Firewalls Don't Stop Dragons Podcast

Lawrence Abrams is the creator and CEO of Bleeping Computer, and he and I delve into the latest malware sweeping the globe called NotPetya (among other things). The supposed ransomware appears to be just plain mean, destroying all the data on your hard drive whether you pay the ransom or not. We’ll tell you what you need to know, including how to protect yourself and what to do if you think you might be infected. We talk about the usefulness of anti-virus software and give you the info you need to pick the right one for you. Finally, in my Tip of the Week, I explain why you need more than one account on your computer and how it can help to mitigate and isolate malware attacks. Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence’s area of expertise includes malware research, ransomware, and computer forensics. For Further Insight: Web site: BleepingComputer.com Twitter: https://twitter.com/BleepinComputer Facebook: https://www.facebook.com/BleepingComputer LinkedIn: https://www.linkedin.com/in/lawrence-abrams-43074a10/ Further Reading: BleepingComputer’s how to remove malware Windows antivirus software: Malwarebytes, ESET, Emsisoft, Kaspersky Creating non-admin accounts: Windows or MacOS

Are you ready for the next YouTube, Netflix or Hulu? Then you need to fight to save net neutrality. Today I discuss the threatened gutting of the hard-fought net neutrality rules with Ernesto Falcon from the Electronic Frontier Foundation. The new FCC chairman, Ajit Pai, is looking to undo the protections put into place that would allow the next Internet startup to compete on a level playing field. Internet Service Providers would like to put their massive thumbs on the digital scale, tipping the advantage to companies that can afford to pay or even to favor their own content. Now that we have deep-pocketed incumbents, we need net neutrality rules to allow the new guys a chance to compete fairly. In the news, we’ll discuss the 198M voter profiles that were left unprotected on the web, Microsoft’s abandonment of SMBv1 (that’s a good thing), Google’s move to respect your email privacy, and Girl Scouts becoming cyber experts! In my Tip of the Week, I’ll tell you how to avoid giving away too much information when needing to sign up to access web content. Prior to joining EFF, Ernesto worked as a legislative staffer for two Members of Congress (2004-2010). He then became Vice President of Government Affairs at Public Knowledge where he advocated on behalf of consumers on copyright issues and broadband competition. During his tenure, Public Knowledge was successful in achieving one of the largest consumer victories in telecom policy by defeating AT&T’s merger with T-Mobile. The following year, PK and EFF scored a major victory for consumers by rallying the Internet community to defeat the Stop Online Piracy Act (SOPA). After eight years in Washington DC, he returned to his home state of California to go to law school at McGeorge School of Law in order to strengthen his digital rights advocacy. Now, as an attorney, he is excited to rejoin the fight for consumers and Internet freedom. For Further Insight: Website: https://eff.org/ Follow on Twitter: https://twitter.com/EFFFalcon Additional Resources: Tell the FCC not to gut net neutrality: https://DearFCC.org Tell your representatives, too: https://act.eff.org/action/tell-congress-don-t-surrender-the-internet FOSCAM security vulnerabilities: http://thehackernews.com/2017/06/online-ip-camera-hacking.html Disposable and shared email accounts: mailinator.com, 10minutemail.com, bugmenot.com

If you use public WiFi of any sort at the hotel, airport, or coffee shop (AND WHO DOESN'T), then you need to pay attention. A VPN could be a viable answer to protect your data and your devices. The other big challenge is your Internet Service Provider at home is probably capturing and selling your web browsing info – there is something you can do at home to protect yourself as well. Dave Peck helped to create one of the best Virtual Private Network products on the market, and today he and I will discuss why you need a VPN and how to pick one. Dave is an independent software developer and co-founder of GetCloak.com, a very easy-to-use VPN service. Not clicking on links apparently isn’t good enough anymore – now you can’t even hover over them! Also, Microsoft and Adobe have some software updates that fix critical bugs in Windows and Flash. And for the Tip of the Week, I’ll tell you why you really just need to uninstall Flash completely and how to do it. Transfer your domain names and save 40% in June! https://hover.com/transfermydomain For Further Insight: Web site: https://davepeck.org/ Follow on Twitter: https://twitter.com/dangerdave Further Reading: Why It’s Hard to Pick a VPN: https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-vpn-provider/ Cloak VPN: https://www.getcloak.com/ TunnelBear VPN: https://www.tunnelbear.com/ VyprVPN: http://www.goldenfrog.com/vyprvpn/special/vpn-seasonal-special?offer_id=78&aff_id=3809 How to Uninstall Flash: http://firewallsdontstopdragons.com/ditch-flash/ How to Uninstall Shockwave: https://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/

The Internet of Things will soon include cars… what could possibly go wrong? If all the cars on the road could tell each other what they were doing, would that make us safer? Maybe. But if your car is constantly broadcasting this information, that would also make it trivial to track you everywhere you go. Worse yet, any time you put something on a network, it is immediately a target for hackers. Crashing a computer is one thing; crashing a car is quite different, but this is quickly becoming a reality we have to deal with. I will also tell you about an interesting new ‘travel mode’ feature from 1Password and talk about the Fireball adware that is already on over 250 million computers. We’ll wrap up with a new Tip of the Week, just in time for summer storm season! Jamie Williams is a staff attorney at the Electronic Frontier Foundation, where she is part of the civil liberties team. Jamie focuses on the First and Fourth Amendment implications of new technologies. She also co-taught Internet Law at University of California Berkeley, School of Law. Jamie joined EFF in 2014 as a Frank Stanton Legal Fellow. Prior to joining EFF, Jamie clerked for Judge Saundra Brown Armstrong in the Northern District of California. Before her clerkship, she was a litigation associate at Paul Hastings LLP and an attorney law clerk at the Alameda County Public Defender. Jamie has a J.D. from the University of California, Berkeley School of Law (Boalt Hall) and a B.A. in journalism from the University of Wisconsin, Madison. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: www.eff.org Follow on Twitter: https://twitter.com/jamieleewi LinkedIn: https://www.linkedin.com/in/jamie-williams-60635555/ Further Reading: EFF article on v2v communication issues: https://www.eff.org/deeplinks/2017/05/danger-ahead-governments-plan-vehicle-vehicle-communication-threatens-privacy Automated License Plate Readers: https://www.eff.org/sls/tech/automated-license-plate-readers/faq#faq-Are-private-companies-using-ALPRs Who has your back? https://www.eff.org/who-has-your-back-2016 Finding and removing Fireball adware: http://computerfixguide.com/how-can-i-remove-fireball-malware-effectively/ Best UPS: http://thewirecutter.com/reviews/best-uninterruptible-power-supply-ups/

Do you have a “smart” TV? Or an Internet-connected baby monitor? Then you are a part of the Internet of Things (IoT)! Welcome to the world of everyday devices being connected to the network, allowing you to change the temperature of your home while traveling, check up on your dogs from work, and have a Bluetooth speaker that can also fetch tomorrow’s weather forecast. While there are lots of great uses for these devices, their security (or lack thereof) is making many of us vulnerable to attack. Today I speak at length with John Graham-Cumming, CTO of Cloudflare, about the Internet of Things and how it’s already wreaking havoc on our world. We’ll tell you how to be smart about your smart devices! We’ll also talk about the massive OneLogin password system breach and how hackers are increasingly turning to social media to target people for phishing attacks. John Graham-Cumming is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany and France and currently works at CloudFlare. His open source POPFile program won a Jolt Productivity Award in 2004. He is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, The San Francisco Chronicle, New Scientist and other publications. In 2009 he successfully petitioned the British Government to apologize for the mistreatment of British mathematician Alan Turing. He is a licensed radio amateur. For Further Insight: Website: http://jgc.org Follow on Twitter: https://twitter.com/jgrahamc Additional Resources: Save 40% off next year’s domain registration (and get FREE privacy) https://hover.com/transfermydomain Social media increasingly used by hackers: https://www.nytimes.com/2017/05/28/technology/hackers-hide-cyberattacks-in-social-media-posts.html The Geek Atlas: https://www.amazon.com/Geek-Atlas-Places-Science-Technology/dp/0596523203 EFF’s page to help send comments to FCC on Net Neutrality: https://dearfcc.org/

Summer is upon us and for many of us that means travel – but before you even pack your bags, you need to listen to this podcast! In my second interview with Michael Kaiser (the Executive Director of the National Cyber Security Alliance), we discuss all the cyber security and privacy issues you need to consider: before you go and while you’re traveling. Going abroad this summer? There are even more things you need to consider well before you leave! Also in this episode, I’ll tell you why Twitter’s new privacy policy changes are not in your favor, and how to fix it. Android’s next major software release, due out later this year, should finally address some of the major problems with getting updates. And I answer two questions from listeners on how best to deal with getting off mailing lists and tell you how secure Apple’s Message system really is. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month (NCSAM) each October, Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT., the global online safety awareness and education campaign. NCSA builds efforts through public-private partnerships that address cybersecurity and privacy issues for a wide array of target audiences, including individuals, families and the education and business communities. In 2009, Mr. Kaiser was named one of SC Magazine’s information security luminaries. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: staysafeonline.org Follow on Twitter: https://twitter.com/MKaiserNCSA Facebook: https://www.facebook.com/staysafeonline/ LinkedIn: https://www.linkedin.com/in/michael-kaiser-3579752b Additionally Important: NCSA’s Cyber Trip Advisor: https://www.stopthinkconnect.org/resources/preview/tip-sheet-ncsas-cyber-trip-advisor Undoing the new Twitter privacy settings: https://www.eff.org/deeplinks/2017/05/how-opt-out-twitters-new-privacy-settings Secure messaging apps: WhatsApp: https://www.whatsapp.com/ Signal: https://whispersystems.org/  

The WannaCry virus hit over 200,000 computers in over 150 countries in a matter of days. While WannaCry spread quickly, it had some fatal flaws that prevented it from doing a lot more damage. However, these flaws will soon be fixed – Round 2 of this virus is already upon us. I speak with Michael Kaiser from the National Cyber Security Alliance to find the lessons we need to learn and what we need to do to protect ourselves from the next generations of this nasty malware. We also take a good look at who might be to blame for all of this and some thorny issues exposed by this attack. In other news, I’ll tell you how to find out if your HP laptop might be logging all of your keystrokes and how to fix it. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month (NCSAM) each October, Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT., the global online safety awareness and education campaign. NCSA builds efforts through public-private partnerships that address cybersecurity and privacy issues for a wide array of target audiences, including individuals, families and the education and business communities. In 2009, Mr. Kaiser was named one of SC Magazine’s information security luminaries. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: staysafeonline.org Follow on Twitter: https://twitter.com/MKaiserNCSA Facebook: https://www.facebook.com/staysafeonline/ LinkedIn: https://www.linkedin.com/in/michael-kaiser-3579752b Additionally Important: 10% off your first domain name order! https://www.hover.com/welcome/Firewalls HP key logger: https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/ Got ransomware? Go here before paying! https://www.nomoreransom.org/ Start With Security: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business Dept Homeland Security C-Cubed: https://www.dhs.gov/ccubedvp

The WannaCry ransomware worm spread across the planet is a matter of hours, infecting over 200,000 computers in just a matter of hours – this included hospitals in the UK, phone service in Spain, and even a Russian ministry. The malware was stopped dead by one security researcher who basically got lucky. In today’s show, I will explain what WannaCry is and how to ensure that you are protected again this nasty bug and others just like it that will surely be coming. My guest today is security research Nick Weaver who will help us understand what the real threats are for most people – it’s not just hackers! He explains why we’re vulnerable and gives us a lot of great and timely tips on how to protect your computers and mobile devices (spoiler alert: you need to ditch Android and go with Apple). Nicholas Weaver received a B.A. in Astrophysics and Computer Science in 1995, and his Ph.D. in Computer Science in 2003 from the University of California at Berkeley. Although his dissertation was on novel FPGA architectures, he also was highly interested in Computer Security, including postulating the possibility of very fast computer worms in 2001. In 2003, he joined the International Computer Science Institute (ICSI), first as a postdoc and then as a staff researcher. His primary research focus is on network security, notably worms, botnets, and other internet-scale attacks, and network measurement. Other areas have included both hardware acceleration and software parallelization of network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user's network connection. For Further Insight: Website: http://www1.icsi.berkeley.edu/~nweaver Follow on Twitter: @ncweaver Further Reading: Article on WannaCry by our guest: https://lawfareblog.com/crying-about-wannacry-notable-features-newest-ransomeware-attack Microsoft help on WannaCry malware:   https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ John Oliver on Net Neutrality: https://www.youtube.com/watch?v=92vuuZt7wak Tell the FCC how you feel about Net Neutrality! http://gofccyourself.com/

This week I’ll tell you why you should not be using Microsoft’s Edge Browser, how to find out if you were bitten by a very clever Google Docs phishing scheme, and why you can’t believe every voice you hear. Along the way, I’ll give you my recommendations on the best web browser to use as well as how to revoke permissions you may have granted to Twitter, Facebook and Google over the years that may be leaving your vulnerable. Finally, I’ll tell you how Intel finally found and fixed a flaw in their backdoor chip for managing PC’s, how to see if your computer is affected, and why backdoors can let the bad guys in just as easily as the good guys. For Further Insight: Lyrebird: https://soundcloud.com/user-535691776 Google app permissions: https://myaccount.google.com/permissions Twitter app permissions: http://lifehacker.com/5905299/clean-our-your-twitter-app-permissions-as-part-of-your-spring-cleaning-regimen Facebook app permisssions: http://lifehacker.com/5904590/clean-out-your-facebook-app-permissions-as-part-of-your-spring-cleaning-regimen Intel chip security bulletin: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr ShieldsUp! https://www.grc.com/x/ne.dll?bh0bkyd2

Would you write banking information, passwords, private conversation or any sensitive data on the back of a postcard? Sounds like a silly question perhaps – but this is the equivalency of writing private information in your public emails. Your emails are NOT secure. Today I’m going to help you understand the options available to you so you don’t get caught with your drawbridge down! I have an insightful discussion with Dr Andy Yen, the CEO and Co-Founder of Protonmail. We discuss why regular email is not very secure and how corporations like Yahoo, Google, and others have complete access to everything you send and receive. There are lots of better options out there and we discuss how to evaluate and choose a better service. We have lots of important news items this week including another Android hack that has infected at least 2 million phones, a raft of bugs in the latest Linksys home WiFi routers, a clever new ransomware attack that nests like Russian dolls, and finally a vigilante hacker that has written software that he dubs “Internet chemotherapy” that may completely take out your insecure devices. Dr. Andy Yen, CEO and Co-Founder of Protonmail has over 8 years of experience in distributed computing for demanding particle physics applications. Andy was a researcher at CERN from 2009 to 2015, where ProtonMail’s founding team met. He has a PhD in Physics from Harvard and a degree in Economics from Caltech. For Further Insight: Website: https://protonmail.com/ Follow on Twitter: https://twitter.com/ProtonMail Linkedin: https://www.linkedin.com/in/andy-yen-03a9676 Further Reading: http://blog.checkpoint.com/2017/04/24/falaseguide-misleads-users-googleplay/ http://www.linksys.com/us/support-article?articleNum=246427 https://thatoneprivacysite.net/email-section/ https://www.ted.com/talks/andy_yen_think_your_email_s_private_think_again Top VPN Servers List by Country