inThirty

Tech Portfolio: First: What do you want to communicate and why?Are you trying to get a job?Are you trying to make a repository of knowledge?Are you just playing around?Are you making an archive? GitHub/GitLabPersonal WebsiteProjectsLearnings/MusingsLinkedIn Must-Haves:High-Quality Writing – Communicating effectively is highly-sought-after in businessEase of Navigation (especially for personal websites)Don't clickbait (unless you're trying to… Continue reading Security 286 – Personal Projects

In a March Madness style game, we use this bracket from TechDirt to discuss misunderstood legal brackets Announcing Techdirt's March Madness: Get Your Bracket For The Most Misunderstood Legal Concept

We continue our discussion on how to get a job in security by discussing what you should put on your resume. Don't feel like you can't even apply. We talk about things you can do.

We discuss ways stores, government, individuals, computers track you. What to watch for, and how to protect yourself.

Google decided to take away Gapps legacy for a lot of old members. This rubs us the wrong way. We discuss what can be done, and why you should consider being so reliant on companies that can just take services away. Update: Google says, we will allow users to keep legacy.

We recap 2021.

We discuss Log4J https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/ https://github.com/YfryTchsGD/Log4jAttackSurface https://www.minecraft.net/en-us/article/minecraft-java-edition-1-18-1

This is our holiday update on what you should do this year to help your family with their technology.

We talk about how NJ is going to allow you to put your car registration in Apple Wallet. On the surface it looks good, but in reality, why? https://www.nj.com/traffic/2021/11/new-nj-vehicle-registration-law-has-some-drivers-worried-about-privacy-cops-looking-at-their-phones.html

On today's show we talk about security products you don't need. https://www.vice.com/en/article/xgxnwk/you-probably-dont-need-a-vpn

On today's show we cover all the news that literally broke in the last three days:1) Epik Hack: https://threatpost.com/epik-confirms-hack-data/174872/2) Facebook WhistleBlower: https://gizmodo.com/9-horrifying-facts-from-the-facebook-whistleblowers-new-18477911843) Do we really need a VPN? : https://www.vice.com/en/article/xgxnwk/you-probably-dont-need-a-vpn

We cover three stories about potential violations of privacy, but maybe not? https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/ https://gizmodo.com/whatsapp-moderators-can-read-your-messages-1847629241 https://www.apple.com/child-safety/

We cover two big news stories: 1) Tmobile lost everyone's data | https://arstechnica.com/gadgets/2021/08/hackers-who-breached-t-mobile-stole-personal-data-for-49-million-accounts/ 2) Last Week Tonight did a store about multi factor authentication that we had some problems with. | https://youtu.be/WqD-ATqw3js

We are trying something new. We want to put together a series of videos for those who may want to move into the infosec area. This video is just an overview of simple things you can do. We plan on talking about ways to make life easier, and to cover some of the basic topics… Continue reading Security 273 – Career Pathways 1

Today we are talking about the freedom phone. A new phone without “Censorship from Big Tech.” This is a scam, but why? We discuss: https://freedomphones.net/ https://www.aliexpress.com/item/1005001468394552.html https://freedomphones.net/pages/pixel-4-series https://arstechnica.com/gadgets/2021/07/the-maga-targeted-freedom-phone-has-a-breathtaking-amount-of-red-flags/

The big topic of the week is that if you had a Western Digital MyBook from 2015, there was a bug/exploit that wiped all your data. We talk about the bug, and whose fault it is (WD). Then we finished up with their response, which was as good as can be given the circumstances. https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/… Continue reading Security 271 – Western Digital Did Bad (But Maybe Not)

We cover two recent stories on what we call “Good Police Work.” Without breaking encryption, the police find ways to catch criminals. How the FBI Tricked Criminals into Using its Messaging App https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

We go on a rant about cookies, and the cookie laws. Countries are talking about simplifying the law to create “acceptable cookie levels” in browsers, this means you'll need to set this for every device and every browser. Banner BlindnessUser Training https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32002L0058

In this episode we discuss patents. We focus on patent trolls and software patents. https://www.ted.com/talks/drew_curtis_how_i_beat_a_patent_troll/transcript?language=en#t-279192 https://blog.cloudflare.com/the-project-jengo-saga-how-cloudflare-stood-up-to-a-patent-troll-and-won/

In this episode we discuss the Colonial Gas Pipeline ransomware attack. https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/

Our two main stories is how Signal found a Cellebrite hardware analyzer. Then they say they found a bunch of vulnerabilities https://signal.org/blog/cellebrite-vulnerabilities/

Signal is testing a new payment method that we are not thrilled about. Yes, they want to solve a hard problem, but we don't think this is it. We end with the Google vs Oracle decision. https://signal.org/blog/update-on-beta-testing-payments/ https://en.wikipedia.org/wiki/Google_LLC_v._Oracle_America,_Inc.#Supreme_Court

We talk about two significant user leaks that happened recently. Facebook: https://krebsonsecurity.com/2021/04/are-you-one-of-the-533m-people-who-got-facebooked/ Ubiquiti: https://krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/

We talk mainly about privacy in today's show. One thing I've been thinking about is literally how do you prove your vaccination status. Seriously! Not just the card, but actual proof

TLDR: Give up on securing email. Its a trashfire and wasn't design with security in mind. Everything about email from the protocol, to the clients, to the layers and layers of stuff built on top of it isn't designed with security in mind.

LastPass has decided to start charging for something that was once free. We discuss your options in the free space. Browser based password management is fine, but a third party is better. Bitwarden is free and open source. Chaim has used it for a year, and likes it.

Forbes put out an article on how Signal has some weaknesses using the after first unlock theory.TL;DR – Yes, but not limited to signal. Power off your phone if you are worried. https://www.forbes.com/sites/thomasbrewster/2021/02/08/can-the-fbi-can-hack-into-private-signal-messages-on-a-locked-iphone-evidence-indicates-yes/?sh=27331c526624

Chaim talks about Fitness+ with Casey Liss. How do two non entirely in shape tech nerds feel about Apple's new offering. TL;DR we like it. Special thanks to Casey Liss | https://www.caseyliss.com/ Casey's initial Fitness+ Review | https://pca.st/6ml4dk59#t=2511.0 I know this is a security podcast, but every once in a while, I like to beta… Continue reading Bonus – 01 – Fitness+ Review

There was more news from the WhatsApp privacy fallout that we decided to have another show. As you know, we have moved to signal. If you want an invite, tweet the show, or find one of us. TL;DR, if you are using whatsapp to send cat photos to your family, you are ok. If you… Continue reading Security – 259 – More WhatsApp Fallout

We look at Apple's new “Nutrition Facts” and try to figure out if they are actually useful (yes, but not really). We discuss the changes with WhatsApp, and where to move to. https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/ https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/