I’ve had some truly amazing interviews this past year. For your listening enjoyment, I’ve curated a set of clips from some of the best shows, creating a sampler platter of stellar audio content from some amazing guests! If you’ve never listened to my podcast, this will give you a taste of what you’re missing! If you’re a regular listener, this will be a fun trip down memory lane, complete with new commentary. You’ll hear from Dr Paul Ashley (CEO/Founder of MySudo), Yael Grauer (Consumer Reports), Weld Pond (L0pht), Lisa LaVasseur (Internet Safety Labs), Zach Edwards (Silent Push), Bruce & Heidi Potter (Shmoocon), Deviant (physical security expert), Cory Doctorow (author, activist, EFF), Monique Priestley (VT State Rep), Carissa Véliz (author, professor), Adrian Ogee (CyberPeace Builders).Enjoy!

Way before the world wide web, computer enthusiasts were sharing information via digital bulletin board systems (BBS). This amounted to attaching a modem to your home computer and allowing other people to dial in from their computers (one at a time) to download “textfiles” and share “warez” – or cracked software applications, often games. This scene gave rise to several electronic “zines” that published articles on hacking and phone phreaking techniques. One of the most popular zines, Phrack, was started in 1985 and is still going strong forty years later. Today we’ll discuss the colorful and storied history of this pioneering zine with two Phrack editors, skyper and TMZ.

With the holiday season come holiday scams – and honestly, just more scammer activity across the board, in general. People are busy and buying lots of stuff, and it’s a time when we’re more vulnerable to schemes to take our money and infect our devices. Today we’ll talk about a few current scams going around and give some solid advice to avoid becoming a victim.

In the news: FCC scraps cybersecurity rules for telcos; WhatsApp flaw exposed 3.5B phone numbers; ClickFix scam update; Border Patrol is monitoring US drivers for ‘suspicious’ travel patterns; a tricky Apple Support scam; USPS and EZ-Pass scams; a cool new tool for monitoring your home network for rogue devices; state and local cyber grant program to be renewed; airlines shut down program that sold your flight records; CA court ends electricity surveillance program; also, a few more holiday gift ideas!

Holiday shopping season is here! And that must mean that it’s time again for my annual Best & Worst Gift Guide! But this time I’ve recruited some top minds from Consumer Reports to lend their expertise and enlighten us with their tech gift-giving strategies! Yael Grauer, Stacey Higginbotham and Jeff Landale join me for a round table discussion of how to give tech gifts that won’t ruin the security and privacy of your recipients!

Data brokers are amassing tons of our personal information, often from public sources. You can try to find all of these brokers and request your data be deleted, but it’s a lot easier to deputize a trustworthy and affordable service to do all that work for you – and to do so on a regular basis. I’ll give you my easy button solution for this.

Also in the news: Meta will use your AI sessions to target ads; Google is rolling out agentic AI shopping tools; OpenTable is gathering and sharing your dining habits; Amazon sues Perplexity over their agentic shopping tool; first ever reported AI-orchestrated hacking campaign; EU Commission looks to gut privacy laws; lawmakers want to ban all VPN use; US Senator uses opponents’ can VIN info against them; and new health privacy bill seeks to protect data in apps, smart watches.

In the US alone, there are tens of thousands of small organizations that are responsible for critical infrastructure and vital community services. Most of them don’t have an IT department let alone a cyber security expert on staff. And yet these organizations are being attacked by cyber criminal gangs with ransomware and are also being targeted by foreign adversaries who would like the ability to disrupt our very civilization. While the US federal cyber agencies have not properly responded to these threats, a handful of volunteer organizations have emerged, organized under the Cyber Resilience Corps, to address these needs. Today I’ll speak with Michael Razeeq, Grace Menna, Adrien Ogee and Eric Franco about their much-needed efforts.

Today we’ll wrap up my series of tips for enumerating all your old online accounts and deciding whether to delete them or just dumb down the personal data they have on you. There are several things to consider – we’ll go through them all!

In other news: a study ranks the most private AI chatbots; LinkedIn is set to use your personal data to train their AI; ChatGPT has released an AI browser; new phishing scam for password manager creds; Gmail did not leak 183M passwords; man discovers his robot vacuum sharing lots of personal data; more info on Cellebrite’s mobile hacking abilities; Flock expanded its surveillance with Ring and drones; and group finds that half of our satellite communications are not encrypted.

AI chatbots like ChatGPT have made quiet a splash. Companies are tripping all over themselves in a rush to add “AI” to everything, heedless of the security risks. But perhaps more insidious are the privacy risks. Most AI processing is done in the cloud, meaning that your queries and chats are subject to inspection, sharing, storing and monetizing. These AI systems are incredibly expensive to train and operate. And AI companies are desperate to feed them every scrap of data they can find. It’s a recipe for privacy disaster. But there are ways to make it more private and today we’ll discuss these approaches with Proton’s head of AI, Eamonn Maguire.

Now that we’ve tracked down all our old online accounts, it’s time to make them more secure and review the data they contain. We should download a copy of that data for safe keeping before we ultimately delete or suspend the accounts. We’ll discuss this next step in our journey of reducing our online data footprint – our Data Diet.

In the news: Windows 10 support has officially ended; seniors targeted with malware from Facebook groups; Tile trackers can also track you; massive Salesforce data leaked after refusing to pay ransom; dangerous Discord breach; Apple, Google to reluctantly comply with new Texas age law; California enacts age-verification law; EU Chat Control defeated; California makes GPC universally available;
largest CCPA fine to date levied against TSC.

Our critical infrastructure is vulnerable and under attack by nation state actors, either for profit or perhaps even to establish a beachhead for future cyber conflict. During the pandemic, many of our core systems were automated and connected to the internet for remote administration, but this just created a larger attack surface. The federal government hasn’t done nearly enough to protect these systems. Groups like DEF CON Franklin are working to find cyber volunteers to bring our national critical utilities above the ‘cyber poverty line’. Today we’ll explore the problems and solutions with Franklin co-founder Jake Braun, including what we can all do to help.