Render is okay, although with a lighter wallet, because he had backups and used full-disk encryption. He doesn’t have to worry about the thief being able to get anything usable off the laptop.

Full-disk encryption might not be for everyone, but it is something people who travel around with their laptops should consider. Lots of tools out there to do it (Windows, OS X, and Linux all have built-in tools as well) and there are factors to consider beyond security so … let’s listen:

My tip of the week is setting up “Find My iPhone” in iOS devices. All it takes is activating MobileMe with your current iTunes account and downloading the app. This works for iPads (1 and 2) and iPhone 4 series running iOS 4—sorry iPhone 3 3GS folks I think you’re left out on this one. Here are the screens on your iPhone that you’ll need to go through to turn on MobileMe and then download the app from the App Store (it’s all free).

Hat tip to Tod Maffin this week because I picked up some great new tips for making this podcast better.

Music is by Derek K. Miller and, yes, he really did write it for me.

While Sony is still big news, and getting bigger with class-action lawsuits being filed this week, there are other things making news in this realm.

A British consumer website rated Hushmail the worst webmail service around. I can’t hardly argue with that, of course.

The Pentagon is taking steps to reduce the chances of another Wikileaks-type incident from happening again—Pentagon takes steps to prevent internal security breaches after WikiLeaks disclosure – The Washington Post—good luck with that.

Nikon’s image verification system was cracked—Hackers crack Nikon’s image verification system | Homeland Security News Wire—which has potentially far-reaching impacts on law and privacy.

Mozilla is standing up to Homeland Security by refusing to take down a Firefox extension that allows people to automatically be redirected to the new URLs of rogue sites taken over by authorities:

• Mozilla Takes a Stand Against Department of Homeland Security
• Mozilla tells DHS: we won’t help you censor the Internet – Boing Boing
• MAFIAA Fire: a Firefox add-on to reverse US government domain censorship – Boing Boing

Mozilla’s position might not be a popular stance, but it is certainly the right one.

Note to Hungry’s spies, people are spying on you—Spy vs spy: Spyware found at Hungarian secret service | Naked Security—this item has all the twists and turns of a made-for-TV movie.

Finally, the possible breach and at LastPass and the fallout from it. By all accounts, though inconvenient to users for a short time, LastPass did a lot right. Render and I talk about this in depth in today’s episode. Here are just some of the post about it:

• LastPass : The last password you’ll have to remember: LastPass Security Notification
• LastPass melts down and leaves many users (hopefully, temporarily) stranded without their passwords | ZDNet
• LastPass Forces Users to Pick Another Password — Krebs on Security
• Password Manager Last Pass Possibly Hacked
• LastPass forces users to change master password after network traffic oddity | Naked Security
• Why LastPass data breach isn’t the last straw | The Download Blog – Download.com

In the show Render talks about the book Perfect Passwords, it’s on Amazon, but looks like it might be in short supply, so grab a copy quickly if you want one.

Music is by Derek K. Miller and, yes, he really did write it for me.

Yes, the PSN hack. Why? Because the effects are going to be huge in the long term. Maybe having the third kind of data breach in a short while will start a serious discussion about how we transmit, share, and store identity information online.

This is also a special show because Renderman joins me again … and will be joining me more often … more about that in the show. Without more introduction:

In the show Render and I talk about Bruce Schneier’s TEDxPSU talk about security. Really, you should watch it. Which is why I embedded it below for you:

Music is by Derek K. Miller and, yes, he really did write it for me.

The biggest news this week have been the revelations that Dropbox could decrypt your files that you stored with them and that, if presented with legal orders, decrypt the files and hand them over to the government. This is caused a lot of people to change how they use Dropbox (myself included). One great solution is the FileVault within eCrypt.me—and that happens to be my tip of the week!

The other big news of the week is that since iOS 4 came out iPhones and iPad 3G models have been tracking and recording where you’ve been with the device. Worse the information is stored in plain text on your machine. As you’ll hear in the interview segment, governments around the world want answers from Apple about this. For all our sakes, I hope we get one soon. Speaking of interviews, this week I chat again with Brad “Renderman” Haines about both Dropbox and the iPhone tracking issue.

For the news of the week, I’ve decided that I want to share more news with you than just what I talk about in the show, so I’ve created a special public notebook in Evernote where I’ll store all the articles I think are interesting as I’m reading the news. You can read my PrivacyNowRadio notebook on Evernote’s website and even subscribe to it if you’re an Evernote user.

Enjoy the episode and if you’d like to know more about the eCrypt.me FileVault, here’s a handy screencast to show you all about it:

Music is by Derek K. Miller and, yes, he really did write it for me.

Essentially Adm. Cohen has been at the front lines of keeping the digital huns at bay for a very long time. Because this is such an important topic and special interview, today’s show will be comprised solely of the interview. I’ll cover the news of the week in a show I’ll record later this week.

Until then…

Adm. Cohen:

My interview this week is with Brad “RenderMan” Haines, who is a hacker and we talk about how hackers are portrayed the media.

Finally my tip of the week is to make sure you’re using WPA2 to secure access to your wifi at home or work, disable remote pings, and make sure that remote (WAN) configuration is disabled on your router. Remember, a WPA2 password isn’t considered secure unless it’s at least 20 characters long!

And now the show Interview with the Hacker, he doesn’t bite.

Below are links to some of the news that I talk about in the podcast:

U.S. Government takes down CoreFlood:

• U.S. Government Takes Down Coreflood Botnet — Krebs on Security
• U.S. shutters botnet, can disable malware remotely | InSecurity Complex – CNET News

DOJ still after Twitter for Wikileaks associates:

• WikiLeaks Associates Hit Back Over U.S. Twitter Records Demand | Threat Level | Wired.com
• DOJ defends WikiLeaks probe of Twitter accounts | Privacy Inc. – CNET News

WordPress.com Hacked:

• Hacker Gains Access To WordPress.com Servers, Site Source Code Exposed
• WordPress.com Servers Hit in Security Breach
• WordPress.com suffers hacker attack – how to change your password | Naked Security
• Security Incident — Blog — WordPress.com

New zero-day vulnerability in Adobe Flash found (Chrome is already patched):

• Adobe: Zero-day attacks targeting Flash Player hole | InSecurity Complex – CNET News
• New Adobe Flash zero day in the wild – infects through MS Word documents | Naked Security
• New Adobe Flash Zero Day Being Exploited? — Krebs on Security

Other interesting news:

• Do-not-track feature coming to Safari
• Toshiba’s New Self-Erasing Hard Drives: The Ultimate in Data Security – PCWorld
• Senator seeks to end wasteful government cybersecurity spending | Homeland Security News Wire
• Researcher: Police increasingly peeping at e-mail, instant messages | E-Mail & Internet | Macworld
• Security firm Barracuda hit by cyberattack | Security – CNET News
• State of Texas exposes data on 3.5 million people | Naked Security
• Michael Geist on the Conservatives: ‘incredibly problematic for the Internet, privacy, and online freedoms’ – Techvibes.com

If you have suggestions for future shows, let me know at tris [at] ecryptinc.com and don’t forget you can find PNR on iTunes.

Until next week, stay safe.

Music is by Derek K. Miller and, yes, he really did write it for me.

The big news of the week (and I wrote about it earlier on the eCrypt blog) was the hack at email marketing company Epsilon. While people weren’t directly put at risk from the loss of thousands of email addresses to hackers, what is more likely is that we’re more vulnerable to targeted spam and phishing attacks. For more info on this attack see my post above and these other articles:

• What the Epsilson hack really means–email addresses are worth money | eCrypt Technologies Blog
• Errata Security: How to protect yourself from future “Epsilon” breach
• Compromised email? Avoid the scams | E-Mail & Internet | Mac 911 | Macworld
• Epsilon Internet security breach affects Canadian consumers – Digital Life
• Epsilon Breach Raises Specter of Spear Phishing — Krebs on Security
• Epsilon email address megaleak hands customers’ customers to spammers | Naked Security

The EFF is keeping up the pressure and discussion about flaws in how secure certificates are issued with their research on “unqualified domain” certificates. A wee technical, but really important to understand:

• Unqualified Names in the SSL Observatory | Electronic Frontier Foundation
• EFF uncovers further evidence of SSL CA bad behavior | Naked Security

On the hacking front, it looks like smartphones are the new hot target. Hackers got their hands on the code for the Stuxnet worm and have released it to the world (like folks probably didn’t have it already. And 2011 has started off with a surge of malware. Oh goody.

• Hackers release Stuxnet’s decompiled code online | Homeland Security News Wire
• Stuxnet heralds age of cyber weapons, virtual arms race | Homeland Security News Wire
• Cell phones are hackers’ target of choice | Homeland Security News Wire
• Surge in malware marks start of year | Security – CNET News

On the side of the good guys, Google is extending download protection to Chrome users like users of IE9 have. An excellent article on CNET reminds us to be watchful of scams and how to avoid them. And WordPress was updated to version 3.1.1 with stability improvements, but also some crucial security fixes:

• Google extends Safe Browsing to Chrome downloads | Naked Security
• How I nearly got scammed on Facebook | Digital Media – CNET News
• WordPress › WordPress 3.1.1

Finally the Conservative Party of Canada is catching some (well deserved) heat for allegedly not allowing someone into a rally because the person has a picture with the Liberal leader on her Facebook page. And there is a new Hacker sitcom on the air. I haven’t seen it yet, but believe me I will. Just as soon as I finish watching Firefly.

• Conservative Party kicks out student over Facebook photo: Social Media Fail – Digital Life
• Is Hacker TV sitcom a true reflection of computer security industry? | Naked Security

There is no interview this week, but my tip of the week is to make an emergency boot drive to bail yourself out in a jam. I suggest using Ubuntu or Jolicloud and Lifehacker has great instructions on how (and more whys) to do it. PCWorld even has more tips on how and why as well.

Don’t forget, you can subscribe to PNR through iTunes!

Music is by Derek K. Miller and, yes, he really did write it for me.

News mentioned in the podcast:

• Android App security
  • Apple’s protected App Store doesn’t look so bad now
  • Amazon Appstore disables Android security
  • Android malware against software piracy | Naked Security
• Buy a Samsung laptop, get a keylogger installed for free! | eCrypt Technologies Blog
  • Fake Android app steals data, takes shot at pirates | InSecurity Complex – CNET News
  • Samsung reportedly installing keylogger software on laptops (update: it’s a false-positive) — Engadget
  • Is Samsung intentionally shipping laptops with keylogger/spy software? | Naked Security
  • Samsung Laptops – Now With Secret Keyloggers? (UPDATED)
  • Lessons from the Samsung rootkit that never existed | Anti virus – InfoWorld
• More Comodo Fallout
  • BBC News – Are secure websites still safe?
  • FBI probes Comodo Web security breach | Privacy Inc. – CNET News
  • Comodo: Web attack broader than initially thought | InSecurity Complex – CNET News
  • Comodo hacker outs himself, claims “no relation to Iranian Cyber Army” | Naked Security
• Schneier on Security: FBI Asks for Cryptanalysis Help
  • FBI asks public for help breaking encrypted notes tied to 1999 murder – Yahoo! News
  • FBI — Help Solve an Open Murder Case, Part 2
  • Layer 8: FBI wants public help solving encrypted notes from murder mystery
• Massive SQL injection attack making the rounds—694K URLs so far
• Dick Hardt’s Sxipper to go out with a whimper in mid-April – Techvibes.com
• Documents Obtained by EFF Reveal FBI Patriot Act Abuses | Electronic Frontier Foundation
• What a Cyberwar With China Might Look Like – PCWorld
• Top Computer Scientists Back WikiLeaks Associates in Twitter Case | Threat Level | Wired.com
• Wait until June for a fix? Throttled WoW player wants ISP fined
• Report: NSA joins Nasdaq hack probe | Security – CNET News
• U.S. Gov’t to Thank for Phone-Wiping Panic Button – PCWorld
• One Thing Well | Singing Passwords
• Facebook adds speed bump to slow down likejackers | Naked Security
• The Mac Security Blog » Intego Discovers New, Improved BlackHole RAT Variant
• Australian Prime Minister Hacked | Threat Level | Wired.com
• This week, the EU parliament computer network is under attack | Naked Security

Coilhouse Magazine looks like it will be a very interesting weekend read for me. Read more about it on io9.

For my tip of the week to force SSL when you browser (aka using HTTPS instead of plain old HTTP). KB SSL Enforcer is the extension I like for Chrome. HTTPS Everywhere from the EFF is great for Firefox. I can’t find my usual suggestions for IE and Safari, so recommendations are welcome in the comments.

Thanks again to Theresa Lalonde for chatting with me this morning.

Music is by Derek K. Miller and, yes, he really did write it for me.

If you have questions, comments, topics for future episodes, or would like to be a guest on Privacy Now Radio, leave a comment or drop me a line at tris [at] ecryptinc.com.

Subscribe to PrivacyNowRadio on iTunes.

Go have a listen:

Chet posted how OS X folks (like most of the eCrypt team) can set our systems to check for revoked certificates. It isn’t great, but it’s better than nothing.

Some of the news and links mentioned in the podcast can be found through these links:

• 1Password
• Facebook detour through China: Accident or not? | InSecurity Complex – CNET News
• Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? | Electronic Frontier Foundation
• Detecting Certificate Authority compromises and web browser collusion | The Tor Blog
• Iran behind certificate fraud, says SSL vendor – SC Magazine US
• Google, Yahoo, Skype targeted in attack linked to Iran | Privacy Inc. – CNET News
• ‘Iranian’ attackers forge Google’s Gmail credentials • The Register
• Fraudulent certificates issued by Comodo, is it time to rethink who we trust? | Naked Security
• Errata Security: No reason to believe Comodo attack came from Iran
• Facebook & Twitter Fail to Control Malicious Web Links | Globalthoughtz
• Twitter’s Long History With Malware [INFOGRAPHIC]
• Social Studies Blog » SXSW: Phil Zimmerman on Cryptography and Freedom in an Age of Constant Surveillance and Data Collection
• European Commission hit by cyberattack – Computerworld
• TripAdvisor: E-mail addresses stolen in data breach | InSecurity Complex – CNET News
• Material on work computer private, court rules – The Globe and Mail
• Play.com admits data breach | Security – CNET News
• BA jihadist relied on Jesus-era encryption | The Register
• Troy Hunt: The only secure password is the one you can’t remember

Music is by Derek K. Miller and, yes, he really did write it for me.

If you have questions, comments, topics for future episodes, or would like to be a guest on Privacy Now Radio, leave a comment or drop me a line at tris [at] ecryptinc.com.