エピソード

  • EP224.5 Deep Dive - Loose lips sink ships. The IT Privacy and Security Weekly Update for the Week Ending January 7th 2025.
    2025/01/09

    Tech & Security Weekly FAQ: January 7th, 2025

    1. Why is Apple paying $95 million in a lawsuit about Siri?

    Apple is settling a lawsuit alleging Siri "unintentionally" recorded private conversations without user consent. The lawsuit claimed these recordings were shared with third parties and used for targeted advertising. While denying wrongdoing, Apple will compensate affected users up to $20 per Siri-enabled device purchased between September 2014 and December 2024 and delete recordings obtained before October 2019.


    2. What happened to MyGiftCardSupply's customer data?

    MyGiftCardSupply, an online gift card store, exposed hundreds of thousands of customers' identity documents due to a publicly accessible storage server with no password protection. This server contained sensitive information like driver licenses, passports, and selfies taken for KYC compliance, putting customers at risk of identity theft.


    3. Are Chrome extensions safe to use?

    Hackers are increasingly targeting Chrome extensions, including popular VPNs and AI tools, by injecting malicious code through updates. This can compromise user data and accounts. Users are advised to carefully review extension permissions, only install extensions from trusted sources, and be cautious of unexpected updates.


    4. Is Windows 10 still relevant despite the release of Windows 11?

    Despite Microsoft's promotion of Windows 11, Windows 10 remains the dominant desktop OS, holding a 62.7% market share. This is partly due to user reluctance to upgrade and a significant increase in Windows 10 installations in the US. However, support for many Windows 10 versions ends in October 2025, pushing users towards either extended security updates or potential vulnerabilities.


    5. Why is outdated firmware a concern for medical devices?

    The Illumina iSeq 100 DNA sequencer and other medical devices use outdated firmware, leaving them vulnerable to malware attacks. Without security features like Secure Boot, malicious code can hide in the firmware, compromising device integrity and potentially patient safety. This highlights the need for manufacturers to prioritize firmware updates and security protocols in medical equipment.


    6. How are Chinese hackers evolving their tactics?

    Chinese hackers, allegedly linked to the military and intelligence, have shifted from corporate espionage to targeting critical US infrastructure, including water utilities, airports, and energy grids. This suggests preparation for potential geopolitical conflicts, particularly concerning Taiwan, aiming to disrupt US response capabilities. The sophistication and potential impact of these attacks raise serious concerns about escalating cyber-warfare between the two countries.


    7. Why are New Yorkers saying goodbye to the R46 subway cars?

    New York City is retiring its iconic R46 subway cars, known for their unique seating arrangement and nostalgic charm. These trains are being replaced by the modern R211 cars, featuring brighter lighting, enhanced accessibility, and longitudinal seating to optimize passenger flow. While some lament the loss of a cultural symbol, the upgrade promises a more efficient and modern transit experience.


    8. What does Meta's decision to end fact-checking mean for Facebook and Instagram users?

    Meta, the parent company of Facebook and Instagram, is ending its fact-checking program and loosening content moderation policies. Zuckerberg claims this aims to promote free speech, but critics argue it will lead to a surge in misinformation and harmful content. This shift raises concerns about the platforms' role in shaping online discourse and their potential impact on political and social issues.


    続きを読む 一部表示
    18 分
  • Loose Lips Sink Ships. The IT Privacy and Security Weekly Update for the Week Ending January 7th 2025.
    2025/01/08

    Episode 224

    Loose Lips Sink Ships. The IT Privacy and Security Weekly Update for the Week Ending January 7th 2025.

    1/7/2025

    0 Comments

    ​Episode 224- click the pic to hear the podcast - In this week's update: Siri couldn't keep her ear shut, and then her loose lips cost Apple $95M as they learned the lesson: "Privacy isn’t optional."
    Nothing says 'secure' like a password-free server holding 600,000 IDs, turning this gift card gaffe into MyGiftCardSupply's latest disaster.
    Hackers taught Chrome extensions a new trick, making Chrome chaos all about stealing your data, now enhanced with AI flair.
    Windows 10 users are hanging on tighter than your grandma's grip on her landline, epitomizing Windows woes as the OS refuses to fade.
    When your DNA sequencer runs firmware older than your Spotify playlist, this medical equipment drama becomes more science fiction than science.
    Chinese hackers aren’t just stealing blueprints—they’re blueprinting the future of cyberwarfare, potentially marking cyber as the next battleground.
    Be kind to New Yorkers this week, they lose their 50 year old R46 subway cars, where love-seats met New York grit, and gain a congestion charge that is hitting them like a new variant of Covid.
    Zuck says goodbye to fact-checking, ensuring Meta leaves the internet or at least their portion of it, bracing for chaos (again).
    Siri can't hear us if we keep moving. Let's go!

    Find the full transcript for this podcast here.

    続きを読む 一部表示
    19 分
  • EP 223.5 Deep Dive. The IT Privacy and Security Weekly Update for the Week Ending December 31st
    2025/01/02

    IT Privacy and Security Weekly Update FAQ - December 31st, 2024

    1. Why isn't Apple building its own search engine?

    Apple has stated that developing a search engine is "outside of its core expertise" and would require substantial investment and resources. The company also cites the rapidly evolving field of AI as a deterrent, making such a venture "economically risky." Apple currently receives a significant revenue stream from Google for being the default search engine on Apple devices, making the development of their own search engine less appealing.


    2. What's the story behind Raspberry Pi's recent surge in value?

    Raspberry Pi, the maker of affordable single-board computers, saw its valuation exceed $1 billion in December 2024, driven primarily by increased demand in the U.S. market. The company's success is attributed to the versatility and low cost of its computers, which are popular among hobbyists, educators, and professionals. This accessibility has broadened the reach of computing and fueled Raspberry Pi's impressive growth.


    3. How did Chinese hackers breach the U.S. Treasury Department?

    Chinese state-sponsored hackers exploited a vulnerability in a third-party cybersecurity service provider used by the U.S. Treasury Department. By compromising this provider, the hackers gained access to a security key that allowed them to remotely access employee workstations and steal unclassified documents. This incident highlights the increasing sophistication of cyberattacks and the risks associated with reliance on third-party services.


    4. Why are missiles now the biggest threat to airline passengers?

    Accidental missile strikes on commercial aircraft have become the leading cause of aviation deaths in recent years, surpassing terrorism and other threats. This alarming trend is driven by rising global tensions and the increasing availability of advanced antiaircraft weaponry, making civilian flights in or near conflict zones particularly vulnerable. Despite overall advancements in aviation safety, these incidents highlight the unintended consequences of armed conflict on civilian air travel.


    5. Why are so many senior citizens struggling with student loan debt?

    A growing number of older Americans are facing a substantial student loan burden, with collective debt reaching $121 billion. Many seniors took out loans later in life for their own education or to support their children's studies. This debt burden presents a significant financial strain, particularly for those on fixed incomes or facing limited job opportunities in retirement.


    6. What happened with the VW data leak, and what does it mean for EV owners?

    Volkswagen Group suffered a major data breach that exposed the sensitive information of 800,000 electric vehicle owners, including GPS location data, battery statuses, and user habits. The data was left unsecured on Amazon's cloud for several months, potentially allowing tech-savvy individuals to link vehicles to owners' personal information. This incident emphasizes the importance of robust data security measures as vehicles become increasingly connected and reliant on data sharing.


    7. How is Maine's Mountain View Correctional Facility using remote work to help inmates?

    Mountain View Correctional Facility in Maine is offering inmates remote work opportunities with private companies. This program aims to equip inmates with valuable skills and experience, improving their chances of securing employment upon release. Inmates earn competitive wages while working remotely, contributing to restitution, room and board, and developing financial responsibility.


    8. What can we learn from these recent events in IT privacy and security?

    These events underscore the evolving landscape of digital security and privacy. From state-sponsored hacking to data leaks and the increasing vulnerability of air travel, individuals and organizations must remain vigilant and proactive in safeguarding their information and systems.

    続きを読む 一部表示
    18 分
  • The IT Privacy and Security Weekly Update for the Week Ending December 31st., Breaks out of 2024 and into 2025!
    2025/01/01

    EP 223

    For this update, a completely diverse collection of stories starting with Apple dodging the search engine game by insisting that search ads are not Apple's "core" expertise.
    Then another serving of fruit and Raspberry Pi’s billion-dollar boom proving that tiny computers with huge valuations says you don’t need size to make a big impact.
    Chinese hackers demonstrate that it makes "cents" to have the US Treasury's data on their holiday gift list.
    And then for your next security conference, forget peanuts on your flight, now you have to worry about missiles landing on your snack tray.
    Seniors swim in student loan debt while Grandma knits scarves—and tries to figure out how to pay off her 50 year old university degree.
    VW's massive EV data leak reveals that your car is smarter than ever and so are the hackers.
    Then, it's not only the North Koreans who can play at this game, Maine prisoners go remote, landing virtual gigs as legit IT staffers.
    This is a wild update, so let's use it to break out of 2024 and into 2025!

    Find the full transcript to this podcast here.

    続きを読む 一部表示
    16 分
  • EP 222.5 Deep Dive into 'No coal in them Stockings' from the IT Privacy and Security Weekly Update for the Week Ending December 24th., 2024
    2024/12/26

    We go deep into this week's topics and break into the stories covered.

    What's happening with bot detection these days?

    Traditional CAPTCHAs are becoming ineffective as bots are now able to solve them easily. This has led to developers exploring alternative methods like behavior analysis and biometrics, but these come with their own privacy and accessibility concerns. The rise of AI agents further complicates things, requiring platforms to distinguish between helpful and harmful bots.


    Are car companies being hypocritical about data privacy?

    Yes, senators are calling out automakers for opposing "right-to-repair" laws while simultaneously selling customer data. They argue that automakers' cybersecurity concerns are a smokescreen for maintaining control over repair profits, as there's no evidence independent shops mishandle data more than dealerships. This raises questions about consumer rights concerning vehicle repairs and data privacy.


    What's the problem with digital license plates?

    A security researcher has demonstrated that digital license plates can be hacked to display false information, enabling users to evade tolls and tickets or even incriminate others. The vulnerability lies in the hardware and requires replacing the plate's chip to fix it, making it a costly solution. While digital plates offer convenient features, their security flaws present a significant risk.


    How is a GPS tracking company ironically exposing customer data?

    Hapn, a company specializing in GPS tracking, ironically exposed customer names, email addresses, and device serial numbers due to a misconfigured server. This incident highlights the importance of robust cybersecurity measures, especially for companies handling sensitive location data. It serves as a reminder to research a company's security practices before entrusting them with your data.


    Is there a privacy-focused alternative to Alexa or Google Assistant?

    Yes, Home Assistant has launched Voice PE, a voice-controlled device that operates entirely offline, ensuring user privacy. It supports multiple languages, offers customizable wake words, and can integrate with AI models like ChatGPT. While still in development, it offers a promising alternative for those seeking a local, privacy-centric smart home voice control system.


    What is Apple doing about spyware attacks on its users?

    Apple is directing victims of spyware attacks to a nonprofit security lab for assistance. This lab specializes in cybersecurity and provides resources to help victims understand and address spyware threats. This partnership highlights Apple's commitment to user security and privacy and emphasizes the importance of community efforts in tackling cybersecurity challenges.


    Why is Australia changing its cryptography standards?

    Australia is proactively phasing out certain cryptographic algorithms by 2030 to mitigate the threat of future quantum computing attacks. These algorithms, currently widely used, are expected to become vulnerable as quantum computing technology advances.

    What are the latest concerns about SMS-based authentication?

    Federal agencies are warning against using SMS for two-factor authentication due to its vulnerability to interception and phishing attacks. SMS messages are unencrypted, making them susceptible to compromise. Opt for more secure alternatives, like authenticator apps or passkeys, whenever available, to enhance their online security.


    Are there security concerns with global telecommunications networks?

    The Department of Homeland Security has revealed that countries like China, Russia, Iran, and Israel are exploiting weaknesses in the SS7 protocol, which connects global telecom systems, to spy on Americans. Users are encouraged to consider using encrypted communication apps and limiting location tracking to minimize their exposure to such surveillance.

    続きを読む 一部表示
    23 分
  • "No coal in them Stockings" from the IT Privacy and Security Weekly Update for the Week Ending December 24th., 2024
    2024/12/25

    Episode 222

    For our first story Bot Detection Is No Longer Working. CAPTCHAs are now a reverse IQ test—humans fail while bots ace them effortlessly.
    Then senators rip into the automakers: Car makers sell your data but won’t let you fix your car—talk about a two-for-one insult.
    Fancy digital plates? Cool until someone hacks them to dodge tolls—or make you pay theirs.
    A GPS tracker company left customer data exposed, which is a little ironic for a business built on knowing your every move.
    Then a new smart assistant that won’t gossip about you to the cloud. It's still got some rough edges, but we'll take rough over exposed.
    Apple’s sending spyware victims to a nonprofit because even their genius bar needs backup sometimes.
    Australia’s future-proofing by ditching old cryptography—quantum hackers, this puts them way ahead of the elliptic curve!
    From there it's another day, another healthcare hack. This time it’s 5.6 million patients learning about their healthcare provider's poor data hygiene the hard way.
    Still using SMS for 2FA? The feds say it’s a lot like locking your door but leaving the key under the mat.
    The US Department of Homeland Security says global spies are routinely using old and completely insecure SS7 telecom flaws. Maybe you want to rethink that unencrypted text you just sent.
    We filled your stockings with this weeks update, and the best part? Not a single piece of coal in sight! Let's get unwrapping!

    Find the full transcript to this podcast here.

    続きを読む 一部表示
    21 分
  • Episode 221.5 Deep Dive: The IT Privacy and Security Weekly Update closes the door for the Week Ending December 17th., 2024 1
    2024/12/19

    FAQ: IT Privacy and Security Weekly Update (Week Ending December 17th, 2024)

    1. What is the main takeaway from the recent US Telecom breach?

    The breach linked to Chinese hackers highlights the dangers of government backdoors in encryption systems. The 1994 CALEA law, intended to assist law enforcement, created vulnerabilities exploited in this incident. Experts emphasize that backdoors weaken security for everyone and make systems susceptible to both good and bad actors.


    2. What security concerns arose with UnitedHealthcare's Optum AI chatbot?

    Optum's AI chatbot, used internally for managing health insurance claims, was left publicly accessible without a password. Although it didn't contain sensitive health data, its exposure raises concerns about the responsible management of AI, particularly given UnitedHealthcare's alleged use of AI to deny patient claims.


    3. Despite improvements, why should users still be cautious with Microsoft's Recall feature?

    While Microsoft's Recall screen capture tool now includes encryption and sensitive information filtering, tests reveal inconsistencies in its performance. It struggles to identify private data in non-standard formats or situations, potentially leading to unintended exposure of sensitive details.


    4. What is the significance of Meta's recent €251 million fine by the EU?

    The fine stems from a 2018 security breach exposing data of millions of EU users. It underscores the EU's strong enforcement of the GDPR and emphasizes the importance of companies prioritizing data protection. For users, it serves as a reminder that their personal information may not always be secure.


    5. How is the US-China trade conflict impacting the Ukraine war effort?

    China is limiting sales of drone components critical to Ukraine's defense as part of the escalating trade conflict with the US. This move is expected to expand to broader export restrictions, hindering Ukraine's access to vital drone technology.


    6. Why is the EU investing in its own satellite constellation, IRIS²?

    The EU aims to reduce reliance on non-European networks like Starlink by developing IRIS². This sovereign satellite constellation will provide secure internet access across Europe, enhancing strategic autonomy and fostering public-private collaboration in the space sector.


    7. What benefits will Let's Encrypt's new six-day certificates offer?

    The shift to shorter certificate lifespans significantly reduces security risks associated with compromised keys. While this means issuing more certificates, Let's Encrypt's automated systems will ensure a smooth transition for users, resulting in a safer and more secure internet experience.


    8. How is United Airlines using Apple technology to improve its baggage handling?

    United Airlines is integrating Apple's "Share Item Location" feature into its mobile app. Passengers can now share real-time locations of AirTags attached to their luggage, enabling United's customer service team to track and retrieve misplaced baggage more efficiently.

    続きを読む 一部表示
    14 分
  • The IT Privacy and Security Weekly Update closes the Door for the Week Ending December 17th., 2024
    2024/12/17

    Episode 221

    Our first update has an important security lesson, "When you build a backdoor, don’t be surprised when everyone comes walking through it."
    Then a very topical subject when an insurance chatbot is exposed... now you can experience the chatbot denying your claims in real time!
    Microsoft’s Recall feature: capturing sensitive info, even when it promises it won’t—because AI still struggles with “Oops.”
    Then Meta seems to be collecting fines as efficiently as it collects your data.
    China to Ukraine: “No drones for you!”—because trade wars come with flying consequences.
    Europe builds its own Starlink—because relying on Musk for internet isn’t a good long-term plan.
    And now, Six-day certificates! "Keeping secrets for 90 days is so last year."
    Lastly, for the holidays: United Airlines teams up with (Apples) AirTags—because you can’t lose what you can track.
    Let's go rattle some doors!


    For the full transcript to this podcast click here.

    続きを読む 一部表示
    16 分