Black Friday is just around the corner, which marks the unofficial launch of the holiday shopping season. As you’re considering what gifts to give to your loved ones this year, I want to make sure you’re thinking about the privacy and security aspects. To that end, I have updated my annual Best and Worst Gift Guide and I will go over the highlights in this episode for my Tip of the Week. But I also have a special new gift idea this year: security and privacy coupons that you can download and give to your loved ones!
In the news: USPS tells customers to avoid using the big blue mailboxes for gifts and important letters during the holiday season; Google pays nearly $400M fine to 40 states who sued over location tracking; Medibank refuses to pay ransom for data and criminals are starting to leak sensitive medical records online; TransUnion reports a data breach; FBI director warns that TikTok is a national security risk; Lenovo laptops are exposed to UEFI malware risks (update now); a mysterious company with government ties and a history of spying has become a root certificate authority; the British government is scanning its citizens devices looking for vulnerabilities in hopes of fixing them; almost 50% of all Mac malware can be traced to a single, security application; Apple apps are sending tons of analytics data to Apple even when analytics are disabled; I answer a listener question (Dear Carey) about the best Mastodon clients, in the wake of the Twitter collapse.
- [Lifehacker] Avoid Using Blue Mailboxes During the Holidays, USPS Warns https://lifehacker.com/avoid-using-blue-mailboxes-during-the-holidays-usps-wa-1849773201
- [The Hacker News] Google to Pay $391 Million Privacy Fine for Secretly Tracking Users’ Location https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html
- [CPO Magazine] Medibank Refuses Ransom Payments, Hackers Leak Stolen Health Data to Dark Web https://www.cpomagazine.com/cyber-security/medibank-refuses-ransom-payments-hackers-leak-stolen-health-data-to-dark-web/
- [BGR] TransUnion data breach compromises financial information of consumers https://bgr.com/tech/transunion-data-breach-compromises-financial-information-of-consumers/
- [USA TODAY] FBI director says TikTok poses national security threat, and he’s ‘extremely concerned’ https://www.usatoday.com/story/tech/2022/11/16/tiktok-poses-national-security-threat-fbi/10709987002/
- [Ars Technica] Lenovo driver goof poses security risk for users of 25 notebook models https://arstechnica.com/information-technology/2022/11/lenovo-patches-secure-boot-vulnerabilities-that-imperil-25-notebook-models/
- [The Washington Post] Mysterious company with government ties plays key internet role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
- [Bleeping Computer] British govt is scanning all Internet devices hosted in UK https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/amp/
- [Tom’s Guide] Almost 50% of macOS malware reportedly comes from single app — delete it now https://www.tomsguide.com/news/new-report-says-nearly-half-of-macos-malware-comes-from-single-app-delete-it-now
- [Gizmodo] Apple Is Tracking You Even When Its Own Privacy Settings Say It’s Not, New Research Says https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558
- Dear Carey: Mastodon clients.
- Best & Worst Gifts for 2022: https://firewallsdontstopdragons.com/best–worst-gifts-2022/
- Privacy & Security Coupons: https://fdsd.me/coupons
- Give thanks and donate! https://firewallsdontstopdragons.com/give-thanks-donate/
- Send me your questions! https://fdsd.me/qna
- Support me! https://fdsd.me/support
- Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
- Check out my book, Firewalls Don’t Stop Dragons: https://firewallsdontstopdragons.com/buy-the-book/
- Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest
- Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
- 0:00:33: 5th edition update
- 0:03:38: QR code scam update
- 0:05:03: Twitter and FTX
- 0:06:07: News rundown
- 0:08:11: USPS says you should avoid blue mailboxes for holiday gifts
- 0:10:48: Google to pay $391M privacy fine to settle suit
- 0:13:05: Medibank refuses to pay ransom, data starts being posted
- 0:17:38: TransUnion data breach
- 0:20:46: FBI directory says TikTok is a national security threat
- 0:23:40: Lenovo UEFI bug found, patch immediately
- 0:27:29: Mysterious company with gov’t ties wants to mint certificates
- 0:39:40: British government to scan internet for vulnerable devices
- 0:44:29: 50% of Mac malware comes from a single app
- 0:47:45: Apple apps track you even with analytics turned off
- 0:54:46: Tip of the Week: Best & Worst Gifts
- 1:06:20: Security & Privacy Coupons
- 1:10:27: Dear Carey: Mastodon client?