The Lockdown - Practical Privacy & Security

In this week’s show, Ray Heffer says goodbye to Michael Bazzell's Privacy, Security, and OSINT show. Also, speculation continues about living in a faraday cage, and the reasons Firefox is still better than Brave for privacy and security. Ray also talks about when privacy techniques go wrong, with his lockout from Privacy.com. This episode was recorded on November 22nd, 2023 Follow me on Twitter @privacypod This week's episode: Links mentioned in the show: MITRE ATT&CK (Credentials from Web Browsers): https://attack.mitre.org/techniques/T1555/003/ MITRE ATT&CK (Password Managers): https://attack.mitre.org/techniques/T1555/005/ Tor Project Recommendations: https://support.torproject.org/tbb/tbb-9/ Brave (VPN Services) Issue: https://github.com/brave/brave-browser/issues/33726 Citi Virtual Credit Cards: https://www.cardbenefits.citi.com/Products/Virtual-Account-Numbers Citi (True Name) Card: https://banking.citi.com/cbol/updatemyname/default.htm IronVest (Formerly Abine Blur): https://ironvest.com/pricing/ Wise Virtual Card (UK): https://wise.com/gb/virtual-card/ Intro music: The Lockdown (composed by Ray Heffer) "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius

In this week’s FRIDAY FIELD NOTES, Ray Heffer discusses the Zero Trust security model, a framework that's revolutionizing how organizations protect their critical systems and data. Diving into the depths of cybersecurity, we clear up common myths and misinterpretations surrounding Zero Trust, illuminating its role as not just a defensive strategy but a comprehensive approach to modern threats. Zero Trust operates on the principle of "never trust, always verify," but what does this mean in practice? Zero Trust doesn't just look outward; it recognizes that threats also come from the inside. By assuming that a breach is not just possible, but has already happened, Zero Trust strategies are uniquely positioned to mitigate damage by insiders, whether malicious or accidental. This episode was recorded on November 9th, 2023 Follow me on Twitter @privacypod This week's episode: NIST Zero Trust Architecture (SP 800-207): https://csrc.nist.gov/pubs/sp/800/207/final CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Intro music: The Lockdown composed by Ray Heffer "Security is always seen as too much until the day it is not enough." — William H. Webster

Welcome to episode four of The Lockdown - The Practical Privacy and Security podcast. This episode was recorded on November 6th, 2023 Follow me on Twitter @privacypod This week's episode: 1. I'm back! 2. Traveling to London and Los Angeles 3. A major privacy invasion for Jennifer Lawrence 4. The Psychology of social engineering Intro music: The Lockdown by Ray Heffer "To be yourself in a world that is constantly trying to make you something else is the greatest accomplishment." - Ralph Waldo Emerson

Welcome to episode three of The Lockdown - The Practical Privacy and Security podcast. This episode was recorded on April 9th, 2023 Follow me on Twitter @privacypod This week's episode: 1. The case of Zachary McCoy 2. Why do all this? 3. The Apple Ecosystem 4. My experience with GrapheneOS Get GrapheneOS: https://grapheneos.org/ The case of Zachary McCoy: https://www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-google Tracking Phones, Google Is a Dragnet for the Police: https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html Denmark frees 32 inmates over flaws in phone geo-location evidence: https://www.theguardian.com/world/2019/sep/12/denmark-frees-32-inmates-over-flawed-geolocation-revelations Intro music: The Lockdown by Ray Heffer "The rights of one are as sacred as the rights of a million." - Eugene V. Debs

Welcome to episode two of The Lockdown - Practical Privacy and Security podcast. In this episode I share the saga of the LastPass breach, and my thoughts on password managers and authenticator apps. This episode was recorded on March 19th, 2023 Follow me on Twitter @privacypod This week's episode: 1. The LastPass Breach 2. Password Managers: Dashlane, 1Password, BitWarden, and KeePassXC 3. Authenticator Apps: Google Authenticator, Aegis, and Authy. Recommended Password Managers: 1. https://keepassxc.org (Desktop) 2. https://www.keepassdx.com (Android only) 3. https://strongboxsafe.com (iOS only) 4. https://bitwarden.com (Top recommendation for cloud hosted) 5. https://1password.com (Ease of use, and great option for cloud hosted) 6. https://www.dashlane.com (Expensive, no desktop app) Recommended Authenticator Apps: 1. https://authy.com 2. https://getaegis.app (Android only) Get Yubikey: https://www.yubico.com Intro music: The Lockdown by Ray Heffer "In the long run, we will have to rebuild the universe of the online world to have security first and ease of use second." - Moxie Marlinspike

This episode was recorded on March 10th 2023. Follow me on Twitter @privacypod Show Links: Stalkerware: https://www.theregister.com/2023/02/07/stalkerware_developer_fined/ IntelTechniques (List of People Search Sites): https://inteltechniques.com/workbook.html This week's privacy tips: 1. Privacy check-up / opt-out from people search sites 2. Establish a Revocable Living Trust. Be sure to hire an estate planning attorney. 3. Custom domains with Namecheap and add privacy. 4. Setup a private mailbox with UPS. 5. Use Privacy.com for virtual payment cards. 6. MySudo virtual phone numbers. Stop being tracked, and avoid SIM swap attacks! 7. Use SimpleMobile or Mint for a pre-paid cellphone option. Not Sponsors: https://www.privacy.com/ https://mysudo.com/ https://www.namecheap.com/ Intro music: The Lockdown by Ray Heffer “Who controls the past controls the future. Who controls the present controls the past.” - 1984 by George Orwell