LastPass Source Code Breach

Password manager software maker LastPass suffered a data breach last week, which understandably made their customers very nervous – and caused some people to question the decision to put all their passwords in one digital basket. In today’s show, I’ll explain why this particular breach was not a threat to anyone’s passwords and why you should still use a high quality password manager.

In other news: Former security chief blows the whistle on Twitter; major VPN providers are pulling out of India over surveillance law issues; a set of popular Chrome extensions caught committing click fraud; Google’s new Chrome extension restrictions threaten to hobble ad blockers; a father’s Google accounts are deleted over false AI-flagged CSAM; US Federal Trade Commission sues a data broker over lax protection of location data; EFF finds another data broker selling location data to law enforcement; Google launches bug bounty program for open source software projects; DuckDuckGo’s email privacy protection feature now available to all; Ohio judge rules that scanning students’ rooms before tests is illegal; a flight to Cabo is nearly grounded thanks to a passenger sending dick pics to other passengers, including one of the pilots.

Article Links

1. [The Washington Post] Former security chief claims Twitter buried ‘egregious deficiencies’ https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/
2. [9to5mac.com] Major VPN services shut down in India over anti-privacy law; Apple hasn’t yet commented https://9to5mac.com/2022/09/01/major-vpn-services/
3. [BleepingComputer] Chrome extensions with 1.4 million installs steal browsing data https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/
4. [BleepingComputer] AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules https://www.bleepingcomputer.com/news/security/adguard-s-new-ad-blocker-struggles-with-google-s-manifest-v3-rules/
5. [The New York Times] A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html
6. [Reuters] U.S. FTC sues data broker Kochava for alleged sale of sensitive data https://www.reuters.com/legal/us-ftc-sues-data-broker-kochava-alleged-sale-sensitive-data-2022-08-29/
7. [Electronic Frontier Foundation] Data Broker Helps Police See Everywhere You’ve Been with the Click of a Mouse: EFF Investigation https://www.eff.org/press/releases/data-broker-helps-police-see-everywhere-youve-been-click-mouse-eff-investigation
8. [Naked Security] LastPass source code breach – do we still recommend password managers? https://nakedsecurity.sophos.com/2022/08/29/lastpass-source-code-breach-do-we-still-recommend-password-managers/
9. [Decipher] Google Launches Bug Bounty Program For Open Source Projects https://duo.com/decipher/google-launches-bug-bounty-program-for-its-open-source-projects
10. [Spread Privacy] Protect Your Inbox: DuckDuckGo Email Protection Beta Now Open to All! https://spreadprivacy.com/protect-your-inbox-with-duckduckgo-email-protection/
11. [The Verge] University can’t scan students’ rooms during remote tests, judge rules https://www.theverge.com/2022/8/23/23318067/cleveland-state-university-online-proctoring-decision-room-scan
12. [VICE] Creeps Airdropping Dick Pics Just Made Flying Even Worse https://www.vice.com/en/article/3adag9/southwest-tiktok-video-pilot-airdropped-nudes
13. Tip of the Week: How to Prevent Cyberflashing https://firewallsdontstopdragons.com/how-to-prevent-cyberflashing/ 

Further Info

• Peppering Your Passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/
• Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
• Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 
• Become a Patron! https://www.patreon.com/FirewallsDontStopDragons 
• Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ 
• Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker
• Generate secure passphrases! https://d20key.com/#/

Table of Contents

Use these timestamps to jump to a particular section of the show.

• 0:01:32: Update Google Chrome and older iPhones
• 0:05:48: Twitter whistleblower
• 0:10:29: Major VPN services shutting down in India
• 0:14:00: Popular Chrome extensions committing link fraud
• 0:16:51: Google Chrome changes will limit ad blockers
• 0:23:38: Father loses Google accounts of false CSAM flagging by AI
• 0:27:22: FTC sues data broker
• 0:30:17: EFF research uncovers more police purchases of location data
• 0:34:55: LastPass source code breach
• 0:46:43: Google launches bug bounty for open source software
• 0:49:51: DuckDuckGo email privacy feature now open to all
• 0:55:55: Court blocks scanning of students’ rooms during remote tests
• 1:00:43: Cyberflashing nearly grounds flight
• 1:05:35: Notes on upcoming interviews and shows