The IT Privacy and Security Weekly Update. (R. Prescott Stearns Jr.)

This week we start with that face in the mirror and end in an SUV.

In between we have hacks, tracks, and attacks on printers and boom boxes, we get a couple of serious cloud plays, and a whole new malware variant aimed at the medicine men (and women).

Finally, we learn how one spy agency has had to “become more open to stay secret”.

No big boots for this adventure, no loud colors or clashing patterns, just smartly pressed tracksuits, a toned demeanor, and that cloak of anonymity.

Come on let’s roll!

For the full transcript of this podcast go to discuss.daml.com

Episode 167

This week we start with the dollar bill ranking of the top US Universities for earnings potential
We then throw some light on a global disappearing act, first the presenters and then a whole developer conference. This is one you have to hear to believe!

From there, in our third story, it’s a thumbs down for the security that fingerprint reader on your laptop is delivering.
In at four is a new agreement between the US, UK and a dozen countries pitched at making AI safer.
From there it’s hot water, and wait, one martial artist’s company that seems to be soaking in it.
We get a “better late than never” from “Down under” in the fight on cyber crime and finally for our last story, an Internet of Things thing that you’re spending a third of your life on that may be sharing more about you than you want.
This week’s update is all over the place and all over the world, but you get it served up fresh right here!
​Dig in!

Find the full transcript of this week's podcast here.

This week we get breached, we get in your head, we go all over the world and then we get a beat-down by the cat.

The world of brain scanning coupled with AI is already yielding some very interesting results and we take you into the ganglia of the action.

We learn a new stat for a nation-state face-off and frankly, the numbers look a little one-sided.

We discover the EU setting “mew” regulations for nineteen of the major tech players, while Italy invites one company back in through the cat flap from out in the cold.

Finally, a partnership between Apple and Google that we’ve been tracking, and an update for Windows 10 users whose machines might have ended up in the litter box

This is a wonderful mix of stories that make a beeline for the feline. So if you have allergies, grab your antihistamine, and let’s head off!

For the transcript to this week's podcast go to: Discuss.Daml.com

EP206 This week's update takes off from Las Vegas and lands somewhere in Low Earth Orbit.

We have databases of faces and how both a police union and the Dutch Data Protection watchdog think they are a bad idea.
If they have your face, how do you prove you are you?  That's the next challenge and a proposal from OpenAI and Harvard thinks it'll have you covered.  We might have a different opinion.
With elections coming up in the US would you be upset to discover that the code in your voting machine was written and updated by a Russian?  You could not make this stuff up.
The Washington Post tells us why it thinks that Pavel Durov should stay in jail  and some security researchers share how you might bypass TSA security the next time you are at an airport.
Finally we will soon have fifteen thousand reasons for considering not subscribing to one provider's broadband.
The dream police, they live inside of our heads.  Let's check out this week's arresting update. 

Find the transcript to the this pod. here.

Episode 192 This week we go looking for help and discover something else entirely.
We start by being turned away from a London hospital because of something spread by a sick corporate partner.
Then we move onto background checks. Perhaps soon potential employers won’t need to run them, they’ll just look you up on the dark web.
From there Google springs a leak. Honestly, whoever is handling their PR must be having a meltdown over this latest faux pas because it’s a whole database of privacy incidents reported internally that provide a level of transparency no one at Google wants to see through.
Then let’s talk about the new Windows feature that will have you exploring the virtues of Linux even if it was the last thing you thought you would ever do.
They’ve been busy in Ottawa with a new industry proposal to build more back doors. We’ll find out why some are saying that is construction we simply don’t need.
And then there’s that password crack for a US$3 Million stash. How it was cracked and how you can prevent the same thing happening to your US$3 Million stash.
We end on Stack overflow with some help from a friend that’s anything but.
Good help is hard to find, but a great update is right in front of you.  Let’s go!

Find the full transcript for this podcast here.

EP214 

Hacks, Zachs, and Smacks from the IT Privacy and Security Weekly Update for the week ending October 29th., 2024

10/29/2024

0 Comments

EP214 ​This week's update whirls us around the living room for a collection of stories demonstrating that your privacy and security are nothing to be taken for granted.
We start with a report with more troubling news about another robot vacuum cleaner gone rogue.
Then French newspaper Le Monde are the sleuths in unravelling more compromise for our global leaders from a fitness app that's already divulged the wearabouts of secret military bases.
The EU prepares to take a tough stance on insecure software.
We meet the next new secret agent and speculate that it could be a very lucrative new job role.
From there we learn the new numbers for Google's AI generated code and then have an update on a new open source LLM that checks for Zero days in Python code.
Finally we finish with an update from Microsoft's Threat Analysis Center for all those going to vote in the US November 5th.
We circled the floor for this week's collection of updates, and now it's time to clean up!

Find the full transcript to this week's podcast here.

Frequently Asked Questions: Privacy, Security, and the State of Tech (Early 2025)

1. What is "SparkCat" and why is it significant?

SparkCat is malware discovered hiding in both the Apple App Store and Google Play. It uses optical character recognition (OCR) to scan users' photo galleries for cryptocurrency wallet recovery phrases and uploads them to attacker-controlled servers. Over 242,000 Android users downloaded infected apps. It highlights the evolving sophistication of malware and the need for increased vigilance, even with apps from reputable sources.

2. What is the UK government asking Apple to do, and what are the potential implications?

The UK government has reportedly ordered Apple to create a backdoor allowing access to encrypted cloud backups of users worldwide, through a technical capability notice under the Investigatory Powers Act. Apple is likely to discontinue its encrypted storage service in the UK rather than compromise user security globally. If Apple complies, it could set a dangerous precedent for other governments to demand similar access, undermining encryption and weakening security for everyone.

3. What is the story about the man trying to buy a landfill, and what does it illustrate?

A man is trying to buy a landfill to search for a hard drive containing his lost Bitcoin fortune. While seemingly absurd, it illustrates the very real consequences of poor digital asset management and data security. It highlights the permanence (and potential inaccessibility) of digital assets and the lengths people will go to recover them, even resorting to extreme measures.

4. Why is the US considering banning the DeepSeek AI app?

The US is considering banning the Chinese AI app DeepSeek due to concerns that it collects data for a foreign government (China). The app pumps data to China Mobile unencrypted, and there are close ties between the company and the Chinese military. This aligns with the US government's broader concerns about foreign-owned apps, especially those from China, posing national security risks due to data privacy and potential surveillance.

5. What is the massive brute-force attack targeting VPNs, and how can organizations protect themselves?

A large-scale brute-force attack is targeting VPN devices from companies like Palo Alto Networks, Ivanti, and SonicWall, utilizing nearly 2.8 million IP addresses. Attackers are attempting to guess usernames and passwords to gain unauthorized access. To protect edge devices, organizations should change default admin passwords to strong, unique ones, enforce multi-factor authentication (MFA), use allowlists of trusted IPs, and disable web admin interfaces if they are not needed, and also ensure VPN software is fully up to date.

6. Why is Google's removal of its pledge not to build AI for weapons or surveillance significant?

Google's removal of its pledge not to build AI for weapons or surveillance is a concerning development. It suggests a shift in the company's ethical stance and a willingness to potentially engage in activities that could have negative consequences for human rights and global security. It raises questions about the future direction of AI development and the role of tech companies in shaping its use.

7. What is "enshittification" and how does it relate to current tech trends?

"Enshittification" refers to the gradual decline of online services as they prioritize profits over user experience. This process involves platforms initially offering value to users, then shifting focus to business customers, and finally exploiting both for maximum profit. Examples include Twitter restricting API access, Facebook prioritizing sponsored content, smart TVs becoming data-hungry ad machines, and Google Assistant's diminishing functionality. It reflects a broader trend of tech companies sacrificing user experience for financial gain.

Episode 182
This week we take you from credential stuffing to whistle-blowing by way of a bolted horse.
We start with the compromise of your beloved Roku account and no more vivid a lesson on the value of unique passwords.
From there it’s on to closing the barn doors after the horse has bolted with the US’ new report on controls for AI.
Airbnb takes you off camera for your next rental while the EU seems to have gotten caught in their own GDPR trap.
Signal’s new username feature is available now and it takes the application to new heights of privacy and security that no other messaging app comes close to.
Finally we end with the story of a Boeing whistle-blower doffed shortly before he was to give his deposition and how sad Boeing are.
Like a bolted horse, this update is fast and frenetic yet we think you’ll be glad you came along for the ride!

Find the full transcript here.

Episode  224

Loose Lips Sink Ships.  The IT Privacy and Security Weekly Update for the Week Ending January 7th 2025.

1/7/2025

0 Comments

​Episode  224- click the pic to hear the podcast - In this week's update:  Siri couldn't keep her ear shut, and then her loose lips cost Apple $95M as they learned the lesson: "Privacy isn’t optional."
Nothing says 'secure' like a password-free server holding 600,000 IDs, turning this gift card gaffe into MyGiftCardSupply's latest disaster.
Hackers taught Chrome extensions a new trick, making Chrome chaos all about stealing your data, now enhanced with AI flair.
Windows 10 users are hanging on tighter than your grandma's grip on her landline, epitomizing Windows woes as the OS refuses to fade.
When your DNA sequencer runs firmware older than your Spotify playlist, this medical equipment drama becomes more science fiction than science.
Chinese hackers aren’t just stealing blueprints—they’re blueprinting the future of cyberwarfare, potentially marking cyber as the next battleground.
Be kind to New Yorkers this week, they lose their 50 year old R46 subway cars, where love-seats met New York grit, and gain a congestion charge that is hitting them like a new variant of Covid.
Zuck says goodbye to fact-checking, ensuring Meta leaves the internet or at least their portion of it, bracing for chaos (again).
Siri can't hear us if we keep moving.  Let's go!

Find the full transcript for this podcast here.

Episode 173

This week we need some space, man.

We start with phones and cellphone towers in low Earth orbit, then we move on to one of the most intriguing iPhone compromises we’ve ever heard andwe have heard plenty. Who is behind this one? That’s for you to decide.
From there we learn about a Mandiant account hijack (wait aren’t they one of the most elite security companies? Weren’t they the second most expensive company that Google ever purchased?)
Then we have a section of the update for slow learners, and we promise it’s not this audience!
Then it's: “why we need to patch our Windows machines” before a story about catching a pest that finds a new home every Sunday.
We end with an update that is good enough to be out of the Jetsons.
This is the best IT Privacy and Security Update so far this year! We love it and we know you will too!

We start with another case of house arrest and end up where? Having our DNA broadcast to Martians (and we don’t mean those who have saved a hundred grand to fly with Elon).

In between, we have our moods checked by AI, we, along with 2999 others, end up with tummy aches, we take apart a high-end piece of Russian drone technology and we get a court decision on data scraping that could have repercussions across the world.

This is house arrest, in the best IT Privacy and Security update yet, come but wear your Sunday best!

For a full transcript of this podcast head to discuss.daml.com

This week is at least our 100th show and to celebrate, we start in the underwear drawer and end up on the floor in one of the cutest stories about the effects of honey that we have ever seen.

We learn about a new hack that reveals the deep secrets of Dishy McFlatFace, and why Zoom took you out for your first meeting with your boss yesterday.

There’s an announcement about Amazon’s new comedy show made from Ring doorbell clips, yet nothing about what happened to all the compromising recordings Alexa made of you over the last few years.

We have bans on video players, chips, and even a whole smart city.

Finally, we get to the root of rooting the combine-harvester you’ve had sitting out in the barn for the last two seasons because you could not drive it to the service center.

No stone is left unturned, no seed left unplanted, no crop left un-rotated and no mind left unfertilized, with this week’s harvest of stories.

So grab your pitchfork and follow us!

For a full transcript of this podcast go to Discuss.Daml.com

EP 223

For this update, a completely diverse collection of stories starting with Apple dodging the search engine game by insisting that search ads are not Apple's "core" expertise.
Then another serving of fruit and Raspberry Pi’s billion-dollar boom proving that tiny computers with huge valuations says you don’t need size to make a big impact.
Chinese hackers demonstrate that it makes "cents" to have the US Treasury's data on their holiday gift list.
And then for your next security conference, forget peanuts on your flight, now you have to worry about missiles landing on your snack tray.
Seniors swim in student loan debt while Grandma knits scarves—and tries to figure out how to pay off her 50 year old university degree.
VW's massive EV data leak reveals that your car is smarter than ever and so are the hackers.
Then, it's not only the North Koreans who can play at this game, Maine prisoners go remote, landing virtual gigs as legit IT staffers.
This is a wild update, so let's use it to break out  of 2024 and into 2025!

Find the full transcript to this podcast here.

  Episode 198

This week we start with a road trip in Cali to the library... and something about that drive that everyone seems to be missing.
Next we travel from the depths of the oceans back into low Earth orbit and why the EU datacenters in space research might just have something to plug into.
Then we go overdue when we check the card catalogue for AI and discover poor security.
There’s a new update in town and it’s got 10 billion entries. We tell you why you’ll hope your details are not in that list.
We have the latest on Microsoft’s entirely hackable “recall”, Google’s version and now Motorola’s variant.
Z-Library loses it’s top two staffers somewhere in Argentina.
And we end in the reference section with a new website that aims to give you objective news.
It’s all here at the library and for this week’s update you won’t even need a card! Let’s go!

Find the full transcript for this podcast here.

We start with exactly what happened to your 2022 fridge calendar and end in wet cat food.

In between, we get frauded, threatened, discharged, breached, dropped, and schooled.

Before you call us on what?

For the last pod of 2021, we’ve got you covered with what’s trending in IT Privacy and Security way into 2022.

We may stroll out of 2021, but we hit 2022 in a full sprint!

Find the full transcript of this podcast at discuss.daml.com

With the holidays over.
And the parties behind,
It’s time for the diets,
And the mid-Winter grind.
From the treadmills and gym,
And the yoga at home,
Resolutions to reach out,
To those all alone.
Just make us a promise,
This one you can own,
Call us on anything
but your kid’s Fisher-Price phone!

Cash Cows and the IT Privacy and Security Weekly Update for the week ending August 27th 2024

8/27/2024

0 Comments

Episode 205The cash cow is in your house and you sit staring at it.
How did it get in? We’ll give you the latest on cloned RFID cards that will let you into almost any door using them.
Google gets shady with its collection practices and ends up back in court.
The FBI receives an order to clean house from the Dept. of Justice Inspector General.
Uber gets spanked in the Netherlands for sending private data across the world
And finally the Russian Army looks dazed and confused as their main form of communication gets locked away.

We may be in the dog days of Summer, but all we’re seeing are cows!

Find the full transcript for this podcast here.

From Rosie the Robot to atomic restores… we’ve got you covered.

This week we walk out of the UK with Signal and break into our bank with something that’s not even ours.

We have good news for those on the witness protection program and a stupid update from LastPass.

We discover that the EU and Canada are packing up to leave the TikTok party and we visit LinkedIn as an attack vector.

We finish as all secure updates should, with an analogy that’s “da bomb”.

Like most things in life, you’ve got to test it out to be sure. So don your goggles, grab your procedures clipboard, and let’s get over to the testing site!

Find the full transcript of this podcast at Discuss.Daml.com

Tech & Privacy FAQ - Week of January 14th, 2025

1. What's this new job referral "side hustle" all about?

Some tech workers are making up to $30,000 by referring strangers for job openings. They connect with job seekers through platforms like Blind and Glassdoor, and sometimes use services like Refer Me and Refermarket to facilitate these referrals, even charging a fee. While referrals can improve hiring odds, this trend raises questions about authenticity and potential abuse.

2. Why is the Texas Attorney General cracking down on data privacy?

Texas AG Ken Paxton is taking a strong stance on data privacy. He's issued warnings to companies like Sirius XM and apps like MyRadar for allegedly sharing user data without consent. He's also suing Allstate for secretly collecting driver data via cellphone apps and car manufacturers to raise premiums. Texas seeks restitution for consumers, damages, and hefty fines.

3. The EU fined itself for a GDPR violation? Seriously?

Yes! The EU General Court fined the European Commission €400 for transferring a citizen's IP address to Meta in the US without proper safeguards. While a small fine, it sets a precedent and shows the EU's commitment to enforcing GDPR, even on its own institutions.

4. Is my data at risk from quantum computers?

Experts warn that quantum computers, still in their early stages, could eventually crack current encryption methods. While not an immediate threat, it's wise to start researching "quantum-resistant" solutions to safeguard your data in the future.

5. How are hackers using AWS to hold data hostage?

A ransomware group called Codefinger is exploiting stolen AWS keys to encrypt data in S3 buckets using AWS's own encryption. They then demand a ransom and set a timer to delete the data within a week. This highlights the need for strong IAM policies and regular key audits on AWS.

6. What are the latest trends in cyberattacks?

Cybercriminals are shifting from email-based malware to browser-based attacks like drive-by downloads and malicious ads. Compromised credentials are a growing problem, often obtained cheaply from fraud marketplaces. Staying updated with software, using ad blockers, and being cautious online are crucial.

7. What's the T3 Financial Crime Unit doing about crypto crime?

The T3 FCU, a collaboration between TRON, Tether, and TRM Labs, is actively combating crypto-related crime. They recently froze over $100 million in illicit assets across five continents. This highlights the importance of public-private partnerships in blockchain security.

8. Who was behind the massive WazirX crypto hack?

The US, South Korea, and Japan have jointly confirmed that North Korea's Lazarus Group orchestrated the $235 million WazirX hack. This incident reinforces the need for strong security measures within the cryptocurrency ecosystem and emphasizes the threat posed by state-sponsored hacking groups.

Welcome to year 4 and The IT Privacy and Security Weekly update Buzz for the week ending January 3rd., 2023

This week we go from cookies and keys to bees.

We have stories that fly from hardware to… hard-to-secure and even one for the… hard of hearing.

Then there’s the latest hive of activity directed at a particular group of foreign exchange students, along with who’s been stung by more privacy fines.

2023 makes a beeline right out of the gate, and we don’t mean to wax lyrical but the stories flow like nectar.

So grab your Tyvek suit, your veil, and let’s join the swarm!

For a full transcript of this podcast go to discuss.daml.com

We start this week as a dot on a race track and end as a dot on the horizon as we go from privacy to no privacy at all, but … we think you will forgive us.

In between the start and finish lines are the hairpin turns of the Tokyo Olympics, an underwater primer on Submarine cabling, a vault skyward with British Airways, a VR story that needs a restart, a bit of ransomware, and enough car stories to satisfy any gearhead.

We say, "Drivers start your engines, get set and let’s “go” for the best IT Privacy and Security weekly update …ever!!! "

Find the full transcript for this pod at discuss.daml.com

How are you feeling today?  Good, we hope! 

We are starting this week’s update with healthcare and ending with an insurance story in a journey that blows right past the doctors’ office.

In between buildings, your coveted iPhone 12 gets a lesson in how to improve battery life and then gets hacked.

We have great gossip about the Gab hack and one more amazing story about SolarWinds that will raise your heart rate and make you blush.

This really is the best IT Privacy and Security Weekly Update ever, so limber up with a couple of toe touches, chug those vitamins and let’s get that Zimmer frame going!

Find the full transcript of this podcast at discuss.daml.com

We start this week’s update in Wyoming and end in the empty arms of the lovelorn.

As we go rolling about between those two endpoints we chance upon gammy QR codes, supercomputers, schoolkids, high anxiety, and a couple of phone apps you won’t want to be installing this season.

So let’s jump into the overalls, don our builder’s boots, and put on those safety glasses, as we deconstruct this weeks’, and might we add, the best IT privacy and Security Weekly Update yet!

For a full transcript of this podcast go to Discuss.Daml.Com

This week we start our podcasts’ one-year anniversary edition with the sweet sound of violins lilting across the Tuscan hillsides and end in New Jersey to the sounds of barking dogs.

Ah, but between those two audible notes, we travel to Spain, France, Ireland, and the UK before moving on to Thailand and circling across to Russia and the US.

Get your vaccine certificates out, your passports in hand, your RayBans ready, and put your dog on a leash because this is one anniversary bash that you are not going to want to miss.

OK, on your marks, get set! Got the dog? Let’s Par-tay!

For a full transcript of this podcast go to discuss.daml.com

Before we start this week’s update it’s important to acknowledge what is going on in the world around us. There is a physical war involving the attack on Ukraine where the courage and the stamina of the people have engendered new levels of respect and awe, and there is a cyberwar.

Both at the direction of one individual.

Every single inhabitant on this planet will pay for his decision. Some will lose their homes, others their retirement savings, some will pay more for food and fuel, and some will pay the ultimate sacrifice.

Where ever you are in the world, if you can help, please do help.

In the best IT Privacy and Security Weekly Update yet we start by covering current events, before lifting the lid on your home router, going underground (literally), and then finishing high above the Earth.

Let’s start our journey.

Find the full transcript to this podcast at discuss.daml.com

Episode 176
This week the update gets dialed in:  First via a new spy tool called Patternz then via a photo contest where we share who rates what in the race at the top.
From there we have an update on the “Mother of all breaches”  a newly surfaced collection of over 26 Billion records for you to wonder if you are part of.

It’s onto the the US’ efforts to thwart Chinese hacking within critical US infrastructure before we read  a letter from a US senator to the NSA asking why they are buying up phone data on US Citizens.
Then there is an update about Chat GPT placing random private conversations (including PII) in one users conversation list.
Britain gives us a timeline for the development of AI ransomware and Russia goes dark.  

This week’s update might have you reminiscing about the physical security of an old payphone, but we’ll  get you reconnected.

Find the full transcript to this week's podcast here.

In this week’s adventure, we go from Open Source to Open Dish and the perils each face.

In between those open ends, we have Kiteworks, bagpipes, Teslas, cakeism, the new Spoof league tables, and perhaps a bit of evidence that “the Great Resignation” of 2021 is also affecting the dark web.

Join us as we don our kilts, sporrans, Ghillie brogues, tuck our  Sgian Dubhs into our socks, and hit the highlands in the most “Barry” IT Privacy and Security adventure yet!!

Go to discuss.daml.com for the full transcript of this podcast 

That’s it for this week. We will leave you with 7 days of quiet while we try to figure out how to tune a bagpipe.

Be kind, stay safe, stay secure, play with confidence. See you in se7en!

From the blustery cold volcanic slopes of Iceland to the Freeze you put on Equifax, this week’s update may drop local temps. by several degrees.

We apply the heat by moving through downed satellite relays, Vodka DDoS attacks, and the weaponization of Windows event logs.

From there we discover the newest US surveillance agency and the latest arms race. Finally, there is the gravitational pull toward the privacy of outer space, and even that is coming into sharper focus.

Throw on that jacket, grab a scarf, and let’s prep for a sudden chill with the latest (and greatest) IT Privacy and Security Weekly Update adventure!

Find the full transcript for this week's podcast at Discuss.Daml.com

Tech & Security Weekly FAQ: January 7th, 2025

1. Why is Apple paying $95 million in a lawsuit about Siri?

Apple is settling a lawsuit alleging Siri "unintentionally" recorded private conversations without user consent. The lawsuit claimed these recordings were shared with third parties and used for targeted advertising. While denying wrongdoing, Apple will compensate affected users up to $20 per Siri-enabled device purchased between September 2014 and December 2024 and delete recordings obtained before October 2019.

2. What happened to MyGiftCardSupply's customer data?

MyGiftCardSupply, an online gift card store, exposed hundreds of thousands of customers' identity documents due to a publicly accessible storage server with no password protection. This server contained sensitive information like driver licenses, passports, and selfies taken for KYC compliance, putting customers at risk of identity theft.

3. Are Chrome extensions safe to use?

Hackers are increasingly targeting Chrome extensions, including popular VPNs and AI tools, by injecting malicious code through updates. This can compromise user data and accounts. Users are advised to carefully review extension permissions, only install extensions from trusted sources, and be cautious of unexpected updates.

4. Is Windows 10 still relevant despite the release of Windows 11?

Despite Microsoft's promotion of Windows 11, Windows 10 remains the dominant desktop OS, holding a 62.7% market share. This is partly due to user reluctance to upgrade and a significant increase in Windows 10 installations in the US. However, support for many Windows 10 versions ends in October 2025, pushing users towards either extended security updates or potential vulnerabilities.

5. Why is outdated firmware a concern for medical devices?

The Illumina iSeq 100 DNA sequencer and other medical devices use outdated firmware, leaving them vulnerable to malware attacks. Without security features like Secure Boot, malicious code can hide in the firmware, compromising device integrity and potentially patient safety. This highlights the need for manufacturers to prioritize firmware updates and security protocols in medical equipment.

6. How are Chinese hackers evolving their tactics?

Chinese hackers, allegedly linked to the military and intelligence, have shifted from corporate espionage to targeting critical US infrastructure, including water utilities, airports, and energy grids. This suggests preparation for potential geopolitical conflicts, particularly concerning Taiwan, aiming to disrupt US response capabilities. The sophistication and potential impact of these attacks raise serious concerns about escalating cyber-warfare between the two countries.

7. Why are New Yorkers saying goodbye to the R46 subway cars?

New York City is retiring its iconic R46 subway cars, known for their unique seating arrangement and nostalgic charm. These trains are being replaced by the modern R211 cars, featuring brighter lighting, enhanced accessibility, and longitudinal seating to optimize passenger flow. While some lament the loss of a cultural symbol, the upgrade promises a more efficient and modern transit experience.

8. What does Meta's decision to end fact-checking mean for Facebook and Instagram users?

Meta, the parent company of Facebook and Instagram, is ending its fact-checking program and loosening content moderation policies. Zuckerberg claims this aims to promote free speech, but critics argue it will lead to a surge in misinformation and harmful content. This shift raises concerns about the platforms' role in shaping online discourse and their potential impact on political and social issues.

Episode 216

In this week's update we move from alarming outfits to stormy data sharing.
We start with retailers are eyeing thread-thin tech to tackle shoplifting and then move to Cyber-criminals stealing private data by pretending to be the police.
Then that iPhone the police took off you when your paid for shirt set off the alarm... well suddenly rebooted. 
Then Apple again dreams up a plan that could make lost luggage a thing of the past.
From there, an update from the Feds as they suggest staff be as brief as possible on your next phone call.
Next one library has lending rights withdrawn and we wait for the echo effect as it hits other libraries making books available online.
And finally IBM takes a hit as they are again dragged to court over the Weather Channel's data sharing.
We always have the latest, freshest, IT privacy, and security updates for you.  Come on!  Let's set off some alarms!

Find the full transcript for this podcast here.

Episode 164

This week we let you know why you feel so great after staying up all night with us.
For our second story, we move into one of the world’s most prestigious resorts only to get no sleep because of its leaks.
Our third update covers the blackout of about 31% of the Australian mobile market.
In at number four is the nightmare of just how easily a study found it to be to obtain Sensitive Personally Identifiable Information (SPII) on the US Military.
​

At five news updates on Apple: malware, Macbreaks and Massive tracking devices.
Then we move onto the screen actors guild staying very much awake on the point of not releasing the rights to an actors likeness in perpetuity.
Finally we close out with a story that allows no shut eye: the intense appetite to string all camera feeds together that started in one town and has caught on like a rash.
This week we’re chasing the sun with a collection of global stories that ensure there will always be sunshine on this update! Let’s go!

Find the full transcript to this weeks' podcast here.

1. What happened with Elon Musk's DOGE (.gov) website, and why is it significant?

DOGE's official website, doge.gov, suffered a significant security breach due to a glaring vulnerability. The site's database was accessible and editable by the public because it was built on Cloudflare Pages instead of secure government servers. This allowed unauthorized individuals to modify content, highlighting a lack of stringent cybersecurity measures in government websites managed by DOGE. It demonstrates a lapse in basic security practices and raises concerns about the overall security and professionalism of government websites.

2. What are the risks associated with employees sharing data with generative AI chatbots like ChatGPT, and what are companies doing about it?

A substantial percentage (8.5%) of employee interactions with generative AI tools involve sensitive data, such as customer information (billing details, insurance claims, etc.). This raises significant security, compliance, privacy, and legal concerns for organizations. Sharing sensitive data with AI tools can lead to data breaches and leaks. Some companies, like Samsung, have prohibited the use of generative AI systems to prevent the inadvertent upload of confidential company information to external servers. The increasing integration of AI into workplace tools necessitates a reevaluation of data security protocols.

3. Why was DeepSeek, the Chinese AI chatbot, removed from South Korean app stores?

DeepSeek was removed from South Korean app stores due to privacy concerns identified by the Personal Information Protection Commission (PIPC). The PIPC found that DeepSeek lacked transparency about sharing user data with third parties and potentially collected excessive personal information. The app's data practices might violate local privacy laws. Similar actions have been taken in other countries and regions, indicating a global concern over DeepSeek's data handling.

4. Who are "Salt Typhoon," and what are they doing?

Salt Typhoon is a Chinese hacking group that continues to infiltrate global telecommunications networks despite U.S. sanctions. They exploit vulnerabilities in Cisco routers and switches to gain unauthorized access to sensitive data. They have breached telecom companies, internet service providers, and universities across multiple countries, including the U.S. Their targets are often entities involved in advanced research in telecommunications, engineering, and technology.

5. How can individuals protect themselves from cyber espionage activities like those carried out by Salt Typhoon?

Individuals can protect themselves by regularly updating the security patches on their personal devices, especially routers and switches. It is also recommended to use end-to-end encrypted messaging apps like Signal or Session for secure communication.

6. What is the German Cartel Office's concern regarding Apple's App Tracking Transparency (ATT) feature?

The German Federal Cartel Office is investigating whether Apple's ATT feature constitutes an abuse of power. The concern is that Apple's privacy policies may inadvertently give it a competitive advantage over other companies reliant on advertising tracking.

7. What is PIN AI, and what does its new mobile app do?

PIN AI is a company that has launched a mobile app allowing users to create their own personalized, private AI model directly on their smartphone. The AI models created are powered by DeepSeek or Llama.

8. How is AI impacting the IT job market, and what can IT professionals do to adapt?

AI is having a significant impact on the IT job market, with IT unemployment rising to 5.7% in January, surpassing the overall jobless rate. Major companies are implementing layoffs linked to cost-cutting measures and a growing reliance on AI technologies. To adapt, IT professionals need to retrain and stay at the cutting edge of technology.

EP208

Last month NIST finalized their selection of three algos for post-quant Cryptography and already we have two major players announcing they will be updating their encryption algos.
Larry Ellison infamous as the Oracle CEO, now CTO, tells us why he thinks we should be on our best behavior for AI.
Oh, and that Citigroup dev job you were applying for.... you didn't get the job, but you did pick up something else.
Facebook comes clean on the fact that it has scraped every Ozzie's face.
23andMe won't admit they did anything wrong, but if you were a customer involved in this particular lawsuit you are going to get a cash payment within 10 days of court approval.
And we finish with why you have to start thinking of your TV as a door.
We may be pre-quant now, but this weeks' IT Privacy and Security Weekly update is first to the post-!

Find the full transcript to this weeks' podcast here.

What better way to get to grips with IT Privacy and Security topics than with a discussion. In this episode, we break out the issues and topics covered in Tuesday's update.

In perhaps our juiciest update yet we sink our taste buds into this week’s Holiday cornucopia of flavors.

From the North Pole to the South, but mostly in the US, we have a great new way for Santa to check on the condition of his elves, lots of coal to deliver, and one city that might not even make the delivery logistics planning list this year.

In the US the Feds are regaling hackers with copious quantities of gifts this year, while the UK goes full Green, Grinching on those nice people who share their Netflix account details with half the neighborhood.

Michael Dell and crew whip up the closest thing to a Lego snap-together endpoint we’ve ever heard of but stop short of sharing the tech so that everything that breaks could be mended as easily.

And finally, we suggest that the Missing Cryptoqueen might have had plastic surgery and be working with S Claus. How else would he be financing gifting for 8 billion of us globally?

This week’s Update may raise more questions than it answers, and sometimes it works that way. Grab those snowshoes, let’s go Arctic* and get to the bottom of what’s going on up top!

*Backstory: ‘Arctic’ comes from the Greek word ‘arktos’, meaning ‘bear’ – the northern polar region is the sacred land of the polar bear.

For the full Transcript of this week's podcast please go to Discuss.Daml.com

We start this week tunefully with a story we missed out of the Pwn2Own challenge that will have you headbanging in the aisles before fulfilling a request for more oil for r2D2.

In between, we learn why bragging could end up getting you poorly fed, why popular programming languages could be bad for IoT devices, why you can’t really complain if you see giant cutouts of boats in the desert and we wonder if you can help us find Intel another boxing coach.

We end with mice, scorpions, and robots in a trilogy that could have the animal rights league chasing our tails.

All that aside, this really is the most superb IT Privacy and Security Weekly Update yet, so let’s get “Thunderstruck” with George, Jane, daughter Judy, and their boy Elroy!

Find the full transcript of this podcast at discuss.daml.com

If the single most important component of a camera is the twelve inches behind it and the “camera is a license to explore” then let’s hit the motor drive because we’ve got a lot of scenery to cover!

We start with an appetite so large for taking pictures that consumer interest groups are now asking for receipts. We move on to dadada and password reuse, the inflationary pressure on phishing, and a suggestion that T-mobile might want to be a bit more polished in their breach news releases.

We end up with a demonstration of a solid backup and recovery process and a kid who is going back to church with his camera.

You’re going to love this week’s IT Privacy and Security update … frame, by frame!

"We start with a story about reinvention:
There’s been a lot of press lately about Ransomware as a Service (RaaS) groups disappearing.
The truth is, when you make as much money as they do, it’s hard to just walk away.
So here are this weeks RaaS Renames:

• Darkside has become BlackMatter
• DoppelPaymer is now known as Grief and
• Avaddon shall henceforth be known as Haron

How do we know? Much of the signature software in use by the new gangs is bit-for-bit the same as was used by their earlier alias."...

Find this week's full transcript at Discuss.daml.com

This week you might be forgiven for laughing at some of the coverage until you realize how close it hits to home.

We start with an issue reported back in 2020 that got no response, but could be set to beat the third-largest fine issued so far under GDPR (both to the same company), and end with something done in the name of security so curious, you’ll have to decide what to call it.

From there we pull the covers off a TikTok-related scam that gets its hands on something more tangible than an #invisiblefilter and a popular new app that has unseated TikTok as the most downloaded where it is available.

We have an update on Amazon from the most unlikely of sources, a slap in the chops for Microsoft, and the kneecapping that Apple gave the protesters in China recently.

Some of this week’s update is just really dumb and we are not making excuses. Grab a pipe wrench, and some hot water, and let’s try to figure it out.

For a full transcript of this podcast please go to Discuss.Daml.com

Tom Jones sings the Burt Bacharach classic, as a tip off to our first story as we move from sunspot, Sunburst, Teardrop onto "Raindrop".

From there we go X-rated before hurtling into the Good and the Ugly.

Finally we end in outer space were one institute is even starting to realize that Cybersecurity has its place in space too!

This is the best Privacy and Security update yet, so put on your rain macs, buckle up and away we go!!!

This week we start with your dear Gran.  When’s the last time you called her to see how she was doing?
​After our first update we hope that call will happen within the next day or two.

 From there we move to a model corporate citizen in CloudFlare and discover further repercussion from last year’s Okta Breach and a remote desktop solution that could almost use their breech as a PR exercise.
We are reminded that everyone on that Zoom call might not be as they seem, and find a glorious dip in ransomware payouts that hopefully indicate the new direction of ransomware attacks.
Then... we go dark with a report that has probably crossed all of our minds since the Covid-19 outbreak.
We get some good news for the environment from some joint work between MIT and IBM and we end with what some would call a regulatory imbalance.
From empathy to entropy and back again this week’s update gets the balance right.

For the full transcript to this week's podcast click here.

After what some may have found a nerve wracking week across the globe awaiting the results of the US elections (absolutely validating the value of immutable transactions) the dust is settling a little bit. While US authorities pat themselves on the back, we look into just how precarious some of the security surrounding voting was, from hacking voter data websites to breaking into ballot boxes, you may come away a little shaken.

We have a story of how the father of the Internet wants to bring privacy back, the results from both the Pwn2Own and the Tianfu Cup and an early Black Friday sale that could land you behind bars.

*Finally we end with a story that might put a little more sting in your Campari and soda. *

This is the best round up yet! We hope you enjoy this week’s privacy and security update.

EP219

For this update, yes we are up again.  We start off on terra firma, but we definitely end up in the clouds.
A double whammy from the FTC who just put the brakes on companies selling your location data—because privacy should come first, (even if you’re just visiting a coffee shop.) and then suddenly notices that your smart devices might not be as 'smart' as you thought—especially when it comes to knowing how long they'll get updates.
The UK's cybersecurity chief warns: we're underestimating the cyber threats, and warns the UK citizenry it's time to brace for a bigger digital storm.
Facial recognition at airports: convenient or a privacy nightmare? It's spreading across the US like wildfire so senators are calling for a closer look before it becomes mandatory.
Australia just became the first country to ban kids under 16 from social media—marking... a huge step towards giving kids their childhoods back again.
A crypto privacy win! Tornado Cash sanctions get overturned, sparking debate on how the government should regulate tech.
Then up we go, with Earth’s orbit getting crowded, experts are calling for global cooperation to prevent space from becoming the next traffic jam (or junk yard).
Space might be the final frontier, but hackers are already eyeing it—leading experts to warn of rising cybersecurity risks for satellites and spacecraft.
Come on, let's chase the horizon!

Find the full transcript of this podcast here.

This week we start with a uniquely Canadian turn of events that has absolutely nothing whatsoever to do with privacy or security but was essential nonetheless, and end up chasing the cat around the office.

In between we find out why the C-suite of gaming companies are themselves becoming targets, a newly developing jab / job relationship, just what the new MacOS update stops, what’s behind the Linux fracas, some stats on ransomware and then... what’s going on with Reverb.

It’s loud, it’s raucous and it’s just getting started, so turn on the noise cancelling, turn up the volume and let’s get going!

Find the full transcript of this podcast at Discuss.daml.com

EP 234

For the other 50%.  The IT Privacy and Security Weekly Update for the Week Ending March 18th., 2025

3/18/2025

0 Comments

EP 234
- click the pic to hear the podcast -For our first story, Apparently there’s a 50% chance your password is headlining a hacker convention.  Perhaps it's time to change up from ‘123456' (still the most commonly used password).
Starting On March 28, Everything You Say To Your Echo Will Be Sent To Amazon.  Alexa’s new motto: ‘Anything you say can and will be used—to personalize your shopping cart, and we mean potentially anything!’
The end of Windows 10 Leaves PC Charities With Tough Choice:  Risk Windows 10, embrace Linux, or send Grandma’s old PC straight to the tech graveyard?
Then Microsoft flags a new threat draining crypto from top wallets.  Meet StilachiRAT, the malware so enthusiastic about your crypto it’ll snatch it faster than you can configure your wallet software!
Chinese Hackers Sat Undetected in a small Massachusetts power utility for months.  Who knew a cozy little power company could double as the perfect 300-day Airbnb for homeless cyber-spies?
Anthropic CEO Says Spies Are After $100 Million AI Secrets in a 'Few Lines of Code'.  So when your fortune fits in a handful of lines, hitting Ctrl+C could be the new diamond heist.
Finally,  Allstate Insurance gets sued for delivering PII in plaintext.  You’re in good hands with Allstate, we just can't tell you whose.
Let's update the other 50%!

Find the full transcript to this podcast here.

Episode 180. The IT Privacy and Security Weekly Update Loses the Car for the week ending February 27th., 2024

This week one vendor announced we’d be getting post-Quant encryption for our messages, while another works feverishly to ensure we can find our car when we are done at the supermarket.
We have a discovery at one vending machine that does its tracking while you are snacking.
We shine some new light into nation-state spy versus spy wars.
Then the FTC lets loose on a free antivirus provider that slurped up so much of your data for the last 10 years that it’s making the NSA look amateur.
Following that is a class action lawsuit against a license plate scanning company out in Cali that you can join if your plate been scanned at least 15 times. You’ll want to be sitting when we do the reveal on how many people will be joining you.
This week’s update is all about right and wrong, left and right, and er... “where did you say we parked the car?”

Find the full transcript to this week's podcast here

Get out the passport because you’ll need it for a range of stories that circle the globe.

We start with an icon and end with an algorithm, and in between, we’ve got one of the best updates yet.

From data sharing between governments to Meta/Facebooks’ latest debacle, you could find our story on camo might be the only thing left to hide behind.

There’s a shocking story for new parents in the US state of New Jersey, and yes, one more revelation about the NSO groups’ software that cuts very close to home for our European audience.

We even have a superb story that calls out one of the hidden benefits of liberally buying your teenager pizza… from a mother that might be contemplating just that for a very long time.

So take your glasses off, pull your hair back behind your left ear, look straight at the camera and relax your shoulders because this week’s update is pretty as a picture!

For a full transcript of this podcast go to discuss.daml.com

This week we start down the road of your data collection and discover ways and places it’s being shared that you might never have suspected.

Next, we learn who’s included in the hubbub about ransomware and what the ransomware baddies are doing to build greater efficiencies into their exploits.

From there we move on to companies with more leaks than a wicker canoe, a submarine screendoor, or a porcupine’s raincoat.

We have a great story about how one company has finally made it to the top, and how sometimes it’s not as great as it’s made out to be.

We end with a warm and cuddly way to go invisible and perhaps the perfect holiday gift for those in the Northern hemisphere.

Layer up and let’s go have an adventure!

Find the full transcript to this podcast at:  Discuss.daml.com

This week in our smash and grab we go from phones to fake followers and end up with a blog writer in tears.

We gain a little insight into just how relaxed some US Government officials are with the data of private citizens.

Then we wave, we get grabbed, we patch, and we secure.

Why… heavens to Betsey! This sounds like the makings of the best IT Privacy and Security Weekly update yet!

Let’s pull up our socks, lace our running shoes, and see what we can unravel before we try and find that elusive back a door!

For a full transcript of this week's podcast go to Discuss.Daml.com

Episode 160. In this week’s IT Privacy and Security weekly update:
​
We start this week with a pause of remembrance to all those innocents caught up in the wars raging across the world. Often the highest price is paid by the most innocent.

October may be Cybersecurity month, but in the run-up to the holidays, we think it could also be “Call your grandparents month” too. Why? We have an eye opener from the FBI that may have you ringing your Grandmother as soon as you finish reading this.
Our second story to anyone at Amazon working remotely, “the gig’s up”.
Our third story gives us another reason to dislike having our photographs taken, with our fourth covering a little change that will keep our communications through one application safe for years.
Shockwaves from Cali in story five, and 23andMe unravelling our genetic secrets for our sixth update.
Finally we take a bite out of the line in one supercomputer’s greatest threat, and we hope it doesn’t give the cat any ideas.
Just like a strand of DNA, let’s go unravel these updates!

Find the full transcript to this podcast here

Happy Tuesday!  

In our process of constant evolution we have a slightly new format for you this week.  

After an exciting IoT Bill we are going to focus on secure communications. 

We look deep into the heart of password use and creation, to help you create your best one yet and then we take to the high seas for a recent discovery that had some major implications for human-kind. 

We finish in and around the high seas with a certain signal we hope you'll become very familiar with.  

So let's draw anchor and put this ship out to sea!  This is the best Privacy and Security update yet, so Let's set sail!

EP 233.5

Key Cryptocurrency Threats & Scams
In 2025, crypto remains a hotspot for scams like Ponzi schemes, fake ICOs, pump-and-dumps, phishing attacks, and malicious wallets or exchanges designed to steal funds. Social media is often used for deceptive giveaways, impersonations, and investment scams. Other risks include fake mining operations, rug pulls, fraudulent apps, SIM swapping, and impostor tech support.

• 
  

• AI Skills Demand in the Tech Job Market
  AI expertise is increasingly sought after, with about one in four U.S. tech job postings requiring AI-related skills. This trend cuts across industries like healthcare, finance, and professional services. Although overall tech job postings have dipped, AI job listings have surged since ChatGPT’s launch, offering premium pay and higher job security.

• What Is Free95?
  Free95 is an open-source operating system on GitHub aiming for Windows compatibility without the bloat. It currently supports basic Win32 programs, with future plans for DirectX and gaming. Its creators prioritize security, simplicity, and independence from major corporate control, positioning it as a leaner alternative to systems like ReactOS.

• DOJ Push for Google to Sell Chrome
  The U.S. Department of Justice still wants Google to divest Chrome, citing an illegal monopoly in search. The DOJ argues that selling Chrome would create room for genuine competition. While it continues to push for restrictions on Google’s paid search placement deals, it has dropped calls for Google to shed AI start-up investments.

• Edge Computing on the ISS
  Axiom Space and Red Hat’s AxDCU-1 data center on the ISS tests cloud, AI, and cybersecurity in orbit. Red Hat’s Device Edge software enables real-time data processing in space, crucial due to limited satellite links with Earth. This development could boost AI training, imaging, cybersecurity, and overall autonomy in space operations.

• Undocumented ‘Backdoor’ in a Chinese Bluetooth Chip
  Researchers found hidden commands in the ESP32 microcontroller, used in over a billion devices. Attackers could exploit these commands to impersonate devices, steal data, or infiltrate networks. The chip’s widespread adoption in smartphones, locks, and medical equipment heightens the security risk, as attackers might gain long-term control.

• Security & Privacy Concerns of ‘Agentic AI’
  Signal President Meredith Whittaker warns that agentic AI requires broad system access, potentially gathering financial, scheduling, and messaging data with near-root permissions. This could break down privacy barriers between apps and introduce significant security risks, especially if sensitive data is processed in the cloud.

• Expanded Social Media Screening for Non-Citizens
  The U.S. is considering extending social media checks beyond new arrivals to all non-citizens applying for benefits like permanent residency or citizenship. This raises privacy concerns, as individuals who entered before such screenings were routine may now face additional digital scrutiny when adjusting their immigration status.

This week we start with a chimp and end closer to doom.

Between those two completely unrelated bookends, we get news from phone, security, and payments companies that they let a different animal out of the bag.

There is some potentially good news with ransomware payments falling across the world and the Supreme court allowing the anonymous defense of section 230.

We have updates from Google and Meta but then get booted out of the airport.

This week’s update is faster-paced than an action movie … and comes with better animal sidekicks too… so let’s get to it!

Find the full transcript to this podcast at discuss.daml.com

For this episode we go searching for the needle in the haystack and it appears that someone or something in our fourth story found it!
But we end Q1 with what we end every Q1 with in the US. Taxes. And relief that the already onerous tax prep process that so many have to have buy special software for just to complete, now asks you for permission to sell your data …. and how you can avoid it.
Americans see their privacy eroded at every lamp post, but North of the border in Canada the supreme court passed a bill that increases privacy for every Canadian.
And while we hold our breath and turn blue waiting for Microsoft to fix their zero day vulnerabilities, we apparently have demonstrated an unwitting hospitality to guests visiting from North Korea.
From there it’s AI, and while one finds needles in haystacks, others are generating things that crawl a network in an altogether more unsavory manner.
The U.S. Whitehouse, apparently now a subscriber to our podcast continues to call out the dangers of “Smart” devices. This time it’s cars and the takeaway that has the POTUS calling out a new investigation.
Finally we finish with a device called the ShotSpotter that is turning up in neighbourhoods across the US in high numbers. It doesn’t have a camera attached, but it still has potential to to remove even more of our privacy. Can you guess how?
​
This is our best update yet, so grab your metal detectors and let’s hit the hay!

Click here for the full transcript to this podcast.

This week we take apart the various elements of ransomware so you know what the stats are upfront. Costs, protective steps, and tooling so that if the unthinkable ever were to happen you would know your options.

We remind you that although ransomware is (literally) stealing the headlines, there are a few other gremlins out there that you might also want to sidestep.

We end with some entertaining quotes from the cryptographer's panel made while they were out of their dark workshops attending the RSA conference this week.

Encrypted or decrypted … we think you’ll find that this is the best IT Privacy and Security Weekly Update yet, so let’s refactor and get started!

For a full transcript of this podcast go to discuss.daml.com

It’s that time of year again when love is in the air and this week’s update will be as embracing as a hug from Taylor Swift after a big Super bowl win.
We start with a great misstep story about a hypothetical bot infection of millions of toothbrushes that is sure to leave a glint in your eye and a grin on your face.- click the pic to hear the podcast -As we recover from all the betting ads being hurled at us as US states legalize online betting one by one, we have a story about how the world’s biggest (by volume) casino faltered.
From there we go underground, literally, with a newly released disclosure about real time survelliance that could have those in the world’s 37th largest city running for cover.
Fresh and hot, we deliver an Apple turnover on the right to repair.
Then an update from Google that might make spyware companies like Israel’s NSO group even less popular.
And we finish with something that might have you reminiscing about school days and fake IDs, but this time we add in the artful hand of AI.
You're in the mood, you’ll love this update.

Find the full transcript to this podcast here.

For this update, it’s all digits to hand. We go from Japan and Iran to Prime deliveries from a van.

Allegations of TikTok’s Chinese monitor, e-mail proof that Parler shares monikers while France fines an unrepentant photograph chronicler.

We have programming language standings, new Australian fines landing and the malware that Qatar is demanding.

And if that bad rap came through clear, we promise it only gets better from here.

Find the full transcript of this podcast at Discuss.daml.com

In this week’s update, we take you from lockdown to the end of civilization with the notice that “a smooth sea never made a skilled sailor”.

We move “shipshape and Bristol fashion”, through mines, espionage, and corruption.

Then, we “make up Leeway” with one big name demanding Multi-Factor Authentication (MFA) for everyone and a black box that just might be a “shot across the bows” of politicians who talk ‘Blah Blah Blah’

Whether landlubber or salty dog, this vessel delivers the best IT Privacy and Security update yet!

So let’s put on those oilskins, slip on those waders, grab a rope, and hit the high seas!

For a full transcript of this week's podcast please go to discuss.daml.com

In this week’s update, we start and end on TikTok, but the bookends could not be more different.
We have one of the most important updates on how you can protect your family and friends from the latest AI scam that's already gone global.
Then we dance between more revelations from who’s viewing who, to one presenter who lost more than her TikTok audience.
There’s a brazen story covering one law firm's efforts to stop Google from hoovering up every piece of our data and presumably make some decent money in the process.
We’ve got a new flow across the Atlantic and a brave soul who is duty-bound to put a stop to it.
Finally, we have the latest compromise, this one occurring during your Amazon package delivery.
It’s fresh as a kiss, it’s fun, it’s the IT Privacy and Security Weekly Update!

Find the full transcript for this podcast here.

Episode 202. This week we start with a new use for your face and end with a cautionary tale about keeping a safe distance when looking for true love.
Then we get up early in the morning and discover that in trying to keep you secure, Microsoft gave you a broken multi factor authenticator.  (thanks Microsoft).
After that, it’s more love, but a love you will have to suppress if Ford’s patent takes off.
A new scheme from DARPA that could be almost as revolutionary as that experiment they did connecting university mainframes.
TikTok steals from the children and nothing gets a mother more angry.
A new Chinese hacking group compromises an Internet service provider so that when you do your machine updates, you get… malware!
And then we share another wonderful app from Microsoft that this time allows your boss to keep tabs on your every move. (Again, thanks Microsoft).
Gotta get up early in the morning!

Find the full transcript here.

This is the most “detective” update ever!

Inside this week’s update, we inspect over-communication in Chinese manufactured telecoms equipment., and under communication from an info systems agency. We broadcast seed planting clips from outside our car prior to a deep dive into the methods used by the FBI to ascertain the Jan 6th. Insurrectionists in Washington DC. We discover fake ads, fake crypto, and we think some fake test results.

Yes, say it with us, “The best IT Privacy and Security detective work yet is in this week’s update”.

Grab your deerstalker cap, your magnifying glass, Watson, and let’s go sleuthing!

For a full transcript of today's pod go to discuss.daml.com

This is the Jailbreak edition. We start with an example of the quickest way to end up in prison, a story of an inmate made good and of course, we end up right back in the clink in what must be one of the worst hacker “job applications” in history.

In between those rough-and-tumble walls, we have insight on one country’s cyber curriculum, your streaming service’s second income, OnePerCent, the potential post $610 million job offer, and why Amazon could be sold out of Razor gaming mice.

Ducking and diving, dodging and weaving, we are all in this week, so let’s get on the striped shirts and have a quick look inside.

For a full transcript of this podcast go to discuss.daml.com

In our most childish update, we bring you the up high, low down, and all the topics shaking around us.

We start with one of the most entertaining helicopter chases we have ever heard, move through 58 websites, then into an Airbnb, a swimming pool, where drenched, we embark on a transatlantic chase, a breach, a leak, an upgrade, and finally finish with a boat.

If you weren’t out of breath from all that, we can promise, we are.

And if only for a few moments, we’ll try to pull it together, stand upright, act mature, and set off on a superbly childish adventure!

Find the full transcript of this podcast at Discuss.daml.com

For Episode two one five and a half our couple does a deep dive into this week's topics.

Enjoy!

Episode 190. This week we start with a tale that will bring happiness to every University Students’ mother.

We follow with another that has one woman fuming while everyone involved claims it was a coincidence.
There is an update on the tattletale car story and the short, sharp, slap that lawmakers gave automakers recently.
We find out the name of the company whose employee was tricked into a $25 million transfer.
Then a story that will make the blood boil of anyone who’s been let go during the ongoing waves of tech layoffs.
A Cyber security giant tells us why large language models can never be secure.
And we end with what we would almost call an obscene invasion of privacy from a collaboration tool that we all used to trust.
We won’t promise you that this weeks update will get your socks clean, but at least there’s no pre-soaking required. Come on! Let’s wash!

Find the full transcript to this podcast here.

James Bond, Mata Hari, and Papa John?

This week we look into what today’s liars and spies are up to; from fishing to card sharks, wiretaps to deauthers, stolen keys to firewall upgrades.

And in the face of that, we are presented with an Operating System that is bundling higher security and application updates and … supporting it all for 10 years. Publicity stunt? Maybe, but it got our attention!

Finally if clutching your wallet and your phone as you hit that last 76-meter drop on Tarragona Spain’s “Shambhala” roller coaster, you notice the emergency medical services waiting at the bottom, it may have less to do with the person next to you who blacked out and more to do with your latest toy.

Mata Hari’s got nothing on you. Quick, jump into the Aston Martin, and let’s roll!

Find the full transcript to this podcast at discuss.daml.com

EP 226

In 2024, hackers gave U.S. healthcare a crash course in oversharing—186 million records spilled, proving patient privacy is still on life support.
UnitedHealth tried to bury its breach notice deeper than your inbox's spam folder, leaving 100 million victims googling in vain.
 A new AI tool can guess your photo's location faster than your nosiest neighbor—use portrait mode, or prepare to be geo-tagged!
 GM got caught selling your driving secrets—now they’re banned for five years, but your insurance premium probably isn’t impressed.
The UK’s digital wallet promises to declutter drawers, but we’re still skeptical it’ll clear up the chaos in government paperwork.
 Failed startups are gifting hackers access to your personal data—proof that your old Google login can haunt you more than your ex.
Amazon’s return-to-office plan lacks desks, parking, and common sense—so much for those “collaboration” benefits.
Forget NFTs—Trump’s $TRUMP and $MELANIA coins promise to make your wallet great again.
Why wait a second longer?  Let's find out what all the fuss is about.

Find the full transcript to this podcast here.

Phonetically speaking, we have the tastiest holiday serving of praɪvəsi ænd sɪˈkjʊrəti on anyone’s holiday menu!

Our entre is confirmation of a hack first reported here months ago, before moving onto the first course of NSO stew, a main of student test taking with a side of Facebook.

For dessert we move outside and with the wind in our hair we end with a story about brushing.

Yes, it’s all here and although we make a real meal of it, we think you will love this holiday feast!

So grab a knife and fork (no spoons in this issue, for that see our December 1st update) and let’s dig in!

Howdy!

On “giving Tuesday” we are “giving” you the best privacy and security stories yet.

AI and privacy feature high on the list, from AI aimed at truck drivers to office 365 workers and sticking with the theme comes our AI generated title this week for the Privacy and Security update. Using the semrush(dot)com/title-generator/

and the two most coherent results for your delectation:

1. “The Best It Privacy & Security tricks For Your First Date”
2. “8 It Privacy & Security Things that Are Hiding under Your Bed”

(It really had to be the second option for this week’s update…)

… from there we move into GDPR fines, DNA hacking, and Magecart attacks. We swap voice commands for laser to instruct your Alexa device and highlight some other privacy concerns from Amazon.

We finish with a delightful interview where privacy and GDPR appear not to be foremost thoughts in the mind of psychic Uri Geller.

This is the best collection yet, so let’s get the road train rolling!

This week starts with frustrated police in Sweden and finishes in the back pocket of a legal team.

We move onto the troubling story of the US National guardsman who, now it transpires, leaked way more than all the toddlers at your child’s preschool, a beer story that is sure to have many of our readers in tears, and a drafty new naming scheme based on weather events.

We get great updates from WhatsApp and Google authenticator and more AI news than you can shake an API at!

Finally, we flag something rumbling in California related to privacy that could make large ripples in the data lakes of collected user information.

They’re global, they’re fresh and they’re flying, so let’s follow those flags!

Find the full transcript for this podcast at discuss.daml.com

Episode 172
This week we focus on our amazing kids. From the effect the phone we send them off with “to keep them safe” has, to an amazing 13 year old crushing a 34 year old arcade game. We even end with advice from a Nobel prize winner about what you might not want to study.
From, the kids, we turn to Apple and what is going on between them and the world’s biggest democracy. We then follow Apple to a researcher who thinks he has found the perfect way to keep Apple Air tags from being used for tracking people.
We get an update on the failure of the open source GPL (General Public License) and what one key figure thinks could replace it.
The Google gets some bad news as it is denied a request to have a court case thrown out and then some great news on the safety record of it’s Waymo subsidiary.
It’s a new dawn, it’s a new day it’s a new life… and we’re feeling good!

Find a full transcript of this podcast here.

From splashing in cold waters to baking in hot homes we cover the whole temperature range.

After a good headcount of our critical drinking water infrastructure, we give you the lowdown on tracking, bots, faces, and fingerprints. We update you on compliance, regulations, and (sadly) taxes, before delivering really bad news for our RedHat Linux and Docker users.

Finally, we unbork your iPhone before revealing just why you might be reading this in a full sweat.

So pull on your swimming trunks, put on your gloves and let’s go have an adventure with this week’s IT Privacy and Security Update!

Find the full podcast transcript at Discuss.daml.com

In this week’s update, we flutter from “ almost everything” to the butterfly effect.

In between those extremes, we find a little tit-for-tat going on between the US and China that could impact everything from your cloud compute to your phone.

We have facial recognition software being rejected by performers and embraced by you local shops.

From there the sad story of the CISO first attacked by a nation-state and then by the US government.

And finally, we have a story about some phone hacking software that itself got hacked.

It’s all here in a firecracker of a 4th of July edition of the IT Privacy and Security Weekly Update.

Find a full transcript of this podcast here.

On the first anniversary of the murder of George Floyd, we’d like to take a moment to pause and reflect. Changing social bias is an evolution, just as realizing and changing our own. But with continued effort, we can make a difference. Just as ignorance promotes prejudice, we can all learn to be kinder, gentler, and more accepting of the differences of those around us.

This week we start IT Privacy and Security with the sound off, a revelation about a new type of malware that actually checks a directory to look up its victims before attacking them, and then a type of manipulation we are sure you’ve experienced but probably never realized was so rampant.

We follow with a story about poor judgment and bad publicity and the heroic efforts of so many as they work to help others. There is news on privacy and security changes in Android 12, and yet another update for macOS.

We end on a lighter note with the story about the significance of composition in photography, stressing the importance of keeping your fingerprints away from the final product.

On this solemn day let’s learn something new. Together.

For a full transcript of this podcast go to discuss.daml.com

This week we have a refreshing break for anyone in the US who has been bludgeoned with non-stop Political ads for the last two weeks. (These ads are everywhere, TV, the sides of buses, the Internet, radio, and even people’s front lawns.)

For our fresh “forget the election” update we start with a “You could not make this up” story again about TikTok, now changing their EU privacy policy to let all in the EU know that their data is actually going to China.

We move on to a story about plagiarism by AI, scanning of devices, scanning of faces, and a new audience for New York neighborhood cams.

In the name of efficiency, we have smartwatches in meat factories, and a new app that you can load on your computer to index what you did and said for weeks at a time.

We have the Red Cross trying to figure out a flag to wave in the world of digital warfare amidst some interesting new malware delivery mechanisms.

Finally, we end with what may be the most practical use of AI of all time: writing wedding gift thank you letters.

By the time you get to the end of this update, you’ll be in the know, refreshed, and maybe even ready for the next 4 months of U.S. election recounts!

Find the transcript for this podcast at:  Discuss.Daml.com

Episode 220

This week we solve a mystery that has may have more impact this holiday season than you could imagine, and what you can do to stop the same thing happening to you.
A Chinese hacking campaign targets telecoms globally, proving that no phone call is truly safe.
The FCC takes a hard stance on telecom cybersecurity, warning companies: fix those flaws or face hefty penalties.
Google's "end-to-end encryption" turns out to be more like "end-to-what?" as tech bloggers expose misleading claims.
A startup takes home security to new extremes with drones, facial recognition, and a little bit of paranoia.
A backdoor in a popular Solana library drains wallets, leaving a $184,000 hole and crypto developers scrambling to upgrade.
SpaceX's new satellite network aims to keep your phone connected, even when you're way off the grid—though texting is the only thing that's fast for now.
We have the world of IT Privacy and Security covered from Stoli to SpaceX.  Let's jet.

Find the full transcript here.

Like watching Lionel Messi score his 100th goal, some of the stories we cover here seem almost un-be-lieva-ble!

We jump into the game in Argentina and finish in South Korea. Scoring heavily we witness an own-goal, a red-card in the UK, travel to the top and bottom of the league tables, get punched in the mouth, breached, hacked, cracked, arrested, and then, then in what may be the worse fate of all… someone scuffs our white Vans slip-ons.

This is, with no hesitation, the greatest update to date, so don your tracksuits, sort out those shoes and let’s get in on the game!

Find the full transcript of this podcast at discuss.daml.com

What is the primary concern regarding the use of WhatsApp and other encrypted messaging apps recently?

Recent reports indicate that spyware, specifically "Graphite," has been used to target journalists and civil society members through zero-click attacks on encrypted apps like WhatsApp, Telegram, and Signal. This means that these apps are not as secure as previously thought, even though they employ end-to-end encryption. The spyware can infect devices without any user interaction and potentially compromise communication data.

What are the security vulnerabilities identified in certain healthcare patient monitors?

The FDA has highlighted cybersecurity issues in Contec's CMS8000 and Epsimed's MN-120 patient monitors. These devices, when connected to the internet, are susceptible to unauthorized remote control, software backdoors, and data breaches containing personal health information. One backdoor was linked to a Chinese IP address, raising additional concerns about foreign access to sensitive health data.

Why has the Chinese AI chatbot, DeepSeek, been banned in Italy and Taiwan?

Italy's data protection agency blocked DeepSeek because its developers did not adequately explain how user data is collected or confirm whether it's stored on Chinese servers. Taiwan's digital ministry also banned the use of DeepSeek by government departments, citing security concerns related to its Chinese origin.

What led to DeepSeek's data being exposed online and what kind of information was affected?

Cybersecurity firm Wiz discovered a significant amount of sensitive data from DeepSeek was left unsecured on the open internet due to an apparent misconfiguration. This data included over a million lines of data such as digital software keys and user chat logs.

What is Senator Hawley's proposed bill regarding Chinese AI models, and what could be the consequences for individuals?

Senator Josh Hawley has introduced the "Decoupling America's Artificial Intelligence Capabilities from China Act," which aims to criminalize the import, export, and collaboration on AI technology with China. Under the proposed law, knowingly downloading a Chinese AI model, such as DeepSeek, could lead to severe penalties, including up to 20 years in prison, a million-dollar fine, or both. The bill reflects growing concerns about national security and the potential for China to leverage AI for hostile purposes.

How is Amazon being accused of tracking consumers, and what type of data are they allegedly collecting?

Amazon is facing a class-action lawsuit accusing the company of secretly tracking consumers' movements through their cellphones via its Amazon Ads SDK, embedded within third-party apps. It's alleged that the SDK collects sensitive geolocation data without users' explicit consent, such as IP addresses, location, ISP, device info, and network performance metrics. This data is used to build a detailed picture of consumers' habits and preferences, raising privacy concerns about corporate surveillance.

What restrictions are being placed on open-source contributions, and who is being affected?

The US Office of Foreign Assets Control (OFAC) sanctions are imposing restrictions on open-source contributions from sanctioned individuals and countries. Developers from nations such as Russia, Iran, and North Korea are facing challenges when contributing to open-source projects due to these sanctions.

How is Cloudflare addressing image authenticity concerns, and what are the potential benefits?

Cloudflare has implemented Content Credentials, a system based on C2PA standards, that embeds metadata into images to track their origin and modifications. This system helps distinguish between genuine and manipulated content. The benefits are significant, as Cloudflare's network handles approximately 20% of global internet traffic, greatly increasing the potential reach of the system. This helps create trust in digital images, and preserves the work of digital creators.

We start this week’s adventure with a tribute to women’s safety as we come to the end of National Women’s History Month in the US.

We move on, not to home building, but cybersecurity, with a backdoor disguised as a Typo fix. In the days of the George Floyd murder trial in the US, we find one legal reviewer in the UK that is of the opinion that people should get anywhere from 2 months to 5 years for not providing their phone password to the police.

We get to the bottom of STIR/SHAKEN and finally, we see the results of a privacy and security survey of over fifteen thousand people around the world. We think the results will surprise you!

And with that, the moment, you own it, you better never let it go.

Find the full transcript for this podcast at discuss.daml.com

For our first story we put on our resting witch face and join the Mozilla Foundation as they reveal their new privacy creep-o-meter.
We’re raising spirits in the art community with our second story of the “deadly” Nightshade that might kill off AI replicating your artwork.

In story three witches be trippin’ over 23andMe data from another 4 million clients. What a nightmare!
The star of our fourth story is the return of the Boo crew leaving Okta to create another batty blog post.
The Colorado Supreme Court creeps it real with support for warrantless keyword searches as the US DOJ discovers North Korean ghosts in the machine.
Next we say “fang you very much” to Gary Gensler for his heads up about AI’s potential effect on our financial markets
and finally...
An eek, squeak, and unique new use for AI that let’s it hear things you don’t remember saying.
So join us in this week’s web of fun. Broom hair? Don’t care. Let’s go!

Find the full transcript to this week's podcast here.

What is "surveillance pricing" and how does it affect me? Surveillance pricing is a practice where online retailers adjust prices based on your personal data, such as location, browsing history, and demographics. Companies collect data like mouse movements and items left in your shopping cart to determine what you're likely willing to pay. This can lead to different individuals being offered varying prices for the same product. To mitigate this, consider using VPNs, browser extensions that block tracking, regularly clearing browser cookies, and being cautious about the personal information you share online.

What car vulnerabilities were recently discovered, and how can I protect myself? Security researchers recently found vulnerabilities in Subaru's web portal, allowing remote control of vehicles, including unlocking doors, starting the engine, and tracking location. Millions of Subaru vehicles with Starlink digital features were potentially affected. While Subaru has patched the identified flaws, it's crucial for all car owners to ensure their software is up-to-date. This is part of a larger trend of security issues in the automotive industry, so vigilance is essential.

How is Meta using my data with its new AI, and can I opt out? Meta's new AI chatbot will use personal data from your Facebook and Instagram accounts to personalize its responses. This includes information from previous conversations, dietary preferences, and interests. Unfortunately, there is no option to opt out of this data-sharing feature.

What was the recent ruling about the FBI's access to Americans' private communications? A federal court ruled that backdoor searches of Americans' private communications collected under Section 702 of FISA are unconstitutional without a warrant. This ruling found that even if the government can lawfully collect communications between foreigners and Americans, it can't search those communications without a warrant when those searches involve US persons. This stems from a case where the FBI searched emails of a US resident, collected under the premise of foreign intelligence, without a warrant. The court found this to be a Fourth Amendment violation.

What are the dangers of North Korean IT workers, and how can we protect our companies? The FBI has warned that North Korean IT workers are abusing their access to steal source code and extort U.S. companies. They often copy company code repositories, harvest credentials, and initiate work sessions from non-company devices. To mitigate these risks, companies should apply the principle of least privilege, limit permissions for remote desktop applications, and monitor for unusual network traffic. Additionally, it is important to recognize that these workers may log in from different IPs over a short period.

What is the new threat to the European power grid, and what makes it so concerning? Researchers have discovered that renewable energy facilities across Central Europe use unencrypted radio signals to control how much power is sent into the grid. By reverse-engineering the signals, they found they could potentially manipulate the system to cause widespread disruptions, including a grid-wide outage. The lack of encryption on these systems and the ability to control large amounts of energy poses a significant risk, especially considering current geopolitical tensions.

What is the significance of DeepSeek's R1 model and how does it compare to models like OpenAI's? DeepSeek's R1 model is an open-source large language model (LLM) that offers open weights, allowing users to run it on their own servers or locally. It challenges OpenAI's proprietary model by providing a more cost-effective and accessible AI solution. DeepSeek uses a technique called distillation, where existing LLMs train new, smaller models. The emergence of R1 suggests a shift towards more commoditized AI and potentially increased accessibility and customization.

What are some common types of cyber attacks and how can I defend against them? The sources list 21 common cyber attacks including: malware, phishing, ransomware, drive-by downloads, cross-site scripting (XSS), SQL injection, man-in-the-middle (MitM) attacks, DDoS attacks, password attacks, insider threats, credential stuffing, zero-day exploits, social engineering, session hijacking, eavesdropping, watering hole attacks, DNS spoofing, IoT attacks, supply chain attacks, brute force attacks, and spyware. Preventative measures involve using antivirus software, updating systems, avoiding untrusted downloads, verifying emails, using spam filters, performing regular backups, having strong firewalls, enabling MFA, monitoring activities, restricting access to risky sites, securing cookies, and training employees to recognize suspicious activity.

The best way to stay protected is to stay informed. Keep listening

for EP 213.5 take a deep dive into the Honeypots of this week's update!

This week we share a pungent selection from the most excellent landfill of stories yet.

We start our noisome journey literally in the dump and end up staring at a set of salad tongs.

We have a familiar cast of characters representing slightly different fragrance lines: Zuck, Elon, Blake, and even the devil himself may be found to guff in this one.

There’s the effluvium at KMart, new detritus for Ohio, and why even Google is starting to sniff at the bitter waft of the TikTok algorithm.

We tell you what trumpery to expect when you next get phished and if you are one of the tens of thousands laid off in the latest round of tech cuts, what you might want to consider for your next less malodorous gig.

Yes, it may be less than aromatic, but this week’s update will leave you with a smile like a Welsh crypto-Millionaire!

Come on! Pull up the waders, put the clothes peg on your nose, grab a pair of rubber gloves and let’s get mucky.

Find the full transcript of this podcast at discuss.daml.com

FAQ:

1. What measures are US senators proposing to enhance cybersecurity in healthcare?

A bipartisan group of US senators has introduced the Health Care Cybersecurity and Resiliency Act of 2024. This act mandates healthcare organizations adopt basic cybersecurity standards like multi-factor authentication (MFA), improved coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA), and a more transparent breach reporting process, including details about the number of individuals affected and corrective actions taken.

2. What is Australia doing to combat the rise of ransomware attacks?

Australia has enacted its first Cyber Security Act, requiring organizations exceeding a certain size (likely those with a turnover above AUD $3 million) to report any ransomware payments made to cybercriminals. The act also establishes a framework for the voluntary reporting of cyber incidents to encourage information sharing and enhance collective cybersecurity.

3. What is the extent of the alleged Chinese hacking of US telecom infrastructure?

Reports suggest that Chinese government-backed hackers, known as Salt Typhoon, have infiltrated US telecommunications networks, potentially gaining access to phone calls and text messages. This breach reportedly exploited vulnerabilities in the system used by US authorities for lawful wiretaps. The incident, labeled as potentially the "worst telecom hack in our nation's history", raises serious concerns about national security and data privacy.

4. What advice is the Japanese government giving its citizens regarding their digital legacies?

The Japanese National Consumer Affairs Center recommends that citizens engage in "digital end-of-life planning" to prevent difficulties in managing their online accounts after their death. They advise ensuring family members can access their devices, maintaining a list of subscriptions and login credentials, possibly including this information in end-of-life documents, and considering services that allow designated individuals to manage accounts posthumously.

5. What privacy concerns have arisen with Microsoft's Copilot tool?

Microsoft's Copilot, designed to streamline tasks by accessing internal company information, has inadvertently exposed sensitive data, including CEO emails and HR documents. This occurred due to lax permission settings in some companies, allowing Copilot to access and retrieve documents beyond intended access levels.

6. How is Microsoft enhancing Windows security following the CrowdStrike incident?

In response to the CrowdStrike incident that impacted millions of Windows devices, Microsoft is introducing the Windows Resiliency Initiative. This initiative includes Quick Machine Recovery, enabling remote repair of unbootable systems, stricter testing and deployment protocols for security vendors, and a framework to move antivirus processing outside the Windows kernel for improved security and stability.

7. What was the outcome of Interpol's Operation Serengeti in Africa?

Interpol's Operation Serengeti, conducted in collaboration with Afripol, resulted in the arrest of over 1,000 suspects across 19 African countries. The operation targeted cybercriminals involved in activities like ransomware, business email compromise, digital extortion, and online scams. Notably, the operation dismantled networks involved in credit card fraud, Ponzi schemes, human trafficking, illegal gambling, and cryptocurrency scams.

8. Why are undersea data cables becoming an increasing security concern?

Undersea fiber-optic cables, responsible for transmitting vast amounts of global internet traffic, are increasingly vulnerable to damage and sabotage. Recent incidents, such as damage to cables in the Baltic Sea suspected to be linked to a Chinese cargo vessel, highlight these risks.

In this week's update:  Musk's DOGE website gets more editing than his tweets.
Employees sharing secrets with AI chatbots prove humans haven't learned anything from social media oversharing.
South Korea puts DeepSeek in the digital doghouse until it learns to play nice with privacy rules.
Chinese hackers show that even after sanctions, you can't stop a Salt Typhoon with an umbrella.
Apple's privacy features are too private for Germany's taste - plot twist nobody saw coming.
Finally, an AI that promises to keep your secrets... on your phone, where you'll probably still accidentally share them anyway.
AI takes tech jobs, and proves it learned "layoffs" from watching human managers.
Let's go unearth those secrets!

Find the full transcript to this podcast here.

Episode 186 Look, up in the sky! It’s a bird, it’s a plane! It’s... your insurance company!?!?

This week we have stats and stories that will leave you gasping, and that’s good because you’ll have a chance to catch your breath during our spring break over the next couple weeks.

We start this update up there, in the sky, and the novel new way insurance companies are finding to lower risk and increase profits.

From there we move on to a US privacy bill that we never thought we would see get as far as it has, and just how many people are potentially lining up to stop it.
​
It’s not 007, but SS7 and it involves spies and use by adversaries for so long that the Federal Communications Commission is calling for accountability.
There’s a ransomware attack that hasn’t hit healthcare but a coffee loyalty program that has raised the profile of ransomware to new heights.
From a Canadian listener an update on Microsoft’s Security Chickens.
And finally the most amazing, incredible, unbelievable identity theft story we have ever heard.
They removed the last public phone box in Metropolis in 2022, so there’s no chance to change, but that’s fine because by the time we get to the end of this week’s update we’ll only need one identity and it will be secure.

Find the full transcript to this week's podcast here.

Episode 184. It’s the last last episode this month, and if “March comes in like a lion and goes out like a lamb” then we have the wild in these updates running backwards.

We start with an absolutely stupid way to save five bucks. Cut coupons, buy off-brands but don’t try to save money with Telegram’s new money saving offer.
Next we move onto a story about how the YouTube algorithm could get you added to a very special list of people who end up with way more attention than they bargained for.
From there we get some unexpected protection from a name we thought had left the room.
Then, from the realms of “They will mine on anything” If your AI sessions are returning nonsense, you may want to blame it on Bitcoin.
Florida goes further than any other to protect kids with a new law, braces for the inevitable onslaught of lawsuits and then…. Nothing happens.
And we finish this week with a story from last spring that has just hit the courts as hard as these uninvited guests hit her front door. You will be shocked and amazed at just how much damage a pair of AirPods could cause, and not to your hearing.
Wild is as wild does. Come on, let’s go!

Find the full transcript for this podcast here.

This week we invite you to join us as we make a bunch of long-distance calls, starting with India, moving across the world, and finally ending up in Egypt.

During our phone dialing journeys we find over five hundred, sixty-seven thousand good reasons not to be vengeful, we tell you about how the FBI tried to make friends with us and failed on the first click, and we share the EU’s new strategy that has us stopping at the start.

We redefine Sassy and give you yet another example of why using SMS for authentication is just … not that good.

We finish with a story about an Egyptian TikTok user after he filed a vulnerability report that had him dancing around his phone.

It’s all here, you just have to answer the call!

Find the full transcript for this week's show at Discuss.daml.com 

Episode 199   
​From the millions here on Earth to the second planet from the Sun we keep you up to date with all the latest and most important escapades in IT Privacy and Security.

We start with the good news that although AT&T may not be selling your phone location data (if you opted out) they have still been sharing it.  We tell you what and when.
CNN provides some investigative reporting that turns up the fact that the irrational worry you have about the use of hidden cameras in Airbnb and rental properties might still be a valid one.
We go down under to discover a 42 year old being lead away in handcuffs for giving free WiFi access in Australian airports and on domestic flights.  Find out why free is never really free.
We have the Ukrainians in trouble again. This time it’s not Biden’s vice president Putin but a breach of the company that makes that handy dandy phone stalking software your new boyfriend/girlfriend told you was a spelling app.
Then we move onto Belgium for some fine chocolate and a warning to Linksys that they are sending your Wi-Fi password across the Internet in cleartext. This may explain what otherwise looks like a taxi rank of cars parked outside the front of your home.
From there we cover a game show that moved channels from Google to Squarespace. Is it behind door one? Door two? Or Door three? And the surprise waiting.
The FTC deliver some stats on how websites lead to you to outcomes they plan for you. Don’t share this story with the new spouse you met on Match.com
And finally, we are back in orbit, this time representing to the Venusians and you’ll never guess who our delegate is. 
Moon boots. Check.
Space helmet. Check.
​Let’s fly!

Find the full transcript for this podcast here.

We go drifting in the Honda this week with stories ranging from AI writing its own autobiography to why our Anom phone bill was so high.

In between we have lots of car stories: Some of them might have you in tears, so grab a tissue.

We accelerate from beans to Titans and then hit the brakes when we discover another instance of those collecting everything on everyone leaving it all out on the starting line.

We hit a hairpin turn with an up-and-coming U.S. politician who’s proposing to create jobs by wrecking car things.

Then we have a police data raid in India that could put some of us in the pits.

This podcast may not be a Ferrari, but we’ve still got some very good lines.

Buckle up. Let’s drift.

For the full transcript of this podcast drive over to https://discuss.daml.com

This week surprisingly starts with a couple of building maintenance callouts:  one for a flashing X on the roof and the other for a rat in the kitchen.
We then feel the jolt of new, shorter breach reporting requirements and solve the mystery of what happened to your air miles.
Google confounds us with a little more control over everything it is collecting on us, while White Castle may be considering racing lanes for its drive-through with its latest AI announcement.
We have every spy across the planet weighing in on what was line-of-sight for hackers during 2022, and an astonishingly easy fix for you to do now.
And we end with a cracking update from low Earth orbit.
You’re going to love this, so circle the world with us in our most awesome update yet!​

For a full transcript of this week's podcast click here

The team discusses the week's IT Privacy and Security Update and offers a different perspective.

Enjoy!

This week it’s all about wearables. Be they on your nose, wrist, ring finger, back pocket, or further south they are collecting just about all the …er … data you can generate.

We start this week with Facebook “trying it on” before moving one step closer to their metaverse. We hit you with news on the Biggest DDoS attack ever, before getting bleary-eyed as we learn what happened to the bride (or groom), and why you’re about as likely not to be able to tell just how late they are.

Finally, after you’ve run on your smart treadmill, ridden your smart bike, and gotten yelled at by your smart mirror, we leave you with a wearable that, thankfully, you don’t have to carry around with you.

It’s all here, (well some anyway), it’s all fresh and it’s all in the best IT Privacy and Security Weekly Update yet. So press “start” on your wearable and let’s get exploring!

For a full transcript of this podcast please go to Discuss.Daml.com

Happy ITPaSWU* Tuesday!

Valentine’s Day is coming up and we’ve got gifts for you. Lots of them.

The first is a great story on just how much precise data your phone shares about you with whoever cares to pay. We then move on to a collection of your data that’s so big, they just may know more about you than you know about yourself!

From there it's furballs and kitties with a new ethnically targeted campaign that uses tech for all the wrong things. We tell you why it was better to stick with beer than water in the Tampa Bay Area for the Super Bowl last weekend and we finish with probably the most creative Valentine’s present you could ever come up with for your loved one!

It’s all here and it all adds up to the best *IT Privacy and Security Weekly Update yet, so let’s get rolling!

For a transcript of this podcast, head over to discuss.Daml.com

Have a safe, secure, and happy Valentine’s Day… and see you in se7en!

Episode 229

If your seed phrase was in your photo gallery, congratulations! You might have just funded North Korea's next Missile launch.
The UK government just asked Apple to make privacy optional—because nothing says "secure" like a government-mandated security hole.
A man wants to buy an entire rubbish tip to find his lost Bitcoin hard drive—because sometimes, your financial future is literally garbage.
The US is considering banning a Chinese AI app, proving once again that if it’s cheap, efficient, foreign, unencrypted, and collects data for a foreign government it’s probably too good to be true.
Massive VPN Attack – 2.8 million IPs are trying to brute-force their way into VPNs—because apparently, resetting the default admin credentials to a "strong password" is still too much to ask.
Google quietly removed its promise not to build AI for surveillance or weapons, so expect "Don’t Be Evil" to disappear completely in a rev. or two.
If your smart TV, social media, and AI assistants feel like they hate you, it’s not paranoia—it’s capitalism, or that other word we can't repeat here.
Earth’s Inner Core Is Changing – Scientists say the Earth's core might be slowing down, which is great, because the last thing we needed was more things spinning out of control.
Let's go digging!

Find the full transcript to this podcast here.

Lie down and relax. This week you might need the couch as our readings take you from therapy notes to privacy policies.

We have Microsoft burrowing into your computer to find out what version of its software you might be running, and Google serving up addresses you want to avoid.

We get a curious question about the Kremlin’s knowledge of what is passing through a “secure messaging system” and a bit of research that might have you reconsider the cheap Chinese phone with the great camera you had your eye on… and why it may not be such a great deal after all.

There’s an attack on a Swiss University, a breach of US police information (again), and a company that lied and is now making a full confession.

You get it all on this therapist’s couch, so put your feet up, make yourself comfortable, and let’s get this week’s session started!

For a full transcript of this week's podcast go to Discuss.Daml.com

Ooh… this week we start with rich creamy chocolate and end with a little smile.

In between those pleasurable bookends, we get an update on the Lapsus$ soap opera before the movie rights are sold to Hollywood.

We learn about printers being hacked to spread the news, and the astounding number and diversity of attacks on communications across Ukraine.

We get an update on a tech exodus and a new targeted ad campaign from the FBI.

Finally, there’s a new “adopt an FSB agent program” with glittering tips on how you can find your own.

This is the best IT Privacy and Security weekly update yet. Let’s roll! Swiss roll!

For a complete transcript of this podcast head to discuss.daml.com

oh... and the jokes...

What did the moderator say to kick off the IT speed dating session?
“Singles, sign on!”

What do you call a turtle that surfs the dark web?
A TOR-toise

What do you call an excavated pyramid
Unencrypted.

If girls are made of sugar, spice, and everything nice, and boys are made of slime, snails, and puppy-dog tails, what’s the cloud made from?
Linux servers, mostly.

What do you call a group of math and science geeks at a party?
Social engineers.

What’s the best way to catch a runaway robot?
Use a botnet.

Why did the programmer leave the camping trip early?
There were too many bugs.

What do you tell a hacker after a bad breakup?
There are plenty of phish in the sea!

Did you hear about the computer that kept rebooting?
It was terminal.

Why did the band never get a gig?
It was called 1023MB.

and finally…

One day, I started to whisper, so my wife asked me why I was whispering, I told her I didn’t want Mark Zuckerberg to hear us.

I laughed.

My wife laughed.

Alexa laughed.

Siri laughed....

Episode 166
This week we have a revelation related to a world famous someone who has managed to avoid arrest through the careful application of privacy. We reveal how that may now be at an end.

We share how a phone manufacturer who promised to bring Apple’s iMessage to Android ended up with “Nothing”
From there a new revelation about how the US Government is using our phones to compromise our privacy (again) and then a really cool must see result from a dev who integrated his computer and camera into GPT-4V and an AI voice and got his own nature program.
Then it’s on to how kids in school can protect themselves against accusations of cheating with AI, and why it’s wrong for schools to be trusting bad software over their students.
From there we find a group that has done more damage trying to do the right thing than if they did nothing at all.
Finally, we have a new use case for blockchain that might be to blockchain what killer apps were to PCs.
We are coming up to Thanksgiving in the US and so we are giving thanks for all our readers and listeners. You keep the drive and the passion flowing.  Subscribe to the podcast, share us with your colleagues and friends. “Thank you”.

​Now, let’s get this party started!

Happy Identity Theft Awareness Week!

In celebration, we move from stories about a 7 year old to a 30 something, the first an agent, and the last a real operator… to a mischievous creature that is causing some real worry in the security community.

We get the lowdown on the face off between Mark Zuckerberg and Tim Cook and more crazy stats on social engineering with tips on how to avoid trouble.

This is the BEST IT Privacy and Security Update yet, so put on your party hats and let’s celebrate!

This week we start and end with Gu in an unabashed attempt to have this update returned in at least fifteen million search queries.

In between the Gu at the beginning and the end, we Freeski through TikTok, pull a reverse 1440 to strange noises from cars, do a left side 1080 for Facebook, before ending with a double cork 1620 with a safety grab.

Yes, this is the greatest IT Privacy and Security update yet, and yes, we have all the freshest stories and tricks for you from this winter’s games.

Oh, and by the way, that’s Eileen Gu on the ivories. Her mum filmed her on the piano while they waited for a flight in the departure gate at the airport. You couldn’t make this up.

So, skis waxed, goggles on, boots fastened, poles back, ready, set, go!

For a full transcript of this podcast please go to discuss.daml.com

This week we are practicing a security technique introduced to us years ago while working with Scotland Yard. “Air Gapping” You can’t get hacked if you are air gapped.

So while we are off gapping we update you on a great way not to suffer from MFA fatigue.

Then we discover after lots of arm flapping by the US authorities about the Russians and Chinese doing this…they’re doing it too

We fly across to a popular new pastime that is causing more things to disappear than Harry Houdini did in his prime!

And finally there are fingerprints all over a fresh Chrome story and a handful of facts that could have a major impact on your selection at the app store!

Let’s make it happen, and go air gapping!

Find the full transcript for this podcast at https://Discuss.daml.com

From the cool waters of the backyard pool to the chilling depths of cylindrical holes in the ground, this week’s stories will elevate your temperature to get you in that summertime mood.

We commute to work past a copycat chip shop and then get an update on why the unemployment rate for lobbyists is still at all-time lows in Washington DC.

We catch Microsoft being naughty, while Google and Apple go to the head of the class.

We find the US government flunking out with their latest budget spend, while one state that’s round on the ends and Hi in the middle makes the honors list.

Finally, we have a round-up of last year’s breach news from Verizon’s annual survey that should get us out of study hall early.

Up North, school’s almost out for Summer so grab your books and let’s go!

Find the full transcript to this podcast at Discuss.daml.com