Today we talk about two different scams. One involves losing your reward points to be purchased by others (you if you are mean), for real money. The second is why gift card scams work. email the show: hosts (at) shortexplanations (dot) com

Show Notes: On today’s episode we talk about the top 10 things that CISA says is misconfigured. CISA Guide email the show: hosts (at) shortexplanations (dot) com

On today’s show we remind everyone to update your computers. Specifically we talk about a flaw in WebP, a lesser known standard that was recently pactched. It is also Cybersecurity Awareness Month, so we go through the steps CISA has told us to do. WebP CISA Guide (Warning PDF) email the show: hosts (at) shortexplanations (dot) com

We get a good, but unexpected update about a site we have recommended in the past. PrivacyGuides.org. If you ever wanted to know what was the best privacy focused tool, PrivacyGuides.org is your place. We won’t mention the other site. Follow Jonah on YouTube PrivacyGuides.org The Story and move Jonah’s Podcast Donate to Privacy Guides email the show: hosts (at) shortexplanations (dot) com

On this episode we talk about various tracking signals: Proxy Metrics (this person buys a lot of 3D Printer filament, maybe we should advertise 3D printer nozzles) Phone Company Tracking GPS Web Tracking (like buttons, Google Analytics) App Permissions (Location, Network Scanning, etc) Payment Tracking Rewards Cards (Starbucks, Kroger Plus, etc) Debit/Credit tracking Physical Tracking BLE Beacons Wifi Beacons Facebook is not hot-micing your phone email the show: hosts (at) shortexplanations (dot) com

We bring back InfoSecSherpa about what is bothering her in infosec. Today we talk about conferences, specifically HackSummerCamp in Blackhat, Bsides, and Defcon. Maybe you should focus on the smaller conferences, and work your way up. InfoSecSherpa Linktree. InfoSecSherpa Twitter email the show: hosts (at) shortexplanations (dot) com

On this episode we give a very brief overview of what DNS is. We explain the joke of why it is never DNS, but often it is. https://www.internetsociety.org/resources/deploy360/dns-privacy/intro/ https://en.wikipedia.org/wiki/DNS_over_HTTPS https://en.wikipedia.org/wiki/DNS_over_TLS https://en.wikipedia.org/wiki/DNSCrypt https://www.cloudflare.com/learning/dns/dns-over-tls/ The best way to help the show is to subscribe to the podcast, and subscribe on youtube. Donations always help. email the show: hosts (at) shortexplanations (dot) com

CIA (Not that CIA) We talk about what CIA is, from what it stands for, and how to start to implement it. Confidentiality Integrity Availability The best way to help the show is to subscribe to the podcast, and subscribe on youtube. Donations always help. email the show: hosts (at) shortexplanations (dot) com

TOTP Randomness RNGs PRNGs Seeded PRNGs Hash Functions What are they / Where are they used? Important to keep in mind that there are crytpographic and non-cryptographic hash functions TOTP combines Seeded PRNGs and Cryptographic Hash Functions to generate predictable, “random” codes using a seed and the current time. As long as your device has the correct time, you can generate the correct code This seed is present on your device (usually loaded through a QR code) and on the server.

News HP Printer Update Shenanigans (also HP 9020e - error code 83C0000B) Just buy the Brother Laser Printer Thing .zip tld is a nightmare How to share Netflix with Tailscale Section 230 is still good Keepass Vuln - Physical Attack Want to join our signal group? It is free, just email the show email the show: hosts (at) shortexplanations (dot) com