Your online account credentials have two parts: a user name and a password. Today, most online providers force you to use your email address for your user name. This gives the service provider a guaranteed way to contact (and spam) their users, but it also means that bad guys know half of all your credentials and data brokers have a unique ID to track you across all your accounts. Today I’ll explain the value of using email aliases for your online user names.

In other news: Iranian hackers attack US water plant; CISA launches program to address critical infrastructure threats; Google Drive users report missing data; Plex users fear new feature will leak p0rn watching habits; several articles on the ease of using data broker tools to spy on just about anyone, creating privacy and national security problems; smart mattress company CEO inadvertently reveals extent of data collection; concerns about IoT device sold with a home; overblown fears over Apple’s new NameDrop feature; Zelle offering refunds to some scam victims; and Malwarebyte’s survey of people’s security practices (spoiler: it’s bad).

1. [The Hacker News] Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S. https://thehackernews.com/2023/11/iranian-hackers-exploit-plcs-in-attack.html
   
2. [Dark Reading] CISA Launches Pilot Program to Address Critical Infrastructure Threats https://www.darkreading.com/ics-ot/cisa-launches-pilot-program-critical-infrastructure-threats
   
3. [AppleInsider] Google Drive users complain of missing files, months of data disappearing https://appleinsider.com/articles/23/11/27/google-drive-users-complain-of-missing-files-months-of-data-disappearing
   
4. [404media.co] Plex Users Fear New Feature Will Leak Porn Habits to Their Friends and Family https://www.404media.co/plex-users-fear-discover-together-week-in-review-feature-will-leak-porn-habits-to-their-friends-and-family/
   
5. [Rolling Stone] We Spied on Trump’s ‘Southern White House’ From Our Couches https://www.rollingstone.com/culture/culture-features/data-brokers-trump-tech-spying-privacy-threat-1234897098/
   
6. [9to5mac.com] Data brokers selling even more sensitive info; national security risk, says report https://9to5mac.com/2023/11/14/data-brokers-sensitive-info/
   
7. [MIT Technology Review] The US military’s privacy problem in three charts https://www.technologyreview.com/2023/11/13/1083262/the-us-militarys-privacy-problem-in-three-charts/
   
8. [therecord.media] Court rules automakers can record and intercept owner text messages https://therecord.media/class-action-lawsuit-cars-text-messages-privacy
   
9. [404media.co] CEO Reminds Everyone His Company Collects Customers’ Sleep Data to Make Zeitgeisty Point About OpenAI Drama https://www.404media.co/ceo-reminds-everyone-eightsleep-pod-collects-sleep-data-to-make-zeitgeisty-point-about-openai-drama/
   
10. [sdmmag.com] Who Is Gonna “Own” the IoT? https://www.sdmmag.com/articles/93730-who-is-gonna-own-the-iot
    
11. [TechRadar] NameDrop in iOS 17 doesn’t have to be a privacy nightmare – here’s how to control it https://www.techradar.com/phones/ios/namedrop-in-ios-17-doesnt-have-to-be-a-privacy-nightmare-heres-how-to-control-it
    
12. [9to5mac.com] Zelle scams: App now starting limited refunds, under pressure from lawmakers https://9to5mac.com/2023/11/13/zelle-scams/
    
13. [malwarebytes.com] 3 crucial security steps people should do, but don’t https://www.malwarebytes.com/blog/news/2023/10/the-3-crucial-security-steps-people-should-do-but-dont
    
14. OwnCloud hack: https://www.helpnetsecurity.com/2023/11/28/cve-2023-49103/ 
    
15. Pros & Cons of Antivirus Software: https://firewallsdontstopdragons.com/the-pros-and-cons-of-anti-virus-software/ 
    
16. Tip of the Week: https://firewallsdontstopdragons.com/how-to-use-email-aliases-part-1/
    

• Give the gift of privacy and security: https://fdsd.me/coupons 
  
• Send me your questions! https://fdsd.me/qna 
  
• Support our mission! https://fdsd.me/support 
  
• Subscribe to the newsletter: https://fdsd.me/newsletter 
  
• Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
  

Use these timestamps to jump to a particular section of the show.

• 0:00:57: Important software updates
  
• 0:01:56: News run down
  
• 0:05:18: Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
  
• 0:07:49: CISA Launches Pilot Program to Address Critical Infrastructure Threats
  
• 0:09:38: Google Drive users complain of missing files, data
  
• 0:14:55: Plex Users Fear New Feature Will Leak P*rn Habits to Their Friends and Family
  
• 0:19:34: We Spied on Trump’s ‘Southern White House’ From Our Couches
  
• 0:23:36: Data brokers selling even more sensitive info creating national security risk
  
• 0:26:48: The US military’s privacy problem in three charts
  
• 0:30:33: Court rules automakers can record and intercept owner text messages
  
• 0:32:49: CEO Reminds Everyone His Company Collects Customers’ Sleep Data via Tweet
  
• 0:39:09: Transferring IoT devices in a home sale
  
• 0:43:30: NameDrop in iOS 17 doesn’t have to be a privacy nightmare
  
• 0:47:56: Zelle now starting limited refunds, under pressure from lawmakers
  
• 0:52:08: 3 crucial security steps people should do, but don’t
  
• 0:57:56: Tip of the Week: email aliases
  
• 1:03:12: Plan for December
  
• 1:08:59: Reaching more people