Firewalls Don't Stop Dragons Podcast

Treat Plugins Like Apps

Listen Later

Software plugins allow you to add functionality to existing applications. Web browsers commonly use these extensions to add functionality like shopping helpers, password managers, ad blockers and much, much more. In a way, these add-ons are like “apps” for the browser. Like apps, they can view and manipulate your data. In the browser, they may alter the web page, track pages you visit, and even mine any data you might enter into web forms. Also like apps, plugins can have permissions which you must agree to when you install them. Therefore, we need to be very careful which plugins we install and make sure we trust the maker. Today I’ll explain how to audit your plugins.

In other news: The TikTok ban has been given a 75-day reprieve; the Trump administration fires scores of cybersecurity experts; Apple Intelligence will soon be enabled by default on iPhones and Macs; some clever researchers have hacked the iPhone USB-C connection; a tricky new smishing campaign tricks users into bypassing Apple protections; PowerSchool hack affects 62M students and 9M teachers; new AI took can identify where a photo was taken; Subaru hack exposes scary amount of location data collection; fuzzing tool find over 100 bugs in modern cellular network; Texas sues Allstate for using private car data; FTC to ban GM from sharing location info; exercise equipment collects lots of personal data; federal court finally rules that Section 702 FISA data access requires a warrant.

Article Links
  1. [theverge.com] Trump signs order refusing to enforce TikTok ban for 75 days https://www.theverge.com/2025/1/20/24348213/trump-tiktok-ban-executive-order-sale-delay-china
  2. [techcrunch.com] Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
  3. [macrumors.com] macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically https://www.macrumors.com/2025/01/21/macos-sequoia-15-3-apple-intelligence-opt-out/
  4. [9to5mac.com] Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams https://9to5mac.com/2025/01/14/security-vulnerability-in-iphones-usb-c-port-and-a-gotcha-with-imessage-scams/
  5. [Tech Radar] PowerSchool hack keeps getting worse – 62 million students now thought to be affected https://www.techradar.com/pro/security/powerschool-hack-keeps-getting-worse-62-million-students-now-thought-to-be-affected
  6. [404media.co] The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocate-photos-in-seconds/
  7. [wired.com] Subaru Security Flaws Exposed Its System for Tracking Millions of Cars https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
  8. [The Hacker News] RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html
  9. [gizmodo.com] Texas Sues Allstate for Collecting Driver Data to Raise Premiums https://gizmodo.com/texas-sues-allstate-for-collecting-driver-data-to-raise-premiums-2000549878
  10. [techcrunch.com] GM banned from sharing driving and location data with insurance companies https://techcrunch.com/2025/01/17/gm-banned-from-sharing-driving-and-location-data-with-insurance-companies/
  11. [consumerreports.org] Your Exercise Bike Knows a Lot About You—and It Doesn’t Keep Every Secret https://www.consumerreports.org/health/health-privacy/exercise-machine-privacy-a3907557984/
  12. [eff.org] VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional
  13. Tip of the Week: Treat Extensions Like Apps: https://firewallsdontstopdragons.com/treat-extensions-like-apps/ 
    14. Further Info
    • Data Privacy Week 2025: https://firewallsdontstopdragons.com/data-privacy-week-2025/ 
    • Private TikTok web app: https://www.sticktock.com/ 
    • Enabling Apple’s Advanced Data Protection: https://support.apple.com/en-us/108756 
    • OSINT location analysis examples: https://gralhix.com/list-of-osint-exercises/osint-exercise-001/ 
    • Claw Your Data Back tool: https://cyd.social/ 
    • Send me your questions! https://fdsd.me/qna 
    • Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
    • Subscribe to the newsletter: https://fdsd.me/newsletter 
    • Become a patron! https://www.patreon.com/FirewallsDontStopDragons 
    • Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 
    • Give the gift of privacy and security: https://fdsd.me/coupons 
    • Generate secure passphrases! https://d20key.com/#/
      • Table of Contents

      Use these timestamps to jump to a particular section of the show.

      • 0:00:07: Intro
      • 0:01:03: Listener survey ended
      • 0:01:37: News preview
      • 0:03:54: Trump signs order refusing to enforce TikTok ban for 75 days
      • 0:10:02: Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision
      • 0:14:50: macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically
      • 0:21:51: Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams
      • 0:24:51: Clever iPhone Smishing attack
      • 0:28:35: PowerSchool hack keeps getting worse
      • 0:32:55: The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds
      • 0:43:37: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
      • 0:49:28: 5G fuzzing
      • 0:54:02: Allstate sued, FTC Bans GM data selling, fitness device data
      • 0:56:52: FISA 702 court victory
      • 1:01:23: Tip of the Week: Treat Plugins Like Apps
      • 1:08:12: Wrap up and looking ahead
        • ...more
        View all episodesView all episodes
        Download on the App Store
        Firewalls Don't Stop Dragons PodcastBy Carey Parker
        • 4.9
        • 4.9
        • 4.9
        • 4.9
        • 4.9

        4.9

        64 ratings

        More shows like Firewalls Don't Stop Dragons Podcast

        View all
        Hacked by Hacked

        Hacked

        190 Listeners

        Security Now (Audio) by TWiT

        Security Now (Audio)

        2,011 Listeners

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

        373 Listeners

        Risky Business by Patrick Gray

        Risky Business

        374 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        655 Listeners

        CyberWire Daily by N2K Networks

        CyberWire Daily

        1,023 Listeners

        Smashing Security by Graham Cluley

        Smashing Security

        318 Listeners

        Click Here by Recorded Future News

        Click Here

        418 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        8,041 Listeners

        Hacking Humans by N2K Networks

        Hacking Humans

        315 Listeners

        Techlore Surveillance Report by Techlore

        Techlore Surveillance Report

        105 Listeners

        Cyber Security Headlines by CISO Series

        Cyber Security Headlines

        138 Listeners

        Risky Bulletin by risky.biz

        Risky Bulletin

        44 Listeners

        Hacker And The Fed by Chris Tarbell & Hector Monsegur

        Hacker And The Fed

        169 Listeners

        The AI Fix by Graham Cluley and Mark Stockley

        The AI Fix

        34 Listeners