inThirty

[If you are not subscribed to short explanations, please sign up. We forwarded the feed from the other podcast for a month.] Show Notes: Don’t re-use passwords across sites How do you even remem

[If you are not subscribed to short explanations, please sign up. We forwarded the feed from the other podcast for a month.] We’ve always recommended password managers. Both Tom and Chaim are us

[If you are not subscribed to short explanations, please sign up. We forwarded the feed from the other podcast for a month.] Anytime you start a new project, your first goal is to have a backup. That&

Welcome to our new podcast. We are a beginner security podcast where we try to explain what is going on in the security world in an easy to understand way. Please join us. In this episode we explain w

This is our last podcast here on inThirty. We are moving to ShortExplanations. We are just letting you know we are moving, and how to follow us. Hopefully really soon (like next week) we will be up an

Tech Portfolio: First: What do you want to communicate and why?Are you trying to get a job?Are you trying to make a repository of knowledge?Are you just playing around?Are you making an archive? GitHu

In a March Madness style game, we use this bracket from TechDirt to discuss misunderstood legal brackets Announcing Techdirts March Madness: Get Your Bracket For The Most Misunderstood Legal Concept

We continue our discussion on how to get a job in security by discussing what you should put on your resume. Dont feel like you cant even apply. We talk about things you can do.

We discuss ways stores, government, individuals, computers track you. What to watch for, and how to protect yourself.

Google decided to take away Gapps legacy for a lot of old members. This rubs us the wrong way. We discuss what can be done, and why you should consider being so reliant on companies that can just take

We recap 2021.

We discuss Log4J https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/ https://github.com/YfryTchsGD/Log4jAttackSurface https://www.minecraft.net/en-us/article/minecraft-java-edi

This is our holiday update on what you should do this year to help your family with their technology.

We talk about how NJ is going to allow you to put your car registration in Apple Wallet. On the surface it looks good, but in reality, why? https://www.nj.com/traffic/2021/11/new-nj-vehicle-registrati

On today’s show we talk about security products you don’t need. https://www.vice.com/en/article/xgxnwk/you-probably-dont-need-a-vpn

On today’s show we cover all the news that literally broke in the last three days:1) Epik Hack: https://threatpost.com/epik-confirms-hack-data/174872/2) Facebook WhistleBlower: https://gizmodo.com/9-h

We cover three stories about potential violations of privacy, but maybe not? https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authoritie

We cover two big news stories: 1) Tmobile lost everyone’s data | https://arstechnica.com/gadgets/2021/08/hackers-who-breached-t-mobile-stole-personal-data-for-49-million-accounts/ 2) Last Week Tonight

We are trying something new. We want to put together a series of videos for those who may want to move into the infosec area. This video is just an overview of simple things you can do. We plan on tal

Today we are talking about the freedom phone. A new phone without “Censorship from Big Tech.” This is a scam, but why? We discuss: https://freedomphones.net/ https://www.aliexpress.com/item/1005001468

The big topic of the week is that if you had a Western Digital MyBook from 2015, there was a bug/exploit that wiped all your data. We talk about the bug, and whose fault it is (WD). Then we finished u

We cover two recent stories on what we call “Good Police Work.” Without breaking encryption, the police find ways to catch criminals. How the FBI Tricked Criminals into Using its Messaging App https:/

We go on a rant about cookies, and the cookie laws. Countries are talking about simplifying the law to create “acceptable cookie levels” in browsers, this means you’ll need to set this for every devic

In this episode we discuss patents. We focus on patent trolls and software patents. https://www.ted.com/talks/drew_curtis_how_i_beat_a_patent_troll/transcript?language=en#t-279192 https://blog.cloudfl

In this episode we discuss the Colonial Gas Pipeline ransomware attack. https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/

Our two main stories is how Signal found a Cellebrite hardware analyzer. Then they say they found a bunch of vulnerabilities https://signal.org/blog/cellebrite-vulnerabilities/

Signal is testing a new payment method that we are not thrilled about. Yes, they want to solve a hard problem, but we don’t think this is it. We end with the Google vs Oracle decision. https://signal.org/blog/update-on-beta-testing-payments/ https://en...

We talk about two significant user leaks that happened recently. Facebook: https://krebsonsecurity.com/2021/04/are-you-one-of-the-533m-people-who-got-facebooked/ Ubiquiti: https://krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-in...

We talk mainly about privacy in today’s show. One thing I’ve been thinking about is literally how do you prove your vaccination status. Seriously! Not just the card, but actual proof

TLDR: Give up on securing email. Its a trashfire and wasn’t design with security in mind. Everything about email from the protocol, to the clients, to the layers and layers of stuff built on top of it isn’t designed with security in mind.

LastPass has decided to start charging for something that was once free. We discuss your options in the free space. Browser based password management is fine, but a third party is better. Bitwarden is free and open source.

Forbes put out an article on how Signal has some weaknesses using the after first unlock theory.TL;DR – Yes, but not limited to signal. Power off your phone if you are worried. https://www.forbes.com/sites/thomasbrewster/2021/02/08/can-the-fbi-can-hack...

Chaim talks about Fitness+ with Casey Liss. How do two non entirely in shape tech nerds feel about Apple’s new offering. TL;DR we like it. Special thanks to Casey Liss | https://www.caseyliss.com/ Casey’s initial Fitness+ Review | https://pca.

There was more news from the WhatsApp privacy fallout that we decided to have another show. As you know, we have moved to signal. If you want an invite, tweet the show, or find one of us. TL;DR, if you are using whatsapp to send cat photos to your fami...

We look at Apple’s new “Nutrition Facts” and try to figure out if they are actually useful (yes, but not really). We discuss the changes with WhatsApp, and where to move to. https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/ https://arst...

We start off on an article done by the BBC saying that Cellebrite has broken the signal encryption. Clearly, that is an issue if true. Turns out Signal quickly responds with an emphatic no, with evidence. Here is the BBC article: https://www.bbc.

We discuss the solarwinds hack: https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/ https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/ https://krebsonsecurity.

We talk about Black Friday and our non shopping. Youtube-DL is back Finally we discuss Microsoft’s productivity score. A tone deaf way to monitor your work.

We promote a socially distant Thanksgiving, but explain some virtual things you do to help friends and family.

On this show we start off with updates to signal, and signal groups. Our main story is the t2 chip unfixable flaw.

What is Open Source?What benefits?What detriments?Licensing?Non-code assets?Creative Commons?

We go back to an early topic on DNS. What is DNS? How it works? What how new secure features of DNS can help you stay private.

Yes, we talked about contact tracing in the past, but we got a request from the WhatsApp group to do it again. https://www.wired.com/story/why-contact-tracing-apps-not-slowed-covid-us/ Problems we discuss: %age of people who would need to install this,...

Virtual School starts up for many next week, and we have ideas on what you can do to help your kids be secure while learning.

This being the week before defcon, we discuss what we expect at the virtual defcon: Teens charged with the twitter hack: https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles-twitter-hack Garmin paid the ransomware for their user...

We try to describe what happened on twitter that lead to the account takeovers: https://www.schneier.com/blog/archives/2020/07/on_the_twitter_.html Cloudflare takes the internet down: https://blog.cloudflare.

Show notes: These are the show notes we wrote before talking about the topic. I tried to take out the inaccuracies, but some may remain. CISC – Complete Instruction Set Computing RISC – Reduced Instruction Set Computing Instructions are the abilities o...

I feel like we discussed this topic before, but yes, we talk about coffee. Since security news is sparse right now, we take a sidebar on a topic that is near and dear to our heart. Zoom adds E2EE for everyone: https://blog.zoom.

We talk about Google’s and Apple’s Contact Tracing endeavors. While I’m okay with it, Tom rips it to shreds, based on the obvious privacy issues and false positives. I know I messed up the intro.

I decided to relearn everything about networking, and got myself a Ubiquiti Dream Machine. I share my experiences. I really do like it. There are a ton of features, I didn’t know I needed. However, there are some quirks,