendors have responsibility here? 1:02:11: Do you have recommendations for VPNs? Is there new tech that might help here? 1:04:00: Would privacy regulations help here? 1:06:24: What are you working on next? 1:08:51: Interview wrap-up 1:13:31: Looking ahead
    続きを読む 一部表示
    1 時間 14 分
  • Malware Reboot Remedy

    Malware Reboot Remedy
    2024/09/23
    We often think of malware as a problem for our computers and perhaps our smartphones. But bad guys love to hack our home routers and IoT devices, as well. Thankfully, purging malware from those types of devices can usually be done just by rebooting them. (There's a reason tech support always asks you to try turning your device off and back on again.) I'll explain why this works and what you should do to protect your connected devices. In other news: I explain why most people are not in danger of their devices blowing up; a new Windows phishing campaign uses fake CAPTCHAs and PowerShell; LinkedIn started training their AI on your data before telling you how to opt out; Oracle's CEO touts his vision of ubiquitous AI surveillance; Ford seeks a patent to show you ads in your vehicle based on your conversations and other private data; Meta admits to scraping public Instagram and Facebook posts to train its AI; four great new iOS 18 privacy and security features; Apple Intelligence servers are very basic, for a reason; and the FBI shuts down a massive Chinese botnet. Article Links [WIRED] Your Phone Won’t Be the Next Exploding Pager https://www.wired.com/story/exploding-pagers-hezbollah-phones/ [briankrebs] This Windows PowerShell Phish Has Scary Potential https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/ [404media.co] LinkedIn Is Training AI on User Data Before Updating Its Terms of Service https://www.404media.co/linkedin-is-training-ai-on-user-data-before-updating-its-terms-of-service/ [theregister.com] Ellison declares Oracle 'all in' on AI mass surveillance https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/ [therecord.media] Ford seeks patent for tech that listens to driver conversations to serve ads https://therecord.media/ford-patent-application-in-vehicle-listening-advertising [9to5Mac] Meta scraped all public Facebook and Instagram posts since 2007 for AI training https://9to5mac.com/2024/09/11/meta-scraped-all-public-facebook-and-instagram-posts-since-2007-for-ai-training/ [TechRadar] I'm a privacy expert—here are the 4 iOS 18 features I'm excited about https://www.techradar.com/phones/im-a-privacy-experthere-are-the-4-ios-18-features-im-excited-about [9to5Mac] Apple Intelligence servers are really basic, says Craig Federighi – and that’s deliberate https://9to5mac.com/2024/09/12/apple-intelligence-servers-are-really-basic-says-craig-federighi-and-thats-deliberate/ [Gizmodo] FBI Shuts Down Botnet Run by Beijing-Backed Hackers That Hijacked Over 200,000 Devices https://gizmodo.com/fbi-shuts-down-botnet-run-by-beijing-backed-hackers-that-hijacked-over-200000-devices-2000500627 Tip of the Week: Malware Reboot Remedy Further Info Awareness Campaign Phase 2!: https://fdsd.me/awareness2 LinkedIn privacy settings: https://www.linkedin.com/mypreferences/d/categories/privacy Test your ad blocker(s): https://d3ward.github.io/toolz/adblock.html Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:31: Update Apple devices 0:01:36: Awareness Campaign teaser 0:02:04: News rundown 0:04:08: Your Phone Won’t Be the Next Exploding Pager 0:08:00: This Windows PowerShell Phish Has Scary Potential 0:12:34: LinkedIn Trains AI on Your Data Before Updating Its ToS 0:16:41: Ellison declares Oracle 'all in' on AI mass surveillance 0:20:15: Ford seeks patent for tech that listens to ...
    続きを読む 一部表示
    1 時間 3 分
  • Post-Quantum Crypto

    Post-Quantum Crypto
    2024/09/16
    You may be vaguely aware of the term 'quantum computing' from media reports. But what you may not have picked up on is that one of the primary uses for quantum computers may be to break data encryption. Furthermore, you may not realize that if three-letter agencies can save off our encrypted emails and messages now, this could mean they could read them in the future when sufficiently powerful quantum computing becomes viable. How does this work? And what can we do about it now to protect our privacy in the future? We'll dig into all of this today with Brandon Sundh from Tuta (formerly Tutanota), a prominent secure email company, who is already deploying such protections. Interview Notes Try Tuta! https://tuta.com/ Tuta’s quantum-safe crypto: https://tuta.com/blog/post-quantum-cryptography Quantum mechanics: https://en.wikipedia.org/wiki/Quantum_mechanics Schrödinger's cat: https://en.wikipedia.org/wiki/Schr%C3%B6dinger's_cat NIST post-quantum standards: https://csrc.nist.gov/projects/post-quantum-cryptography NSA pays RSA to weaken encryption?: https://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220/ Longer passwords are better: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/ Privacy Guides on Proton Wallet: https://www.privacyguides.org/articles/2024/09/08/proton-wallet-review/#why-does-this-exist Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:50: Some terminology first 0:07:33: What is quantum computing and what's it good for? 0:16:25: What are the currrent capabilities of quantum computers? 0:22:02: How long have we been working on quantum computers? 0:25:01: If QC is still so far off, why do we need to prepare now? 0:30:53: How do we design encryption to make it safe against quantum computers? 0:36:10: How can we be sure that the NSA isn't buillding backdoors into these algorithms? 0:41:11: Will post-quantum algorithms replace current ones or augment them? 0:45:51: How soon will quantum-safe crypto be roled out? 0:52:42: Who will be able to own and operate these quantum computers? 0:54:45: Are law enforcement agencies pushing back against quantum-safe crypto? 1:00:34: Who is more likely to win: coder makers or code breakers? 1:04:24: Wrap-up 1:05:55: Looking ahead
    続きを読む 一部表示
    1 時間 8 分

あらすじ・解説

A Podcast on Computer Security & Privacy for Non-Techies
© Wawasee Media, LLC
続きを読む 一部表示

Firewalls Don't Stop Dragons Podcastに寄せられたリスナーの声

カスタマーレビュー:以下のタブを選択することで、他のサイトのレビューをご覧になれます。

Audible.co.jp

Amazon.co.jp
レビューはまだありません。