Security Via Subtraction

All software has bugs, so the more software you have installed, the more bugs you have. It’s not just the bugs in any individual application, but it’s also magnified by interactions between some applications. Thankfully, the converse is also true: the less software you have installed, the fewer bugs you have (statistically, anyway). How many apps have you installed because they were free? How many apps came installed with your PC that you never use? How about companion apps for products you no longer own? Or maybe apps you installed years ago that you’ve forgotten about. You need to review all of your apps and get rid of anything you aren’t using. You can always reinstall them later, if necessary. But removing unused apps will also remove any software bugs and vulnerabilities that inevitably come with them. (It’s also one less app to gather and sell personal data.)

In other news: Amazon is looking to buy the maker of Roomba robotic vacuums that know the map of your home; Amazon is also hoping to buy a medical company to start directly providing healthcare; Google once again delays removing support for 3rd party cookies in Chrome; a candidate post-quantum computing encryption algorithm was defeated in an hour with a regular PC; open source software is used everywhere, but is getting very little security support; hackers act on patched bugs within minutes; our cars are collecting and sharing tons of detailed information about us and our driving habits; Samsung has implemented a “repair mode” to protect your data while your phone is in the shop; and a new Android malware is contained in several “cleaner” apps.

Article Links

  1. [Mashable] Amazon vacuums up Roomba maker iRobot, sparking immediate privacy concerns
  2. [Time] Amazon’s Dangerous Ambition to Dominate Healthcare
  3. [HackerNews] Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024
  4. [Ars Technica] Post-quantum encryption contender is taken out by single-core PC and 1 hour
  5. [Ars Technica] Samsung’s “repair mode” lets technicians look at your phone, not your data
  6. [Lawfare] Open-Source Security: How Digital Infrastructure Is Built on a House of Cards
  7. [ZDNet] Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed
  8. [The Markup] Who Is Collecting Data from Your Car? – The Markup
  9. [Ars Technica] T-Mobile to pay $500M for one of the largest data breaches in US history
  10. [Tom’s Guide] Millions infected by ‘auto-starting’ Android malware — delete these apps now
  11. Tip of the Week: 

Further Info

Table of Contents

Use these timestamps to jump to a particular section of the show.

  • 0:01:30: DEF CON 30 is here!
  • 0:03:20: News rundown
  • 0:05:55: Amazon to buy iRobot, maker of Roomba
  • 0:11:22: Amazon to get into healthcare
  • 0:16:12: Google again delays removal of 3rd party cookies from Chrome
  • 0:18:20: Post-quantum cryptography algorithms being vetted
  • 0:23:51: Samsung’s “repair mode” protects your data
  • 0:26:53: Open source software needs security support
  • 0:32:36: Hackers pounce on newly-fixed bugs
  • 0:35:23: Your car is collecting and shareing your driving data
  • 0:42:44: T-Mobile fined $500M for data breach
  • 0:46:46: New Android malware embedded in “cleaner” apps
  • 0:49:53: Tip of the Week: Delete unused apps
  • 0:57:29: Preview of next week’s interview
  • 0:57:54: Drinks w/ me at DEF CON!