The Privacy, Security, and OSINT Show 283 - Announcements, Updates, & News
Primer: Michael Bazzell spent 18 years as a government computer crime investigator. He shares his Open Source Intelligence (OSINT) insights on his website IntelTechniques. In this episode of the OSINT show, he teaches listeners how to protect their medical information and provides updates on the various OSINT tools in the space.
New Edition Of Book
10th edition of The Open Source Intelligence Techniques book will be released in early 2023
The single chapter about breaches and leaks have been expanded into 4 new chapters of leaks, breaches, ransomware, and logs
Planning a complete overhaul of the first section of the book on computer preparation and virtual machines
Some of the Python programs in Linux VMs are starting to get outdated dependencies. Will be resolving it by using Python VMs
Will be adding a chapter on APIs and advanced API usage
Protonmail And YubiKey
In the last episode, Michael mentioned that Protonmail users could disable the software-based 2FA and only use a hardware token like YubiKey to access their account
This is incorrect
If you have the hardware option turned on, you have to turn it off before you can turn off the software option
This is a bad design
Update Of OSINT Tools Page
Added the Whoxy and WhoisXML options in the APIs section on his website
They provide historical Whois registration info which shows who owns the domain
Both options offer a free limited API trial
Blur
Blur is a way for people to purchase a masked phone number/card
Blur now offers a way for users to delete their information for a cost. Does not recommend this because people should do that themselves the right way
Blur has now been acquired by IronVest
Have no expectations of privacy going forward
Alternatives To Blur
Has his own Twilio account
Privacy.com is free
SpiderFoot
SpiderFoot is a reconnaissance tool
It’s an advanced network site
They have been acquired recently
Medical Group Hit By Ransomware
Ransomware artists tend to publish their data quickly in order to get more money out of the victim
The medical group did not pay the ransomware and the data was disclosed online
Data breaches are common
How Does He Protect Himself?
For some things, he does not give his real name (e.g. with his chiropractor)
He visited dentists using aliases
There are times he needs to use his real name
You do not need to provide your home address. You could provide a P.O. box address
You do not need to provide your true cell phone number. Have a VoIP number specifically for anything medically related
Does not disclose his social security number to any of these organizations
All information presented above is for educational purposes only and should not be taken as investment advice. Summaries are prepared by The Reading Ape. While reasonable efforts are made to provide accurate content, any errors in interpreting and summarizing the source material are ours alone. We disclaim any liability associated with the use of our content.