Our devices are connected to the Internet 24/7 and the only thing separating them from the bad guys is usually your home router. In the era of smart devices and the Internet of Things (IoT), we also now have many more doohickeys connected to the Internet – most of them with crappy security. If one of those devices is compromised, the bad guys now have a beachhead from which to probe and attack all your other devices. In today’s show, we’ll review some important cybersecurity tips for our home network and connected devices.

In other news: police raid homes of alleged ransomware gang; locally exploitable TPM 2.0 security flaws found; White House unveils comprehensive cybersecurity strategy; new LastPass breach details show specific employee was targeted at home; browser synchronization features may compromise employer systems; Catholic group buys data to target gay priests; private home webcams are a goldmine for police evidence gathering; telehealth companies leak sensitive patient data; ICE and Secret Service admit to using cell-site simulators to collect mass surveillance data.

1. [The Verge] Police raid homes of alleged hackers who attacked hospital systems https://www.theverge.com/2023/3/6/23627238/hackers-ransomware-raid-german-ukrainian-police
   
2. [TechSpot] Two security flaws in the TPM 2.0 specs put cryptographic keys at risk https://www.techspot.com/news/97824-two-security-flaws-tpm-20-specs-put-cryptographic.html
   
3. [The Washington Post] Biden unveils cyber strategy that takes more aggressive regulatory approach https://www.washingtonpost.com/national-security/2023/03/02/cybersecurity-biden/
   
4. [Ars Technica] LastPass says employee’s home computer was hacked and corporate vault taken https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/
   
5. [Kaspersky] Disable browser synchronization in the office https://www.kaspersky.com/blog/disable-browser-sync-enterprise/47460/
   
6. [The Washington Post] Catholic group spent millions on app data that tracked gay priests https://www.washingtonpost.com/dc-md-va/2023/03/09/catholics-gay-priests-grindr-data-bishops/
   
7. [Electronic Frontier Foundation] Report: ICE and the Secret Service Conducted Illegal Surveillance of Cell Phones https://www.eff.org/deeplinks/2023/03/report-ice-and-secret-service-conducted-illegal-surveillance-cell-phones
   
8. [POLITICO] The privacy loophole in your doorbell https://www.politico.com/news/2023/03/07/privacy-loophole-ring-doorbell-00084979
   
9. [TechCrunch] Telehealth startup Cerebral shared millions of patients’ data with advertisers https://techcrunch.com/2023/03/10/cerebral-shared-millions-patient-data-advertisers/
   
10. [NPR] Personal information of members of Congress exposed in health data breach https://www.npr.org/2023/03/09/1162191035/personal-information-of-u-s-house-members-exposed-in-health-data-breach
    
11. Securing Your Home Network: https://firewallsdontstopdragons.com/how-to-secure-your-home-network/ 
    

• Apple’s HomeKit Secure Video: https://support.apple.com/en-us/HT210538
  
• Shodan: https://www.shodan.io/
  
• What’s My IP? https://www.whatismyip.com/
  
• NSA home network security (PDF): https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
  
• What a VPN Is (and Isn’t): https://firewallsdontstopdragons.com/what-a-vpn-is-and-isnt/
  
• Get your Dragon Swag! https://fdsd.me/merch 
  
• Send me your questions! https://fdsd.me/qna 
  
• Support our mission! https://fdsd.me/support 
  
• Subscribe to the newsletter: https://fdsd.me/newsletter 
  
• Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
  
• Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest 
  
• Generate secure passphrases! https://d20key.com/#/ 
  

Use these timestamps to jump to a particular section of the show.

• 0:00:16: News preview
  
• 0:02:16: Police raid homes of alleged health system hackers
  
• 0:04:16: Two security flaws in the TPM 2.0 spec
  
• 0:08:50: White House unveils aggressive cyber strategy
  
• 0:14:41: LastPass breach details sophisticated attack
  
• 0:25:09: Bbrowser synchronization can create risk to corporate systems
  
• 0:30:49: Catholic group bought app data that tracked gay priests
  
• 0:33:53: Ring doorbell data dragnet
  
• 0:43:09: ICE Conducted Illegal Surveillance of Cell Phones
  
• 0:46:36: Cerebral shared millions of patients’ data with advertisers
  
• 0:49:59: Personal information of members of Congress exposed in health data breach
  
• 0:52:19: Dear Carey: secure, privavy home web cameras
  
• 0:59:00: Tip of the Week: Securing Your Home Network
  
• 1:05:52: Wrap-up and looking ahead