Firewalls Don't Stop Dragons Podcast

Dostępne odcinki

5 z 421

Project Franklin Wants You
Our critical infrastructure is vulnerable and under attack by nation state actors, either for profit or perhaps even to establish a beachhead for future cyber conflict. During the pandemic, many of our core systems were automated and connected to the internet for remote administration, but this just created a larger attack surface. The federal government hasn't done nearly enough to protect these systems. Groups like DEF CON Franklin are working to find cyber volunteers to bring our national critical utilities above the 'cyber poverty line'. Today we'll explore the problems and solutions with Franklin co-founder Jake Braun, including what we can all do to help. Interview Notes DEF CON Franklin: https://defconfranklin.com/ For more info or help, email “defconfranklin” at gmail.com. Volt Typhoon: https://en.wikipedia.org/wiki/Volt_Typhoon Initial Franklin trials: https://harris.uchicago.edu/news-events/news/first-water-utilities-take-volunteer-cyber-help Franklin Almanac: https://defconfranklin.com/almanack.html Franklin launch (DEF CON 32): https://www.youtube.com/watch?v=0TdY9JUaybc DEF CON 33 Franklin update: https://defconfranklin.com/water_cybersec.html Jake’s books: https://www.amazon.com/s?i=digital-text&rh=p_27%3AJake%2BBraun More help: https://www.cybervolunteers.us/en Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:03:19: Why did you start the DEF CON Franklin project? 0:07:58: Why did you focus on protecting water systems? 0:12:41: Why target our water systems? 0:17:10: How do protect 50,000+ water facilities? 0:22:01: What are key takeaways from your first trials? 0:24:53: What are some of challenges you've faced? 0:29:13: Why did we ever put critical infrastructure on the internet? 0:31:05: Are there third parties involved in facility security, too? 0:32:45: How do you coordinate your efforts with other, similar orgs? 0:36:32: How do you know when your job is finished? 0:39:14: Are you getting support from the US government? 0:41:31: What's next for Franklin? How can we help? 0:43:38: What's the long term roadmap for Franklin? 0:45:00: Interview wrap-up 0:46:54: Patron podcast preview 0:47:52: Looking ahead 0:49:11: My other stuff
--------
49:51
--------
49:51
Tech Time Bombs
There are literally billions of devices connected to the internet today - many of them cheap, insecure IoT devices... smart thermostats, doorbell cameras, webcams, cheap WiFi routers and other smart appliances. As we like to say, the "S" in "IoT" is for security. And when insecure devices are no longer supported, the security bugs will never be fixed. We'll discuss the implications of this growing problem and potential solutions with a passionate right-to-repair advocate and the founder of the Secure Resilient Future Foundation, Paul Roberts. Interview Notes Secure Resilient Future Foundation: https://secure-resilient.org/ The Security Ledger: https://securityledger.com/ Tech Timebombs: https://www.youtube.com/watch?v=koZERADCyug Secure Repairs: https://securepairs.org/ Paul’s Congressional testimony: https://judiciary.house.gov/committee-activity/hearings/there-right-repair FULU Foundation: https://fulu.org/ US PIRG: https://pirg.org/ Institute for Security and Technology: https://securityandtechnology.org/ NIST 800-232: https://csrc.nist.gov/pubs/sp/800/232/ipd Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:01:42: Interview terminology 0:03:22: How did you come to found SRFF? 0:08:24: Why are abandoned IoT devices "tech time bombs"? 0:16:53: What are the dangers of hacked IoT devices? 0:18:28: Is there any real liability for making insecure IoT devices? 0:23:36: How important is transparency to law making? 0:29:07: How does the right to repair interact with IoT security? 0:38:33: How should consumers be made aware of abandoned devices? 0:43:56: Can we rely on ISP's to block insecure devices? 0:46:42: What other groups are working on improving IoT security? 0:52:24: Should the gov't be funding research into securing IoT devices? 1:01:20: What can we do to help? 1:06:58: Patron podcast preview 1:07:31: Looking ahead
--------
1:08:54
--------
1:08:54
Ente: Private by Design
It's rare these days to find a well-designed and useful application that was made to be private from the get-go. Too many apps today view your personal data as a cash cow to be mercilessly milked, claiming to value your privacy when they really value the extra revenue they can make off of your private data. When I find useful apps that are private by design, especially ones that can replace more popular apps that harvest our data, I like to call attention to them: in this case, Ente Photos. Today I'll ask the founder and CEO why privacy is important to him and how it influenced his design approach. Interview Notes Ente Photo: https://ente.io/ Ente Auth: https://ente.io/auth/ Ente’s Machine Learning: https://ente.io/ml/ Ken Thompon’s lecture on trust: https://dl.acm.org/doi/10.1145/358198.358210 Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:04:08: interview terminology 0:06:44: Why did you start Ente and why do you care about privacy? 0:15:23: Why should we trust Ente with our private data? 0:20:14: What private information does Ente collect? 0:25:12: How hard is it for 3rd party apps to integrate with the OS? 0:29:39: Is Ente more private than Apple Photos with ADP enabled? 0:31:40: How hard is it to migrate from Google or Apple Photos to Ente? 0:34:30: Is facial recognition metadata in a standard, portable format? 0:35:51: How hard is it to export photos from Ente? 0:37:57: Does Ente Auth allow for easy export and backup? 0:39:28: How do you backup your Ente photos? 0:41:12: How much of Ente's AI photo processing is purely on-device? 0:45:51: How do you vet third party software libraries for privacy? 0:49:07: What data could Ente give, if required, to law enforcement? 0:52:43: How can we pass on our legacy of memories to our kids? 0:54:55: What's next for Ente? 0:59:43: Interview wrap-up 1:00:56: Patron podcast preview 1:01:36: Looking ahead
--------
1:02:51
--------
1:02:51
Find Old Accounts (Part 2)
In our quest to clean up and secure our data, today I will give you several clever and useful techniques for uncovering old, forgotten online accounts. We'll scrape the bottom of the barrel to complete our list of accounts so that we can upgrade their security, see what data they have, and remove anything we no longer want floating around out there, waiting to be stolen or abused. In the news: Chat Control is up for a vote in the EU (time to contact your MEPs); Samsung to show ads on their smart refrigerators; new automated sextortion spyware; a third of UK firms spying on employees; airlines sells 5B flight records for warrantless searching; ICE signs $3M contract for phone hacking tool; ChatGPT to guess your age or require ID; Swiss government looks to enable mass surveillance; Google Pixel 10 adds C2PA support; Apple iPhone 17 includes killer hardware security feature. Article Links Chat Control: Can the EU Parliament save our encrypted chats? https://www.techradar.com/vpn/vpn-privacy-security/chat-control-can-the-eu-parliament-save-our-encrypted-chats Samsung confirms its $1,800+ fridges will start showing you ads https://www.androidauthority.com/samsung-confirms-smart-refrigerator-ads-are-coming-3598848/ Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn https://www.wired.com/story/stealerium-infostealer-porn-sextortion/ A third of UK firms using 'bossware' to monitor workers' activity, survey reveals https://www.theguardian.com/world/2025/sep/14/uk-firms-bossware-monitor-workers-activity Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching https://www.404media.co/airlines-sell-5-billion-plane-ticket-records-to-the-government-for-warrantless-searching/ ICE unit signs new $3M contract for phone-hacking tech | TechCrunch https://techcrunch.com/2025/09/18/ice-unit-signs-new-3-million-contract-for-phone-hacking-tech/ ChatGPT Will Guess Your Age and Might Require ID for Age Verification https://www.404media.co/chatgpt-will-guess-your-age-and-might-require-id-for-age-verification/ Swiss government looks to undercut privacy tech, stoking fears of mass surveillance https://therecord.media/switzerland-digital-privacy-law-proton-privacy-surveillance Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity https://thehackernews.com/2025/09/google-pixel-10-adds-c2pa-support-to.html The iPhone 17 memory shield will give spyware developers a hard time https://appleinsider.com/articles/25/09/11/the-iphone-17-memory-shield-will-give-spyware-developers-a-hard-time Tip of the Week: https://firewallsdontstopdragons.com/find-old-accounts-part-2/ Further Info Fight Chat Control in EU: https://fightchatcontrol.eu/ ARC opt out: https://www2.arccorp.com/site-privacy-policy/#17 LinkedIn privacy settings to change: https://discuss.privacyguides.net/t/linkedin-change-of-tos-opt-out-before-november-3rd/31199 Privacy Guides: https://www.privacyguides.org/ Coalition for Content Provenance and Authenticity: https://c2pa.org/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:23: Few PSA's 0:03:37: News preview 0:05:35: EU's Chat Control vote coming soon 0:10:46: Samsung smart fridges to start showing ads 0:16:17: New automated sextortion malware 0:21:24: A third of UK companies spy on employees 0:25:51: Airlines sell 5B records for warrantless searches 0:31:44: ICE signs $3M contract for phone hacking tool 0:34:08: ChatGPT to guess your age or require ID 0:38:11: New Swiss law would uncut user privacy 0:42:46: Google Pixel 10 Adds C2PA Support 0:45:50: iPhone 17 adds killer new security feature
--------
1:05:44
--------
1:05:44
On the Ethics of AI
Artificial Intelligence (AI) is the Big Tech buzzword of the day. Every company who wants investment (public or private) is scrambling to have an "AI story", adding chatbots and 'agentic' features in their products wherever possible. The AI companies themselves are constantly expanding their models, ingesting as much data (including highly personal information) as possible. In this AI gold rush, companies are making flawed and often harmful products. Companies are firing workers and trying to replace them with AI bots. And it's forcing us all to question what's real, what has actual value, and what the impacts could and should be on society as a whole. Discussing deep questions like this is the purview of philosophers - and today I'll be welcoming back someone uniquely and supremely qualified to address them, Carissa Véliz. Interview Notes Carissa Véliz: https://www.carissaveliz.com/ Privacy is Power: https://www.carissaveliz.com/books Carissa’s research: https://www.carissaveliz.com/research Moral Zombies: https://link.springer.com/article/10.1007/s00146-021-01189-x ChatGPT suicide: https://www.nytimes.com/2025/08/26/technology/chatgpt-openai-suicide.html TESCREAL: https://en.wikipedia.org/wiki/TESCREAL John Oliver on AI Slop: https://www.youtube.com/watch?v=TWpg1RmzAbc Proton Lumo: https://proton.me/blog/lumo-ai EU’s “public good” LLM: https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:05:09: What does "artifical intelligence" really mean? 0:13:21: Should STEM degrees require ethics training? 0:17:20: Does anthropomorphising AI undermine our discourse? 0:22:35: What is the TESCREAL view of AI? 0:28:09: Can we infuse AI tools with human morality? 0:34:31: What are the dangers of training AI on copyrighted works? 0:42:16: What happens when AI starts ingesting it's own output? 0:44:27: Can we make AI systems that are truly private? 0:48:08: How should we assign liability for AI harms? 0:51:06: Is AI eroding our ability to trust anything? 0:54:06: What happens when AI obviates the need to work at all? 1:00:00: How do we maximize the benefits and minimize the harms of AI? 1:03:20: Interview wrap-up 1:06:06: Patron podcast preview 1:07:08: Looking ahead
--------
1:08:08
--------
1:08:08