Subscribe here:
Security
13 - Privacy
We bring back Yael Grauer onto the show to talk about privacy. We have discussed privacy in parts before, but specifically, Yael, did a huge opt out list that we want details on. Did you know your info is on these data broker sites. Yael tells out how to get rid of the info, or if it is even worth it.
Big Ass Data Broker Opt Out List Yael Writes Twitter Mastodon SecurityPlanner TallPoppy Want to join our signal group?
Security
12 - Is oAuth the Best Solution?
On this show, we have Tom explain to us what oAuth is, and should we really care about it.
Pros:
Easy Less accounts to track/manage Cons:
Account linking (kinda) [DEPENDING ON IMPLEMENTATION] Your login to a third-party website is controlled by your oauth provider (who you sign in with) Oauth provider bans will affect more than just your primary account Join our signal group.
As always, Like, Comment, and Subscribe
Security
11 - Security that Doesn't Work
On this episode we talk about un-needed security. These are the things that you shouldn’t buy/install/use.
Virus Scanning Phone Scanning Apps Identity Protection Military Grade Encryption VPNs that claim to stop hackers Any tech product on an informercial email the show: hosts (at) shortexplanations (dot) com
Security
10 - The Most Secure Messengers To Keep You Safe
On this show we discuss the big players in secure messengers. Not to spoil the fun, but we both highly recommend Signal.
Threat Model discussion What is our “definition of secure messenger” WhatsApp Group and individual messages are encrypted Uses the Signal Protocol Can see metadata Meta harvests the data as much as possible Facebook Messenger Only in secret mode Secret mode is one device only Developed the same way as WhatsApp Threema Audited, recently had an issue Paid Uses usernames, not phone numbers iMessage Really good if you have Advanced data protection and/or icloud disabled iCloud data security overview Advanced Data Protection for iCloud RCS Google is the majority partner SMS fallback mode How it works Signal Telegram is BAD email the show: hosts (at) shortexplanations (dot) com
Security
009 - VPNs with Yael Grauer
Editor’s Note: Sorry the first few seconds of the audio was bad.
We bring Yael Grauer onto the show discuss her research:
Turns out Yael liked our VPN show. Go check it out. Go follow her:
Yael Writes Twitter Mastodon SecurityPlanner Consumer Reports Digital Lab White Paper PDF Consumer Reports - VPN Testing Consumer Reports - Top VPNS Consumer Reports - Should You Use A VPN Want to join our signal group?
Security
008 - Are All Web Browsers the Same?
Browsers:
Use Firefox or Chrome (Tom prefers Firefox) Edge is fine Safari is fine (Haim uses iOS and Mac) Stay away from alternative / non-mainstream browsers Addons uBlock Origin Your favorite password manager Extension Security History of browsers iOS browers Android browsers email the show: hosts (at) shortexplanations (dot) com
Security
007 - VPNs
VPNs: (we are not making a recommendation)
What is a VPN What isn’t a VPN Should you use a VPN anonymous vs obfuscation VPN vs Tor Are VPNs safe pivpn.io tailscale Private Relay next show is from the consumer reports who tried all the VPNs Join the signal group by emailing us.
email the show: hosts (at) shortexplanations (dot) com
Security
006 - InfoSecSherpa: The Need For Certs?
We speak to InfoSecSherpa about what is bothering her in infosec. Turns out there is a lot of problems with companies and employers requiring a whole bunch of certificates and degrees for entry level jobs. Are certificates necessary (They are not), or are we just making life harder for everyone?
InfoSecSherpa Linktree.
InfoSecSherpa Twitter
Join the signal group by emailing us.
email the show: hosts (at) shortexplanations (dot) com
Security
005 - Multi Factor Authentication
2FA:
What are Factors (Knowledge, Have, Are, Location) Email SMS Dongle-based Code (RSA Tokens, etc) Push-Based Auth (Duo) TOTP (Google Authenticator, Authy, etc) Yubico OTP U2F, FIDO2, WebAuthn Fall Back Safety [If you are not subscribed to short explanations, please sign up. We forwarded the feed from the other podcast for a month.]
email the show: hosts (at) shortexplanations (dot) com
Security
004 - Passwords: What are They Good For?
[If you are not subscribed to short explanations, please sign up. We forwarded the feed from the other podcast for a month.]
Show Notes:
Don’t re-use passwords across sites How do you even remember each password? Using a password scheme (MyPassw0rd-facebook.com) - This is a bad idea because password cracking software knows this trick and will compromise all of your accounts First: Use your password manager generator Chrome Built in / Firefox built in Cred Stuffing Password Rules WEIRD password rules (8 chars, what?