Fuel theft by hacking the pump in Dallas. Smart card readers that bring malware along for the ride. Bank of Zambia trolls their would-be attackers. DOJ easing up on CFAA prosecutions.
Why I hate signature pads, plus this podcast reaches a milepost.
Pwn of the week: Congresswoman Elise Stefanik (R-NY). Fail of the week: Apple.
Podcast: Play in new window | Download
Clearview AI now blocked in Illinois. AirBNB chief wants to do away with offices. Ransomware attacks down. Mechanical keyboards are little snitches.
Pwns of the week: Lincoln college, RuTube, Russian TV media
Fails of the week: Javascript foreach module, F5 Big IP
Opsec tip of the week: Avoid falling victim to the third party doctrine with TOR, ProtonMail, Signal Private Messenger
Podcast: Play in new window | Download
India demands that breaches be reported, then that VPNs keep records making them useless. CDC has been tracking cell phones. FBI has been using the third-party doctrine to skip warrants. Google fights dragnets in Brazil, but not here. Alexa’s been spying on you to choose ads. Safegraph knows who’s getting abortions. Mental health apps suck at security. Grindr sells location data.
Pwn of the week: Illuminate Education
More on open-source router firmware, featuring Open WRT
Opsec tip: use a password manager, preferably KeePassXC.
Podcast: Play in new window | Download
EU requires social media to explain their algorithms, but Facebook can’t. Google implements “reject all cookies” button in the EU. Hospital requires nurses to bring their own laptops. Chula Vista averages 274 police drone deployments a day. Elon Musk buys Twitter.
Intro to DD-WRT.
Opsec tip: Two factor authentication
Pwn of the week: T-Mobile.
Podcast: Play in new window | Download
Freedom Phone’s Signal Not-so-private Messenger. Conferencing apps are listening when they shouldn’t be. The Copyright Crowd are back. Apple’s app tracking transparency costs Meta more than originally thought. SpaceX beats Russian jamming. Ted Lieu wants warrants for metadata. SEC wants cybersecurity in the board room.
Intro to open-source firmware. Don’t give away too much info.
Podcast: Play in new window | Download
European Union rolls its own facial recognition network. EU officials targeted using Pegasus. DOJ seizes RaidForums. Fired Sysadmin jailed and fined for vandalism. ProtonVPN passes audit.
Teardown of EAS in-band signalling. Personal OPSEC: making your communications channels redundant.
Pwn of the week: Congress. Fails of the week: AT&T, Atlassian.
Podcast: Play in new window | Download
Android app to detect unauthorized Apple AirTags. The Post Office has a law enforcement branch that overreaches. Google boots a spyware APK from the Play Store. US Government patches your system whether you like it or not.
Interview with Ethan Gregory Dodge on ALPR maker Flock Safety.
Pwn of the week: MailChimp.
Listener letter from Snackness.
Podcast: Play in new window | Download
Flock Safety is watching you. Network printers in Russia spread anti-propaganda. Okta had a password spreadsheet. Apple and Meta taken in by counterfeit legal instruments. Russia accepts bitcoin for payment.
Security alert: patch Chrome!
Pwns of the week: Sephora, Viasat. Fails of the week: Signal, Facebook Messenger, Telegram, iMessage, WhatsApp.
Podcast: Play in new window | Download
GPS Jamming near Ukraine. Goodwill Ransomware. Patch your systems already! Clever password skimmer site. Refugee carries life savings on thumb drive as Bitcoin. Mariupol computer museum destroyed. RIP Stephen Wilhite, creator of the GIF.
Pwns of the week: Transneft, Nestlé, Microsoft, Okta. Fail of the week: AEG
Podcast: Play in new window | Download
VHS-era video laws still in effect. Ireland fines Facebook. Microsoft puts ads in the file browser. Firefox tracks you. DST bill passage was a surprise. Snoop Dogg annoys streaming listeners.
Ukraine uses Clearview AI at checkpoints. Ukraine joins European power grid and unplugs from Russia. ESET discovers sabotage malware in Ukraine. Russians using more VPN and Signal Private Messenger, but less Telegram. Russia launches their own CA, but is running out of data storage.
Germany warns against using Kaspersky.
No Pwn of the Week. Fails of the week: Russian armed forces, Google Maps.
Podcast: Play in new window | Download