Firewalls Don't Stop Dragons Podcast

Peppering Your Passwords

Listen Later

I preach about using password managers constantly – because they really are a fantastic tool for increasing your security. Humans suck at creating memorable passwords that are not also easy to guess. But the idea of putting all your juicy secrets into a digital vault that is controlled by a third party and synchronizing through the cloud may not sit well with you. And I totally get that. It’s a very valid concern. But what if there were a way to have your cake and eat it, too? (I never understood that expression… what good is having cake if you can’t eat it, right?) I’ll explain a simple technique using cryptographic “pepper” that will allow you to use a password manager, even if you don’t trust it.

In other news: US water utilities are woefully unprepared for cyberattacks; paper ballots are essential for secure elections, but not sufficient; PDFs are being used to cleverly hide keylogging malware; Chinese hackers have infiltrated many global telecom companies for years; Australia’s new “secure” digital driver’s license is anything but; the FBI manages to recover half of the Colonial Pipeline ransom; a new facial search engine is on the scene, with even less protections than Clearview AI; and the Tim Horton’s app stole a heck of a lot of user location data from its customers.

Article Links
  1. U.S. Water Utilities Prime Cyberattack Target, Experts | Threatpost https://threatpost.com/water-cyberattack-target/179935/
  2. Do Ballot Barcodes Threaten Election Security? https://cdt.org/insights/do-ballot-barcodes-threaten-election-security/
  3. [BleepingComputer] PDF smuggles Microsoft Word doc to drop Snake Keylogger malware https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/
  4. [MIT Technology Review] Chinese hackers exploited years-old software flaws to break into telecom giants https://www.technologyreview.com/2022/06/08/1053375/chinese-hackers-exploited-years-old-software-flaws-to-break-into-telecom-giants/
  5. [Ars Technica] “Tough to forge” digital driver’s license is… easy to forge https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/
  6. FBI Recovers $2.3 Million of Colonial Pipeline Ransomware Payment; Some Que https://www.cpomagazine.com/cyber-security/fbi-recovers-2-3-million-of-colonial-pipeline-ransomware-payment-some-questions-about-the-attack-answered/
  7. [The Mercury News] A face search engine anyone can use is alarmingly accurate https://www.mercurynews.com/2022/05/28/a-face-search-engine-anyone-can-use-is-alarmingly-accurate-2
  8. [CTV News] Tim Hortons app collected vast amounts of sensitive data: privacy watchdogs https://www.ctvnews.ca/business/tim-hortons-app-collected-vast-amounts-of-sensitive-data-privacy-watchdogs-1.5927716
  9. Pepper Your Passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/ 
    10. Further Info
    • Only FIVE DAYS LEFT to get your dragon coin! https://firewallsdontstopdragons.com/return-of-the-dragon-coins/ 
    • Techlore interview: https://youtu.be/-GubGbuWBfk 
    • Exploits of a Mom (XKCD “Bobby Tables” cartoon): https://xkcd.com/327/
    • Bobby Tables explanation: https://www.explainxkcd.com/wiki/index.php/Little_Bobby_Tables 
    • Generate secure passphrases! https://d20key.com/#/
    • Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
    • Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Firewalls Don't Stop Dragons PodcastBy Carey Parker
      • 4.9
      • 4.9
      • 4.9
      • 4.9
      • 4.9

      4.9

      64 ratings

      More shows like Firewalls Don't Stop Dragons Podcast

      View all
      Freakonomics Radio by Freakonomics Radio + Stitcher

      Freakonomics Radio

      32,010 Listeners

      WSJ What’s News by The Wall Street Journal

      WSJ What’s News

      4,338 Listeners

      Making Sense with Sam Harris by Sam Harris

      Making Sense with Sam Harris

      26,319 Listeners

      Security Now (Audio) by TWiT

      Security Now (Audio)

      2,010 Listeners

      Risky Business by Patrick Gray

      Risky Business

      372 Listeners

      Click Here by Recorded Future News

      Click Here

      418 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,045 Listeners

      Your Undivided Attention by The Center for Humane Technology, Tristan Harris, Daniel Barcay and Aza Raskin

      Your Undivided Attention

      1,602 Listeners

      Techlore Surveillance Report by Techlore

      Techlore Surveillance Report

      105 Listeners

      The Ancients by History Hit

      The Ancients

      3,278 Listeners

      Hard Fork by The New York Times

      Hard Fork

      5,509 Listeners

      The Rest Is History by Goalhanger

      The Rest Is History

      15,249 Listeners

      Closed Network Privacy Podcast by Simon Walsh

      Closed Network Privacy Podcast

      20 Listeners

      The Peter Zeihan Podcast Series by Peter Zeihan

      The Peter Zeihan Podcast Series

      401 Listeners

      The 404 Media Podcast by 404 Media

      The 404 Media Podcast

      386 Listeners