The "rolling code" technology used to remotely open and lock your car is supposed to prevent hacking. Unfortunately, Honda has a pretty serious vulnerability in their cars that apparently allows anyone with a little talent and cheap hacking tools to get into your car - and maybe even start it (though not actually drive it away). If correct, this vulnerability affects probably all Hondas made over the last 10 years. So far, Honda has denied that this is a problem, but many researchers have reproduced the hack.

In other news: cheap, Chinese-made GPS vehicle trackers are vulnerable to remote hacking; Chrome, Edge and Safari browsers fix serious 0-day bugs; Twitter data breach info on 5.4M users is up for sale on the dark web; Windows getting a crucial security update to make important security feature on by default; the Conti ransomware gang is attacking the entire country of Costa Rica; Facebook quickly bypasses Firefox's URL tracking removal feature; Tor Browser adds a useful feature that will help people in repressive countries; Google appears ready to stop blocking political spam emails; Amazon admits to giving Ring video to law enforcement without consent or a warrant; a complicated, targeted web browser trick can be used to identify website visitors.

Article Links

[U.S. News & World Report] Researchers: Chinese-Made GPS Tracker Highly Vulnerable https://www.usnews.com/news/business/articles/2022-07-19/researchers-chinese-made-gps-tracker-highly-vulnerable[Ars Technica] 0-day used to infect Chrome users could pose threat to Edge and Safari users, too https://arstechnica.com/information-technology/2022/07/exploit-seller-used-chrome-exploit-and-2-other-0-days-to-infect-journalists/[9to5mac.com] Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k https://9to5mac.com/2022/07/22/twitter-data-breach/[ZDNet] Windows 11 is getting a new security setting to block ransomware attacks https://www.zdnet.com/article/windows-11-is-getting-a-new-security-setting-to-block-ransomware-attacks/[ThreatPost] Conti’s Reign of Chaos: Costa Rica in the Crosshairs https://threatpost.com/contis-costa-rica/180258/[Schneier Blog] Facebook Is Now Encrypting Links to Prevent URL Stripping https://www.schneier.com/blog/archives/2022/07/facebook-is-now-encrypting-links-to-prevent-url-stripping.html[None] Tor Browser Adds Automatic Censorship Circumvention https://www.infosecurity-magazine.com/news/tor-browser-automatic-censorship/[Inc. Magazine] Google Revealed Plans for a Big Change to Gmail That Almost Nobody Wants. You Have 19 Days to Object https://www.inc.com/bill-murphy-jr/google-revealed-plans-for-a-big-change-to-gmail-that-almost-nobody-wants-you-have-19-days-to-object.html[The Intercept] Amazon Admits Giving Ring Camera Footage to Police Without a Warrant or Consent https://theintercept.com/2022/07/13/amazon-ring-camera-footage-police-ed-markey/[The Drive] I Tried the Honda Keyfob Hack on My Own Car. It Totally Worked https://www.thedrive.com/news/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked[WIRED] A New Attack Can Unmask Anonymous Users on Any Major Browser https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/Tip of the Week: More Uses for Password Vaults: https://firewallsdontstopdragons.com/more-uses-for-password-vaults/

Further Info

Amulet of Entropy!!: https://amuletofentropy.com/ Peppering your passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ 

Table of Contents

Use these timestamps to jump to a particular section of the show.

0:02:02: Bad Bugs in GPS Vehicle Trackers0:07:16: Zero-Day Bugs in Chrome, Edge,