Firewalls Don't Stop Dragons Podcast

LastPass Source Code Breach

Listen Later

Password manager software maker LastPass suffered a data breach last week, which understandably made their customers very nervous – and caused some people to question the decision to put all their passwords in one digital basket. In today’s show, I’ll explain why this particular breach was not a threat to anyone’s passwords and why you should still use a high quality password manager.

In other news: Former security chief blows the whistle on Twitter; major VPN providers are pulling out of India over surveillance law issues; a set of popular Chrome extensions caught committing click fraud; Google’s new Chrome extension restrictions threaten to hobble ad blockers; a father’s Google accounts are deleted over false AI-flagged CSAM; US Federal Trade Commission sues a data broker over lax protection of location data; EFF finds another data broker selling location data to law enforcement; Google launches bug bounty program for open source software projects; DuckDuckGo’s email privacy protection feature now available to all; Ohio judge rules that scanning students’ rooms before tests is illegal; a flight to Cabo is nearly grounded thanks to a passenger sending dick pics to other passengers, including one of the pilots.

Article Links
  1. [The Washington Post] Former security chief claims Twitter buried ‘egregious deficiencies’ https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/
  2. [9to5mac.com] Major VPN services shut down in India over anti-privacy law; Apple hasn’t yet commented https://9to5mac.com/2022/09/01/major-vpn-services/
  3. [BleepingComputer] Chrome extensions with 1.4 million installs steal browsing data https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/
  4. [BleepingComputer] AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules https://www.bleepingcomputer.com/news/security/adguard-s-new-ad-blocker-struggles-with-google-s-manifest-v3-rules/
  5. [The New York Times] A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html
  6. [Reuters] U.S. FTC sues data broker Kochava for alleged sale of sensitive data https://www.reuters.com/legal/us-ftc-sues-data-broker-kochava-alleged-sale-sensitive-data-2022-08-29/
  7. [Electronic Frontier Foundation] Data Broker Helps Police See Everywhere You’ve Been with the Click of a Mouse: EFF Investigation https://www.eff.org/press/releases/data-broker-helps-police-see-everywhere-youve-been-click-mouse-eff-investigation
  8. [Naked Security] LastPass source code breach – do we still recommend password managers? https://nakedsecurity.sophos.com/2022/08/29/lastpass-source-code-breach-do-we-still-recommend-password-managers/
  9. [Decipher] Google Launches Bug Bounty Program For Open Source Projects https://duo.com/decipher/google-launches-bug-bounty-program-for-its-open-source-projects
  10. [Spread Privacy] Protect Your Inbox: DuckDuckGo Email Protection Beta Now Open to All! https://spreadprivacy.com/protect-your-inbox-with-duckduckgo-email-protection/
  11. [The Verge] University can’t scan students’ rooms during remote tests, judge rules https://www.theverge.com/2022/8/23/23318067/cleveland-state-university-online-proctoring-decision-room-scan
  12. [VICE] Creeps Airdropping Dick Pics Just Made Flying Even Worse https://www.vice.com/en/article/3adag9/southwest-tiktok-video-pilot-airdropped-nudes
  13. Tip of the Week: How to Prevent Cyberflashing https://firewallsdontstopdragons.com/how-to-prevent-cyberflashing/ 
    14. Further Info
    • Peppering Your Passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/
    • Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
    • Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 
    • Become a Patron! https://www.patreon.com/FirewallsDontStopDragons 
    • Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ 
    • Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker
    • Generate secure passphrases! https://d20key.com/#/
      • Table of Contents

      Use these timestamps to jump to a particular section of the show.

      • 0:01:32: Update Google Chrome and older iPhones
      • 0:05:48: Twitter whistleblower
      • 0:10:29: Major VPN services shutting down in India
      • 0:14:00: Popular Chrome extensions committing link fraud
      • 0:16:51: Google Chrome changes will limit ad blockers
      • 0:23:38: Father loses Google accounts of false CSAM flagging by AI
      • 0:27:22: FTC sues data broker
      • 0:30:17: EFF research uncovers more police purchases of location data
      • 0:34:55: LastPass source code breach
      • 0:46:43: Google launches bug bounty for open source software
      • 0:49:51: DuckDuckGo email privacy feature now open to all
      • 0:55:55: Court blocks scanning of students’ rooms during remote tests
      • 1:00:43: Cyberflashing nearly grounds flight
      • 1:05:35: Notes on upcoming interviews and shows
        • ...more
        View all episodesView all episodes
        Download on the App Store
        Firewalls Don't Stop Dragons PodcastBy Carey Parker
        • 4.9
        • 4.9
        • 4.9
        • 4.9
        • 4.9

        4.9

        64 ratings

        More shows like Firewalls Don't Stop Dragons Podcast

        View all
        Hacked by Hacked

        Hacked

        190 Listeners

        Security Now (Audio) by TWiT

        Security Now (Audio)

        2,011 Listeners

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

        373 Listeners

        Risky Business by Patrick Gray

        Risky Business

        374 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        655 Listeners

        CyberWire Daily by N2K Networks

        CyberWire Daily

        1,023 Listeners

        Smashing Security by Graham Cluley

        Smashing Security

        318 Listeners

        Click Here by Recorded Future News

        Click Here

        418 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        8,041 Listeners

        Hacking Humans by N2K Networks

        Hacking Humans

        315 Listeners

        Techlore Surveillance Report by Techlore

        Techlore Surveillance Report

        105 Listeners

        Cyber Security Headlines by CISO Series

        Cyber Security Headlines

        138 Listeners

        Risky Bulletin by risky.biz

        Risky Bulletin

        44 Listeners

        Hacker And The Fed by Chris Tarbell & Hector Monsegur

        Hacker And The Fed

        169 Listeners

        The AI Fix by Graham Cluley and Mark Stockley

        The AI Fix

        34 Listeners