Firewalls Don't Stop Dragons Podcast

The Shadow Brokers have dumped a treasure trove of NSA secret hacking tools, proving that even the best secret-keepers in the country can’t always prevent info from leaking. Is it better for intelligence agencies to hoard software vulnerabilities for use against others, or to report those vulnerabilities so they can be fixed? I delve into this topic in detail, exploring the pros and cons. What if you could do one simple thing to protect your computer from most critical software bugs? It’s not only simple, it’s free and available to all users of modern Windows and Mac computers – and yet most people never use it! And as a bonus, I answer several of your questions from the mailbag about sharing WiFi passwords, choosing a cloud storage provider, protecting your kids while surfing the web, and things to consider when picking out a new computer! For Further Insight: https://www.eff.org/deeplinks/2017/04/border-search-bill-would-rein-cbp https://support.microsoft.com/en-us/help/306525/how-to-configure-and-use-automatic-updates-in-windows https://www.schneier.com/blog/archives/2016/08/the_nsa_is_hoar.html

This week I talk with Chris Romeo on why humans are so horribly bad at picking good passwords and why this invariably makes you vulnerable to hacking. We discuss password managers and how to create the one and only password you should ever need. Along the way, we’ll explain things like two-factor authentication, how often you should be changing your passwords, and how to make sure your accounts can still be accessible if the worst happens. In the news this week, I’ll tell you about a nasty WiFi bug that affects just about every smartphone on the market and why you will be vulnerable on public hotspots until you download the fix. Popular password manager LastPass also fixed a serious flaw in their browser plugin, though in this case, you’re probably already protected by the auto-update feature in your browser. And finally, I’ll answer a listener’s question about defending against ransomware and whether having a firewall will help. Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring security belt programs to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Security Advocates, empowering engineers to “build security in” to all products at Cisco. He led the creation of Cisco’s internal, end-to-end security belt program launched in 2012. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP. For Further Insight: Website, www.securityjourney.com Follow on Twitter, @SecurityJourney Facebook, https://www.facebook.com/SecJourney/ Additional Resources: https://thehackernews.com/2017/04/broadcom-wifi-hack.html https://blog.lastpass.com/2017/03/security-update-for-the-lastpass-extension.html/

Ernesto Falcon, legislative counsel and digital rights attorney at the Electronic Frontier Foundation, explains how Congress used the Congressional Review Act to repeal broadband privacy rules. He breaks down why ISPs hold unique power, what the FCC rule would have required, real-world tracking examples, legal uncertainty ahead, and practical technical defenses like VPNs and HTTPS.

Adam Schwartz, Senior Staff Attorney at the Electronic Frontier Foundation who fights for digital privacy and civil liberties. He explains why U.S. border searches of phones and laptops are increasing. He describes what counts as the border, how immigration status changes risk, and practical steps to prepare devices, handle inspections, and preserve legal options.

Daniel Davis, Community Manager at DuckDuckGo and online privacy advocate. He explains how cross-site tracking, cookies, browser fingerprinting, and mobile identifiers follow you around. They cover privacy-friendly alternatives, browser extensions to reduce tracking, and practical steps for controlling the data companies collect.

Chris Romeo, co-founder and CEO of Security Journey and veteran security practitioner, explains how phishing works and why it keeps growing. He breaks down how attackers mimic trusted brands and exploit emotions. They cover spear phishing, malware and ransomware ties, plus practical defenses like two-factor, password managers, and targeted education for kids and seniors.

A critique of media hype around web vulnerabilities using CloudBleed as a case study. Explanation of what CloudBleed was and why its real risk to individuals was low. Practical, non‑technical guidance on passwords, two‑factor authentication, and layered defenses. Discussion of ransomware, card fraud differences, identity risks, and how to prioritize protections.