Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
I’m not on the email system yet, so I will have to drop my comment here. Steve and Leo both mentioned Apple’s Advanced Data Protection. Like them, I have been accumulating Apple gear since my iPhone 4S. It wouldnt let me turn the feature on the first couple times I tried. I finally took the extra effort to clear the old hardware off my main apple account. The “retired” phones and ipads still function, but dont need access to most of what I have stored in iCloud. I set up a “burner” apple account and moved my old gear to it. Now my primary account is on ADP and therre are less points of entry into my account - overall a more secure setup.
3 Likes
Steve’s working on a new version of DNSBench, and the Pi-Hole folks just announced a major update! Introducing Pi-hole v6 – Pi-hole
I eagerly await putting this new version to the test, once Steve’s ready 
1 Like
PiHole is local, so you would hope that it is always the fastest! 
One thing, about the reporting of security incidents to authorities. The GDPR makes that much simpler, you have 72 hours (after becoming aware of the incident) to inform them, end of story. If you fail to inform, you are in breach of the GDPR and face stiff fines - stiffer than the ransom payment.
There is no real having to think about it. If you just have a simple virus attack on a single machine, that probably isn’t reportable, but if you have an entity wandering around your network or you have been locked out of your systems and the data possibly exfiltrated, you have to report and deal with the consequences.
I’ve been involved in 2 incidents over the years that needed reporting. We gave the relevant information to our DPO and she handled contacting the relevant agencies, whilst we got around to dealing with the aftermath. We were lucky in both incidences, the attacker was still trying to make a bridgehead and we could kick them out and lock everything down, before they could do any damage. But the report was in and we could update it with a notice that we had successfully blocked the attack and no data had been exfiltrated.
There was no sitting around for 18 months umming and ahhing, wondering whether to report or not. You just report the incident and everyone else is in the same boat, so there is no saving face by covering up the incident - if it comes out later, you are much worse off; both reputationally and financially.
The 72 hours gives you time to lock down the systems and look to see if there is a possibility that data could have been extracted. If it has, or if you are uncertain at that time, you have to report. If you can say with 100% certainty that someone installed malware, but the protections in place blocked it and locked it down, before it could do anything, you don’t have to report.
Well except that the GRC tool uses queries that exercise the recursive resolution of DNS (entries that are known to fail because they’re random unique strings… like d87gd8gd8gd87d87dg.google.com for example). So the efficiency really will depend on which DNS you ask your PiHole to upstream with.
1 Like
Of course, but by how much? 
In all seriousness, I wish I had saved a benchmark from v5 so that I could compare the new v6 release and see what sort of changes there were in performance.