Thanksgiving is fast approaching, so we give you this year’s guide to family tech support.

College Test Prep Scams: https://www.consumer.ftc.gov/blog/2018/10/college-test-prep-scams-are-happening Staying Safe while Shopping: https://www.cyber.nj.gov/be-sure-to-secure/staying-cyber-safe-while-shopping Police Break IronChat Crypto: https://arstechnica.com/information-technology/2018/11/police-decrypt-258000-messages-after-breaking-pricey-ironchat-crypto-app/#p3

Signal tries to hide sender metadata: https://signal.org/blog/sealed-sender/ Google to enforce two years of security updates: https://www.theverge.com/2018/10/24/18019356/android-security-update-mandate-google-contract Attacking Google Authenticator: https://www.unix-ninja.com/p/attacking_google_authenticator

So we dial back the security, and discuss what happens when you want your stuff to be found

This week we talk more about the facebook scam about impersonation. Google+ has a breach which accelerates its demise. A certain rapper has a passcode of 000000. We discuss if that is good or bad.

Facebook had a breach: https://newsroom.fb.com/news/2018/09/security-update/ Facebook security settings: https://www.facebook.com/settings?tab=security Facebook Shadow Contact Info: https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051 GPGTools: https://gpgtools.org/open-letter NordVPN weird bug: https://twitter.com/CiPHPerCoder/status/1044625129278443522?s=19

We have a light week, but we must keep on keeping on. Faxploit: https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/ Fix: https://support.hp.com/us-en/document/c06097712 Fortnite Exploit: https://www.androidcentral.com/epic-games-first-fortnite-installer-allowed-hackers-download-install-silently Ajit Pai knew about DDOS attack: https://arstechnica.com/tech-policy/2018/08/ajit-pai-knew-ddos-claim-was-false-in-january-says-he-couldnt-tell-congress/ Is the CA wildfires issue a net neutrality issue? Maybe: https://twitter.com/gigastacey/status/1033724768099426304 Staking app got hacked: https://nakedsecurity.sophos.com/2018/08/30/hacked-stalking-app-reveals-victims-photos-texts-and-location-info/

We recap Hacker Summer camp. The sights, the sounds, the random room searches. Room Searches: https://arstechnica.com/tech-policy/2018/08/security-theater-meets-def-con-as-room-searches-spark-controversy/ Voting Machines: https://thenextweb.com/tech/2018/08/13/an-11-year-old-hacked-a-government-website-and-changed-election-results-at-defcon/ Voicemail vulnerability: https://mashable.com/2018/08/10/voicemail-hack-password-reset-2fa/#nbbfkK9anmqU Ajit Pai said the FCC wasn’t DDoS’d: https://arstechnica.com/tech-policy/2018/08/ajit-pai-knew-ddos-claim-was-false-in-january-says-he-couldnt-tell-congress/

We teased this last week, and never got to it. 1) How to delete your tweets: https://gitlab.com/chaimtime/nuketweets I forked the project, but I can’t find the OP to credit. 2) Fornite sidesteps the play store. This is a bad idea: https://www.theverge.com/2018/8/3/17645982/epic-games-fortnite-android-version-bypass-google-play-store 3) Android P is here

Google claims nobody has been phished since deploying U2F: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/ Russia Indictments shows the US is really good at hacking: https://twit.tv/shows/security-now/episodes/672?autostart=false (Start at minute 90) Tom wipes all his tweets : https://gitlab.com/actualdragon/nuketweets