Firewalls Don't Stop Dragons Podcast

Stop Using SMS for 2FA

Listen Later

Passwords suck and humans aren’t good at using them. Password managers can help a lot, but to truly improve your account security these days, you need to add defense in depth. The easiest way to do that today is to enable two-factor authentication, or 2FA. Many websites have supported 2FA for years, but as hacking has gotten more aggressive and password databases are being stolen more often, the popularity of 2FA has grown significantly in the last year or two. Unfortunately, many 2FA systems rely on the lowest common denominator for implementing the PIN code system: SMS or text messaging. SMS is very old, but also very widely used and supported. It’s never been terribly secure, but recently some clever security researchers have discovered a simple and cheap way to steal your text messages. Like, for $16. I’ll explain this hack and tell you how and why you should switch to the much more secure Time-based one-time-password (TOTP) system for 2FA.

In other news: I’ll update you on the massive Microsoft Exchange hack; I’ll cover a couple stories about Apple bowing to pressure from foreign powers; thousands of surveillance cameras hacked in major corporations, schools, hospitals and even jails; a clever technique to identify deepfake videos; two welcome new privacy features in Firefox; Amazon’s take-it-or-leave-it driver surveillance demands; opting out of T-Mobile’s new data grab; and Texas making hundreds of millions of dollars off their citizens’ data.

Further Info
  • Amazing Tom Cruise deep fake videos: https://www.tiktok.com/@deeptomcruise 
  • Stop using SMS for 2FA: https://firewallsdontstopdragons.com/stop-using-text-messages-for-2fa/ 
  • First interview with PGP’s Phil Zimmermann: https://podcast.firewallsdontstopdragons.com/2018/05/07/we-now-live-in-the-golden-age-of-surveillance/ 
  • Microsoft: 92% of Exchange servers safe from ProxyLogon attacks https://www.bleepingcomputer.com/news/security/microsoft-92-percent-of-exchange-servers-safe-from-proxylogon-attacks/ 
  • Apple Provides Timeline for ProtonVPN App Update, Suggesting App Store Rejection Was Unrelated to Current Events in Myanmar https://www.macrumors.com/2021/03/25/apple-responds-protonvpn-app-update-rejection/ 
  • Apple Bent the Rules for Russia—and Other Countries Will Take Note https://www.wired.com/story/apple-russia-iphone-apps-law/ 
  • Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams?sref=iKB6XOvf
  • Scientists developed a clever way to detect Deepfakes by analyzing light reflections in the eyes https://thenextweb.com/neural/2021/03/11/ai-detects-deepfakes-analyzing-light-reflections-in-the-cornea-eyes-gans-thispersondoesnotexist/ 
  • Firefox 87 introduces new SmartBlock tracker blocking mechanism https://appleinsider.com/articles/21/03/24/firefox-87-launches-introduces-new-smartblock-tracker-blocking-mechanism 
  • Mozilla Firefox tweaks Referrer Policy to shore up user privacy https://www.zdnet.com/article/mozilla-firefox-tweaks-referrer-policy-to-shore-up-user-privacy/ 
  • Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job https://www.vice.com/en/article/dy8n3j/amazon-delivery-drivers-forced-to-sign-biometric-consent-form-or-lose-job 
  • It’s mind-blowing how many millions of dollars Texas makes each year selling your personal data https://www.dallasnews.com/news/watchdog/2021/03/19/its-mind-blowing-how-many-millions-of-dollars-texas-makes-each-year-selling-your-personal-data/ 
  • U.S. Carriers Fix SMS Routing Vulnerability That Let Hackers Hijack Texts https://www.macrumors.com/2021/03/25/sms-routing-vulnerability-fix/
    • ...more
    View all episodesView all episodes
    Download on the App Store
    Firewalls Don't Stop Dragons PodcastBy Carey Parker
    • 4.9
    • 4.9
    • 4.9
    • 4.9
    • 4.9

    4.9

    64 ratings

    More shows like Firewalls Don't Stop Dragons Podcast

    View all
    Freakonomics Radio by Freakonomics Radio + Stitcher

    Freakonomics Radio

    32,005 Listeners

    WSJ What’s News by The Wall Street Journal

    WSJ What’s News

    4,339 Listeners

    Making Sense with Sam Harris by Sam Harris

    Making Sense with Sam Harris

    26,327 Listeners

    Security Now (Audio) by TWiT

    Security Now (Audio)

    2,010 Listeners

    Risky Business by Patrick Gray

    Risky Business

    372 Listeners

    Click Here by Recorded Future News

    Click Here

    418 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,046 Listeners

    Your Undivided Attention by The Center for Humane Technology, Tristan Harris, Daniel Barcay and Aza Raskin

    Your Undivided Attention

    1,603 Listeners

    Techlore Surveillance Report by Techlore

    Techlore Surveillance Report

    105 Listeners

    The Ancients by History Hit

    The Ancients

    3,282 Listeners

    Hard Fork by The New York Times

    Hard Fork

    5,511 Listeners

    The Rest Is History by Goalhanger

    The Rest Is History

    15,271 Listeners

    Closed Network Privacy Podcast by Simon Walsh

    Closed Network Privacy Podcast

    20 Listeners

    The Peter Zeihan Podcast Series by Peter Zeihan

    The Peter Zeihan Podcast Series

    401 Listeners

    The 404 Media Podcast by 404 Media

    The 404 Media Podcast

    386 Listeners