Bra podcast
Sveriges mest populära poddar
- Affärsnyheter
- Alternativ hälsa
- Amerikansk fotboll
- Andlighet
- Animering och manga
- Astronomi
- Barn och familj
- Baseball
- Basket
- Berättelser för barn
- Böcker
- Brottning
- Buddhism
- Dagliga nyheter
- Dans och teater
- Design
- Djur
- Dokumentär
- Drama
- Efterprogram
- Entreprenörskap
- Fantasysporter
- Filmhistoria
- Filmintervjuer
- Filmrecensioner
- Filosofi
- Flyg
- Föräldraskap
- Fordon
- Fotboll
- Fritid
- Fysik
- Geovetenskap
- Golf
- Hälsa och motion
- Hantverk
- Hinduism
- Historia
- Hobbies
- Hockey
- Hus och trädgård
- Ideell
- Improvisering
- Investering
- Islam
- Judendom
- Karriär
- Kemi
- Komedi
- Komedifiktion
- Komediintervjuer
- Konst
- Kristendom
- Kurser
- Ledarskap
- Life Science
- Löpning
- Marknadsföring
- Mat
- Matematik
- Medicin
- Mental hälsa
- Mode och skönhet
- Motion
- Musik
- Musikhistoria
- Musikintervjuer
- Musikkommentarer
- Näringslära
- Näringsliv
- Natur
- Naturvetenskap
- Nyheter
- Nyhetskommentarer
- Personliga dagböcker
- Platser och resor
- Poddar
- Politik
- Relationer
- Religion
- Religion och spiritualitet
- Rugby
- Så gör man
- Sällskapsspel
- Samhälle och kultur
- Samhällsvetenskap
- Science fiction
- Sexualitet
- Simning
- Självhjälp
- Skönlitteratur
- Spel
- Sport
- Sportnyheter
- Språkkurs
- Stat och kommun
- Ståupp
- Tekniknyheter
- Teknologi
- Tennis
- TV och film
- TV-recensioner
- Underhållningsnyheter
- Utbildning
- Utbildning för barn
- Verkliga brott
- Vetenskap
- Vildmarken
- Visuell konst
Smashing Security
A helpful and hilarious take on the week's tech SNAFUs.
400 avsnitt • Längd: 50 min • Veckovis: Onsdag
Om podden
A helpful and hilarious take on the week’s tech SNAFUs.
Computer security industry veterans Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy. It’s not your typical cybersecurity podcast…
Winner of the best and most entertaining cybersecurity podcast awards in 2018, 2019, 2022, 2023, and 2024, Smashing Security has had over ten million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Rory Cellan-Jones.
Follow the podcast on Twitter at @smashinsecurity, and subscribe for free in your favourite podcast app. New episodes released at 7pm EST every Wednesday (midnight UK).
This podcast uses the following third-party services for analysis:
OP3 – https://op3.dev/privacy
The podcast Smashing Security is created by Graham Cluley & Carole Theriault. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Avsnitt
Unleash the AI bot army against the scammers - now!
26 mars 2025 |
34 min
A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- O2’s AI granny Daisy unveils what she’s learnt from her time on the phone to scammers – and what you can do to ruin their day - O2.
- Lenny - The Telemarketing Troll.
- I Built a Bot Army that Scams Scammers - Kitboga on YouTube.
- Takeaways From Our Money Laundering Investigation - The New York Times.
- Infiltrating scammer networks with the world’s top fraud fighters - YouTube.
- Open Street Map - Open Street Map.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Peeping perverts and FBI phone calls
19 mars 2025 |
35 min
In episode 409 of the "Smashing Security" podcast, we uncover the curious case of the Chinese cyber-attack on Littleton's Electric Light Company, and a California landlord's hidden camera scandal.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- This is the FBI, open up. China's Volt Typhoon is on your network - The Register.
- Landlord recorded nude videos of woman tenant with cameras hidden in bedroom smoke detectors, lawsuit says - The Independent.
- Landlord arrested after tenant discovers hidden camera in rented room - PBSO.
- Hidden Cameras: What Travelers Need to Know - The New York Times.
- Shakespeare insults t-shirt - Royal Shakespeare Company.
- OAS Exhibitions - Oxford Art Society.
- Carole’s “Rusty Sage” - Bluesky.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
- Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A gag order backfires, and a snail mail ransom demand
12 mars 2025 |
33 min
What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps?
Find out about this, and more, in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- 'We wanted to help': Students arrested after exposing FreeHour security flaw - Times of Malta.
- Medusa ransomware gang demands $2M from UK private health services provider - DataBreaches.net.
- Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach - DataBreaches.net.
- HCRG Care’s lawyers claimed an injunction issued in a “private” hearing required us to remove two posts. We didn’t comply - DataBreaches.net.
- Security firm leaves more than five billion records exposed on unsecured database - Graham Cluley.
- After threatening me with legal action, Keepnet Labs finally issues statement over data breach - Graham Cluley.
- Sophos apologises for going legal on school techies - The Register.
- Mail Scam Targeting Corporate Executives Claims Ties to Ransomware - IC3.
- One of the nastiest ransomware groups around may have a whole new way of doing things - TechRadar.
- Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear - GuidePoint Security.
- Severance - Apple TV+.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Palo Alto Networks - Get the 2025 Unit 42 Global Incident Response report to discover emerging threat trends, attacker tactics and expert recommendations to safeguard your business.
- Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
HP's hold music, and human trafficking
5 mars 2025 |
54 min
Journey with us to Myanmar's shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company's mandatory hold time for tech support could lead to innocent users having their computers compromised.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus - don't miss our featured interview with Acronis CISO Gerald Beuchelt!
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- HP deliberately adds 15 minutes waiting time for telephone support calls - The Register.
- HP mandated 15-minute wait time for callers - why that was good news for criminals - Bob Sullivan.
- How vulnerable people are trafficked to fuel a global cyber scam industry - ABC News.
- Hundreds of foreigners freed from Myanmar's scam centres - BBC News.
- 'I need help': Freed from Myanmar's scam centres, thousands are now stranded - BBC News.
- Some foreigners pulled out of Myanmar scam centres face struggle to get home - Yahoo! News.
- 'Pig Butchering' Scam: How China's 'Broken Tooth' stole over $75 bn from global investors using crypto currencies - The Economic Times.
- Scunthorpe problem - Wikipedia.
- Scunthorpe Sans font.
- Sociopath: A Memoir by Patric Gagne - Goodreads.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Acronis - Integrated cybersecurity, data protection and endpoint management built for MSPs.
- Threat Vector - The podcast from Palo Alto Networks that gives you timely analysis of current security trends and challenges.
- Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
History's biggest heist just happened, and online abuse
26 februari 2025 |
33 min
We explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Incident Update: Unauthorized Activity Involving ETH Cold Wallet - Bybit.
- Bybit Launches Recovery Bounty Program with Rewards up to 10% of Stolen Funds - Bybit.
- ZachXBT links Bybit hack to Lazarus Group - Twitter.
- Online Safety Act: explainer - GOV.UK
- These Are The 10 Most Complained-About TV Moments In Ofcom's History - Ofcom.
- Ofcom to push for better age verification, filters and 40 other checks in new online child safety code - TechCrunch.
- UK’s internet watchdog toughens approach to deepfake porn - TechCrunch.
- Girlguiding research exposes alarming online harms facing girls - Charity Today News.
- Ofcom's approach to implementing the Online Safety Act - Ofcom.
- Women's abuse online: 'I get trolled every second, every day' - BBC.
- Amanda’s funniest moments in Motherland - YouTube.
- Amandaland - BBC iPlayer.
- Cassandra Sci-Fi Thriller limited series - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
- Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demo
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A crypto con exchange, and soaring ticket scams
19 februari 2025 |
52 min
From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around the world.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
PLUS! Don't miss our featured interview with Cliff Crosland of Scanner.dev
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Russian National And Bitcoin Exchange Charged In 21-Count Indictment For Operating Alleged International Money Laundering Scheme And Allegedly Laundering Funds From Hack Of Mt. Gox - US Dept of Justice.
- BTC-e Operator Pleads Guilty to Money Laundering Conspiracy - US Dept of Justice.
- US releases Russian cybercriminal as part of exchange for teacher Marc Fogel - The Guardian.
- Lloyds Bank issues urgent warning over Taylor Swift ticket scams - Lloyds.
- Warning after more than 120k people queue for Black Sabbath Villa Park tickets as fans say 'scam' - Birmingham Live.
- ‘Don’t buy tickets for Beyoncé’ - Minister Gayton McKenzie warns South Africans of concert scam - Independent Online.
- Beyonce Cowboy Carter tour fake tickets scam: Ticketmaster warns fans - USA Today.
- Singapore ticket scam queen jailed for three years after conning 76 Taylor Swift fans of S$110,000 - Malaysia News.
- Did Ozzy Osbourne really eat a bat? - Rock and Roll Garage.
- How to stop hiccups - Graham Cluley.
- The Telepathy Tapes podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
- Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demo
- Harmonic - Stop data leaks, not innovation. Zero-touch data protection for the GenAI era.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Podcast not found
12 februari 2025 |
50 min
The story of how hackers managed to compromise the US Government's official SEC Twitter account to boost the price of Bitcoins, AI isn't helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware?
All this and more is discussed in episode 404 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Jane Wakefield.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- SEC's Twitter account hacked to say Bitcoin ETFs approved - Hot for Security.
- Twitter says it’s not its fault the SEC’s account got hacked - Graham Cluley.
- SEC Twitter hack blamed on SIM swap attack - Hot for Security.
- The SEC’s X account got hacked by a 25-year-old who went by ‘AGiantSchnauzer’ and got paid in Bitcoin, feds say - Fortune.
- Pupils share conspiracy theories for fun, with girls ‘more susceptible’ - The Times.
- AI chatbots unable to accurately summarise news, BBC finds - BBC News.
- US-led cybersecurity coalition vows to not pay hackers' ransom demands - TechCrunch.
- 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments - Chain Analysis.
- Ransomware: proposals to increase incident reporting and reduce payments to criminals - GOV.UK.
- The 2024 Ransomware Landscape: ‘Looking back on another painful year’ - IT Wire.
- The Space Doctor’s Big Idea by Randall Munroe - The New Yorker.
- Reading guide: Creation Lake by Rachel Kushner - Booker Prizes.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
- Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.
- Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demo
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Coinbase crypto heists, QR codes, and ransomware in the classroom
5 februari 2025 |
50 min
In episode 403 of "Smashing Security" we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham's DMs, Geoff gives a poor grade for PowerSchool's security, and Carole takes a curious look at QR codes.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- ZachXBT’s thread - Twitter.
- Coinbase employee tells users not to use a VPN or ad blocker - Twitter.
- What PowerSchool won’t say about its data breach affecting millions of students - TechCrunch.
- QR code - Wikipedia.
- Reed–Solomon error correction - Wikipedia.
- Urgent warning over QR code scam tricking drivers out of £100s at popular car parks - Express.
- Scam alert: QR code on an unexpected package - Consumer Advice
- New Star Blizzard spear-phishing campaign targets WhatsApp accounts - Microsoft Security Blog.
- What You Must Know Before Scanning a QR Code - AARP.
- “More” - Niall Conlon.
- “Money Men” by Dan McCrum - Penguin Books.
- Bitter Orange Marmalade Recipe - Ballymaloe Cooking School.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
- 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
- Cortex Symphony 2025 - Ready to transform your cybersecurity? Register now to see the future of security innovation with exclusive insights, demos, and stories from pros.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hackers get hacked, the British Museum IT shutdown, and social media kidnaps
29 januari 2025 |
47 min
What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee's actions led to chaos and raise urgent questions about the security of cultural treasures. And join us as we explore the alarming trend of social media influencers staging fake kidnappings.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated by Threat Actors and Disrupting Its Operations - CloudSEK.
- British Museum forced to partly close after alleged IT attack by former employee - The Guardian.
- Chart: What Do You Want to be When You Grow Up?- Statista.
- Tikked off: What happens when TikTok fame fades - Vox.
- Influencer burnout is real - Vox.
- Influencer slammed for staging fake kidnapping plot because she was ‘bored’ - Mirror Online.
- "Mom influencer" Katie Sorensen sentenced to jail for falsely claiming couple tried to kidnap her kids at a crafts store - CBS News.
- Stock market influencer on the way to Coldplay concert kidnapped by data theft gang - The New Indian Express.
- Raycast.
- “Thank Goodness You’re Here” video game.
- The We Society Podcast - Academy of Social Sciences.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
- 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacks on the high seas, and how your home can be stolen under your nose
22 januari 2025 |
50 min
An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.
All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Plus - don't miss our featured interview with Avery Pennarun of Tailscale.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Report from Corriere Di Bologna newspaper.
- Caro Musk, assumi subito l’hacker quindicenne di Cesena – Il Foglio.
- 15-Year-Old Hacker Diverts Ships in Mediterranean Sea for Fun – Hot for Security.
- 90-year-old immigrant could lose Brooklyn home after deed theft scam, family says – CBS News.
- Protect your home. Spot the signs of deed theft – Better Business Bureau.
- Woman Charged for Scheme to Defraud Elvis Presley’s Family – DOJ.
- Home Title Theft: How To Protect Yourself – Forbes Advisor.
- Here’s How Scammers in America Can Take the Title to Your Home Without You Knowing It – Moneywise.
- Could a Criminal Use Deed Fraud to Steal Your Entire Home? – AARP.
- Could Fraudsters Steal Your Home From Under Your Nose? – HomeOwners Alliance.
- Wizard Zines.
- Listen for the Lie – Amazon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
- 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacker games, AI travel surveillance, and 25 years of IoT
15 januari 2025 |
49 min
The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Player of Games - Grimes.
- ‘Path of Exile 2’ Players Call Bulls**t on Elon Musk’s Video Game Stream - Gizmodo.
- Elon Musk "Playing" Path of Exile 2 - YouTube.
- Elon Musk is Lying About Being Good at Video Games - YouTube.
- Elon Musk Streams His ”Totally Not Boosted” ‘Path of Exile 2’ Character, Proves He Has No Idea What He’s Doing - Vice.
- Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters - 404 Media.
- Inside the Black Box of Predictive Travel Surveillance - WIRED.
- Average Number of Smart Devices in a Home 2025 - Consumer Affairs.
- Global IoT and non-IoT connections 2010-2025 - Statista.
- U.S. Cyber Trust Mark: New Label for IoT Devices - National Law Review.
- How the Internet of Things will be good for the planet - Thales Group.
- The ‘Worst in Show’ CES products put your data at risk and cause waste, privacy advocates say - AP News.
- The CES worst in show awards lampoon AI everthing - The Register.
- The Worst Devices of CES 2025!! - YouTube.
- This Could Be Your AI Robot Girlfriend - For $175,000 - Forbes.
- Pick of the week! archive - Smashing Security.
- Elton John: Never too late - Disney Plus.
- Apple News.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Honey in hot water, and reset your devices
8 januari 2025 |
37 min
Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.
Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Exposing the Honey Influencer Scam - MegaLag on YouTube.
- The Honey Scam: Explained - Marques Brownlee on YouTube.
- 14 million people don’t know how to erase their data from an old device - ICO.
- Electronics hoarding habit among Brits and Americans - SellCell.
- Practical advice for online and electronic devices - ICO.
- How to factory reset your Google Pixel phone - Google.
- How to factory reset your iPhone, iPad, or iPod touch - Apple.
- Reset your Android device to factory settings - Google.
- Erase your Mac and reset it to factory settings - Apple.
- Reset your PC - Microsoft.
- How do I perform a factory reset on my Samsung mobile device? - Samsung.
- Kagi search engine.
- Battery Heated Clothing - Fieldsheer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Fake CAPTCHAs, Harmageddon, and Krispy Kreme
18 december 2024 |
49 min
This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing a ransomware attack.
All this and more is discussed in the latest jam-packed edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of "The AI Fix" podcast.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- CAPTCHAs from hell - Reddit.
- “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising - Guardio.
- AI Safety Clock Ticks Closer To ‘Midnight,’ Signifying Rising Risk - Forbes.
- Krispy Kreme admits there's a hole in its security - The Register.
- Nutritional and Allergen Information - Krispy Kreme.
- &UDM=14.
- Does one line fix Google? - Tedium.
- ElevenLabs.
- The GCHQ Christmas Challenge 2024 - GCHQ.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
- ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Snowflake hackers, and under the influence
11 december 2024 |
35 min
A Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Accused Kitchener hacker unmasked after threatening woman online - The Waterloo Region Record.
- Canadian Man Arrested in Snowflake Data Extortions - Krebs on Security.
- Who wants to be next? - Bluesky post by Allison Nixon.
- Crypto Trader Kills His Mum For £500k After Going Into Debt To Maintain 'Perfect Lifestyle' - IB Times.
- Autopsy reveals injuries on body of Colleen Rebelo’s body after alleged murder - Australia News.
- Influencer Marketing Statistics 2024 - Artios.
- BLACKkKLANSMAN trailer - YouTube.
- A Soft Murmur.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
- ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Dishy DDoS dramas, and mining our minds for data
4 december 2024 |
35 min
A CEO is arrested for turning satellite receivers into DDoS attack weapons, and we journey into the world of bossware and "affective computing" and explore how AI is learning to read our emotions – is this the future of work, or a recipe for dystopia?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Korea arrests CEO for adding DDoS feature to satellite receivers - Bleeping Computer.
- Data on our minds: affective computing at work - IFOW.
- How Much Does 'Bossware' Really Curb Remote Work Slacking? - Inc.
- MN8 – 2 Channel EEG Headphones - Emotiv.
- Commercial EEG Headsets for Enterprises - Emotiv.
- ‘Bossware’ computer tracking devices harm workers’ wellbeing, says report - The Times.
- Your Company’s Bossware Could Get You in Legal Trouble - 1Password.
- The Abandoned, Apocalyptic Architecture of One Bold 1970s Retail Chain - Atlas Obscura.
- Bankrupt - BEST Products Co. - YouTube.
- Defunct BEST Products Store Architecture Documentary - YouTube.
- Play Winning Cribbage - Amazon.
- Cribbage Classic - iOS App Store.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
- ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Gym hacking, disappearing DNA, and a social lockout
27 november 2024 |
50 min
A Kansas City man is accused of hacking into local businesses, not to steal money, but to... get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what's happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- KC Man Indicted for Computer Hacking - Department of Justice.
- DNA testing company vanishes along with its customers’ genetic data - Malwarebytes.
- DNA firm holding highly sensitive data 'vanishes' without warning - BBC News.
- Australia proposes 'world-leading' ban on social media for children under 16 - Reuters.
- The government has introduced laws for its social media ban. But key details are still missing - The Conversation.
- Australia's under-16 social media age ban legislation excludes messaging apps - YouTube.
- Australia’s plan to ban children from social media popular but problematic - PBS News.
- Which Countries Are Considering Social Media Bans For Teens? - Newsweek.
- Graham’s previous encounter with hobs with knobs - Smashing Security.
- “The Day of the Jackal” trailer - YouTube.
- "Anora” trailer - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Digital arrest scams and stream-jacking
20 november 2024 |
45 min
In our latest episode we discuss how a woman hid under the bed after scammers told her she was under "digital arrest", how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- 'You are under digital arrest': Inside a scam looting millions from Indians - BBC News.
- Digital Arrest Scam: How You Can Stay Safe - YouTube.
- Tamil Nadu Professor Placed Under Digital Arrest, Duped of Rs 10 Lakh - YouTube.
- 'Mann Ki Baat' episode 115 - India Prime Minister Narendra Modi.
- “My YouTube Channel Got Deleted Last Night..” - Bitz on YouTube.
- NCA shuts down major fraud platform responsible for 1.8 million scam calls - National Crime Agency.
- O2 launches free anti-scam caller identification for millions of customers - O2.
- AI Scambaiters: O2 creates AI Granny to waste scammers’ time - YouTube.
- “StreamJacking” - Hijacking Hundreds of YouTube Channels Per Day Propagating Elon Musk Branded Crypto Giveaway Scams - Guardio.
- Graham Cluley on Bluesky.
- Maria Varmazis on Bluesky.
- Dan Da Dan - Netflix.
- Butter by Asako Yuzuki - Harper Collins.
- 'Butter' book review: Meditations on murders - The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Who needs a laptop to hack when you have a Firestick?
13 november 2024 |
63 min
Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil's COVID vaccination data, his exploits were legendary. But his hacking spree took a bizarre turn when he was placed under police protection... in a Travelodge outside Oxford.
Plus Bengal cat lovers in Australia should be on their guard, as your furry feline friends might be leading you into a dangerous trap., and there's yet more headaches for troubled 23andMe.
All this and much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
Plus don't miss our featured interview with Paul Fryer from BlackBerry.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- FBI issues warning as crooks ramp up emergency data request scams - The Register.
- Optimistic father of LAPSUS$ hacking suspect says he’s going to try to stop him using computers - Graham Cluley.
- LAPSUS$: GTA 6 hacker handed indefinite hospital order - BBC News.
- This Teenage Hacker Became a Legend Attacking Companies. Then His Rivals Attacked Him - Wall Street Journal.
- Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign - Sophos.
- Struggling DNA-testing site 23andMe to lay off 40% of its workers - BBC News.
- Remember That DNA You Gave 23andMe? - The Atlantic.
- Big Pharma Would Like Your DNA - The Atlantic.
- Addressing Data Security Concerns - Action Plan - 23andMe Blog.
- YTCH - YouTube-like cable TV.
- Space: 1999 opening titles - YouTube.
- Space: 1999 - Wikipedia.
- Wicked movie: Mattel 'deeply regrets' porn site misprint on dolls - BBC News.
- The Wicked Movie - Official Wicked Movie site.
- Mattel's 'Wicked' Movie Dolls Mistakenly List Porn Site on Packaging - Variety.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, Bluesky, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Pasta spies and private eyes, and are you applying for a ghost job?
6 november 2024 |
31 min
Mamma Mia! A major hacking scandal in Italy has expanded to include alleged involvement from Israel and the Vatican, and just why are companies advertising jobs that don't exist?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Massive hack-for-hire scandal rocks Italian political elites - Politico.
- Dossieraggi, i contatti con il Mossad e i dati passati al Vaticano. “Aiutiamo la Chiesa contro la Russia o no?” - La Repubblica.
- That position you just applied for might be a 'ghost job' that'll never be filled - The Register.
- Ghost jobs: why do 40% of companies advertise positions that don’t exist? - The Guardian.
- Job boards are still rife with 'ghost jobs'. What's the point? - BBC.
- How To Spot Ghost Jobs And Make Your Job Search More Efficient - Forbes.
- What Are Ghost Jobs and How Can You Avoid Them? - Tech.co
- That job you applied for might not exist. Here's what's behind a boom in "ghost jobs." - CBS News.
- The Coming Storm - BBC Radio 4.
- Things fell apart - BBC Sounds.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Flashpoint - Access the industry’s best threat data and intelligence.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The secret Strava service, deepfakes, and crocodiles
30 oktober 2024 |
35 min
In this week's episode your hosts practice standing on one leg, Carole gives Graham a deepfake quiz, and we investigate how Strava may be exposing the movements of world leaders.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Smashing Security #063: Carole’s back.
- Privacy of fitness tracking apps in the spotlight after soldiers' exercise routes shared online - We Live Security.
- Smashing Security #330: Deepfake Martin Lewis, and a deadly jog in the park.
- How Emmanuel Macron can be tracked - Le Monde.
- How Emmanuel Macron can be tracked - YouTube.
- The Pentagon Wants to Use AI to Create Deepfake Internet Users - Intercept.
- Is AI eroding democracy ahead of the US election? - BBC News.
- Fooled twice: People cannot detect deepfakes but think they can - PMC.
- Detect Fakes - Kellogg Northwestern.
- DON'T LET AI STEAL YOUR VOTE! - YouTube.
- Deepfakes fool more than half of Americans, UVU study shows - KLS News radio.
- Crocodiles Of The World.
- Here's How Long You Should Be Able To Stand On 1 Leg By Age - Huffington Post.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
When security firms get hacked, and your new North Korean remote worker
23 oktober 2024 |
31 min
The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired... but what's their plan?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- SolarWinds Sunburst supply chain attack - Wikipedia.
- Rep. Katie Porter slams SolarWinds for its poor passwords - Twitter.
- SEC Charges Four Companies With Misleading Cyber Disclosures - SEC.
- Western firm hacked by North Korean cybercriminal hired as remote IT worker - Computing.
- Engaging with a Remote Workforce: Statistics and Strategies for Success - Government Events.
- 67% Of U.S. Employers To Lose Employees To Remote Work In 2024 - Forbes.
- A company's remote-working hire turns out to be in North Korea. He tried to hold it to ransom - Business Insider.
- US company accidentally hires North Korean for remote work, gets blackmailed when they try to fire him - IBTimes.
- Watch “Undercover: Exposing the Far Right” - Channel 4.
- Undercover film exposing UK far-right activists pulled from London festival - The Guardian.
- Kermode and Mayo’s Take - YouTube.
- The Fear of God: 25 Years of the Exorcist – BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
WordPress vs WP Engine, and the Internet Archive is down
16 oktober 2024 |
38 min
WordPress's emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- WP Engine is not WordPress - WordPress.
- Secure Custom Fields - WordPress.
- Tweet from Advanced Custom Fields.
- Advisory: Advanced Custom Fields changes - Tim Nash.
- WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly - The Register.
- Internet Archive hacked, data breach impacts 31 million users - Bleeping Computer.
- The Internet Archive is still down but will return in ‘days, not weeks’ - The Verge.
- Dimsdale podcasts - OTR radio drama comedy and more.
- Jeff Goldblum’s furiously fun Greek gods drama is a masterpiece - The Guardian.
- KAOS - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Flashpoint - Access the industry’s best threat data and intelligence.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Vacuum cleaner voyeur, and pepperoni pact blocks payout
9 oktober 2024 |
40 min
Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- We hacked a robot vacuum — and could watch live through its camera - ABC News.
- Their Uber Driver Crashed. A Pizza Order Unraveled Their Injury Lawsuit - NY Times.
- A court blocks a couple from suing Uber over a crash, citing terms and conditions - NPR.
- Taken for a Ride: Parents Can't Sue Uber Over Crash After Daughter's Uber Eats Order - Law.inc
- New Jersey Court Bars Uber Crash Victims from Lawsuit, Citing App Agreement - The Legal Journal.
- Couple Seriously Injured in Uber Crash Blocked From Court by Uber Eats Terms - The Insurance Journal.
- Disney axes bid to stop wrongful death lawsuit over Disney+ terms - BBC.
- Sherwood - BBC iPlayer.
- Chocolate Guinness Cake - Nigella.
- The Best Banana Cake I've Ever Had - Sally's Baking Addiction.
- My Favorite Carrot Cake Recipe - Sally's Baking Addiction.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- SentinelOne - secure and protect every aspect of your cloud in real-time.
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Breaches in your genes, and Kaspersky switcheroo raises a red flag
2 oktober 2024 |
33 min
From family tree to jail cell? A hacker is alleged to have exploited information on genealogy websites to steal millions from public companies. Meanwhile, Kaspersky's US customers are wondering - what on earth is UltraAV?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- U.K. National Charged with Multimillion-Dollar Hack-to-Trade Fraud Scheme - US Department of Justice.
- Sophos punts anti-virus for Klingons - The Register.
- Designating Kaspersky Lab Leadership in Response to Continued Cybersecurity Risks - US Department of Treasury.
- Kaspersky says Uncle Sam snubbed its verification proposal - The Register.
- Use Kaspersky Antivirus Software? You'll Be Migrated to Pango's UltraAV - PC Mag.
- Kaspersky software replaced by 'UltraAV' on some US PCs - The Register.
- Need Instructions on Refunds for those who bought multi-year subscriptions - Kaspersky.
- US bans Kaspersky antivirus software for alleged Russian links - BBC News.
- Who gave you permission to put UltraAV on my computer? - Kaspersky Total Security.
- MusicBrainz Picard - Cross-platform music tagger powered by the MusicBrainz database.
- 100 Chefs Will Slice Through the Competition in Culinary Class Wars - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- SentinelOne - secure and protect every aspect of your cloud in real-time.
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The $230 million crypto handbag heist, and misinformation on social media
25 september 2024 |
36 min
Two men are accused of stealing almost a quarter of a billion dollars from one person's cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments...
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- ZachXBT’s thread on Twitter.
- Indictment Charges Two in $230 Million Cryptocurrency Scam - Department of Justice.
- Two men arrested one month after $230 million of cryptocurrency stolen from a single victim - Bitdefender.
- Skylar Harrison tells her handbag story - TikTok.
- Social media’s role in fueling extremism and misinformation in a divided political climate - PBS News.
- Misinformation on social media - statistics & facts - Pew Research.
- Social Media and News Fact Sheet, 2024 - Pew Research Center.
- "Hyperactive" by Lasse Gjertsen - YouTube.
- Cribbage JD - Play Online - Cardsjd.
- Paddlers Cribbage - L.L. Bean.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- SentinelOne - secure and protect every aspect of your cloud in real-time.
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
TFL security derailed, and is Trump the king of crypto?
18 september 2024 |
38 min
Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities verified... in-person. Who might have been behind the attack and why? Meanwhile, Donald Trump's curious relationship with cryptocurrency is explored.
All this and Demi Moore is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
(This episode was recorded before the former US President survived a second assassination attempt)
Episode links:
- TFL cybersecurity incident announcement.
- TFL Employee Hub.
- DICK'S shuts down email, locks employee accounts after cyberattack - Bleeping Computer.
- MGM Resorts shuts down IT systems and slot machines go quiet following "cybersecurity incident" - Hot for Security.
- Teenage suspect in MGM Resorts hack arrested in Britain - The Record.
- Arrest made in NCA investigation into Transport for London cyber attack - NCA.
- Donald Trump Prepares to Unveil World Liberty Financial, a Cryptocurrency Business - The New York Times.
- Behind the Trump Crypto Project Is a Self-Described ‘Dirtbag of the Internet’ - Bloomberg.
- Cryptocurrency price on July 22: Bitcoin hits $68,000 level, Dogecoin, Avalanche surge up to 11% - The Economic Times.
- Trump vows to make US ‘world capital of crypto,’ taps Musk for new task force - CoinTelegraph.
- What bankers need to know about Trump's World Liberty Financial - Yahoo! Finance.
- Bitcoin soars to two-week high after Trump attack - Reuters.
- Trump pitches himself as 'crypto president' at San Francisco tech fundraiser - Reuters.
- Aave fork on Blast mistakenly liquidated $26m - Crypto news.
- Crypto Talk With Chase Hero - Ep.7 (The Watchers) - YouTube.
- Tamdrum.
- ”Inside Out” by Demi Moore - HarperCollins.
- THE SUBSTANCE trailer - YouTube.
- Demi's Big Moment - Vanity Fair.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Flashpoint - Access the industry’s best threat data and intelligence.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A room with a view, AI music shenanigans, and a cocaine bear
11 september 2024 |
34 min
It's a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Ukrainian detained for allegedly installing CCTV cameras to aid Russian attacks - The Record.
- Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine - The Record.
- Christo and Jeanne-Claude art projects.
- North Carolina Musician Charged With Music Streaming Fraud Aided By Artificial Intelligence - United States Department of Justice.
- Man Arrested for Creating Fake Bands With AI, Then Making $10 Million by Listening to Their Songs With Bots - The Futurist.
- Kobo Clara BW ereader - Kobo.
- Cocaine Bear: Why? - The Atlantic.
- Cocaine Bear Official trailer - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Godfather club, and AirTags to the rescue
4 september 2024 |
54 min
There's a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief.
Plus - don't miss our featured interview with Maya Levine of Sysdig.
All this, and a very bad Cockney accent, in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Mail Theft Suspect Apprehended Using AirTag - Santa Barbara County Sheriff’s Office.
- Google and Apple deliver support for unwanted tracking alerts in Android and iOS - Google Security blog.
- Apple and Google deliver support for unwanted tracking alerts in iOS and Android - Apple.
- Barclays Scams Bulletin: Men more likely to fall victim to romance scams, while women lose more money - Barclays.
- 3 men trapped by same woman: Journalist on modus operandi of dating app scams - India Today.
- Mumbai club under fire for 'dating scam' after man gets Rs 61,000 bill - India News.
- Romance scams in 2024 + online dating statistics - Norton.
- Tips for romance scams - Better Business Bureau.
- What to know about romance scams - Consumer Advice.
- The Godfather club dating app scam in Mumbai - YouTube.
- What accent does Butcher have in ‘The Boys’? - NME.
- Shokz bone conduction headphones - Shokz.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management - Secure every sign-in for every app on every device.
- Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.
- Material Security – email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Smashing Security presents The AI Fix: An AI cookery dumpster fire, the ARC prize, and a creepy new AI friend
5 augusti 2024 |
42 min
While "Smashing Security" is on its summer holiday, here's a chance to listen to an episode of its sister show - "The AI Fix".
In episode ten of The AI Fix, Graham attempts to say "quinoa", Mark draws a line in the amper-sand, ChatGPT becomes an expert in solar panels and bomb disposal, and our hosts watch a terrifying trailer for a creepy new AI friend.
Graham discovers that the world of AI cookery is a soggy, limey mess, and learns an unusual trick for making a great mojito, while Mark pits his co-host against the cleverest AI brains in the world.
Episode links:
- OpenAI starts rollout of Advanced Voice Mode.
- UK Government shelves £1.3bn UK tech and AI plans.
- Friend trailer.
- Artificial intelligence has hard time with accents.
- Netherlands court uses ChatGPT to decide things.
- Argentina will use AI to ‘predict future crimes’ but experts worry for citizens’ rights.
- Twitter thread on crockpot cookbook.
- Get ready for AI to rip off your favorite cookbooks.
- ‘One of the most disgusting meals I’ve ever eaten’: AI recipes tested.
- This cookbook author was a best-seller on Amazon — but she may not even be human.
- ARC Prize.
- ARC Prize leaderboard.
- On the Measure of Intelligence research paper by François Chollet.
The AI Fix
The AI Fix podcast is presented by Graham Cluley and Mark Stockley.
Learn more about the podcast at theaifix.show, and follow us on Twitter at @TheAIFix.
Never miss another episode by following us in your favourite podcast app. It's free!
Like to give us some feedback or sponsor the podcast? Get in touch.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
CrowdStrike, Dark Wire, and the Paris Olympics
24 juli 2024 |
54 min
Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app!
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault, joined this week by cybersecurity journalist and the author of “Dark Wire”, Joseph Cox.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- How a single IT update caused global havoc - BBC News.
- Anti-Virus Software Sees Self as Malware, Deletes Itself - NBC News report about Sophos snafu in 2012.
- Tweet about CrowdStrike outage by Kaspersky - Twitter.
- “Dark Wire” by Joseph Cox.
- Inside the Biggest FBI Sting Operation in History - WIRED.
- Trump shooter's online activity shows searches of rally site, use of encrypted platforms, officials say - CBS News.
- Mass Surveillance - Privacy International.
- 338 sites internet frauduleux de revente de billets recensés à quelques semaines du début de la compétition - France Info.
- From wiretapping to geolocation data collection: AI mass surveillance for the Paris Olympics draws privacy concerns - Fast Company.
- Heading to the Paris Olympics? Don't Fall for These Scams - PC Mag.
- AI mass surveillance at Paris Olympics – a legal scholar on the security boon and privacy nightmare - Scientific American.
- AI mass surveillance at Paris Olympics – a legal scholar on the security boon and privacy nightmare - The Conversation.
- Paris 2024: Medal table predictions, facts, opening day schedule and records that could be broken - Euronews.
- Paris Olympics 2024: Your ultimate guide - The Telegraph.
- Breaking at the Olympic Qualifier Series - Official Olympics website.
- White Rabbit museum, Barcelona.
- White Rabbit - YouTube.
- Microsoft Flight Simulator - XBOX.
- Niceaunties.
- Auntlantis by Niceaunties - YouTube.
- The Weird and Wonderful Art of Niceaunties - TED.
- "The AI Fix" - podcast with Graham Cluley and Mark Stockley.
- "Sticky Pickles" - podcast with Carole Theriault and Maria Varmazis.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- mWISE – Don’t miss the cybersecurity conference built by practitioners, for practitioners. mWISE runs September 18 – 19 2024 in Denver.
- Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Trump assassination conspiracies, Squarespace account hijacks, and the butt stops here
17 juli 2024 |
55 min
Social media fuels conspiracies galore after Donald Trump is shot at a rally, cryptocurrency websites are hijacked after a screw-up at Squarespace, and our guest takes a close look at bottoms on Instagram.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Killed by Google.
- Squarespace Enters Definitive Agreement to Acquire Google Domains Assets - Squarespace.
- A Squarespace Retrospective, or How to Coordinate an Industry-Wide Incident Response - Security Alliance.
- Trump shooting: all seven conspiracy theories examined - The Telegraph.
- Fact-checking the wild conspiracy theories related to the attempted Trump assassination - PBS News.
- We fact-checked some of the rumors spreading online about the Trump assassination attempt - Reuters.
- Minutes after Trump shooting, misinformation started flying. Here are the facts - AP News.
- Joy Reid suggests Trump couldn't 'avoid the consequences' of his own rhetoric after assassination attempt - Fox News.
- The Gunshots Rang Out. Then the Conspiracy Theories Erupted Online - New York Times.
- Trump assassination attempt – News, Research and Analysis - The Conversation.
- Douglas is Cancelled - ITV.
- Douglas Is Cancelled review – you might hate this show for daring to exist - The Guardian.
- Klappbollerwagen 'Cruiser' - PinoLino.
- Videos for Cats to Watch - YouTube.
- Cat TV for Cats to Watch - YouTube.
- Entertainment for Cats - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- mWISE – Don’t miss the cybersecurity conference built by practitioners, for practitioners. mWISE runs September 18 – 19 2024 in Denver.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Teachers TikTok targeted, and fraud in the doctors’ waiting room
10 juli 2024 |
49 min
Execs at a health tech startup are sentenced to jail after a massive ad fraud, and a school is shaken after teachers are targeted via TikTok.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus don't miss our featured interview with Jason Meller of 1Password.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Outcome, a hot tech startup, misled advertisers with manipulated information, sources say - Wall Street Journal.
- Three Former Executives Sentenced for $1B Corporate Fraud Scheme - US Department of Justice.
- Graham dancing - TikTok.
- Students Target Teachers in Group TikTok Attack, Shaking Their School - The New York Times.
- “Thank you very much indeed”
- Presumed Innocent — Official Trailer - Youtube.
- Presumed Innocent - Apple TV+.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- mWISE - Don't miss the cybersecurity conference built by practitioners, for practitioners. mWISE runs September 18 – 19 2024 in Denver.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Private nights, evil twins, and crypto home invasions
3 juli 2024 |
49 min
Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new "The AI Fix" podcast (co-hosted with Graham!).
Talk about nepotism.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Hoos Out Tonight? Dundee medical student launches new app which reveals ‘hot’ pubs - The Courier.
- ‘It’s completely invasive’: New app lets you spy on SF bars to see if they’re poppin’ - San Francisco Standard.
- Florida Man Convicted in Violent Crypto Theft Spree - Crypto Daily.
- Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree - Wired.
- Man charged over creation of ‘evil twin’ free WiFi networks to access personal data - Australian Federal Police.
- Police allege 'evil twin' in-flight Wi-Fi used to steal info - The Register.
- Australian charged for ‘Evil Twin’ WiFi attack on plane - Bleeping Computer.
- Suno - make a song about anything.
- The AI Fix podcast - hosted by Graham Cluley and Mark Stockley.
- Putty Pals - Nintendo Switch.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Julian Assange, inside a DDoS attack, and deepfake traumas
26 juni 2024 |
48 min
Wikileaks's Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Eleanor Dallaway.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Julian Assange lands in Australia a free man - BBC News.
- Smashing Security episode 245: The Julian Assange assassination plot, and IoT toilets.
- Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks - Yahoo News.
- Surprise! WikiLeaks won’t just hand over details of zero-day vulnerabilities to tech firms - Graham Cluley.
- Tubthumping (Q3 2021 Issue) - Infosecurity Magazine.
- Infosecurity Magazine suffering ‘significant’ DDoS attack - Cybernews.
- Infosecurity Magazine is Back Online! - Infosecurity Magazine.
- YouTube now lets you report AI deepfakes of yourself - MSN.
- Two private schools face police probe over claims pupils used AI to 'create deepfake porn images of up to a dozen girls' - Daily Mail.
- We're calling on the next government to protect women and girls from
- image-based abuse - Glamour Magazine.
- Deepfakes as a Security Issue: Why Gender Matters - WiisGlobal.
- AI poses disproportionate risks to women - Brookings.
- 'Violating and dehumanising': How AI deepfakes are being used to target women - Euronews.
- Snapshot Paper - Deepfakes and Audiovisual Disinformation - GOV.UK.
- Government cracks down on ‘deepfakes’ creation - GOV.UK.
- Je chie dans la seine.
- Paris Olympics Poop Protest Postponed After French Officials Refuse To Swim In Sewage Water - Brobible.
- 'I’m not a cat': lawyer gets stuck on Zoom kitten filter during court case - YouTube.
- Guy Goma: 'Greatest' case of mistaken identity on live TV ever? - BBC News on YouTube.
- ‘It’s just Bernie being Bernie’ — How a photo of Sanders wearing mittens at Inauguration Day went viral - CNBC News.
- HiKeep Hand Exercise Balls - Amazon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
An unhealthy data dump, railway surveillance, and a cheater sues Apple
19 juni 2024 |
60 min
There's a wee data breach with unhealthy implications in Scotland, privacy has gone off the rails in the UK, and a cheater blames Apple for his expensive divorce.
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter of the "Compromising Positions" podcast.
Plus don't miss our featured interview with Abhishek Agrawal, CEO of Material Security.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Cyber attacks update - NHS Dumfries & Galloway.
- J Paul Getty - Wikipedia.
- Cyber expert urges against 'panic' over NHS data leak - BBC News.
- “Don’t panic” - Corporal Jones from Dad’s Army - YouTube.
- All households in Scottish region to get alert about hackers publishing stolen medical data - The Record.
- Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers - Wired.
- Man ludicrously blames Apple for his wife catching him communicating with prostitutes - Apple Insider.
- Businessman sues Apple after wife finds ‘deleted’ iPhone messages to prostitute - LBC.
- ‘Tech made me do it’ is no excuse for adultery - The Times.
- Is it DNS?
- “My name is Barbra” - Amazon.
- ”I'm Glad My Mom Died” by Jennette McCurdy - Simon & Schuster.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Material Security – email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
iOS 18 for cheaters, and a model cop extortionist?
12 juni 2024 |
32 min
Apple announces a new privacy feature in iOS that will allow you to hide and lock away your apps - but will it be philanderers who benefit the most? And an ex-police officer is arrested for extortion.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Graham’s video thanking people for voting for “Smashing Security” - Twitter.
- iOS 18 makes iPhone more personal, capable, and intelligent than ever - Apple.
- Apple's new iOS 18 feature is being called 'a cheater's paradise' - Daily Mail.
- 2 Accused In Internet Extortion Scheme Against Boss - Patch.
- District Attorney: Ex-police officer turned model among duo arrested in Orange County - Westchester News.
- Former N.Y. cop, internet model Ally Thueson arrested for extortion - NY Daily News.
- Extortion - FindLaw.
- Smile politely, nod awkwardly: greeting people you barely know - University Times.
- How to pass people in hallway without awkwardness? - Reddit.
- How Long Should a Great Kiss Last? - Psychology Today.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management - Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Crashing robo-taxis, and name-dropping rappers
5 juni 2024 |
36 min
Drones, some coloured cardboard, and a piece of tinfoil may be all the kit you need to crash a robot-driven taxi, and a rapper is accused of using Justin Bieber's name to defraud a TV company.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Riding Baidu's self-driving robo-taxi - YouTube.
- Malicious Attacks against Multi-Sensor Fusion in Autonomous Driving - Research paper.
- Researchers warn robot cars can be crashed with tinfoil and paint daubed on cardboard - The Register.
- Gang of Hackers Tries to Steal Baidu’s Driverless Car Secrets - Bloomberg.
- Rapper Sean Kingston agrees to return to Florida, where he and mother are charged with $1M in fraud - AP News.
- Sean Kingston Extradited From California to Florida in Fraud and Theft Case - Entertainment Tonight.
- Rapper Sean Kingston, his mother arrested on fraud charges after SWAT raid at his Southwest Ranches home - Sun Sentinel.
- What is fraudulent use of personal identification information? - Pumphrey Law.
- Google’s AI really is that stupid, feeds people answers from The Onion - AV Club.
- Some of Google’s “best” AI search results - Twitter.
- Google Rolls Back A.I. Search Feature After Flubs and Flaws - NY Times.
- Sure, Google’s AI overviews could be useful – if you like eating rocks - The Guardian.
- Citymapper.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Material - email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Microsoft’s Recall controversy, and the North Korean insider threat
29 maj 2024 |
53 min
Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and is your company hiring North Korean IT workers?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by author, journalist, and podcaster Geoff White.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Microsoft's new Windows 11 Recall is a privacy nightmare - Bleeping Computer.
- Statement in response to Microsoft Recall feature - ICO.
- Arizona woman charged in North Korean IT worker scheme that raised millions - CNN.
- Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea - US Department of Justice.
- New FTC Data Shed Light on Companies Most Frequently Impersonated by Scammers - FTC website.
- Who’s who in scams: a spring roundup - FTC.
- Udio.
- Geoff's Labyrinth ext v2 - Graham’s AI song about Geoff White’s book “Rinsed”.
- “Nuclear War” by Annie Jacobsen - Amazon.
- The Patient - Disney+.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
iPhone undeleted photos, and stealing Scarlett Johansson’s voice
22 maj 2024 |
56 min
iPhone photos come back from the dead! Scarlett Johansson sounds upset about GPT-4o, and there's a cockup involving celebrity fakes.
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Anna Brading of Malwarebytes.
Plus! Don't miss our featured interview with Sandy Bird of Sonrai Security.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- When NASA Lost a Spacecraft Due to a Metric Math Mistake - Simscale.
- The worst sales promotion in history - The Hustle.
- Nonconsensual AI Porn Maker Accidentally Leaks His Customers' Emails - 404 Media.
- UK's Ministry of Defence fined after Bcc email blinder that put the lives of Afghan citizens at risk - Hot for Security.
- £200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder - Graham Cluley.
- Apple's Photo Bug Exposes the Myth of 'Deleted' - Wired.
- OpenAI Voice Scandal: Sky's Fall From Grace - YouTube.
- How the voices for ChatGPT were chosen - OpenAI.
- As AI becomes more human-like, experts warn users must think more critically about its responses - CBC News.
- What We Lose When ChatGPT Sounds Like Scarlett Johansson - The New York Times.
- Scarlett Johansson’s Statement About Her Interactions With Sam Altman - The New York Times.
- Kin TV series - Wikipedia.
- Portal connecting Dublin and New York 'reawakens' under new restrictions after 'inappropriate behaviour' - Sky News.
- How to cook the perfect chicken rendang – recipe - The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Sonrai’s Cloud Permissions Firewall – A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The fake deepfake, and Estate insecurity
15 maj 2024 |
39 min
Remember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage daughter's cheerleading rivals kicked off the team? Well, there has been a surprising development. And learn how cybercriminals have been stealing boomers' one-time-passcodes via a secretive online service.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- ‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts - TechCrunch.
- Cheerleader's mom created deepfake videos to allegedly harass her daughter's rivals - ABC News.
- Bucks County mom doctored videos to harass girls on daughter's cheerleading sqaud, prosecutors say - Philly Voice.
- Spone v. Reiss, Civil Action 23-0147 - Casetext.
- Mother 'used deepfake to frame cheerleading rivals' - BBC News.
- She was accused of faking an incriminating video of teenage cheerleaders. She was arrested, outcast and condemned. The problem? Nothing was fake after all - The Guardian.
- Parkrun - Wikipedia.
- Parkrun UK.
- Oxfordshire Artweeks 2024 - Artweeks homepage.
- Carole’s art website - carole.wtf
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Unmasking LockBitsupp, company extortion, and a Tinder fraudster
8 maj 2024 |
51 min
The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster stole £80,000 from women he met on Tinder.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company - US Department of Justice.
- United States vs Vincent Cannady (PDF) - US Department of Justice.
- LockBit leader unmasked and sanctioned - NCA.
- Romance fraudster defrauded women of £80,000 - BBC News.
- 15 of the Most Trustworthy Accents in the UK Revealed - Country Living.
- Omoton phone car mount - Omoton.
- Stories are weapons by Annalee Newitz - WW Norton.
- All the Beauty in the World: A Museum Guard's Adventures in Life, Loss and Art by Patrick Bringley - Penguin.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The closed loop conundrum, default passwords, and Baby Reindeer
1 maj 2024 |
54 min
The UK Government takes aim at IoT devices shipping with weak or default passwords, a man spends two years incarcerated after being mistaken for the person who stole his identity, and are you au fait with the latest scams?
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- New laws to protect consumers from cyber criminals come into force in the UK - UK Government.
- Mirai - Wikipedia.
- Identity theft victim wrongly locked up for 2 years is exonerated at last - Paul Ducklin.
- Amount of fraud in UK more than doubled to £2.3bn in 2023, report finds - The Guardian.
- 5 scams you need to know about in 2024 - Which? News.
- How fraudsters are getting fake articles onto Facebook - BBC News.
- Five Scams To Beware In 2024 - Forbes Advisor UK.
- Eerie ‘breathing’ mistake to listen out for exposes costly AI ‘audio deepfake' scam calls that take just seconds to make - The Sun.
- How to spot fraud - UK Government.
- Etymology Monday: David Crystal on the word ‘gaggle’ - Literary Minded.
- Moon - Wikipedia.
- Baby Reindeer - Netflix.
- Why row over Baby Reindeer sleuths will change real-life drama for ever - The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Sonrai’s Cloud Permissions Firewall – A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Keeping the lights on after a ransomware attack
24 april 2024 |
43 min
Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- When a breach goes from 25 documents to 1.3 terabytes… - Graham Cluley.
- Leicester street lights stuck on all day due to cyber attack - Leicester Mercury.
- Top AI researchers race to detect ‘deepfake’ videos: ‘We are outgunned - Washington Post.
- AI deepfakes threaten to upend global elections. No one can stop them - Washington Post.
- Models, dead netas, campaigning from jail: How AI is shaping Lok Sabha polls - India Today.
- Why Elections Take So Long in India - The New York Times.
- How A.I. Tools Could Change India’s Elections - The New York Times.
- Bollywood deepfakes fuel AI election meddling fears in India - GG2.
- World Explained: How India's politicians are using AI to reach voters in the world’s most populous country - The Scotsman.
- 12 Angry Men - Wikipedia.
- VIA Rail.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Sonrai's Cloud Permissions Firewall - A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Gary Barlow, and a scam turns deadly
17 april 2024 |
37 min
Take That's Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn - for both the person being scammed and an innocent participant - in Ohio.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Animal Crossing with Garry Kasparov - Smashing Security.
- Gary Barlow - Wikipedia.
- I was catfished by a fake Gary Barlow on Facebook - Daily Mail.
- Video shows Clark County man charged with murder confront Uber driver - Springfield News.
- Uber driver, 61, shot dead by Ohio man, 81, who was being targeted by scammers - Daily Mail.
- Boxfit classes - Better.
- Waschii - PocketSized SolarHeated Washjing Machine - Indiegogo.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
WhatsApp at Westminster, unhealthy AI, and Drew Barrymore
10 april 2024 |
52 min
MPs aren't just getting excited about an upcoming election, but also the fruity WhatsApp messages they're receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff - Politico.
- How I was targeted in the Westminster honeytrap - BBC News.
- The Westminster honeytrap plotter tried to catch me too - The Times.
- How Westminster WhatsApp ‘honey trapper’ targeted party conference season - Politico.
- William Wragg quits Commons roles over Westminster honeytrap - BBC News.
- A new prescription - The Economist.
- Change Healthcare faces second ransomware dilemma weeks after ALPHV attack - The Register.
- ‘The Drew Barrymore Show’ Targeted by Fraudsters in Celebrity Scamming Effort - Yahoo! News.
- ‘Drew Barrymore Show' Targeted in Hacking, ID Fraud Scam by Imposter Who Posed as Producer and More - Variety.
- Guy Fieri Calls Drew Barrymore “Gangster” For Talking With Her “Mouth Full Of Food” On ‘The Drew Barrymore Show’ - Decider.
- Beware The Fake Drew Barrymore Le Creuset Cookware Giveaway Scam - Malware Tips.
- Carmen - Royal Opera House.
- Mandy - BBC iPlayer.
- Anita de Monte Laughs Last - Bloomsbury.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Money-making bots, and Incognito isn’t private
3 april 2024 |
51 min
Google says it is deleting your Google Chrome Incognito private-browsing data that it should never have collected anyway. Can a zero-risk millionaire-making bot be trusted? And what countries are banned from buying your sensitive data?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Scammer Convinced Investors to Send Him $1.5 Million to Build Magic Money Making Bot - 404.
- Biden Bans Rival Nations From Buying Sensitive US Data - Good Luck - Wired.
- 6 practical reasons to use Incognito mode in your browser - USA Today.
- Brown v. Google LLC Settlement Agreement - DocumentCloud.
- Google agrees to settle $5bn lawsuit claiming it secretly tracked users - The Guardian.
- Chrome updates Incognito warning to admit Google tracks users in “private” mode - Ars Technica.
- Google changes wording for Incognito browsing in Chrome - Malwarebytes.
- The Incognito Mode Myth Has Fully Unraveled - Wired.
- Google Agrees to Delete ‘Incognito’ Browsing Data to Settle Class-Action Lawsuit - TIME.
- Amazon refuses to refund me £700 for iPhone 15 it didn’t deliver - Graham Cluley.
- Concorde - Lego.
- Cover song: samsung dryer no. 2 - YouTube.
- Play Drums on Samsung Washing Machine Song - YouTube.
- With samsung washing machine violinist - YouTube.
- Samsung Washing Machine Song with Piano [Franz Schubert's "Die Forelle"] - YouTube.
- Duet for harp and dryer - YouTube.
- The Washing Machine Song - YouTube.
- SAMSUNG Washing Machine collaboration - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacking hotels, Google’s AI goof, and cyberflashing
27 mars 2024 |
54 min
Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search pushes malware and scams.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus's Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Unsaflok - Security vulnerabilities in Saflok hotel locks.
- 3 million doors open to uninvited guests in keycard exploit - The Register.
- Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds - Wired.
- Google's new AI search results promotes sites pushing malware, scams - Bleeping Computer.
- Man who sent nude picture to teenage girl is jailed under new cyberflashing laws - The Independent.
- Cyber-flashing convict is first to be jailed under new law - BBC News.
- What to do if you’re a victim of cyber flashing and how to report it - Metro.
- The first cyberflasher has been convicted: meet the woman who made it happen - Yahoo!
- What is cyber flashing? 'Banter' – or a sinister breach of consent - UK News.
- Love Island star sent unsolicited pictures online calls for tougher cyber laws - Bristol Live.
- Secret Agent Shenanigans: 13 Weird Spy Weapons And Gadgets - Stay Weird.
- Baldur’s Gate 3.
- Merlin Bird ID - Conell Labs.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Bing pop-up wars, and the British Library ransomware scandal
20 mars 2024 |
52 min
There's a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Search engine market share - Oberlo.
- A compilation of Bing ads - YouTube.
- With Edge, Microsoft’s forced Windows updates just sank to a new low - The Verge.
- Microsoft fixes Edge browser bug that was stealing Chrome tabs and data - The Verge.
- Is this Microsoft Bing Popup Malware? - Reddit.
- Microsoft confirms Bing pop-up ads in Chrome on Windows 11 & Windows 10 - Windows Latest.
- ‘A 22-carat disaster’: what next for British Library staff and users after data theft? - The Guardian.
- LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review - British Library.
- The Disturbing Impact of the Cyberattack at the British Library - The New Yorker.
- Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them? - The Guardian.
- Have we literally broken the English language? - The Guardian.
- According to the dictionary, "literally" now also means "figuratively" - Salon.
- Good Morning, Monster: A Therapist Shares Five Heroic Stories of Emotional Recovery - Amazon.
- Good Morning, Monster - Apple Podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Stuck streaming sticks, TikTok conspiracies, and spying cars
13 mars 2024 |
51 min
Roku users are revolting after their TVs are bricked by the company, we learn how to make money through conspiracy videos on TikTok, and just how much is your car snooping on your driving?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dave Bittner from "The Cyberwire" podcast.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Smashing Security episode 317 - Includes a discussion of which came first - Battle Bots or Robot Wars?
- “Disgraceful”: Messy ToS update allegedly locks Roku devices until users give in - Ars Technica.
- Dispute resolution terms - Roku.
- Enshittification - Wikipedia.
- Craig Shergold - Wikipedia.
- “Why TikTok Is Becoming A Conspiracy Playground” - YouTube.
- Dave Bittner’s AI-generated image of Graham Cluley - Twitter.
- Graham’s AI-generated video about pig butchering - Twitter.
- Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies - New York Times.
- Drivers concerned as automakers share driving data with insurance companies - NewsByte.
- Carmakers are sharing driving habits with insurance companies, unbeknownst to owners - TechSpot.
- Google Arts & Culture.
- WELI - Kangaroo Time (Club Edit) (From Dance Your PhD 2024 - OVERALL WINNER) - YouTube.
- Dance Your Ph.D. - Wikipedia.
- Animal DNA Run - CrazyGames.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Ransomware fraud, pharmacy chaos, and suicide
6 mars 2024 |
50 min
Is there any truth behind the alleged data breach at Fortnite maker Epic Games? Who launched the ransomware attack that caused a fallout at pharmacies? And what's the latest on the heart-breaking hack of Finnish therapy clinic Vastaamo?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Mogilevich claims it has breached Epic Games - Twitter.
- Fraudster’s fake data breach claims should remind media to be carefu what we report - DataBreaches.net.
- Prescription orders delayed as US pharmacies grapple with "nation-state" cyber attack - Bitdefender.
- US pharmacy outage triggered by 'Blackcat' ransomware at UnitedHealth unit, sources say - Reuters.
- Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment - Wired.
- Vastaamo data breach - Wikipedia.
- The CEO who also ran IT, Strava strife, and TikTok tall tales - Smashing Security podcast.
- Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes - Bitdefender.
- Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security – Sophos.
- Vastaamo victims' lawyer: Some took their own lives after patient record leak - Yle.
- Prosecutors call for maximum penalty over Vastaamo hacking - Helsinki Times.
- Self-pay gas station pumps break across NZ as software can’t handle Leap Day - Ars Technica.
- Citrix, Sophos software impacted by 2024 leap year bugs - Bleeping Computer.
- Resident Alien trailer - YouTube.
- Resident Alien - Netflix.
- r/SpottedonRightmove - Reddit.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks - Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Wireless charging woe, AI romance apps, and ransomware revisited
28 februari 2024 |
54 min
Your smartphone may be toast - if you use a hacked wireless charger, we take a closer look at the latest developments in the unfolding LockBit ransomware drama, and Carole dips her toe into online AI romance apps.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger - ArXiv.
- FBI offers free decryption help for LockBit ransomware victims - Paul Ducklin.
- LockBitsupp unmasked!!? Graham’s reaction to the FBI and NCA’s LockBit ransomware revelation - YouTube.
- Dating Statistics And Facts In 2024 – Forbes Health.
- Romantic AI Chatbots Don't Have Your Privacy at Heart - Mozilla Privacy Not Included.
- Promptsmart.
- Solving a celestial mystery: the Sun, Earth and Moon model - Museum of Natural History, Oxford.
- Lotus Bud.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- BlackBerry – BlackBerry helps keeps you one step ahead. Cylance AI stops more attacks, earlier and with less effort than other solutions in the market today
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
LockBit locked out, and funeral Facebook scams
21 februari 2024 |
53 min
Heaven's above! Scammers are exploiting online funerals, and LockBit - the "Walmart of Ransomware" - is dismantled in style by cyber cops.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus! Don't miss our featured interview with Keiron Holyome about how BlackBerry is using predictive AI to stay one step ahead against threats.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Law enforcement disrupt world’s biggest ransomware operation - Europol
- Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - Krebs on Security.
- International investigation disrupts the world’s most harmful cyber crime group - UK National Crime Agency.
- LockBit Victim Reporting Form - FBI.
- Fake Funeral Live Stream Scams Are All Over Facebook - 404 Media.
- Closed Captions (CC) vs Subtitles - Subly.
- Fingernails — Official Trailer - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- BlackBerry – BlackBerry helps keeps you one step ahead. Cylance AI stops more attacks, earlier and with less effort than other solutions in the market today
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Declaring war on ransomware gangs, mobile muddles, and AI religion
14 februari 2024 |
51 min
Holy mackerel! AI is jumping on the religion bandwagon, ransomware gangs target hospitals, and what's happened to your old mobile phone number?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by "Ransomware Sommelier" Allan Liska.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- I changed my number and now i can log into others accounts - Reddit.
- Post by Alexander Hanff - LinkedIn.
- Meta says risk of account theft after phone number recycling isn't its problem to solve - The Register.
- Things to bear in mind when you change your mobile number - T-Mobile.
- 20+ hospitals in Romania hit hard by ransomware attack on IT service provider - Graham Cluley.
- Ransomware gang claims responsibility for Christmas attack on Massachusetts hospital - The Record.
- Cyberattack Disrupts Operations at Chicago Children’s Hospital: An Examination of the Threat and Its Impact - Medriva.
- Gods in the machine? The rise of artificial intelligence may result in new religions - The Conversation.
- AI: a way to freely share technology and stop it being misused already exists - The Conversation.
- The Friar Who Became the Vatican’s Go-To Guy on AI - The New York Times.
- How AI could change our relationship with religion - The Conversation.
- Meet the Vatican’s AI mentor – POLITICO.
- Focus Areas - AI and Faith - Rome Call.
- Are chatbots changing the face of religion? Three faith leaders on grappling with AI - The Guardian.
- “One Day” - Netflix.
- [Clicks mouth]
- "The Saint" - Amazon Prime.
- The Saint goes to Palm Springs - YouTube.
- God's Favorite Idiot - IMDb.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- BlackBerry - BlackBerry helps keeps you one step ahead. Cylance AI stops more attacks, earlier and with less effort than other solutions in the market today
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hong Kong hijinks, pig butchers, and poor ransomware gangs
7 februari 2024 |
51 min
Is this the real life? Is this just fantasy? A company in Hong Kong suffers a sophisticated deepfake duping, be one your guard from pig butchers as Valentine's Day approaches, and spare a moment to feel sorry for poor ransomware gangs.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- ‘Everyone looked real’: multinational firm’s Hong Kong office loses HK$200 million after scammers stage deepfake video meeting - South China Morning Post.
- Countdown’s Rachel Riley is deepfaked by HSBC - Vimeo.
- Scameter - Cyber Defender HK.
- Warning as scammers fake police Scameter app - The Standard.
- Ransomware payment rates drop to new low – now 'only 29% of victims' fork over cash - The Register.
- New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying - Coveware.
- Romance scam reports rose by a fifth in 2023, says Lloyds Bank - The Independent.
- What is a ‘pig-butchering’ scam – and why is it on the rise? - BBC.
- Pig butchering mining scams: What they are and how to stop them - SC Media.
- No love for romance scammers in 2024 - Consumer Advice.
- Romance scammer reveals how he tricks women after failing to fool Go Public reporter - CBC.
- Sudoku Exchange.
- Learn Improv at Laugh at Leeds.
- Mr Mercedes - Disney+.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Interview with an iPhone thief, anti-AI, and have we gone too far?
31 januari 2024 |
59 min
The iPhone security setting that you should enable right now, the worrying way that AI is predicting what criminals look like, and we play a game of face fake or real...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Mobile phone stolen every six minutes in London, says Met Police - BBC News.
- iPhone Thief Explains How He Breaks Into Your Phone - YouTube.
- About Stolen Device Protection for iPhone - Apple.
- Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It - Wired.
- Will ChatGPT write ransomware? Yes - Malwarebytes.
- AI chatbots are making scams more convincing than ever, warn spy chiefs - The Telegraph.
- Test yourself: which faces were made by AI? - New York Times.
- AI vs. Human Writing: Experts Fooled Almost 62% of the Time- Neuroscience News.
- I know that I know nothing - Wikipedia.
- Yours truly, Johnny Dollar - Comic book.
- I Heart Umami.
- Libby.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Big dumpers, AI defamation, and the slug that slurped
24 januari 2024 |
46 min
This week the podcast is more lavatorial than usual, as we explore how privacy may have gone to sh*t on Google Maps, our guest drives hands-free on Britain's motorways (and is defamed by AI), and ransomware attacks an airplane-leasing firm.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC Technology Editor Zoe Kleinman.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- The Great British Public Toilet Map.
- How one man’s pay-to-use toilet gag revealed Google Maps can be used to track people - Crikey.
- Please Rob Me site exposes danger of sharing too much information online - Graham Cluley.
- Artist creates a virtual traffic jam in Google Maps - YouTube.
- How to Get Google to Quit Tracking Your Location - PC Magazine.
- Grieving With Google Street View - Slate.
- Zoe describes her curious tangle with AI - Twitter.
- What happens when you think AI is lying about you? - BBC News.
- Aercap confirms cyber threat involving ransomware - Air Finance.
- Ransomware crims slime AerCap, claim to have stolen 1TB - The Register.
- AerCap discloses cybersecurity incident - Reuters.
- BBC staffers warned of payroll data breach. BA and Boots also affected by MOVEit vulnerability - Graham Cluley.
- Randy Rainbow - YouTube.
- Donald in the John With Boxes - A Randy Rainbow Song Parody - YouTube.
- Zoe drives hands-free on a British motorway - Twitter.
- How to Play Taco Cat Goat Cheese Pizza - Wikihow.
- Asmodee Taco Cat Card Game - John Lewis.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Fishy Rishi, 23andMe, and the labour of love
17 januari 2024 |
47 min
Has the British Prime Minister been caught secretly profiting from a cryptocurrency app? Were 23andMe right to blame their users after a data breach? And Indian men have hard feelings after falling for a money-for-sex scam.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- What Rishi Sunak gets up to over Christmas… - YouTube.
- Boris Johnson's Love Actually parody (Conservative Party election broadcast) - YouTube.
- UK's Rishi Sunak becomes richest ever occupant of Number 10 - Reuters.
- Over 100 Deep-Faked Rishi Sunak Ads Found on Meta’s Platform - Fenimore Harper Communications.
- Slew of deepfake video adverts of Sunak on Facebook raises alarm over AI risk to election - The Guardian.
- 23andMe Blames User “Negligence” for Data Breach - Infosecurity Magazine.
- All India Pregnant Job service: Indian men conned by 'impregnating women' scam - BBC News.
- World War II: From the Frontlines - Netflix.
- Spintronics - Upper Story.
- Reacher - Amazon Prime.
- The Trust - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Chuck Norris and the fake CEO, artificial KYC, and an Airbnb scam
10 januari 2024 |
49 min
Chuck Norris gives a helping hand to a mysterious cryptocurrency CEO who may have separated investors from over a billion dollars, generative AI creates a nightmare for those wanting to Know Their Customer, and a determined journalist finally gets their revenge on a sneaky Airbnb scammer.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Chief executive of collapsed crypto fund HyperVerse does not appear to exist - The Guardian.
- Crypto hedge fund CEO may not exist; probe finds no record of identity - Ars Technica.
- BUSTED: Fake HyperVerse CEO Who Stole $1.3 Billion Unmasked! - YouTube.
- Hyperverse’s Steven Reece Lewis outed as Steve Harrison - Behind MLM.
- HyperVerse crypto promoter ‘Bitcoin Rodney’ arrested and charged in US - The Guardian.
- GenAI could make KYC effectively useless - TechCrunch.
- Airbnb Grifter Busted for $7.5 Million 'Bait-and-Switch' Scam, Feds Say - The Daily Beast.
- I Accidentally Uncovered a Nationwide Scam Run by Fake Hosts on Airbnb - Vice.
- Percentage Point vs. Percent Difference - Macroption.
- “Is Math Real?” - Book by Eugenia Cheng.
- “Julia” trailer - YouTube.
- Watch Before We Die - Channel 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Phone hacking, Piers Morgan, and Carole’s Christmas cockup
20 december 2023 |
45 min
Piers Morgan is less than happy after a judgement that there is "no doubt" he knew phone hacking was going on at the Daily Mirror, and a shopper comes a-cropper just before Christmas.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Piers Morgan denies knowing of phone hacking after judge rules he did - The Guardian.
- I've never told anyone to hack a phone - Piers Morgan tells Laura Kuenssberg - BBC News.
- Piers Morgan interviewed by BBC’s Amol Rajan about phone hacking at Daily Mirror - BBC News.
- Piers Morgan will find many ways to deny phone hacking – but how long before his number is up? - Archie Bland’s article in The Guardian.
- Piers Morgan tells Charlotte Church how to stop her mobile phone from being hacked - YouTube.
- I'm sorry, Macca, for introducing you to this monster - Piers Morgan describes in the Daily Mail a voicemail he heard between Paul McCartney and Heather Mills.
- The human cost of phone hacking - Graham Cluley.
- Eudesignhouse.shop Review – Unmasking the Store Closing Scam - MyAntiSpyware.
- Whois Domain Lookup.
- Myth Maker: The Lost Legacy of Donald Cotton - SoundCloud.
- 15 virtual Christmas party games to play this festive season - Country Living.
- 21 Virtual Christmas Games To Play On Zoom With Adults - Team Building.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
For research purposes only
13 december 2023 |
57 min
A hacker bursts the bubble of inflatable fetish fans, Hollywood celebrities unwittingly record videos in a Kremlin plot, and there's a particularly devious WordPress-related malware campaign.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Fuzzy Duck - Wikipedia.
- Cybercrime author Geoff White demonstrates his NSFW balloon trick at the "Smashing Security" podcast Christmas party - Reddit.
- Rule 34 - Wikipedia.
- We are (temporarily) offline - InflateVids on Patreon.
- Fast Company’s Apple News access hijacked to send an obscene push notification - The Verge.
- Fast Company Hacker on Rogue Apple News Notification: ‘Anyone Could Have Done It’ - Vice.
- The WordPress backdoor with its own backdoor! (And fake CVE numbers, too) - Paul Ducklin.
- Russian influence and cyber operations adapt for long haul and exploit war fatigue - Microsoft.
- How Zelensky became Hollywood man of the hour - The Guardian.
- Nigel Farage wishes Hugh Janus a happy birthday - YouTube.
- Don Johnson - Cameo.
- Hollywood plays unwitting Cameo in Kremlin plot to discredit Zelensky - The Register.
- Winning hearts and minds - Military Wiki.
- AdGuard Home - GitHub.
- Garmin Edge 130 Plus - Garmin.
- Garmin Connect IQ - Garmin.
- The Thermapen.
- Flat Whisk Stainless Steel Egg Beater Mixer Kitchen Tool - Amazon.
- Small Silicone Spatulas - Amazon.
- 3 Pcs Rubber Jar Gripper Pads - Amazon.
- Marble Dough Roller - Amazon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Push Security – Monitor and secure your entire identity attack surface, including non-SSO identities. Get notified in real-time to vulnerabilities across all your internet-facing identities, and have your staff guided to fix simple issues.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Nuclear cybersecurity, Marketplace scams, and face up to porn
6 december 2023 |
59 min
Hacking fears are raised at Western Europe's most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Why Facebook Is Rebranding Itself as Meta - INSEAD.
- Windscale fire - Wikipedia.
- Sellafield nuclear site hacked by groups linked to Russia and China - The Guardian.
- Response to a news report on cyber security at Sellafield - UK Government.
- Response to Guardian news article - Office for Nuclear Regulation.
- Common Facebook Marketplace scams and how to avoid them - Comparitech.
- Advice from Google on how to remove malware and unsafe software from Android devices - Google.
- New Report Reveals Truths About How Teens Engage with Pornography - Common Sense Media.
- ‘A lot of it is actually just abuse’- Young people and pornography - Children's Commissioner for England.
- Implementing the Online Safety Act: Protecting children from online pornography - Ofcom.
- UK age assurance guidance for porn sites gives thumbs up to AI age checks, digital ID wallets and more - TechCrunch.
- Demotivational posters.
- "Her Time: How Trailblazing Women Scientists Decoded the Hidden Universe," by Shohini Ghos.
- Meet Your Second Wife - Saturday Night Live sketch, YouTube.
- ‘Modern Love Podcast’: Our 34-Year Age Gap Didn’t Matter, Until It Did - New York Times.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Push Security – Monitor and secure your entire identity attack surface, including non-SSO identities. Get notified in real-time to vulnerabilities across all your internet-facing identities, and have your staff guided to fix simple issues.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Think before you shrink! And our guest is faked
29 november 2023 |
64 min
Don't minimise your Teams Meeting video call too hastily, you might reveal your dirty secrets! Would you be prepared to pay for Facebook and Instagram? And who is being faked to promote cryptocurrency scams?
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Jane Wakefield.
Plus - don't miss our featured interview with Push Security founder and CEO Adam Bateman.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- XtraVue Trailer demo - YouTube.
- Nvidia sued after video call mistake showed 'stolen' data - BBC News.
- Valeo v. Nvidia complaint - DocumentCloud.
- Fake BBC news article using Jane Wakefield’s name - Twitter.
- Report a fraudulent webpage to Google Safe Browsing - Google.
- Meta's EU ad-free subscription faces early privacy challenge - Yahoo!
- Meta to offer ad-free subscription in Europe in bid to keep tracking other users - TechCrunch.
- Meta’s EU ad-free subscription faces early privacy challenge - TechCrunch.
- Facebook and Instagram to Offer Subscription for No Ads in Europe - Facebook.
- noyb files GDPR complaint against Meta over “Pay or Okay” - NOYB.
- Big Mac index 2023 - Statista.
- Euro aea wages 2023 - Take-profit.org.
- Boat Story review - The Guardian.
- GlasgowGPT - the world's first Scottish artificial intelligence chatbot.
- Gergely Orosz uncovers fake female speakers at a tech conference - Twitter.
- Eliza-May Austin shares her experiences of being invited to speak at tech conferences - LinkedIn.
- Boat Story - BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Push Security - Monitor and secure your entire identity attack surface, including non-SSO identities. Get notified in real-time to vulnerabilities across all your internet-facing identities, and have your staff guided to fix simple issues.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Ransomware gang reports its own crime, and what happened at OpenAI?
22 november 2023 |
43 min
Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Hackers Use Online Casinos to Gamble Mountains of Cash They Steal from Victims - 404.
- AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC - DataBreaches.net.
- SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies - US Securities and Exchange Committee.
- OpenAI announces leadership transition - OpenAI.
- The Fear and Tension That Led to Sam Altman’s Ouster at OpenAI - The New York Times.
- Emergency Pod: Sam Altman is Out at Open AI - The New York Times.
- What We Know About Sam Altman’s Ouster From OpenAI - The New York Times.
- Ousted OpenAI C.E.O. Makes Plans for New Artificial Intelligence Company - The New York Times.
- Microsoft Hires Sam Altman Hours After OpenAI Rejects His Return - The New York Times.
- In the battle to bring ousted founder Sam Altman back to OpenAI, Microsoft and Satya Nadella hold the trump cards - Fortune.
- Rate your resignation letter - Twitter account.
- Suella Braverman’s resignation letter - Twitter.
- Analysis of letter by Dame Andrea Jenkyns - Twitter.
- Thread about letter from Dame Andrea Jenkyns - Twitter.
- The Future by Naomi Alderman review - The Guardian.
- The Future by Naomi Alderman - Harper Collins.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacking for chimp change, and AI chatbot birthday
15 november 2023 |
36 min
Who's more incompetent - the cryptocurrency exchanges or some of the people who hack them? Plus a closer look at the reliability of AI chatbots.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Bored Ape NFT Partygoers Blame UV Lights For Burned Eyes And Skin - Kotaku.
- Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked - The Register.
- Raft Suffers $3.3M Exploit That Drove Down Stablecoin 50%, but Hacker Likely Lost Money on Attack - CoinDesk.
- Leaderboard Comparing LLM Performance at Producing Hallucinations when Summarizing Short Documents - Github.
- Cut the Bull…. Detecting Hallucinations in Large Language Models - Vectara.
- Chatbots May ‘Hallucinate’ More Often Than Many Realize - The New York Times.
- Bing's ChatGPT-Powered Search Has a Misinformation Problem - Vice.
- ChatGPT gets code questions wrong 52% of the time - The Register.
- FreeTube.
- The Wonderful Story of Henry Sugar - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Panoptica – Panoptica is a cloud native application security solution connecting developer and security teams to their organization’s biggest cloud threats from code to production.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Trolls, military data, and the hitman and her
8 november 2023 |
65 min
A woman's attempt to hire an assassin online backfires badly, it's scary just how cheap it is to buy information about US military personnel, and trolls and tattoos don't mix.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Plus don’t miss our featured interview with Jason Meller of Kolide.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Woman jailed after RentaHitman.com assassin turned out to be – surprise – FBI - The Register.
- Zandra Ellis criminal complaint (PDF).
- Rent-A-Hitman: Your Point & Click Solution! - YouTube.
- It’s shockingly easy to buy sensitive data about US military personnel - MIT Technology Review.
- This Guy Trolls His TikTok Haters By Getting Tattoos of Them - Vice.
- Man Gets Back at Trolls Online With Revenge Tattoos - MSN.
- The Beatles - “Now and Then” music video - YouTube.
- “The Last of Us” piano scene, episode 3 - YouTube.
- Celeritas podcast.
- Pick of the week archive - Smashing Security.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Panoptica – Panoptica is a cloud native application security solution connecting developer and security teams to their organization’s biggest cloud threats from code to production.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
How hackers are breaching Booking.com, and the untrustworthy reviews
1 november 2023 |
42 min
Workers wonder if their colleagues are actually AI, and we take a deeper look into the curious scams going on via Booking.com.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Art Musings - Gratuitous plug for Carole’s new podcast with Sally Anne-Stewart.
- Smashing Security #344: What’s cooking at Booking.com? And a podcast built by AI - Smashing Security.
- Fraudsters target Booking.com customers claiming hotel stay could be cancelled - Graham Cluley.
- Scammers try to trick Graham again via Booking.com - Twitter.
- 'Thieves used fake Booking.com emails to steal £1,000 from me before my wedding' - The Mirror. Includes gratuitous mention of Graham’s hunt for aubergines.
- Unmasking a Sophisticated Phishing Campaign That Targets Hotel Guests - Akamai.
- Did AI Write Product Reviews? Gannett Says No - The New York Times.
- Is my co-worker AI? Bizarre product reviews leave Gannett staff wondering - The Verge.
- How to spot a fake review - Which?
- Lonely Water - Public information film from 1973.
- Scarred for Life Volume 1: The 1970s - Lulu.
- Scarred for Life Volume 2: Television in the 1980s - Lulu.
- Scarred for Life Twitter account.
- Say More with Dr? Sheila - Apple Podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Panoptica - Panoptica is a cloud native application security solution connecting developer and security teams to their organization’s biggest cloud threats from code to production.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cyber sloppiness, and why does Google really want to hide your IP address?
25 oktober 2023 |
55 min
Ahoy! There's trouble in the South China Seas as Filipino organisations fail to secure their systems, we take a close look at Google IP protection, and we take a look at just how so much genetic profile data leaked out of 23andMe.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Philippines’ cybersecurity failures exposed as hackers leak state secrets, people’s data - South China Morning Post.
- IT admins are just as culpable for weak password use - Outpost24.
- Google Chrome wants to hide your IP address - MalwareBytes.
- The 23andMe data breach reveals the vulnerabilities of our interconnected data - The Conversation.
- 23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews - Wired.
- Worried about the 23andMe hack? Here's what you can do - Washington Post.
- Paris Police 1905 - BBC iPlayer.
- British Hen Welfare Trust.
- Art Musings - Art Musings podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
What’s cooking at Booking.com? And a podcast built by AI
18 oktober 2023 |
45 min
How hunting for an aubergine could be all it takes for you to hand your credit card details over to a scammer, and just how good is a podcast entirely built by AI?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Support Alie Hothersall’s fundraising for Mind - JustGiving.
- Fraudsters target Booking.com customers claiming hotel stay could be cancelled - Graham Cluley.
- Security.txt - A proposed standard which allows websites to define security policies.
- Develop AI launches a completely synthetic podcast - Develop AI.
- Develop AI podcast.
- Is It Legal To Pay - The err.. https version of a map of which countries allow you to pay ransom demands.
- Licorice Pizza - BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Devo – Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!
- Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Four-legged girlfriends, LoveGPT, and a military intelligence failure
11 oktober 2023 |
48 min
Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Former Soldier Indicted for Attempting to Pass National Defense Information to People’s Republic of China - US Department of Justice.
- ‘Dream’ AI Girlfriend Randomly Turns Into Nude Jennifer Lopez, Has Four Legs - 404 Media.
- LoveGPT: How “single ladies” looking for your data upped their game with ChatGPT - Avast Threat Labs.
- 5 Signs Your Tinder Match Is a Scam Bot - LifeWire.
- Support Alie Hothersall’s fundraising for Mind - JustGiving.
- “The Last Action Heroes” by Nick de Semlyen - Pan Macmillan.
- Life Kit - NPR.
- Tom Hanks has made a complaint - Twitter.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Devo – Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!
- Moonlock — cybersecurity wing of MacPaw. Developers of the antimalware tech in CleanMyMac X — Moonlock Engine.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Royal family attacked, keyless car theft, and a deepfake Tom Hanks
4 oktober 2023 |
68 min
Is a deepfake Tom Hanks better than the real thing? Who has been attacking the British Royal Family's website, and why? And how can you protect your vehicle from the spate of keyless car thefts?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Plus don't miss our featured interview with Devo CISO Kayla Williams.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- The disturbing uncanny valley of Robert Zemeckis film 'Polar Express' - Far Out magazine.
- Tom Hanks warns of deepfake video promoting dental plan - Instagram.
- Fuming Tom Hanks says he had nothing to do with that AI dental ad clone of him - The Register.
- Tom Hanks warns dental plan ad image is AI fake - BBC News.
- Robin Williams’ Daughter Zelda Criticizes Use of AI to Re-create His Voice: “I Find It Personally Disturbing” - Hollywood Reporter.
- Bruce Willis denies selling rights to his face - BBC News.
- Deepfake Bruce Willis in Russian telecoms advert - YouTube.
- Could you get "carhacked"? The growing risk of keyless vehicle thefts and how to protect yourself - CBS News.
- Keyless car theft: What is a relay attack, how can you prevent it, and will your car insurance cover it? - Leasing.com.
- Testing Phone-Sized Faraday Bags - Matt Blaze.
- Famous DDoS attacks - Cloudflare.
- The sinister Russian hackers who've claimed responsibility for crashing Buckingham Palace website - Daily Mail.
- King Charles rebukes Russia's 'horrifying' invasion of Ukraine in unprecedented speech - Express.
- Visually, how much paper would a GB and a TB of data fill in terms of physical size? - Quora.
- “The shop around the corner” - Wikipedia.
- Evan Designs.
- “Eight Detectives” by Alex Pavesi - Penguin Books.
- Review of “Eight Detectives” - The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Hunters – A SOC platform, built to empower your security team to reduce risk, complexity and costs.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Devo - Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Another T-Mobile breach, ThemeBleed, and farewell Naked Security
27 september 2023 |
58 min
Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- T-Mobile customer reports privacy breach - Twitter.
- T-Mobile US exposes some customer data – but don't call it a breach - The Register.
- T-Mobile denies new data breach rumors, points to authorized retailer - Bleeping Computer.
- Connectivity Source - Despite appearances, don’t confuse it with T-Mobile.
- ThemeBleed exploit is another reason to patch Windows quickly - MalwareBytes.
- If I Embarrass My Baby on TikTok, Will He Stay My Baby Forever? - New York Times.
- They Gossiped At Brunch. Now There's a Mob After Them - Rolling Stone.
- The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech - 404 Media.
- Egg crack challenge,the last baby is so cute - YouTube.
- Trailer for “The Deepest Breath” - YouTube.
- “The Deepest Breath” - Netflix.
- Nitpick: Meaningless communications.
- Naked Security.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Heated seats, car privacy, and Graham’s porn video
20 september 2023 |
63 min
Do you know what data your car is collecting about you? Do you think it's right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email to Graham about his sex video?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Andrew Agnês.
Plus don't miss our featured interview with Gigamon's Mark Jow.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Yikes! My sex video has been uploaded to YouPorn, apparently - Graham Cluley.
- 1 million YouPorn users exposed; data breach required no security penetration - Computer World article from 2012.
- The YouPorn Sextortion Email Spam Campaign Explained - MalwareTips.
- BMW deems drivers worthy of warmth, ends heated car seat subscription - The Register.
- Hackers crack Tesla software to get free features - The Independent.
- It's Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy - Mozilla Foundation.
- Car Companies: Stop Your Huge Data Collection Programs - Mozilla Foundation.
- Programming language inventor or serial killer? - Vole.wtf.
- Rask - AI video localisation.
- Verbalate - Video translation and lip sync software.
- The Following Events Are Based on a Pack of Lies review - The Guardian.
- The Following Events Are Based on a Pack of Lies - BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames?
13 september 2023 |
52 min
Deepfakes are being used for good (perhaps), common usernames could pose a security threat, and someone has paid a $500,000 fee... just to send $1,865.
Oh, and our guest mentions Mr Blobby (to the horror of the show's hosts...)
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Tweet by Jameson Lopp.
- Bitcoin user’s costly error leads to record transaction fee of $510,000 - Cryptoslate.
- Root Admin User: When Do Common Usernames Pose a Threat? - GovInfoSecurity.
- Dave’s conversation with Crosstalk’s Chris Sherwood - Hacking Humans podcast.
- Passkey authentication - Wikipedia.
- Passkeys: Accelerating the Availability of Simpler, Stronger Passwordless Sign-Ins - FIDO Alliance.
- Test your mental image ability - Aphantasia.
- How to create your own personal deepfake - Axios.
- Deepfakes are being used for good – here’s how - Connecting Research - University of Reading.
- Six things you need to know about deepfakes - BBC Radio 4.
- Mitigating Aphantasia with Generative Reality - Medium.
- Ethical Deepfake Maker - Synthesia.
- HeyGen deepfakes - HeyGen.
- Deepfakes are being used for good – here's how - The Conversation.
- Search engines required to stamp out AI-generated images of child abuse under Australia’s new code - The Guardian.
- Induction Hob with Rotary Controls - Cookology.
- Top 10 WTF Mr Blobby Moments - YouTube.
- Lessons in Chemistry by Bonnie Garmus review – the right comic formula - The Guardian.
- "Lessons in Chemistry” - Book by Bonnie Garmus.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Moonlock — cybersecurity wing of MacPaw. Developers of the antimalware tech in CleanMyMac X — Moonlock Engine.
- Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Catfishing services, bad sports, and another cockup
6 september 2023 |
67 min
AI news is bad news, an online service to catch your cheating partner, and an IoT-enabled dick cage fails to keep a grip on its own security.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Plus don't miss our featured interview with Alex Lawrence, principal security architect at Sysdig.
Warning: This podcast may contain nuts, adult themes, and rude language. May? Who are we kidding...
Episode links:
- 199: A few tech cock-ups, and one cock lock-up - Smashing Security.
- Smart male chastity lock cock-up - Pen Test Partners.
- “My sexual urges are so out of control I’m considering buying a chastity cage” - Dear Deidre, The Sun.
- Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed - TechCrunch.
- Dispatch pauses AI sports writing program - Axios.
- Would Your Partner Cheat? These ‘Testers’ Will Give You an Answer - The New York Times.
- Loyalty Test.
- Nitpick: Why don’t induction hobs have knobs?
- Longevity… simplified - book by Dr Howard J Luks.
- Oxford Art Society Open Exhibition 2023.
- Carole Theriault art website.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Sysdig – Is your cloud secure? Not without runtime insights! Sysdig delivers the industry’s ONLY complete, consolidated Cloud-Native Application Protection Platform (CNAPP) – powered by runtime insights – to prioritize critical risks and stay ahead of unknown threats. Learn how runtime insights reduces fatigue so developers can focus on delivering software and your security teams can focus on other demands.
- ClearVPN – Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The DEA’s crypto calamity, and scammers’ blue tick bonanza
30 augusti 2023 |
38 min
Seized cryptocurrency is stolen from the DEA, blue-ticks are being exploited, a bath full of dollar bills, the comfort offered by an ostrich's head, and how Graham is refusing to call Twitter "X".
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer - Forbes.
- Stranger sent dick pics so I convinced him he was dying - YouTube.
- Creeps Airdropping Dick Pics Is the Latest Air Travel Nightmare - Vice.
- Airdrop scam tokens - Trezor.
- Brother of Criminal Bitcoin Mixing CEO Pleads Guilty to Stealing 712 Bitcoins From IRS - CoinDesk.
- Blue-tick scammers target consumers who complain on X - The Guardian.
- Infinite Mac.
- Classic Mac OS - Wikipedia.
- Perplexity AI - chatbot.
- CrazyGames.
- Braingle.
- 40 Weirdest Things on Amazon That People Actually Love to Buy - Good Housekeeping.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Beyond Identity – Enables companies with the ability to completely eliminate reliance on passwords and protect against password-based breaches, fraud, and ransomware attacks. Get a free demo.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Pizza pests, and securing your wearables
23 augusti 2023 |
39 min
Surely you should be able to order pizza without being pestered for sex? And Carole takes a look at the what and why of wearables...
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- One in three young people falling prey to ‘text pests’ as ICO calls for victims to come forward - ICO.
- My pizza order turned into a terrifying ordeal after creepy delivery driver stole my data & I was sent sinister messages - The Sun.
- Share your experience of unwanted contact after giving your personal information to a business for a legitimate reason - ICO.
- IoT, wearables and the new health insurance paradigm - IT-Online.
- Top 10 Innovative Wearable IoT Devices - IOT Design Pro.
- Explosive Growth Forecasted: IoT in Healthcare Market Set to Reach US$ 952.3 Billion by 2032 with a Remarkable CAGR of 18.0% - PharmiWeb.
- Sweat it out: Novel wearable biosensor for monitoring sweat electrolytes for use in healthcare and sports -Science Daily.
- New Apple Watch X Leaked: MAJOR Redesign & Magnetic Band System! -YouTube.
- Wearables | Privacy & security guide - Mozilla Foundation.
- 5 trending wearables in 2023 to look out for - Ignitec.
- Internet of Things Becomes Greater Focus for Pharma -Health Leaders media.
- Hospitals are selling treasure troves of medical data — what could go wrong? - The Verge.
- Opt out of sharing your health records - NHS.
- Legal lullabies - Drift asleep listening to Instagram's terms of service.
- The Sound: Mystery of Havana Syndrome.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Beyond Identity – Enables companies with the ability to completely eliminate reliance on passwords and protect against password-based breaches, fraud, and ransomware attacks. Get a free demo.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
AI chat wars, and hacker passwords exposed
16 augusti 2023 |
34 min
AI chatbots are under fire in Las Vegas, the secrets of hackers' passwords are put under the microscope, and Graham reveals (possibly) the greatest TV programme of all time.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- 100,000 Hackers Exposed from Top Cybercrime Forums - Hudson Rock.
- Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer - Hudson Rock.
- People coaxed AI into saying 9+10=21 and giving instructions for spying — it shows how these systems are prone to flaws and bias - Business Insider.
- These Women Tried to Warn Us About AI - Rolling Stone.
- Chatbots: Why does White House want hackers to trick AI? - BBC News.
- I, Claudius - BBC iPlayer.
- Drama Connections: I, Claudius - BBC documentary from 2005, on YouTube.
- 'Painkiller' Review: Netflix Series Fails To Capture Opioid Crisis - Variety.
- ”Painkiller” trailer - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Sysdig – Is your cloud secure? Not without runtime insights! Sysdig delivers the industry’s ONLY complete, consolidated Cloud-Native Application Protection Platform (CNAPP) – powered by runtime insights – to prioritize critical risks and stay ahead of unknown threats. Learn how runtime insights reduces fatigue so developers can focus on delivering software and your security teams can focus on other demands.
- Beyond Identity - Enables companies with the ability to completely eliminate reliance on passwords and protect against password-based breaches, fraud, and ransomware attacks. Get a free demo.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Acoustic attacks, and the tears of a crypto rapper
9 augusti 2023 |
44 min
Razzlekhan, the self-proclaimed Crocodile of Wall Street, pleads guilty to the biggest crypto laundering scheme in history, and just how safe are you typing while on a Zoom call?
Meanwhile, Graham rants about public EV chargers.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- With Nvidia Eye Contact, you’ll never look away from a camera again - Ars Technica.
- “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” - Technical paper (PDF).
- New acoustic attack steals data from keystrokes with 95% accuracy - Bleeping Computer.
- Bitfinex users to share 36% of bitcoin losses after hack - BBC News.
- Bitfinex’s Latest News & Updates - BitFinex blog.
- Heather R. Morgan - Wikipedia.
- Razzlekhan and husband guilty of $4.5bn Bitcoin launder - BBC News.
- Record-high seizure of $4bn in stolen Bitcoin - BBC News.
- ‘Sexy horror comedy’: Bitcoin laundering suspect is also ‘raunchy rapper’ Razzlekhan - The Guardian.
- ”Versace Bedouin” music video by Razzlekhan - YouTube.
- “Pho King Badd Bhech” music video by Razzlekhan - YouTube.
- SWARCO - Nit Pick of the Week.
- Esim Holafly - Holafly.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- ClearVPN – Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Barbie and the stalking spouse
2 augusti 2023 |
38 min
Carole takes us into the sinister side of Barbie, while Graham describes a stalkerware operation that has been spilling its secrets.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- SpyHide couldn’t hide forever - Maia arson crimew.
- Spyhide stalkerware is spying on tens of thousands of phones - TechCrunch.
- Coalition against Stalkerware.
- Use Google Play Protect to help keep your apps safe and your data private - Google.
- Eyeing Barbie movie download? Beware of online scam, says McAfee - Tech News.
- A Complete History of the Barbie Movie - Vanity Fair.
- 20 Things You Probably Didn't Know About Barbie - Readers Digest.
- Influencer's 'Honest Review' of 'Barbie' Goes Viral - Newsweek.
- How scammers are using ‘Barbie’ craze to steal personal information - The Hill.
- ‘Barbie’ Box Office to Blast Past $700M Globally After Record Week - The Hollywood Reporter.
- Scammers Love Barbie: Fake Videos Promote Bogus Ticket Offers That Steal Personal Info - McAfee.
- History vs Hollywood.
- Weird: The Al Yankovic story - History vs Hollywood.
- The News Meeting - Tortoise podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Hunters – A SOC platform, built to empower your security team to reduce risk, complexity and costs.
- Moonlock - The cybersecurity wing of MacPaw. Developers of CleanMyMac X antimalware tech, Moonlock Engine.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Nudes leak at the plastic surgery, Mali mail mix-up, and WormGPT
26 juli 2023 |
52 min
Dr 90210 finds himself in a sticky situation after his patients' plastic surgery photos AND more end up in the hands of hackers, emails to the US military end up in the wrong hands, and script kiddies salivate at the thought of Business Email Compromise powered by generative AI.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus Space Daily’s Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- 90210 plastic surgeon Dr Gary Motykie.
- Dr Gary Motykie videos - YouTube.
- More plastic surgery patients have their nude photos and information leaked - DataBreaches.net.
- Typo watch: 'Millions of emails' for US military sent to .ml addresses in error - The Register.
- Hundreds of thousands of US military e-mails wind up in Mali - Le Monde.
- Beware of WormGPT: AI Tool Enables Cyber Attacks and Impersonation Scams - IB Times.
- WormGPT: a generative AI tool to compromise business emails - CSO Online.
- WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks - SlashNext.
- “Who shat on the floor at my wedding?”
- Futurama - Wikipedia.
- Radiooooo.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- ClearVPN - Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Boris Johnson’s WhatsApps, and sextorting party girls
19 juli 2023 |
36 min
Former Prime Minister Boris Johnson wants to hand over his WhatsApp messages - or does he? And a couple of fun-loving girls from Aberdeen have come up with a sinister twist on sextortion scams.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley (from a mystery location) and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- The UK Covid-19 Inquiry.
- Court orders ministers to hand Boris Johnson’s WhatsApps to Covid inquiry - The Guardian.
- Boris Johnson ‘has forgotten’ passcode for phone wanted by Covid inquiry - The Guardian.
- The Lockdown Files: Matt Hancock rejected expert advice on care home testing, WhatsApp messages reveal - The Telegraph.
- Boris Johnson's Personal Phone Number Has Been Hiding in Plain Sight Online For 15 Years - Vice.
- Party girls netted £120,000 from terrified men in ‘sextortion’ scam -The Times.
- Exclusive: Women posed as underage girls to blackmail men out of nearly £122000 -Press and Journal.
- Musicless music video of Lionel Richie’s “Hello” - YouTube.
- Musicless music video of Rolling Stones performing live in 1964 - YouTube.
- Intrigue: Burning Sun - BBC podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Deepfake Martin Lewis, and a deadly jog in the park
12 juli 2023 |
40 min
Going for a jog can be bad for your privacy (but even worse for your health), and Britain's consumer finance champion finds his face is being faked.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Russian commander shot dead after posting runs on Strava running app - Kyiv Post.
- Martin Lewis felt 'sick' seeing deepfake scam ad on Facebook - BBC News.
- How synthetic media, or deepfakes, could soon change our worldeing deepfake scam ad on Facebook - 60 Minutes on YouTube.
- Nicki Minaj wants to delete the “whole internet” after viral AI deepfake video -Technology Inquirer.
- Fears grow of deepfake ID scams following Progress hack - Ars Technica.
- “Deep Fake Neighbour Wars”: ITV’s comedy shows how AI can transform popular culture -The Conversation.
- ”My Old School” - BBC Scotland.
- ”My Old School” trailer - YouTube.
- MP doesn’t know whether she attended Downing St Party - YouTube.
- ”Non-Censored” with Rosie Holt podcast - Audioboom.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide - Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Sysdig - Is your cloud secure? Not without runtime insights! Sysdig delivers the industry's ONLY complete, consolidated Cloud-Native Application Protection Platform (CNAPP) - powered by runtime insights - to prioritize critical risks and stay ahead of unknown threats. Learn how runtime insights reduces fatigue so developers can focus on delivering software and your security teams can focus on other demands.
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Pornhub, Barbie dolls, and can you trust a free TV?
5 juli 2023 |
47 min
Just how much do porn websites know about your sexual peccadillos? How are Barbie dolls involved in identity scams? And would you trust a completely free telly?
Oh, and Graham has some opinions to share about "Indiana Jones and the Dial of Destiny".
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Matt Davey from the "Random but Memorable" podcast.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Pornhub Is Being Accused of Illegal Data Collection - Wired.
- StopDataPorn brings Pornhub to court for abusing users’ personal data with GDPR complaints - StopDataPorn.
- The Password Game - Neal.fun.
- The True Cost of a Free TV - Wired.
- Telly dual-screen TV first look: it’s free and may be the future - The Verge.
- Swindlers Used Barbie Dolls to Rob COVID Relief Program - The Messenger.
- How rampant abuse by fintech fueled covid relief fraud - The Washington Post.
- 'Biggest fraud in a generation': The looting of the Covid relief plan known as PPP - NBC News.
- "We Are Not the Fraud Police": How Fintechs Facilitated Fraud in the Paycheck Protection Program - Fox News.
- ‘The Dial Of Destiny’ Is Now The Worst-Reviewed ‘Indiana Jones’ Movie - Forbes.
- “Jury Duty” TV series - Wikipedia.
- “Jury Duty” trailer - YouTube.
- Spray Cork: What Is It? - Build with Rise.
- CorkSol.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
UPS smishing, ChatGPT 101, and storing secret files
28 juni 2023 |
56 min
UPS delivers some smishing advice (but have they kept something under wraps?), we ask ChatGPT to take a long hard look at itself, and we debate what the penalty should be for taking national secrets home with you.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's sole founder Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- UPS discloses data breach after exposed customer info used in SMS phishing - Bleeping Computer.
- Example of UPS SMS phishing message related to Lego order - Twitter.
- Another example of a Lego-related UPS phishing message - Twitter.
- Former FBI Analyst Sentenced for Retaining Classified Documents - US Department of Justice.
- How The Intercept might have helped unmask Reality Winner to the NSA - Graham Cluley.
- Bad adverts leave people scratching their heads - MSN.
- How Cybercriminals Can Perform Virtual Kidnapping Scams Using AI Voice Cloning Tools and ChatGPT - Trend Micro.
- Which Jobs Will Be Most Impacted by ChatGPT? - Visual Capitalist.
- Unraveling an AI Scam with AI - Imperva.
- 100,000 Hacked ChatGPT Accounts Discovered on Dark Web - Hackread.
- 97+ ChatGPT Statistics & User Numbers In June 2023 (New Data) - Nerdy Nav.
- “Speed Cubers” - Netflix.
- Trailer for “Speed Cubers” - YouTube.
- KBDcraft.
- ”How to Win Friends and Disappear People” - Qcode Podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Mark’s metaverse for minors, and getting down to business
21 juni 2023 |
37 min
There's some funny business going on on Google, and Zuckerberg's $14 billion bet on the metaverse is beginning to look a little childish...
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Google sues alleged scammer over fake business and review scheme - The Verge.
- Meta to Lower Age for Users of Virtual Reality Headset to 10 From 13 - New York Times.
- Introducing New Parent-Managed Meta Accounts for Families - Meta Blog.
- Keep Connected - ages 10–14 - Keep Connected.
- The Metaverse Police: A VR content moderator shares his insights - Mixed News.
- “Untold: The Girlfriend Who Didn't Exist” - Netflix.
- Tommy Siegel - Some candy hearts comics I drew, a thread - Twitter.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Right Royal security threats and MOVEit mayhem
14 juni 2023 |
55 min
There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Declassified files reveal ‘large number’ of security scares at Windsor Castle - Metro.
- Intruder at Windsor: Security 400 scared of unpleasant Andrew' to turn away fantasist - Express.
- The US Is Openly Stockpiling Dirt on All Its Citizens - Wired.
- I don’t care about cookies browser plugin.
- MOVEit hack: Media watchdog Ofcom latest victim of mass hack - BBC News.
- BBC, BA and Boots issued with ultimatum by cyber gang Clop - BBC News.
- Ukrainian police arrest multiple Clop ransomware gang suspects - TechCrunch.
- BBC and British Airways affected by data breach at payroll company Zellis - The Record.
- BA, Boots and BBC staff details targeted in Russia-linked cyber-attack - The Guardian.
- Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft - Mandiant.
- MOVEit Transfer and MOVEit Cloud Vulnerability - Progress.
- MOVEit announces second vulnerability; Minnesota schools agency breached with original bug - The Record.
- An Update on the Steps We are Taking to Protect MOVEit Customers - Ipswitch.
- Spider-Man: Across the Spider-Verse - IMDB.
- Spider-Man: Across the Spider-Verse trailer - YouTube.
- The Muppets Mayhem - Disney+.
- The Muppets Mayhem trailer - YouTube.
- NT-USB microphone - Rode.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Hunters - A SOC platform, built to empower your security team to reduce risk, complexity and costs.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Rick Astley and the little birdie scam
7 juni 2023 |
60 min
Australia's signal intelligence agency calls upon an Eighties popstar to fight terrorism, and a simple act of kindness leads to a woman being scammed for thousands.
All this and much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus - don't miss our featured interview with Max Power of Bitwarden.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Australian cyber-op attacked ISIL with the terrifying power of Rickrolling - The Register.
- “Breaking the code: Cyber Secrets Revealed” - ABC.
- Scam Alert: Woman tries helping injured bird, ends up losing Rs 1 lakh to cyber criminals - MSN News.
- Toll-free Hijack Alert (misdial scam) - AT&T.
- “Connected: the hidden science of everything” - Netflix.
- “Connections” with James Burke - YouTube.
- “I wanna marry Harry” reality show - Wikipedia.
- “Space cadets” reality show - Wikipedia.
- Unreal: A Critical History of Reality TV - Apple Podcasts.
- Famous Studios - Famous Studios website.
- Unreal: A Critical History of Reality TV - BBC Sounds.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Centripetal – Centripetal’s CleanINTERNET defends your assets from cyber threats by leveraging dynamic threat intelligence on a mass scale.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
.ZIP domains, AI lies, and did social media inflame a riot?
31 maj 2023 |
77 min
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Plus don't miss our featured interview with David Ahn of Centripetal.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- 8 new top-level domains for dads, grads and techies - Google.
- Tweet by Citizen Lab’s John Scott-Railton - Twitter.
- File Archiver in the browser - mr.d0x.
- A Lawyer's Filing "Is Replete with Citations to Non-Existent Cases" - Thanks, ChatGPT? - Reason.
- Ely riot: Live updates as police investigate CCTV showing police van following bike moments before fatal crash - Wales Online.
- Cardiff riot: Police force refers itself to watchdog as CCTV shows its van following e-bike before fatal crash - Sky News.
- Two boys killed in Cardiff crash which was followed by riot are named - Sky News.
- Cardiff riots: social media rumours about crash started unrest, says police commissioner - The Guardian.
- Black Butterflies - Netflix.
- Black Butterflies trailer - YouTube.
- “The End of the World Is Just the Beginning: Mapping the Collapse of Globalization” by Peter Zeihan - Amazon.
- Science Vs - Gimlet Media Podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Centripetal – Centripetal’s CleanINTERNET defends your assets from cyber threats by leveraging dynamic threat intelligence on a mass scale.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Botched Bitcoin blackmail, iSpoof, and Meta’s billion dollar data bungle
24 maj 2023 |
50 min
13 years jail for spoofing scammer, a rogue IT security expert's Bitcoin blackmail goes wrong, and Facebook's eyewatering GDPR fine may be only the beginning of its problems.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the Imposter Syndrome Network podcast's Zoë Rose.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Man convicted of blackmail and other offences - SEROCU.
- EU hits Meta with record €1.2B privacy fine - Politico.
- Police text 70,000 victims in UK's biggest anti-fraud operation - BBC News.
- iSpoof fraudster guilty of £100m scam sentenced to 13 years - BBC News.
- Fraudster pleads guilty to £100m iSpoof scam - BBC News.
- 300: Interplanetary file systems, iSpoof, and don’t delete Twitter - Smashing Security.
- "John Was Trying to Contact Aliens" - Netflix.
- Sleep mask - Amazon.
- Blackout blind with suction cups - Amazon.
- Jewish Matchmaking - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Centripetal - Centripetal's CleanINTERNET defends your assets from cyber threats by leveraging dynamic threat intelligence on a mass scale.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
When you buy a criminal’s phone, and paying for social media scams
17 maj 2023 |
42 min
Personal information is going for a song, and the banks want social media sites to pay when their users get scammed.
All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Vote for "Smashing Security" in the European Security Blogger Awards.
- Re-Victimization from Police-Auctioned Cell Phones - Krebs on Security.
- Fraud Strategy: stopping scams and protecting the public - UK Gov.
- Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested - Hacker News.
- Social media firms should reimburse online fraud victims, say UK bankers - The Guardian.
- How Many People Use Social Media in 2023? - Oberlo.
- Scam social media quizzes dupes people into revealing personal details - ITV News.
- Where are you most likely to be scammed: phone, text or social media? - This is Money.
- Major bank calls out Meta for huge rise in scams on its platforms - This is Money.
- The Legend of Zelda: Tears of the Kingdom - Nintendo.
- ScanSnap SV600 - Fujitsu.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Outpost24 – Understand your shadow IT risk with a free attack surface analysis.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Eurovision, acts of war, and Twitter circles
10 maj 2023 |
67 min
Twitter shares explicit photos without users' permission, one US company can look forward to a $1.4 billion payout seven years after an infamous cyberattack, and how might hackers target Eurovision?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by cybersecurity reporter John Leyden.
Plus don't miss our featured interview with Outpost24's John Stock.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Introducing Twitter Circle, a new way to Tweet to a smaller crowd - Twitter.
- Twitter Circles Is Broken, Revealing Nudes Not Meant For The General Public - Buzzfeed News.
- Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout - The Register.
- What is Hostile or Warlike?: An in-depth look at the Merck war exclusion decision and its shortfalls - Kennedys Law.
- Eurovision voting scandal: Six juries cheated and voted for each other - EuroVision World.
- Eurovision: MP seeks assurances contest voting will be protected from Russian threats - Sky News.
- Fears pro-Russian hackers could ruin Eurovision by disrupting broadcasts and silencing the song contest next week - Daily Mail.
- Cyber security experts hope to protect Eurovision voting from possible Russian threat - ITV News.
- The technology of the Eurovision Song Contest - Technology and Engineering.
- Cyber security experts hope to protect Eurovision voting from possible Russian threat - Eurovision News.
- Eurovision voting scandal: Six juries cheated and voted for each other - Eurovision News.
- Eurovision 2023: Tickets for Liverpool sell out after huge demand - BBC News.
- Eurovision 2023: Hotel phishing scam targets song contest fans - BBC News.
- “My Lovely Horse”, Father Ted’s Eurosong contest entry 1996 - YouTube.
- Doctor Who: Tony Hadoke’s Time Travels podcast.
- Toby Hadoke.
- MyBuilder.
- Carole Theriault art gallery - Carole Theriault’s art website.
- Carole Theriault and John Hawes exhibition - Oxfordshire Artweeks.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Outpost24 – Understand your shadow IT risk with a free attack surface analysis.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
City Jerks, AI animals, and is the BBC hacking again?
3 maj 2023 |
49 min
Two unsavoury websites suffer from a worrying leak, scientists are going animal crackers over AI, and the BBC is intercepting scammers' live phone calls with victims.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Hackers steal emails, private messages from hookup websites - TechCrunch.
- Scam Interceptors - BBC.
- ‘They’re coming up with devious ways to take your money’: the TV hackers taking on the scammers - The Guardian.
- Did BBC break the law by using a botnet to send spam? - Naked Security.
- How a horse whisperer can help engineers build better robots - Science Daily.
- How Scientists Are Using AI to Talk to Animals - Scientific American.
- “I don’t know”, sung by 76-year-old Paul McCartney - YouTube.
- “I don’t know”, sung by AI Paul McCartney - YouTube.
- AI makes Paul McCartney’s voice youthful - The Daily Beatle.
- “New”, sung by the AI Beatles - YouTube.
- AI Freddie Mercury sings “Yesterday” - YouTube.
- The Evaporated - Campside Media.
- Tetris - Apple TV+.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Outpost24 - Understand your shadow IT risk with a free attack surface analysis.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The CEO who also ran IT, Strava strife, and TikTok tall tales
26 april 2023 |
56 min
A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava's privacy isn't so private, and a private investigator uncovers some TikTok tall tales.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by T-Minus's Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Finnish therapy clinic’s CEO fired after despicable data breach and blackmail threats - Graham Cluley.
- Lizard Squad Member: Why I Took Down Xbox and PlayStation - Sky News on YouTube.
- Hacker Charged With Extorting Online Psychotherapy Service - Krebs on Security.
- Finland’s Most-Wanted Hacker Nabbed in France - Krebs on Security.
- Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes - Bitdefender.
- Hackers can find your home on Strava even if you use privacy settings, researchers find - Yahoo Sports.
- Iron Bianca hashtag on TikTok - TIkTok.
- Investigators warn of fake suicide scams on social media platforms - MSN News.
- How did Iron Bianca die? Tribute Pours In As Tiktok Star Passed Away - PBK News.
- Spill-the-Tea-007 TikTok Channel - TikTok.
- Mike Bolhius Private Investigator - Mike Bolhius homepage.
- Paint trailer - YouTube.
- Bob Ross: Happy Accidents, Betrayal & Greed - Netflix.
- Star Trek: Picard - Paramount Plus.
- The Diplomat - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- hCaptcha – hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats.Start your free trial today.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Tesla workers spy on drivers, and Operation Fox Hunt scams
19 april 2023 |
37 min
Graham wonders what would happen if his bouncing buttocks were captured on camera by a Tesla employee, and we take a look at canny scams connected to China's Operation Fox Hunt.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
(Oh, and when Carole mentioned Colin the Accountant as her "Pick of the Week" she really meant "Colin from Accounts". Sorry!)
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Countering Threats Posed by the Chinese Government Inside the US - Speech by the FBI’s Christopher Wray.
- Criminals Pose as Chinese Authorities to Target US-based Chinese Community - FBI.
- FBI: How fake Xi cops prey on Chinese nationals in the US - The Register.
- Special Report: Tesla workers shared sensitive images recorded by customer cars - Reuters.
- 303: Secret Roomba snaps, Christmas cab scams, and the future of AI - Smashing Security.
- Lawsuit: Tesla must be punished for “tasteless” sharing of car-camera images - Ars Technica.
- Customer Privacy Notice - Tesla.
- Tesla hit with class action lawsuit over alleged privacy intrusion - Reuters.
- Tesla About Autopilot - Tesla.
- “Wet Nellie” - Wikipedia.
- Device Orchestra - YouTube.
- “Smoke on the Water”, as performed by Device Orchestra - YouTube.
- “Eye of the Tiger”, as performed by Device Orchestra - YouTube.
- Cabin Camera - Tesla.
- Colin from Accounts - Amazon Prime.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
12 april 2023 |
51 min
Everyone's talking juice-jacking - but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn't been hacked. And Carole hosts the "AI-a-go-go or a no-no?" quiz for Dave and Graham.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Uber driver info stolen yet again: This time from law firm - The Register.
- Letter from law firm Genova Burns to impacted Uber drivers (PDF)
- Tweet by FBI Denver - Twitter.
- FBI warns against using public phone charging stations - CNBC.
- 'Juice Jacking': The Dangers of Public USB Charging Stations - FCC.
- Stop! Don’t charge your phone this way - Seattle Times.
- This Seemingly Normal Lightning Cable Will Leak Everything You Type - Vice.
- Cybersecurity Myths You Might Still Believe – Debunked! - CXO Today.
- China to require 'security assessment' for new AI products - France24.
- Cybercrime: be careful what you tell your chatbot helper…- The Guardian.
- 12 Jobs that AI will never replace - In Hunt World.
- ChatGPT Fabricates Sexual Harassment Scandal, Names Real US Law Professor As Accused - Republic World.
- Insurable cyberattacks? - Caveat podcast.
- UBI board game - Board Game Geek.
- The Eye, The Pyramid, The Map: The Psychogeography of ‘The World According to Ubi’ - We Are The Mutants.
- They Finally Let Me Into Abbey Road Studios! - Rick Beato, YouTube.
- Robot Wars: Episode 5 Battle Recaps 2017 - BBC Two, YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- hCaptcha – hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats.Start your free trial today.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Of Musk and Afroman
5 april 2023 |
42 min
An Elon Musk-worshipping college principal gets schooled, and rapper Afroman turns the tables after armed police raid his house.
All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- These Men's Rights Activists Literally Worship Elon Musk - Buzzfeed News.
- Florida principal who sent $100K to scammer posing as Elon Musk says she was 'groomed' - WESH.
- Florida principal resigns after sending $100K to scammer posing as Elon Musk - NY Post.
- Afroman - Will You Help Me Repair My Door - YouTube.
- Official Music Video for Because I Got High performed by Afroman - YouTube.
- Police sue rapper Afroman for using footage of home raid in his music videos - The Guardian.
- Afroman Complaint - Adams County Court.
- Afroman Got Raided by Cops, So He Put Them in His Music Video - Vice.
- Afroman - Wikipedia.
- Afroman sued by seven officers who raided his home - NME.
- Afroman Isn’t Worried About a Police Lawsuit Over His Music Videos - Rolling Stone.
- Afroman Cops Wrecked My Home In Raid, For Nothing ...I Need Ben Crump!!! - TMZ.
- Afroman I'm Missin' $400 In Cash After Raid... Thinks Cops Swiped It - TMZ.
- Atlas Obscura.
- Oak Beams, New College Oxford - Atlas Obscura.
- BeyerDynamic DT 770 PRO Headphones - BeyerDynamic.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Crypto hacker hijinks, government spyware, and Utah social media shocker
29 mars 2023 |
48 min
A cryptocurrency hack leads us down a maze of twisty little passages, Joe Biden's commercial spyware bill, and Utah gets tough on social media sites.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Tweet by Euler Finance confirming security breach - Twitter.
- Euler Finance to Offer $1M Reward as It Reels From Nearly $200M Exploit - Coindesk.
- Hackers stole over $500m in cryptocurrency in record-making heist, Ronin says - The Guardian.
- Hacker Behind $200M Euler Attack Apologizes, Returns Millions in Ether, Dai to Protocol - Coindesk.
- President Biden kind of mostly bans commercial spyware from US govt - The Register.
- Utah Law Could Curb Use of TikTok and Instagram by Children and Teens - New York Times.
- Utah’s social media for kids law could be coming to a state near you - Vox.
- Utah Governor Spencer Cox signs a landmark social media bill - YouTube.
- RRR - Netflix.
- RRR trailer - YouTube.
- RRR Naatu Naatu dance scene - YouTube.
- Best films of 2022 in the UK, No 7: RRR - The Guardian.
- He Died with a Felafel in His Hand - Wikipedia.
- Swarm - Amazon Prime.
- Night of the Lepus - Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- hCaptcha - hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats. Start your free trial today.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Photo cropping bombshell, TikTok debates, and real estate scams
22 mars 2023 |
48 min
It could be a case of aCropalypse now for Google Pixel users, there's a warning for house buyers, and just why is TikTok being singled out for privacy concerns?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Stop pixelating! New tool reveals the secrets of "redacted" documents - Hot for Security.
- Google Pixel exploit reverses edited parts of screenshots - The Verge.
- Tweet by researcher Simon Aarons - Twitter.
- aCropalypse demo.
- Samsung 'Fake' Moon Shots Controversy Puts Computational Photography in the Spotlight - MacRumors.
- Android phones can be hacked just by someone knowing your phone number - Graham Cluley.
- BBC advises staff to delete TikTok from work phones - BBC News.
- TikTok: UK ministers banned from using Chinese-owned app on government phones - BBC News.
- TikTok banned from official Welsh government phones - BBC News.
- Danish public broadcaster advises staff against using TikTok - BBC News.
- Canada bans TikTok on government devices - BBC News.
- European Commission bans TikTok on staff devices - BBC News.
- New bill would ban TikTok in the US but it faces long odds - BBC News.
- A Retired Teacher and Her Daughter Were Scammed Out of $200,000 Over Email: 'I'm 69 Years Old and Now I'm Broke and Homeless' - Entrepreneur.
- Retired Colorado teacher left homeless and broke after scammers hijack house sale - MSN.
- Homebuyers scammed out of nearly $200,000 - YouTube.
- Stolen life savings Vickie and Sarah Ragle - Go Fund Me.
- The Play That Goes Wrong.
- The Goes Wrong Show 90 Degrees clip - YouTube.
- The Goes Wrong Show Series One - Amazon Prime.
- Poo Pays.
- MiniPresso NS2 - Wacaco.
- Restart Podcast - BBC.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Tesla twins and deepfake dramas
15 mars 2023 |
38 min
The twisted tale of the two Teslas, and a deepfake sandwich.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- B.C. man says he accidentally unlocked and drove someone else’s Tesla using the app - Global News.
- A College Girl Found Deepfake Porn of Herself Online. Who Did It Shocked Her - Rolling Stone.
- Denmark Tries to Attract Tourists Using ChatGPT, Deepfakes, and Famous Paintings UK PC Mag.
- Deepfake Tools Are Made To Facilitate Harassment—So Why Are They Available in the App Store? - MSN.
- Spot the Deepfake - Microsoft.
- Sholay trailer - YouTube.
- Sholay: Review of the monumental Indian epic - YouTube.
- Rent or buy Sholay - YouTube Movies.
- Jazz Pianist Brad Mehldau Plays The Beatles - NPR.
- Brad Mehldau - Brad Mehldau website.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Super grannies, bar trolls, and US Marshals
8 mars 2023 |
62 min
Scammers get pwned by a Canadian granny! Don't be seduced in a bar by an iPhone thief! And will the US Marshals be able to track down the villains who stole their data?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Plus don’t miss our featured interview with Jason Meller of Kolide.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- They thought they could scam this Windsor grandmother of nearly $10K. She turned the tables on them - CBC.
- Canada grandma helps stop fraud scheme targeting senior citizens - BBC News.
- A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life - Wall Street Journal.
- Ransomware attack on US Marshals Service affects ‘law enforcement sensitive information’ - CNN.
- Hackers steal sensitive law enforcement data in a breach of the U.S. Marshals Service - NPR.
- 9 millionaires and billionaires with the most bizarre spending habits - Business Insider.
- Phishing still the leading way attackers breach security controls: IBM - IT World Canada.
- New White House cyber strategy picks a fight with ransomware - AXIOS.
- Happy Valley - BBC.
- My 80s TV.
- Everything Everywhere All at Once - IMDB.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Zero Trust for Okta. Watch a demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
TikTok, wiretapping, and your deepfake voice is your password
1 mars 2023 |
49 min
Who has been warning Italian criminals that their phones are wiretapped? Can you trust your voice to protect your bank account? And why is TikTok being singled out by investigators?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Wiretapping Italian police tune in to hear their secrets being sold - The Times.
- Jeremy Paxman stuns Silvio Berlusconi with Angela Merkel insult allegation - The Guardian.
- Silvio Berlusconi interviewed by Jeremy Paxman on BBC Newsnight - YouTube.
- Protests grow in Italy over the wiretapping of journalists - Independent.
- How I Broke Into a Bank Account With an AI-Generated Voice - Vice.
- TikTok under investigation by Canadian privacy authorities - BBC.
- The UN's cyber crime treaty could be a privacy disaster - IT Pro.
- TikToker outlines how she quit every job she’s had over the ‘most minor inconveniences’ Yahoo News.
- “Check It Out” episode about nuclear war from July 1980 - YouTube.
- The North-West Is Our Mother: The Story of Louis Riel's People, the Métis Nation - GoodReads.
- Fleishman is in Trouble review – Jesse Eisenberg’s endlessly witty divorce drama is almost too good - The Guardian.
- Fleishman is in Trouble - Disney+
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Zero Trust for Okta. Watch a demo today!
- Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Verified blue ticks and horny AI chatbots
22 februari 2023 |
44 min
Boyfriends who are bots, Facebook's checkmark charge, Twitter Blue, and Will Ferrell's taunt of football fans...
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Testing Meta Verified to Help Creators Establish Their Presence - Meta.
- As Twitter forces users to remove text message 2FA, it’s in danger of decreasing security - Graham Cluley.
- A pre-match message from Will Ferrell - QPR Twitter account.
- BBC Takes Down Story About Will Ferrell After Being Fooled By Fake Twitter Account - Deadline.
- Replika CEO Says AI Companions Were Not Meant to Be Horny. Users Aren't Buying It - Vice.
- ‘My AI Is Sexually Harassing Me’: Replika Users Say the Chatbot Has Gotten Way Too Horny - Vice.
- Replika homepage - Replika.
- Click and Drag - xkcd.
- 1110: Click and Drag - Explain xkcd.
- xkcd 1110: Click and Drag map - Zoomable map of “Click and drag”
- Only Murders in the Building - Disney Plus.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Zero Trust for Okta. Watch a demo today!
- SecurEnvoy – With growing cyber security threats everyone in your organisation needs multi-factor authentication tailored to their specific access needs and the risk profile of their role. Check out SecurEnvoy’s free guide now.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Synthetic voices, ChatGPT reflections, and social skirmishes
15 februari 2023 |
50 min
AI-generated voices are weaponised by online trolls, how ChatGPT reflects who we are as a society, and social media is in the firing line again.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- ‘Disrespectful to the Craft:’ Actors Say They’re Being Asked to Sign Away Their Voice to AI - Vice.
- AI-Generated Voice Firm Clamps Down After 4chan Makes Celebrity Voices for Abuse - Vice.
- Video Game Voice Actors Doxed and Harassed in Targeted AI Voice Attack - Vice.
- ChatGPT Can Be Broken by Entering These Strange Words, And Nobody Is Sure Why - Vice.
- My Strange Day With Bing’s New AI Chatbot - Wired.
- We asked ChatGPT to write performance reviews and they are wildly sexist (and racist) - Fast Company.
- How social media affects teen mental health: a missing link - Nature.
- California bill to let parents sue social media gets second try - Bloomberg.
- How to protect children from big tech companies - Wall Street Journal.
- Three out of four parents say social media is a major distraction for students, according to new study - Phys.org.
- Remarks of President Joe Biden – State of the Union address as prepared for delivery - The White House.
- Why the past 10 years of American life have been uniquely stupid - The Atlantic.
- Now Mesa public schools are also declaring that they have failed in educating their children by suing social media - Techdirt.
- Seattle school district files laughably stupid lawsuit against basically every social media company for… ‘being a public nuisance’ - Techdirt.
- The evidence just doesn’t support any of the narratives about the harms of social media - Techdirt.
- Vasectomy - NHS.
- Birth of BASIC documentary - YouTube.
- Zero Waste Club reusable coffee filter - Peace with the Wild.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
- DigiCert – DigiCert’s Trust Lifecycle Manager sets a new bar for unified management of digital trust.
- SecurEnvoy – With growing cyber security threats everyone in your organisation needs multi-factor authentication tailored to their specific access needs and the risk profile of their role. Check out SecurEnvoy’s free guide now.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Jail after VPN fail, criminal messaging apps, and wolf-crying watches
8 februari 2023 |
66 min
When Ubiquiti suffered a hack the world assumed it was just a regular security breach, but the truth was much stranger... why are police happy that criminals keep using end-to-end encrypted messaging systems... and why is the Apple Watch being accused of crying wolf?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Plus don't miss our featured interview with SecurEnvoy's Chris Martin.
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored by:
- Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
- NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.
- SecurEnvoy - With growing cyber security threats everyone in your organisation needs authentication tailored to their specific access needs and the risk profile of their role. Check out SecurEnvoy's free guide now.
Episode links:
- Ubiquiti tells customers to change passwords after security breach - ZD Net.
- “No way out” trailer - YouTube.
- Ubiquiti sues journalist, alleging defamation in coverage of data breach - Ars Technica.
- Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack - Bitdefender.
- Final Thoughts on Ubiquiti - Krebs on Security.
- Former Employee Of Technology Company Pleads Guilty To Stealing Confidential Data And Extorting Company For Ransom - Department of Justice.
- Dutch Police Read Messages of Encrypted Messenger 'Exclu' - Vice.
- Shock and applause for Apple Watch's chilling real-life emergency call ad - Campaign Live.
- 911 call made from Apple Watch of Washington woman buried alive released - Yahoo! News.
- Apple Watch 8 series save yet another life - Live Mint.
- Some first responders are asking iPhone users to disable Emergency SOS and crash detection due to influx of false positives - 9to5mac.
- Emergency SOS via satellite available today on the iPhone 14 lineup in the US and Canada - Apple.
- Inoreader.
- ”The Social Life of Animals” by Ashley Ward - Amazon.
- Black Butterflies - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
ChatGPT and the Minister for Foreign Affairs
1 februari 2023 |
53 min
Could a senior Latvian politician really be responsible for scamming hundreds of "mothers-of-two" in the UK? (Probably not, despite Graham's theories...) And should we be getting worried about the AI wonder that is ChatGPT?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Plus don't miss our featured interview with DigiCert’s Brian "PKI" Trzupek.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Artis Pabriks.
- ‘I left my partner and lost £80,000 to a fake Facebook romance’: Manchester mum’s warning over catfishing scam - Manchester World.
- 'I know I have been a fool but these are the things we do for love', says mum duped out of £80k by Facebook lover - Manchester Evening News.
- Amazon Warns Employees to Beware of ChatGPT - Gizmodo.
- ChatGPT's soaring popularity has added $5 billion to the wealth of Nvidia's founder as Wall Street bets on AI boom for the chipmaker - Business Insider.
- ChatGPT raises red flags by acing MBA exam.
- ChatGPT passes exams from law and business schools - CNN.
- I asked ChatGPT how to negotiate a raise. Career coaches said I'd probably get one by following the AI chatbot's steps and script - Business Insider.
- Real estate agents say they can’t imagine working without ChatGPT now - CNN.
- Science journals ban listing of ChatGPT as co-author on papers - The Guardian.
- Blakes 7 Bot - an automated bot that posts lines of dialogue from Blakes 7.
- Yarn - Find video clips by quotes.
- The New Gurus Podcast - BBC Sounds.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
- DigiCert – DigiCert’s Trust Lifecycle Manager sets a new bar for unified management of digital trust.
- Sealit – Zero Trust Data Protection: protect, share, and monitor confidential emails and files – without passwords. Integrated with Gmail, Outlook, and file systems. Learn more and take advantage of Sealit’s special offer to “Smashing Security” listeners.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
No Fly lists, cell phones, and the end of ransomware riches?
25 januari 2023 |
51 min
What are prisoners getting up to with mobile phones? Why might ransomware no longer be generating as much revenue for cybercriminals? And how on earth did an airline leave the US government's "No Fly" list accessible for anyone in the world to download?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored by:
- Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
- ManageEngine PAM360 – A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.
- NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.
Episode links:
- The Complete Idiot's Guide to Writing Erotic Romance - Amazon.
- The Many Ingenious Ways People in Prison Use (Forbidden) Cell Phone - The Marshall Project.
- How Did They Run an Elaborate “Sextortion” Scam From Prison? Cellphones - The Marshall Project.
- Alarm Over Death Row Cell Phone Threats - CBS News.
- How to completely own an airline in 3 easy steps - Maia arson crimew.
- U.S. airline accidentally exposes ‘No Fly List’ on unsecured server - Daily Dot.
- Cyber-crime gangs' earnings slide as victims refuse to pay - BBC.
- Ransomware Revenue Down As More Victims Refuse to Pay - ChainAnalysis.
- Leaked Ransomware Docs Show Conti Helping Putin From the Shadows - Wired.
- Luxe Listings Sydney trailer - YouTube.
- Luxe Listing Sydney - Wikipedia.
- Matt Shearer WBZ - Twitter.
- Hot Skull - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Norton unlocked, and police leaks
18 januari 2023 |
39 min
Carole is in her sick bed, which leaves Graham in charge of the good ship "Smashing Security" as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information.
Find out more in this latest edition of the "Smashing Security" podcast, hosted by Graham Cluley with special guest BJ Mendelson.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Operation Protect the Innocent - LA Police Department.
- A Police App Exposed Secret Details About Raids and Suspects - Wired.
- ODIN Intelligence website is defaced as hackers claim breach - TechCrunch.
- Norton LifeLock says thousands of customer accounts breached - TechCrunch.
- Ugh! Norton LifeLock password manager accounts accessed by hackers - Graham Cluley.
- Reports: Twitter’s sudden third-party client lockouts were intentional - Ars Technica.
- Spring app - Twitter.
- Spring app - Mac App Store.
- Mona app - Mastodon.
- Tulsa King trailer - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
- ManageEngine PAM360 – A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.
- DigiCert - DigiCert's Trust Lifecycle Manager sets a new bar for unified management of digital trust.
Support the show:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Oxford's dating disaster, cheap security robots, and faking a suicide
11 januari 2023 |
51 min
Someone called OxShagger thinks he has come up with the perfect Valentine's surprise for Oxford students, but is the way he has gone about "bookworms with benefits" really a good idea? Robot security guards are trundling the streets of - you guessed it - America. And a writer of paranormal bully romances (no, we don't know what that means either) returns from the grave...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Andrew Agnês.
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored by:
- Bitwarden - Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
- ManageEngine PAM360 - A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.
- NordLayer - NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.
Episode links:
- Dating site for horny Oxford students slammed for privacy violations - Cherwell.
- OxShag will not be running this term as creator says they ‘made some poor choices’ - The Oxford Tab.
- Dysfunctional: OxShag to shut down amid controversy - Cherwell.
- Oxford University dating website for staff and students shut down after ‘huge data breach’ - The Times.
- CES 2023 Robots: Humanoid Helpers, Coding Pups and Farming Planters - CNet.
- One of America's most hated companies hired a security robot. It didn't go well - ZDNet.
- Robot security downtown getting lots of attention, KHON2 News - YouTube.
- 4 New Contracts for 8 Machines to Kick Off New Year at Knightscope - Knightscope.
- Why was Susan Meachen bullied in 2020? - Reddit.
- Fan outrage at Susan Meachen, the romance novelist accused of faking her death - BBC.
- The Book Community Thought This Author Died. Now, It Seems Her Suicide Was a Hoax - Rolling Stone.
- Vampire Survivors - Steam.
- Vampire Survivors trailer - YouTube.
- Vampire Survivors, a cheap, minimalistic indie game, is my game of the year - Ars Technica.
- Rewind.
- Rewind support article on the importance of consent - Rewind.
- Air Lounger - Orsen.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Secret Roomba snaps, Christmas cab scams, and the future of AI
21 december 2022 |
48 min
Beware your Roomba's roving eye, the Finns warn of AI threats around the corner, and watch out when hailing a taxi cab in Dublin...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook? - MIT Technology Review.
- Building Smart Robots Requires Responsible Development - Roomba CEO Colin Angle on LinkedIn.
- OpenAI predicts biz can break a billion in revs by 2024 - The Register.
- The security threat of AI-enabled cyberattacks (PDF) - The Finnish Transport and Communications Agency, Traficom.
- Ireland Christmas weather ‘roller-coaster’ amid new ‘Beast from the East’ threat - Irish Mirror.
- Christmas revellers warned about sophisticated taxi scam as €300,000 is stolen from victims - MSN.
- Taxi cab scam has cleaned out €300,000 from bank accounts of victims - Irish Independent.
- “La Cabina” - YouTube.
- “Last and First Men” by Olaf Stapledon - Wikipedia.
- ”The other side of night” by Adam Hamdy - Pan MacMillan Press.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Lensa AI, and a dog called Bob
14 december 2022 |
55 min
Drug dealers come unstuck while using the Encrochat encrypted-messaging app, and we put the Lensa AI avatar-generation tool under the microscope.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Plus - don't miss our featured interview with Rico Acosta, IT manager at Bitwarden.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Smashing Security 229: Dating leaks, right to repair, and a stinky bishop - Smashing Security.
- Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall - The Register.
- Operation Venetic: Pet dog and accidental selfies help convict international drugs traffickers - NCA.
- What does the Lensa AI app do with my self-portraits and why has it gone viral? - The Guardian.
- Lensa, the AI portrait app, has soared in popularity. But many artists question the ethics of AI art - NBC News.
- I Uploaded Photos of Myself to the New Lensa A.I. Portrait Generator. The Results Were Stunning, Strange… and Super Creepy - Artnet.
- People keep sharing their AI-generated portraits: What to know about Lensa, and why some push back on it - USA Today.
- How Is Everyone Making Those A.I. Selfies? - New York Times.
- Lensa AI: Security concerns regarding app behind colourful selfies on social media - The National News.
- ‘Magic Avatar’ App Lensa Generated Nudes From My Childhood Photos - Wired.
- Celebrities Are Obsessed With This Amazing New AI Portrait App - Hello Giggles.
- This AI Self-Portrait App is Taking Over the Internet - Medium.
- Wednesday Shows Off Her Moves - YouTube.
- ‘Wednesday’ faces backlash over Jenna Ortega’s COVID dance scene - NME.
- Channel Television Disco Dancin' Final - YouTube.
- Sticky Pickles.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
AI chatbot or the start of Skynet? Eufy privacy, and hot desks
7 december 2022 |
56 min
An AI chatbot is causing a stir - both impressing and terrifying users in equal measure. A security researcher discovers that a "smart" cam that doesn't use the internet is err.. using the internet. And university students revolt over under-the-belt surveillance.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- While anticipation builds for GPT-4, OpenAI quietly releases GPT-3.5 - TechCrunch.
- OpenAI upgrades GPT-3, stunning with rhyming poetry and lyrics - Ars Technica.
- GPT-3.5 finds a security vulnerability - Twitter.
- Mind-Blowing examples of OpenAI ChatGPT for Security, Infosec & Hacking - YouTube.
- OpenAI's new ChatGPT bot: 10 dangerous things it's capable of - Bleeping Computer.
- What GPT-3.5 really thinks about us humans - Twitter.
- We asked GPT-3.5 to write a story about the “Smashing Security” hosts - Twitter.
- GPT-Chat - OpenAI.
- Researcher Paul Moore questions Eufy about its privacy - Twitter.
- Eufy’s “local storage” cameras can be streamed from anywhere, unencrypted - Ars Technica.
- Eufy privacy statement - Eufy.
- ‘NO’: Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them - Vice.
- Max Von Himmel Twitter Feed - Twitter.
- It’s Not Science, Just Surveillance (and it's Under Your Desk) - TWC newsletter.
- Northeastern University - Northeastern University homepage.
- Space Management Platform - Spaceti homepage.
- Twitter is going great!
- Pennyworth - IMDB.
- BBC Maestro.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Interplanetary file systems, iSpoof, and don't delete Twitter
30 november 2022 |
65 min
Why deleting your Twitter account may be a very bad idea, how the police unravelled the iSpoof fraud gang, and a trip into outer space (or at least interplanetary file systems).
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original show co-host Vanja Švajcer.
What an amazing 6 years of bickering it has been… thanks to all of you who have tuned in, appeared on the show, or supported us! 🙏
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Smashing Security #001: “One cup, two hotel guests” - YouTube.
- Whoopi Goldberg Quitting Twitter: “As Of Tonight I’m Done” - Deadline.
- Stephen Fry Joins Celebrity Twitter Exodus, Says “Goodbye” With Scrabble Message - Deadline.
- Twitter Users Warned Not To Delete Their Accounts - Here’s Why - Forbes
- How to deactivate your account - Twitter.
- InterPlanetary File System - Wikipedia.
- Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns - Cisco Talos.
- Decentralized IPFS networks forming the 'hotbed of phishing' - The Register.
- UK police arrest 120 in largest-ever cyber fraud crackdown - Computer Weekly.
- Grote spoofingdienst uit de lucht gehaald door internationale samenwerking - Politie.nl.
- Received a text from the Metropolitan Police about iSpoof? - Cel solicitors.
- iSpoof' service dismantled, main operator and 145 users arrested - Bleeping Computer.
- iSpoof: What is iSpoof and how did police take down scam call site linked to 200,000 victims? - The Scotman.
- Listen to the message the Met Police left on the iSpoof gang’s Telegram channel - Twitter.
- Scrotum Concealment - Spy Museum.
- The CIA's Fake Scrotum That Hid a Radio - YouTube.
- Blitzed! (2020) - IMDB.
- Watch Blitzed: The 80s Blitz Kids Story - NOW TV.
- Bob Dylan on the Songs That Captivate and Define Us - New York Times.
- Bob Dylan Gets Tangled Up in Book Autograph Controversy- New York Times.
- Bob Dylan apologises for machine-printed 'signatures' - BBC News.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
EV charging risks, FTX, and an ancient apocalypse
23 november 2022 |
57 min
Deepfake shenanigans strike users of troubled crypto firm FTX, the perils of charging your electric vehicle, and is Microsoft's takeover of Activision good news for video game fanatics.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes of AMTSO.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Larry David promotes FTX in Superbowl ad - YouTube.
- Crypto giant FTX collapses into bankruptcy - BBC News.
- FTX's new CEO: "Never in my career have I seen such a complete failure" - CBS News.
- Tom Brady, Giselle Bündchen, Larry David & Steph Curry Caught In FTX Crypto Fallout With Class Action Suit - Deadline.
- Bankman-Fried's FTX, senior staff, parents bought Bahamas property worth $300 milion - Reuters.
- Tweet showing Sam Bankman-Fried deepfake scam - Twitter.
- FTX Founder Deepfake Offers Refund to Victims in Verified Twitter Account Scam - Vice.
- Crypto.com CEO admits company accidentally sent 320,000 ETH ($416 million) to another crypto exchange a few weeks prior - Web3 is going great.
- Sandia studies vulnerabilities of electric vehicle charging infrastructure - Sandia Labs.
- Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defenses - MDPI.
- Shocker: EV charging infrastructure is seriously insecure - The Register.
- Microsoft to acquire Activision Blizzard to bring the joy and community of gaming to everyone, across every device - Microsoft.
- Gaming for everyone, everywhere: our view on the Activision Blizzard acquisition - Microsoft.
- Video gaming market leaders - Statistics & Facts - Statista.
- Microsoft says UK influenced by Sony in probing Activision Blizzard deal - Reuters.
- Can Big Tech Get Bigger? Microsoft Presses Governments to Say Yes -New York Times.
- Microsoft Reveals Sony’s Activision Deal Is Blocking ‘Call Of Duty’ From Game Pass - Forbes.
- EU to launch advanced Microsoft-Activision probe - Politico.
- Microsoft / Activision Blizzard merger inquiry - Gov.uk.
- Microsoft Buying Activision Blizzard Might Be Good For Gamers, But Bad for Developers - Time.
- A Day in London 1930s in colour - YouTube.
- Ancient Apocalypse - Netflix.
- Ancient Apocalypse is the most dangerous show on Netflix - The Guardian.
- How to Draw Large Pictures with Da Vinci Eye -Youtube.
- Da Vinci Eye: AR Art Projector - Apple app store.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Pentera – Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Housing market scams, Twitter 2FA, and the fesshole
16 november 2022 |
71 min
Elon Musk is still causing chaos at Twitter (and it's beginning to impact users), are scammers selling your house without your permission, and Google gets stung with a record-breaking fine.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Plus don't miss our featured interview with Pentera's Shakel Ahmed talking about automating continuous cyber defence validation.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Graham offers Dave Bittner some advice on “Welcome Datacomp”... in 1995! - Usenet.
- Elon Musk apologises to users for Twitter being slow - Twitter.
- Former Twitter employee doesn’t think Elon Musk knows what he’s talking about - Twitter.
- Eric Frohnhoefer says Elon Musk is wrong - Twitter.
- Twitter engineer calls out Elon Musk for technical BS in unusual career move - The Register.
- Elon Musk says that he is turning off microservices “bloatware” - Twitter.
- Twitter’s SMS Two-Factor Authentication Is Melting Down - Wired.
- Elon only trusts Elon - Platformer.
- Elon’s paranoid purge - Platformer.
- Google to pay nearly $400 million over deceptive location tracking practices - The Record.
- Follow Smashing Security on Mastodon.
- South Bay Man Pleads Guilty to Participating in a Multimillion-Dollar Real Estate Scam Involving Fake Open Houses at Not-for-Sale Homes - Justice.gov.
- A South Bay man accepted hundreds of offers from open houses. But the homes weren’t for sale - LA Times.
- The typing of the Regex.
- Fesshole - Twitter.
- If Books Could Kill - Apple Podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Pentera – Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Mastodon 101, and the Hushpuppi saga
9 november 2022 |
44 min
Graham offers some security and privacy advice for those exodusing Twitter to Mastodon, and Carole slams the door shut on a notorious scammer with a huge Instagram following.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who aren't joined by a guest this week.
Warning: This podcast may contain nuts, adult themes, some snorting, and rude language.
Episode links:
- Mastodon: What you need to know for your security and privacy - Graham Cluley.
- Follow Graham Cluley on Mastodon.
- Hushpuppi: Notorious Nigerian fraudster jailed for 11 years in US - BBC.
- Influencer involved in $1.1 million Qatar school financing scam jailed - Alarabiya.
- Influencer ‘Ray Hushpuppi’ jailed over plan to launder $300m - The Guardian.
- Hushpuppi’s wife, Imams write judge as US court sentences fraudster today - Premium Times.
- Living trailer - YouTube.
- Kleo - Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Sealit - Zero Trust Data Protection: protect, share, and monitor confidential emails and files - without passwords. Integrated with Gmail, Outlook, and file systems. Learn more and take advantage of Sealit's special offer to "Smashing Security" listeners.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Twitter turmoil, AI animal chatters, and metaverse at work
2 november 2022 |
55 min
Twitter has a new chief twit in the form of Elon Musk and he's causing problems, scientists say artificial intelligence may help us communicate with animals, and is the office of the future set in the metaverse?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Warning: This podcast may contain nuts, adult themes, dolphin noises, and rude language.
Episode links:
- Twitter employees are sleeping on the office floor to meet Elon Musk’s deadlines - The Verge.
- Elon Musk shows what being Chief Twit is all about across weird weekend - The Register.
- Pranksters pretending to be laid-off Twitter employees leave San Francisco HQ - YouTube.
- Twitter Limits Content-Enforcement Work as US Election Looms - Bloomberg.
- Twitter’s Yoel Roth comments on the firm’s trust and safety staff having their access to moderation and enforcement tools frozen - Twitter.
- Paul Pelosi Conspiracy Theory Trends on Twitter After Elon Musk Pushes It - Rolling Stone.
- Yoel Roth describes how Twitter will warn users of misleading information - Twitter.
- Yoel Roth describes “surge in hateful conduct on Twitter” - Twitter.
- The Demise of Digg: How an Online Giant Lost Control of the Digital Crowd - Harvard.
- Follow Graham on Mastodon.
- How tech is helping us talk to animals - Vox.
- “The Sounds of Life: How Digital Technology Is Bringing Us Closer to the Worlds of Animals and Plants” - Book by Karen Bakker.
- Project CETI - The Cetacean Translation Initiative. Not to be mixed-up with Project SETI.
- The Dark Side Of VR - The Intercept.
- The Metaverse Is the Ultimate Surveillance Tool - Vice.
- What I Learned From Diving Headfirst Into The Metaverse - CNN.
- Zuckerberg thinks the metaverse is the future of work. So what will this look like? - Smart Company.
- Is the Metaverse Really the Future of Work? An Unbiased Investigation - Gizmodo.
- How to Turn Off the “Sign in with Google” Prompt on Websites - How-To Geek.
- Julia Davis and the Russian Media Monitor - Twitter.
- Weiner Staatsoper Opera House.
- Emojis instead of emotions in Simon Stone's Traviata in Vienna – BackTrack.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Akamai – Make the most of Cybersecurity Awareness Month by connecting with Akamai’s experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day?
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Slushygate, sextortion, and nano-targeting
26 oktober 2022 |
52 min
What is slushygate and how does it link to sextortion in the States? What is the most impersonated brand when it comes to delivering phishing emails? And what the flip is nano-targeting?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by fan favourite Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
No contortionists were hurt during the making of this episode.
Episode links:
- Memorandum of sentencing of Bryan Wilson - United States District Court Western District Court of Kentucky at Louisville.
- Accurint for Law Enforcement - LexisNexis.
- LexisNexis illegally collected and sold people's personal data, lawsuit alleges - CBS News.
- Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos - Bitdefender.
- Congress should consider enhancing protections around scores used to rank consumers (PDF) - Government Accountability Office.
- Online Shoppers Beware: Scammers Most Likely to Impersonate DHL - Check Point.
- Why Am I Seeing That Political Ad? Check Your ‘Trump Resistance’ Score - New York Times.
- I Got Access to My Secret Consumer Score. Now You Can Get Yours, Too - New York Times.
- Mixed Idioms.
- Apollo Remastered.
- Cosmic Background.
- Death of an Artist - Pushkin podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Sealit - Zero Trust Data Protection: protect, share, and monitor confidential emails and files - without passwords. Integrated with Gmail, Outlook, and file systems. Learn more and take advantage of Sealit's special offer to "Smashing Security" listeners.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Virgin trains swindler, cyber clowns, and AirTag election debacle
19 oktober 2022 |
70 min
Someone's election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany, and a swindler steals a fortune due to trains being delayed.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by runZero's Chris Kitsch.
Plus don't miss our featured interview with Akamai's Patrick Sullivan talking about how retailers can better thwart bots this holiday season.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- The rundown on becoming runZero: What I learned rebranding a company - Chris Kirsch on the runZero blog.
- Tweet by Melissa Shusterman - Twitter.
- Apple AirTag Used To Find Over 100 Stolen Democratic Campaign Signs, Police Say - Forbes.
- Wie eine russische Firma ungestört Deutschland hackt - ZDF Magazin Royale on YouTube.
- German cybersecurity chief investigated over Russia ties - AP News.
- German cybersecurity chief sacked following reports of Russia ties - The Guardian.
- Fraudster swindled Virgin Trains out of £116,000 in 'sophisticated' scam - MSN.
- Virgin Trains worker, 37, swindled rail firm out of £116,000 in 'delay and repay' compensation scam by photoshopping tickets to exploit flaw in system - Daily Mail.
- Train delays:How to claim if it's late or cancelled - Money Saving Expert.
- How many trains arrive on time - Gov.uk.
- Employee swindled Virgin Trains out of £116,000 in delay and repay compensation scam - Birmingham Mail.
- Fat Bear Week 2022.
- ‘Fat Bear Week’ Hit By Voter-Fraud Attempt - Rolling Stone.
- PimEyes - Face search engine.
- The Fear of God: 25 Years of the Exorcist - BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Akamai – Make the most of Cybersecurity Awareness Month by connecting with Akamai’s experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day?
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Massive crypto bungle, and the slave scammers
12 oktober 2022 |
39 min
A couple unexpectedly find $10.5 million in their cryptocurrency account, and in Cambodia people are being forced to commit pig-butchering scams.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are flying solo again this week.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- DeFi bug accidentally gives $90 million to users, founder begs them to return it - CNBC.
- Compound boss begs users to return $90 million worth of cryptocurrency they were accidentally gifted - Robert Leshner on Twitter.
- Couple mistakenly given $10.5m from Crypto.com thought they had won contest, court hears - The Guardian.
- Mother accused of spending spree after mistakenly receiving $10 million in crypto bungle heads to trial - 9 News.
- Sold to gangs, forced to run online scams: inside Cambodia’s cybercrime crisis - The Guardian.
- ZÈRTZ game.
- ZÈRTZ - Wikipedia.
- GIPF project - Wikipedia.
- The Capture - BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Trussterflucks and eBay stalking
5 oktober 2022 |
40 min
Has new UK prime minister Liz Truss been careless with her mobile phone, and hear the most extraordinary story of corporate cyberstalking.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by nobody for reasons that will become obvious.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths - Graham Cluley.
- Two Former eBay Executives Sentenced to Prison for Cyberstalking - US Department of Justice.
- Jonathan Pie: Welcome to Britain. Everything is Terrible - NYT Opinion.
- UK Supermarket’s Loans-for-Groceries Offer Attracts Huge Take Up - Bloomberg.
- Liz Truss' mobile number is being sold online for £6.49 - Daily Mail.
- How to Cook a Soft Boiled Egg Perfectly Every Time - YouTube.
- 11 Best Twitter Bots to Follow to Boost Productivity - Gadgetshouse.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Akamai - Make the most of Cybersecurity Awareness Month by connecting with Akamai’s experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day?
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Deepfake dangers, AI image opt out, and controlling your urges
28 september 2022 |
56 min
Anti-porn "shameware" apps take a privacy pounding, is your image already being used by AI, and deepfake danger continues to deepen.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps - WIRED.
- Covenant Eyes.
- Sick and tired of trying to quit porn? You’re not alone - Covenant Eyes promotional video.
- Fortify.
- AI Is Probably Using Your Images and It's Not Easy to Opt Out - Vice.
- ISIS Executions and Non-Consensual Porn Are Powering AI Art - Vice.
- Have I been trained?
- The Deepfake Danger: When It Wasn’t You On That Zoom Call - CSO Online.
- Deepfake Audio Has A Tell – Researchers Use Fluid Dynamics To Spot Artificial Imposter Voices - The Conversation.
- Deephy: On Deepfake Phylogeny - Cornell University.
- On The Horizon: Interactive And Compositional Deepfakes - Microsoft.
- Detect DeepFakes: How to counteract misinformation created by AI - MIT University.
- New Deepfake Threats Loom, Says Microsoft’s Chief Science Officer - Venture Beat.
- The Joy of Sets - BBC Archive.
- Steam Deck.
- Am I Being Unreasonable? - BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- The Cyber Security Inside podcast – Relevant cybersecurity topics in clear, easy-to-understand language. With every episode, you’ll walk away smarter about cybersecurity, and have fun while you’re at it!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Uber, Rockstar, and crystal balls
21 september 2022 |
64 min
Researchers reveal how your eyeglasses could be leaking secrets when you're on video conferencing calls, we take a look at the recent data breaches involving Uber and Grand Theft Auto 6, and we cast an eye at what threats may be around the corner...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.
Plus - don't miss our featured interview with Sal Aurigemma, the faculty director of the Master of Science in Cyber Security program at the University of Tulsa.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- “Iain Exotic”, Iain Thomson’s dress-up homage to Joe Exotic, the Tiger King - Twitter.
- “Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing” - Research paper by Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, and Kevin Fu.
- “We saved you a seat in chat” - Rather large text on the Twitch website.
- Stalker zoomed in on Japanese idol’s eyes to find out where she lived - Graham Cluley.
- Uber is looking for more security staff - Twitter.
- Uber explains how it was pwned this month, points finger at Lapsus$ gang - The Register.
- Uber’s hacker *irritated* his way into its network, stole internal documents - Graham Cluley.
- Security update - Uber.
- Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist - The Register.
- Cybersecurity Awareness Month - CISA.
- The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats - ZDNet.
- U.S. Government Spending Billions on Cybersecurity - Hacker News.
- The Mitchells vs The Machines trailer - YouTube.
- The Mitchells vs The Machines - Netflix.
- NASA is ready to knock an asteroid off course with its DART spacecraft - New Scientist.
- DART’s Small Satellite Companion Takes Flight Ahead of Impact - NASA.
- Search and find UK Defibrillator Locations near you now - HeartSafe.
- Apply for a part funded Public Access Defibrillator - British Heart Foundation.
- Defibrillator guide for first time buyers - St John’s Ambulance.
- Every school will have a life-saving defibrillator by 22/23 - Gov.UK.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Pentera - Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Printer peeves, health data hangups, and Twitter tussles - with Rory Cellan-Jones
14 september 2022 |
57 min
How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rory Cellan-Jones.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Dynamic Cartridge Security - disable please - Angry customers complain on HP support forum.
- Update now! Many HP printers affected by three critical security vulnerabilities - MalwareBytes.
- HP will pay customers for blocking non-HP ink cartridges in EU - Bleeping Computer.
- HP and Euroconsumers settle on Dynamic Security - Euroconsumers.
- Ink cartridges are a scam - YouTube.
- Why printer ink is so expensive - Insider.
- Trying to print something - YouTube.
- UK Biobank - why won't GPs share data? - Rory’s Always On Newsletter.
- Another data sharing fiasco - Rory's Always On Newsletter.
- Tweet by Kate Bingham - Twitter.
- The Twitter Whistleblower Needs You to Trust Him - Time.
- Twitter denies whistleblower payout violates Musk’s takeover deal - MSN.
- Elon Musk earns a split decision in Delaware court - The New York Times.
- Twitter’s whistleblower has pitched up at a very inconvenient moment - The Guardian.
- Damning claims about Twitter’s bots and security lapses are ‘a false narrative,’ says CEO - The Verge.
- The Spectator’s Guide to the Elon Musk–Twitter Fight - Slate.
- Don't F*** with Paste - Firefox browser addon
- Don't F*** with Paste - Chrome browser extension.
- Stasi Museum, Berlin.
- How to with John Wilson - BBC.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- The Cyber Security Inside podcast - Relevant cybersecurity topics in clear, easy-to-understand language. With every episode, you’ll walk away smarter about cybersecurity, and have fun while you’re at it!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Chiquita banana, dumb criminals, and detecting ring binders
7 september 2022 |
51 min
Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- ‘The least safe day’: rollout of gun-detecting AI scanners in schools has been a ‘cluster,’ emails show - Motherboard.
- Gun detection AI the latest tech to make schools less safe - TechDirt.
- The unproven, invasive surveillance technology schools are using to monitor students - ProPublica.
- NYC Mayor considering a subway security system that can’t differentiate between a laptop and a handgun - Motherboard.
- Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire - Brian Krebs.
- USA vs Patrick McGovern-Allen (PDF) - Court Listener.
- Reports of romance scams hit record highs in 2021 - FTC.
- Meeting you was a fake: Investigating the increase in romance fraud during COVID-19 - Academic Research.
- This dating app fought scammers with bots… hilarity ensued - TechCrunch.
- She was 69. He Was Young, Hunky,,, and a Fraud - The Daily Beast.
- Gladbeck: The Hostage Crisis trailer – YouTube.
- Watch Gladbeck: The Hostage Crisis - Netflix.
- The Ocean Cleanup.
- We flooded our dating app with bots… to scam scammers - Medium.
- Craiyon.
- Carole’s attempt to ask Craiyon to draw Liz Truss eating a giant cupcake of Europe.
- Is this Graham eating a banana? Craiyon seems to think so.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Lost in translation, spiders, and slapping tortillas - with Mikko Hyppönen
31 augusti 2022 |
54 min
We're back from our summer break as we ask how did a cryptomining campaign stay unspotted for years, quiz special guest and infosec rockstar Mikko Hyppönen about his book, and ponder what spiders teach us about misinformation.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- The 20 Funniest Finnish Expressions (and How To Use Them) - Matador Network.
- Sophos punts anti-virus for Klingon - The Register.
- Helsinki named Klingon-speaking capital of the world – Naked Security.
- Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications - Check Point Research.
- If It's Smart It's Vulnerable - Book by Mikko Hyppönen.
- Psychological inoculation improves resilience against misinformation on social media -Science Advances.
- Let’s flatten the infodemic curve - WHO.
- The global spread of misinformation on spiders - Current Biology.
- A Journey Into Misinformation on Social Media - The New York Times.
- Google Looks to Vaccination to Combat Misinformation In Searches - The New York Times.
- Spiders Are Caught in a Global Web of Misinformation - The New York Times.
- The rock-paper-scissors/tortilla wrap game.
- DEF CON: The Documentary.
- Smashing Security Painting competition – Carole.wtf.
- Open Exhibition, Summer 2022 - Oxford Art Society.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hackers doxxed, Pornhub probs, and Co-op security measures
3 augusti 2022 |
53 min
Pornhub has a problem, the UK's Co-op supermarket is accused of big brother tactics, and we take a look at a security researcher's attempt to reveal the true identify of hackers.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Episode links:
- On security researcher's newsletter, exposing cybercriminals behind ransomware — CyberScoop.
- ‘Imma Make U Dig Ur Own Grave’: He Doxes Ransomware Hackers and Gets Death Threats in Return — Vice.
- Intrusion Truth - Five Years of Naming and Shaming China’s Spies — Kim Zetter.
- Who Is 'Intrusion Truth,' Group Exposing Alleged Chinese Hackers? — Daily Dot.
- The Leopards Eating People's Faces Party meme — Know Your Meme.
- Tweet by Bill Ackman.
- Judge Refuses Visa’s Request to Escape Pornhub-Related Lawsuit — The New York Times.
- How to Prevent and Handle Robberies and Theft in Retail — Vend Retail Blog.
- Abuse of shopworkers is on the rise – coronavirus brought it to our attention and now we need to act — The Conversation.
- ‘Tackling violence and abuse in retail must be one of the industry’s highest priorities’ — Retail Week.
- Convenience store spy cameras face legal challenge — BBC News.
- Looking back at the career of Bernard Cribbins — YouTube.
- Tribute to David Warner — YouTube.
- Webb Compare — John Christensen.
- Support Maria Varmazis on the Pan-Mass Challenge.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Uber's hidden hack, tips for travel, and AI accent fixes
27 juli 2022 |
68 min
Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial intelligence.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Paul Ducklin.
Plus don't miss our featured interview with Ian Farquhar of Gigamon.
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Episode links:
- Uber Enters Non-Prosecution Agreement Related to 2016 Data Breach — US Department of Justice.
- Former Uber Security Chief Joe Sullivan Must Face Driver Fraud Charges — Bloomberg.
- Uber to pay $148 million in data breach settlement — TechCrunch.
- Uber paid hackers $100,000 to keep data breach quiet — Graham Cluley.
- Uber CISO's trial underscores the importance of truth, transparency, and trust — CSO Online.
- 7 cybersecurity tips for your summer vacation! — Naked Security.
- Sanas demo.
- Sanas Raises $32M for Breakthrough AI Technology for Real-Time Accent Translation — Sanas press release.
- This 6-Million-Dollar AI Changes Accents as You Speak — IEEE Spectrum.
- Call centre workers can use AI to mimic your accent on the phone — New Scientist.
- A little less accent, a little more customer service — ComputerWorld.
- What Is Accent Reduction? — Accent Advisor.
- Compound pejoratives on Reddit – from 'buttface' to 'wankpuffin' — Colin Morris.
- Melissa computer virus — Wikipedia.
- Dedham Hall.
- 3D capture of Carole Theriault — Polycam.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden– Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?
- Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Most Wanted Missing CryptoQueen
20 juli 2022 |
43 min
In this special edition of the "Smashing Security" podcast, computer security veterans Graham Cluley and Carole Theriault welcome back author and journalist Jamie Bartlett - host of "The Missing CryptoQueen" podcast.
Jamie tells us about his new book, which shares more details about the disappearance of cryptocurrency scammer Dr Ruja Ignatova, and the subsequent hunt by law enforcement.
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Episode links:
- The Missing CryptoQueen podcast — BBC.
- The Missing CryptoQueen book — Penguin.
- Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted — BBC News.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
- Cyber Security Inside podcast -bringing you the most important and timely security topics as well as other industry experts for insightful conversations.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Disney's social dumpster fire, Anom phones, and TikTok tragedies
13 juli 2022 |
55 min
A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Plus don't miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services.
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Episode links:
- Official Disneyland Instagram Account Hacked This Morning! — The Disney blog.
- Disneyland social media accounts hacked, offensive messages posted — Hot for Security.
- We Got the Phone the FBI Secretly Sold to Criminals — Vice.
- Parents Sue TikTok, Saying Children Died After Viewing ‘Blackout Challenge’ — The New York Times.
- Lawmakers Want Social Media Companies to Stop Getting Kids Hooked — Wired.
- How Social Media Tricks Us Into Thinking We Are Paying Attention — Forbes.
- Facebook could be sued for addicting children under California bill — Ars Technica.
- Kids Are Using Social Media More Than Ever, Study Finds — New York Times.
- 2021 Facebook leak — Wikipedia.
- California Parents Could Soon Sue for Social Media Addiction — Gizmodo.
- Absurd Trolley Problems.
- Weird or Confusing.
- Google Quick, Draw!
- Unfinished London — Jay Foreman on YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- The Secure Developer – A conversational and insightful podcast, that bridges the gap between dev and sec, from Snyk.
- SolCyber - SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Raising money through ransomware, China's mega-leak, and hackers for hire
6 juli 2022 |
45 min
A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Episode links:
- Dutch university paid $220,000 ransom to hackers after Christmas attack — Graham Cluley.
- Remarkable development in investigation into Maastricht University cyberattack — Maastricht University.
- Dutch University profits from returned ransomware payment — The Register.
- Favorable exchange rate on a fake cryptoexchange — Kaspersky.
- Tweet from @cz_binance about mega-leak.
- Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack — Wall Street Journal.
- How mercenary hackers sway litigation battles — Reuters.
- Countering hack-for-hire groups — Google.
- The business of hackers-for-hire threat actors — TechRepublic.
- Fransdita Muafidin on Instagram.
- Giant Cats Disturbing Civilization — Geeks are sexy.
- Watch Good Luck to You, Leo Grande — Hulu.
- Good luck to you Leo Grande (Trailer) — YouTube.
- This is Love podcast.
- Cain's Jawbone — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Debug ransomware and win $1,000,000, period-tracking apps, and AI gets emotional
29 juni 2022 |
60 min
A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast.
Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin.
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Episode links:
- LockBit 3.0 introduces the first ransomware bug bounty program — Bleeping Computer.
- Fake copyright infringement emails install LockBit ransomware — Bleeping Computer.
- Why US women are deleting their period tracking apps — The Guardian.
- Privacy not included — Mozilla Foundation.
- The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant — Vice.
- Microsoft is removing emotion recognition features from its facial recognition tech — NBC News.
- Top 10 Emotional AI Examples in 2022 & Reasons for Success — AI Multiple.
- Analysis of Speech Features for Emotion Detection: A Review — IEEE Xplore.
- Microsoft's framework for building AI systems responsibly — Microsoft.
- The Swedish chemist shop sketch — As performed by Mel Smith and Rowan Atkinson on Not the Nine O'Clock News.
- Alley Cat — Wikipedia.
- Play Alley Cat — Internet Archive.
- Alley Cat Remeow Edition — Game Jolt.
- reMarkable.
- SOLAR podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Snyk - Find, prioritize, and fix security vulnerabilities in your code.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hot tub hijinx, and a sentient AI
22 juni 2022 |
40 min
Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Episode links:
- Hot Tub Time Machine trailer — YouTube.
- Hacking into the worldwide Jacuzzi SmartTub network — Eaton Works.
- SmartTub — Apple iOS App Store.
- SmartTub — Google Play store.
- Hot tub hack reveals washed-up security protection — BBC News.
- Google engineer Blake Lemoine thinks its LaMDA AI has come to life — The Washington Post.
- Google engineer put on leave after saying AI chatbot has become sentient — The Guardian.
- AI's most convincing conversations are not what they seem — The Register.
- Blake Lemoine's blog.
- Van Gogh Bristol Exhibition: The Immersive Experience.
- Van Gogh: The Immersive Experience — YouTube.
- The Inquiry — BBC World Service.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- Drata - Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
Support the show:
You can help the podcast by telling your friends and colleagues about "Smashing Security", and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Encrypted notes, and a deadly case of AirTag spying
15 juni 2022 |
37 min
How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/279 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
- Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
- Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too
- Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.
- Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
Links:
- Welsh James Bond Timothy Dalton's cello escape in "The Living Daylights" — YouTube.
- How a Saxophonist Tricked the KGB by Encrypting Secrets in Music — Wired.
- Woman accused of killing boyfriend using AirTag tracking — The Register.
- Andre Smith fatally struck by car outside Tilly's Pub, woman charged — Indy Star.
- Indianapolis woman Gaylyn Morris accused of tracking boyfriend with Apple AirTag, killing him with car, police say — The Washington Post.
- An update on AirTag and unwanted tracking — Apple.
- Apple Updates iPhone with 'Safety Check' for Domestic Victims — Gizmodo.
- Web3 is going just great.
- Audm - Listen to feature stories from The Atlantic, WIRED, and more.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Tim Hortons, avoiding sanctions, and good faith security research
8 juni 2022 |
40 min
Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.
Visit https://www.smashingsecurity.com/278 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- Snyk: Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
- Get started right now, with a free forever account, at snyk.co/smashing
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
- Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
Links:
- Double-double tracking: How Tim Hortons knows where you sleep, work and vacation — Financial Post.
- Report: Tim Hortons collected location data without consent — The Register.
- Joint investigation into location tracking by the Tim Hortons App — Office of the Privacy Commissioner of Canada.
- Mandiant: “No evidence” we were hacked by LockBit ransomware — Bleeping Computer.
- Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act — Dept of Justice.
- DOJ: Congress looked into CFAA updates but effort was stalled by extortion concerns — The Record.
- The (still) unanswered questions around the CFAA and ‘good faith’ security research — SC Magazine.
- Sex Education — Netflix.
- Forest fr1ends — Twitter.
- Inch Calculator.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Bad bots, cheeky ransoms, and good deepfakes
1 juni 2022 |
51 min
Ransom acts of kindness are top of our mind, as we also explore how bad bots are hogging more and more of the internet's activity, and look at how deepfakes could be a good thing after all.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].
Visit https://www.smashingsecurity.com/277 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Ray [REDACTED].
Sponsored By:
- Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
- Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
Links:
- Popcorn Time ransomware invites you to get ‘nasty’ to recover your files — Graham Cluley.
- Rensenware — Wikipedia.
- GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need — CloudSEK.
- Bad Bot Report — Imperva.
- Bad Bot Traffic Report: Almost Half of All 2021 Internet Traffic Was Not Human — CPO Magazine.
- Automated Threats - web applications — OWASP.
- Home Stallone [Deepfake] — YouTube.
- The Emergence of Deepfake Technology: A Review — ResearchGate.
- Positive Use Cases of Synthetic Media (aka Deepfakes) — Towards Data Science.
- Deepfake pornography could become an 'epidemic', expert warns — BBC News.
- Europol report finds deepfake technology could become staple tool for organised crime — Europol.
- Google quietly bans deepfake training projects on Colab — Bleeping Computer.
- Japanese man spends £12,500 on ultra-realistic dog costume so he can live like an animal — Daily Mail.
- Google Colab FAQ.
- Talky.
- The Relationship Between Valence and Chills in Music: A Corpus Analysis.
- Frisson: This playlist is scientifically verified to give you chills — Big Think.
- A Spotify playlist with 715 songs known to give people chills — Quartz.
- Songs to give you chills — Spotify playlist.
- Zen Motoring — BBC iPlayer.
- Ogmios School of Zen Motoring Ep 1 — YouTube.
- Zen School of Motoring: TV that will cleanse your spirit like meditation — The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Webcam extortion, Michael Fish, and food foul-ups
25 maj 2022 |
55 min
A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one...) hacked into his female classmates' online accounts, hunting for nude photos and videos.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/276 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.
- Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.
- Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
- Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
- Try Kolide Free for 14 Days; no credit card required.
- Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems.
- It can even tell you which machines are missing endpoint protection, from your local network to the cloud.
- Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run
Links:
- Vote for your favourite cybersecurity podcast in the European Security Blogger Awards!
- Michael Fish (the weatherman) — Wikipedia.
- "I wish I wish Michael Fish" by Rachel & Nicki — YouTube.
- "John Kettley (Is A Weatherman)" by The Tribe of Toffs — YouTube.
- Albany Man Sentenced to 111 Months for Stealing Nude Photos of Numerous Victims and Possessing Child Pornography — Department of Justice.
- Hijacking webcams with Screencastify — Almost Secure.
- Cyber security: Global food supply chain at risk from malicious hackers — BBC News.
- 4 Predictions for Food and Agriculture in 2022 — Food Logistics
- Risks of using AI to grow our food are substantial and must not be ignored, warn researchers — University of Cambridge.
- With food prices continuing to climb, UN warns of crippling global shortages — NPR.
- OutHorse Your Email.
- Solitary Bee Nesting Equipment — Mason Bees.
- Limelight — BBC Radio 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Jail for Bing, and mental health apps may not be good for you
18 maj 2022 |
66 min
A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker.
Plus don't miss our featured interview with Rumble's Chris Kirsch.
Visit https://www.smashingsecurity.com/275 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Chris Kirsch and Jessica Barker.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.
- Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.
- Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems.
- It can even tell you which machines are missing endpoint protection, from your local network to the cloud.
- Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run
Links:
- Angry IT admin wipes employer’s databases, gets 7 years in prison — Bleeping Computer.
- A closer look at Eternity Malware — Cyble.
- Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram — The Hacker News.
- Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains — BlackBerry.
- Top Mental Health and Prayer Apps Fail Spectacularly at Privacy, Security — Mozilla Foundation.
- Talkspace privacy & security guide — Mozilla Foundation.
- BetterHelp privacy & security guide — Mozilla Foundation.
- Dramatic growth in mental-health apps has created a risky industry — The Economist.
- Meltdown Three Mile Island — Netflix.
- The China Syndrome trailer — YouTube.
- Slow Horses — Apple TV+.
- Therapist Uncensored podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hands off my biometrics, and a wormhole squirmish
11 maj 2022 |
49 min
Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
And don't miss our featured interview with Artur Kane of GoodAccess.
Visit https://www.smashingsecurity.com/274 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Artur Kane.
Sponsored By:
- GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.
- Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.
- Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems.
- It can even tell you which machines are missing endpoint protection, from your local network to the cloud.
- Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run
- Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
- Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
- Try Kolide Free for 14 Days; no credit card required.
Links:
- Carl Sagan - Cosmos - Space Travel — YouTube.
- Wormhole.com
- 'Tired' Carl Sagan Fan Sells Wormhole.com to Crypto Giant Jump for $50K After Lawsuit — Decrypt.
- ACLU vs Clearview AI — American Civil Liberties Union.
- Clearview AI Offered Free Trials To Police Around The World — Buzzfeed News.
- US State Privacy Legislation Tracker — IAPP.
- The Secretive Company That Might End Privacy as We Know It — The New York Times.
- In Big Win, Settlement Ensures Clearview AI Complies With Groundbreaking Illinois Biometric Privacy Law — American Civil Liberties Union
- OwlKitty — YouTube.
- Review: The Balldo Made Me Rethink Sex in the Most Absurd Way Possible — Wired.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Password blips, and who's calling the airport?
4 maj 2022 |
50 min
We find out why calls to Dublin airport's noise complaints line have soared, and Carole quizzes Graham to celebrate World Password Day.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
And don't miss our special featured interview with Clint Dovholuk of NetFoundry.
Visit https://www.smashingsecurity.com/273 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Clint Dovholuk.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- NetFoundry: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.
- Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.
- No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.
- Learn more and try it for yourself at netfoundry.io/smashingsecurity/
Links:
- Houston Zoo asks FBI to investigate text-message attack — Houston Chronicle.
- Trunk calls for Rory Lion flood telephone lines — Irish Independent.
- Airport Noise & Noise Reports — Dublin Airport.
- Dublin Airport got 12,272 noise complaints last year from just one person — Irish Independent.
- Compromised Passwords Responsible for Hacking Breaches — Securelink.
- Verizon 2021 DBIR Results & Analysis — Verizon.
- Three random words — NCSC.
- What’s wrong with What3Words? — YouTube.
- Why What3Words is not suitable for safety critical applications — Cybergibbons.
- What3Words – The Algorithm — Cybergibbons.
- Why bother with What Three Words? — Terence Eden.
- River (TV series) — Wikipedia.
- Wearing shoes inside the house is gross – and there’s science to back that up — The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Going ape over the Kardashians, and the face of romance scams
27 april 2022 |
50 min
Members of The Bored Ape Yacht Club get that sinking feeling, a face unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the BBC's cyber correspondent Joe Tidy.
Visit https://www.smashingsecurity.com/272 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Joe Tidy.
Sponsored By:
- Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
- Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
- Try Kolide Free for 14 Days; no credit card required.
- NetFoundry: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.
- Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.
- No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.
- Learn more and try it for yourself at netfoundry.io/smashingsecurity/
Links:
- Jimmy Fallon and Paris Hilton show off their Bored Ape Yacht Club NFTs. — Twitter.
- NFTs Stolen After Bored Ape Yacht Club Instagram, Discord Hacked — CoinDesk.
- Image of scam posted on Bored Ape Yacht Club's Instagram account — Twitter.
- Bored Ape Yacht Club confirms it had two-factor authentication enabled — Twitter.
- Kardashians deny faking Roblox sex tape scene — BBC News.
- How an Army colonel became the face of romance scams around the world — Task and Purpose.
- Army Col. Daniel Blackmon: The accidental face of military romance scams — Task and Purpose.
- Daily Dorries — Twitter (parental discretion advised)
- Hacking the House: do MPs care about cyber-security? — BBC News.
- Rob Brydon's Directors Commentary — YouTube.
- "This Is How Michael Caine Speaks" from The Trip — YouTube.
- American Vigilante — Crowd Network.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Crypto break-in, Google blurring, and mics not muting
20 april 2022 |
51 min
A man loses $650,000 from his cryptocurrency wallet after his Apple iCloud account is hacked, video conferencing apps may not be muting your mic quite the way you imagined, and Google has unblurred military bases in Russia... or has it?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/271 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- NetFoundry: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.
- Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.
- No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.
- Learn more and try it for yourself at netfoundry.io/smashingsecurity/
- Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
- Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
- Try Kolide Free for 14 Days; no credit card required.
Links:
- Domenic Iacovone on Twitter.
- Learn A Geordie Accent - Newcastle Accent Tutorial — YouTube.
- Serpent explains the scam on Twitter.
- How an Apple iCloud Exploit Lost a Crypto Trader Over $650K — CNET.
- MetaMask advises its users to check their iCloud backup settings — Twitter.
- Scam message received by Graham from his niece's Instagram account.
- 19 Places On The Planet Google Earth Is Hiding From You — Travel Triangle.
- Google denies Ukrainian reports it unblurred satellite Maps imagery in Russia — The Verge.
- Buran shuttle — Google Maps.
- 'Mute' button in conferencing apps may not actually mute your mic — Bleeping Computer.
- You’re muted — or are you? Videoconferencing apps may listen even when mic is off — University of Wisconsin-Madison.
- Gerry Anderson: A Life Uncharted — BritBox.
- Gerry Anderson: A Life Uncharted trailer — YouTube.
- Bloodline — Netflix.
- Succession — HBO.
- Succession review – brilliant dissection of a dysfunctional dynasty — The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Bearded Barbie, EDR scams, and hobbyist crime detectives
13 april 2022 |
51 min
Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook - but why? Scammers have found a new way to gain access to your most sensitive information - but how? And armchair detectives are helping investigating cold cases involving DNA - but should they?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/270 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- Keeper Security: Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization.
- Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashing
Links:
- How Barbie's body size would look in real life — Daily Mail.
- Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials — Cybereason.
- Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” — Brian Krebs.
- What we know about the increase in U.S. murders in 2020 — Pew Research Center.
- The History of DNA: From Crime Scenes to Consumer Goods — University of West Florida.
- How an Unlikely Family History Website Transformed Cold Case Investigations — The New York Times.
- DNA Databases Are Boon to Police But Menace to Privacy, Critics Say — PEW.
- Philanthropists Push Police Searches of DNA Databases — The New York Times.
- Help solve crimes with your DNA — DNASolves.
- Hackers Attacked Two Leading Genetic Genealogy Websites — BuzzFeed.
- How to Pronounce Moët & Chandon? And WHY?! — YouTube.
- How to Pronounce Wednesday? (CORRECTLY) — YouTube.
- Julien Miquel on YouTube.
- Support Maria Varmazis as she raises money for Cancer Research — Pan-Mass Challenge.
- The House (2022 film) — Wikipedia.
- The House — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Trezor Deep Throat, a CCTV stalker, and Amazon's list of banned words
6 april 2022 |
50 min
There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.
Visit https://www.smashingsecurity.com/269 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoë Rose.
Sponsored By:
- Keeper Security: Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization.
- Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashing
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
Links:
- Trezor wallets hacked? Don’t be duped by phishing attack email — Graham Cluley.
- Tweet by Trezor.
- Ongoing phishing attacks on Trezor users — Trezor.
- Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said — The Record.
- Stalker used woman's own CCTV cameras to watch her at home — Liverpool Echo.
- Operation: SafeEscape.
- Work Trend Index: Microsoft’s latest research on the ways we work — Microsoft.
- Research: A Little Recognition Can Provide a Big Morale Boost — HBR.
- 50% of companies want workers back in office 5 days a week — CNBC.
- New Amazon Worker Chat App Would Ban Words Like “Union” — The Intercept.
- Trust No One — Netflix.
- Smashing Security episode 114: Darknet Diaries, death, and beauty apps — Where we discussed the mysterious case of Gerry Cotten and QuadrigaCX.
- Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty — Graham Cluley.
- Hamilton One Essential S1 Magicfold Premium Buggy — Kruidvat NL.
- Infantino 4-in-1 Flip Advanced Draagzak BK-05204 — Bol.
- Cosco Scenera Next Convertible Car Seat, Boulder — Canadian Tire.
- Literature Clock.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
LinkedIn deepfakes, doxxing Russian spies, and a false alarm
30 mars 2022 |
49 min
Strange goings-on on LinkedIn, Ukraine publishes a list of alleged Russian FSB agents, and police in Pittsburgh investigate an odd report of an active shooter.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.
Visit https://www.smashingsecurity.com/268 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- Keeper Security: Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization.
- Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashing
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
Links:
- North Korea tests its ‘largest intercontinental ballistic missile’ — YouTube.
- LinkedIn Professional Community Policies — LinkedIn.
- Community Report — LinkedIn.
- The latest marketing tactic on LinkedIn: AI-generated faces — NPR.
- List of FSB agents — Ukraine Ministry of Defence.
- How the Dutch foiled Russian 'cyber-attack' on OPCW — BBC News.
- Boris Nemtsov: Murdered Putin rival 'tailed' by agent linked to FSB hit squad — BBC News.
- Police: Autocorrected text triggered large police presence on Pittsburgh’s North Side — WPXI.
- Pickle me up: Hilarious autocorrect fails, from Krispy Koreans to wet, sloppy kids — Daily Mail.
- After Life — Netflix.
- After Life trailer — YouTube.
- "Time on Rock - A Climber's Route into the Mountains" by Anna Fleming — Canongate Books.
- Severance — Apple TV.
- Severance trailer — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Virtual kidnapping, two helipads, and a naughty Apple employee
23 mars 2022 |
54 min
A Russian bank tells its customers to stop installing security updates, an Apple employee ends up in hot water, and learn our tips to avoid being virtually kidnapped.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Visit https://www.smashingsecurity.com/267 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Anna Brading.
Sponsored By:
- Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
- Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
- Try Kolide Free for 14 Days; no credit card required.
- Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too
- Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.
- Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
Links:
- Smashing Security 263: Problèmes de Weefeee, AI artists, and Web 3.0 — In which Mark Stockley discusses the NFT he created in Smashing Security's honour.
- Graham or Carole? - Untitled Collection #173407394 — OpenSea.
- Mark Stockley reveals the Smashing Security NFT is being resold... for $3 million — Twitter.
- Секрет Шехерезады. Яхта Путина за 75 000 000 000 ₽ — YouTube (best watched with the subtitles on...)
- ‘Mysterious’: the $700m superyacht in Italy some say belongs to Putin — The Guardian.
- "The road from Moscow to Kyiv passes through Belgravia" — Video from Led By Donkeys, posted on Twitter.
- Burger King owner says operator in Russia refuses to shut shops — The Guardian.
- Pitcairn Islands relays most spam per person, reveals Sophos — Sophos.
- Pitcairn spam haven, North Korea definitely isn't — The Guardian.
- Sabotage: Code added to popular NPM package wiped files in Russia and Belarus — Ars Technica.
- Activists are targeting Russians with open-source "protestware" — MIT Technology Review.
- JavaScript library updated to wipe files from Russia systems — The Register.
- After ‘protestware’ attacks, a Russian bank has advised clients to stop updating software — The Verge.
- Irish petrol station offers 24-7 laundry service — Petrol Plaza.
- Clip from Mel Gibson movie "ransom", starring Mel Gibson — YouTube.
- FBI warns of ‘virtual kidnapping’ scheme executed on Miami couple — Local 10.
- FBI Chicago Warns Public About Virtual Kidnapping Scams — FBI.
- Former Employee Charged With Defrauding Apple, Money Laundering, And Tax Crimes — Department of Justice.
- U.S. charges former Apple buyer with defrauding more than $10 million from company — Reuters.
- Mandy — BBC iPlayer.
- Diane Morgan as Mandy — YouTube.
- Heardle — The daily musical intros game.
- Color wheel, a color palette generator — Adobe Color.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cyberflashing, Kaspersky, and secret spies
16 mars 2022 |
58 min
Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it's taking a hard line on cyberflashing.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.
Visit https://www.smashingsecurity.com/266 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Chris Kirsch.
Sponsored By:
- Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too
- Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.
- Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
Links:
- Kaspersky Has Close Ties to Russian Spies — Bloomberg.
- Kaspersky hit by new below-the-belt sauna spy attack — Graham Cluley.
- A practical guide to making up a sensation — Eugene Kaspersky.
- US intelligence chiefs don’t trust Kaspersky. But why? — Graham Cluley.
- UK cyber agency targets Kaspersky in warning on Russian software — Reuters.
- Group-IB founder arrested in Moscow on state treason charges — The Record.
- BSI warning about using Kaspersky.
- Kaspersky statement regarding the BSI warning — Kaspersky.
- Collateral Damage — on Cybersecurity — Open letter from Eugene Kaspersky.
- Apple's AirTag uncovers a secret German intelligence agency — Apple Insider.
- Bundesservice Telekommunikation — wie ich versehentlich eine Tarnbehörde in der Bundesverwaltung fand — Lilith Wittmann.
- Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter — Lilith Wittmann.
- Loophole in law means men will still get away with sending penis pictures — Cambridgeshire Live.
- Cyberflashing to be criminalised under new online safety bill — The Independent.
- ‘Cyberflashing’ to become a criminal offence — UK Government.
- Is there hidden sexual abuse going on in your school? — TES Magazine.
- 13 genius ways to respond to unsolicited dick pics — Cosmopolitan.
- Whatever Happened to Pizza at McDonald's?
- A Podcast Answers a Fast-Food Question That Nobody Is Asking — The New York Times.
- Forget Adnan and Richard Simmons, ‘Whatever Happened to Pizza at McDonald’s?’ Is the Mystery-Solving Podcast You Need — Vulture.
- Cook-Out on Oculus Quest — Oculus.
- Cook-Out: A Sandwich Tale trailer — YouTube.
- 100,000 Stars.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Nigerian supercop and Alexa vs. Alexa
9 mars 2022 |
54 min
The most famous policeman in Nigeria is in hot water over his links to Hushpuppi, has your Amazon Echo been talking to itself, and can an AI girlfriend save your marriage?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Plus don't miss our featured interview with Jason Meller of Kolide.
Visit https://www.smashingsecurity.com/265 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jason Meller.
Sponsored By:
- Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too
- Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.
- Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
- Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
- Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
- Try Kolide Free for 14 Days; no credit card required.
Links:
- Abba Kyari shows off that he has had a road named after him — Instagram.
- Birthday wishes for Abba Kyari — Instagram.
- Smashing Security episode 186: This one's for all the Karens! — In which we first discussed the Hushpuppi case.
- Adeola Fayehun discusses Abba Kyari's arrest — YouTube.
- Alexa Privacy – Learn how Alexa works — Amazon.
- Alexa vs Alexa (AvA).
- Amazon Alexa compromise possible through own speakers — The Register.
- The Rescue — Wikipedia.
- The Rescue — Apple TV.
- 'I fell in love with my AI girlfriend - and it saved my marriage' — Sky News.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacked car chargers, Telegram sextortionists, and secret bossware
2 mars 2022 |
48 min
Why might Russian EV chargers be displaying an anti-Putin message? Why are Telegram groups sharing sharing explicit images of women without their consent? And who is watching you in the workplace?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
Visit https://www.smashingsecurity.com/264 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jessica Barker.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
Links:
- Three ways you can help the people of Ukraine from the UK — The Guardian.
- How You Can Help Ukraine — London City Hall.
- Ukrainian Astronomers Named a Star 'Putin Is a D**khead' — The Atlantic.
- Video of hacked EV charger — AutoEnterprise on Facebook.
- Explanation for EV charger outage — Rosseti on Facebook.
- Russian Electric Vehicle Chargers Hacked, Tell Users ‘PUTIN IS A DICKHEAD’ — Vice.
- Roblox Currency ‘Robux’ Is Outperforming the Ruble — Vice.
- Why won’t Telegram take down my naked photos? — BBC News.
- Telegram revenge porn scandal: police investigate as more than 50 000 men share explicit content of women and underaged girls — Politika.
- Ex-Leeds student OnlyFans star rakes in £2m pouring beans on herself and pretending to be a giant — Leeds Live.
- Post Office scandal explained: Why a public inquiry is examining the Horizon sub-postmasters scandal — Inews.
- TUC warns against employee monitoring after Post Office scandal — Personnel Today.
- Post Office scandal: What the Horizon saga is all about — BBC News.
- I’ll be watching you - What is workplace monitoring? — TUC.
- TUC and legal experts warn of “huge gaps” in British law over use of AI at work — TUC.
- Intrusive worker surveillance tech risks “spiralling out of control” without stronger regulation, TUC warns — TUC.
- Kind of Bloop — An 8-Bit Tribute to Miles Davis' Kind of Blue.
- Space Force — Netflix.
- Who Won the US Military Vs. Space Force Trademark Dispute? — CBR.
- 'Space Force? Is that Real?' Guardians Still Struggling with an Unconvinced Public — Military.com.
- Yoga with Kassandra — YouTube.
- Five Parks Yoga w/ Erin Sampson — YouTube.
- YOGA UPLOAD with Maris Aylward — YouTube.
- Breathe and Flow — YouTube.
- Two Birds Yoga — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Problèmes de Weefeee, AI artists, and Web 3.0
23 februari 2022 |
66 min
Ooh la la! Horreur Wi-Fi en France! Some folks have experienced the drawbacks of Web 3.0 as their NFTs are stolen, and should computers own the copyright over the art they produce?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
And don't miss our featured interview with Sean Herbert of baramundi.
Visit https://www.smashingsecurity.com/263 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Mark Stockley and Sean Herbert.
Sponsored By:
- Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
- Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
- Try Kolide Free for 14 Days; no credit card required.
- baramundi: Optimize your IT processes with the baramundi Management Suite and make optimal use of resources by automating time-consuming routine tasks.
- Stay in control and maximize your productivity by automating routine tasks. The Unified Endpoint Management Software can be installed and implemented quickly, is intuitive to use, has a modular structure and offers a high level of usability and transparency.
- Try out the free 30-Day full version for yourself today at baramundi.com/smashingsecurity
Links:
- Les dents, le brouilleur et au lit! — ANFR.
- Dad takes down town's internet by mistake to get his kids offline — Bleeping Computer.
- TV licenses and detector vans in the United Kingdom — Wikipedia.
- My first impressions of web3 — Moxie Marlinspike.
- Graham or Carole? - NFT for sale — OpenSea.
- $1.7 million in NFTs stolen in apparent phishing attack on OpenSea users — The Verge.
- Art Copyright, Explained — Artsy.
- The US Copyright Office says an AI can’t copyright its art — The Verge.
- Ruling on "A Recent Entrance to Paradise" — Copyright Review Board.
- Appeals court blasts PETA for using selfie monkey as ‘an unwitting pawn’ — The Verge.
- 'Monkey selfie' case: Photographer wins two year legal fight against Peta over the image copyright — The Independent.
- What I Wish They Taught Me about Copyright in Art School — Library of Congress.
- Who is Banksy and why did he lose the trademark for four of his most famous works? — Sydney Morning Herald.
- The Tinder Swindler — Netflix.
- You Can’t Make This Up: The Making of a Swindler (Part one) — Podcast going behind the scenes of "The Tinder Swindler."
- Why insects do not (and cannot) attack healthy plants — YouTube.
- Eye of the Storm — BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Macro progress, eyeball-tracking ads, and encryption backdoors
16 februari 2022 |
58 min
How does Microsoft hope to defeat the macro terror? How is the UK Government trying to influence the public's opinion on end-to-end encryption? And what is MoviePass hoping to do with your eyeballs?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
Visit https://www.smashingsecurity.com/262 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Thom Langford.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- baramundi: Optimize your IT processes with the baramundi Management Suite and make optimal use of resources by automating time-consuming routine tasks.
- Stay in control and maximize your productivity by automating routine tasks. The Unified Endpoint Management Software can be installed and implemented quickly, is intuitive to use, has a modular structure and offers a high level of usability and transparency.
- Try out the free 30-Day full version for yourself today at baramundi.com/smashingsecurity
Links:
- Macros from the internet are blocked by default in Office — Microsoft.
- A potentially dangerous macro has been blocked — Microsoft.
- The Death of "Please Enable Macros" and What it Means — Check Point Research.
- No Place to Hide.
- Why we need EndToEndEncryption and why it’s essential for our safety, our children’s safety, and for everyone’s future — Alec Muffet.
- Smashing Security episode 68: Malware from outer space!
- MoviePass Relaunching Next Summer — Variety.
- MoviePass is back but with eyeball tracking to make you watch ads — Daily Mail.
- MoviePass 2.0 Wants to Track Your Eyeballs to Make Sure You Watch Ads — Vice.
- Starlink.
- 2000 AD - the Galaxy's Greatest Comic!
- Future Shock! The Story of 2000AD — IMDB.
- 40 Strange Etiquette Rules Through the Years — Good Housekeeping.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
North Korea hacked, DEA cosplay, and Horizon Worlds drama
9 februari 2022 |
51 min
Who's wearing the pyjamas while they take down North Korea's internet? Is it a case of cop or cosplay in Oregon? And what's to fear about the metaverse?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/261 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- 1Password: 1Password Families makes sharing passwords, logins, credit cards and more a (romantic) walk in the park. From now until February 28th, when you sign up for - or upgrade your individual account to - a 1Password Families membership, you’ll get $20 off the entire year!
- Learn more at smashingsecurity.com/love1password
- baramundi: Optimize your IT processes with the baramundi Management Suite and make optimal use of resources by automating time-consuming routine tasks.
- Stay in control and maximize your productivity by automating routine tasks. The Unified Endpoint Management Software can be installed and implemented quickly, is intuitive to use, has a modular structure and offers a high level of usability and transparency.
- Try out the free 30-Day full version for yourself today at baramundi.com/smashingsecurity
Links:
- Space Station Photos Show North Korea at Night, Cloaked in Darkness — National Geographic.
- North Korea Hacked Him. So He Took Down Its Internet — Wired.
- North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities — Hot for Security.
- Woman ‘Tricked’ to Believe She Was a D.E.A. Agent Trainee, Official Says — New York Times.
- Alleged DEA imposter in Portland took woman on ‘ride-alongs,’ had her flash fake badge to find informants among homeless people, complaint says — Oregon Live.
- Meta forced to add ‘personal boundaries’ to the Metaverse after woman was sexually harassed in virtual reality — The Independent.
- Horizon Worlds metaverse app could pose danger for kids, experts say — Washington Post.
- The metaverse has a groping problem already — MIT Technology Review.
- Sexual harassment in the metaverse? Woman says she was virtually raped — USA Today.
- Talking Telephone Numbers Breakdown w/ separated Transmission & Talkback audio — YouTube.
- 2013 Tony Awards Director On FIRE!!! — YouTube.
- Ghosts — BBC iPlayer.
- Chateau Snavely — A terrible Fawlty Towers remake from 1978, with Betty White.
- Amanda's By the Sea — A terrible Fawlty Towers remake from 1983, with Bea Arthur.
- Payne — A terrible Fawlty Towers remake from 1999, which doesn't star anyone from The Golden Girls.
- Couples Therapy — BBC iPlayer.
- Couples Therapy trailer — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
New hire mystery, hacktivist ransomware, and digi-dating
2 februari 2022 |
48 min
Who's that new guy working at your company, and why don't you recognise him from the interview? How are hacktivists raising the heat in Belarus? And should you be fully vaxxed for your online date?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/260 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: Secure online payments and grow your business with Brex and 1Password.
- Brex and 1Password have partnered to make online payments secure and frictionless. 1Password customers can now use Brex virtual credit cards to check out online with just two clicks.
- 1Password's integration with Brex is available right now to 1Password Teams and Business customers based in the United States.
- Learn more at smashingsecurity.com/brex
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
Links:
- The new hire who showed up is not the same person we interviewed — Ask a Manager.
- How to Spot Fake Candidates in Video Interviews — Nick Shah on LinkedIn.
- How To Avoid The Fake Candidate Scam in the Tech Industry — Focus GTS.
- Tweet by Belarusian Cyber-Partisans.
- Tweet showing screenshots of hacked railroad.
- ‘We Can Hurt Them in Ways They Don’t Understand’: Ukraine on Russia Cyber-War — Vice.
- Pandemic fuels new trends in the online dating world — WXYZ Detroit.
- 'Swipe left for unvaxxed’: Vaccine status complicates the scene on dating apps — France 24.
- Tips for private and safe dating on Tinder — Kaspersky.
- Survey Says Bumble Users Are Burned Out on One Thing in Particular — Bumble.
- Cookie Clicker.
- Getting Curious with Jonathan Van Ness — Netflix.
- Chicken fattee with rice, crispbread and yoghurt recipe — Moro.
- Chocolate and Apricot Tart report — Happy Foodie.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Techquilibrium and mediocre linguistic escapades
26 januari 2022 |
43 min
Wordle - good or bad for the world? Whatever your opinion, at least someone wants to spoil players' fun. Meanwhile, we take a look at the threat mobile phones can pose to your mental health.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/259 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- 1Password: Secure online payments and grow your business with Brex and 1Password.
- Brex and 1Password have partnered to make online payments secure and frictionless. 1Password customers can now use Brex virtual credit cards to check out online with just two clicks.
- 1Password's integration with Brex is available right now to 1Password Teams and Business customers based in the United States.
- Learn more at smashingsecurity.com/brex
- Thinkst: Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents...
- Listeners who mail in referencing Smashing Security get a 10% discount on their order!
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
Links:
- Wordle - A daily word game.
- Friend of the show Mark Stockley bragging about his Wordle play — Twitter.
- Wordle Accessibility — Generates descriptive text for your Wordle result.
- Twitter suspends Wordle-ruining bot — The Verge.
- Screen Time: How to make peace with your devices and find your techquilibrium — Book by Becca Cady.
- 2022 Cell Phone Usage Statistics: How Obsessed Are We? — Reviews.org.
- Is Your Phone Affecting Your Mental Health? — Butler Hospital.
- The people deciding to ditch their smartphones — BBC News.
- No place is sacred: Addicted Americans use cell phones at weddings, funerals, on the toilet! — Study Finds.
- Is Your Mobile Phone Use Bad for Your Mental Health? — Mental Health.
- From low sense of control to problematic smartphone use severity during Covid-19 outbreak: The mediating role of fear of missing out and the moderating role of repetitive negative thinking — PLOS.
- Ten ways to take control of your smartphone — The Guardian.
- It's A Knockout 1973, Heat 4 - Ely Vs Hertford — YouTube.
- It's a Royal Knockout, 1987 — YouTube.
- The Grand Knockout Tournament — Wikipedia.
- Embarrassing 80's - Royal It's a Knockout — YouTube.
- 'Brand New Cherry Flavor' Review: Dark New Netflix Show Gets Gross — Variety.
- Brand New Cherry Flavor — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Tesla remote hijacks and revolting YouTubers
19 januari 2022 |
33 min
Carole's still on jury service, but the show must go on! We take a look at how some Tesla owners are at risk of having their expensive cars remotely hijacked, and why YouTubers are up in arms over NFTs.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/258 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
- 1Password: 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels.
- Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet.
- Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you.
- Visit 1Password University for free online security resources, made for everyone.
Links:
- Monty Hall problem — Wikipedia.
- Monty Hall problem explanation video — Numberphile on YouTube.
- David Colombo's Twitter account.
- How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App — Vice.
- Graham or Carole? NFT, posted by Mark Stockley — OpenSea.
- The Fart Jars NFT story doesn't pass the smell test — Input Magazine.
- WOW! Disgusting Youtuber Exploitation Scandal, MrBeast Beat a Child, MLK Controversy, & Today's News — Philip DeFranco's YouTube account.
- Gaming YouTubers have had their likenesses stolen and sold as NFTs — EuroGamer.
- Prominent Gaming YouTubers' Likenesses Sold As NFTs Without Consent — Nintendo Life.
- Cleanup.pictures — Remove objects, people, text and defects from any picture for free.
- Quick, Draw!
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Pokemon-hunting cops and the Spine Collector scammer
12 januari 2022 |
44 min
Who has been playing video games rather than hunting down criminals? How is a man alleged to have stolen manuscripts of unpublished books from celebrity authors? Which pot contains an elephant? And why has Graham been listening to podcasts about pest control marketing?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/257 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
- 1Password: 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels.
- Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet.
- Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you.
- Visit 1Password University for free online security resources, made for everyone.
Links:
- Pokémon Go: Police fired for chasing Snorlax instead of robbers — BBC News.
- Pokémon Go-Playing LAPD Officers Fired For Ignoring Robbery — Kotaku.
- Court of appeal documents (PDF).
- The Mysterious Figure Stealing Books Before Their Release — Vulture.
- FBI Arrests Man Accused of Stealing Unpublished Book Manuscripts — The New York Times.
- ViacomCBS security group 'crucial' for FBI manuscript theft investigation, says Karp — The Bookseller.
- The Spine Collector: Man arrested for using fake email addresses to steal hundreds of unpublished manuscripts — Hot for Security.
- Pest Control Marketing Live! — YouTube.
- Pest Control Marketing Podcast.
- Pest Control Marketing Jingles.
- Think with Pinker — BBC Radio 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Virgin Media just won't take no for an answer, NFT apes, and bad optics
15 december 2021 |
50 min
After a brief discussion of the Log4Shell vulnerability panic, we chat about how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your sleeping girlfriend's facial recognition.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined by Mark Stockley for our last episode of the year!
Visit https://www.smashingsecurity.com/256 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- 1Password: The first annual 1Password “State of Access” benchmark study illuminates the grave dangers unwittingly posed by checked-out, apathetic employees — including security professionals.
- Burned-out employees are 3 times more likely to say security rules and policies “aren’t worth the hassle,” and nearly half of burned-out security professionals say it’s unrealistic for companies to be aware of and manage all apps and devices that employees use.
- Read the report and find out what you can do at 1password.com/resources.
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
Links:
- Log4Shell: The race is on to fix millions of systems and internet-connected devices — Graham Cluley.
- Virgin Media Limited monetary penalty notice (PDF) — Information Commissioner's Office.
- Virgin Media fined £50k for spamming opted-out customers — The Register.
- Bored Ape NFT accidentally sells for $3,000 instead of $300,000 — BBC News.
- Man steals $23K using ex's phone through facial recognition: report — NY Post.
- Man sentenced to 3.5 years in prison after transferring $23,500 on ex-girlfriend's phone by pulling up her eyelid — Global Times.
- What Every Heart Emoji Really Means — Emojipedia.
- Graham or Carole? NFT for sale — OpenSea.
- Mare of Easttown: Official Trailer — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Revolting receipts, a Twitter fandango, and shopkeeper cyber tips
8 december 2021 |
53 min
"Demonically" possessed devices print out antiwork propaganda, advice on how to secure your store, and is Twitter's new photo privacy policy practical?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.
Visit https://www.smashingsecurity.com/255 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dinah Davis.
Sponsored By:
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
- 1Password: It’s that time again when we’re all thinking about plans for the upcoming year. Does your plan include making your team more productive and secure?
- 100,000 businesses use 1Password to secure employees at scale by encrypting their passwords and sensitive information and helping them get more done, faster.
- That’s why, for a limited time only, new customers can get 25% off the first year of 1Password Business and find out how 1Password can boost productivity while protecting their most sensitive data.
- Act fast! This deal is only good until December 16, 2021. Find out more and claim your discount at 1Password.com
Links:
- CEO of US mortgage company fires 900 employees on a Zoom call — YouTube.
- Better.com Zoom firing: Employees share what it was like — CNN.
- Antiwork subreddit — Reddit.
- Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos — Motherboard Vice.
- Hackers are spamming printers with 'antiwork' slogans — Metro.
- How To Get Back At Your Annoyingly Loud Neighbors — Dumpaday.
- Attention Shoppers: Internet Is Open — The New York Times.
- A Brief History of E-commerce — Michael Tefula.
- NetMarket.
- Global retail e-commerce market size 2014-2023 — Statista.
- Ecommerce Fraud Prevention: How To Protect Your Online Store — Big Commerce.
- How to Secure Your E-Commerce Website: 6 Basic Steps — PC Magazine.
- How to Secure Your eCommerce Website: 7 Tips — MailMunch.
- Twitter Will Take Down Pictures of People Posted Without Their Permission — The New York Times.
- Far-right activists using Twitter new rule against anti-extremist researchers — The Washington Post.
- Far-right target critics with Twitter's new media policy — BBC News.
- The Guardian Crosswords.
- Guardian Puzzles & Crosswords for iOS — iOS App Store.
- Guardian Puzzles & Crosswords for Android — Google Play store.
- Now that's what I call a Hacker — Jitbit.
- Taskmaster — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A dead hamster, a brass pen, and The Beatles
1 december 2021 |
38 min
Cryptocurrency traders suffer a hamster-related loss, beware of charity scammers this holiday season, and do you have the patience to sit through Peter Jackson's eight-hour Beatles documentary?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are flying solo this week.
Visit https://www.smashingsecurity.com/254 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
- 1Password: It’s that time again when we’re all thinking about plans for the upcoming year. Does your plan include making your team more productive and secure?
- 100,000 businesses use 1Password to secure employees at scale by encrypting their passwords and sensitive information and helping them get more done, faster.
- That’s why, for a limited time only, new customers can get 25% off the first year of 1Password Business and find out how 1Password can boost productivity while protecting their most sensitive data.
- Act fast! This deal is only good until December 16, 2021. Find out more and claim your discount at 1Password.com
- Perimeter 81: Perimeter 81 is the first-ever Cybersecurity Experience Platform, designed around Instant Deployment, Unified Management, Integrated Security, and Full Visibility.
- Perimeter 81 allows organizations of any and all industry sizes to support IT teams with robust tools to secure and manage your global network with one unified platform.
- Securing remote access for cloud and hybrid businesses and organizations, Perimeter 81 provides unified solutions such as Zero Trust Network Access, Firewall as a Service, Device Posture Check, and more.
- Learn more and request a demo at perimeter81.com
Links:
- How Stanley Kubrick Staged the Moon Landing — The Paris Review.
- The Day the World Didn't End — NASA.
- Does Finland Exist? Many Don't Think So — The Culture Trip.
- Mr Goxx, the crypto-trading hamster beating human investors — BBC News.
- Mr Goxx's Twitch channel — Twitch.
- RIP Mr. Goxx: Cryptocurrency trading HAMSTER DIES of unknown causes — Daily Mail.
- Epstein’s death proves feeding ground for conspiracy theories — Financial Times.
- Smashing Security episode 114: Darknet Diaries, death, and beauty apps — In which we discussed the Quadriga case.
- Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty — Graham Cluley.
- Fraud: Charities warned to be extra vigilant over coming months — UK Fundraising.
- Donate safely this Giving Tuesday — FTC.
- Watch The Beatles: Get Back — Disney +
- The Beatles: Get Back trailer — YouTube.
- Kaweco Brass Sport pen.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cybercrime unicorns, HVAC hacks, and NFT piracy - with Mikko Hyppönen
24 november 2021 |
48 min
Heating systems are left vulnerable to attack in the high courts, cybercrime unicorns have become a reality (but what are they?), over 15 Terabytes of NFTs are made available for anyone to download ... and Carole reveals her Pick of the Year.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mikko Hyppönen.
Visit https://www.smashingsecurity.com/253 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mikko Hyppönen.
Sponsored By:
- Thinkst: Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents...
- Listeners who mail in referencing Smashing Security get a 10% discount on their order!
- Perimeter 81: Perimeter 81 is the first-ever Cybersecurity Experience Platform, designed around Instant Deployment, Unified Management, Integrated Security, and Full Visibility.
- Perimeter 81 allows organizations of any and all industry sizes to support IT teams with robust tools to secure and manage your global network with one unified platform.
- Securing remote access for cloud and hybrid businesses and organizations, Perimeter 81 provides unified solutions such as Zero Trust Network Access, Firewall as a Service, Device Posture Check, and more.
- Learn more and request a demo at perimeter81.com
- 1Password: 1Password 8 for Windows has been reimagined to feel right at home on the world's most popular desktop operating system.
- From Dark Mode and passwordless integration to smart search and secure item sharing, 1Password 8 is the new home for your digital life.
- Productivity improvements, enhanced security and privacy features, and a modern design deliver a first-class experience that offers the best of Windows 11.
- 1Password 8 for Windows helps you manage, remember, and protect your sensitive information more easily and securely than ever before.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- Royal Courts of Justice HVAC systems had unsecured Wi-Fi AP — The Register.
- Tweet by Tristan Kirk, court correspondent of the London Evening Standard.
- Target Hackers Broke in Via HVAC Company — Brian Krebs.
- Former Security Guard Who Hacked Into Hospital’s Computer System Sentenced to 110 Months in Federal Prison — FBI.
- Video by Jesse McGraw (aka "PhantomExodizzmo") — YouTube.
- Cybercrime Unicorns: How Hackers Are Building Empires That Rival Tech's Most Sophisticated, Highly Valued Startups — International Business Times.
- Will we see a cybercrime unicorn? — Comic strip featuring Mikko Hyppönen.
- 'Piracy' website offers NFT art as free downloads — BBC News.
- Someone Made a Pirate Bay for NFTs — Motherboard.
- The NFT Bay.
- NFTs are causing chaos in online artist communities — Polygon.
- Think cryptocurrency is bad? NFTs are even worse — Mashable.
- MailMate.
- The Ted Dabney Experience — Podcast about vintage video games.
- Ruben Brandt, Collector — IMDB.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hotel hacks, workplace spies, and the FBI
17 november 2021 |
61 min
Booking.com got hacked five years ago, and didn't tell its customers... but now we know who might have been behind it. Bossware rears its ugly head again in the workplace, spying on employees. And did you receive a warning email from the FBI?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Brian Klaas of the "Power Corrupts" podcast.
Plus we have a featured interview with Perimeter 81 co-founder and CEO Amit Bareket.
Visit https://www.smashingsecurity.com/252 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Amit Bareket and Brian Klaas.
Sponsored By:
- Perimeter 81: Perimeter 81 is the first-ever Cybersecurity Experience Platform, designed around Instant Deployment, Unified Management, Integrated Security, and Full Visibility.
- Perimeter 81 allows organizations of any and all industry sizes to support IT teams with robust tools to secure and manage your global network with one unified platform.
- Securing remote access for cloud and hybrid businesses and organizations, Perimeter 81 provides unified solutions such as Zero Trust Network Access, Firewall as a Service, Device Posture Check, and more.
- Learn more and request a demo at perimeter81.com
- Qualys: Qualys was one of the first SaaS security companies, and delivers continuous, critical security intelligence via its Qualys Cloud Platform and integrated Cloud Apps.
- Its powerful solutions empower organisations to streamline and consolidate their security and compliance solutions in a single platform and achieve greater business agility, better outcomes and substantial cost savings.
- Qualys recently announced three new solutions designed to address today’s challenges faced by enterprises: Ransomware Risk Assessment, Cybersecurity Asset Management, and Zero Touch Patch Management.
- Learn more at qualys.com
- 1Password: 1Password 8 for Windows has been reimagined to feel right at home on the world's most popular desktop operating system.
- From Dark Mode and passwordless integration to smart search and secure item sharing, 1Password 8 is the new home for your digital life.
- Productivity improvements, enhanced security and privacy features, and a modern design deliver a first-class experience that offers the best of Windows 11.
- 1Password 8 for Windows helps you manage, remember, and protect your sensitive information more easily and securely than ever before.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- American spy hacked Booking.com, company stayed silent — NRC.
- Booking.com was reportedly hacked by a US intel agency but never told customers — Ars Technica.
- Dutch newspaper links Booking.com break-in to US spy groups — The Register.
- Belgium’s largest telecoms company says it was hacked — Graham Cluley.
- GCHQ “infected Belgium’s largest telecom company with spyware” — Graham Cluley.
- Is your company secretly monitoring your work at home? — Los Angeles Times.
- School janitor says she was fired for not installing smartphone tracking app — Graham Cluley.
- Hawaii’s ballistic missile false alarm and a user interface failure — Graham Cluley.
- FBI system hacked to email 'urgent' warning about fake cyberattacks — Bleeping Computer.
- Hoax Email Blast Abused Poor Coding in FBI Website — Krebs on Security.
- Vinny Troia's website.
- FBI Statement on Incident Involving Fake Emails — FBI.
- What is Trailmakers? — YouTube.
- Trailmakers - Build vehicles and explore the world.
- "Apologies to My Censor" by Mitch Moxley.
- "I Hate Suzie" trailer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
PrawnHub, Tesla recall, and IoT luggage
10 november 2021 |
42 min
Fishing fanatics find themselves in deep water, Teslas go haywire after an update, and is there actually some good news about IoT?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ken Munro.
Visit https://www.smashingsecurity.com/251 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Ken Munro.
Sponsored By:
- 1Password: From start-up to enterprise, 1Password makes it easy for your team to store, generate and share strong passwords. The less time you need to spend dealing with hacks, phishing scams, and lost passwords, the better.
- Not just for IT and Security teams – all kinds of teams like Finance, HR, Legal, and Marketing can also store and share business credit cards, sensitive documents and shared logins in 1Password.
- Work securely from home or in the office. 1Password allows secure access to logins and important resources anywhere you work.
- Instantly deploy, grant and revoke access to shared vaults. You can securely add new team members and recover locked-out user accounts.
- Find out more and try 1Password free for 14 days at 1Password.com
- Qualys: Qualys Security Conference 2021 is taking place in Las Vegas November 15-18 2021, and you can attend either in person or online.
- Hear from experts such as Chris Krebs, former Director of the DHS & CISA, learn strategies and tactics to secure your organization, and network with your peers and other Qualys experts to accelerate your career.
- To learn more about attending the Qualys Security Conference 2021 in person or online visit smashingsecurity.com/qualyslasvegas
Links:
- Notice of a cyber security incident — Announcement from Angling Direct on London Stock Exchange.
- Angling Direct: Criminals net website of UK fishing site — The Register.
- Tweet from user of Angling Direct. — Twitter.
- Tweet by Angling Direct customer — Twitter.
- Internet-connected radio equipment and wearable radio equipment — European Commission.
- Internet of Things Cybersecurity Improvement Act of 2020 — US LIbrary of Congress.
- Information privacy: connected devices — Californian senate bill.
- Tesla Full Self-Driving recall came amid increased regulatory scrutiny - The Washington Post — Washington Post.
- Tesla recalls nearly 12,000 U.S. vehicles over software communication error — Reuters.
- The World of the Unknown series of books: UFOs, Ghosts, and Monsters — Usborne.
- World of the Unknown UFOs trailer — YouTube.
- Airwheel SR5 Intelligent Suitcase.
- Hijacking smart luggage — Pen Test Partners.
- AeroPress Coffee Maker.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Yes, you heard that correctly. Two hundred and fifty
3 november 2021 |
62 min
A game about Squid Game pulls the rug from under cryptocurrency investors in what appears to be a scam, PayPal hackers use a devious trick to break into 2FA-protected accounts, and have you received a job offer that's too good to be true?
All this and much much more is discussed in this celebratory edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker.
Plus don't miss our featured interview with the CEO and president of Qualys, Sumedh Thakar.
Oh, and huge thanks to Darknet Diaries' Jack Rhysider, F-Secure's Mikko Hyppönen, The Cyberwire's Dave Bittner, and Host Unknown's Andrew Agnês, Thom Langford, and Javvad Malik for their special contributions to this episode.
Visit https://www.smashingsecurity.com/250 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Andrew Agnês, Dave Bittner, Jack Rhysider, Javvad Malik, Jessica Barker, Mikko Hyppönen, Sumedh Thakar, and Thom Langford.
Sponsored By:
- Qualys: Qualys Security Conference 2021 is taking place in Las Vegas November 15-18 2021, and you can attend either in person or online.
- Hear from experts such as Chris Krebs, former Director of the DHS & CISA, learn strategies and tactics to secure your organization, and network with your peers and other Qualys experts to accelerate your career.
- To learn more about attending the Qualys Security Conference 2021 in person or online visit smashingsecurity.com/qualyslasvegas
- 1Password: From start-up to enterprise, 1Password makes it easy for your team to store, generate and share strong passwords. The less time you need to spend dealing with hacks, phishing scams, and lost passwords, the better.
- Not just for IT and Security teams – all kinds of teams like Finance, HR, Legal, and Marketing can also store and share business credit cards, sensitive documents and shared logins in 1Password.
- Work securely from home or in the office. 1Password allows secure access to logins and important resources anywhere you work.
- Instantly deploy, grant and revoke access to shared vaults. You can securely add new team members and recover locked-out user accounts.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- Squid Game cryptocurrency rockets in first few days of trading — BBC News.
- Squid Game crypto token collapses in apparent scam — BBC News.
- 'I Lost Everything': How Squid Game Token Collapsed — CoinMarketCap.
- Squid Game Cryptocurrency Scammers Make Off With $3.3 Million — Gizmodo.
- The Booming Underground Market for Bots That Steal Your 2FA Codes — Vice.
- Scammers Are Using Fake Job Ads to Steal People’s Identities — ProPublica.
- FBI Warns Cyber Criminals Are Using Fake Job Listings to Target Applicants’ Personally Identifiable Information — FBI.
- Don’t let job scams block your path forward — FTC Consumer Information.
- Pit — Wikipedia.
- Pit game description — Board Game Geek.
- Metal Shop Masters — Netflix.
- Metal Shop Masters trailer — YouTube.
- Techjunkie Tools.
- 15 Secret Websites — Alphr.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Devious licks, Netflix, and sensitive hackers
27 oktober 2021 |
47 min
Ransomware attackers have got hurt feelings, what does Netflix know about you, and why are schoolkids stealing lavatory seats?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by 1Password's Matt Davey from the "Random but Memorable" podcast.
Visit https://www.smashingsecurity.com/249 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Matt Davey.
Sponsored By:
- Thinkst: Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents...
- Listeners who mail in referencing Smashing Security get a 10% discount on their order!
- 1Password: 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels.
- Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet.
- Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you.
- Visit 1Password University for free online security resources, made for everyone.
Links:
- Governments turn tables on ransomware gang REvil by pushing it offline — Reuters.
- REvil ransomware - what you need to know about the criminal enterprise — Tripwire.
- REvil ransomware rampages following Kaseya supply-chain attack — Graham Cluley.
- Meat supplier JBS probed after paying $11 million ransom to attackers. US Congress has a beef with those who pay ransoms to cybercriminals — Graham Cluley.
- Hitting the BlackMatter gang where it hurts: In the wallet — Emsisoft.
- Ransomware gang outraged at “bandit-mugging behavior of the United States” after REvil group pushed offline — Graham Cluley.
- All the ways Netflix tracks you and what you watch — Wired.
- The inside story of Bandersnatch, the weirdest Black Mirror episode yet — Wired.
- Netflix’s Secret Special Algorithm Is a Human — The New Yorker.
- Why Netflix Might Run Ads: Analysts See $1 Billion Revenue Upside — Variety.
- Devious Licks Trend — Know Your Meme.
- TikTok's 'devious licks' challenge source of destruction in Summit County schools, businesses — MSN.
- TikTok Bans 'Devious Licks' Trend Which Saw High School Students Arrested — Newsweek.
- TikTok to be in congressional hotseat over school-trashing content — Reuters.
- Kid destroys printer for TikTok in front of his parents — Reddit.
- To combat all the devious licks, we are now met with angelic yields — TikTok.
- Woodmere Avenue Width Restriction Crashes Compilation — YouTube.
- Woodmere Avenue Crashes YouTube channel.
- Moment 11 vehicles including a police van smash into steel post in just four weeks — Daily Mail.
- Jon Richardson & The Futurenauts podcast.
- Dead Air podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Press F12 to hack
20 oktober 2021 |
46 min
A journalist is threatened with prosecution after choosing to "View Source" on a public webpage, Amazon Ring owners might be in line for a hefty fine if their neighbours complain, and is the school lunch queue a good place for facial recognition?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/248 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- 1Password: 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels.
- Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet.
- Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you.
- Visit 1Password University for free online security resources, made for everyone.
Links:
- Missouri teachers’ Social Security numbers at risk on state agency’s website — St Louis Post-Despatch.
- Missouri governor vows criminal prosecution of reporter who found flaw in state website — Missouri Independent.
- State of Missouri Addresses Data Vulnerability — State of Missouri Office of Administration press release.
- Governor Parson Press Conference MO Education Website Hack — YouTube.
- Doctor set for £100k pay-out after judge ruled neighbour's Ring doorbell cameras breached privacy — Daily Mail.
- The pandemic is testing the limits of face recognition — MIT Technology Review.
- ICO to step in after schools use facial recognition to speed up lunch queue — The Guardian.
- The most sassy bride in history of Married At First Sight Australia — YouTube.
- Married at First Sight Australia — All 4. (Series 6 is the one to watch, according to Graham)
- Dark Air with Terry Carnation — Audioboom.
- Vigil — BBC iPlayer.
- Art Bell — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Rickrolling submarine secrets
13 oktober 2021 |
50 min
A married couple are accused of selling nuclear sub secrets, Facebook continues to make young lives a misery, and a school hacker lets loose one heck of a prank.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/247 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Maryland Nuclear Engineer and Spouse Arrested on Espionage-Related Charges — US Department of Justice.
- Couple charged with leaking US nuclear sub designs — The Register.
- Facebook will add new safety features, notably for teens, after whistleblower leak — CNBC.
- Unfollow Everything cease-and-desist letter from Facebook — Louis Barclay.
- IoT Hacking and Rickrolling My High School District — WhiteHoodHacker.
- Board Game Arena — Play board games online from your browser.
- Foundation — Official Trailer — YouTube.
- Foundation — Apple TV.
- Film Courage.
- Film Courage — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Facebook has fallen
6 oktober 2021 |
66 min
Facebook suffers a massive (and very public) failure, Britain announces plans for counter-attacking nation states in cyberspace, and there's a tragic story related to ransomware.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.
And don't miss our featured interview with Attivo Network's Carolyn Crandall.
Visit https://www.smashingsecurity.com/246 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Carolyn Crandall and Chris Kirsch.
Sponsored By:
- 1Password: 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels.
- Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet.
- Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you.
- Visit 1Password University for free online security resources, made for everyone.
- Attivo Networks: It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures.
- Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud - all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker's advantage.
- Learn more and kick credential attacks to the curb, by visiting attivonetworks.com
Links:
- Update about the October 4th outage — Facebook Engineering.
- More details about the October 4 outage — Facebook Engineering.
- Facebook Whistleblower Says Company Chooses ‘Profits Over Safety’ All The Time — Vice.
- Inside Facebook’s Push to Defend Its Image — The New York Times.
- Conspiracy Theories About Facebook Outage Spread Even Without Facebook — Vice.
- Facebook outage: what went wrong and why did it take so long to fix after social platform went down? — The Guardian.
- A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death — Wall Street Journal.
- Baby's Death Alleged to Be Linked to Ransomware — Threatpost.
- US unites 30 countries to disrupt global ransomware attacks — Bleeping Computer.
- Interpol urges police to unite against 'potential ransomware pandemic' — Bleeping Computer.
- More than 20,000 arrests in year-long global crackdown on phone and Internet scams — Interpol.
- Lancashire partners welcome NCF to the North West — Lancashire Enterprise Partnership
- National Cyber Force to be based in Samlesbury — BBC News.
- BoardGameGeek.
- I Expect You To Die — Schell Games.
- Midnight Mass — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Julian Assange assassination plot, and IoT toilets
29 september 2021 |
37 min
While Julian Assange was killing time in the Ecuador's embassy in London, the CIA were trying to dream up ways to kill him, and urine trouble if you put your trust in an IoT lavatory.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by nobody at all.
Visit https://www.smashingsecurity.com/245 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks — Yahoo News.
- The seven-year itch: Assange's awkward stay in the embassy — The Guardian.
- Assange Held Legal Meetings in Ladies' Toilet Due to Paranoia: Report — Business Insider.
- Julian Assange smeared faeces on walls of Ecuadorian embassy, interior minister claims — The Independent.
- Julian Assange: Why Ecuador ended his stay in London embassy — BBC News.
- Julian Assange dragged from Ecuadorean embassy — BBC News.
- The smart toilet era is here! Are you ready to share your analprint with big tech? — The Guardian.
- Assume Nothing - Hack Attack — BBC Sounds.
- The Art Museum — Phaidon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Facebook Ray-Bans, VPN spies, and AI camouflage
22 september 2021 |
51 min
How much do you trust the people who work at your VPN provider? How are folks fighting facial recognition? And what on earth is Ray-Ban thinking getting into bed with Facebook?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/244 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government — Department of Justice.
- DarkMatter.
- Ex-NSA cyberspies reveal how they helped hack foes of UAE — Reuters.
- Daniel Gericke and ExpressVPN – Official Response — ExpressVPN.
- Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week — ZDNet.
- Facebook debuts its Ray-Ban Stories smart sunglasses — TechCrunch.
- Facebook warned over ‘very small’ indicator LED on smart glasses, as EU DPAs flag privacy concerns — TechCrunch.
- Mark Zuckerberg introduces Ray-Ban Stories — YouTube.
- Computer Vision Dazzle Camouflage — CV Dazzle.
- Researchers Defeated Advanced Facial Recognition Tech Using Makeup — Vice.
- Dodging Attack Using Carefully Crafted Natural Makeup — YouTube.
- How to Play the Piano by James Rhodes — Amazon UK.
- Music and the inner self, TEDx talk by James Rhodes — YouTube.
- Yamaha P-45 — Thomann.
- Origins: How the Earth Shaped Human History by Lewis Dartnell — Amazon UK.
- Life Lines — BBC Radio 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Breaking news, Apple zero-clicks, and bad blood
15 september 2021 |
48 min
A Walmart press release says it's jumping aboard the cryptocurrency bus - but is it true? Theranos's Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Visit https://www.smashingsecurity.com/243 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Thom Langford.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
- Attivo Networks: It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures.
- Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud - all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker's advantage.
- Learn more and kick credential attacks to the curb, by visiting attivonetworks.com
Links:
- Fake Walmart news release claimed it would accept cryptocurrency — BBC News.
- Alerts and story on Walmart to accept Litecoin payments withdrawn — Reuters.
- NOTICE TO DISREGARD - Walmart Inc. — Globe Newswire
- Walmart Statement in Response to Fake Litecoin Press Release — Walmart.
- Litecoin Foundation ‘Screwed Up,’ Lee Says of Walmart Snafu — Bloomberg.
- Walmart-Litecoin Pact Hoax Jolts Crypto Market — YouTube.
- Official statement from Litcoin Foundation — Twitter.
- Apple rushes to block 'zero-click' iPhone spyware — BBC News.
- Pegasus: Spyware sold to governments 'targets activists' — BBC News.
- Smashing Security #237: NuNa, NuNu, NaNa — Podcast episode where we previously discussed NSO Group's activities.
- The rise and fall of Theranos: so many lessons in a drop of blood — The Conversation.
- Theranos Didn’t Just Harm Investors — Bloomberg.
- Theranos founder Elizabeth Holmes 'lied and cheated', trial hears — BBC News.
- Theranos Founder Elizabeth Holmes Is on Trial. Silicon Valley Is Watching — Wired.
- #susanalbumparty: The ad campaigns that accidentally (or not) launched filthy hashtags — BBC.
- Bad Blood: The Final Chapter — Apple Podcasts.
- "The Trip" trailer — YouTube.
- TraffickCam.
- 101 Great Cuss/Swear Word Alternatives — WeHaveKids.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
ProtonMail privacy questioned, and Banksy blunder
8 september 2021 |
57 min
ProtonMail finds itself in a privacy pickle, the big problem with Facebook's algorithmic amplification, and strange things are happening on Banksy's website.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/242 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
- Privacy.com: Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.
Links:
- ProtonMail logged IP address of French activist after order by Swiss authorities — TechCrunch.
- Important clarifications regarding arrest of climate activist — ProtonMail.
- Information for Law Enforcement Authorities — ProtonMail.
- Tweet by Andy Yen, founder of ProtonMail.
- Why Facebook Won’t Stop Pushing Propaganda — Mother Jones.
- Fake Banksy NFT sold through artist's website for £244k — BBC News.
- A fake Banksy sold for $330K is a perfect symbol of a wild NFT market — The Next Web.
- Banksy was warned about website flaw before NFT hack scam — BBC News.
- McCartney 3,2,1 - Trailer — YouTube.
- Classic Albums — BBC Four.
- Backyard Coaster POV | Little Thunder — YouTube.
- Inside the Most Impressive Backyard Roller Coaster I've Ever Seen: Little Thunder — Coaster 101.
- Pre-owned Rides for sale.
- Netflix Drops Trailer for New Norwegian Vampire Comedy Post Mortem: No One Dies in Skarnes — Netflix.
- Post Mortem: No One Dies in Skarnes — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Flipping dating apps, and crypto rewards for criminals
1 september 2021 |
48 min
How to find your match on the Bumble dating app, convicted criminals make money out of cryptocurrency, and there are concerns about data in Afghanistan.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/241 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team.
- Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work.
- Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now.
- Privacy.com: Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.
Links:
- Vulnerability in Bumble dating app reveals any user's exact location — Robert Heaton.
- How Tinder keeps your exact location (a bit) private — Robert Heaton.
- The Taliban Have Seized U.S. Military Biometrics Devices — The Intercept.
- A U.S.-built biometric system sparks concerns for Afghans — NBC News.
- This is the real story of the Afghan biometric databases abandoned to the Taliban — MIT Technology Review.
- Sweden must give Bitcoin worth €1.3 million back to drug dealers after costly legal misstep — Euronews.
- Miles Davis: Birth of the Cool — Netflix.
- What We Do in the Shadows — BBC iPlayer.
- Watch What We Do in the Shadows — Hulu.
- Radio Garden.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
3D printer hijacks, crypto fails, and a tech billionaire’s revenge
25 augusti 2021 |
51 min
A bug unravels 3D printer security, cryptocurrency sites can't stop getting hacked, and hear our special guest spill a cup of tea while inhabiting his wife's knicker drawer.
All this and much much more can be found in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC cybersecurity correspondent Joe Tidy.
Visit https://www.smashingsecurity.com/240 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Joe Tidy.
Sponsored By:
- 1Password: Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team.
- Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work.
- Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now.
- Attivo Networks: It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures.
- Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud - all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker's advantage.
- Learn more and kick credential attacks to the curb, by visiting attivonetworks.com
Links:
- We Broke Into A Bunch Of Android Phones With A 3D-Printed Head — Forbes.
- Wake up this morning and see this on my 3D printer (I use octoprint and now I’m scared) — Reddit.
- What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone — Naked Security.
- A detailed analysis of the security incident last night — The Spaghetti Detective.
- The PewDiePie Hackers: Could hacking printers ruin your life? — BBC News.
- The $600 million Poly Network hacker's Q&A — Twitter.
- Crypto hacker offered reward after $600m heist — BBC News.
- Hackers steal nearly $100m in Japan crypto heist — BBC News.
- Altsbit Crypto Exchange Gets Hacked, 'Almost All Funds' Are Gone — Bitcoinist.
- Bitpoint Exchange Hacked for $32 Million in Cryptocurrency — CoinDesk.
- Coincheck: World's biggest ever digital currency 'theft' — BBC News.
- The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster — Wired.
- Buying a pink NFT cat was a crypto nightmare — BBC News.
- Hearings Continue In Case Of Wealthy Robotics Founder Sued By His Wife For ‘Indefensible’ Sale Price Of His Startup — Forbes.
- Google ‘founder’ created revenge site against estranged wife — New York Post.
- Billionaire investor who helped launch Google is accused of 'divorce terrorism' in bitter break-up — Daily Mail.
- Cracker (British TV series) — Wikipedia.
- Cracker — BritBox.
- K&F Concept 4K WiFi 30MP Trail Camera Game Camera with 940nm Infrared Outdoor IP66 Waterproof Hunting Infrared Night Vision Camera — K&F Concept.
- Keeping the Wolf Out — BBC Radio 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
TikTok vigilantes, sloppy IoT, and Wikipedia woe
18 augusti 2021 |
52 min
The Great Londini has gathered a two million strong army to out TikTok trolls, there's a bad supply chain vulnerability in many IoT devices, and how did Wikipedia pages end up covered in Nazi swastikas?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes (who has a very controversial Pick of the Week...)
Visit https://www.smashingsecurity.com/239 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: John Hawes.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- Thousands of Wikipedia Pages Vandalized With Giant Swastikas — Gizmodo.
- Video of Wikipedia defacement — Twitter.
- Scottish Wikipedia.
- Um, almost the entire Scots Wikipedia was written by someone with no idea of the language – 10,000s of articles — The Register.
- Protection policy — Wikipedia.
- Austrian soldier imprisoned for showing photos of swastika tattoo on testicle — Jewish News.
- Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain — IOT Inspector.
- TikTok adds more safety features for teens — CNET.
- TikTok Vigilante Group the Great Londini Has Made Hunting Down Trolls Its Mission — Insider.
- Who is TikTok’s masked vigilante? — BBC News.
- News Bunny — Wikipedia.
- Nestflix.
- The Movies That Made Us — Netflix.
- The School of Life — YouTube.
- How Not to be Boring — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Fashion captain, fraud family, and DEF CON. D'oh!
28 juli 2021 |
54 min
Pygmy hippopotamus bugs, DEF CON's data slip-up, and phishing fraudsters have their collars felt.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Paul Ducklin.
Visit https://www.smashingsecurity.com/238 to check out this episode’s show notes and episode links.
We're going to be taking a holiday for a couple of weeks, but will be back with a regular show later in August.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Paul Ducklin.
Sponsored By:
- 1Password: Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team.
- Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work.
- Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now.
- Offensive Security: With the skills gap increasing, it’s more important than ever to train your staff effectively and efficiently. Industry-leading Offensive Security provides training for your organization designed by the same minds behind Kali Linux and the OSCP.
- Visit smashingsecurity.com/offsec to learn more!
Links:
- DEF CON masks and vaccination FAQ.
- Hacking DEF CON 29 — Reznok.
- Tweet by Jeff Moss (Dark Tangent) thanking Reznok.
- PetitPotam proof-of-concept tool — GitHub.
- Windows “PetitPotam” network attack – how to protect against it — Naked Security.
- Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands — Bitdefender.
- The Trigan Empire — Wikipedia.
- The Rise and Fall of The Trigan Empire: Volume 1 — Treasury British Comics Shop.
- Tangle Teezer — If you want to be a Fashion Captain, like Duck.
- Modern Love trailer — YouTube.
- Modern Love (TV series) — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
NuNa, NuNu, NaNa
21 juli 2021 |
62 min
Spy software known as Pegasus has been used to carry out surveillance on the smartphones of journalists, activists, and political leaders. Can a "Freedom Phone" be trusted? And a ransomware-hit law firm demonstrates how not to keep its customers informed.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
Visit https://www.smashingsecurity.com/237 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Thom Langford.
Sponsored By:
- KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?
- Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.
- Plus, see how you stack up against your peers with the new phishing industry benchmarks.
- Find out more at knowbe4.com/freetest
- Offensive Security: With the skills gap increasing, it’s more important than ever to train your staff effectively and efficiently. Industry-leading Offensive Security provides training for your organization designed by the same minds behind Kali Linux and the OSCP.
- Visit smashingsecurity.com/offsec to learn more!
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- The Pegasus project — The Guardian.
- Revealed: leak uncovers global abuse of cyber-surveillance weapon — The Guardian.
- Pegasus: NSO clients spying disclosures prompt political rows across world — The Guardian.
- Pegasus: Spyware sold to governments 'targets activists' — BBC News.
- Revealed: murdered journalist’s number selected by Mexican NSO client — The Guardian.
- Forensic Methodology Report: How to catch NSO Group’s Pegasus — Amnesty International.
- Mobile Verification Toolkit (MVT) — Forensic tool to look for signs of infection in smartphone devices.
- Freedom Phone.
- MAGA World’s ‘Freedom Phone’ Actually Budget Chinese Phone — Daily Beast.
- Hacker Fantastic on Twitter.
- Finnish therapy clinic’s CEO fired after despicable data breach and blackmail threats — Graham Cluley.
- Campbell Conroy & O’Neil Provides Notice of Data Privacy Incident – — Campbell Conroy & O'Neil.
- They were competitive eaters. Then they fell in love — Wired.
- Brickit: Rebuild your Lego.
- Central Park — Apple TV.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Stingrays, soccer, and smart homes
14 juli 2021 |
61 min
How did investigators ask a romance scammer out on a date, smart homes continue to play dumb, and is it time for social media sites to do more about racist football fans?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology reporter Zoe Kleinman.
Visit https://www.smashingsecurity.com/236 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoe Kleinman.
Sponsored By:
- Offensive Security: With the skills gap increasing, it’s more important than ever to train your staff effectively and efficiently. Industry-leading Offensive Security provides training for your organization designed by the same minds behind Kali Linux and the OSCP.
- Visit smashingsecurity.com/offsec to learn more!
- Privacy.com: Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- How Does The Secret Service Track Fugitives? One Romance Scammer Hunt Started With A Simple Text — Forbes.
- Stingrays bought, quietly used by police forces across England — Ars Technica.
- Euro 2020: Why abuse remains rife on social media — BBC News.
- Clapper commercial — YouTube.
- Samsung Washing Machine App Requires Access to Your Contacts and Location — Vice.
- Why first-time buyers should buy into smart home tech for their first move — Property Reporter.
- Graham Cluley with his Columbo mug — Twitter.
- The Columbophile fan site.
- How Columbo Became an Unlikely Quarantine Hit — GQ.
- Bose QuietComfort Earbuds — Bose.
- Late Night POV Cooking with J Kenji López-Alt — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
REvil returns, TikTok grows, and Gettr defaced
7 juli 2021 |
59 min
A ransomware gang has exploited a security hole in software used by many businesses, and are demanding $70 million for a decryption tool. Plus we take a close look at TikTok, and a website which seems to have entirely ripped-off Twitter.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and author Chris Stokel-Walker.
Visit https://www.smashingsecurity.com/235 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Chris Stokel-Walker.
Sponsored By:
- Privacy.com: Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.
- 1Password: Did you know that almost two thirds of all IT workers admit to reusing enterprise secrets between different projects, creating a potential gateway for attackers?
- 1Password’s new research report, "Hiding in Plain Sight", reveals the breadth and depth of mismanaged business secrets like code, passwords, credentials, and keys, and that secrets (mis)management is the next big cybersecurity threat.
- Learn more by reading the full report at 1password.com/resources
- KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?
- Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.
- Plus, see how you stack up against your peers with the new phishing industry benchmarks.
- Find out more at knowbe4.com/freetest
Links:
- REvil ransomware rampages following Kaseya supply-chain attack — Graham Cluley.
- Swedish Coop supermarkets shut due to US ransomware cyber-attack — BBC News.
- Kaseya CEO Fred Voccola Addresses Cyberattack and Next Steps for VSA Customers — YouTube.
- Kaseya Responds Swiftly to Sophisticated Cyberattack, — Press release.
- Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO says — Reuters.
- TikTok's Underlying Tech Is About to Go on Sale — Business Insider.
- This Is How TikTok Sends User Data to China — Business Insider.
- TikTok insiders say Chinese parent ByteDance is in control — CNBC.
- “Happy July 4th!” from Mark Zuckerberg — Instagram.
- Team Trump quietly launches new social media platform — Politico.
- Pro-Trump social media app hacked on launch day as half million sign up — Reuters.
- Pro-Trump social media site Gettr hacked — CNET.
- The Trump Team’s New Social Media Platform Is Already Flooded With Hentai — Mother Jones.
- Broken Sword 5: The Serpent's Curse — Revolution Software.
- This Is a Robbery: The World's Biggest Art Heist — Netflix.
- Passenger List — Radiotopia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cozy Bear, dildo scams, and robo hires and fires
30 juni 2021 |
56 min
Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from "Amazon"...
And you will NOT want to miss checking out a very special "Pick of the week"!
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.
Visit https://www.smashingsecurity.com/234 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David Bisson.
Sponsored By:
- 1Password: Did you know that almost two thirds of all IT workers admit to reusing enterprise secrets between different projects, creating a potential gateway for attackers?
- 1Password’s new research report, "Hiding in Plain Sight", reveals the breadth and depth of mismanaged business secrets like code, passwords, credentials, and keys, and that secrets (mis)management is the next big cybersecurity threat.
- Learn more by reading the full report at 1password.com/resources
Links:
- Cozy Bear — Wikipedia.
- Bears in the Midst: Intrusion Into the Democratic National Committee — Crowdstrike.
- Coronavirus: Russian cyber spies attempting to steal vaccine research from Britain, US and Canada — Sky News.
- New Nobelium activity — Microsoft Security Response Center.
- Smashing Security episode 214: "Lockdown love scams, SolarWinds, and a data deletion bungle."
- Screenshot of email David received from "Amazon"
- This $1.3 Million Vibrator Is One Of The World's Most Expensive Sex Toys — Forbes.
- Amazon Flex.
- AI at work: Staff 'hired and fired by algorithm' — BBC News.
- Fired by Bot: Amazon Turns to Machine Managers And Workers Are Losing Out — Bloomberg.
- Horror stories from Amazon Flex workers — Reddit.
- Art'n'Doodles from Carole Theriault — Carole.wtf
- ⎌ Nurture ⎌ — Porter Robinson.
- How John Berger changed our way of seeing art — The Conversation.
- Ways of Seeing Episode 1, with John Berger — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Peloton problems, romance regret, and Weiner woes
23 juni 2021 |
83 min
We take a look at why Peloton is being accused of ransomware-like behaviour, how one man lost $250,000 in a romance scam, and how a chap called Weiner has found himself in a political pickle.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Andrew Agnês.
Plus we have a featured interview with KnowBe4 expert Roger Grimes. Don't miss it!
Visit https://www.smashingsecurity.com/233 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Andrew Agnês and Roger A Grimes.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
- JumpCloud: JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass.
- With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy.
- Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model.
- KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?
- Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.
- Plus, see how you stack up against your peers with the new phishing industry benchmarks.
- Find out more at knowbe4.com/freetest
Links:
- CPSC Warns Consumers: Stop Using the Peloton Tread+ — CPSC
- Peloton Tread+ Treadmill Safety Incident — YouTube.
- Peloton Recalls Tread+ Treadmills After One Child Died and More than 70 Incidents Reported — CPSC.
- Peloton Recalls Tread Treadmills Due to Risk of Injury — CPSC.
- Tread Lock — Peloton support.
- Peloton Tread owners now forced into monthly subscription after recall — Bleeping Computer.
- Is Your Peloton Spinning Up Malware? — McAfee.
- A fake wedding, and a $250,000 scam — BBC News.
- Romance fraud advice — Action Fraud.
- OnlyFans, Twitter ban users for leaking politician's BDSM video — Bleeping Computer.
- Statement by Zack Weiner — Twitter.
- Anthony Weiner documentary trailer — YouTube.
- Blue — Joni Mitchell.
- Timekettle Voice Language Translator.
- Finders Keepers trailer — YouTube.
- Finders Keepers (2015 film) — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Zoomolympics and language matters
16 juni 2021 |
51 min
Video gaming giant Electronic Arts suffers a hack following slack security, the Japanese Olympics are proving unpopular with everyone apart from cybercriminals, and le coq est mort.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/232 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
- Deep Secure: Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus.
- Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable.
- Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today.
- JumpCloud: JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass.
- With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy.
- Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model.
Links:
- Coq on GitHub.
- Alternative names for Coq.
- Realizing this is getting out of hand, Coq mulls new name for programming language — The Register.
- Terminology: it's not black and white — NCSC.
- Hackers Steal Wealth of Data from Game Giant EA — Vice.
- Japan - COVID-19 Overview — Johns Hopkins.
- Olympics 2021: When Tokyo Games start and what restrictions will be in place — Irish Mirror.
- Tokyo Olympic Games: When are they and will they go ahead despite Covid? — BBC News.
- Tokyo Olympics organizers' data swept up in Fujitsu hack: report — CyberScoop.
- Tokyo Games organizers hit by data breach and info leak — The Japan Times.
- XPOL-2-5G antenna — Poynting.
- Mondo Mascots — Twitter.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Sexy snaps and encrypted chat traps
9 juni 2021 |
69 min
Criminals are caught in a encrypted chat trap, should you trust Apple's repair team with your sexy snaps, and do you think the FBI should be able to tell who has been reading the USA Today website?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
And don't miss our featured interview with Dr Simon Wiseman, the CTO of Deep Secure.
Visit https://www.smashingsecurity.com/231 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Dave Bittner and Simon Wiseman.
Sponsored By:
- KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?
- Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.
- Plus, see how you stack up against your peers with the new phishing industry benchmarks.
- Find out more at knowbe4.com/freetest
- Deep Secure: Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus.
- Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable.
- Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today.
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- AFP-led Operation Ironside smashes organised crime — Australian Federal Police.
- AN0M: Hundreds arrested in massive global crime sting using messaging app — BBC News.
- Fake encrypted app cooked up over beers by Aussie cops and the FBI leads to global sting — Daily Mail.
- FBI Effort to Expose 'USA Today' Readers Was Likely Unlawful, Experts Say — Gizmodo.
- Sunrise, Florida, shooting: 2 FBI agents killed in shootout identified — USA Today.
- Apple paid woman millions after technicians used her iPhone to post explicit videos — The Guardian.
- Get your iPhone, iPad, or iPod touch ready for service — Apple Support.
- The Three Investigators.
- Mini Motorways.
- Mini Motorways gameplay video — YouTube.
- Mini Metro — A strategy simulation game about designing a subway map for a growing city.
- Love Death & Robots review – prestige TV with added sexbots — The Guardian.
- Netflix’s Love, Death & Robots Volume 2 Ranked Best to Worst — Vulture.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Flash card f-up and energy pipe pilfering
2 juni 2021 |
41 min
The US military has been caught exposing its nuclear weapons secrets, and we explore the world of nerdy miners.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by "Lola."
Visit https://www.smashingsecurity.com/230 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
- JumpCloud: JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass.
- With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy.
- Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model.
- Deep Secure: Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus.
- Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable.
- Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today.
Links:
- WarGames (1983 movie starring Matthew Broderick) — Wikipedia.
- Cram: Create and Share Online Flashcards.
- Chegg flashcards.
- US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps — Bellingcat.
- 'Three nerds' linked to massive Bitcoin mine found in Sandwell warehouse — Birmingham Mail.
- Sandwell Bitcoin mine found stealing electricity — BBC News.
- The Berglas Effect: Magic's Best Card Trick — The New York Times.
- David Berglas and the Legendary Berglas Effect — YouTube.
- West Cork podcast — Acast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Dating leaks, right to repair, and a stinky bishop
26 maj 2021 |
71 min
A big cheese ends up in jail, a Japanese dating site spills the dirt after a hack, and we learn all about the right to repair.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Roberts from The Security Ledger.
Plus don't miss our featured interview with Javvad Malik from KnowBe4.
Visit https://www.smashingsecurity.com/229 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Javvad Malik and Paul F Roberts.
Sponsored By:
- KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetest
- OneLogin: According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic. As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies. OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokay
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Cheese Is Addictive As Drug: Dairy Product Triggers Brain Region Linked To Addiction — Tech Times.
- How Police Secretly Took Over a Global Phone Network for Organized Crime — Motherboard.
- Liverpool man latest to be jailed as part of national Operation Venetic — Merseyside Police.
- Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall — The Register.
- Automakers Hype Hacking Threat To Sink Pro-Repair Measure — Forbes.
- FTC Report Slams OEM Restrictions on Repair — Fight to Repair.
- securepairs.org – IT pros fight for a fixable future.
- Apology for dating breach (Japanese).
- Coronavirus: Why dating feels so different now — BBC Worklife.
- How Covid-19 has upended dating for singles — Vox.
- Japan's biggest dating app hit by major cyberattack — TechRadar.
- Omiai(お見合い)
- The Pursuit of Love — BBC.
- Adapting The Pursuit of Love for BBC One — BBC Writers Room.
- The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms — MIT Technology Review.
- Obscura.
- Fstoppers Reviews Obscura 2: A Superb iOS Photo App that Rethinks the 'Interface' — Fstoppers.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Pipeline pickle, Blockchain bollocks, and Eufy SNAFU - with Rory Cellan-Jones
19 maj 2021 |
72 min
The Colonial Pipeline attack has shone light on the activities of the Darkside ransomware gang, we take a skeptical look at cryptocurrencies and the blockchain, and Eufy security cameras suffer an embarrassing security failure.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Rory Cellan-Jones.
Plus don't miss our featured interview with Vanessa Pegueros of OneLogin.
Visit https://www.smashingsecurity.com/228 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Rory Cellan-Jones and Vanessa Pegueros.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
- Skiff: We store more personal information on our devices than we do in our homes. Where do you go online when you want to write or share something privately?
- Skiff is the first collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators - no one else, not even Skiff - can see what you've created.
- Skiff is offering listeners of Smashing Security early access. Sign up now: skiff.org/smashing
- OneLogin: According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic.
- As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies.
- OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokay
Links:
- Major US oil pipeline shut down after ransomware attack — Graham Cluley.
- Abrdn: Standard Life Aberdeen vowel-less rebrand mocked — BBC News.
- DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized — Brian Krebs.
- Colonial Pipeline did pay ransom to hackers, sources now say — CNN.
- Darkside Retreats to the Dark — Kim Zetter on Substack.
- Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims — Elliptic.
- "Always On: Hope and Fear in the Social Smartphone Era" by Rory Cellan-Jones — Bloomsbury.
- Eufy privacy breach leaks both live and recorded cam feeds — 9to5 Mac.
- WARNING Disconnect any Eufy Security products you own immediately — Reddit.
- Server glitch allowed Eufy owners to see through other homes’ cameras — The Verge.
- Crown Court (TV series) — Wikipedia.
- Fulchester Crown Court — Fan website.
- Crown Court - The Jawbone of an Ass (1978) — YouTube.
- Crown Court - Treason — YouTube.
- BBC Weather app for Android — Google Play Store.
- BBC Weather app for iOS — iOS App Store.
- The Hyacinth Disaster - A Sci Fi Audio Drama.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Phishing foul-up, Twitter tip jars, and Facebook's Apple fury
12 maj 2021 |
49 min
Facebook says it's sticking up for the little guys as it picks a fight with Apple, there are testing times on the trains, and Twitter takes a tip.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].
Visit https://www.smashingsecurity.com/227 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Ray [REDACTED].
Sponsored By:
- 1Password: Introduce your family to better online security and safer browsing habits with 1Password.
- Share more than passwords — save logins, documents, credit cards, and more, accessible on all your devices.
- Sharing is made simple. Keep personal logins private, and easily share access to what they need.
- Recover 1Password access for family members so they never get locked out.
- Find out more and try 1Password free for 14 days at 1Password.com
- OneLogin: According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic.
- As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies.
- OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokay
- Skiff: We store more personal information on our devices than we do in our homes. Where do you go online when you want to write or share something privately?
- Skiff is the first collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators - no one else, not even Skiff - can see what you've created.
- Skiff is offering listeners of Smashing Security early access. Sign up now: skiff.org/smashing
Links:
- Train firm’s ‘worker bonus’ email is actually cybersecurity test — The Guardian.
- Anger Over Shocking Covid Bonus Stunt At West Midlands Trains — TSSA.
- Researcher calls out privacy flaw in Twitter’s new ‘Tip Jar’ donation feature — The Daily Swig.
- Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable — Wired.
- We Checked 250 iPhone Apps—This Is How They’re Tracking You — Wirecutter.
- 96% of US users opt out of app tracking in iOS 14.5, analytics find — Ars Technica.
- App Privacy Details on the App Store — Apple.
- What is App Tracking Transparency and how do you block app tracking? — MacWorld.
- Daily iOS 14.5 Opt-in Rate — Flurry.
- If an app asks to track your activity — Apple Support.
- Another Kind of Mind – A Different Kind of Beatles Podcast.
- One Sweet Dream podcast.
- The Pret Index: Pret Sandwich Sales Show Where U.K. Workers Are Returning to the Office — Bloomberg.
- Unframed : Intimacies, Félix Vallotton — YouTube.
- Unframed, a virtual reality series about Swiss painters.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cryptocrazies and NFTs
5 maj 2021 |
51 min
How did the SCAM cryptocurrency become a success? Why is Google allowing government rip-off ads to still appear on search results? And why on earth is everyone suddenly spending millions of dollars on NFTs?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David McClelland.
Visit https://www.smashingsecurity.com/226 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- Skiff: We store more personal information on our devices than we do in our homes. Where do you go online when you want to write or share something privately?
- Skiff is the first collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators - no one else, not even Skiff - can see what you've created.
- Skiff is offering listeners of Smashing Security early access. Sign up now: skiff.org/smashing
- KnowBe4: Did you know that 91% of successful data breaches started with a spear phishing attack?
- Find out what percentage of your employees are at risk with KnowBe4's free phishing security test.
- Plus, see how you stack up against your peers with the new phishing industry benchmarks.
- Find out more at knowbe4.com/freetest
- 1Password: Introduce your family to better online security and safer browsing habits with 1Password.
- Share more than passwords — save logins, documents, credit cards, and more, accessible on all your devices.
- Sharing is made simple. Keep personal logins private, and easily share access to what they need.
- Recover 1Password access for family members so they never get locked out.
- Find out more and try 1Password free for 14 days at 1Password.com
Links:
- Andre Lewis (@dreesuschrist) — TikTok.
- This TikToker’s ‘SCAM’ Cryptocurrency Took Off and He Can’t Believe It — Motherboard.
- Simple. Cool. Automatic. Money — Scamily.io.
- Why can't Google get a grip on rip-off ads? — BBC News.
- New Government Services Policy — Google Advertising Policies.
- Fungible definition and meaning — Collins English Dictionary.
- NFTs, explained: what they are, and why they’re suddenly worth millions — The Verge.
- Why Did Someone Pay $560,000 for a Picture of My Column? — The New York Times.
- Jack Dorsey is trying to sell his first tweet as an NFT — The Verge.
- CryptoPunks — Larva Labs.
- Johnny Depp selling Winona Ryder poem as part of NFT collection — Female First.
- NFTs are suddenly everywhere, but they have some big problems — CNN.
- Chrome can now caption audio and video — Google.
- Gosforth Handyman.
- Gosforth Handyman — YouTube.
- Grow Bag Pros And Cons – Advantages And Disadvantages Of Grow Bags — Gardening KnowHow.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Master of your domain, gripe sites, and John Deere Farmergeddon
28 april 2021 |
57 min
Google loses its domain in Argentina, how do gripe sites make their dough, and has John Deere solved the cybersecurity problem?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/225 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- 1Password: The 1Password you know and love, now for all your company secrets
- 1Password protects secrets like logins and credit cards. Secrets Automation protects secrets in your company infrastructure – like API tokens, application keys, and private certificates – and supplies them when and where they’re needed.
- Visit 1password.com/secrets/ to learn more.
Links:
- Smashing Security Christmas LIVE STREAM — Including Mark Stockley and his chickens.
- How a WhatsApp status loophole is aiding cyberstalkers — Traced.
- Google Argentina's domain name bought by man for £2 — BBC News.
- Hacker breaks into Google Palestine homepage in protest of Maps depiction — Firstpost.
- Google Security Rewards - 2015 Year in Review — Google Online Security Blog.
- Microsoft forgets to renew hotmail.co.uk domain — The Register.
- 184 Years In: Ag Giant John Deere Awaits Its First Software Vulnerability — Forbes.
- Bugs Allowed Hackers to Dox John Deere Tractor Owners — Vice.
- The Wurzels sing "Combine Harvester" — YouTube.
- The Slander Industry — The New York Times.
- A Vast Web of Vengeance — The New York Times.
- Remove content about me on sites with exploitative removal practices from Google — Google Search Help.
- Online demo of MicroMacro - Crime City.
- MicroMacro - Crime City.
- They Hacked McDonald’s Ice Cream Machines—and Started a Cold War — Wired.
- Mcbroken.
- Overheard In New York.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Lazarus Heist, Facebook faux pas, and no-cost security
21 april 2021 |
66 min
Facebook has managed to do the seemingly impossible - and had a data breach about its handling of a data breach. Meanwhile, we chat to the host of the brand new podcast about North Korea's hackers targeting the rest of the world, and discuss if an intern can be trusted to monitor your security.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Geoff White of "The Lazarus Heist" podcast.
Plus! Don't miss our featured interview with Duo's Helen Patton.
Visit https://www.smashingsecurity.com/224 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Geoff White and Helen Patton.
Sponsored By:
- 1Password: The 1Password you know and love, now for all your company secrets
- 1Password protects secrets like logins and credit cards. Secrets Automation protects secrets in your company infrastructure – like API tokens, application keys, and private certificates – and supplies them when and where they’re needed.
- Visit 1password.com/secrets/ to learn more.
- Duo: While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications - so you can stay focused on what you do best.
- Proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial.
Links:
- Facebook isn’t sorry for letting someone steal personal details of half a billion users — Graham Cluley.
- Stolen Data of 533 Million Facebook Users Leaked Online — Business Insider.
- Interne mail toont hoe Facebook veiligheidsproblemen wil 'normaliseren' — Data News.
- Facebook suffers a data breach about how it’s hoping to stop the media talking about its last data breach — Graham Cluley.
- The Lazarus Heist podcast — BBC World Service.
- Local Government Organizations Most Frequently Targeted by Ransomware — Infosecurity Magazine.
- Update On Ransomware Attack Against Town Of Didsbury — CKFM.
- Entry-Level Information Security Positions — Dummies.
- How to get an Entry-Level Cyber Security Job in 2021 — Comparitech.
- Getting into cyber security — Cisco.
- Cybersecurity training — NIST.
- Best online cybersecurity courses of 2021: free and paid certification programs, degrees and masters — TechRadar.
- PISCES: Public Infrastructure Security Cyber Education System.
- Paperball Deluxe — Nintendo store.
- Paperball — Steam.
- Paperball Deluxe – Indie Super Monkey Ball!? — YouTube.
- Jeff Mills - "Exhibitionist Mix" ( Full version) — YouTube.
- Invincible — Amazon Prime.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Booze, nudes, and insurance dudes
14 april 2021 |
52 min
Should insurance companies be banned from helping companies pay ransomware demands? How has malware messed with motorcars in the United States? And how are cybercriminals exploiting alcohol drinking during the pandemic?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/223 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
- Duo: While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications - so you can stay focused on what you do best.
- Proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial.
Links:
- Lessons of the SolarWinds hack — Article by Marcus Willett, IISS.
- Insurers defend covering ransomware payments — BBC News.
- Cyber insurance giant CNA hit by ransomware attack — Graham Cluley.
- FatFace pays out $2 million to Conti ransomware gang — Graham Cluley.
- How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director — The Register.
- Cyber Attack Forces Vehicle Emissions Testing Company to Halt Operations in 8 States — The Drive.
- Malware attack is preventing car inspections in eight US states — Bleeping Computer.
- Service Restoration Status Update — Applus Tech.
- Changes in Adult Alcohol Use and Consequences During the COVID-19 Pandemic in the US — JAMA Network.
- Rebalancing the ‘COVID-19 effect’ on alcohol sales — NielsenIQ.
- Alcohol does not protect against COVID-19; access should be restricted during lockdown — WHO.
- Lockdown Saw Rise in Wine Domains and Wine Scammers — Recorded Future.
- The Raven Remastered — THQ Nordic.
- The Raven Remastered trailer — YouTube.
- Westworld — HBO.
- Thermapen Fast, Accurate Instant-read Thermometers — Thermoworks.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Facebook, deepfakes, and April Fools scandals - with Nina Schick
7 april 2021 |
55 min
Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook's latest data fiasco, and some less-than-brilliant April Fool's tricks.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/222 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Nina Schick.
Sponsored By:
- Duo: While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications - so you can stay focused on what you do best.
- Proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial.
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Stolen Data of 533 Million Facebook Users Leaked Online — Business Insider.
- Mark Zuckerberg is on Signal — Dave Walker on Twitter.
- The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned — Troy Hunt.
- Facebook isn’t sorry for letting someone steal personal details of half a billion users — Graham Cluley.
- Smashing Security episode 75: Quitting Facebook.
- Deep Fakes - the coming infocalypse. — Nina Schick.
- This Person Does Not Exist.
- 'Deepfake' AI Trump impersonator highlights election fake news threat — CNBC.
- Past Google April Fools Pranks As It Cancels 2021's Over COVID — Newsweek.
- "Joke" tweet by Piers Morgan — Twitter.
- The joke is on Volkswagen after April Fool’s name change debacle — Al Jazeera.
- Deliveroo April Fool's joke backfires in France — BBC News.
- The 8 Generations of Video Game Consoles — BBC Archive.
- The Terror — BBC iPlayer.
- Pretend it's a city — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
God bless his hairy palms
31 mars 2021 |
49 min
FatFace stumps up $2 million to its ransomware extortionists, an IT administrator is caught with his pants down, Mobikwik blames its users for a data breach, and we burgle a house... virtually.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Visit https://www.smashingsecurity.com/221 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Thom Langford.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- FatFace would like everyone to keep its data breach “strictly private and confidential” — Graham Cluley.
- Retailer FatFace pays $2m ransom to Conti cyber criminals — Computer Weekly.
- Streisand effect — Wikipedia.
- 'We have your porn collection': The rise of extortionware — BBC News.
- Mobikwik Data Breach: Data of 10 crore Mobikwik users for sale on dark web, say cybersecurity experts — The Economic Times.
- Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web — India Today.
- Rick Beato — YouTube.
- What Makes This Song Great? Ep.94 Gordon Lightfoot — YouTube.
- Adriano Celentano - Prisencolinensinainciusol — YouTube.
- Ember: The World’s First Temperature Control Mug.
- Slow-cooked guide to Sous Vide Eggs — Serious Eats.
- Art History 101 — YouTube.
- Chris Luedke, art historian — Twitter.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Ransoms, scandals, and glitter bombs
24 mars 2021 |
48 min
PC manufacturer Acer might have received a $50 million ransom demand, a warning spreads on Facebook about a trick being used by hackers, and why are the City of London's police not happy about Sci Hub?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Alex Eckelberry.
Visit https://www.smashingsecurity.com/220 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Alex Eckelberry.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
- Sailpoint: SailPoint Identity Security can help you enable your business and manage the cyber risk associated with the explosion of technology access in the cloud enterprise – ensuring each worker has the right access to do their job – no more, no less.
- Gain unmatched visibility and intelligence while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services.
Links:
- Hackers cannot post Facebook comments on your behalf without you seeing it — AFP Fact Check.
- Does a Facebook Hack 'Hurt and Offend' Friends? — Snopes.
- Stop sending mail you later regret — Gmail blog.
- April Fools Check: Did Google Really Release Mail Goggles? — TechCrunch.
- When was blinking invented?
- Computer giant Acer hit by $50 million ransomware attack — Bleeping Computer.
- Ransomware gang says it targets firms who have cyber insurance. And what’s more, it will hack insurance firms to identify them… — Graham Cluley.
- Is the staggeringly profitable business of scientific publishing bad for science? — The Guardian.
- Police warn students and universities of accessing an illegal website to download published scientific papers — City of London Police.
- Meet the pirate queen making academic papers free online — The Verge.
- Sci-Hub: How Does it Work? — The Scholarly Kitchen.
- Glitterbomb Trap Catches Phone Scammer (who gets arrested) — YouTube.
- After Life — Netflix.
- The One — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cheerleaders, dating apps, and crisis PR
17 mars 2021 |
56 min
How are cheerleaders being creeped out by deepfakes? What might Tinder tell potential dates about your murky past? And how should companies respond to the press when a security breach occurs?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Yvonne Eskenzi.
Visit https://www.smashingsecurity.com/219 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Yvonne Eskenzi.
Sponsored By:
- CrowdSec: CrowdSec is open-source and crowd-powered software enabling you to detect and block attacks. While sharing with its user community, you contribute to improve its efficiency and make the internet safer.
- Sailpoint: SailPoint Identity Security can help you enable your business and manage the cyber risk associated with the explosion of technology access in the cloud enterprise – ensuring each worker has the right access to do their job – no more, no less.
- Gain unmatched visibility and intelligence while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services.
- 1Password: Check out 1Password's podcast "Random but Memorable" for lighthearted security advice and banter with hosts Matt, Anna, and Michael.
- Listen to the "Random but Memorable" show in your favourite podcast app to hear the latest about security horror stories, data breaches, password hacking, and more.
Links:
- Chris Farley makes an energetic entrance to the David Letterman show — YouTube.
- Cheer — Netflix.
- Bucks County woman created ‘deepfake’ videos to harass rivals on her daughter’s cheerleading squad, DA says — Philadelphia Inquirer.
- Cheerleader, 17, who appeared in 'deepfake' vaping video 'made by rival's mom' tells how she broke down in tears — The Sun.
- Oliver Reed on being deadly — YouTube.
- Deep Tom Cruise — TikTok.
- Deep Tom Cruise pretends to be a snapping turtle — TikTok.
- Deep Tom Cruise demonstrates his golf swing — TikTok.
- A Guide to Crisis Communications for Incident Response — Eskenzi PR.
- Tinder to introduce in-app background checks — BBC News.
- Garbo - A new kind of online background check.
- Match Group Partners with Garbo to Make Groundbreaking Background Check Technology Accessible To Users, Starting with Tinder — Press release.
- Notificationsounds.com
- Blinkist — Summaries of over 3,000 bestselling non-fiction books.
- Acriflex — Antiseptic burns cream.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Microsoft, McAfee, and mayhem
10 mars 2021 |
50 min
Is it the end of the road for John McAfee? Is PornHub more legitimate than Facebook? And do you know as much as you think you do about the Microsoft Exchange Server mega-hack?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/218 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- Sailpoint: SailPoint Identity Security can help you enable your business and manage the cyber risk associated with the explosion of technology access in the cloud enterprise – ensuring each worker has the right access to do their job – no more, no less.
- Gain unmatched visibility and intelligence while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services.
- 1Password: Check out 1Password's podcast "Random but Memorable" for lighthearted security advice and banter with hosts Matt, Anna, and Michael.
- Listen to the "Random but Memorable" show in your favourite podcast app to hear the latest about security horror stories, data breaches, password hacking, and more.
Links:
- John McAfee 'disguised as Guatemalan street hawker with a limp' — The Telegraph.
- John McAfee Wanted for Murder — Gizmodo.
- John McAfee says he infected laptops with malware, spied and stole passwords from Belize officials — Naked Security.
- John McAfee is running for president — Graham Cluley.
- Good luck John McAfee, socially engineering a corpse… — Graham Cluley.
- How To Uninstall McAfee Antivirus — YouTube.
- John David McAfee And Executive Adviser Of His Cryptocurrency Team Indicted In Manhattan Federal Court For Fraud And Money Laundering Conspiracy Crimes — US Department of Justice.
- IsLegitSite — Check if a website is legitimate or not.
- Microsoft Exchange Server Market Share and Competitor Report — Datanyze.
- Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers — MIT Technology Review.
- A Basic Timeline of the Exchange Mass-Hack — Krebs on Security.
- New nation-state cyberattacks — Microsoft.
- The Kilobyte’s Gambit — A 1k chess game.
- The Repair Shop — Netflix.
- The Repair Shop — BBC One.
- Sideways — BBC Radio 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Would you cuddle this revolting robot? - with Robert Llewellyn
3 mars 2021 |
54 min
Actor, presenter and writer Robert Llewellyn, famous for playing the part of Kryten in the science-fiction comedy "Red Dwarf," joins us as we discuss robots gone rogue, electric vehicle nightmares, and creepy companions.
All this and much much more can be found in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Robert Llewellyn - famous for "Fully Charged," "Scrapheap Challenge," and as Kryten on "Red Dwarf."
Visit https://www.smashingsecurity.com/217 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Robert Llewellyn.
Sponsored By:
- 1Password: 1Password offers seamless syncing across all your computers and mobile devices, so you can store and access unlimited passwords from anywhere at any time. Only you have the keys to decrypt your data and sensitive information – 1Password doesn’t know it, doesn’t share it, and doesn’t sell it.
- Protect your whole family and get 50% off when you sign up for a 1Password Family account – make your home a 1Password household.
- For more details visit www.1password.com/switch50
Links:
- 'Drunk' robot vacuums spark complaints from owners — BBC News.
- Roomba S9+ weird behaviour on version 3.10.8 — Reddit.
- Time lapse video of i7+ attempting to return to clean base after 3.12.8 update — Reddit.
- Robot vacuum cleaners can eavesdrop on your conversations, researchers reveal — Bitdefender BOX blog.
- The Hidden Cyber Risks of Electric Vehicles — Upstream.
- Mindfulness, laughter and robot dogs may relieve lockdown loneliness – study — The Guardian.
- Charlie — YouTube.
- Aibo — YouTube.
- Lovot — YouTube.
- Petit Qoobo — YouTube.
- Flatcat — YouTube.
- For All Mankind trailer — YouTube.
- For All Mankind — Apple TV.
- "Diary of an MP's Wife: Inside and Outside Power" by Sasha Swire. — Amazon.
- "I Care A Lot" trailer — YouTube.
- I Care A Lot — IMDB.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Playboy, prison, and digital ploys - with Garry Kasparov
24 februari 2021 |
55 min
World-chess-champion-turned-activist Garry Kasparov returns to the show as we discuss a romance scammer with plenty of time on his hands, the surge in sextortion, and how social media is being swamped with claims of fake snow.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Garry Kasparov.
Visit https://www.smashingsecurity.com/216 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Garry Kasparov.
Sponsored By:
- 1Password: 1Password offers seamless syncing across all your computers and mobile devices, so you can store and access unlimited passwords from anywhere at any time. Only you have the keys to decrypt your data and sensitive information – 1Password doesn’t know it, doesn’t share it, and doesn’t sell it.
- Protect your whole family and get 50% off when you sign up for a 1Password Family account – make your home a 1Password household.
- For more details visit www.1password.com/switch50
Links:
- Dating apps scam committed by criminal from inside prison — BBC News.
- File on 4 - The Dangers of Dating Apps — BBC Sounds.
- Playboy Magazine, November 1989 — Including Garry Kasparov's interview and sexy photo shoot.
- Sextortion email scams — Avast.
- Has Fake Snow Been Falling on the US? — Snopes.
- TikTok Users Are Trying (and Failing) to Prove the Snow in Texas Is Fake — Daily Beast.
- TikTok Users Are Burning Snowballs in Viral Videos to 'Prove' the Snow is Fake — Gizmodo.
- Griddy: Why a Texas electricity company is under fire for astronomical bills during winter storm — The Independent.
- Ted Cruz Mariachi Band Performed at a Discount — TMZ.
- Slow TV Map.
- The Queen's Gambit — Golden Globes.
- Soulmates (TV series) — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Sexy cows banned on Facebook
17 februari 2021 |
48 min
The FBI is hoping that its hunt for Capitol rioters will go viral, a cryptocurrency con lets its perpetrator live the high life... for a while, and just what does Facebook have against cows and a team of cricketers?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman.
Visit https://www.smashingsecurity.com/215 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoe Kleinman.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
- Recorded Future: Recorded Future's podcast, Inside Security Intelligence, takes a deep dive into the world of cyber threat intelligence
- They share stories from the trenches and the operations floor, giving you the lowdown on established and emerging adversaries
- Whether it's the SolarWinds breach, 5G conspiracy theories, or Russian election interference, Inside Security Intelligence gives you a fresh take from a variety of industry experts
Links:
- The FBI Wants You To Make These Photos Of Capitol Insurrectionists Go Viral — Huffington Post.
- Capitol Violence — FBI.
- Sedition Hunters.
- Boston Bombing: The Anatomy of a Misinformation Disaster — The Atlantic.
- Iced Earth’s singer and bassist quit band "in response to recent events and circumstances" — NME.
- Capitol Insurrection: More Than 230 People Charged And What We Know About Them — NPR.
- 'Overtly sexual' cow blocked as Facebook ad — BBC News.
- What is Stefan Qin’s edge in crypto? Fraud, says the SEC — Digital Finance.
- Founder Of $90 Million Cryptocurrency Hedge Fund Charged With Securities Fraud And Pleads Guilty In Federal Court — Department of Justice.
- A crypto kid had a $23,000-a-month condo. Then the feds came — Fortune.
- Radio Garden — Explore live radio by rotating the globe.
- Dodow.
- On Her Majesty's Secret Service mind control scene — YouTube.
- Mark Kermode's Secrets of Cinema — BBC.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Lockdown love scams, SolarWinds, and a data deletion bungle
10 februari 2021 |
48 min
Fingerprints and DNA records have been deleted from the UK's police database, the SolarWinds hack continues to wreak havoc and raise questions, and we have some advice for how to fall in love safely under lockdown...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Professor Alan Woodward.
Visit https://www.smashingsecurity.com/214 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Alan Woodward.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Police probes compromised after computer records deleted — BBC News.
- Home Office admits 15,000 people deleted from police records — The Guardian.
- Home Office admits 'coding error' wiped 15,000 police records — IT Pro.
- Boris Johnson adviser quits after being overruled on Priti Patel bullying report — The Guardian.
- UK's families put on fraud alert — BBC News.
- Security Advisory — SolarWinds.
- Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources — Reuters.
- A Second SolarWinds Hack Deepens Third-Party Software Fears — Wired.
- Microsoft: No Evidence SolarWinds Was Hacked Via Office 365 — CRN.
- What You Need to Know About Romance Scams — FTC.
- Interpol warns of romance scam artists using dating apps to promote fake investments — ZDNet.
- Man lost £38,000 to scammers posing as single women on Match.com — Metro.
- Romance scams rank number one on total reported losses — FTC.
- This romance scam tricks victims in laundering federal funds — Better Business Bureau.
- Lexulous.
- Scrabble fans slam 'sparkly abomination' new app — BBC News.
- Best Bubble Breaker — Apple App Store.
- Jawbreaker (Windows Mobile game) — The original BubbleBreaker?
- IKEA Klippan, 2 Seater sofa cover — Bemz.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
No security smarts at Mensa, long-term identity theft, and GameStop's share frenzy
3 februari 2021 |
61 min
Mensa - the social club for people with high IQs - is accused of not being so smart about security, an Indian TV journalist gets an unbelievable job offer from Harvard, and we take a look at what's being going on with GameStop short selling.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/213 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- Recorded Future: Recorded Future's podcast, Inside Security Intelligence, takes a deep dive into the world of cyber threat intelligence
- They share stories from the trenches and the operations floor, giving you the lowdown on established and emerging adversaries
- Whether it's the SolarWinds breach, 5G conspiracy theories, or Russian election interference, Inside Security Intelligence gives you a fresh take from a variety of industry experts
- CrowdSec: CrowdSec is open-source and crowd-powered software enabling you to detect and block attacks. While sharing with its user community, you contribute to improve its efficiency and make the internet safer.
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Two British Mensa directors quit over cyber security concerns — Financial Times.
- Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords — Forbes.
- Poor password security at the British branch of Mensa? — Graham Cluley.
- I Am Nidhi Razdan, Not A Harvard Professor, But... — NDTV.
- GameStop stock price — MarketWatch.
- GameStop: What is it and why is it trending? — BBC News.
- An uprising against Wall Street? Hardly. GameStop was about the absurdity of the stock market — The Guardian.
- GameStop short squeeze fuels new stock-market services tracking Reddit messages — MarketWatch.
- The Basics of Shorting Stock — The Balance.
- The Rise of the Murdoch Dynasty — BBC iPlayer.
- SketchUp.
- The Office ASMR — A Podcast to Sleep To.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Dutch leaks, Peeping Toms, and researchers under fire
27 januari 2021 |
44 min
Google warns security researchers that North Korean hackers are pretending to be their buddies, sensitive information connected to Coronavirus testing is available for sale in the Netherlands, and is a Peeping Tom at your home security provider spying on you through CCTV?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/212 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Illegale handel in privégegevens miljoenen Nederlanders uit coronasystemen GGD — RTL News.
- Video conference of EU Defence Ministers where a Dutch journalist gatecrashed the system — YouTube.
- John van den Heuvel — Wikipedia.
- Dutch COVID-19 patient data sold on the criminal underground — ZDNet.
- Smashing Security episode 175: Zoom deepfakes, Zardoz, and 'Rona tracing.
- Bonus: Smashing Security After Dark #2 - Zardoz commentary. — Smashing Security on Patreon.
- New campaign targeting security researchers — Google Threat Analysis Group (TAG).
- Google: North Korean hackers have targeted security researchers via social media — ZDNet.
- ADT Employee: I Spied on Naked Customers Through Security Cams — Gizmodo.
- ADT sued after employee accessed more than 200 customers’ home security systems in Dallas area — Dallas Morning News.
- The Investigation — BBC iPlayer.
- The Investigation: why my drama about Kim Wall doesn't name her killer — The Guardian.
- Tobias Lindholm on his take of the Kim Wall murder investigation — Nordisk Film & TV Fond.
- ‘Babylon 5 Remastered’ now available to buy or stream on HBO Max — Engadget.
- High Maintenance — HBO.
- Hear the New Trailer for Wondery's Podcast 'The Apology Line' — Rolling Stone.
- Allan Bridge — Wikipedia.
- The Apology Line — Wondery.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Fleeking, COVID-19 hacking, and Bitcoin balls-ups
20 januari 2021 |
47 min
Your privacy may be at risk if you're on Fleek, hackers not only steal COVID-19 vaccine data but then tamper with it to spread mistrust, and the Bitcoin bungles keep on coming...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ron Eddings from the Hacker Valley Studio podcast.
Visit https://www.smashingsecurity.com/211 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Ron Eddings.
Sponsored By:
- 1Password: 1Password for Families is the safest way to share logins, passwords, credit cards and other important information with the people who matter most. Use 1Password everywhere, from your Chromebook to your Apple Watch.
- Until March 31, if you purchase a $50 gift card you’ll get $10 towards any YubiKey 5 Series by Yubico – the security key that provides strong two-factor authentication with a simple touch.
- Find out more at https://1password.com/giftcards
- Recorded Future: Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources.
- For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express.
- Get it now at smashingsecurity.com/recordedfuture
Links:
- Report: X-Rated Social Media App Exposes Users in Massive Data Breach — VPNMentor.
- Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data — Threatpost.
- Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine — Ars Technica.
- EU regulator: Hackers 'manipulated' stolen vaccine documents — AP News.
- Smashing Security 058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO
- Bitcoin FOMO Calculator.
- Smashing Security 167: Coronavirus scams and an exaggerated lion
- Man offers Newport council £50m if it helps find bitcoins in landfill — The Guardian.
- Acting in Film Master Class - By Michael Caine — YouTube.
- Damn Fine Story: Mastering the Tools of a Powerful Narrative — Book by Chuck Wendig.
- Back to Life — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
DC rioters ID'd, Energydots, and ransomware gets you in a pickle
13 januari 2021 |
63 min
Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
And don't miss our featured interview with CrowdSec's Philippe Humeau.
Visit https://www.smashingsecurity.com/210 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Dave Bittner and Philippe Humeau.
Sponsored By:
- CrowdSec: CrowdSec is open-source and crowd-powered software enabling you to detect and block attacks. While sharing with its user community, you contribute to improve its efficiency and make the internet safer.
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Smashing Security's Christmas live stream — YouTube.
- Smashing Security 199: A few tech cock-ups, and one cock lock-up.
- Taking a screwdriver to unlock your IoT sex toy is nuts — Graham Cluley.
- Zip tie guy Twitter thread.
- FBI Arrests Man Who Carried Zip Ties Into Capitol — The New York Times.
- SmartDot radiation-protection phone stickers 'have no effect' — BBC News.
- Fact check: Low-powered magnets do not protect against EMF emission — USA Today.
- Moving Out game — Team 17.
- Moving Out trailer — YouTube.
- Poly Bridge — Dry Cactus.
- The Cipher — BBC Sounds.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Vengeful ex-staff, bad Santas, and iOS app nutrition facts
16 december 2020 |
60 min
Watch out for Santas wearing hoodies! A rogue employee takes down WebEx for thousands of people, and Apple forces apps to show a privacy health warning.
All this and much much more is discussed in the final episode of the "Smashing Security" podcast for 2020, with computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
And don't miss our special featured interview with Kroll's Mari DeGrazia.
Visit https://www.smashingsecurity.com/209 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Maria Varmazis and Mari DeGrazia.
Sponsored By:
- Kroll: Rapidly detecting a threat is meaningless without the ability to respond with confidence. Kroll responds to over 2,000 cyber incidents every year and is uniquely positioned to bring that capability and expertise 24x7 with Responder. Kroll Responder merges hunting, detection, containment and remediation to deliver best-in-class endpoint security.
- See how Responder works at smashingsecurity.com/kroll
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Smashing Security Christmas Party live stream! — YouTube.
- Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts — The Register.
- San Jose Man Sentenced To Two Years Imprisonment For Damaging Cisco’s Network — US Department of Justice.
- Why San Francisco's network admin went rogue — InfoWorld.
- After verdict, debate rages in Terry Childs case — Computerworld.
- 'Parents are desperate'. Zoom Santas are cashing in — CNN.
- Santa Gilbert Gottfried — Cameo.
- Don't Get Scammed By Santa This Holiday Season — LAist.
- "The holidays are here and so are the scammers." — LA City Attorney on Twitter
- Apple responds to WhatsApp criticism, confirms its own apps will show privacy labels — 9to5Mac.
- Facebook's Zuckerberg again takes aim at Apple over iOS 14 ad privacy move — iMore.
- Apple Launches Privacy Labels For Apps — Silicon UK Tech News.
- Let's Crack Zodiac - Episode 1 — David Oranchak on YouTube.
- Let's Crack Zodiac - Episode 5 - The 340 Is Solved! — David Oranchak on YouTube.
- Zodiac Killer: Code-breakers solve San Francisco killer's cipher — BBC News.
- Met Opera on Demand.
- The Magic Flute (with puppets) — Met Opera on Demand.
- Akhnaten — Met Opera on Demand.
- ars Paradoxica — The Whisperforge.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hidden treasure, COVID tracker trauma, and happy holidays with IoT
9 december 2020 |
71 min
Was hidden treasure found with help from a hack? What security lessons can be learnt from a controversial police raid in Florida? And are you ready for safer online get-togethers this Christmas?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
And don't miss our special featured interview with Mimecast's Max Linscott.
Visit https://www.smashingsecurity.com/208 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Anna Brading and Max Linscott.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- CultureAI: CultureAI isn't just another security awareness training provider. It helps you measure and improve every end-user's cyber security behaviour, providing a management system for IT, Security and Awareness teams.
- Learn more and try it for yourself at culture.ai/smashing
- Mimecast: Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation).
- Grab your copy at smashingsecurity.com/mimecasthub
Links:
- Smashing Security's Christmas 2020 live stream — Join us on YouTube on Thursday 17 December 2020 at 8pm (UK) / 3pm (Eastern) / Noon (Pacific).
- Forrest Fenn's Treasure.
- The Man Who Found Forrest Fenn's Treasure — Outside Online.
- A Statement on the Disclosure of My Identity — Jack Steuf.
- A Chicago treasure hunter was on the trail of a hidden chest worth more than $1 million — but she says she was hacked and her ‘solve stolen’ — Chicago Tribune.
- Cops raid home of ousted data scientist who created her own Florida COVID-19 dashboard — The Register.
- Video of police raid on home of Rebekah Jones — Rebekah Jones's Twitter account.
- Former Israeli space security chief says aliens exist, humanity not ready — The Jerusalem Post.
- Christmas pizza from Pizza Hut — Rotisserie Chicken paired with Crispy Bacon and Sage & Onion stuffing, all on top of a Red Wine Gravy base. (Contains Alcohol)
- Tiger Pig (Pig in Blanket) — Subway.
- Christmas menu at Pret A Manger.
- Festive food from Marks & Spencer.
- Brian & Roger.
- Carole, Graham, and Anna's Christmas party 2009 (with Yogi) — Tweet by Anna Brading.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cyber biowarfare, giant ladybugs, and strippers
2 december 2020 |
73 min
Fears are raised about cyber bioterrorists, there's a widespread blackout for IoT devices caused by a cloud cock-up, and what role do strippers play in a revamp of the United States's computer crime laws?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
And don't miss our featured interview with Steve Salinas of Deep Instinct, discussing ransomware.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Mark Stockley and Steve Salinas.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- CultureAI: CultureAI isn't just another security awareness training provider. It helps you measure and improve every end-user's cyber security behaviour, providing a management system for IT, Security and Awareness teams. Learn more and try it for yourself at culture.ai/smashing
- Deep Instinct: Most people agree that the most effective way to reduce the cost of an attack is to prevent it from happening in the first place! Check out a report by the Ponemon Institute, which studied the cost savings of adopting an efficient prevention model. Go grab it at smashingsecurity.com/deepinstinct
Links:
- Smashing Security's Christmas 2020 live stream — Join us on YouTube on Thursday 17 December 2020 at 8pm (UK) / 3pm (Eastern) / Noon (Pacific)
- Increased cyber-biosecurity for DNA synthesis — Nature Biotechnology.
- New cyber-biological attack can trick biologists into generating dangerous toxins — News Medical Life Sciences.
- Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA — Department of Health and Human Services (PDF).
- AWS: Amazon web outage breaks vacuums and doorbells — BBC News.
- The Supreme Court will finally rule on controversial US hacking law — Ars Technica.
- 18 U.S. Code § 1030 - Fraud and related activity in connection with computers≈ — Legal Information Institute, Cornell University.
- Online-voting company pushes to make it harder for researchers to find security flaws — CNET.
- The Supreme Court will hear its first big CFAA case — TechCrunch.
- Response to Voatz’s Supreme Court Amicus Brief. — An open letter from the security community.
- The Queen's Gambit Netflix series — Wikipedia.
- Twitter thread by Sarah Jamie Lewis.
- Win by Segfault and other notes on Exploiting Chess Engines — Sarah Jamie Lewis.
- One-Straw Revolution — A book by Masanobu Fukuoka.
- Bed of Lies podcast — The Telegraph.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Robo dogs, deepfakes and dirty deceptions - with Tim Harford
25 november 2020 |
68 min
Author and broadcaster Tim Harford joins us as we discuss the merits of robotic canine security guards, deepfakes, and the curious tale of an art forgery.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
And don't miss our special featured interview with James Moore from CultureAI.
Visit https://www.smashingsecurity.com/206 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: James Moore and Tim Harford.
Sponsored By:
- CultureAI: CultureAI isn't just another security awareness training provider. It helps you measure and improve every end-user's cyber security behaviour, providing a management system for IT, Security and Awareness teams.
- Learn more and try it for yourself at culture.ai/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- How To Make The World Add Up — Tim Harford.
- Computerized canines to join Team Tyndall — Tyndall Air Force Base.
- Computerized canines semi-autonomous robot dogs into their patrolling regimen to join Team Tyndall — YouTube.
- Incredible Tyndall 'Robot Dogs' Demonstration — YouTube.
- Perimeter-patrolling 'robo-dogs' coming to Tyndall Air Force Base — YouTube.
- Revolutionizing Legged Robots — Ghost Robotics.
- Immersive Wisdom.
- Norwegian oil company employs robot dogs to patrol dangerous areas — Metro News.
- Japanese farm town deploys 'Monster Wolf' robots to scare off wild bears from neighborhoods — ABC7 San Francisco.
- Willo the Wisp — Wikipedia.
- Willo the Wisp: "The Thoughts of Moog" — YouTube.
- How Mediocre Dutch Artist Cast 'The Forger's Spell' — NPR.
- Do These A.I.-Created Fake People Look Real to You? — The New York Times.
- The Liar's Dividend — Definition from Macmillan Dictionary.
- BBC Motion Graphic archive — Ravensbourne University London.
- Emu's Broadcasting Company (1978) — BBC Motion Graphics archive.
- Discovering Portuguese (1987) — BBC Motion Graphics archive.
- I Claudius (1976) — BBC Motion Graphics archive.
- The Rise and Fall of Getting Things Done — The New Yorker.
- Sticky Pickles.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Zoom password pinching and Parler problems
18 november 2020 |
48 min
Watch out for a whole different type of shoulder-surfing, researchers uncover the CostaRicto hackers-for-hire gang, and we take a peek at who is behind Parler.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Cochran from the Hacker Valley Studio podcast.
Visit https://www.smashingsecurity.com/205 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Chris Cochran.
Sponsored By:
- Recorded Future: Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources.
- For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express.
- Get it now at smashingsecurity.com/recordedfuture
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Hackers could now know what people type on Zoom video call by evaluating the shoulder movement of users — Digital Information World.
- Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks — Cornell University.
- The CostaRicto Campaign: Cyber-Espionage Outsourced — BlackBerry.
- New stealthy hacker-for-hire group mimics state-backed attackers — Bleeping Computer.
- The conservative alternative to Twitter wants to be a place for free speech for all. It turns out, rules still apply — Washington Post.
- Parler: what you need to know about the 'free speech' Twitter alternative — The Conversation.
- What If Cambridge Analytica Owned Its Own Social Network? CA Backer Rebekah Mercer Admits She's A Co-Founder Of Parler — Techdirt.
- Hazel — Automated organization for your Mac from Noodlesoft.
- Make Noise — A creator's guide to podcasting and great audio storytelling by Eric Nuzum.
- Rendevous C'était un Rendez vous 1976 — YouTube.
- C'etait un Rendezvous, The Original Street Racing Video — YouTube documentary.
- C'était un rendez-vous — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Green buttons, Olympic attacks, and... an apology
11 november 2020 |
73 min
Darknet Diaries host Jack Rhysider joins us to discuss a cybersecurity goof in the wake of the US presidential elections, the US finally fingering the hackers responsible for disrupting the Winter Olympics in South Korea, and to take a long hard look at long hard legal mumbojumbo...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jack Rhysider from Darknet Diaries.
Plus don't miss our featured interview with Mimecast's Danielle Papadakis.
Visit https://www.smashingsecurity.com/204 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Danielle Papadakis and Jack Rhysider.
Sponsored By:
- Mimecast: Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation).
- Grab your copy at smashingsecurity.com/mimecasthub
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Kroll: Rapidly detecting a threat is meaningless without the ability to respond with confidence. Kroll responds to over 2,000 cyber incidents every year and is uniquely positioned to bring that capability and expertise 24x7 with Responder. Kroll Responder merges hunting, detection, containment and remediation to deliver best-in-class endpoint security.
- See how Responder works at smashingsecurity.com/kroll
Links:
- Legal complaint on behalf of Donald J Trump for President Inc and Republican National Committee — PDF.
- Don't touch the green button!
- Reddit thread about Donttouchthegreenbutton.com
- Richey Ward's Twitter thread showing how over 163k records were exposed in the Don't Touch The Green Button database — Twitter.
- Trump lawsuit site to report 'rejected votes' leaked voter data — Bleeping Computer.
- Hilarious news report of the Four Seasons Total Landscaping debacle — Tweet by Ros Atkins of the BBC.
- “Yourefired” was Donald Trump’s Twitter password, claim hackers — Graham Cluley.
- Donald Trump’s Twitter password is “maga2020!”, and there’s no 2FA, claims hacker — Graham Cluley.
- Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace — Department of Justice.
- What does your phone know about you? — Think Money.
- Popular app T&Cs 'longer than Harry Potter' — BBC News.
- Study on consumers' attitudes towards Terms and Conditions (T&Cs) — European Commission (PDF).
- Terms of Service; Didn't Read
- TLDRLegal — Software Licenses Explained in Plain English.
- TermsFeed — Generator of Privacy Policy, Terms & Conditions, Disclaimer, EULA.
- Simply Docs — Legal, Business & Property Documents & Templates.
- The Armstrongs Episode 1 Part 1 — YouTube.
- Oral Breeze — Jack's pick for the best dental irrigator for water flossing.
- You're Wrong About — Apple Podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Testing times, naming names, and the bald truth about AI
4 november 2020 |
71 min
Students are being spied on as they do online exams, how did a televised football match reveal the truth about artificial intelligence, and what on earth is the Canny Lumpsucker vulnerability?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast.
Plus don't miss the second part of our featured interview with LastPass's Dalia Hamzeh.
Visit https://www.smashingsecurity.com/203 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Dalia Hamzeh and Thom Langford.
Sponsored By:
- Kroll: Rapidly detecting a threat is meaningless without the ability to respond with confidence. Kroll responds to over 2,000 cyber incidents every year and is uniquely positioned to bring that capability and expertise 24x7 with Responder. Kroll Responder merges hunting, detection, containment and remediation to deliver best-in-class endpoint security.
- See how Responder works at smashingsecurity.com/kroll
- Mimecast: Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation).
- Grab your copy at smashingsecurity.com/mimecasthub
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vulnonym: Stop the Naming Madness! — Carnegie Mellon University Software Engineering Institute.
- Vulnonym — A bot generating names for CVE IDs.
- Thrangrycat — Not better known as 😾😾😾.
- Soccer match ruined when AI-controlled camera mistakes ref’s bald head for ball — SB Nation.
- Students Are Rebelling Against Eye-Tracking Exam Surveillance Tools — Motherboard.
- Proctorio sues UBC staff member for tweets sharing ‘confidential’ information about the software — The Ubyssey.
- ProctorU confirms data breach after database leaked online — Bleeping Computer.
- Proctorio CEO releases student’s chat logs, sparking renewed privacy concerns — The Ubyssey.
- Some news about proctoring at the University of Calgary — Reddit.
- My wife has proctored (webcam monitored) online classes. We live in a studio apartment, so I’m relegated to the bathroom. Rate my setup. — Reddit.
- How Many Potatoes Does It Take To Run DOOM? — YouTube.
- Raspberry Pi 400: the $70 desktop PC.
- Raspberry Pi 400: New All-in-One Pi! — YouTube.
- All Tilted Room Sketches — Shaun Micallef on YouTube.
- The Goes Wrong Show - Series 1: 6. 90 Degrees — BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Wu-Tang Clan are Among Us
28 oktober 2020 |
72 min
Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn't the only one who's been getting into the Among Us game.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson.
Plus don't miss the first part of our featured interview with LastPass's Dalia Hamzeh.
Visit https://www.smashingsecurity.com/202 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Dalia Hamzeh and James Thomson.
Sponsored By:
- Recorded Future: Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources.
- For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express.
- Get it now at smashingsecurity.com/recordedfuture
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Rapper scammers admit faking association with musical group in conspiracy to cheat hotels, bank, limo service — US Department of Justice.
- This U.S. Election Could Be the Most Secure Yet. Here’s Why — The New York Times on YouTube.
- Report: Ransomware disables Georgia county election database — AP.
- Pity the nation: Americans’ choice of president on November 3 will affect Slovaks too. — Slovak Spectator article by James Thomson.
- AOC’s Among Us livestream hints at Twitch’s political power — MIT Technology Review.
- AOC makes explosive Twitch debut with over 435,000 Among Us viewers — Ars Technica.
- A massive spam attack is ruining public 'Among Us' games — Engadget.
- AOC Among Us FULL STREAM — YouTube.
- Among Us Has A Cheating Problem — Kotaku.
- Trump News Today | What The Fuck Just Happened Today?
- WTF Just Happened Today — Apple Podcasts.
- No Filter — Book by Sarah Frier.
- Fake Instagram follower services slapped with lawsuit — HOTforSecurity.
- From Our Own Correspondent — BBC Radio 4.
- From Our Own Correspondent Podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Robin Hood, Flippy, and the web ad bubble
21 oktober 2020 |
73 min
The Darkside ransomware gang thinks it's a modern-day Robin Hood when it donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Tim Hwang.
Plus don't miss our featured interview with Recorded Future's Levi Gundert.
Visit https://www.smashingsecurity.com/201 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Levi Gundert and Tim Hwang.
Sponsored By:
- Recorded Future: Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources.
- For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express.
- Get it now at smashingsecurity.com/recordedfuture
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
Links:
- Smashing Security celebration livestream — YouTube.
- Ransomware gang donates part of ransom demands to charity organizations — ZDNet.
- Mysterious 'Robin Hood' hackers donating stolen money — BBC News.
- Donate Bitcoin - Give to Help Build Wells and Water Projects — The Water Project.
- Donate cryptocurrency to Children International
- Ad Tech Could Be the Next Internet Bubble — Wired.
- Subprime Attention Crisis: Advertising and the Time Bomb at the Heart of the Internet — A book by Tim Hwang.
- Miso Robotics unveils its next-gen robot kitchen assistant — VentureBeat.
- Flippy — Miso Robotics.
- Miso Robotics Flippy Robot flips burgers like it's its job — YouTube.
- Flippy the burger-flipping robot too good, fired after one day — Naked Security.
- Cybersecurity a Must for Safe IIoT Robots — Robotics Online.
- How to Improve Cybersecurity for Robots — RIA Robotics Blog.
- Airplane Mode — Steam.
- Enjoy a 6-hour flight in real-time with economy class sim Airplane Mode from tomorrow — Eurogamer.
- Airplane Mode: Live Action Trailer — YouTube.
- Airplane Mode Gameplay — YouTube.
- Gef the Talking Mongoose — Wikipedia.
- Gef! The Strange Tale of an Extra-Special Talking Mongoose — MIT Press.
- Dirty Diana — QCODE.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Two flipping hundred
14 oktober 2020 |
72 min
We're in celebratory mood as we celebrate our 200th episode, but there's still time to discuss Fatima the ballerina who the UK government wants to become a cybersecurity expert, why women are quitting the tech industry, and a smartwatch which might be putting your kids at risk.
Plus don't miss our featured interview with Mimecast's Michael Madon.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/200 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Maria Varmazis and Michael Madon.
Sponsored By:
- Mimecast: Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation).
- Grab your copy at smashingsecurity.com/mimecasthub
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
Links:
- Join us on the Smashing Security LIVE STREAM! — We'll be live at 8pm UK Thursday 15 October (3pm Eastern).
- Fury over Government campaign suggesting ballet dancer could retrain in cyber security — London Evening Standard.
- Dying swan or lame duck? Why 'Fatima' the ballerina's next job was tripping up the government — The Guardian.
- "For those worried about Fatima she’s almost certainly not called Fatima and almost certainly will never work in cyber. The image is from a US photographer based in Atlanta, Georgia." — Ciaran Jenkins on Twitter.
- The Vocabularist: How we use the word cyber — BBC News.
- Resetting Tech Culture: 5 strategies to keep women in tech (PDF) — Accenture and Girls Who Code.
- Exposing covert surveillance backdoors in children’s smartwatches — Mnemonic.
- Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch — Ars Technica.
- Introducing the Xplora GO — YouTube.
- Commerce Department to Add Two Dozen Chinese Companies with Ties to WMD and Military Activities to the Entity List — U.S. Department of Commerce.
- Skribbl — Free Multiplayer Drawing & Guessing Game.
- Hades — Super Giant Games.
- Sticky Pickles — A new podcast by Carole Theriault and Anna Brading.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A few tech cock-ups, and one cock lock-up
7 oktober 2020 |
55 min
An internet-connected adult toy could leave its users encaged, the official NHS COVID-19 contact-tracing app alarms users, and would you be happy if a robot interviewed you for a job?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman.
Visit https://www.smashingsecurity.com/199 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoe Kleinman.
Sponsored By:
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Smashing Security LIVE STREAM!
- CellMate chastity cage (Short model) — QIUI.
- Smart male chastity lock cock-up — Pen Test Partners.
- NHS Covid-19 app: 12m downloads - and lots of questions — BBC News.
- Hubert+1 - Add more to your team.
- Predictive Hire - Bias-free interviews.
- I Got a Job at an Amazon Warehouse Without Talking to a Single Human — Ryan Fan, OneZero.
- Tengai demo — YouTube.
- John Lennon at 80 - episode one. — BBC Sounds.
- John Lennon at 80 - episode two. — BBC Sounds.
- Sean Lennon's full conversation with Julian Lennon. — BBC Sounds.
- Sean Lennon's full conversation with Elton John. — BBC Sounds.
- Sean Lennon's full conversation with Paul McCartney. — BBC Sounds.
- John Lennon at the BBC: From The Beatles’ early days to his final interview — BBC Sounds.
- Television set — Wikipedia.
- Perspective — YouTube.
- Broad Canvas — Oxford art supplies store.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Chucky the coffee maker
30 september 2020 |
68 min
Coffee machines catching ransomware, Blacklight shines a torch on website tracking, and a woman is freaked out that a complete stranger can turn off her home's security system.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
And don't miss our featured interview with Greg Jensen from Oracle, who talks all about five free reports he has put together for listeners about cloud security.
Visit https://www.smashingsecurity.com/198 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Dave Bittner and Greg Jensen.
Sponsored By:
- Oracle: Check out the free cloud security reports that Oracle is making available for listeners of "Smashing Security" and learn how organizations can make security an essential part of the culture of their business.
- Read the free reports at smashingsecurity.com/oraclereport
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Trojan Room coffee pot — Wikipedia.
- Trojan Room Coffee Machine — Department of Computer Science and Technology, Cambridge University.
- Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal — Evil Socket.
- The Fresh Smell of ransomed coffee — Martin Hron, Avast Threat Labs.
- When coffee makers are demanding a ransom, you know IoT is screwed — Ars Technica.
- What a hacked coffee machine looks like — YouTube.
- Blacklight — The Markup.
- What They Know … Now — The Markup.
- Smart Home Security Market Share, Size & Forecast to 2024 — Market data forecast.
- Smart home penetration rates — Statista.
- New homeowner 'freaked out' when stranger took control of her security system — CBC News.
- Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach — Forbes.
- John Miles - Music — YouTube.
- You Can't Unhear This — YouTube.
- The Mystery Singer in All You Need Is Love — YouTube.
- New Climate Maps Show a Transformed United States — ProPublica.
- Hank the Cowdog — Apple Podcasts.
- Matthew Mcconaughey Lincoln MKZ Commercials compilation — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Greedy bosses, game cheats, and virtual beheadings
23 september 2020 |
53 min
Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/197 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Package Thief vs. Glitter Bomb Trap — YouTube.
- CSGO Cheaters trolled by fake cheat software — YouTube.
- This Hacker Creates Fake Cheats That Make Cheaters Jump Off Buildings In-Game — Vice.
- Tweet by Colin Madland.
- Which will the Twitter algorithm pick: Mitch McConnell or Barack Obama? — Tweet by @bascule.
- GrahamOrCarole? — Twitter.
- Founder And CEO Of Cyberfraud Prevention Company Arrested And Charged With Securities Fraud Scheme — Department of Justice press release.
- Founder of Anti Cyber Fraud Company Charged With Fraud — Vice.
- Founder of cyber fraud startup ironically facing fraud charges — Gizmodo.
- Interview with NS8's Adam Rogas — YouTube.
- Mission to the Unknown Recreation - Doctor Who — YouTube.
- The making-of Mission to the Unknown — YouTube.
- Trillion Trees.
- Criminal: UK — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Smart guns, smart cars, and smart street lights - oh my!
16 september 2020 |
54 min
Kalashnikov unveils its "smart" shotgun, San Diego struggles with its street lights, and a researcher reveals how he found a way to hack every Tesla on the planet.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David McClelland.
Visit https://www.smashingsecurity.com/196 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
Links:
- Kalashnikov smart shotgun - MP-155 Ultima.
- Kalashnikov reveals first Russian-made smart shotgun MP-155 Ultima — YouTube.
- Mike Jernigan, blind veteran, uses a TrackingPoint system to land a 300+ yard shot — YouTube.
- See how a self-aiming sniper rifle can be remotely hacked — Hot for Security.
- Tesla Network Vulnerability Report - 2017-03-24 (Annotated) — Google Docs.
- The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he's a good guy — Electrek.
- Smart Streetlights Program — City of San Diego.
- Cops Tap Smart Streetlights Sparking Controversy and Legislation — IEEE Spectrum.
- Mayor orders San Diego's Smart Streetlights turned off until surveillance ordinance in place — The San Diego Union-Tribune.
- Mayor was right to shut off Smart Streetlights — The San Diego Union-Tribune.
- Hints of life on Venus — University of Manchester.
- "This Is Paris - The Real Story of Paris Hilton" — YouTube.
- “This is Paris” is a quixotic redemption story about what it means to be a human and a brand at once — Salon.com.
- Moriarty's Game: A Killer in the Hive.
- Castolog - a podcast recommendation podcast — That's Not Canon Productions.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Selene Delgado Lopez is not your friend - with Jon Bentley
9 september 2020 |
50 min
The Gadget Show's Jon Bentley joins us to discuss the mystery of a Facebook friend you never requested, software updates for the Mercedes S-Class, and risks in the online classroom.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jon Bentley.
Visit https://www.smashingsecurity.com/195 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jon Bentley.
Sponsored By:
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
- Deep Instinct: Most people agree that the most effective way to reduce the cost of an attack is to prevent it from happening in the first place!
- Deep Instinct strives to prevent all known and unknown threats using deep learning, making detection and response automated, fast and effective for any threat that cannot be prevented.
- Check out a report by the Ponemon Institute, which studied the cost savings of adopting an efficient prevention model. Go grab it at smashingsecurity.com/deepinstinct
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Say hello to to the latest weird viral Facebook hoax: ‘Selene Delgado Lopez’ — Mashable.
- Veja Quem é Selene Delgado Lopez - a Fantasma do Facebook — YouTube.
- The 10 most important innovations in the New Mercedes-Benz S‑Class! — Exhibit.
- Mercedes Revs mbrace2 With Cloud Updates — Wired.
- San Leandro schools stepping up online security after latest Zoombomb — San Francisco Chronicle.
- ‘Zoombombers’ using porn to troll students across US — Miami Herald.
- Schoolgirl is robbed during a Zoom lesson in Ecuador — Daily Mail.
- Digital Education: The cyberrisks of the online classroom — SecureList.
- E-safety for schools — NSPCC Learning.
- A robot wrote this entire article. Are you scared yet, human? — The Guardian.
- Smart heater for water & milk — Heatle.
- Autopia: The Future of Cars by Jon Bentley — Amazon.
- Rayvolt Cruzer V3 E-Bike — CostCo.
- Harry Hill's TV Burp - Gadget Show Competition Prizes — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Carry on droning
2 september 2020 |
48 min
A Bitcoin bungle causes one user to lose millions, hackers attempt to bribe a Tesla employee into infecting the company's network, and are we ready for a sky full of drones?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
Visit https://www.smashingsecurity.com/194 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jessica Barker.
Sponsored By:
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Confident Cyber Security by Jessica Barker.
- Tweet by John McAfee about the mathematical impossibility of Bitcoin being less than $1 million by the end of 2020.
- The Dickening Countdown to John McAfee Dick Eating.
- Bitcoin Holder Loses $16 Million in BTC to Well-Known Scam — Decrypt.
- Electrum user says he has lost 1400 Bitcoin — GitHub.
- Electrum Bitcoin wallets under siege — Malwarebytes.
- Electrum vulnerability announcement — Github.
- Sybil attack — Wikipedia.
- Fawlty Towers: The best of Sybil — YouTube.
- Electrum Bitcoin Wallet homepage.
- Elon Musk Says Tesla Saved From 'Serious' Ransom Attempt — Data Breach Today.
- Jennifer Lopez - Jenny from the Block (Official Music Video) — YouTube.
- The security impact of drones: Challenges and opportunities for the UK (PDF) — University of Birmingham.
- Security analysis of drones systems: Attacks, limitations, and recommendations — NCBI.
- Drone Delivery? Amazon Moves Closer With F.A.A. Approval — New York Times.
- What Security Threats Are Posed By Drones? — Avast.
- The Surprising Ways Drones Are Saving Lives — National Geographic.
- HEAVE HO!
- Heave Ho - Launch Trailer — YouTube.
- Behind the Schemes: Heave Ho with Le Cartel — YouTube.
- StartUp (TV series) — Wikipedia.
- StartUp - Launch Trailer — YouTube.
- Steal the Stars podcast — Tor Labs.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacking the CIA, Bridgefy, and college lockdowns
26 augusti 2020 |
59 min
Whatever happened to Crackas with Attitude, perfidious Albion College's approach to locking down Coronavirus, and the Bridgefy mesh messaging app falls down when it comes to security.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Visit https://www.smashingsecurity.com/193 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Anna Brading.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- CIA boss has his personal email account hacked… and yes, it’s on AOL — Graham Cluley.
- Two years' detention for UK teenager who 'cyberterrorised' US officials — The Guardian.
- Kane Gamble sentencing remarks (PDF).
- What It’s Like for a Hacker to Get Back Online After a Two-Year Internet Ban — Motherboard.
- Fearing coronavirus, a Michigan college is tracking its students with a flawed app — TechCrunch.
- Bridgefy, the messenger promoted for mass protests, is a privacy disaster — Ars Technica.
- Bridgefy’s Commitment to Privacy and Security.
- Mesh Messaging in Large-scale protests: Breaking Bridgefy — Technical paper by Martin R Albecht, Jorge Blasco, Lenka Marekova, and Rikke Bjerg Jensen of Royal Holloway, University of London.
- How to Watch The Avengers Movies in Order — Digital Trends.
- "Thor: Ragnarok" Official Trailer — YouTube.
- Sounds of the 90s with Fearne Cotton — BBC.
- Super Sapiens: a card game to help change the world — Etsy.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Ritz and robocalls - with Rory Cellan-Jones
19 augusti 2020 |
49 min
A scam involving restaurant bookings at The Ritz is suitably sophisticated, the second wave of UK coronavirus testing apps, and we take a look at one of the biggest studies ever into the scourge of robocalls.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Rory Cellan-Jones.
Visit https://www.smashingsecurity.com/192 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Rory Cellan-Jones.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Tech Tent podcast — BBC World Service.
- Sir Frederick Barclay releases footage of alleged Ritz bugging — The Guardian.
- Tea at the Ritz soured by credit card scammers — BBC News.
- Tweet from The Ritz London.
- Coronavirus: England's contact-tracing app gets green light for trial — BBC News.
- Coronavirus: England's contact tracing app trial gets under way — BBC News.
- A simple telephony honeypot received 1.5 million robocalls across 11 months — ZDNet.
- Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis — USENIX.
- Pick of the Week archive — Smashing Security.
- 13 Minutes to the Moon — BBC World Service.
- Borrasca — QCODE.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
We are on the bird
12 augusti 2020 |
54 min
Can a video game help your company's staff choose stronger passwords? Why might satellite-based internet communications be bad for security? And what are the alternatives to TikTok?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/191 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Passworld: A Serious Game to Promote Password Awareness and Diversity in an Enterprise — USENIX.
- Whispers Among the Stars: A Practical Look at Perpetrating (and Preventing) Satellite Eavesdropping Attacks — Black Hat USA 2020.
- Satellite Broadband Security - James Pavur — YouTube.
- Twitter and TikTok reportedly have had talks about a deal — The Verge.
- Trump bans US transactions with Chinese-owned TikTok and WeChat — The Guardian.
- These apps are scrambling to become the next TikTok — Wired.
- Introducing Instagram Reels — Facebook.
- Quoridor — Wikipedia.
- Quoridor — BoardGameGeek.
- BLACK & DECKER 20V LBX20 Li-Ion Battery USB Power Source Adapter w/DC 12V Port — eBay.
- The Young Offenders — BBC iPlayer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Twitter hack arrests, email bad behaviour, and Fawkes vs facial recognition
5 augusti 2020 |
49 min
Special guest Geoff White can't resist using the podcast to promote his new book, "Crime Dot Com", but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don't give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes - the technology fighting back at facial recognition.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by "Crime Dot Com" author Geoff White.
Visit https://www.smashingsecurity.com/190 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- A free chapter of Geoff's book, "Crime Dot Com"
- Start-Up Helps Conservative Websites Like the Daily Caller Store User Names, Postal Addresses of Anonymous Readers — Jezebel.
- Permission Shmarketing: How does GetEmails work? — YouTube.
- Some say we're criminals. Many say we're unethical. We think we're geniuses. But we're so, so bad... — YouTube.
- Three charged in massive Twitter hack, Bitcoin scam — KTVU.
- Three Individuals Charged For Alleged Roles In Twitter Hack — Department of Justice.
- Defund Facial Recognition Before It's Too Late — The Atlantic.
- 'Atlas of Surveillance' now provides searchable, interactive database of police surveillance — VentureBeat.
- Clearview AI—Yet Another Example of Why We Need A Ban on Law Enforcement Use of Face Recognition Now — Electronic Frontier Foundation.
- Facial Recognition Map.
- This Tool Could Protect Your Photos From Facial Recognition — The New York Times.
- Fawkes - Image "Cloaking" for Personal Privacy.
- Fawkes: Protecting Personal Privacy against Unauthorized Deep Learning Models (USENIX Security 2020) — YouTube.
- Rush Hour (puzzle) — Wikipedia.
- Rush Hour games — ThinkFun.
- How To Play: Rush Hour - by ThinkFun — YouTube.
- Unblock Me — iOS App Store.
- Origins - How the earth shaped human history — Lewis Dartnell.
- The Umbrella Academy — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
DNA cock-up, Garmin hack, and virtual kidnappings
29 juli 2020 |
49 min
Why are students faking their own kidnappings? What's the story behind Garmin's ransomware attack? And a genetic genealogy website suffers a hack or two.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].
Warning: This podcast may contain nuts, adult themes, and rude language.
Links:
- Tribe of Hackers Podcast.
- Golden State Killer pleads guilty to 13 murders — BBC News.
- Joseph James DeAngelo — Wikipedia.
- Hackers Attacked Two Leading Genetic Genealogy Websites — Buzzfeed News.
- GEDmatch confirms data breach after users’ DNA profile data made available to police — TechCrunch.
- Garmin outage caused by confirmed WastedLocker ransomware attack — Bleeping Computer.
- Charges Announced in Malware Conspiracy — FBI.
- Garmin staggers back online after ransomware attack — Graham Cluley.
- Coronavirus: China warns students over 'risks' of studying in Australia — BBC News.
- Chinese students in Australia targeted in virtual kidnapping scam — BBC News.
- Chinese students in Australia are being targeted in kidnapping scams, police warn — South China Morning Post.
- Chinese Students in Australia Are Faking Their Own Kidnappings. Here’s Why — Vice.
- SecondHandSongs.
- Doomsday Algorithm — Just in case you didn't understand Ray's explanation...
- Incredibox.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Immersive Labs - Giving security professionals practical and gamified content to keep pace with the latest threats. Listeners can get access to more than 24 hours of free labs AND a new lab to try out each week.
- LastPass - The trusted enterprise password manager of over 33,000 businesses.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Dinner with Elon Musk and Kris Jenner
22 juli 2020 |
63 min
Who stopped Twitter's hackers from stealing more money? Why are Covid-19 researchers being told to ramp up their cybersecurity? How can you find out if your smartphone is infected with stalkerware? And who does Graham think he is turning down a celebrity dinner invite?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.
Visit https://www.smashingsecurity.com/188 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Lisa Forte.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- The Twitter mega-hack. What you need to know — Tripwire State of Security.
- The Twitter hack: Why Elon Musk, Bill Gates, Jeff Bezos and others might have reason to be worried — Graham Cluley.
- Twitter Hackers Could Have Stolen A Whole Lot More Bitcoin — Forbes.
- Twitter says hackers downloaded private account data — BBC News.
- UK condemns Russian Intelligence Services over vaccine cyber attacks — GOV.UK.
- Britain’s charges of hacking & meddling ‘make no sense’ but Russia is ready to turn the page & work with UK – ambassador — Russia Today.
- Russian Cyber Espionage Group Targets COVID-19 Vaccine Research and IP — IP Watchdog.
- Google bans ads for stalkerware apps—with some exceptions — Ars Technica.
- Google’s ad ban won’t stop stalkerware apps from promoting themselves — Graham Cluley.
- 1 in 10 Americans uses stalkerware to track partners and exes, poll finds — CNET.
- Stalkerware: Domestic Abuse Victims Face Invisible Threat — Digital Trends.
- How to Check Your Devices for Stalkerware — Wired.
- Find and remove stalkerware and bossware from your phone — Traced.
- President Trump goes one-on-one with Chris Wallace — YouTube.
- Montreal Cognitive Assessment (MOCA) — A similar test to that taken by President Donald Trump.
- Quiz: Could you pass Donald Trump's cognitive test? — BBC News.
- "How to cognitive" — Sarah Cooper on Twitter.
- Don't F**k with Cats: Hunting an Internet Killer — IMDB.
- 60 Versions of Leonard Cohen's 'Hallelujah,' Ranked — Newsweek.
- Hallelujah (COVER) - Shaun Brown & Jeremy Dunham — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Huawei ban, MGM hack, and a contact-tracing cock-up
15 juli 2020 |
63 min
Login chaos for England's contact tracing service, our drill-down on the Britain's Huawei 5G ban, MGM's blockbuster breach, and how to pronounce "Gigabyte."
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Plus we have a bonus featured interview with Scott Petry, the co-founder of Authentic8, all about how you can browse the internet safely, securely, and anonymously when conducting research, collecting sensitive evidence, and analyzing data.
Visit https://www.smashingsecurity.com/187 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Maria Varmazis and Scott Petry.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Authentic8: Silo for Research (Toolbox) from Authentic8 is a secure and anonymous web browsing solution that enables threat intelligence, security, and public safety professionals to conduct research, collect evidence, and analyze data across the open, deep and dark web.
- To learn how Silo for Research enables teams to timely and efficiently investigate, while ensuring maximum security and oversight to ensure compliance - including GDPR - go to smashingsecurity.com/authentic8
Links:
- Coronavirus: Contact tracers in England 'locked out of accounts' — Sky News.
- TalkTalk’s ex-CEO Dido Harding heads up the UK’s Coronavirus tracing app… — Graham Cluley.
- Apparently Coronavirus-tracing scammers won’t sound professional… (Yeah, right!) — Graham Cluley.
- Huawei 5G kit must be removed from UK by 2027 — BBC News.
- US sanctions make Huawei more of a security risk, says leaked UK report — The Verge.
- A different future for telecoms in the UK — NCSC.
- Commerce Addresses Huawei’s Efforts to Undermine Entity List, Restricts Products Designed and Produced with U.S. Technologies — U.S. Department of Commerce.
- A hacker is selling details of 142 million MGM hotel guests on the dark web — ZDNet.
- WindowSwap.
- How do you pronounce "Gigawatt"? — Waldo Jaquith on Twitter.
- Metric (SI) Prefixes — NIST.
- No podcast.
- In the No Part 1 — Radiolab.
- 21 OSINT Tools for Cyber Threat Intelligence — Authentic8.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
This one's for all the Karens!
8 juli 2020 |
50 min
A high-rolling Hushpuppi gets extradited to the United States, Carole details her problems with clipboards and Disposophobia, and our guest becomes the subject of fake news during the Senegalese election.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by investigative journalist Michelle Madsen (or is it Michelle Damsen? Hmm...).
Visit https://www.smashingsecurity.com/186 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Michelle Madsen.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Authentic8: Silo for Research (Toolbox) from Authentic8 is a secure and anonymous web browsing solution that enables threat intelligence, security, and public safety professionals to conduct research, collect evidence, and analyze data across the open, deep and dark web.
- To learn how Silo for Research enables teams to timely and efficiently investigate, while ensuring maximum security and oversight to ensure compliance - including GDPR - go to smashingsecurity.com/authentic8
Links:
- Ray Hushpuppi's Instagram account.
- Your 2.3m Instagram fans won't stop the FBI... Web star accused of plotting to launder millions from cyber-crime — The Register.
- Hushpuppi and Mr. Woodbery, BEC scammers: Welcome to Chicago! — CyberCrime & Doing Time.
- Dubai Police operation Fox Hunt 2 against Hushpuppi. — Vimeo.
- Cosmic Lynx Threat Dossier — Agari.
- Domain Message Authentication Reporting & Conformance — DMARC.
- How to Combat Fake Emails — Australian Cyber Security Centre.
- My fake news whodunnit: Caught up in a Senegal fake news scam — BBC News.
- The Documentary: My fake news whodunnit — BBC World Service.
- TikTok grabbing the contents of an iPhone clipboard every 1-3 keystrokes — Twitter.
- Popular iPhone and iPad Apps Snooping on the Pasteboard — Mysk.
- The Life and Times of David Lloyd George (with Ennio Morricone theme tune) — YouTube.
- Dogmatix chasing a Roman legionary, to the tune of Ennio Morricone's Chi Mai. — YouTube.
- A Tribute to Ennio Morricone. — Tableau.
- An Abridged Micro List — Malaika Kegode on Facebook.
- Karen (slang) — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Bieber fever, Roblox, and ransomware
1 juli 2020 |
47 min
Who's been dressing Robox players up in red baseball caps? Which ransomware victim's negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Visit https://www.smashingsecurity.com/185 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: John Hawes.
Sponsored By:
- Authentic8: Silo for Research (Toolbox) from Authentic8 is a secure and anonymous web browsing solution that enables threat intelligence, security, and public safety professionals to conduct research, collect evidence, and analyze data across the open, deep and dark web.
- To learn how Silo for Research enables teams to timely and efficiently investigate, while ensuring maximum security and oversight to ensure compliance - including GDPR - go to smashingsecurity.com/authentic8
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Roblox accounts being hacked in support of Trump re-election — Bleeping Computer.
- Add 2-Step Verification to Your Roblox Account — Roblox.
- Ransomware Groups Promise Not to Hit Hospitals Amid Pandemic — Wired.
- NetWalker Ransomware - What You Need to Know — Tripwire.
- Update on IT Security Incident at UCSF — UC San Francisco.
- How hackers extorted $1.14m from University of California, San Francisco — BBC News.
- Pizzagate conspiracy theory — Wikipedia.
- A TikTok Twist on ‘PizzaGate’ — The New York Times.
- ‘PizzaGate’ Conspiracy Theory Thrives Anew in the TikTok Era — The New York Times.
- TikTok Teens Are Obsessed With Pizzagate — The Daily Beast.
- Building the Perfect Squirrel Proof Bird Feeder — YouTube.
- DARK Season 1 Trailer — YouTube.
- DARK - The Official Guide — Netflix.
- Conan Doyle estate sues Netflix for giving Sherlock Holmes too many feelings — The Verge.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Vanity Bitcoin wallets, BlueLeaks, and a Coronavirus app conspiracy
24 juni 2020 |
51 min
A conspiracy spreads on social media about Coronavirus tracing apps, US police find decades' worth of sensitive data leaked online, and is there a Bitcoin bonanza to be had from watching Elon Musk YouTube videos?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology reporter Zoe Kleinman.
Visit https://www.smashingsecurity.com/184 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoe Kleinman.
Sponsored By:
- MetaCompliance: Create a more security-conscious workforce with MetaCompliance's Cyber Security Awareness for Dummies book. Download it for free at smashingsecurity.com/cyberaware
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- How photographs are airbrushed — A 2010 BBC News article, starring Zoe Kleinman.
- Elon Musk Bitcoin vanity addresses used to scam users out of $2 million — ZDNet.
- Kate Winslet responds to Bitcoin scam faking her endorsement — Decrypt.
- Bitcoin scam uses Prince Harry, Meghan Markle to dupe would-be investors — Decrypt.
- Covid-19 tracing tool on smartphones is 'not app' — BBC News.
- ‘BlueLeaks’ Exposes Files from Hundreds of Police Departments — Krebs on Security.
- Koko Analytics — A privacy-friendly analytics plugin for WordPress.
- Fathom — Fast, simple and privacy-focused website analytics.
- Upload trailer — YouTube.
- Backspace and beyond — Audioboom.
- The Magnus Archives — Horror podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
MAMILs, gameshows, and a surprise from eBay
17 juni 2020 |
46 min
A TV gameshow with cash prizes if you're obeying Coronavirus lockdown rules, ex-Ebay staff charged in crazy cyberstalking case, and when the wrong cyclist was accused by the internet bearing pitchforks.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/183 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- MetaCompliance: Create a more security-conscious workforce with MetaCompliance's Cyber Security Awareness for Dummies book. Download it for free at smashingsecurity.com/cyberaware
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Mr Blobby — Wikipedia.
- Noel's House Party — Wikipedia.
- A man is surprised at home by Noel's House Party — YouTube.
- Bahrain, Kuwait and Norway contact tracing apps among most dangerous for privacy — Amnesty International.
- Coronavirus: Alarm over 'invasive' Kuwait and Bahrain contact-tracing apps — BBC News.
- ‘Are You At Home?’ Winner Selection Rules — Bahrain's Information & eGovernment Authority.
- Bahrain BeAware — iOS App Store.
- Bahrain BeAware — Google Play Store.
- Six Former eBay Employees Charged with Aggressive Cyberstalking Campaign Targeting Natick Couple — Department of Justice.
- Ex-EBay CEO's 'Inappropriate' Messages Played Role in Ouster — TheStreet.
- MAMIL throws a tantrum — Twitter.
- Maryland cyclist arrested for assaulting 3 people posting Black Lives Matter flyers — CNN.
- Smashing Security episode 063: Carole's back! — In which we discuss privacy issues involving fitness trackers.
- What It’s Like to Get Doxed for Taking a Bike Ride — New York magazine.
- Staged — BBC iPlayer.
- The Mars Challenge by Alison Wilgus — Macmillan.
- Mars trip to use astronaut poo as radiation shield — New Scientist.
- Culture quiz: from Bob Holness 007 to the Daily Mail's feast of filth — The Guardian.
- Quizzes — The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Space Force, credit card fraud, and beep-ti-beep
10 juni 2020 |
62 min
Graham finds himself in hot water with a security firm after a data breach, Carole discusses credit card fraud, and we have a pleasant surprise for Thom Langford, who appears to have mostly agreed to be a guest to promote his own podcast.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
And don't miss our featured interview with Robbie O'Brien of MetaCompliance, all about the new book he's written - Cyber Security Awareness for Dummies.
Visit https://www.smashingsecurity.com/182 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Robert O'Brien and Thom Langford.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- MetaCompliance: Create a more security-conscious workforce with MetaCompliance's Cyber Security Awareness for Dummies book. Download it for free at smashingsecurity.com/cyberaware
Links:
- Security firm leaves more than five billion records exposed on unsecured database — Graham Cluley.
- "Following a legal threat from ███████ ████ I have removed their name from this article on my site..." — Graham Cluley on Twitter.
- Keepnet Labs confirms contractor exposed 'data breach database' of 5 billion records — Verdict.
- Public Statement in Relation to Data Briefly Exposed on an ElasticSearch Database — Keepnet Labs.
- After threatening me with legal action, Keepnet Labs finally issues statement over data breach — Graham Cluley.
- Goodbye Naked Security? — Graham Cluley.
- US Military Could Lose Space Force Trademark to Netflix Series — CBR.
- Space Force review: astonishingly bad show — The Verge.
- The number of credit card scams continues to soar during the pandemic — Verdict.
- Pandemic Brings Huge Increases In Card Fraud And Mobile Banking — Forbes.
- Credit Card Fraud During the Pandemic — Consumer Reports.
- Credit Card Fraud — Advice from the FBI.
- How to Reduce Credit Card Fraud — The New York Times.
- Ian's Shoelace Site – Introduction
- Magnet – Window manager for Mac.
- The Host Unknown Podcast.
- DEVS — BBC iPlayer.
- Cyber Security Awareness for Dummies — A free book for listeners from MetaCompliance.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Anti-cybercrime ads, tricky tracing, and a 5G Bioshield
3 juni 2020 |
52 min
Police are hoping to stop kids becoming cybercriminals by bombarding them with Google Ads, phishers rub their hands in glee at the NHS track and trace service, and just how does a nano-layer of quantum holographic catalyzer technology make a USB stick cost hundreds of pounds?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/181 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- Deep Instinct: Most people agree that the most effective way to reduce the cost of an attack is to prevent it from happening in the first place!
- Deep Instinct strives to prevent all known and unknown threats using deep learning, making detection and response automated, fast and effective for any threat that cannot be prevented.
- Check out a report by the Ponemon Institute, which studied the cost savings of adopting an efficient prevention model. Go grab it at smashingsecurity.com/deepinstinct
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Immersive Labs: Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.
- Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week.
Links:
- Cheating in online games — Wikipedia.
- UK Ad Campaign Seeks to Deter Cybercrime — Brian Krebs.
- DDoS attacks are illegal — National Crime Agency (NCA).
- Google doesn’t seem to believe booters are illegal — Light Blue Touchpaper.
- Google ad policies.
- NHS Test and Trace — Yes, the legitimate website.
- Phishing danger is just a hyphen away — The AntiSocial Engineer.
- Apparently Coronavirus-tracing scammers won't sound professional... (Yeah, right!) — Graham Cluley.
- This is how you can verify you are actually being contacted by the government’s Test and Trace service — Full Fact.
- Glastonbury calls for 5G inquiry — Glastonbury Town Council.
- Trading Standards squad targets anti-5G USB stick — BBC News.
- Reverse Engineering a 5g 'Bioshield' — Pen Test Partners.
- Glastonbury 5G report 'hijacked by conspiracy theorists' — BBC News.
- Tweet by the BBC's Rory Cellan-Jones.
- 5GBioShield.
- Swopper chair — Stuhl.
- The Swopper by Aeris — YouTube.
- The Knowledge: How to Rebuild our World from Scratch — Book by Lewis Dartnell.
- Men hired for sexual fantasy break into wrong house — BBC News.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Taking care of Clare
27 maj 2020 |
46 min
On this special splinter episode of the podcast, we're joined by actor and comedian Clare Blackwood in the hope of convincing her that cybersecurity is no laughing matter.
Hear what happens in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Carole's cousin (!) Clare Blackwood.
Visit https://www.smashingsecurity.com/180 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Clare Blackwood.
Sponsored By:
- Immersive Labs: Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.
- Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- All ages dance on TikTok during coronavirus quarantine — Los Angeles Times.
- Fugitive John McAfee’s location revealed by photo meta-data screw-up — Naked Security.
- Have I Been Pwned: Check if your email has been compromised in a data breach.
- Clare Blackwood's TikTok dance.
- The Miracle Sudoku — YouTube.
- Cracking The Cryptic YouTube channel.
- Puzzled man solving 'miracle' sudoku becomes YouTube sensation — The Guardian.
- Dumb-Dumbs and Dice.
- Into the Night — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Deepfake Jay-Z, and beer apps spilling your data
20 maj 2020 |
62 min
Apps that belch out sensitive military information, what could the world learn from South Korea's digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump... and why?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Brian Klaas of the "Power Corrupts" podcast.
Plus we have a bonus feature interview with Rachael Stockton from Logmein, the folks behind LastPass, all about their report into the psychology of passwords.
Visit https://www.smashingsecurity.com/179 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Brian Klaas and Rachael Stockton.
Sponsored By:
- LastPass: LastPass's "Psychology of Passwords" report surveyed over 3,000 people around the world to highlight the current state of online security behaviors – and the results are alarming.
- Download it now at smashingsecurity.com/passwordreport
- Immersive Labs: Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.
- Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week.
- Boxcryptor: Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
- Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
Links:
- Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App — Bellingcat.
- What South Korea's Nightclub Outbreak Can Teach Other Countries — Time.
- When audio deepfakes put words in Jay-Z’s mouth, did he have a legal case? — Ars Technica.
- Jay-Z’s Deepfake Hamlet Recital — To Sue, Or Not To Sue — Forbes.
- Vocal Synthesis — YouTube channel.
- Doordash and Pizza Arbitrage — Ranjan Roy.
- Iron Chef Japan episodes — YouTube.
- Rabbit Hole podcast.
- The Psychology of Passwords — LastPass.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Office pranks, meat dresses, and robocop dogs
13 maj 2020 |
51 min
Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Lisa Forte.
Visit https://www.smashingsecurity.com/178 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Lisa Forte.
Sponsored By:
- Immersive Labs: Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.
- Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week.
- Oracle: Check out the free cloud security reports that Oracle is making available for listeners of "Smashing Security" and learn how organizations can make security an essential part of the culture of their business.
- Read the free reports at smashingsecurity.com/oraclereport
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Me Too! — Microsoft tells the story of the Bedlam DL3 email storm.
- Microsoft employees swept up in GitHub reply-all email apocalypse — Business Insider.
- Microsoft now blocks reply-all email storms to end our inbox nightmares — The Verge.
- Reply All Storm Protection in Exchange Online — Microsoft Tech Community.
- The NHS's massive email storm — Graham Cluley.
- Entertainment Law Firm Hacked in Major Data Breach, Ransomware Attack — Variety.
- Coronavirus: Commuters told to 'prepare to queue' in new guidance — BBC News.
- Employers Rush to Adopt Virus Screening. The Tools May Not Help Much — The New York Times.
- Robot dog enforces social distancing in city park — BBC News.
- Onkalo spent nuclear fuel repository — Wikipedia.
- Into Eternity — Wikipedia.
- Finland buries its nuclear past — BBC News.
- The plan to protect humans from radioactive waste with color-changing cats — Business Insider.
- How colour-changing cats might warn future humans of radioactive waste — The Guardian.
- The Summit trailer — YouTube.
- No Way Down: Life and Death on K2 — Amazon.com.
- Jim Lahey's No-Knead Bread Recipe — Leite's Culinaria.
- No Knead Bread Recipe — YouTube.
- No-Knead Bread Recipe — New York Times.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Elon Musk, Roblox, and Love Bug author found
6 maj 2020 |
61 min
What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down the man behind one of history's biggest virus outbreaks in Manila? And what on earth is a hacker doing breaching Roblox security?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
Visit https://www.smashingsecurity.com/177 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- DomainTools: Join our friends at DomainTools for a webinar as they walk you through the process of identifying a nefarious domain, mapping connected infrastructure, and reverse-engineering a ransomware attack which used a Coronavirus disguise.
- Learn more about how DomainTools helps security analysts turn threat data into threat intelligence and watch the webinar at domaintools.com/smashing
- Oracle: Build, test, and deploy applications on Oracle Cloud - for free.
- Sign up at smashingsecurity.com/oracle and you'll soon be building, testing and deploying cloud applications securely with Oracle.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security in the EU Security Blogger Awards!
- Graham Cluley on Earworm Island — Earworm Island podcast.
- Carole Theriault on Earworm Island — Earworm Island podcast.
- Elon Musk tweets a photo of his newborn child — Twitter.
- World Password Day — Days of the year.
- Grimes explains the baby's name — Twitter.
- Don’t Make These 5 Password FAILS! (But Do Notch These 2 Password Wins) — ID Agent.
- Love Bug Virus Creator Comes Clean — Geoff White.
- Memories of the Melissa virus — Naked Security.
- Roblox — Wikipedia.
- What is Roblox? — Digital Trends.
- Hacker Bribed 'Roblox' Insider to Access User Data — Motherboard.
- I'm Officially RICHER Than ROBLOX!! (WORLD RECORD BROKEN) — Linkmon99 on YouTube.
- WM97/Michael-B virus analysis — Sophos.
- Bookcase Credibility — @BCredibility on Twitter.
- Five Minutes With: Brian Sewell — YouTube. So you can see how good Graham's impression is.
- Syncplay.
- Netflix Party.
- Whole Chicken in a Can — Ashens on YouTube.
- Poundland Food Special - All Day Breakfast — Ashens on YouTube.
- MRE & Ration Reviews — YouTube. A man experiencing and reviewing military rations from 1863-current day.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacking hacks and university attacks
29 april 2020 |
45 min
Journalists spying on their rivals, the NHS rejects Apple and Google's approach to Coronavirus-tracing, and universities are hit by an old-fashioned sexy lady attack.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Rik Ferguson.
Visit https://www.smashingsecurity.com/176 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Rik Ferguson.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security in the EU Security Blogger Awards!
- Financial Times reporter accessed private calls at Independent and Evening Standard — The Independent.
- FT suspends journalist accused of listening to rival outlets' Zoom calls — The Guardian.
- Sky News admits it hacked Canoe Man’s email — Naked Security.
- Is it ever acceptable for a journalist to hack into somebody else’s email? — Naked Security.
- NHS rejects Apple-Google coronavirus app plan — BBC News.
- Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities — Proofpoint.
- Warwick University kept data hack secret from students and staff — Birmingham Live.
- JustWatch - The Streaming Guide.
- Just Watch — Apple App Store.
- Just Watch — Google Play.
- Fire for Kids Unlimited — Amazon UK.
- Kindle Limited for Kids — Amazon.com.
- J! Archive.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Zoom deepfakes, Zardoz, and 'Rona tracing
22 april 2020 |
50 min
Will deepfake disguises hit a video conference near you, can Coronavirus-tracing apps be trusted, and should Facebook shut down anti-quarantine events?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/175 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Boxcryptor: Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice. Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
Links:
- Iain Thomson in fancy dress on Zoom. — Twitter.
- Smashing Security 134: Sextortion, silicone face masks, and a DDoS doofus.
- Avatarify: Avatars for Zoom and Skype — GitHub.
- "Elon Musk joined our Zoom call" — YouTube.
- Avatarify demo — YouTube.
- This Open-Source Program Deepfakes You During Zoom Meetings, in Real Time — Vice.
- Trailer for Zardoz (1974) — YouTube.
- Coronavirus: Governors ask Trump to call off lockdown protests — BBC News.
- Facebook sort-of blocks anti-quarantine events – how many folks are actually behind these 'massive' protests online? — The Register.
- COVID-19 apps — Wikipedia.
- Would You Give Up Health or Location Data to Return to Work? — The New York Times.
- European scientists and researchers raise privacy concerns over coronavirus contact tracing apps — VentureBeat.
- European experts ready smartphone technology to help stop coronavirus — Reuters.
- 2 billion phones cannot use Google and Apple contact-tracing tech — Ars Technica.
- Contact Tracing in the Real World — Light Blue Touchpaper.
- Tracking the Global Response to COVID-19 — Privacy International.
- Apple and Google Respond to Covid-19 Contact Tracing Concerns — Wired.
- Sketchplanations - A weekly explanation in a sketch.
- Make These Projects to Fight COVID-19 Right Now — Make.
- 3D Print This Simple Tool Now, To Help Local Sewists Make More Masks for Covid-19 — Make.
- Fix The Mask.
- Turn a T-shirt into a face mask — Ronit Bose Roy on Twitter.
- Educational Documentaries on Netflix — YouTube.
- Remote Tourism.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Animal Crossing with Garry Kasparov
15 april 2020 |
46 min
World-chess-champion-turned-activist Garry Kasparov joins us as we discuss celebrity lookalikes, smartphone fleeceware, the impact Coronavirus is having on security, and how a popular new video game is being used for political ends.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Garry Kasparov.
Yes, the Garry Kasparov. Graham was pretty excited too.
Visit https://www.smashingsecurity.com/174 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Garry Kasparov.
Sponsored By:
- Boxcryptor: Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
- Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
Links:
- Don’t let fleeceware sneak into your iPhone — Sophos.
- Fleeceware apps persist on the Play Store — Sophos.
- Fleeceware apps discovered on the iOS App Store — ZDNet.
- How to see or cancel subscriptions on your iPhone, iPad or iPod touch — Apple Support.
- How to cancel, pause, or change a subscription on Google Play — Google Play Help.
- Global Move to Telecommute Work Increases Security Risks — Voice of America.
- Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book — Malwarebytes.
- Animal Crossing.
- The Vegan Guide to 'Animal Crossing: New Horizons' — PETA Kids.
- Chinese gamers decorate Animal Crossing with propaganda and Covid-19 references — Abacus.
- Nintendo game pulled from Chinese platforms after Hong Kong protest — Reuters.
- Animal Crossing removed from sale in China amid Hong Kong protests — BBC News.
- Animal Crossing game removed from sale in China over Hong Kong democracy messages — The Guardian.
- Retirement day fighter jet ride ends in chaos after OAP pulls ejector seat lever — Daily Star.
- Extraordinary Times: A COVID-19 Visual Journal — Maria Photinakis.
- French air investigation report.
- Coronavirus: 20 suspected phone mast attacks over Easter — BBC News.
- Coronavirus: Scientists brand 5G claims 'complete rubbish' — BBC News.
- The Weirdly Enduring Appeal of Weird Al Yankovic — The New York Times.
- The Daily: The Sunday Read: Weird Al Yankovic’s Weirdly Enduring Appeal — Apple Podcasts.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
5G fiascos, Zoom gloom, and butt biometrics
8 april 2020 |
63 min
We take a look at the stinky backside of surveillance, gas about the latest video-conferencing threats, and jump into the murky world of 5G conspiracy theories.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland and featuring an interview with LastPass's Barry McMahon.
Visit https://www.smashingsecurity.com/173 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Barry McMahon and David McClelland.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Engineers unleash car-seat identifier that reads your rear end — Phys.org.
- Identifying personal microbiomes using metagenomic codes — PNAS.
- A mountable toilet system for personalized health monitoring via the analysis of excreta — Nature.
- 'Magic toilet' could monitor users' health, say researchers — The Guardian.
- Toilet hackers could snoop on your poop, steal data of a “personal nature” — Graham Cluley.
- Zoomed In: A Look into a Coinminer Bundled with Zoom Installer — Trend Micro.
- PSA: Fake Zoom installers being used to distribute malware — Bleeping Computer.
- Was a 5G Tower Torn Down in China To Stop COVID-19? — Snopes.
- Coronavirus 5G Conspiracy Theory: UK Cell Towers Burned Over Claims It Causes COVID-19 — International Business Times.
- Coronavirus 5G conspiracy theory spreads as cellphone towers attacked — USA Today.
- 5G is not accelerating the spread of the new coronavirus — Full Fact.
- Influencers among 'key distributors' of coronavirus misinformation — The Guardian.
- How the 5G coronavirus conspiracy theory tore through the internet — Wired.
- Call for social media platforms to act on 5G mast conspiracy theory — The Guardian.
- Totally Reliable Delivery Service - The Game About Terrible Delivery Drivers.
- Totally Reliable Delivery Service - Launch Trailer — YouTube.
- LET'S GO LIVE with Maddie & Greg — YouTube.
- Power Corrupts Podcast.
- The godfather of fake news — BBC News.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
UncleF***Face - with Mikko Hyppönen
1 april 2020 |
51 min
Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he's bought a Facebook Portal for his in-laws.
All this and much much more is discussed in the latest edition of the award-winning "Smashing Security" podcast with Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/172 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mikko Hyppönen.
Sponsored By:
- DomainTools: DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.
- Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Herrasmieshakkerit — Mikko's security podcast (in Finnish) with Tomi Tuominen.
- Video trailer for Herrasmieshakkerit — YouTube.
- Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims — Graham Cluley.
- Houseparty declares that all accounts are safe — Twitter.
- Houseparty announces $1,000,000 bounty — Twitter.
- Zoom Meetings Do Not Support End-to-End Encryption — The Intercept.
- The most popular smartphones in 2019 — DeviceAtlas.
- The Zoom IPO (with Santi Subotovsky) — Acquired podcast.
- Cyber Volunteers – Protecting and Responding for our healthcare services! — CV19.
- Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers — Bloomberg.
- Your Bosses Are Trying To Spy On You Now More Than Ever — Futurism.
- Companies are using webcams to monitor employees working from home — Business Insider.
- Something Rhymes with Purple — Acast.
- Susie Dent on Twitter.
- Virtual choir from Finland: "Song of the Fearless" — YouTube.
- Someone's built the entire Earth in Minecraft - to scale — Eurogamer.
- The Earth in Minecraft, 1:1 scale ...for the first time — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
WhatsApp hoaxes, Zoombombs, and 8-bit love
25 mars 2020 |
46 min
Blackmailers are threatening to infect your family with Coronavirus, trolls are making Zoom an unsafe place for those of a sensitive disposition, and what is the mysterious Dr Negrin audio message spreading on WhatsApp?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
Visit https://www.smashingsecurity.com/171 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- "Stay home and help flatten the curve!" — Tweet by Pornhub.
- ‘Dirty little secret’ extortion email threatens to give your family coronavirus — Naked Security.
- Google Assistant calling the hairdresser for an appointment — YouTube.
- Geoff White tweets about the "Dr Negrin" audio message. — Twitter.
- Priest in Italy live streams mass, activates filters by mistake — Reddit.
- Beware of ‘ZoomBombing:’ screensharing filth to video calls — TechCrunch.
- ‘Zoombombing’: When Video Conferences Go Wrong — The New York Times.
- How to prevent your Zoom meetings being Zoom-bombed (gate-crashed) by trolls — ZDNet.
- Students Are Targeting Zoom and Classroom With Bad Reviews To End Homework During Coronavirus Outbreak — Newsweek.
- MS-DOS Games you can play in your browser — The Internet Archive.
- Humbug by Graham Cluley — The Internet Archive.
- A New Map of Wonders: A Journey in Search of Modern Marvels — Amazon.com.
- Revolution [8 Bit Tribute to The Beatles] — YouTube.
- 8 Bit Universe — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
PornHub, Coronavirus apps, and remote working
18 mars 2020 |
47 min
It's a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you're unexpectedly working from home.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Malicious Life's Ran Levi from his attic.
Visit https://www.smashingsecurity.com/170 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Ran Levi.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- DomainTools: DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.
- Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card.
Links:
- CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware — DomainTools.
- CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware — DomainTools.
- Israel to use anti-terror tech to counter coronavirus 'invisible enemy' — Reuters.
- Coronavirus: Sophie Trudeau had event with Idris Elba, Lewis Hamilton — Business Insider.
- Porn Sets Asked to Stop Production to Help Slow the Spread of Coronavirus — VICE.
- People who work from home earn more than those who commute—here's why — CNBC.
- Twitter orders all employees worldwide to work from home — The Verge.
- NASA chief urges space agency employees work from home amid coronavirus outbreak — Space.
- JPMorgan tells employees around the world to work from home — CNBC.
- Pornhub handing out free premium subs to help Italy fight coronavirus — The Next Web.
- Tweet from ProtonVPN.
- PornHub Insights.
- Coronavirus insights — PornHub Insights.
- A global map of wind, weather, and ocean conditions.
- Cold podcast — Wondery.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Burglaries, breaches, and bidets
11 mars 2020 |
51 min
How one guy's exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/169 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Leave Smashing Security a voicemail!
- Google tracked his bike ride past a burglarized home. That made him a suspect. — NBC News.
- Smashing Security episode 144: "Google helps the FBI, Twitter Jack’s hijack, and car data woes."
- Breaking Password Dependencies: Challenges in the Final Mile at Microsoft — YouTube.
- FYI: When Virgin Media said it leaked 'limited contact info', it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more — The Register.
- Data Breach Information FAQ — Virgin Media.
- Virgin Media Disclosure Statement — TurgenSec.
- Virgin Media breach 'linked customers to porn' — BBC News.
- Ultimate Chicken Horse — Clever Endeavour Games.
- Ultimate Chicken Horse - Trailer - Nintendo Switch — YouTube.
- Coronavirus prevention: 10 songs for hand washing — Los Angeles Times.
- New currency circulation in Australia — Reddit.
- Lisa Forte reports on loo roll stocks in the Abu Dhabi Waitrose — Twitter.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The Bitcoin fraud factory
4 mars 2020 |
52 min
Fraudsters steal millions from those hoping to jump on the Bitcoin bandwagon, Twitter verifies a fake US politician, and it's another face palm for facial recognition.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/168 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- DomainTools: DomainTools turns threat data into threat intelligence, giving organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.
- Read a free report into how automation is changing IT security, and specifically the staffing of IT departments.
Links:
- Inside the Kiev fraud factory stealing senior citizens’ savings — Dagens Nyheter.
- Revealed: fake 'traders' allegedly prey on victims in global investment scam — The Guardian.
- Inside the Kiev Bitcoin fraud factory — YouTube.
- A high school student created a fake 2020 candidate. Twitter verified it — CNN.
- Verified account FAQs — Twitter.
- London's Dazzle Club uses makeup to protest police use of facial recognition technology — WKSU.
- CV Dazzle: Camouflage from Face Detection.
- Clearview AI's Facial Recognition Tech Is Being Used By The Justice Department, ICE, And The FBI — BuzzFeed.
- Amazon Dating: The Future of Dating — Not the real Amazon.
- Carole's ideal date — Amazon Dating.
- My Word! — BBC.
- My Word recording from early 1960s — YouTube.
- Solve podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Coronavirus scams and an exaggerated lion
26 februari 2020 |
56 min
Scammers from Africa are preying on US businesses, a drug dealer makes a mistake when hiding his Bitcoin fortune, and the Coronavirus pandemic is causing scams to soar and raising questions about facial recognition.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Anna Brading.
Visit https://www.smashingsecurity.com/167 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Anna Brading.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Business Email Compromise (BEC) and G Suite: How the Exaggerated Lion Cybercrime Group Cashes Out — Agari.
- A weed dealer’s $59M lesson: Don’t hide Bitcoin keys with a fishing rod — Ars Technica.
- Chance encounter with gardaí unmasked bitcoin millionaire drug dealer — Irish Times.
- Man who ‘threw away’ bitcoin haul now worth over $80m wants to dig up landfill site — The Independent.
- Novel Coronavirus Update — RSA Conference.
- The Coronavirus Is Swiftly Breaching Defenses Across The World — Peak Prosperity.
- Scores of Hongkongers hit by mask scam on Facebook, hundreds more could be fraud victims since coronavirus outbreak — South China Morning Post.
- How Big of a Scam Are 'Coronavirus Protection Kits?' — Vice.
- Wearing a mask won’t stop facial recognition anymore — Abacus News.
- Coronavirus phishing scam targets victims with false information — Business Insider.
- This Cat Does Not Exist.
- These Cats Do Not Exist.
- Intelligence — Sky.
- This Country — BBC Three.
- Farkle — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
What the Dickens! Ad ban thank you scam
19 februari 2020 |
42 min
How to stop dick pics on Twitter, and a new way bad guys are extorting money from websites earning cash from Google ads.
All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/166 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- DomainTools: DomainTools turns threat data into threat intelligence, giving organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.
- Read a free report into how automation is changing IT security, and specifically the staffing of IT departments.
Links:
- Tweet from Kelsey Bressler.
- safeDM – Making the Internet Safer.
- @showYoDiq — Twitter.
- This Dick Pic Filter For Your Inbox Does Block Most Pictures Of Dicks, And Some Dick-Like Things — Buzzfeed.
- Smashing Security 034: The pen is mightier than the password — With special guest David McClelland.
- Pay Up, Or We’ll Make Google Ban Your Ads — Krebs on Security.
- The Personal History of David Copperfield (Trailer) — YouTube.
- The Personal History of David Copperfield — Wikipedia.
- Hunted — Endeavor Audio.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cheapfakes, deepfakes, and Ashley Madison
12 februari 2020 |
49 min
Wi-Fi hopping malware, the return of Ashley Madison extortion scams, and should social media be doing anything about cheapfakes?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
Visit https://www.smashingsecurity.com/165 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jessica Barker.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Smashing Security #162: Robocalls, health hacks, and facial recognition fears — Carole talks about the activities of Clearview AI.
- The Daily: The End of Privacy as We Know It? — Apple Podcasts.
- Emotet Malware Advisory — US Department of Homeland Security.
- Emotet Wishes You a Merry Christmas from Greta Thunberg — Proofpoint.
- Coronavirus - hackers exploit fear of infection to spread malware — Graham Cluley.
- Emotet evolves with new Wi-Fi spreader — Binary Defense.
- Dear Ashley Madison user, I know everything about you. Pay up or else — Ars Technica.
- Here's what an Ashley Madison blackmail letter looks like — Graham Cluley.
- Nancy Pelosi rips up Trump's speech after divisive State of the Union address — The Guardian.
- Tweet by Dan Scavino Jr.
- Video of Pelosi brings renewed attention to 'cheapfakes' — AP News.
- Tool to Help Journalists Spot Doctored Images Is Unveiled by Jigsaw — The New York Times.
- Smashing Security #143: Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians.
- First survey of its kind for 50 years finds most Americans still think they have above average intelligence — Research Digest.
- Grumpy Website.
- The Courage to Be Disliked: The Japanese Phenomenon That Shows You How to Change Your Life and Achieve Real Happiness — Amazon.
- Sophie's World: A Novel About the History of Philosophy — Amazon.com.
- Fake Heiress – The woman who scammed New York — BBC Radio Four.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A bitter pill to swallow
5 februari 2020 |
34 min
A gallery is tricked into giving millions to a fraudster, software tells doctors to push opioids onto patients, and an artist finds a novel way to trick Google Maps into thinking there's a traffic jam.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who ended up recording without a guest this week.
Visit https://www.smashingsecurity.com/164 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Fraudsters Posing as Art Dealer Got Gallery to Pay Millions — Bloomberg.
- ‘Hampstead Heath, Harrow in the Distance’, John Constable, David Lucas, published 1855 — Tate.
- Electronic Health Records Vendor to Pay $145 Million to Resolve Criminal and Civil Investigations — Department of Justice.
- In secret deal with drugmaker, health-records tool pushed opioids — Los Angeles Times.
- Practice Management Software — Practice Fusion.
- Opioid epidemic in the United States — Wikipedia.
- Exclusive: OxyContin maker Purdue is 'Pharma Co X' in U.S. opioid kickback probe - sources — Reuters.
- Smashing Security 122: The big fat con at Office Depot.
- Google Maps hacks — Simon Weckert.
- Google Maps Hacks by Simon Weckert — YouTube.
- Telling Lies launch trailer — YouTube.
- Telling Lies — iOS App Store.
- Telling Lies — Steam.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Russian heists and Ring wrongs
29 januari 2020 |
58 min
Should possessing malware be illegal in itself? How did a Russian cryptocurrency exchange millionaire lose his fortune? And what on earth are Amazon Ring doorbell cams up to now?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.
And don't miss our special featured interview with Adrian Sanabria, all about Thinkst Canary.
Visit https://www.smashingsecurity.com/163 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Adrian Sanabria and Lisa Forte.
Sponsored By:
- Thinkst: Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents...
- Listeners who mail in referencing Smashing Security get a 10% discount on their order!
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Senate Bill 30 (PDF)
- Maryland: Make malware possession a crime! Yes, yes, researchers get a free pass — The Register.
- The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up — Techdirt.
- Smashing Security 151: Frankly, sometimes paying the ransom is a good idea.
- Maryland Computer Crimes Laws — FindLaw.
- Maryland Cookies TV advert — YouTube.
- Hunting the missing millions from collapsed cryptocurrency — BBC News.
- Inside the hellish workday of an Amazon warehouse employee — New York Post.
- Ring Doorbell App Packed with Third-Party Trackers — Electronic Frontier Foundation.
- Nicholas Parsons: 'Broadcasting legend' dies at 96 after short illness — BBC News.
- Just a Minute — Wikipedia.
- Nicholas Parsons interviewed by Richard Herring — YouTube.
- Her Story - A Video Game About a Woman Talking to the Police.
- Her Story trailer — YouTube.
- Her Story follow-up takes place on a stolen NSA hard drive — Polygon.
- Bezos learns the harsh lesson of texting a crown prince fond of crucifixions — Marina Hyde, writing in The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Robocalls, health hacks, and facial recognition fears
22 januari 2020 |
52 min
A hospital gets hacked because of an ex-employee's grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks.
Visit https://www.smashingsecurity.com/162 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Michael Hucks.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- DomainTools: DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.
- Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card.
Links:
- YOU Season 2 Trailer — YouTube.
- Hospital administrator sacked for using NHS computer to download over 10,000 records is spared jail — Daily Mail.
- Robocalls: Americans got 58.5 billion in 2019, up 22% from last year — USA Today.
- Microsoft and Google just can't agree on proposed ban on facial recognition — ZDNet.
- Clearview - Technology to help solve the hardest crimes.
- The Secretive Company That Might End Privacy as We Know It — New York Times.
- Clearview FAQ (PDF).
- Episode review: Columbo Double Shock — Graham got it wrong. It was Martin Landau, not Leonard Nimoy, who played the twins. And they weren't surgeons (but Nimoy did play an evil surgeon in a different Columbo episode that season)
- Eunoia: Words that Don't Translate.
- Dog wagging her tail every time she sees her owner — YouTube.
- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement — Amazon.com.
- Harvey Weinstein Paid Off Sexual Harassment Accusers for Decades — New York Times.
- ‘She Said’ Recounts How Two Times Reporters Broke the Harvey Weinstein Story — New York Times.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Love, lucky dips, and 23andMe
15 januari 2020 |
42 min
The man who hacked the UK National Lottery didn't end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
Visit https://www.smashingsecurity.com/161 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Thom Langford.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Cyber criminal jailed over National Lottery hack — National Crime Agency.
- Man who hacked National Lottery for just £5 is jailed for nine months — Hot for Security.
- Booking data stolen from Japanese short-time love hotel booking service HappyHotel — SiliconANGLE.
- 23andMe Licenses Drug Compound to Spanish Drugmaker Almirall — Bloomberg.
- Big Data and the End of Painful, Invasive Medical Procedures — Wired.
- How 23andMe Won Back the Right to Foretell Your Diseases — Wired.
- Privacy policy — 23andMe.
- Turbo Boost Switcher for macOS.
- Embarrassed patients can now send photos of genitals to doc for STI checks — The Sun.
- Messiah trailer — YouTube.
- Messiah — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
SNAFUs! MS Word, Amazon Ring, and TikTok
8 januari 2020 |
53 min
We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you're comfortable with, and how teens are flocking to TikTok (and why that might be a problem).
All this and much much more is covered in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/160 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Senior Manager Of Global Internet Company Pleads Guilty To Wire Fraud — Department of Justice.
- IT exec sets up fake biz, uses it to bill his bosses $6m for phantom gear, gets caught by Microsoft Word metadata — The Register.
- We Tested Ring’s Security. It’s Awful — Motherboard.
- Amazon Ring isn’t even good at pretending to care about your privacy and safety — Fight for the Future
- Amazon’s Ring to let customers opt out of receiving police video requests — GeekWire.
- Letter to Amazon's Jeff Bezos from Senator Ron Wyden and others (PDF).
- House panel asks Apple, Google if app makers must reveal foreign ties — Engadget.
- U.S. Military Bans TikTok Over Ties to China — Wall Street Journal.
- The Growing Popularity of Chinese Social Media Outside China Poses New Risks in the West — PIIE.
- TikTok Privacy Policy.
- Statement on TikTok's content moderation and data security practices — TikTok.
- Revealed: how TikTok censors videos that do not please Beijing — The Guardian.
- Parents warned to check kids' phones for 15 popular apps used by paedos and bullies to target youngsters — The Sun.
- Dracula — BBC iPlayer.
- Dracula — Netflix.
- Obsessed With... - Dracula - Episode 1: The Rules of the Beast feat. Mark Gatiss and Steven Moffat — BBC Sounds.
- Dracula TV series — Wikipedia.
- The Witcher — Netflix.
- The Witcher Soundtrack - Toss A Coin To Your Witcher Lyrics — YouTube.
- Ricky Gervais 2020 Golden Globe Monologue — Reddit.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Rap, robbery, and IoT holiday hell
18 december 2019 |
55 min
A rapping bank worker is accused of stealing from the vault, the devices that can hide your car's true mileage, and why it may be a case of "No No No" rather than "Ho Ho Ho" when it comes to IoT toys this Christmas.
And as Carole sups the mulled wine, Graham has problems with his internet connection...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/159 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- ‘No Chance:’ John McAfee Halts Crypto Promo as US 2020 Elections Near — Coin Telegraph.
- FBI Arrests Former Bank Employee Charged With Stealing Cash From Bank Vault — US Department of Justice.
- "Problem" video — Aceey4oez on Instagram.
- Man posted photos of himself with stacks of cash after stealing from bank: charges — Sydney Morning Herald.
- The 1980 Cadillac Seville.
- Naughty CANbus odometer "interface". (Fakes mileage.) — Bigclivedotcom on YouTube.
- Children’s data and privacy online Growing up in a digital age (PDF) — London School of Economics.
- Amazon Echo Dot Kids: Privacy violations puts kids at risk, lawsuit alleges — CBS News.
- Parents should be wary of all connected toys, expert says — IT Pro.
- Safety alert: see how easy it is for almost anyone to hack your child’s connected toys — Which?
- Kids’ karaoke machines and smart toys from Mattel and Vtech among those found to have security flaws — Which?
- FTC fines Google $170 million for violating children's privacy on YouTube — CBS News.
- The movies that made us — Netflix.
- Die Hard — Wikipedia.
- Strong Songs podcast.
- Truth Be Told Official Trailer — YouTube.
- Truth Be Told doesn’t know how to make a murderer — The Verge.
- Truth Be Told — Apple TV+
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The man behind The Missing Cryptoqueen
11 december 2019 |
72 min
We're joined by special guest Jamie Bartlett, of the chart-topping "The Missing Cryptoqueen" podcast, in this bumper episode where we discuss his investigation into the OneCoin cryptocurrency scam, the Russian cybercriminals behind Evil Corp, and the mysterious leaks about the NHS that have turned oh-so-political...
All this and much much more can be found in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/158 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jamie Bartlett.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Russian hacking group "Evil Corp" accused of targeting American businesses — CBS News, YouTube.
- Evil Corp donuts — YouTube.
- International law enforcement operation exposes the world’s most harmful cyber crime group — National Crime Agency.
- Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware — U.S. Department of the Treasury.
- UK Government Releases Photos of Russian Hackers, Whose Lives Look Awesome — Motherboard.
- Hackers with high-placed daddies ‘Evil Corp’ member designated by U.S. Treasury is son of former Russian mayor — Meduza.
- The Missing Cryptoqueen — BBC Sounds.
- Jeremy Corbyn reveals dossier 'proving NHS up for sale' — The Guardian.
- Reddit links UK-US trade talk leak to Russian influence campaign — TechCrunch.
- Corbyn v Johnson: BBC election debate round-up — YouTube.
- Stammer Time! — Cassetteboy on Twitter.
- The Inside Story of Labour's 'NHS For Sale' Leak — Motherboard.
- More proof NHS is up for sale as Amazon exploits NHS for free — TruePublica.
- Tweet by Rik Ferguson about his fragrant armpits — Twitter.
- nuud.
- Accused of Killing a Gambino Mob Boss, He’s Presenting a Novel Defense — The New York Times.
- Graham and Carole appear on the BeerConOne Stream — Twitch. Graham & Carole show up at about 1 hour 48 minutes into the show.
- The Beer Farmers raise funds for the Electronic Frontier Foundation and Mental Health Hackersy The Beer Farmers : BeerConOne. — GoFundMe.
- The Radio Adventures Of Dr. Floyd.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A biometric knuckle duster
4 december 2019 |
66 min
What is Kaspersky's ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer?
Plus we have a bonus feature interview with Rachael Stockton from Logmein, the folks behind LastPass, all about behavioral biometrics!
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/157 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Maria Varmazis and Rachael Stockton.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- "Eau de Eugene Kaspersky" — Smashing Security, episode 12.
- Kaspersky Labs - Packin' The K — YouTube.
- Thousands of taxpayers tell HMRC to delete voiceprint data it stored without consent — Graham Cluley.
- Hackers Have Stolen Almost Six Million US Government Fingerprints — Tripwire.
- Fingerprints are not the same as passwords — Graham Cluley.
- Face/Off trailer — YouTube.
- Picture of the (rather ugly) Kaspersky ring — Twitter.
- Kasperky's synthetic fingerprint ring — YouTube.
- This Ring Uses a Fake Fingerprint to Protect Your Biometric Data — PC Magazine.
- How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if you’ve never used Disney+ or NordVPN. — Derek Johnson.
- The Rise of “Bulletproof” Residential Networks — Krebs on Security.
- SmartPlay by NordVPN: What is it and how does it work? — NordVPN.
- Resident Evil: Understanding Residential IP Proxy as a Dark Service — XiangHang Mi.
- Alleged Music Hacker Indicted for Impersonating a Producer to Steal Unreleased Music — Hollywood Reporter.
- Hacker stole unreleased music and then tried to frame someone else — ZDNet.
- Manhattan U.S. Attorney Announces Charges Against Austin Man For Computer Hacking And Fraud Scheme To Steal Unreleased Music From Music Industry Professionals — Department of Justice.
- Why the f**k was I breached?
- President Nixon Never Actually Gave This Apollo 11 Disaster Speech. MIT Brought It To Life To Illustrate Power Of Deepfakes — WBUR News.
- Which Classic Toy Came First? — Mental Floss.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Better safe than Sony
27 november 2019 |
23 min
In this clip from a special bonus episode produced for our Patreon supporters, Graham Cluley and Carole Theriault discuss the 2014 hack of Sony Pictures - reportedly carried out by North Korea for the very oddest of reasons...
Visit https://www.smashingsecurity.com/156 to check out this episode’s show notes and episode links, and become one of our "bonus content" Patreon supporters to hear the full episode in all its glory, get early access to future episodes, occasional bonus content, and even receive stickers!
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening and Happy Thanksgiving!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Links:
- Hackers leak Hollywood salaries, embarrassing emails - PBS Newshour — YouTube.
- Did North Korea hack Sony? It seems hard to believe — Graham Cluley.
- Poor passwords at Sony, WikiLeaks shows with archive of hacked documents — Graham Cluley.
- The Interview Trailer (2014) — YouTube.
- U.S. Said to Find North Korea Ordered Cyberattack on Sony — The New York Times.
- Sony hackers failed to hide their North Korean IP addresses, says FBI — Hot for Security.
- NSA allegedly hacked North Korea's networks before Sony attacks — Graham Cluley.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Juice jacking, YouTube hacking, password slacking
20 november 2019 |
51 min
A bank has some of the worst password advice ever, travellers are told to be wary when USB charging their smartphones and laptops, and a gamer has his YouTube account hacked.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Geoff White.
Visit https://www.smashingsecurity.com/155 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Giorgio Bonfiglio tweets about Fineco's bizarre attitude to passwords — Twitter.
- This Bank Had the Worst Password Policy We've Ever Seen — Motherboard.
- NIST password guidelines.
- Officials warn about the dangers of using public USB charging stations — ZDNet.
- MarcoStyle on Twitter.
- A YouTuber With 350,000 Subscribers Was Hacked, YouTube Verified His Hacker — Forbes.
- Massive wave of account hijacks hits YouTube creators — ZDNet.
- Popular gaming channel MarcoStyle has been hacked for days, running scams, but YouTube isn't responding — Reclaim the net.
- How my Youtube Channel got hacked for 2 weeks — MarcoStyle on YouTube.
- The Crown — Netflix.
- Aberfan disaster — Wikipedia.
- Aberfan - 50 years on — WalesOnline.
- Cliff Michelmore eyewitness report from Aberfan — YouTube.
- Dolly Parton's America — WNYC Studios.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
A buttock of biometrics
13 november 2019 |
50 min
The UK's Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple's credit card is accused of being sexist, and what is Google up to with Project Nightingale?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Visit https://www.smashingsecurity.com/154 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: John Hawes.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- That "sophisticated" Labour cyber-attack - don't panic — Graham Cluley.
- General election 2019: Labour Party hit by second cyber-attack — BBC News.
- Election 2019: Security flaw leaves donors’ details online — The Times.
- Apple's 'sexist' credit card investigated by US regulator — BBC News.
- Apple's credit card caper probed over sexism claims – after women screwed over on limits — The Register.
- Google has access to detailed health records on tens of millions of Americans — Ars Technica.
- Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans — WSJ.
- Google buys Fitbit for $2.1 billion — Ars Technica.
- Smart condom ring i.Con is like a Fitbit for your man bits — CNET.
- The Missing Cryptoqueen — BBC Sounds.
- Undone — Amazon Prime.
- Speed Monopoly - How to Play in under 30 minutes! — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cybercrime doesn’t pay (but Uber does)
6 november 2019 |
50 min
The cybercrime lovebirds who hijacked Washington DC's CCTV cameras in the run-up to Donald Trump's inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.
Visit https://www.smashingsecurity.com/153 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Lisa Forte.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Ransomware attack impacted 70% of Washington DC police surveillance cameras — Graham Cluley.
- The Hapless Shakedown Crew That Hacked Trump’s Inauguration — Wall Street Journal.
- Eveline Cismaru's Instagram account.
- London Investment Bankers Charged in Insider-Trading Ring — Bloomberg.
- Trade-Secrets Case Linked to Google Seen as Warning to Silicon Valley — Wall Street Journal.
- Uber concealed massive hack that exposed data of 57m users and drivers — The Guardian.
- Uber's statement about its 2016 "Data Security Incident"
- Hackers who extorted Uber and LinkedIn plead guilty — ZDNet.
- Maersk: Springing back from a catastrophic cyber-attack — I-CIO.
- The Master Game — Wikipedia.
- BBC's The Master Game — The Kenilworthian.
- Gogglebox — Channel 4.
- Ndemic Creations, makers of Plague Inc.
- Plague Inc. trailer — YouTube.
- Plague Inc. — iOS App Store.
- Plague Inc. — Google Play.
- The great contemporary art bubble. BBC documentary - YouTube — YouTube.
- BBC art documentaries playlist — YouTube.
- Painters and artists documentaries — YouTube.
- Art documentaries playlist — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cats, hoodies, and rent
30 oktober 2019 |
54 min
What's the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
Visit https://www.smashingsecurity.com/152 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.
- Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.
- Code42: Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave.
- To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Security researcher gets access to all Xiaomi pet feeders around the world — ZDNet.
- Xiaomi crowdfunds the Furrytail Pet Smart Feeder with app control for 199 yuan ($28) — Gizmochina.
- How to say Xiaomi — BBC News.
- Xiaomi Furrytail Boss Cat Bed — YouTube.
- Remember that competition for non-hoodie hacker pics? Here's their best entries — The Register.
- Cybersecurity visuals challenge finalist catalog (PDF)
- SmartRent - Smart Apartment Solutions.
- Smart home tech can help evict renters, surveillance company tells landlords — CNet.
- SmartRent funding heralds new wave in 'smart home' market — Reuters.
- SmartRent's Privacy Policy.
- Sci-fi interfaces.
- Did Stanley Kubrick invent the iPad? — BFI.
- Factfulness: Ten Reasons We're Wrong About The World - And Why Things Are Better Than You Think by Hans Rosling — Amazon.
- The Joy of Stats, Hans Rosling's 200 countries, 200 years, 4 minutes — BBC Four.
- Joe Rogan Experience #1368 - Edward Snowden — YouTube.
- Joe Rogan Edward Snowden Podcast Interview Transcript: Rogan Spends Almost 3 Hours Interviewing Snowden.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Frankly, sometimes paying the ransom is a good idea
23 oktober 2019 |
56 min
Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn't the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, with a featured interview with Rachael Stockton from Logmein.
Visit https://www.smashingsecurity.com/151 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Rachael Stockton.
Sponsored By:
- Code42: Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave.
- To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing
- Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.
- Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Support Smashing Security on Patreon — Now also includes free stickers!
- RobbinHood ransomware attack brings down parts of City of Baltimore's computer network — Tripwire.
- Some Baltimore City Services Still Shut Down Due To Ransomware Attack — YouTube.
- Baltimore government could have lost its website last week. And not because of hackers — Baltimore Brew.
- Baltimore transfers $6 million to pay for ransomware attack; city considers insurance against hacks — Baltimore Sun.
- Baltimore IT department uses ‘mind-boggling,' outdated data storage method, audit finds
- Councilman “mind-boggled” by Baltimore City IT department ineptitude — Ars Technica.
- The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up — Techdirt.
- "Backin Up" by The Gregory Brothers — YouTube.
- Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping — Security Research Labs.
- Zoomquilt 2.
- Arkadia Zoomquilt.
- Historia Civilis — YouTube.
- 2019 Global Password Security Report — LastPass.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Liverpool WAGs, Facebook politics, and a selfie stalker
16 oktober 2019 |
51 min
Footballers' wives go to war over Instagram leaks, it turns out fake news is fine on Facebook (just so long as it's in a political ad), and things take a horrific turn in Japan, as a stalker uses a scary technique to find out where his pop idol lives.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/150 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- Code42: Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave.
- To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing
- Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.
- Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Tweet by Coleen Rooney on Twitter.
- Tweet by Rebekah Vardy on Twitter.
- Prince Harry launches phone-hacking case against Sun and Mirror owners — The Guardian.
- Mark Zuckerberg: An Elizabeth Warren presidency would 'suck' for Facebook — CNN.
- In leaked audio, Mark Zuckerberg rallies Facebook against critics, competitors, and Elizabeth Warren — The Verge.
- Elizabeth Warren Facebook ad mocks Facebook's fact checking policies — Engadget.
- Graham getting thrashed by Garry Kasparov — @gcluley on Twitter
- Stalker zoomed in on Japanese idol's eyes to find out where she lived — Graham Cluley.
- Obsessed fan finds Japanese idol's home by zooming in on her eyes — AsiaOne.
- Ni No Kuni: Wrath of the White Witch - Nintendo Switch Trailer — YouTube.
- Funny English Idioms - and why we say them! — YouTube.
- Vice — Amazon Prime.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Falling in love with fraudsters
9 oktober 2019 |
46 min
We take a trip to Staten Island, New York, to hear how a case of cyberstalking resulted in the arrest of 20 alleged mobsters, learn about the nude photo-loving insider threat at Yahoo, and discover how fraudsters might be boosting Match.com's profits.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ran Levi of the "Malicious Life" podcast.
Visit https://www.smashingsecurity.com/149 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Ran Levi.
Sponsored By:
- Code42: Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave.
- To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing
- Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.
- Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- The "You Think I'm Funny?" scene from "Goodfellas" — YouTube.
- 20 Defendants Charged with Crimes, Including Racketeering, Extortion, Loansharking — Department of Justice.
- Indictment against Joseph Amato and others (PDF) — Department of Justice.
- GPS cyberstalking of girlfriend brings surveillance and indictment for alleged American mobster — The Register.
- How to Find a GPS Tracker on Your Vehicle.
- Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts — Department of Justice.
- Former Yahoo engineer pleads guilty to searching 6,000 user accounts for nudes — The Verge.
- Using Match.com? Read this — FTC Consumer Information.
- Why Match.com allegedly luring lonely customers with fake ‘winks’ is just another form of ‘phishing’ — MarketWatch.
- Fembots land Ashley Madison in hot water with the FTC — Graham Cluley.
- Mark Lewisohn Official Website.
- Hornsey Road with Mark Lewisohn.
- The Beatles' Abbey Road (Super Deluxe Edition) — Spotify.
- Jigsaw Explorer — Online Jigsaw Puzzles.
- Criminal — Netflix.
- Criminal Review: Netflix Crime Drama With Parts Better Than the Whole — Collider.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Billboard boobs, face forensics, and Alexa gets way too personal
2 oktober 2019 |
50 min
Drivers are distracted by a hacked billboard, we take a deeper look at how the deepfake problem has... uh... deepened, and Carole is less than happy about Amazon's announcement about new Alexa integrations.
All this, an annoying goose, and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/148 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.
- Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Wonderbra 'Hello Boys' advert voted most iconic of all time — Daily Mail.
- Hello boys! The greatest billboard ads of all time — The Sun.
- Outdoor advertisements and signs: a guide for advertisers (PDF) — UK Government.
- Pornographic video plays on I-75 billboard, police investigating — WXYZ Detroit.
- Porn plays on I-75 billboard, police searching for suspects caught on video — Detroit Free Press.
- Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say — Motherboard.
- Xev Bellringer's filmography — IMDB.
- Two people broke into shed, hacked into computers to put pornography on billboard — WXYZ Detroit.
- Motorists warned of “Zombies Ahead” on hacked road sign — Naked Security.
- Motorists warned of Dalek invasion by hacked road sign — Naked Security.
- Hacked Seattle road sign says ‘Impeach the Bastard’ — Q13Fox.
- Hackers have been f**king with downtown LA's road signs — Graham Cluley.
- The FaceForensics dataset — GitHub.
- This Deepfake of Mark Zuckerberg Tests Facebook’s Fake Video Policies — Motherboard.
- The Deepfake Detection Challenge.
- Smashing Security episode 063 — The first time Maria discussed deepfakes.
- Amazon bolsters Alexa privacy after user trust takes a hit — CNET.
- Alexa’s new Echo eyeglasses and ring show big tech’s privacy conundrum — Vox.
- Amazon's Rekognition software lets cops track faces: Here's what you need to know — CNET.
- Amazon may soon be able to track your phone’s location, activists warn — Business Insider.
- Your Google history.
- Untitled Goose Game.
- Find wi-fi hotspots with hotspot directories — BT Wi-Fi.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Don't Snapchat and drive
25 september 2019 |
50 min
How is private medical data leaking onto the streets of Milton Keynes, what is widening the cybersecurity skills gap, and how is Australia controversially tackling the problem of drivers using their mobile phones?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.
Visit https://www.smashingsecurity.com/147 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Joe Carrigan.
Sponsored By:
- Detectify: Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers.
- Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectify
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- 50 reasons to love Milton Keynes (what, only 50?) — The Guardian.
- Logan's Run movie trailer — YouTube.
- Understanding Milton Keynes — YouTube.
- A Festival of Creative Urban Living.
- Tweet by @Costermk about "Utopia Station".
- Unshredded NHS records were dumped in a town centre to weigh down scaffolding at art festival — The Sun.
- Outrage as thousands of NHS patients' medical records are dumped in town centre — Daily Mail.
- The Cybersecurity Skills Gap Won't Be Solved in a Classroom — Forbes.
- Cybersecurity Skills Shortage Soars, Nearing 3 Million — (ISC)² Blog.
- What Cyber Skills Shortage? — Dark Reading.
- Australia Is Using New Technology to Catch Drivers on Phones — Time.com.
- Texting And Driving Statistics In America — Simply Insurance.
- Distracted Driving Worsens As Drivers Use Phones In Riskier Ways — Forbes.
- Restrictions on cell phone use while driving in the United States — Wikipedia.
- RAC research: dangerous phone use at the wheel rockets among some age groups — RAC.
- Really Rude Map.
- Shitterton comes on top of list of Britain's worst place names including Pratts Bottom, Crapstone and Slag Lane... but those who live there insist it's still a lovely place to live — Daily Mail.
- Heavens-Above.
- Shower Orange an Enlightenment of the Soul — Reddit.
- Carole's shower adventures with an orange — @caroletheriault on Twitter.
- Graham's shower adventures with a banana — @gcluley on Twitter.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Password secrets and baking brownies
18 september 2019 |
39 min
In the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault, Carole has suffered an injury, we journey back in time to one of our earliest episodes to discuss the perils of passwords, and Rachael Stockton from LastPass drops by for a chat.
Visit https://www.smashingsecurity.com/146 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Rachael Stockton and Vanja Švajcer.
Sponsored By:
- Detectify: Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers.
- Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectify
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Apple and Google willy wave while home assistants spy - DoH!
11 september 2019 |
44 min
Apple is furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by web security journalist John Leyden.
Visit https://www.smashingsecurity.com/145 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: John Leyden.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
Links:
- A very deep dive into iOS Exploit chains found in the wild — Google Project Zero.
- Google finds 'indiscriminate iPhone attack lasting years' — BBC News.
- A message about iOS security — Apple.
- Mobile & Tablet Operating System Market Share in China — Statcounter.
- Apple Disputes Google’s Claims of a Devastating iPhone Hack — Motherboard.
- What’s next in making Encrypted DNS-over-HTTPS the Default — Mozilla.
- Firefox DNS-over-HTTPS rollout starts later this month — The Daily Swig.
- ISP trade association backtracks on Mozilla ‘internet villain’ nomination — The Daily Swig.
- Apple apologises for allowing workers to listen to Siri recordings — The Guardian.
- Apple contractors 'regularly hear confidential details' on Siri recordings — The Guardian.
- Almost a quarter of Britons now own one or more smart home devices — YouGov.
- The Bright Side of Humans Eavesdropping on Your Alexa Recordings — Gizmodo.
- Smart Speakers That Listen When They Shouldn't — Consumer Reports.
- BetterTouchTool for Mac.
- The SwigCast — A security podcast from The Daily Swig, featuring John Leyden.
- The Wii — Wikipedia.
- Just Dance 4: Rock Lobster - The B-52's — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Google helps the FBI, Twitter Jack’s hijack, and car data woes
4 september 2019 |
52 min
Should Google really be helping the FBI with a bank robbery? What's the story behind the Twitter CEO claiming there's a bomb in their offices? And how much does your car really know about you?
And we mourn the loss of Doctor Who legend Terrance Dicks...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
Visit https://www.smashingsecurity.com/144 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Detectify: Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers.
- Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectify
Links:
- Feds ordered Google location dragnet to solve Wisconsin bank robbery — The Verge.
- Google reverse location search warrant.
- Manhattan DA Got Innocent People's Google Phone Data Through A 'Reverse Location' Search Warrant — Gothamist.
- Jorge Molina: Avondale police used Google data to wrongfully arrest me — AZCentral.
- About the Twitter CEO '@jack hack' — Graham Cluley.
- Trump says it 'shouldn't be too bad' if someone hacks his Twitter — Business Insider.
- Chuckle Brothers — Wikipedia.
- Wipe Data From Your Car Before Selling It — Consumer Reports.
- Connected Cars, Telematics and Connectivity-as-a-Service : What's the Future? — Dataconomy.
- It looks like tech-savvy drivers will have to lead connected car data purge — The Register.
- It’s too easy to steal a second‑hand connected car — We Live Security.
- Doctor Who writer Terrance Dicks dies, aged 84 — Radio Times.
- Terrance Dicks inspired me to write – and not to feel ashamed of my stammer — New Statesman.
- Terrance Dicks obituary — The Guardian.
- On The Outside It Looked Like An Old Fashioned Police Box... — A radio documentary about the Doctor Who novelisations, many of which were written by Terrance Dicks.
- Cybercrime Investigations podcast — Features some chap called Geoff White.
- Elisabeth Schwarzkopf's appearance on the BBC's Desert Island Discs, 1958 — Where she chooses seven of her own songs.
- Intelligence Squared podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians
28 augusti 2019 |
44 min
Was a cybercrime committed on the International Space Station? What on earth were Ukrainian scientists thinking when they plugged a nuclear power station into the internet? And someone has cloned Canadian clinical psychologist Jordan Peterson's voice...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/143 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- NASA Astronaut Anne McClain Accused by Spouse of Crime in Space — The New York Times.
- Space Station's Data Rate Increase Supports Future Exploration — NASA.
- Astronaut Anne McClain denies cybercrime allegations — @AstroAnnimal on Twitter.
- The Moon is Covered With 400,000 Pounds of Human Trash — Interesting Engineering.
- Lunar Roving Vehicle (LRV) — National Air and Space Museum. (Apparently it's top speed is a paltry 8 miles per hour, not the 17 miles per hour Graham claimed)
- Ukraine: Crypto Miners Arrested for Compromising Nuclear Plant Security — Coin Telegraph.
- A Site Faking Jordan Peterson's Voice Shuts Down After Peterson Decries Deepfakes — Motherboard.
- I Didn't Say That — Jordan Peterson.
- To fix the problem of deepfakes we must treat the cause, not the symptoms — The Guardian.
- Dr Jordan Peterson with Kermit the Frog — Twitter.
- Portsmouth Sinfonia — Wikipedia.
- Portsmouth Sinfonia perform "Also sprach Zarathustra" — YouTube.
- Portsmouth Sinfonia Plays the Popular Classics — YouTube.
- The Eden Project.
- Lebanese Mountain Bread Recipe — AllRecipes.com
- Sourdough No-Knead Bread Recipe — The New York Times.
- Japanese Milk Bread Rolls recipe — King Arthur Flour.
- My Best Sourdough Recipe — The Perfect Loaf.
- Common Bread Baking Calculators — The Perfect Loaf.
- Beginner's Sourdough Bread — The Perfect Loaf.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Mercedes secret sensors, smart cities, and ransomware runs riot
21 augusti 2019 |
50 min
Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the security threats impacting smart cities, and a new feature coming to your Facebook app.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/142 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jack Rhysider.
Sponsored By:
- Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.
- Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Mercedes spies on drivers by secretly installing tracking devices in cars and passing information to bailiffs — The Sun.
- Three-unique-words 'map' used to rescue mother and child — BBC News.
- Rolling a Reliant Robin - Top Gear — YouTube.
- Ransomware Attack Affects Computers In 22 Towns In Texas — NPR.
- What Is A Smart City? — ComputerWorld.
- Access the latest smart city tenders — Bee Smart City.
- Hacking 20% of cars could freeze traffic in NYC, study finds — Smart Cities Dive.
- Lack of Critical Infrastructure Cybersecurity Investments in Smart Cities will Seed the Future IoT Vulnerabilities — ABI research.
- Facebook to stop stalking you off-site - but only if asked — BBC News.
- Now You Can See and Control the Data That Apps and Websites Share With Facebook — Facebook News Room.
- Off-Facebook Activity: Control your information — Facebook.
- Smashing Security #075: Quitting Facebook.
- Amazon.com: Logitech M705 Marathon Wireless Mouse — Amazon.
- 40 brilliant idioms that simply can’t be translated literally — TED Blog.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Black Hat and Bridezillas
14 augusti 2019 |
52 min
Say cheese to ransomware on your camera! A sponsored speech at Black Hat causes uproar, and should you trust that Lightning cable you're about to plug into your MacBook?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/141 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Say Cheese: Ransomware-ing a DSLR Camera — Check Point Research.
- Ransomware on a DSLR Camera — YouTube.
- Security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions — Canon.
- Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference — Motherboard.
- Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' — PC Magazine.
- Crown Sterling Presents: TIME AI — YouTube.
- Crown Sterling Issues Statement Regarding Recent Allegations Made at Black Hat 2019 — Business Wire.
- These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer — Motherboard.
- O.MG cable.
- Remain Seated Please - The Hoot and Chief Story (Epcot Horizons) — YouTube.
- The true story of the unauthorized, daredevil documentation of the Horizons ride at Disney World — Dangerous Minds.
- Bathtubs over Broadway — Netflix.
- Bathtubs over Broadway - Official Trailer — YouTube.
- The Amelia Project podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Love, PINs, and 8chan
7 augusti 2019 |
55 min
Is the PIN you use for your bank card secure? How did one woman get duped into giving a romance scammer $200,000? And Cloudflare and other online services take aim at a vile corner of the internet...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/140 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
Links:
- Most Common iPhone Passcodes — Daniel Amitay.
- We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly — Monzo.
- 500,000 Monzo banking customers told to change their PINs — Graham Cluley.
- Terminating Service for 8Chan — Cloudflare.
- 8chan struggling to stay online after its alleged use by El Paso shooting suspect — CNN.
- Online dating apps and websites the most common way to meet — 9to5Mac.
- Woman says a man she met on Tinder swindled her out of $200K: 'He didn't just dump you, he never existed' — ABC News.
- Cyber Actors Use Online Dating Sites To Conduct Confidence/Romance Fraud And Recruit Money Mules — Internet Crime Complaint Center (IC3).
- The Boys trailer — YouTube.
- The Boys — Amazon Prime.
- Camelcamelcamel.
- “Conviction,” Reviewed: A Bronx P.I. Pursues Justice, and Glory — The New Yorker.
- Conviction podcast — Gimlet.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Capital One hacked, iMessage flaws, and anonymity my ass!
31 juli 2019 |
48 min
Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and are introduced to... Penelope?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole 'Penelope' Theriault, joined this week by technology broadcaster David McClelland.
Visit https://www.smashingsecurity.com/139 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Woman arrested after Capital One hack spills personal info on 106 million — Tripwire.
- South Seattle woman arrested, charged in massive data breach of Capital One — The Seattle Times.
- Love Bug suspect speaks — BBC News speaks to the author of the Michael-B Word macro virus.
- United States vs Paige A Thompson (PDF)
- Ranji Sinha on Twitter: "Managed to get video of the raid in Seattle that lead to the arrest of Paige Thompson" — Twitter.
- Capital One Hit With First Class Action Over Security Breach — Bloomberg.
- Google reveals fistful of flaws in Apple's iMessage app — BBC News.
- Google researchers disclose vulnerabilities for 'interactionless' iOS attacks — ZDNet.
- Earn up to $200,000 as Apple *finally* launches a bug bounty — Graham Cluley.
- Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone — Black Hat USA 2019
- Your Data Were ‘Anonymized’? These Scientists Can Still Identify You — New York Times.
- Estimating the success of re-identifications in incomplete datasets using generative models — Nature.
- Hackers breach FSB contractor, expose Tor deanonymization project and more — ZDNet.
- The Legend of Zelda: Breath of the Wild — Wikipedia.
- The Making of The Legend of Zelda: Breath of the Wild – The Beginning — YouTube.
- Steve Jobs book by Walter Isaacson — Simon & Schuster
- The Innovators by Walter Isaacson — Simon & Schuster
- What knowledge might save your life one day? — Reddit.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Logic bombs, brain data exploitation, and Digga D tweets
24 juli 2019 |
50 min
Logic bombs in Excel spreadsheets, how should we protect our brain data from big companies, and how did bizarre messages about Drill rap end up on the Metropolitan Police's Twitter account and website?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BJ Mendelson.
Visit https://www.smashingsecurity.com/138 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: B J Mendelson.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Tinley Consulting's website.
- The meaning and origin of 'Come a cropper'.
- Siemens contractor pleads guilty to planting logic bomb in company spreadsheets — ZDNet.
- Brain data regulation — Practical Ethics, University of Oxford.
- Monkey uses brain to control prothetic arm — YouTube.
- Neuralink and the Brain's Magical Future — Wait But Why.
- Kernel is trying to hack the human brain - but neuroscience has a long way to go — The Verge.
- No, the Met Police wasn't hacked. But its Twitter account and website were hijacked — Graham Cluley.
- The war against rap: censoring drill may seem radical but it's not new — The Guardian.
- Katie Hopkins got her Twitter hacked - you had best continue ignoring her — Graham Cluley.
- Sorry for the Nazi spam from my Twitter account — Graham Cluley.
- Animated Knots by Grog.
- Expel your shallow human form and offer it up to new Garfield! — /r/imsorryjon on Reddit.
- Garfield minus Garfield.
- French inventor to attempt to cross Channel on jet-powered flyboard — The Guardian.
- Spider-Man vs Green Goblin — YouTube.
- 'Like a damp towel on a line': the day Boris Johnson got stuck on a zip wire — The Guardian.
- B.J. Mendelson on Patreon.
- Smashing Security on Patreon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Porn trolling lawyers, Insta hacking, and Ctrl-Alt-LED
17 juli 2019 |
44 min
Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after a researcher finds a simple way to hack into anybody's account.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/137 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- CTRL-ALT-LED: Leaking Data from Air-Gapped Computers Via Keyboard LEDs — IEEE.
- Academics steal data from air-gapped systems via a keyboard's LEDs — ZDNet.
- How I Could Have Hacked Any Instagram Account — The Zero Hack.
- How any Instagram account could be hacked in less than 10 minutes — Hot for Security.
- Takeru Kobayashi - hotdog-eating world record holder — Wikipedia.
- Smashing Security 092: Hacky sack hack hack.
- Porn pirating lawyer jailed for five years — BBC News.
- Stiff penalty: Prenda Law copyright troll gets 14 years of hard time for blue view 'n sue scam — The Register.
- Prenda Law boss John Steele to miss 2020 Olympics... unless they show it in prison — The Register.
- InspiroBot.
- What football will look like in the future — (Maria says don't try to read it on your smartphone)
- The Life Of A Rock.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Oops, we created Iran's hacking exploit
10 juli 2019 |
50 min
Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.
Visit https://www.smashingsecurity.com/136 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Charl van der Walt.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
Links:
- Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
- Zoom Mac flaw allows webcams to be hijacked - because they wanted to save you a click — Graham Cluley.
- USCYBERCOM Malware Alert on Twitter.
- CISA Statement on Iranian Cybersecurity Threats — Department of Homeland Security.
- Patch for Microsoft Outlook security vulnerability.
- U.S. Military Warns Outlook Users To Update Immediately Over Hack Linked To Iran — Forbes.
- U.S. Cyber Command Shares Malware via VirusTotal — SecurityWeek.
- Steve Buscemi Swapped On Jennifer Lawrence — YouTube.
- Fake voices 'help cyber-crooks steal cash' — BBC News.
- New AI deepfake app creates nude images of women in seconds — The Verge.
- Horrifying DeepNude App Undresses a Photo of Any Woman With a Single Click — Motherboard.
- Learn how to spot deepfake videos — Slate.
- 507 Mechanical Movements.
- ‘Born a Crime,’ Trevor Noah’s Raw Account of Life Under Apartheid — The New York Times.
- The global tree restoration potential — Science.
- How to erase 100 years of carbon emissions? Plant trees—lots of them — National Geographic.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Zombie grannies and unintended leaks
3 juli 2019 |
56 min
We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.
Visit https://www.smashingsecurity.com/135 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Oli Skertchly.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- This scary game app is coming for your credentials — Wandera.
- App vetting: How do you measure the risk level of risky apps? — Wandera.
- The not so ultra lock — Pen Test Partners.
- Cat playing the flute — Twitter.
- Proposing a 'Declaration of Digital Independence' — Wired.
- Declaration of Digital Independence — Larry Sanger.
- @[email protected] — Follow Graham on Mastodon.
- The Fediverse — Wikipedia.
- Apollo 11 in Real-time.
- Dark — Netflix.
- Amazon reviews of the Chillow cooling pillow.
- The Best Cooling Pillows for Night Sweats — Health.com.
- Oli Skertchly on Instagram.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Sextortion, silicone face masks, and a DDoS doofus
26 juni 2019 |
47 min
Scammers steal millions by impersonating a French politician, we offer fashion tips for DDoS attackers, and hear how a small town fought a sextortionist preying on young women.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
Visit https://www.smashingsecurity.com/134 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jessica Barker.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Edgewise Networks: Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure.
- Learn more and get a free trial at edgewise.net.
Links:
- Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail — ZDNet.
- 18 maanden cel voor hacker die website Crelan en pizzeria plat legde — HLN.
- The fake French minister in a silicone mask who stole millions — BBC News.
- He Cyberstalked Teen Girls for Years—Then They Fought Back — Wired.
- Childline — A counselling service for children and young people in the UK.
- Cyberbullying information — FTC.
- Information and resources to curb the growing problem of cyberbullying — National Crime Prevention Council.
- The Coddling of the American Mind.
- Depression, anxiety, suicide increase in teens and young adults, study finds — CBS News.
- Dreyer's English by Benjamin Dreyer — Penguin Random House.
- Stay Tuned: The Laws of Language (with Ben Dreyer).
- The Defiant Ones (trailer) — YouTube.
- The Defiant Ones — HBO.
- myNoise.net
- NCSC CyberThreat 2019 (London, GB).
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Cookie cock-ups, Hong Kong protests, and smart TV virus scans
19 juni 2019 |
56 min
We head to Hong Kong to look at how technology has helped anti-government protesters (and how China has tried to disrupt it), Samsung is skittish over whether to tell TV owners to virus-scan their devices, and you won't believe whose website is not GDPR-compliant.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson.
Visit https://www.smashingsecurity.com/133 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language. "Chickens!"
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: James Thomson.
Sponsored By:
- Edgewise Networks: Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure.
- Learn more and get a free trial at edgewise.net.
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Information about Cookies — ICO.
- All About Do Not Track.
- Apple is removing the Do Not Track toggle from Safari, but for a good reason — Macworld.
- Google Chrome privacy extension hasn't been updated for years — Graham Cluley.
- Tweet by Adam Rose — Twitter.
- Cookie Control plugin — Civic.
- China social media: WeChat and the Surveillance State — Stephen McDonell, BBC News.
- DDoS attack that knocked Telegram secure messaging service offline — Tripwire.
- Inside China's 'thought transformation' camps — BBC News.
- Scan your TV to prevent malware — Samsung.
- Samsung Deletes Frightening Tweet Warning That Its Smart TVs Can Get Viruses — Gizmodo.
- Samsung: Here's how we're securing your smart TV — ZDNet.
- Is the CIA's Weeping Angel spying on TV viewers? — Graham Cluley.
- Samsung's Android Replacement Is a Hacker's Dream — Motherboard.
- All of the Mueller report’s major findings in less than 30 minutes — PBS NewsHour, YouTube.
- СтопХам - Урок географии — YouTube.
- Where Mimes Patrolled the Streets and the Mayor Was Superman — New York Times.
- Documentaries - watch free online documentaries — IHaveNoTV.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
CBP cyber attack, an iPhone privacy boost, and Twitter list abuse
12 juni 2019 |
48 min
United States Customs and Border Protection had sensitive data stolen, but the hackers didn't have to breach its network. Apple has ambitious plans to make iPhone users safer online. And trolls are using Twitter lists to target their victims.
All this and much much more is discussed in the latest edition of the MULTI-AWARD-WINNING "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Visit https://www.smashingsecurity.com/132 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- Edgewise Networks: Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure.
- Learn more and get a free trial at edgewise.net.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Smashing Security named the Best Security Podcast — Graham Cluley.
- U.S. Customs and Border Protection says photos of travelers into and out of the country were recently taken in a data breach — Washington Post.
- Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online — The Register.
- US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped — The Register.
- Tweet from Sam Soffes.
- Apple previews iOS 13 — Apple.
- Sign In with Apple human user interface guidelines — Apple.
- How trolls use Twitter lists to target and harass other users — CNBC.
- Trolls get tricky on Twitter with targeted harassment lists — Kim Komando.
- 10 hours worth of the original Firestorm TV series (Japanese, with English subtitles) — YouTube.
- Gerry Anderson’s Firestorm Exclusive FULL Minisode — YouTube.
- Gerry Anderson's Firestorm — A brand new science fiction series from the creator of Thunderbirds (or, more precisely, his son).
- AITA — Reddit.
- Ecosia - the search engine that plants trees.
- Ecosia privacy policy and the data it collects.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Zap yourself from the net, and patch now against BlueKeep
5 juni 2019 |
34 min
Microsoft issues warning to unpatched Windows users about worm risk, and how do you delete all traces of yourself off the internet after you murder your podcast co-host?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who aren't joined by a special guest this week.
Visit https://www.smashingsecurity.com/131 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- WannaCry ransomware hits systems worldwide — Graham Cluley.
- WannaCry - Who's to blame? — Smashing Security #021.
- Remote Desktop Services Remote Code Execution Vulnerability CVE-2019-0708 — Microsoft.
- A Reminder to Update Your Systems to Prevent a Worm — Microsoft.
- Microsoft practically begs Windows users to fix wormable BlueKeep flaw — Ars Technica.
- Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708) — Errata Security.
- Intense scanning activity detected for BlueKeep RDP flaw — ZDNet.
- Greatest Love Of All (Official Music Video) - Whitney Houston — YouTube.
- DeleteMe.
- Deseat.me.
- Removing Content From Google.
- I want to know how to go about deleting everything about myself online — Reddit.
- Remove yourself from the internet, hide your identity, and erase your online presence — ZDNet.
- Chernobyl Trailer — YouTube.
- The 23-Year-Old Woman Who Pioneered Investigative Journalism — The Atlantic.
- Undercover in an Insane Asylum: How a 23-Year-Old Changed Journalism — YouTube.
- Nellie Bly — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Doctored videos, Bcc blunders, and a diva
30 maj 2019 |
48 min
You won't believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware... and how Carole gets her diva on.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who aren't joined by a guest this week.
Visit https://www.smashingsecurity.com/130 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Final chance to vote for Smashing Security!
- Apple Podcasts New & Noteworthy, What’s Hot Sections Are Back — Kate Erickson.
- When selling security awareness training by email, probably a good shout not to hit 'reply all' — The Register.
- Ghostery Email Incident Update — Ghostery.
- NHS IT bod sends test email to 850k users – and then responses are sent 'reply all' — The Register.
- Google mistakes the entire NHS for massive cyber-attacking botnet — The Register.
- UK NHS 850k Reply-all email fail: State health service blames Accenture — The Register.
- BCC warning when emailing to many TO/CC recipients — SafeSend.
- SendGuard for Outlook.
- Privacywaakhond AP blundert met cc-knop — Computable.
- Tweet by Jeroen Terstegge.
- Canada Plans Fines for Tech Companies That Spread Disinformation — Motherboard.
- #DeleteFacebook: Twitter Users Urge People To Deactivate Accounts After Fake Nancy Pelosi Video Goes Viral — Newsweek.
- Half of European voters may have viewed Russian-backed ‘fake news’ — Politico.
- Inside Facebook's war room: the battle to protect EU elections — The Guardian.
- The Nancy Pelosi Videos Are Part of a Long GOP Campaign — The Atlantic.
- Mona Lisa 'brought to life' with deepfake AI — BBC News.
- The Persistence Of Chaos — Guo O Dong.
- Samantha-Antoinette Smith.
- Samantha Antoinette - Don't You Know Baby - Copenhagen Blues Festival 2016 — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Too Long; Didn't Listen
22 maj 2019 |
52 min
Don't hire a hacker, they might scam you! What works and what doesn't when it comes to protecting your email account? And China's controversial social credit system comes under the microscope.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/129 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security in the EU Security Blogger Awards
- "How to hack a Facebook account..." - how on earth to answer? — Graham Cluley.
- Hack for Hire: Exploring the Emerging Marketfor Account Hijacking — Report from University of California, San Diego and Google.
- Google research: Most hacker-for-hire services are frauds — ZDNet.
- New research: How effective is basic account hygiene at preventing hijacking — Google Online Security Blog.
- The complicated truth about China's social credit system — Wired.
- China bans 23m from buying travel tickets as part of 'social credit' system — The Guardian.
- Is China’s social credit system as Orwellian as it sounds? — MIT Technology Review.
- Opinion: Why India needs to be wary of China-style social credit ratings — LiveMInt.
- Mihail Tal vs. Vassily Smyslov // Sacrificial Maniac vs. Positional Maestro — YouTube.
- Outray Chess — YouTube.
- What We Left Behind: Looking Back at Star Trek: Deep Space Nine — A documentary film produced by 455 Films.
- DS9 Doc Heads To Uk & Ireland - List of Locations — TrekSphere.
- Joe Rogan — Wikipedia.
- Tesla’s Elon Musk smokes weed on Joe Rogan podcast, havoc ensues - Vox — Vox.
- Faux Rogan — Can you tell which are real or fake (Faux Rogan)?
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Shackled ankles, photo scrapes, and SIM card swaps
15 maj 2019 |
51 min
A bad software update causes big headaches for Dutch police, but brings temporary freedom to criminals. SIM swaps are in the news again as fraudsters steal millions. And does your cloud photo storage service have a dirty little secret?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rip Off Britain's David McClelland.
Visit https://www.smashingsecurity.com/128 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- Gartner: Gartner's Security & Risk Management Summit, running from June 17-20 2019 in National Harbor, Maryland, is the premier cybersecurity conference for CISOs, IT Security & Risk Professionals. Get the latest unbiased research and advice on cyber attacks, and emerging technologies including AI, blockchain, machine-learning and more.
- Visit smashingsecurity.com/gartner to find out more. Smashing Security listeners can save $350 off the standard registration rate by using the code "SMASHING". Promo Code: SMASHING
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security in the EU Security Blogger Awards
- Software update crashes police ankle monitors in the Netherlands — ZDNet.
- Irishman facing more than 100 years in US prison for alleged $2.5m cryptocurrency fraud — Independent.ie
- U.S. investor awarded $75 million in cryptocurrency crime case — Reuters.
- The SIM Swap Fix That the US Isn't Using — Wired.
- Everalbum Photo Organizing App — YouTube.
- Facial recognition's 'dirty little secret': Millions of online photos scraped without consent — NBC News.
- Everalbum Review — Good Housekeeping.
- OverSimplified — YouTube.
- CGP Grey — YouTube.
- The Difference between the United Kingdom, Great Britain and England Explained — YouTube.
- BBC One - Rip Off Britain, Series 11, Episode 3 — BBC iPlayer.
- All The Stations.
- Get a Spine! — This American Life.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
I do love the Dutch
8 maj 2019 |
45 min
Israel strikes back at Hamas's hacking HQ, a new sextortion email comes with a twist, and Carole saves the world with some help from hacked Roomba vacuum cleaners.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Malicious Life's Ran Levi.
Visit https://www.smashingsecurity.com/127 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Ran Levi.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Gartner: Gartner's Security & Risk Management Summit, running from June 17-20 2019 in National Harbor, Maryland, is the premier cybersecurity conference for CISOs, IT Security & Risk Professionals. Get the latest unbiased research and advice on cyber attacks, and emerging technologies including AI, blockchain, machine-learning and more.
- Visit smashingsecurity.com/gartner to find out more. Smashing Security listeners can save $350 off the standard registration rate by using the code "SMASHING". Promo Code: SMASHING
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- New Extortion Email Scam Threatens to Release Your Sex Tape — Bleeping Computer.
- Here's what an Ashley Madison blackmail letter looks like — Graham Cluley.
- Suicide and Ashley Madison — Graham Cluley.
- Israel bombs building containing alleged Hamas hackers — Graham Cluley.
- IDF says it thwarted a Hamas cyber attack during weekend battle — Times of Israel.
- Israel: Hamas Tried to Spy on Soldiers With Fake Dating Apps — Bloomberg.
- Ransomware attack on Israeli users fails miserably due to coding error — ZDNet.
- Michael Reeves on Twitter.
- A Robot That Picks Tomatoes Out of Your Salad — YouTube.
- A Robot That Shoots Energy Drink at You When You Get Tired — YouTube.
- Consumption of Tide Pods — Wikipedia.
- The Roomba That Screams When it Bumps Into Stuff — YouTube.
- This Person Does Not Exist.
- Have they faked me?
- Drugslab — YouTube.
- The Hows and Whys of Influencing People — Reddit.
- How Master Manipulators Conceal Their Intentions — Kletische.
- How to Win Friends and Influence People — Wikipedia.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Zombie chickens and fast-food victims
1 maj 2019 |
49 min
What's the worst that can happen if you join a Hollywood hard man's Facebook page? What drove a man to hijack a website's name at gunpoint? And can you solve the mystery of the Canadian Hamburglar?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Mark Stockley.
Visit https://www.smashingsecurity.com/126 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- Gartner: Gartner's Security & Risk Management Summit, running from June 17-20 2019 in National Harbor, Maryland, is the premier cybersecurity conference for CISOs, IT Security & Risk Professionals. Get the latest unbiased research and advice on cyber attacks, and emerging technologies including AI, blockchain, machine-learning and more.
- Visit smashingsecurity.com/gartner to find out more. Smashing Security listeners can save $350 off the standard registration rate by using the code "SMASHING". Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
Links:
- Fraudster poses as Jason Statham to steal victim's money — BBC News.
- Nine men arrested in United States for stealing millions through business email compromise and romance scams — Graham Cluley.
- Twitter Hack: Part Of Broader Iranian Strategy — TechCrunch.
- Hackers Hit Google Palestine and Defaced the Front Page — Gizmodo.
- Gunpoint domain hijack turns out to have been a family affair — Naked Security.
- Jury Convicts Social Media Entrepreneur in Plot to Hijack Internet Domain — Department of Justice.
- Hamburglar strikes again, feasts on $2,000 in meals using customer's McDonald's app — CBC News.
- McDonalds UK TV Advert 1983 featuring Hamburglar — YouTube.
- How Animators Created the Spider-Verse | WIRED — YouTube.
- How 'Spider-Man: Into The Spider-Verse' Was Animated | Movies Insider — YouTube.
- Cool Math.
- IQ Ball — Carole's favourite game on Cool Math.
- CoolMath4Kids.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Pick of the thief!
24 april 2019 |
47 min
WannaCry's "accidental hero" pleads guilty to malware charges, Samsung and Nokia have fingerprint fumbles, the NCSC publishes a list of 100,000 dreadful passwords, and Apple finds itself at the centre of an identity mix-up.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: John Hawes.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- "Gents! Stop airdropping your pics!" — Smashing Security episode 038, where we discussed the arrest of Marcus Hutchins.
- Marcus Hutchins plea agreement — PDF
- Statement from Marcus Hutchins (aka MalwareTech)
- "Stick to the good side." — Marcus Hutchins on Twitter.
- The Samsung Galaxy S10's ultrasonic fingerprint scanner is hacked — Graham Cluley.
- Video of Nokia 9's fingerprint sensor failure — Decoded Pixel on Twitter.
- Nokia 9 buggy update lets anyone bypass fingerprint scanner with a pack of gum — ZDNet.
- Most hacked passwords revealed as UK cyber survey exposes gaps in online security — NCSC.
- Facebook hoovered up 1.5 million users' email contacts without permission... "unintentionally" — Graham Cluley.
- Facebook: we logged 100x more Instagram plaintext passwords than we thought — Naked Security.
- Second Payment Services Directive (PSD2): 8 things businesses needs to know — Information Age.
- Teen sues Apple over accusations of Apple Store thefts — 9to5Mac
- Student Sues Apple for $1 Billion, Blames Face-Recognition Tech for False Arrest — Insurance Journal.
- Thunderbirds - 50th Anniversary Specials — Century 21 films
- Thunderbirds 1965 - Documentary — YouTube.
- Clash Royale: Enter the Arena.
- Oxfordshire Artweeks.
- Details of Carole and John's exhibition — Oxfordshire Artweeks.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Poisoned porn ads, the A word, and why why why Wipro?
17 april 2019 |
53 min
The hacker who lived the high life after spreading malware via porn sites, Wipro demonstrates how to turn a cybersecurity crisis into a PR disaster, and why are humans listening in to your Alexa conversations?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Brian Honan.
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Brian Honan.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
Links:
- Hacker from Russian crime group jailed for multi-million pound global blackmail conspiracy — NCA.
- The No More Ransom Project.
- Experts: Breach at IT Outsourcing Giant Wipro — Krebs on Security.
- Statement from Wipro Limited confirming security breach.
- TalkTalk phone scams: arrests made at Indian call center — Graham Cluley.
- How Not to Acknowledge a Data Breach — Krebs on Security.
- "The Wipro quarterly earnings call would have gone really well if that pesky @briankrebs hadn't shown up... " — Graham Cluley on Twitter.
- Smart speaker recordings reviewed by humans — BBC News.
- Is Anyone Listening to You on Alexa? A Global Team Reviews Audio — Bloomberg.
- How to stop Amazon from listening to what you say to Alexa — CNBC.
- Judge orders Amazon to turn over Echo recordings in double murder case — TechCrunch.
- Klokken minutt for minutt — NRK TV.
- 3-year-old's password fail locks iPad for 25,536,442 minutes — UPI.
- Nominate your favourite security podcast/blog/tweeter etc — EU Security Blogger Awards 2019.
- Nudes mug — The Unemployed Philosophers Guild.
- Bob Ross mug — The Unemployed Philosophers Guild.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Backups - a necessary evil? (replay)
10 april 2019 |
31 min
With Graham incapacitated, we drag an episode out from the archives. In this special "splinter" episode of the "Smashing Security" podcast from September 2017 we tackle the tricky subject of backups - When did you last backup your data? How and what should you backup? And where should you store them?
Lots of questions and Graham gets to do his Tina Turner impression.
All this and more is discussed in this edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Tina Turner - Private Dancer — YouTube.
- The Baranton Sisters foot juggling tables — YouTube.
- How to create a robust data backup plan (and make sure it works)
- How to back up your iPhone, iPad, and iPod touch — Apple Support.
- How to back up your Android phone or tablet: The ultimate guide — Android Central.
- Crashplan stops offering its consumer backup solution
- Carbonite cloud backup
- Backblaze Online Backup
- Mozy Cloud Storage & Backup
- Amazon Glacier
- CloudBerry Lab - Cross-Platform Cloud Backup
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The big fat con at Office Depot
3 april 2019 |
49 min
Office Depot and OfficeMax are fined millions for tricking customers into thinking their computers were infected with malware, car alarms can make your vehicle less secure, and facial recognition in apartment blocks comes under the microscope.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Is Office Depot diagnosing non-existent computer problems? — YouTube.
- Office Depot and Tech Support Firm Will Pay $35 Million to Settle FTC Allegations That They Tricked Consumers into Buying Costly Computer Repair Services — FTC.
- Alarming vulnerabilities in automotive security systems — The Cyberwire.
- Gone in six seconds? Exploiting car alarms — Pen Test Partners.
- The Landlord Wants Facial Recognition in Its Rent-Stabilized Buildings. Why? — New York Times.
- Brooklyn Landlord Wants To Install Facial Recognition Tech At Rent-Stabilized Complex — Gothamist.
- New key-less Moscow apartments use facial recognition to open doors and elevators — Achinect.
- Study finds gender and skin-type bias in commercial artificial-intelligence systems — MIT News.
- The woman who doesn't feel pain — BBC News.
- TVR Exploring — YouTube.
- Lost Dutchman's Gold — BBC Games Archive.
- Dirty John: The Dirty Truth — Netflix.
- A Complete Timeline of the Events of Dirty John — Harper's Bazaar.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hijacked motel rooms, ASUS PCs, and leaky apps
27 mars 2019 |
48 min
An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- Mimecast: Grab your FREE Cybersecurity Awareness Training Kit from Mimecast, and share it throughout your company. Give your employees the information they need to make the best cybersecurity decisions.
- Get your free kit at smashingsecurity.com/mimecast
Links:
- Varmazis.gr - The hot sauce factory.
- This Spyware Data Leak Is So Bad We Can't Even Tell You About It — Motherboard.
- A family tracking app was leaking real-time location data — TechCrunch.
- Popular family tracking app exposed real-time location data onto the internet – no password required — Hot for Security.
- Hosting Provider Finally Takes Down Spyware Leak of Thousands of Photos and Phone Calls — Motherboard.
- security.txt | A proposed standard which allows websites to define security policies.
- Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers — Motherboard.
- Operation ShadowHammer — Kaspersky.
- Shadow Hammer APT MAC Check.
- ASUS Settles FTC Charges That Insecure Home Routers and “Cloud” Services Put Consumers’ Privacy At Risk — Federal Trade Commission.
- ASUSFourceUpdater.exe is trying to do some mystery update, but it won't say what... — Reddit.
- Asus implements fix for malware attack — Reuters.
- ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups.
- Passion for life: Self-expansion and passionate love across the life span — Journal of Social and Personal Relationships.
- So THAT'S Why Hotel Sex Is So Much Better Than At Home — Huffington Post.
- South Korea arrests two for spy cameras that livestreamed 1,600 motel guests — Reuters.
- Zach King magic tricks — YouTube.
- Killed by Google - The Google Graveyard & Cemetery.
- Outline - Read & annotate without distractions.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Silk Road with Deliveroo
20 mars 2019 |
48 min
Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Paul Ducklin.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
Links:
- 'It's like Uber, but for weed': Meet the man who revolutionized Israel's pot trade — Haaretz.
- Israel Police arrest top members of Telegrass online drug ring — Haaretz.
- Sources: Telegrass head cooperating with police — YNet News.
- You left WHAT on that USB drive?! — Naked Security.
- Cult of the Dead Cow — Wikipedia.
- Back Orifice — Wikipedia.
- Beto O’Rourke’s secret membership in America’s oldest hacking group — Reuters.
- Beto O’Rourke acknowledges involvement with hacking group as teen — The Texas Tribune.
- Behind the Curve.
- Behind the Curve - Official Release Trailer — YouTube.
- Serious Security: What we can all learn from PiDay — Naked Security.
- Drawabox — A free, exercise based approach to learning the fundamentals of drawing.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hijacked homes, porn passports, and ransomware regret
13 mars 2019 |
54 min
A $150 million mansion is hijacked online, Brits will soon have to scan their passport to watch internet porn, and are organisations right to pay up when hit by ransomware?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Mimecast: Grab your FREE Cybersecurity Awareness Training Kit from Mimecast, and share it throughout your company. Give your employees the information they need to make the best cybersecurity decisions.
- Get your free kit at smashingsecurity.com/mimecast
Links:
- What Is a Zillow Zestimate? — YouTube.
- Zillow sued over hacked listing of $150 million California mansion — Chicago Tribune.
- The Headington Shark, Oxford.
- UK Digital Economy Act 2017 — Legislation.gov.uk.
- AgeID | Your Access to the World of Age-Restricted Websites.
- CleanBrowsing DNS. — Free DNS Parental Control, DNS Filter and Web filter.
- Ray Charles - Georgia On My Mind — YouTube.
- Rural Jackson County, Georgia. recovering from ransomware attack — StateScoop.
- Georgia county pays a whopping $400,000 to get rid of a ransomware infection — ZDNet.
- Confidential report: Atlanta's cyber attack could hit $17 million — Atlanta Journal-Constitution.
- EmojiTetra (@EmojiTetra) on Twitter.
- Emoji Snake Game (@EmojiSnakeGame) on Twitter.
- The Butterfly Effect — Podcast with Jon Ronson.
- So You've Been Publicly Shamed — Amazon.com.
- How old do I look?
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The 's' in IoT stands for security
6 mars 2019 |
43 min
Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up!
Oh, and find out how a didgeridoo could change your life and that of your loved ones.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- A Jibo twerking — YouTube.
- Tweet by Dylan Martin about Jibo — Twitter.
- After Being Sold to a VC Firm, this $899 IoT Robot Will Soon Brick Itself — Motherboard.
- Your $350 Nike self-lacing sneakers aren't as smart as you hoped — Graham Cluley.
- Absher app — Wikipedia.
- Apple and Google Urged to Dump Saudi App That Lets Men Track Women — New York Times.
- Hacking ski helmet audio — Pen Test Partners.
- That's a nice ski speaker you've got there. Shame if it got pwned — The Register.
- Fleabag is back - and she's found religion — BBC News.
- Fleabag — BBC iPlayer.
- Jill Abramson: Ex-New York Times editor accused of plagiarism — BBC News.
- Password advice. Don't tell people to not reuse passwords. You might get a letter from this guy's solicitors... — Twitter.
- Moneyland: Why Thieves And Crooks Now Rule The World And How To Take It Back — Amazon.com.
- Play the Didgeridoo for Sleep Apnea and Snoring Relief — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
SWATs on a plane
27 februari 2019 |
57 min
Why is Tampa's mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?
All this and much much more in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Plus, after last week's discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Maria Varmazis and Martin Overton.
Sponsored By:
- Mimecast: Grab your FREE Cybersecurity Awareness Training Kit from Mimecast, and share it throughout your company. Give your employees the information they need to make the best cybersecurity decisions.
- Get your free kit at smashingsecurity.com/mimecast
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Pornography, racism and threats of missile attack fill Tampa mayor's Twitter feed during hack — WTSP News.
- How to use the Teams feature on TweetDeck — Twitter.
- I Blocked Amazon, Facebook, Google, Microsoft, and Apple — Gizmodo.
- Half Of U.S. Employees Are Actively Searching For A New Job — Forbes.
- Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers — Proofpoint.
- Perfect night in — A podcast by Neil Perryman.
- Tetris® 99 for Nintendo Switch — Nintendo.
- Every British swear word has been officially ranked in order of offensiveness — The Independent.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Stalking debtors, Facebook farce, and a cyber insurance snag
20 februari 2019 |
46 min
How would you track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Castbox, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Joe Carrigan.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- In first such case, Chinese police arrest hacker for selling tracking app to debt collectors — Global Times.
- Ravenous Bugblatter Beast of Traal — Urban Dictionary.
- "I just had to download a software update for my shoes" — Thread from @GK3 on Twitter.
- Marty McFly Gets Power Laces — YouTube.
- Nike Adapt BB Self-Lacing Shoe — SneakerNews.
- Here's Why the Nike Adapt BB Is Worth $350 — YouTube.
- Facebook CSRF protection bypass which leads to Account Takeover — Samm0uda.
- Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide — The Register.
- The Untold Story of NotPetya, the Most Devastating Cyberattack in History — Wired.
- A Moment of Truth for Cyber Insurance — Lawfare.
- Manufacturers Remain Slow to Recognize Cybersecurity Risks — New York Times.
- UK and US blame Russia for 'malicious' NotPetya cyber-attack — BBC News.
- thispersondoesnotexist.com.
- This website uses AI to generate faces of people who don't exist — Mashable.
- ESPN+
- Trevor Moore: The Story of Our Times - "My Computer Just Became Self Aware" — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Love, Nests, and is 2FA destroying the world?
13 februari 2019 |
39 min
Is two factor authentication such a pain in the rear end that it's costing the economy millions? Do you feel safe having a Google Nest in your home? And don't get caught by a catfisher this Valentine's Day.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Castbox, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: B J Mendelson.
Sponsored By:
- Boxcryptor: Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
- Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Hello by Lionel Richie — YouTube.
- Apple being sued because two-factor authentication on an iPhone or Mac takes too much time — Apple Insider.
- Brodsky versus Apple, alleging that two-factor authentication is abusive to users — Class action complaint.
- 'Why are you looking at me? I see you watching me.' Smart devices like Nest getting hacked in digital home invasions — Chicago Tribune.
- 8-year-old 'scared to death' after hacked Nest security camera warns of missile attack — Bitdefender.
- Letter in The Times, "Alexa gets fired up" — Reddit.
- Diana Rigg — Wikipedia.
- Scam alert: £50 million lost to romance and online dating scams — Which?
- 17 Of The Most Insane Catfish Stories That Will Make You Cringe — Buzzfeed.
- How Expensive Are Catfishing Scams? See Where Your State Ranks — High Speed Internet.
- It's National Catfish Day, So Here Are 8 Bizarre Catfishing Stories To Remind You That Sometimes The Internet Is A Blackhole Of Awful — Bustle.
- How Long to Read — HowLongToReadThis.com.
- How Long to Read The Joy of Sex: The Ultimate Revised Edition — HowLongToReadThis.com.
- Music telling someone to get off the stage at the Grammy Awards — YouTube.
- B J Mendelson's "A Christmas Carol"
- The Sopranos — HBO.
- Soul Mates — What If?
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Smashing Security on Reddit.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Darknet Diaries, death, and beauty apps
6 februari 2019 |
50 min
Jack Rhysider from the "Darknet Diaries" podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how 'beauty camera' apps are redirecting users to phishing websites and stealing their selfies.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jack Rhysider of the "Darknet Diaries" podcast.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jack Rhysider.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- This hypnotist helps people recover lost bitcoin passwords — CNBC.
- Good News! You Are a Bitcoin Millionaire. Bad News! You Forgot Your Password — Wall Street Journal.
- Quadriga CX announces the death of their CEO Gerald Cotten — Facebook.
- Set Up and Manage Emergency Access — LastPass.
- What is the Emergency feature and how to use it? — Dashlane.
- Inactive Account Manager — Google.
- Banks Hate Crypto In Canada: QuadrigaCX Exchange Sees $28M Frozen — NewsBTC.
- QuadrigaCX Owes Customers $190 Million, Court Filing Shows — Coindesk.
- John Darwin ("Canoe man") disappearance case — Wikipedia.
- Is it ever acceptable for a journalist to hack into somebody else’s email? — Naked Security.
- Hacker Giraffe — Darknet Diaries podcast.
- The PewDiePie Hackers: Could hacking printers ruin your life? — BBC News.
- Smashing Security on Hacker Giraffe's printer hacking exploits.
- Behind the apps: Why we want to look different online — BBC News.
- Various Google Play 'Beauty Camera' Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures — Trend Micro.
- Mr. Puzzle — YouTube.
- Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat — Amazon.
- Everything That Will Kill You... From A to Z — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
FaceTime, Facebook, faceplant
30 januari 2019 |
46 min
A FaceTime bug allows callers to see and hear you before you answer the phone, Facebook's Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: John Hawes.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Boxcryptor: Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
- Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
Links:
- Smashing Security on Reddit.
- Apple has a huge privacy ad at CES 2019 — CNBC.
- Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call — Graham Cluley.
- Tweet about teen who found FaceTime issue — Tweet from MGT7.
- iPhone Facetime Hack (EMBARRASSING!) Caught Slippin — YouTube (NSFW).
- A discussion with Nick Clegg — Facebook Brussels.
- Facebook pledges to do more on self-harm — BBC News.
- World Happiness Report — Wikipedia.
- 2020 Olympics: Japanese chains scrap porn magazines — BBC News.
- Japan’s Cybersecurity Strategy (PDF).
- Govt. to access home devices in security survey — NHK.
- Japan plans to hack into millions of its citizens’ connected devices — MIT Technology Review.
- Alphaville - Big In Japan (Official Music Video) — YouTube.
- Teletext — YouTube.
- Teletext generator — Teletext the World.
- The teletext versions of Graham, Carole, and John Hawes — Twitter.
- Cosmic Eye — YouTube.
- ChronoZoom.
- Putting Time In Perspective — Wait But Why.
- Cows: Small Or Far Away? | Father Ted — YouTube.
- Jonathan Pie's American Pie — BBC Three.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Payroll scams, gold coin heists, web giants spanked
23 januari 2019 |
43 min
Business email compromise evolves to target your company's payroll, how the world's largest gold coin was stolen from a Berlin museum, and are internet giants feeling the heat yet over data security?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by people hacker Jenny Radcliffe.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jenny Radcliffe.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
Links:
- Smashing Security on Reddit
- Business Email Compromise Scams Have Netted $12.5 Billion, Says FBI — Bitdefender.
- The 2 Investigators: Theft By 'Business Email Compromise' — YouTube.
- The Secret of My Success Soundtrack - "Oh yeah" by Yello — YouTube.
- How one company lost $44 million through an email scam — Tripwire.
- BEC Gangs Focus on Executives for Payroll Diversion Scams — Agari.
- Daring robbery: Rare gold coin worth millions stolen from Berlin’s Bode Museum — YouTube.
- Trial begins for 4 accused in gold coin heist — CBC.
- Four men go on trial for giant gold coin heist from Berlin museum — The Guardian.
- The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against Google — CNIL.
- Portuguese hospital appeals GDPR fine — IT Governance blog.
- German chat site faces fine under GDPR after data breach — We Live Security.
- First GDPR fine issued by Austrian data protection regulator — Freshfields Digital.
- F.T.C. Is Said to Be Considering Large Facebook Fines — The New York TImes.
- The Office Quest Game.
- Office Quest - Nintendo Switch Official Trailer — YouTube.
- Radioactive wild boars rampaging around Fukushima nuclear site — The Independent.
- Maniac — Netflix.
- Waking Up Podcast #145 - The Information War — Sam Harris.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
When rivals hack, and "extreme" baby monitors
16 januari 2019 |
41 min
Why a business spat resulted in Liberia falling off the internet, how the US Government shutdown is impacting website security, and the perplexing world of extreme IoT devices.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoë Rose.
Sponsored By:
- Boxcryptor: Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
- Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Mirai Botnet DDoS (Sky News) — YouTube.
- Massive Cyber Attack Knocks Out Access To Websites (CNBC) — YouTube.
- Download the Mirai source code, and you can run your own IoT botnet — Graham Cluley.
- The makers of the Mirai IoT-hijacking botnet are sentenced — Tripwire State of Security.
- Danny Kaye — Wikipedia.
- "Wonderful Copenhagen" — Danny Kaye from the movie "Hans Christian Andersen".
- International hacker-for-hire jailed for cyber attacks on Liberian telecommunications provider — National Crime Agency.
- Courts Hand Down Hard Jail Time for DDoS — Krebs on Security.
- Liberian ISP sues rival for hiring hacker to attack its network — ZDNet.
- .gov security falters during U.S. shutdown — Netcraft.
- TLS Certificates for Many .gov Domains Not Renewed Due to Government Shutdown — Security Week.
- Owlet.
- Snuza.
- These ‘extreme baby monitors’ claim to track your child’s breathing, heartbeat and every movement — MarketWatch.
- Fisher-Price’s wearable baby monitor is an unreliable rash machine — Engadget.
- Threema - Seriously secure messaging.
- Africa by Toto to play 'for all eternity' in Namib desert — YouTube.
- Africa by Toto to play on eternal loop 'down in Africa' — BBC News.
- "The Brain: The Story of You" by David Eagleman — Amazon.
- "The Coddling of the American Mind: How Good Intentions and Bad Ideas Are Setting Up a Generation for Failure" by Greg Lukianoff — Amazon.
- How Trigger Warnings Are Hurting Mental Health on Campus — The Atlantic.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
What? You can get paid to leave Facebook?
9 januari 2019 |
51 min
Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Dad pays girl $200 to give up Facebook — YouTube.
- How much is social media worth? Estimating the value of Facebook by paying users to stop using it — PLOS.
- Being paid to quit Facebook — Graham Cluley.
- This account has been hijacked (temporarily)! — Insinia.
- Security firm hijacks high-profile Twitter accounts — BBC News.
- 'Serious' Twitter flaw allows hackers to post on other people's accounts — Computer Weekly.
- Twitter is Broken — The AntiSocial Engineer.
- About Twitter's SMS PIN feature — Twitter.
- How to Tweet via text message — Twitter.
- Earn $2,000,000 by remotely jailbreaking an iPhone — Graham Cluley.
- Zerodium Offers $2 Million for iOS Hacks, $1 Million for Chat App Exploits — Security Week.
- Life as a bug bounty hunter: a struggle every day, just to get paid — MIT Technology Review.
- Yahoo changes bug bounty policy following 't-shirt gate' — ZDNet.
- Equifax Was Warned — Motherboard.
- Remove Background from Image - remove.bg.
- 'Tidying Up With Marie Kondo' Is a Quiet Delight — The Atlantic.
- Tidying Up with Marie Kondo | Official Trailer — YouTube.
- Bear Brook podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Grinches target Amazon and Reddit, stealing Christmas from the poor
19 december 2018 |
47 min
Join us for our special Christmas episode as we tell tales of printer hacking, website defacement, Grinches, and how Google is snooping on your private YouTube videos.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Dave Bittner from The Cyberwire.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- Smashing Security: We're sponsoring ourselves this week! Get in touch at [email protected] if you're interested in partnering with us for a future episode of the show.
Links:
- PewDiePie printer hackers strike again — BBC News.
- ASCII art attack — Smashing Security episode 007.
- TheHackerGiraffe — Patreon.
- Buying PewDiePie a $1M Billboard in Times Square! — YouTube.
- I Bought Every Billboard In My City For This — YouTube.
- PewDiePie Billboards in INDIA | T-Series vs PewDiePie — YouTube.
- WSJ website defaced by PewDiePie fan in ongoing YouTube subscribers battle — ZDNet.
- Disney Severs Ties With YouTube Star PewDiePie After Anti-Semitic Posts — Wall Street Journal.
- TheHackerGiraffe comments on WSJ defacement — Twitter.
- Cockwomble definition — Urban Dictionary.
- The Wombles Season 1 — YouTube.
- YouTube is reading text in users’ videos — Naked Security.
- Google is Scanning for (and Crawling) URLs in Your Private YouTube Videos — Austin Burk.
- Santa's Little Helpers — Reddit.
- Posts about Christmas Grinches — Reddit.
- You're a Mean One, Mr. Grinch — Flearoy.
- Paul McCartney at O2 Arena, London — YouTube.
- Ronnie Wood praised by fans as he catches TUBE home after joining Paul McCartney on stage — Daily Mail.
- Paul McCartney Carpool Karaoke — YouTube.
- Wild Thing podcast.
- Analysis, The Replication Crisis — BBC Radio Four.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Hoaxes, Huawei and chatbots - with Mikko Hyppönen
12 december 2018 |
49 min
The curious case of George Duke-Cohan, Huawei's CFO finds herself in hot water, and the crazy world of mobile phone mental health apps.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guests Mikko Hyppönen from F-Secure and technology journalist Geoff White.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mikko Hyppönen.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Three years in jail for teenager who spammed out school bomb threats, and made hoax call about hijacked plane — Graham Cluley.
- Schools bomb hoaxes: Bodycam shows George Duke-Cohan arrest — BBC News.
- Bomb Threat Hoaxer, DDos Boss Gets 3 Years — Krebs on Security.
- Estonian DDoS revenge worm crafter jailed — The Register.
- Canada could be at risk of ‘nasty’ retaliation from China — Vancouver Star.
- Bad news for scammers. Huawei executive Meng Wanzhou has been released on bail — Graham Cluley.
- Child advice chatbots fail to spot sexual abuse — BBC News.
- Alibaba already has a voice assistant way better than Google’s — MIT Technology Review.
- Making a Murderer — Netflix.
- Making a Murderer lawyer Kathleen Zellner is true crime's new star — BBC News.
- Rebutting a Murderer podcast — Spreaker.
- DOOM (Shareware Episode) — Internet Archive.
- Doom (1993 video game) — Wikipedia.
- Points of Egress — Love + Radio.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Sextorting the US army, and a Touch ID scam
5 december 2018 |
44 min
Fitness apps exploit TouchID through a sneaky user interface trick, tech giants claim to have a plan to banish passwords, and you won't believe who was behind a sextortion scam that targeted over 400 members of the US military.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ferret-loving ethical hacker Zoë Rose.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoë Rose.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Military criminal investigative organizations crack down on sextortion ring targeting service members — NCIS.
- Scam iOS apps promise fitness, steal money instead — WeLIveSecurity.
- Mastercard, Microsoft to Advance Digital Identity Innovations — Mastercard press release.
- China's Surveillance State Should Scare Everyone — The Atlantic.
- Mastercard and Microsoft to jointly develop universal digital ID technology — IT Pro.
- A Victorian point and click adventure game — Bertram Fiddle.
- Bertram Fiddle: A Bleaker Predicklement Trailer — YouTube.
- Oura Ring sleep and activity tracker.
- Learn how Oura ring works.
- Marriott warns of hack. 500 million Starwood hotel guests' personal data could be exposed — Graham Cluley.
- Marriott breach: What to do when hackers steal your passport number — CNet.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Google Maps, Fed phishing, and Grinch bots
28 november 2018 |
61 min
How are scammers stealing your money through Google Maps? Why did the FBI create a fake FedEx website? And how are US senators hoping to stop Grinch bots ruining Christmas?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
And don't miss our special bonus interview about passwords with Rachael Stockton of LastPass, sponsors of this week's show.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guests: Maria Varmazis and Rachael Stockton.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- A new bank scam using Google Maps loophole — The Hindu.
- Google’s sorry that this crudely offensive image of the Apple logo turned up in Maps — The Washington Post.
- ‘Edwards Snow Den’ infiltrates the White House on Google Maps — The Washington Post.
- The FBI Created a Fake FedEx Website to Unmask a Cybercriminal — Motherboard.
- what3words | Addressing the world.
- When the FBI rather than the fraudsters make a fake FedEx website — Graham Cluley.
- Fingerlings — YouTube.
- Lawmakers introduce bill to stop bots from ruining holiday shopping — CNET.
- The Internet Arcade.
- Alley Cat — The Internet Arcade.
- On November 26th, a mole will land on Mars — The Oatmeal.
- Why did Apple remove the iPhone headphone jack? — Fast Company.
- A simple, cheap and very reliable solution for phones without headphone jack — Reddit.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Facebook, Nietzsche, Tesla, and Nicole
21 november 2018 |
44 min
Tesla takes customer service a step too far, is it a romantic gesture or stalking when you email 246 women called Nicole, and Carole finds herself in a Facebook dilemma.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jessica Barker.
Sponsored By:
- Smashing Security: We're sponsoring ourselves this week! Get in touch at [email protected] if you're interested in partnering with us for a future episode of the show.
Links:
- How I Went From Tesla Delivery Hell To Tesla Giving Me Control Of Their Site Forums With Over 1.5 Million Tesla Account Contacts — DansDeals.com.
- Customer Complains About Tesla Forums, Tesla Accidentally Gives Him Control Over Them — Motherboard.
- A Guy Emailed 246 Nicoles Trying To Find The One He Met At A Bar And Now They're All Friends — Buzzfeed News.
- Facebook exodus: 44 percent of American users ages 18-29 have deleted app — CNBC.
- How Facebook employees reacted to NYT report on leadership, scandals — Business Insider.
- Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis — New York Times.
- Facebook’s top execs ‘make tobacco executives look like Mister Rogers’ — Recode.
- Facebook Morale, Hurt by Share Drop, Suffers Another Hit — Bloomberg.
- “I Hope It Cracks Who She Is Wide Open”: Inside Silicon Valley, Many Have Long Known Sheryl Sandberg Isn’t a Saint — Vanity Fair.
- Now eight parliaments are demanding Zuckerberg answers for Facebook scandals — TechCrunch.
- The Beatles - Glass Onion (2018 Mix) — YouTube.
- The Beatles (White Album) 50th Anniversary Edition — The Beatles.
- American Animals.
- Krissy Brierre-Davis (@krissys_kitchen) — Twitter.
- iPhone hack: Thousands of people just discovered the 'life-changing' space bar trick — The Independent.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
The world's most evil phishing test, and cyborgs in the workplace
14 november 2018 |
55 min
Does your employer want to turn you into a cyborg? Was this phishing test devised by an evil genius? And how did a cinema chain get scammed out of millions, time and time again...?
Oh, and the subject of erasable pens comes up again.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Scott Helme.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Scott Helme.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Cinema Chain Sees Bad Movie Script Play Out As It Loses Millions In Email Scam — Martijn Grooten writes on Forbes.
- Internet con men ripped off Pathe NL for €19m in sophisticated fraud — DutchNews.nl.
- Court documents describing the scam — It's in Dutch. Don't ask us to translate it.
- Tweet from InfoSecSherpa describing diabolical phishing test.
- BBC Click on Twitter: "Could you be paying for things using just your hand?" — Scott Helme is filmed getting an implant.
- The future prospects of embedded microchips in humans as unique identifiers: the risks versus the rewards (PDF) — University of Wollongong, Australia.
- Alarm over talks to implant UK employees with microchips — The Guardian.
- I, Tonya trailer — YouTube.
- Rocketbook.
- Introducing Rocketbook Everlast — YouTube.
- Bohemian Rhapsody Performed in 42 Styles — YouTube.
- Open Culture.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
An Instagram nightmare, crazy iPhone deaths, and election hack claims
7 november 2018 |
53 min
One travel blogger finds you don't have to be Kylie Jenner to be targeted by an Instagram hacker. When 40 iPhones at a hospital mysteriously die, what could be the explanation? And, surprise surprise, political parties in the USA are throwing around hacking accusations.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Mark Stockley.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Kylie Jenner — Instagram.
- Hacker, angry over unpaid $200, deletes Abu Dhabi-based travel blogger's account — Gulf News.
- Of Travels & Tales — Delaine Maria D’Costa's blog.
- Delaine Maria D’Costa's Instagram account
- IG hacked! — Delaine Maria D’Costa posts an Instagram story about how she was hacked.
- Instagram finally supports third-party authentication apps for greater account security — Graham Cluley.
- Spooky miasmic gas bricks hospital iPhones (mwah ha ha ha) — Naked Security.
- MRI disabled every iOS device in facility — Reddit.
- Voting Machine Manual Instructed Election Officials to Use Weak Passwords — Motherboard.
- After failed hacking attempt SoS launches investigation into Georgia Democratic party — Press release on Secretary of State's website (which, by the way, doesn't use HTTPS).
- Mid-term elections 2018: Race rows mire campaign home stretch — BBC News.
- The Cybersecurity 202: Brian Kemp's hacking allegations highlight the challenges of preserving voter confidence — The Washington Post.
- Georgia governor’s race roiled by election security charges — Associated Press.
- Elections security: Federal help or power grab? — Politico (2016).
- Georgia Officials Quietly Patched Security Holes They Said Didn't Exist — ProPublica.
- The Erasable Pen - Pilot Frixion - Gear for Back to School — YouTube.
- FriXion Family by Pilot
- Sapiens: A Brief History of Humankind by Yuval Noah Harari — We're not listing the Pick of the Week Mark eventually chose as it's too rude.
- Isle of Dogs movie
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Ethical dilemmas, Girl Scouts, and porn-loving US officials
31 oktober 2018 |
48 min
Who deserves to die in a driverless car crash? Who has been sniffing around the Girl Scouts' email account? And just how long would it take for a geologist to visit 9,000 adult web pages?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist and "Friends" fan Dan Raywood.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dan Raywood.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Self-Driving Cars: The Ethical Dilemma — YouTube.
- Moral Machine — A platform for gathering a human perspective on moral decisions made by machine intelligence, such as self-driving cars.
- Moral Machine - Human Perspectives on Machine Ethics — YouTube.
- Girl Scouts' personal information affected by recent data breach — ABC30.
- Girl Scouts Alerted to Possible Data Breach — Infosecurity Magazine.
- Where does Girl Scout cookie money go? — SAS Learning Post.
- "You're a Big Scrud" — YouTube.
- USGS IT Security vulnerabilities (PDF) — Office of Inspector General management advisory.
- Porn-Watching Employee Infected Government Networks With Russian Malware, IG Says — NextGov.
- 100 Feds Found to Be Frequent Workplace Porn-Watchers — Government Executive.
- Ten Years Ago — See what the internet was doing...
- The Wayback Machine
- Dead Rock Stars podcast
- Free Rice
- World Food Programme
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Rule 34, Twitter scams, and Facebook fails
24 oktober 2018 |
51 min
A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what Rule 34 is.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.
- Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Robber contacts victim on Facebook to apologize, Reading police say — Reading Eagle
- Maria Varmazis spots a promoted, verified scam tweet — Twitter
- Why is Elon Musk promoting this Bitcoin scam? (He’s not) — Naked Security
- Twitter thought Elon Musk's bizarre tweets were evidence he'd been hacked — Graham Cluley
- Hack on 8 adult websites exposes oodles of intimate user data — Ars Technica
- Wife Lovers website snapshot — Wayback Machine
- Friends Reunited — Wikipedia
- The Beano — Wikipedia
- Former CIA Chief Explains How Spies Use Disguises — YouTube
- What Makes ‘The Good Place’ So Good? — The New York Times
- The Good Place Season 1 Trailer — YouTube
- Trolley problem — Wikipedia
- IRL Glasses Block All the Screens Around You — Wired
- IRL Glasses - Glasses that Block Screens by Ivan Cash — Kickstarter
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
IoT failures, and Donald Trump dating disaster
17 oktober 2018 |
52 min
Yes, Smashing Security has reached its 100th episode!
Despite our celebratory mood, we don't forget to take a look at the security stories of the last week - including an alarming IoT failure and a dating app disaster for Donald Trump devotees.
All this and much more is discussed in this very special 100th edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Boxcryptor: Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
- Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
Links:
- The very first episode of Smashing Security: "One cup, two hotel guests" — Sorry about the poor audio quality. Turns out we got better...
- Yale UK announces some "unplanned network maintenance" — Twitter
- Yale UK's network maintenance isn't going well — Twitter
- Cllr Steve Wortley is not very happy with Yale UK — Twitter
- Beth is not impressed with Yale UK either — Twitter
- Kirstie Pendry doesn't fancy waking her entire street at 5am — Twitter
- Yale Smart Home Borkage: Server Issues Cause Alarm App Fail — Computer Business Review
- Yale Weds: Just some system maintenance, nothing to worry about. Yale Thurs: Nobody's smart alarm app works — The Register
- Hundreds of 'smart' locks bricked by flubbed remote update — Graham Cluley
- Hotel guests locked in their rooms by ransomware? It doesn't make sense — Graham Cluley
- 71% of Tinder users say political differences are a deal breaker — MSNBC
- New Dating App for Trump Supporters Seeks to ‘Make America Date Again’ — Newsweek
- The ‘Donald Daters’ Trump Dating App Exposed Its Users’ Data — Motherboard
- Donald Daters, a dating app for Trump supporters, leaked its users’ data — Techcrunch
- How I “found” the database of the Donald Daters App
- Robert Baptiste's video of Donald Daters vulnerability — Twitter
- Blue Peter — Wikipedia
- Tony Walsh's beautiful tribute to Blue Peter will give you goosebumps — CBBC on Twitter
- Janet Ellis — Wikipedia
- Sophie Ellis-Bextor — Wikipedia
- Tony Walsh's performance of 'This Is The Place' at the Manchester attack vigil — YouTube
- A Scary Time by Lynzy Lab — YouTube
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
099: Passwords - A Smashing Security splinter (replay)
10 oktober 2018 |
17 min
With Carole in the wilds of Canada, and Graham knee-deep in a security conference in Glasgow, we drag an episode out from the archives of February 2017 - looking at the thorny subject of passwords.
Join computer security veterans Graham Cluley, Carole Theriault, and Vanja Švajcer as they offer some advice and tips for computer users.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Vanja Švajcer.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
098: A Facebook omnishambles
3 oktober 2018 |
51 min
Millions of Facebook user accounts put at risk after hack! The UK Conservative party's conference app causes a privacy omnishambles! And Facebook (again) has been doing something naughty with the phone numbers you give it for security reasons! Oh, and Maria gets very excited about something to do with Star Trek.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Boxcryptor:
Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
Links:
- Our Podcast Awards trophy acceptance video — Even though we didn't actually win, we still thought you might like to see it.
- Virus Bulletin conference, Montreal — Say "Hi" to Carole if you see her there.
- Everything that went wrong during Theresa May’s 2017 conference speech - YouTube
- Die Hard on the One Show - Charlie Brooker's Weekly Wipe - YouTube
- Conservative Party conference app reveals MPs' numbers - BBC News
- The Tories Say They Were "Let Down" By A Conference App Platform After It Allowed Access To The Personal Numbers Of Hundreds Of MPs
- Conference apps are crap and (mostly) pointless
- Security Update – Facebook Newsroom
- The Facebook Security Meltdown Exposes Way More Sites Than Facebook
- Investigating sources of PII used in Facebook’s targeted advertising (PDF) — Research from Northeastern University.
- Facebook Is Giving Advertisers Access to Your Shadow Contact Information
- You Gave Facebook Your Number For Security. They Used It For Ads — The EFF is not impressed.
- The The One Show Show on iTunes
- manwhohasitall (@manwhohasitall) on Twitter
- Tiburn Enterprise Star Trek PC at Lenovo Tech World 2018 - YouTube
- Lenovo Sets Computer to Stun, Unveils Star Trek Enterprise PC
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
097: Dash cam surveillance, robocall plague, and Zoho woe
26 september 2018 |
44 min
Why was Zoho's website taken offline by its own domain registrar? How are dash cams making you less secure? And why are robocalls on the rise in the United States?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Update on Zoho Services Disruption - Zoho Blog
- Zoho CEO Sridhar Vembu asks for help on Twitter
- Whoa – oh no, Zoho: Domain name no-show deals CRM biz, 40m punters a crushing blow
- Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users
- Blackvue Dash-Cams Broadcasting Live Video and GPS of Your Car PUBLICLY by DEFAULT! - YouTube
- Tim Woodruff's tweet about BlackVue dash cams
- Yes, It’s Bad. Robocalls, and Their Scams, Are Surging
- YouMail - Robocall Index
- 4.2 Billion Robocalls in August Set All-Time Record for YouMail Robocall Index
- Does Local Presence Dialing Really Work?
- National Do Not Call Registry
- The Robocall Nightmare Is Getting Worse
- US Court Finds Anti-Robocall Rule Made Nearly Every Smartphone User a Criminal
- Stop Unwanted Robocalls and Texts - FCC
- Leatherman Micra 10-in-1 Multi-Tool
- Techmoan - YouTube
- The Guild of Ambience - YouTube
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
096: Bribing Amazon staff, and blinking deepfakes
19 september 2018 |
34 min
Amazon staff are being bribed to delete negative reviews and leak data, deepfakes are getting more dangerous, an update on John McAfee's bitcoin bet, and our guest gets a shock...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week (for a while at least) by David Bisson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David Bisson.
Sponsored By:
- Boxcryptor:
Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice.
Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor
Links:
- 'Pull your finger out' - the phrase's meaning and origin
- Amazon Investigates Employees Leaking Data for Bribes - WSJ
- Amazon staff said to be taking bribes to leak data
- Crooked firms bribe customers with free gifts to leave fake reviews
- Smashing Security 063: Carole's back! (where Maria Varmazis discusses deepfakes)
- Carnegie Mellon Researchers Develop New Deepfake Method
- Transferring One Video Into the Style of Another - YouTube
- The Secret to Detecting Deep Fakes Is in the Eye Blinks
- Reddit bans ‘deepfakes’ AI porn communities
- Bitcoin Price Prediction Tracker
- Serious Eats: The Destination for Delicious
- JoyofBaking.com
- How to cook the perfect ...
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked
12 september 2018 |
42 min
Malicious script is being blamed for the British Airways hack, Trend Micro's apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort's daughter wants Twitter to remove a link.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David Emm.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- A Deceitful 'Doctor' in the Mac App Store
- Alert: Adware Doctor stealing your files - YouTube video
- Apps that steal users' browser histories kicked out of the Mac App store
- Trend Micro apologises after Mac apps found scooping up users' browser history
- British Airways hacked - customer data and details of 380,000 card payments stolen
- The British Airways Breach: How Magecart Claimed 380,000 Victims
- British Airways hack: Infosec experts finger third-party scripts on payment pages
- Law firm launches £500 million group action over British Airways hack
- British Airways Fly The Flag We'll Take More Care Of You 1979 UK Advert - YouTube
- Hacked texts from family of former Trump campaign manager surface on the dark web
- Manafort's Daughter's Lawyers Pressured Twitter to Delete Links to Hacked Text Messages
- Wikileaks Refused To Publish Manafort Family Texts, So Someone Else Did
- AirHelp
- How Employing Autistic People Can Help Stop Cyber-Attacks
- McFadden's Cold War (@Coldwar_Steve) on Twitter
- When Phil Mitchell met Trump: Coldwar Steve and his Brexit Britain mashups
- Noel Edmonds - Wikipedia
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
094: Rogue browser extensions, Twitter presence, and how to cheat in exams
5 september 2018 |
52 min
What's the danger when browser extensions go bad? Is Twitter sharing your online status a boon for stalkers? And which of the show's hosts is going to admit to cheating in their exams?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist David McClelland.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys
- Security warnings for MEGA Chrome extension users
- Twitter testing new feature that reveals when you're online... Who other than stalkers actually wants this?
- Giving social networking back to you - The Mastodon Project
- Graham Cluley on Mastodon
- Photomath - Camera calculator
- Technology Gives Students Innovative Tools for Cheating
- Students’ cheating takes a high-tech turn
- Microsoft Education: Take a Test - YouTube
- Required to install school malware on my personal computer - Reddit
- The Lord of the Rings (1978 film) - Wikipedia
- Rotoscoping - Wikipedia
- Tower – Official Trailer - YouTube
- Tower - Netflix
- Cone - Live Color Picker
- The dress - Wikipedia
- A professor and his son-in-law came up with a brilliant invention to slash water use by 98% – Ikea is already a partner
- Altered:Company
- Altered:Nozzle - YouTube
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
093: Abandoned domains and dating app dangers
29 augusti 2018 |
37 min
How do fraudsters exploit abandoned domains to steal your company's secrets? How can you better protect your privacy when looking for love online? And who has the longest arms in the animal kingdom?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who were joined briefly by a man in a wind tunnel for this episode.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- What do the drsolomon.com and sands.co.uk domains look like now?
- Hacking law firms with abandoned domain names
- Fraudsters Can Access Sensitive Information from Abandoned Domains
- Have I Been Pwned: Domain search
- John and Lorena Bobbitt
- He Used Tinder to Hunt the Women He Raped and Killed, Police Say
- Missing Paperwork Got Him Out of Jail. Then, Police Say, He Raped and Killed
- Man jailed after attempting to rob man he met on dating app
- Search for images with reverse image search
- Swytch lets you use up to five 'burner' UK phone numbers from a single device
- Smashing Security 072: Why are firms so cr*p with our private data?
- A Hacker's Guide to Protecting Your Privacy While Dating
- How to Protect Your Privacy While Online Dating
- Gibbons have the longest arms relative to body size of any primate
- Bomb Chicken Teaser Trailer - YouTube
- Bomb Chicken for Nintendo Switch
- Fortnite fury over how Google handled its security hole
- The Godless Spellchecker podcast
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
092: Hacky sack hack hack
22 augusti 2018 |
52 min
Is your used car still connected to its old owner? Just how did Apple manage to identify the teenager hacker who stole 90GB of the firm's files? And why on earth would a firm of lawyers start producing pornographic videos? You'll be surprised by the answers!
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Paul Ducklin.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Connected car data handover headache: There's no quick fix... and it's NOT just Land Rovers
- Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound
- The hidden data danger of the ‘Connected’ car
- Your BMW or Merc may also be at risk of being hacked, because of your iOS app
- Samy, the MySpace worm written by Samy Kamkar
- Apple hacked by 16-year-old who “dreamed” of working for firm
- Melbourne teen hacked into Apple's secure computer network, court told
- Prenda Law stories at Techdirt
- Minneapolis lawyer pleads guilty to federal fraud, money laundering charges in porn troll scheme
- Cybercrime Investigations podcast with Geoff White
- Flash Drives for Freedom
- Final Space
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
091: Sextortion, Las Vegas hotels, and Alex Jones
15 augusti 2018 |
48 min
Just how did sextortionists get (some) of the digits in your phone number? Why are some hackers saying they won't be going to DEF CON in Las Vegas anymore? And should Alex Jones from InfoWars be banned from Twitter?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- The Podcast Awards - The People's Choice
- Sex extortion emails now quoting part of their victim's phone number
- New Extortion Tricks: Now Including Your (Partial) Phone Number!
- In post-massacre Vegas, security policies clash with privacy values
- Katie Moussouris tweets about her Las Vegas hotel experience
- Video Shows Hotel Security at DEF CON Joking About Posting Photos of Guests' Belongings to Snapchat
- Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet
- Open letter to the Hacker Community from DEF CON's Head of Security
- Alex Jones banned from YouTube, Facebook, and Apple, explained
- Facebook, Apple, YouTube and Spotify ban Infowars' Alex Jones
- Now even YouPorn has banned Alex Jones, but he’s still on Twitter
- Twitter temporarily blocks Alex Jones from tweeting
- The Twitter Rules
- Giving social networking back to you - The Mastodon Project
- Charlottesville: Why one man is suing Alex Jones for defamation
- Shannon Coulter tweets about blocking Fortune 500 companies until Alex Jones is banned from Twitter
- lichess.org - Free Online Chess
- Magnus Carlsen playing as Dr Drunkenstein - YouTube
- Octopath Traveler for Nintendo Switch
- Alex Jones Rants as an Indie Folk Song - YouTube
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
090: Fortnite for Android, and the FCC's DDoS BS
8 augusti 2018 |
37 min
Fortnite players are told they'll have to disable a security setting on Android, the FCC finally admits that it wasn't hit by a DDoS attack, and Verizon's VPN smallprint raises privacy concerns.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David Bisson.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- You'll have to disable a recommended Android security setting to install Fortnite
- Fortnite is putting users at risk, to prove a point about Google's Android monopoly
- Introducing Android 9 Pie
- Safe-WiFi Wireless Private Network - Verizon Wireless
- Verizon Didn’t Bother to Write a Privacy Policy for its ‘Privacy Protecting’ VPN
- Terms of Service for the Verizon Safe Wi Fi App
- McAfee Privacy Notice
- Verizon customers can sue ad company over “zombie” cookies, judges rule
- Ajit Pai blames Obama administration over FCC DDoS attack that didn't happen
- Inside the FCC's risky IT overhaul
- The Triceratops Who Loved Me: A Primal Urges Extreme Fantasy - Amazon
- A Good Movie To Watch
- Overcooked! 2 for Nintendo Switch
- Christopher Robin: Winnie the Pooh film denied release in China
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
089: Data breaches, ransomware, Bitcoin robberies, and typewriters
1 augusti 2018 |
45 min
Ransomware rears its head again, Dixons Carphone reveals its data breach was almost 1000% worse than they previously thought, a man is accused of stealing five million dollars worth of cryptocurrency through hijacking mobile phones, and a Canadian guy called Norman is rushing to get the typewriters out of storage.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist Geoff White.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Geoff White.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Shipping company’s networks in the Americas crippled by ransomware attack
- Yahoo addresses used by Cosco following ransomware attack
- BitPaymer Ransomware Infection Forces Alaskan Town to Use Typewriters for a Week
- Jim Hagemann Snabe, Maersk chairman, describing their recovery from the NotPetya ransomware - YouTube
- Dixons Carphone admits hack far bigger than originally thought
- Dixons Carphone breach statement (June 2018)
- Dixons Carphone updated breach statement (July 2018)
- ‘Tell your dad to give us Bitcoin’ How a Hacker Allegedly Stole Millions by Hijacking Phone Numbers
- Smashing Security 086: Elon Musk submarine scams and 2FA bypass
- Slow Burn: A Podcast About Watergate
- Bill Clinton: "I did not have sexual relations with that woman" - YouTube
- How an Ex-Cop Rigged McDonald’s Monopoly Game and Stole Millions
- Legion Season 2 Teaser Trailer - YouTube
- Legion Season 2 - Amazon
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
088: PayPal’s Venmo app even makes your drug purchases public
25 juli 2018 |
43 min
Websites still using HTTP are marked as "not secure" by Chrome, 85,000 Google employees haven't been phished for a year, and if you're buying drugs via PayPal’s Venmo app you should say goodbye to privacy.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Scott Helme.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Scott Helme.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security in the podcast awards!
- Smashing Security 039: Woah - are we talking to a cyborg?
- Google: Security Keys Neutralized Employee Phishing
- Yubico
- Less than 10% of Gmail users have enabled two-factor authentication
- Google's Advanced Protection Program
- What is Google’s Advanced Protection Program? - YouTube
- Two-factor authentication versus two-step verification
- One small step for a browser, one giant leap for web security!
- Chrome browser flags Daily Mail and other sites as 'not secure'
- How to change Chrome's settings to be more in-your-face when you visit an unencrypted HTTP site
- Public by Default - Venmo Stories of 2017
- Why I Blasted Your “Drug” Deals on Twitter
- PayPal's Venmo App Exposes Most Transactions via Its API
- Reporting Trump's First Year: The Fourth Estate - BBC
- Why No HTTPS? The World's Largest Websites Not Redirecting Insecure Requests to HTTPS
- Scott Helme tweets about NewsNow's support for both HTTP and HTTPS
- NewsNow.co.uk
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
087: How Russia hacked the US election
18 juli 2018 |
45 min
Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name of surveillance.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security in the podcast awards!
- Scammers strike as Elon Musk retracts vile Twitter accusation against cave rescuer
- Donald Trump 'encourages Russia to hack Clinton emails' - YouTube
- Indictment against 12 Russian hackers
- Bears in the Midst: Intrusion into the Democratic National Committee
- This is the email that hacked Hillary Clinton’s campaign chief
- Guccifer 2.0’s schoolboy error reveals he’s hacking from Moscow
- Amazon Rekognition – Video and Image
- Amazon shareholders demand company stop selling facial recognition technology to governments
- Metropolitan Police's facial recognition technology 98% inaccurate, figures show
- Looking to Listen: Audio-Visual Speech Separation
- California Shopping Centers Are Spying for an ICE Contractor
- California passes landmark privacy legislation
- Walmart's Newly Patented Technology For Eavesdropping On Workers Presents Privacy Concerns
- Find a track - BBC Music
- The Staircase - Netflix
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
086: Elon Musk submarine scams and 2FA bypass
11 juli 2018 |
39 min
The world has been gripped with the story of that soccer team, those poor boys... but enough about England's World Cup hopes being dashed, it's time for another episode of "Smashing Security".
Crypto scamming Thai cave rescue scoundrels! $25 million to make anti-fake news videos! TimeHop data breach! Phone number port out scams!
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the author of "Social media is bullshit", B J Mendelson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: B J Mendelson.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for "Smashing Security" in the Podcast Awards
- Thai Cave rescue scammers pose as Elon Musk
- Why was Elon Musk at the Thai cave rescue?
- The full story of Thailand’s extraordinary cave rescue
- Bad Checks: Twitter's Identity Crisis Is Costing Users More Than Bitcoin
- YouTube Pledges $25 Million to Help Fight Fake News
- Timehop security incident
- what3words | Addressing the world
- Justified Season 1 Promo / trailer - YouTube
- Dear Joan and Jericha: agony aunts of the most ribald kind
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
085: Doctor Who, Facebook patents, and Bob's Burgers
4 juli 2018 |
37 min
Doctor Who's TARDIS has sprung a data leak, Facebook's creepy patents are unmasked, and an app to keep women safe on dates has surprising origins.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- BBC Goes to Court to Identify 'Doctor Who' Leaker
- Doctor Who episodes leak online - should you download them?
- Reality Winner pleads guilty after being unmasked by microdots
- German researchers defeat printers' doc-tracking dots
- Are you happy with this technology that Facebook’s developing?
- Emma Sayle - CEO. Wife. Mother. Liberator. Feminist.
- Killing Kittens Parties Liberating Women Worldwide
- Kate Middleton's friend holds orgies in sharia hotel
- Safe Date – Stay Safe And Get Peace Of Mind When Dating
- Killing Kittens sex party founder hopes new DateSafe app can improve women's safety
- GeoGuessr - Let's explore the world!
- Playground Buddy - Helping Families Find Playgrounds
- Blue Apron is releasing a smart, strong, sensual Bob’s Burgers meal kit
- Every Burger From Bob's Burgers Ranked
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
084: No! My voice is not my password
27 juni 2018 |
34 min
Who's been collecting the voice prints of millions of people saying "My voice is my password"? Why has it become tougher for law enforcement to scoop up cellphone data? And who's been turning up your central heating?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes of AMTSO.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Hawes.
Sponsored By:
- VirusTotal: VirusTotal Intelligence is one of the world’s largest malware intelligence services. Security professionals rely on it to better understand the effects of malware in enterprise networks. Find out more at https://www.virustotal.com/learn
Links:
- Voice ID showcases latest digital development for HMRC customers
- HMRC takes 5 million taxpayers’ Voice IDs without consent – Big Brother Watch
- UK taxman has amassed voice profiles of 5.1 million taxpayers
- BBC fools HSBC voice recognition security system
- Knock down ginger — What Graham meant to say when he referred to "Postman's knock"
- Victory! Supreme Court Says Fourth Amendment Applies to Cell Phone Tracking
- Thermostats, Locks and Lights: Digital Tools of Domestic Abuse
- Safety Net: the National Safe & Strategic Technology Project
- US Tech Safety hotlines
- UK National Domestic Violence Helpline
- Worldwide helpline directory
- Music-Map - The Tourist Map of Music
- Del Amitri
- Ron Sexsmith
- BBC Radio 4 - Short Cuts
- Tandoori Lambchop Sent to Space (Meatspace) - YouTube
- Adam Buxton podcast with Charlie Brooker
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
083: Fake email derails clarinetist's dream
20 juni 2018 |
28 min
Hell hath no fury like a jealous clarinetist's girlfriend! Your Google ChromeCast could be letting stalkers find out where you live! And why on earth is Graham recommending people write their passwords down in a book!?
Join computer security veterans Graham Cluley and Carole Theriault on a shorter episode of the "Smashing Security" podcast than normal, as they're awfully busy touring up and down the country doing things in front of live audiences.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- View from Carole's hotel room in Manchester
- Eric Abramovitz plays the clarinet - YouTube
- McGill music student awarded $350,000 after girlfriend stalls career
- Eric Abramovitz vs Jennifer (Jooyeon) Lee - Court documents
- Google’s Newest Feature: Find My Home
- Steve Gibson's Three Router Solution to IOT Insecurity
- Google Removes 'Don't Be Evil' Clause From Its Code of Conduct
- Password Minder Infomercial - YouTube
- LaDonna - This American Life
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
082: World Cup cybersecurity, crypto crashes, and a bang of a password fail
13 juni 2018 |
39 min
Coinrail cryptocurrency exchange goes offline after hack, Russia appears to be 'live testing' cyber attacks, and Florida stopped running background checks on gun buyers because of forgotten password.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's football-mad John Leyden.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Leyden.
Sponsored By:
- VirusTotal: VirusTotal Intelligence is one of the world’s largest malware intelligence services. Security professionals rely on it to better understand the effects of malware in enterprise networks.
- Find out more at https://www.virustotal.com/learn
Links:
- Bitcoin price takes a dive after another cryptocurrency exchange hack
- Mikko Hypponen on Twitter explains why cryptocurrency exchanges get hacked
- $1m by 2020: John McAfee will still ‘eat his own d*ck’ if he’s wrong about Bitcoin
- 2018 FIFA World Cup Russia
- Russia appears to be 'live testing' cyber attacks - Former UK spy boss Robert Hannigan
- French TV network taken off air after attack by pro-ISIS hackers
- TV5Monde attack proves hacking attribution is very difficult
- TV station exposé its own passwords on l'air. A Franglais report
- VPNFilter botnet has hacked 500,000 routers. Reboot and patch now!
- VPNFilter exploits endpoints, targets new devices
- Florida Didn't Run FBI Background Checks on Gun Buyers for a Year Because of a Forgotten Login
- Adam Putnam’s office stopped reviewing concealed weapons background checks for a year because it couldn’t log in
- Background Check Procedures: State by State
- Department of Agriculture investigative report
- Is It Normal?
- What is the Camino de Santiago?
- Eating and Drinking on the Camino de Santiago
- Pulperia Ezequiel - Great place to eat pulpo (octopus)
- Britannica Insights Is a Chrome Extension to Fix False Google Results
- Britannica Insights - Chrome Web Store
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
081: Hacker no-hopers, Wessex Water has a word, and we win an award
6 juni 2018 |
26 min
The mastermind behind the Owari botnet doesn't seem to have learnt anything from his victims, and someone at Wessex Water forgets to remove an embarrassing sentence from a letter sent to customers...
All this and much much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who recorded a shorter podcast than normal this week as they were far too busy recovering from receiving the best security podcast award!
Follow the award-winning show on Twitter at @SmashinSecurity, or visit our website for more award-winning episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the award-winning episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- We did it! Smashing Security’s Carole celebrates with the best security podcast award!…
- Full results from the Infosec18 European Blogger Awards
- Hacker Fail: IoT botnet command and control server accessible via default credentials
- Pwn goal: Hackers used the username root, password root for botnet control database login
- Tweet by Vesselin Bontchev
- Mailshot meltdown as Wessex Water gets sweary about a poor chap called Tom
- Apology from Wessex Water on Twitter
- Excel pivot table data leak leads to £120,000 fine for London council
- Smashing Security review criticises Graham's enunciation
- Simplenote
- Standard Notes
- Evil Genius trailer - YouTube
- Case 81: Brian Wells - Casefile
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
080: Country bans Facebook, eavesdropping Alexa, and PornHub VPN
30 maj 2018 |
34 min
The country of Papua New Guinea is planning a month-long nationwide ban of Facebook, PornHub wants to keep your online activities more private, and Amazon Alexa forwards a married couple's private conversation to a random contact.
All this and much much more is discussed in the latest 100% GDPR-compliant edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ESET's Tommi Uhlemann.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Tommi Uhlemann.
Sponsored By:
- VirusTotal: VirusTotal Intelligence is one of the world’s largest malware intelligence services. Security professionals rely on it to better understand the effects of malware in enterprise networks. Find out more at https://www.virustotal.com/learn
Links:
- Papua New Guinea to ban Facebook for a month
- Shutting down facebook in PNG is a reality
- Pornhub launches VPNhub, a VPN service with free, unlimited bandwidth
- Pornhub hack: Hackers hijacked ads with malware in year-long attack
- Be cautious, free VPNs are selling your data to 3rd parties
- How to hear (and delete) every conversation your Amazon Alexa has recorded
- Woman says her Amazon device recorded private conversation, sent it out to random contact
- Smashing Security 044: Bonus behind the scenes - shower time
- Here's How To Deactivate Alexa Calling After You Sign Up
- Passive Aggressive Passwords
- Ebaybae on Instagram
- Brave Browser
- The Complete Privacy & Security Podcast discusses the Brave browser
- See Smashing Security LIVE on tour in the UK
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
079: Mugshots, mobile mania, and backend gurus
23 maj 2018 |
51 min
A website which demands money if you want your police mugshot removed, could "sharenting" lead to a rise in fraud and identity theft, and how could the FBI have overcounted encrypted phones so badly?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security!
- Smashing Security LIVE on Tour!
- Court documents about Mugshots.com case
- All of Mugshots.com’s alleged co-owners arrested on extortion charges
- 'Sharenting' puts young at risk of online fraud
- Parents ‘oversharing’ family photos online, but lack basic privacy know-how
- FBI Admits It Inflated Number of Supposedly Unhackable Devices
- Donald Trump's smartphone security: an inconvenient truth
- Apple Wants to Make Totally Unhackable iPhones
- A Very English Scandal (TV series)
- Jeremy Thorpe affair - Wikipedia
- Moment – Automatically track your and your family's daily iPhone and iPad use
- Percentage Calculator
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
078: Hounds hunt hackers, too-human Google AI, and ethnic recognition tech - WTF?
16 maj 2018 |
44 min
Dogs are trained to sniff out hackers' hard drives, facial recognition takes an ugly turn, and do you trust Google to book your hair appointment?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by investigative journalist Geoff White.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Geoff White.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Vote for Smashing Security in the European Security Blogger Awards!
- See Smashing Security LIVE!
- K-9 Helps Concord Cops Nab Student Hacker Who Upped Grades
- Ferris Bueller's Day Off - hacking the computer -YouTube
- Police Use Dog To Find Memory And Hard Drives In Search
- Dog Can Sniff Out Hidden Cellphones, Thumb Drives and More
- Facial Recognition and “ethnicity”
- Facial scans to identify bad Elvises at Porthcawl festival
- Masked Anonymous Protesters Aid Time Warner’s Profits
- Google Duplex: A.I. Assistant Calls Local Businesses To Make Appointments - YouTube
- New Siri update - EXCLUSIVE PREVIEW - YouTube
- Will Robots Take My Job?
- Algorithms to Live By: The Computer Science of Human Decisions
- Signal
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
077: Why Paris Hilton doesn’t use iCloud, lottery hacking, and Facebook dating
9 maj 2018 |
40 min
The tricky-to-pronounce Paytsar Bkhchadzhyan is jailed for hacking Paris Hilton, we hear the story of the man who hacked the lottery and almost got away with $16.5 million, and Facebook thinks it is the perfect partner to find you a date.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the CyberWire's Dave Bittner.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Dave Bittner.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Paris Hilton's hacker sentenced to 57 months in prison
- FBI wasn't able to unlock iPhone, even with a 'fingerprint unlock warrant'
- Paris Hilton Comes Face to Face With Her Hacker in Court - YouTube
- Tweet by Paris Hilton: "Karma has no menu. You get served what you deserve..."
- Paris Hilton: Hacked or Not?
- Two-factor authentication for Apple ID - Apple Support
- The Man Who Cracked the Lottery
- Lottery security director accused of hacking random-number generator
- Iowa Lottery releases surveillance footage of mystery Hot Lotto winner - YouTube
- Facebook announces dating app focused on 'meaningful relationships'
- Facebook F8 2018: Facebook is launching a new dating service
- How will Facebook’s dating service work?
- 14 years of Mark Zuckerberg saying sorry, not sorry about Facebook
- Does the Dog Die?
- Kingdom Rush
- Sandra
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
076: Spying phones, hacked ski lifts, and World Password Day
2 maj 2018 |
44 min
Cheap Android smartphones sold on Amazon have been sending customers' full text messages to a Chinese server, ski lifts are found to be the latest devices left open to abuse by hackers, and we remind you why password managers are a good idea on World Password Day. Oh, and our guest serenades us with a hit from the 1980s!
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist and broadcaster David McClelland.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: David McClelland.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- See Smashing Security LIVE!
- Mobile Phone Maker BLU Reaches Settlement with FTC over Deceptive Privacy and Data Security Claims
- Phone maker settles charges it let partner collect customers’ text messages
- Backdoor in some Android phones caught secretly sending data to China
- UK bank advises against password managers - Twitter
- Santander Locks Horns with Security Pros, NCSC Over Password Managers
- Passwords - a Smashing Security splinter episode
- Terrifying Ski Lift Malfunction Caught On Camera - YouTube
- Ski Lift in Austria Left Control Panel Open on the Internet
- Control of Tyrolean cable car open in the network accessible
- BBC Sound Effects
- Chess - English National Opera
- Murray Head - One Night In Bangkok "From CHESS" - YouTube
- Elaine Paige, Barbara Dickson - I Know Him So Well "From CHESS" - YouTube
- World Community Grid - Research Overview
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
075: Quitting Facebook
25 april 2018 |
28 min
Should you quit Facebook? How do you delete your Facebook account? What do you need to consider before leaving Facebook for good? And what's the easiest way to successfully go cold turkey on Facebook?
Find out in this special splinter episode of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- How do I download a copy of my information on Facebook?
- Facebook retracted Zuckerberg’s messages from recipients’ inboxes
- How do I turn off Facebook's integration with apps, games and websites?
- How to use "Turn Platform Off" on Facebook for privacy
- How do I deactivate my Facebook account?
- How to deactivate Facebook Messenger
- Ask Facebook to delete your account
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
074: Smashing Security isn't bullsh*t
18 april 2018 |
49 min
Crime forums on Facebook, fraudsters pose as anti-fraud hotlines, and how big advertising companies are in bed with the rampant data collection of internet giants.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest B J Mendelson, author of "Social media is bullsh*t."
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: B J Mendelson.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Oh look "security expert" Rudy Giuliani shows you how to do a special "dark web scan", courtesy of Experian...
- Nobody seems to know what Rudy Giuliani's cybersecurity firm actually does
- Deleted Facebook Cybercrime Groups Had 300,000 Members
- How to Report Abuse on Facebook
- Martin Sorrell Resigns as Chief of WPP Advertising Agency
- Airbnb co-founder Nathan Blecharczyk spam pioneer says book
- An Apology for the Internet — From the People Who Built It
- Automated Action Fraud Tech Support scam calls
- Crime in England and Wales from Office for National Statistics
- TuneIn
- Santa Clarita Diet on Netflix
- Devolo dLAN® 550 WiFi Starter Kit - Powerline WiFi
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
073: Rick Astley: Never gonna hack you up...
11 april 2018 |
39 min
Politician admits to hacking a rival's website, T-Mobile Austria ends up in a Twitter security storm, and siren systems are hit by a Rick Astley attack.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Spoof blogger attacks Harman site
- Harman hack horror has blog backing Boris
- Harriet Harman resigns!
- Boris Johnson left hanging on zip wire during Olympic event
- How to Hack Harriet Harman
- Top Conservative MP tipped as a future Prime Minister admits hacking into Labour MP's website
- Bafflement over Tory MP's admission she hacked Harriet Harman's website
- Harriet Harman accepts Tory MP Kemi Badenoch's hacking apology
- The lax computer security of British MPs - as detailed in their own tweets
- T-Mobile Austria thread on Twitter
- T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security
- SirenJack
- Emergency alert systems used across the US can be easily hijacked
- Researchers Rickrolled Emergency Alert Sirens in Proof-of-Concept Hack
- Bertram Fiddle - A Victorian point and click adventure game
- Adventures of Bertram Fiddle: Episode 1 for iOS
- Adventures of Bertram Fiddle: Episode 1 for Android
- Adventures of Bertram Fiddle: Episode 1 on Steam
- security.txt - A proposed standard which allows websites to define security policies
- Wild Wild Country
- HROOME Modern Cute Dog Lamp
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
072: Why are firms so cr*p with our private data?
4 april 2018 |
34 min
Grindr, MyFitnessPal, and Panera Bread. They've all had data breach scares of varying degrees this week. Some handled the security breaches well, some didn't. We took a look at how well different firms are respecting your data privacy.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who don't have a special guest this week.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Grindr Is Letting Other Companies See User HIV Status And Location Data
- Grindr Will Now Remind You To Get Tested For HIV
- Grindr to stop sharing HIV status with third parties
- Hackers steal data of 150 million MyFitnessPal app users
- MyFitnessPal Security Issue FAQ
- Smashing Security: Passwords - a Smashing Security splinter
- Panerabread.com Leaks Millions of Customer Records
- No, Panera Bread Doesn’t Take Security Seriously
- Don't blame Panera Bread's security guy just because he used to work at Equifax
- Viking seafarers may have navigated with legendary crystals
- BBC Fooled By Brexit Emoji April Fools Prank On Air
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
071: Pony-tailed pundit ponders privacy problems - with Mikko Hyppönen
28 mars 2018 |
42 min
Endangering your friends online, the fibs told by VPN vendors, developments from the world of cryptomining, and Carole shares an animated GIF with Mikko and Graham.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mikko Hyppönen from F-Secure.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Mikko Hyppönen.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Mikko's adventure game "Paha Juttu" at the Finnish Game Museum
- Download the Paha Juttu Commodore 64 floppy image file (d64)
- Commodore 64 online emulator (load a d64 file into this)
- Mat Johnson's tweet about Facebook logging his phone calls and texts
- Fact Check: Your Call and SMS History
- Who and What Is Coinhive?
- 100+ VPNs & Their Logging Policy (What Logs Are Kept by Who?)
- Which VPN Services Keep You Anonymous in 2018?
- ‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer
- HideMyAss defends role in LulzSec hack arrest
- TLDRLegal - Software Licenses Explained in Plain English
- Some Very Entertaining Plastic, Emulated at the Archive
- Handheld History
- This is what the Internet Archive's building looks like
- CERT-EU News Monitor
- You've never seen anyone climb a wall like this before...
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
070: Facebook and Cambridge Diabolica
21 mars 2018 |
41 min
It’s not fair to describe what happened at Facebook and Cambridge Analytica as a data breach - it’s much worse than that. An autonomous Uber vehicle kills a pedestrian. And sextortion continues to be a serious problem.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by researcher Scott Helme.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Scott Helme.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach
- Revealed: Trump’s election consultants filmed saying they use bribes and sex workers to entrap politicians
- Cambridge Analytica's grab of 50 million Facebook users' data
- Cambridge Analytica controversy: Was there a Facebook data breach?
- Martijn Grooten's GDPR joke
- How To Change Your Facebook Settings To Opt Out of Platform API Sharing
- Uber Halts Autonomous Car Tests After Fatal Crash in Arizona
- Warning from police: scammers solicit nude photos for blackmail
- Warning 'sextortion' on the rise as models used in online blackmail scams
- West Australians targeted on social media in ‘sextortion’ scam
- StartPage Web Search
- Introducing Cloudflare Workers
- The brand new Security Headers Cloudflare Worker
- PGN Piano on YouTube
- Move Forward Guitar on YouTube
- Fretjam on YouTube
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
069: Cryptomining, China, and Bob Ross
14 mars 2018 |
42 min
How come Apple's Mac App Store authorised a buggy app that mined for cryptocurrency in the background? How can a Mosquito attack steal data from an air-gapped computer? And is China keeping score on its social media-loving citizens?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Hawes.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- There’s a currency miner in the Mac App Store, and Apple seems OK with it
- A Surreptitious Cryptocurrency Miner in the Mac App Store?
- MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data
- MOSQUITO earbuds: Jumping air-gaps via speaker-to-speaker communication - YouTube
- Would you choose a partner based on their 'citizen score'?
- China eyes 'black tech' to boost security as parliament meets
- Big data meets Big Brother as China moves to rate its citizens
- How WeChat came to rule China
- The Rubik's Contraption
- 0.38 Second Rubik's Cube Solve - YouTube
- Statista - The Statistics Portal for Market Data, Market Research and Market Studies
- Bob Ross - Wikipedia
- Is there a way to stop certain video suggestions on Youtube? I watched like 3 flat earth videos so I could have a good laugh, and now 90% of the recommended videos are from flattards
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
068: Malware from outer space!
7 mars 2018 |
45 min
If aliens did contact us would it be safe to open the email? Why would MoviePass track film lovers after they leave the cinema? Would you know how to get around Malaysia when your car rental website lets you down? And will Graham please stop talking about text adventure games?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by journalist (and possible spy) James Thomson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: James Thomson.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- Eurozine discusses disinformation and democracy
- Malware from Space
- Interstellar communication. IX. Message contamination is impossible (PDF)
- MoviePass CEO proudly says the app tracks your location before and after movies
- CEO Mitch Lowe Says MoviePass Will Reach 5 Million Subs by End of Year
- MoviePass Privacy Policy
- GET LAMP: The text adventure documentary
- Leather Goddesses of Phobos
- GET LAMP: The Text Adventure Documentary - YouTube
- Infocom: The Documentary - YouTube
- Jacaranda Jim - retro text adventure game by Graham
- Humbug - retro text adventure game for MS-DOS by Graham
- Warrington Cycle Campaign
- Cycle Facility of the Month July 2017
- #WeThePeople LIVE podcast
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
067: Cyber stalking and gun control
1 mars 2018 |
36 min
Incognito mode on your browser not as private as you think, consumer spyware companies get hacked, Graham is accused of "multitasking" in his hotel room, and Carole champions the students of Parkland, Florida.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who recorded without a special guest this week.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- How to go 'Incognito' on your web browser, and what it means
- Your private browsing isn’t as incognito as you want it to be
- Veil is private browsing for the ultra-paranoid
- Hacker Strikes ‘Stalkerware’ Companies, Stealing Alleged Texts and GPS Locations of Customers
- Spy on Your Valentine Using Spy Software
- How stalking has been made easier by the internet and social networks
- Trailer Nite
- Florida student to NRA and Trump: 'We call BS' - YouTube
- March for our lives
- Emma González on Twitter
- Florida Student Who Gave Emotional Gun Control Speech Now Has More Followers Than NRA
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
066: Passwords, pirates, and postcards
21 februari 2018 |
40 min
Flight simulators packed with password-grabbing malware, Facebook fighting Russian trolls, and how vulnerability researchers fear being sued.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest The CyberWire's Dave Bittner.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Dave Bittner.
Sponsored By:
- Rapid7: InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster. You can download a 30-day trial by visiting www.rapid7.com/insightidr
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
Links:
- FSLabs' A320 installer seems to include a Chrome password extraction tool
- Flight Simulator Add-On Tried to Catch Pirates By Installing Password-Stealing Malware on Their Computers
- A320-X DRM clarification - Flight Sim Labs Forums
- FlightSimLabs Alleged Malware Analysis – Luke Gorman
- A320-X DRM - what happened - Flight Sim Labs Forums
- Lawsuits threaten infosec research - just when we need it most
- Facebook plans to use U.S. mail to verify IDs of election ad buyers
- Facebook’s secret weapon in the fight against foreign meddling? Postcards
- Fact-Checking a Facebook Executive’s Comments on Russian Interference
- Punycode - Wikipedia
- IDN Safe for Chrome
- IDN Safe for Firefox
- IDN Safe for Opera
- Firefox users - Spot phishing URL's more easily by enabling Show Punycode
- Privacy.com — (Dave's recommendation, not ours)
- How to remove your credit card information from your iPhone
- Change or remove your Apple ID payment information - Apple Support
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
065: Cryptominomania, Poppy, and your Amazon Alexa
15 februari 2018 |
50 min
Cryptomining goes nuclear, YouTube for Kids gets scary, and TV ads have been given the green light to mess with your Amazon Alexa.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- Rapid7: InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster. You can download a 30-day trial by visiting www.rapid7.com/insightidr
Links:
- Government websites hijacked by cryptomining plugin
- Russian nuclear scientists arrested for allegedly hijacking supercomputer to mine Bitcoins
- Now that's taking the p... Sewage plant 'hacked' to craft crypto-coins
- Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies
- Coinhive review: Embeddable JavaScript Crypto Miner - 3 days in
- Smashing Security 059: An intro to Bitcoin and Blockchain
- YouTube Kids app still showing disturbing videos
- Something is wrong on the internet – James Bridle
- Amazon Echo Dot ad cleared over cat food order
- Broadcast Code - ASA
- Sarah Huckabee Sanders warns Twitter about Amazon Echo after 2-year-old orders $80 Batman toy
- Cat Food (Amazon Echo Commercial) - YouTube
- Dinosaur Chess
- The Furby Organ, A Musical Instrument Made From Furbies - YouTube
- Wintergatan - Marble Machine (music instrument using 2000 marbles) - YouTube
- Poppy introduces a plant - YouTube
- Poppy is a disturbing internet meme seen by millions. Can she become a pop sensation?
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
064: So just a "teeny tiny" security issue then?
7 februari 2018 |
44 min
A Namecheap vulnerability allows strangers to make subdomains for your website, Troy Hunt examines password length, and ex-Google and Facebook employees are fighting to protect kids from social media addiction.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest HaveIBeenPwned's Troy Hunt.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Troy Hunt.
Sponsored By:
- MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING
- Rapid7: InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster. You can download a 30-day trial by visiting www.rapid7.com/insightidr
Links:
- Namecheap Name Server Vulnerability Allows Unauthorized Users to Create Sub-Domains
- That’s not how security works, security is not obscurity
- Update on Recent Hosting Breach - Namecheap Blog
- Have I been pwned? Pwned Passwords
- How Long is Long Enough? Minimum Password Lengths by the World's Top Sites
- Center for Humane Technology
- Adam Alter: Why our screens make us less happy
- Ex Facebook, Google Employees Launch Anti-Tech Campaign
- Social Networking Sites and Addiction: Ten Lessons Learned
- 'Fiction is outperforming reality': how YouTube's algorithm distorts truth
- AlphaGo movie
- In Two Moves, AlphaGo and Lee Sedol Redefined the Future
- Ubiquiti Networks
- Basic Crepe Batter Recipe
- Gateau de crepes
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
063: Carole's back!
1 februari 2018 |
45 min
Fitness trackers breaching your privacy, how anyone can create convincing celebrity porn, and how ransomware authors are getting ripped off by scammers.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- Chess CyberSecurity: Chess CyberSecurity is taking the pulse of the IT nation. Complete their three-minute quiz and you could win amazing prizes - including limited edition t-shirts, wireless headphones, an iPad Pro and a Sony PS4.
Links:
- Strava's Global Heatmap
- Nathan Ruser tweets about Strava's global heatmap
- Privacy of fitness tracking apps in the spotlight after soldiers' exercise routes shared online
- Thar she blows: Strava heat map shows folk on shipwreck packed with 1,500 tonnes of bombs
- Advanced Deanonymization through Strava
- Fake celebrity porn is blowing up on Reddit, thanks to artificial intelligence
- Reddit User Outperforms Disney with AI-Generated Princess Leia
- Fake News Is About to Get Even Scarier than You Ever Dreamed
- Josh Turner of The Other Favorites - YouTube
- The Levee by The Other Favorites - YouTube
- Blood on the Tracks by Bob Dylan
- United denies woman's attempt to bring peacock onto flight
- Dexter The Peacock on Instagram
- Reforestation Drones Can Plant 100K Trees In An Hour
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
062: Tinder spying, Amazon shoplifting, and petrol pump malware
24 januari 2018 |
44 min
Your Tinder swipes can be spied upon, Amazon is opening high street stores that don't require any staff, and Russian fuel pumps are being infected with malware in an elaborate scheme to make large amounts of money.
With Carole on a top secret special assignment, it's left to security veteran Graham Cluley to discuss all this and much much more with special guests David McClelland and Vanja Švajcer.
Follow the "Smashing Security" podcast on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guests: David McClelland and Vanja Švajcer.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- CloudBerry Lab: Backup files, folders and system images to the cloud storage of your choice - with built-in 256 bit encryption ensuring your precious data remains private.
Links:
- Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes
- Tinder drift demo - YouTube
- Using public Wi-Fi - a Smashing Security splinter
- Watchdog Wednesday: WiFi hackers - BBC
- Apple drops requirement for apps to use HTTPS by 2017
- Amazon Go debuts, and its prying cameras foil our shoplifting attempts
- Hacker Infects Gas Pumps with Code to Cheat Customers
- Making Blake's Seven 101 - YouTube
- Jon Alpert Speaks On His Film, "Cuba and the Cameraman" - YouTube
- Review: ‘Cuba and the Cameraman’ Lavishes Love on a Country … and Castro
- CARROT Weather on the iOS App Store
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
061: Fallout over Hawaii missile false alarm
17 januari 2018 |
50 min
User interfaces and poor procedures lead to pandemonium in Hawaii, hackers are attempting to trick victims into opening cryptocurrency-related email attachments, and yet more pox-ridden apps are found in Android's Google Play store.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Paul Ducklin.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
- CloudBerry Lab: Backup files, folders and system images to the cloud storage of your choice - with built-in 256 bit encryption ensuring your precious data remains private.
Links:
- Hawaii's ballistic missile false alarm and a user interface failure
- Hawaii missile alert: How one employee ‘pushed the wrong button’ and caused a wave of panic
- What Hawaii Was Like After the False Nuclear Alarm
- Cryptocurrency as the lure, an ISO as the attachment – why not open it?
- Malware Displaying Porn Ads Discovered in Game Apps on Google Play
- Games with pornographic ads sneak into the Play Store, get 3 million downloads
- Fake WhatsApp app tricked over a million users
- @ruanyf on Twitter's picture of a visual display for a Chinese lavatory
- Police give out infected USBs as prizes in cybersecurity quiz
- IBM distributes USB malware cocktail at AusCERT security conference
- IBM has been shipping malware-infected USB sticks
- Olympus Stylus Tough camera carries malware infection
- Google Arts and Culture app: How to find which famous painting you look like – and why people don't want to
- Google Arts & Culture
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
060: Meltdown, Spectre, and personal devices in the White House
10 januari 2018 |
40 min
The chips are down, as tech companies struggle to protect against the Meltdown and Spectre flaws. The White House is getting tough on leakers by banning personal devices from the West Wing. And someone has been embedding a Bitcoin wallet into their hand...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: David McClelland.
Sponsored By:
- CloudBerry Lab: Backup files, folders and system images to the cloud storage of your choice - with built-in 256 bit encryption ensuring your precious data remains private.
Links:
- Apple fixes the Meltdown and Spectre flaws in Macs, iPhones, and iPads
- Spectre? Meltdown? F*CKWIT? Calm down and make yourself some tea
- Until your anti-virus adds this Registry key, you aren't getting any more Windows security updates
- Important information about Microsoft Meltdown CPU security fixes, antivirus vendors and you
- Ouch! Microsoft's Meltdown and Spectre security update bricks some AMD-powered PCs
- Ripple soars, becomes second-biggest cryptocurrency by market cap
- BICHIP
- Would you store Ripple and Bitcoin in 'mark of the beast' microchip?
- Biohacker Summit 2017 – Uniting Technology & Nature
- Meet the first humans to sense where north is
- White House bans use of personal devices from West Wing
- “Fire and Fury” Is a Book All Too Worthy of the President
- Portal Knights - The award-winning sandbox action-RPG adventure game
- Portal Knights trailer for Nintendo Switch - YouTube
- Focus - Productivity Timer on the App Store
- Casefile: True Crime Podcast
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
059: An intro to Bitcoin and Blockchain
3 januari 2018 |
26 min
In this special "splinter" episode of the "Smashing Security" podcast we take a look at Bitcoin and Blockchain. What's all the fuss about cryptocurrencies? How can you protect your Bitcoin wallet? And how does the Blockchain work?
Lots of questions, and Graham offers to sell his family.
Listen to the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Peter Ullrich of the "Explain Blockchain" podcast.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Peter Ullrich.
Links:
- Bitcoin Resources from Jameson Lopp
- Mastering Bitcoin book by Andreas Antonopoulos
- Explain Bitcoin Like I’m Five
- Bitcoin Exchanges
- Silk Road's Ross Ulbricht sentenced to life in prison, without parole
- Bitcoin Energy Consumption Index
- Jaxx mobile cryptocurrency wallet
- Trezor hardware Bitcoin wallet
- "Explain Blockchain" podcast
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO
20 december 2017 |
43 min
Is Face ID racist? Has Mr Robot infected your Firefox browser? Has Microsoft pushed a buggy password manager onto your Windows PC?
All this and much much more is discussed in the special first birthday edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original co-host Vanja Švajcer.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Vanja Švajcer.
Sponsored By:
- OneLogin: OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don't have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation. Learn more, and download a free guide to identity access management, at www.smashingsecurity.com/onelogin
Links:
- Smashing Security #001: "One cup, two hotel guests" - YouTube
- Mozilla Slipped a ‘Mr. Robot’-Promo Plugin into Firefox and Users Are Pissed
- This Looking Glass/Mr Robot sh*t really p*sses me off - Reddit
- Unknown Mozilla dev addon "Looking Glass 1.0.3" on browser... or is it just malware? - Firefox Support Forum
- Update: Looking Glass Add-on
- Bono and Tim Cook - YouTube
- How to remove Bono and U2 from YOUR f*#!ing iPhone - YouTube
- For 8 days Windows bundled a password manager with a critical plugin flaw
- Disabling Windows 10 Consumer Experience
- How Windows 10 Pro installs unwanted apps (Candy Crush) and how to stop it
- Troy Hunt explains why Face ID Stinks - YouTube
- 10-year-old kid succeeds in unlocking his mum’s iPhone X, with just a glance
- Apple's Face ID tech can't tell two Chinese women apart
- First iPhone X fondlers struggle to admit that Face ID sort of sucks
- Erase 2017 from your brain. Face ID never happened. The Notch is an illusion
- How I Learned to Deal with My Bitcoin FOMO
- Bitcoin FOMO Calculator
- Oh, My Coins! - Database Of Lost Crypto Assets
- Missing: hard drive containing Bitcoins worth £4m in Newport landfill site
- Is Bulgaria sitting on $3.5 BILLION worth of Bitcoin seized from criminals?
- WeCroak on the App Store
- Nose Dance! The Original Nose Twerking Miss Santa Face Paint! - YouTube
- Christmas Nose Twerk! Grinch & Max! - YouTube
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
057: Mikko Hyppönen - live from the sauna - talks Bitcoin security
13 december 2017 |
41 min
How to protect yourself from Bitcoin hackers, why you should think twice before giving Amazon the keys to your house, and how a private investigator tried to hack Donald Trump's tax returns.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mikko Hyppönen from F-Secure.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Mikko Hyppönen.
Sponsored By:
- OneLogin: OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don't have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation. Learn more, and download a free guide to identity access management, at www.smashingsecurity.com/onelogin
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- Mikko Hypponen has his ponytail hair cut. - YouTube
- Cyber Security Sauna podcast
- Louisiana man admits misusing Trump's Social Security number
- One of Your Equifax Hack Protections Expires Soon
- How to protect yourself in the wake of the Equifax data breach
- Larry Flynt offers $10 million for info that could get Trump impeached
- Cryptocurrency Market Capitalizations
- Physical Bitcoins from Denarium
- TREZOR Bitcoin Wallet
- Ledger Wallet
- Amazon drivers forced to deliver 200 parcels a day with no time for toilet breaks while earning less than minimum wage
- Amazon wants a key to your house. I did it. I regretted it
- Black Friday Delivery THIEVES: 1 in 5 UK packages missing as thefts SURGE before Christmas
- Code.org
- The Arcade Blogger
- The Happiness of the Katakuris
- 'Rare Exports: A Christmas Tale' Trailer - YouTube
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
056: Peeping Toms, prison hacks, and parliamentary passwords
6 december 2017 |
41 min
Why you should check your Airbnb for hidden cameras, a hacker attempts a different kind of jailbreak, and British MPs prove that they really are clueless when it comes to cybersecurity.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Ian Whalley.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Ian Whalley.
Sponsored By:
- OneLogin: OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don't have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation. Learn more, and download a free guide to identity access management, at www.smashingsecurity.com/onelogin
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- The lax computer security of British MPs - as detailed in their own tweets
- Nadine Dorries MP tweets about sharing her password
- Hackers attempt to break into UK MPs' email accounts, as Houses of Parliament targeted by cyber attack
- Now criminals are ringing up British MPs to ask them their passwords
- Nadine Dorries MP admits she's always shouting out "What's my password?"
- Will Quince MP admits he leaves his PC unlocked
- Nadine Dorries reveals all MPs have porn on their PCs
- Ann Arbor Man Pleads Guilty to Computer Intrusion Case
- Man Hacks Jail Computer Network to Get Friend Released Early
- Prison hacker who tried to free friend now likely to join him inside
- Court documents (PDF)
- Tweet from Jason Scott
- Smile, you’re on hidden webcam Airbnb TV!
- What are Airbnb’s rules about electronic surveillance devices in listings?
- Colorise Bot (@colorisebot) on Twitter
- The science behind @Colorisebot
- The Leftovers
- Little Alchemy 2
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
055: Uber, net neutrality, and website hacks
30 november 2017 |
28 min
Uber covers up a data breach, the noose tightens on net neutrality, and Bulletproof's website spills the data beans.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by umm.. nobody because they didn't arrange a special guest.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- Uber paid hackers $100,000 to keep data breach quiet
- Bulletproof breach notification letter to customers (PDF)
- Bulletproof Coffee lacks bulletproof security: Nerd brain juice biz hacked, cards gulped
- Net Neutrality: What You Need to Know Now
- Racist, threatening attacks on FCC Chair Ajit Pai won't save net neutrality
- Americans are spending Thanksgiving fighting for net neutrality
- An update on the fight for the free and open internet
- Google YouTube Keyboard Shortcuts
- Tom Baker returns to finish shelved Doctor Who episodes penned by Douglas Adams
- Bitcoin: How Does it Work? (Roger Ver Interview)
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
054: A great big fat macOS bug
29 november 2017 |
8 min
Yes, you can log into macOS High Sierra's root account with no password.
In this special "emergency" edition of the podcast computer security veterans Graham Cluley and Carole Theriault discuss the breaking news of a serious Apple macOS bug that allows anyone to log into your Mac with root admin rights, without having to enter a password.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Links:
- Tweet by Lemi Ergin
- Huge MacOS bug lets anyone login as root without a password: what you need to know
- How to enable the root user on your Mac or change your root password - Apple Support
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
053: Game of Thrones, a major Amazon cloud leak, and web tracking gone crazy
22 november 2017 |
41 min
The FBI think they've identified the HBO hacker, the US military have been caught with a leaky bucket, and web tracking has just got scarier than ever.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Iain Thomson.
Links:
- Uber paid hackers $100,000 to keep data breach quiet
- HBO offered its hackers $250,000 after attack, leaked email claims
- Game of Thrones stars’ personal phone numbers leaked, as HBO hackers attempt to extort ransom
- Smashing Security 037: Boobs, dragons and data breaches
- Iranian ‘Game of Thrones’ Hacker Demanded $6 Million Bitcoin Ransom From HBO, Feds Say
- Sealed Indictment
- Over 400 of the World's Most Popular Websites Record Your Every Keystroke, Princeton Researchers Find
- No boundaries: Exfiltration of personal data by session-replay scripts
- Data release: list of websites that have third-party “session replay” scripts
- The dark side of Replay Sessions that record your every move online
- Shark Attack 3 - That Famous Line (NSFW!)
- Father Ted: Dougal the Milkman & the Booby Trap
- Paddington 2 - the movie
- Paddington Bear, Singin' in the rain
- Baby Driver - the movie
- Baby Driver - 6-Minute Opening Clip
- Mathmos Lava Lamps
- Tom Scott's How Lava Lamps Keep the Internet Secure
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
052: Facebook tackles vengeful scumbags, and a sex toy privacy boob
15 november 2017 |
39 min
Is your dildo listening to you? Do you trust Facebook with your most intimate photos? And just how did a vengeful DDoSer come up with that nickname?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Hawes.
Sponsored By:
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- Give Facebook your nude pics to tackle revenge porn
- The Facts: Non-Consensual Intimate Image Pilot
- Using Technology to Protect Intimate Images and Help Build a Safe Community
- Sex toy company admits to recording users' remote sex sessions, calls it a 'minor bug'
- PSA: Lovense remote control vibrator app recording "private" sessions without express permission
- Hack a BT Low Energy (BLE) butt plug
- Man Uses DDoS-for-Hire Services to Attack Former Employer, Taunts Firm via Email
- Google's Inactive Account Manager
- Lee Valley Tools - Woodworking Tools, Gardening Tools, Hardware
- Snap Circuits
- What is Snap Circuits? - YouTube
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
051: Robots, romance, passwords, and CrunchyRoll
9 november 2017 |
42 min
Passwords are under the microscope again, CrunchyRoll leads anime fans to malware, a sexy robot gains Saudi citizenship, and Carole begins her career as an agony aunt.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- LastPass reveals the threats posed by passwords in the workplace
- One in five security professionals still uses paper to manage privileged passwords
- Passwords - a Smashing Security splinter
- PSA : Don't enter crunchyroll.com at the moment, it seems they've been hacked
- Blaze's Security Blog: CrunchyRoll hack delivers malware
- Crunchyroll.com update
- Meet Sophia: The first robot declared a citizen by Saudi Arabia - YouTube
- Hot Robot At SXSW Says She Wants To Destroy Humans
- Saudi Arabia has a new citizen: Sophia the robot. But what does that even mean?
- Japan Has Just Granted Residency To An AI Bot In A World First
- Mythbuster seeks cash for roller skates to wear in virtual reality
- Jamie Hyneman's Electric Shoes - YouTube
- Swear Trek (@swear_trek) on Twitter
- Swear Who (@swear_who) on Twitter
- Stranger Things: The Game on the iOS App Store
- Stranger Things: The Game on Google Play
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
050: MailChimp, Piers Morgan, and The Dark Overlord
2 november 2017 |
43 min
There's little time to celebrate our 50th episode, because there are rants to be had about MailChimp's switch to single opt-in, Graham upsets Piers Morgan on Twitter, and the Dark Overlord hacking gang are up to some pretty horrid tricks.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who didn't bother to organise a special guest this week.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
- Enterskekt: Entersekt develops authentication and mobile security solutions that make the internet a safer place to bank and shop. Join Entersekt's webinar which promises to tell you EVERYTHING you need to know about "The secret key to PSD2 compliance" by visiting https://www.smashingsecurity.com/entersekt
Links:
- Graham declines to appear on Good Morning Britain
- Piers Morgan responds to Graham
- Piers Morgan tells Leveson: Daily Mirror did not hack phones
- Piers Morgan told me how to hack a phone, says Jeremy Paxman
- Daily Mirror owners must pay £1.2m to celebrity phone-hacking victims
- Wendi Deng protects Rupert Murdoch from custard pie
- I can no longer recommend MailChimp
- Mailchimp backtracks on all their recommendations, enforcing single opt-in
- Massive email bombs target government email addresses
- Smashing Security: GDPR - The good and the bad
- Another Hollywood studio is hacked by The Dark Overlord
- Hackers hit plastic surgery, threaten to release patient list and photographs
- ‘Dark Overlord’ Hackers Text Death Threats to Students, Then Dump Voicemails From Victims
- "Saved you a click" on Reddit
- Google CEO to fix burger emoji after heated debate cooks up on Twitter
- "Get Me Roger Stone"
- Pencil Grip
- Ignite Elite - Rechargeable USB Flameless Lighter
- Smashing Security: Bonus behind the scenes - shower time
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
049: Hacking funeral homes, crypto mining websites, and careful with that hairspray
25 oktober 2017 |
45 min
Scammers show a lack of imagination after hacking a funeral home, more websites are secretly stealing visitors' resources to mine for cryptocurrency, and everyone is very confused about the USA's airline laptop ban.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's John Leyden.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Leyden.
Sponsored By:
- Enterskekt: Entersekt develops authentication and mobile security solutions that make the internet a safer place to bank and shop. Join Entersekt's webinar which promises to tell you EVERYTHING you need to know about "The secret key to PSD2 compliance" by visiting https://www.smashingsecurity.com/entersekt
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- Local funeral home gets hacked in the middle of the night leaving employees without access
- Local business' Yahoo! account hacked
- Smashing Security: 014: Protecting webmail
- Stealth web crypto-cash miner Coin Hive back to the drawing board as blockers move in - The Register
- Cryptocurrency mining affects over 500 million people. And they have no idea it is happening.
- Laptops and tablets have been banned from being used on 56 routes to the US
- Laptop ban: How it works, what devices are forbidden on flights
- Questions and answers on proposed ban on laptops in luggage - The Washington Post
- Inspire Candle - Twelve South
- BBC Two - The Detectives: Murder on the Streets
- This Chrome extension blocks audio and video autoplay on any website
- Autoplay blocking is coming to Chrome
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
048: KRACK, North Korea, and an 18th century cyber attack
18 oktober 2017 |
34 min
KRACK! Has the Wi-Fi vulnerability got you worried? Did North Korea hack a British TV company to prevent a "slanderous farce" from being made? And what have Dutch police learnt from Pokémon?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Virus Bulletin's Martijn Grooten.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Martijn Grooten.
Sponsored By:
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- UK TV drama about North Korea hit by cyber-attack - BBC News
- The World Once Laughed at North Korean Cyberpower. No More. - The New York Times
- Naked Attraction: Channel 4 show returns and viewers observe 'missing detail' on female contestants | The Independent
- 'Krack' wi-fi breach means every modern network and device is vulnerable to hack, researcher says - The Independent
- KRACK Attacks: Breaking WPA2
- KRACK Wi-Fi attack - the rules haven't changed
- Policing in the future uses citizen detectives, Pokémon Go-like app
- Politiepokémon op komst - Telegraaf.nl
- Blokus - Wikipedia
- Blokee - Inspired by Blokus - Online Board Game
- The crooked timber of humanity - 1843 Magazine
- The Victorian Internet - tomstandage.com
- Watch 100 people try to eat durian, a fruit that smells like hot garbage
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
047: Kaspersky, AI, and a well-handled data breach
11 oktober 2017 |
41 min
America turns the heat up on Kaspersky anti-virus, Disqus announces a data breach, Elon Musk plans a bolthole on Mars to escape our robot overlords, and Graham gets to play chess with Garry Kasparov.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: David McClelland.
Sponsored By:
- NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker. Download a free demo now.
Links:
- Altered Images - Happy Birthday
- Graham met Garry Kasparov
- Graham about to lose a game of chess to Garry Kasparov
- Sign in Office Depot store (via @gadievron on Twitter)
- Kaspersky accused of close ties to sauna-loving Russian spies
- Russian Hackers Stole NSA Data on U.S. Cyber Defense - WSJ
- What is Kaspersky's role in NSA data theft? Here are three likely outcomes - ZDNet
- Eugene Kaspersky says U.S. government can examine his company's source code
- McAfee joins the anti-Kaspersky witch hunt in shitty attempt to sell a few boxes
- Disqus security alert: User info breach
- Disqus reveals data breach, but wins points for transparency – HOTforSecurity
- It's 4PM on Friday, almost time to log off and, oh look, Disqus says it's been hacked - The Register
- A World Leader in AI Just Established an Ethics Committee for Artificial Intelligence
- The Artificial Intelligence Revolution: Part 1 - Wait But Why
- Open Letter on Autonomous Weapons - Future of Life Institute
- Sam Harris: Can we build AI without losing control over it? - TED Talk
- Elon Musk’s Billion-Dollar Crusade to Stop the A.I. Apocalypse - Vanity Fair
- Artificial Intelligence Is Our Future. But Will It Save Or Destroy Humanity?
- Artificial Intelligence - Internet Encyclopedia of Philosophy
- Google's AI Chief Is 'Definitely Not Worried About the AI Apocalypse
- Elon Musk is wrong. The AI singularity won't kill us all
- Robots - Flight of the Conchords
- "SEAGULLS! (Stop It Now)" -- A Bad Lip Reading of The Empire Strikes Back - YouTube
- David Stranack's post on the Smashing Security Facebook group
- TimeScapes by Nigel Stanford
- CYMATICS: Science Vs. Music - Nigel Stanford
- AUTOMATICA - Nigel Stanford
- Automatica Robot tests
- Comrade Detective - Wikipedia
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
046: Good beard bad beard
4 oktober 2017 |
38 min
Bearded man entangled in dark web drugs market bust, Google researches how to make browser security warnings less confusing, and (ahem) "bedroom entertainment systems" probed for security holes.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Rich Baldry.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Rich Baldry.
Links:
- Feds catch a lord of the 'dark web' suspected of drug deals - Miami Herald
- Trip to world beard competition ends in arrest for alleged dark web drug dealer - The Guardian
- Austin Facial Hair Club
- The World Beard and Moustache Championships
- Glorious Portraits from the 2017 World Beard And Mustache Championship
- Where the wild warnings are: Root causes of Chrome HTTPS certificate errors [PDF]
- Screwdriving. Locating and exploiting smart adult toys - Pen Test Partners
- Wi-Fi sex toy with built-in camera fails penetration test - The Register Forums
- Topo by Ergodriven
- Dirk Gently's Holistic Detective Agency - IMDb
- Dead roach in Utah man’s milkshake becomes Twitter hero - KSL.com
- Trevor The Roach: A Tribute Movie
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
045: Deloitte fail, CCleaner, and dotards on Twitter
27 september 2017 |
36 min
Deloitte suffers an embarrassing hack, CCleaner spreads malware, and Twitter explains why it isn't planning to ban Donald Trump from Twitter anytime soon.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Phil Wood of Cisco.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Phil Wood.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- Graham Cluley on Twitter: "Turns out I slept in a cheesegrater last night"
- Deloitte hit by cyber-attack revealing clients’ secret emails - The Guardian
- Source: Deloitte Breach Affected All Company Email, Admin Accounts — Krebs on Security
- Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' • The Register
- CCleanup: A Vast Number of Machines at Risk - Talos Intelligence blog
- CCleaner Command and Control Causes Concern - Talos Intelligence
- North Korean Minister: Trump's 'Declaration Of War' Means N.K. Can Shoot Down U.S. Bombers - NPR
- Twitter PublicPolicy on Twitter
- The Twitter Rules - Twitter Help Center
- Wildergorn colour-in posters
- Star Trek: Discovery - CBS
- Rick and Morty - Wikipedia
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
044: Bonus behind the scenes - shower time
25 september 2017 |
7 min
Carole wants to know why Graham keeps FaceTiming her from the shower.
Can you help solve the mystery?
("Bonus" behind-the-scenes content.)
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
043: Backups - a necessary evil?
20 september 2017 |
29 min
In this special "splinter" episode of the "Smashing Security" podcast we tackle the tricky subject of backups - when did you last backup your data? how and what should you backup? and where should you store them?
Lots of questions and Graham gets to do his Tina Turner impression.
Listen to the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- Tina Turner - Private Dancer - YouTube
- The Ed Sullivan Show - 'Baranton Sisters' - “Foot Jugglers” (Aired February 2, 1969) - YouTube
- How to create a robust data backup plan (and make sure it works)
- How to back up your iPhone, iPad, and iPod touch - Apple Support
- How to back up your Android phone or tablet: The ultimate guide
- Crashplan stops offering its consumer backup solution
- Carbonite cloud backup
- Backblaze Online Backup
- Mozy Cloud Storage & Backup
- Amazon Glacier
- CloudBerry Lab - Cross-Platform Cloud Backup
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
042: Equifax, BlueBorne, and the iPhone X
13 september 2017 |
46 min
Equifax's shambolic response to its huge data breach, a scary-sounding Bluetooth exploit, and Apple's iPhone X comes with Face ID.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik of AlienVault.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Javvad Malik.
Sponsored By:
- Rapid7: Identifying, prioritizing and managing vulnerabilities all the way through to remediation is not only possible, it can be simple. Right now. Build a vulnerability management program that works for you with Insight VM, by Rapid7. Get started with your free 30 day trial now.
Links:
- We tested Equifax's data breach checker — and it's basically useless | ZDNet
- Equifax hack: 44 million Britons' personal details feared stolen in major US data breach
- "The front page of Equifax's UK website. They don't seem to have room to mention the data breach affecting up to 44 million Brits." - Twitter
- Chatbot lets you sue Equifax for up to $25,000 without a lawyer - The Verge
- How to protect yourself in the wake of the Equifax data breach
- Ayuda! (Help!) Equifax Has My Data! — Krebs on Security
- BlueBorne Information from the Research Team - Armis Labs
- The five biggest questions about Apple’s new facial recognition system - The Verge
- Can the government force you to unlock your own phone? | The Guardian
- UK police have a new tactic to circumvent strong iPhone encryption: steal the unlocked phone out of the criminal’s hand | 9to5Mac
- Chessable
- The science that makes chess learning easier - Chessable.com
- You can actually be allergic to exercise - Pop Science
- Dr Mandell's Push and Pull Technique (20-Second Neck Pain Relief) - YouTube
- It's all about the Squinch! - YouTube
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
041: Hacking Instagram, facial failures, and spying bosses
7 september 2017 |
46 min
It's easy to phone up a celebrity on Instagram following security breach, facial recognition at Notting Hill Carnival can't tell the girls from the boys, and companies are spying on their workers' activities.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest David Bisson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: David Bisson.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- "Who Is Marcus Hutchins?" — Krebs on Security
- Ahem, Kim Kardashian Is Naked Up A Tree - Huffington Post
- Hackers Claim Apparent Instagram Fightback Will Not Stop Them From Selling Stolen ‘Doxagram’ Data - The Daily Beast
- A Note on Security from Instagram’s CTO - Instagram Blog
- London police’s use of facial recognition falls flat on its face – Naked Security
- Misidentification and improvised rules - we lift the lid on the Met's Notting Hill facial recognition operation - Liberty
- Statement from police commander for Notting Hill Carnival 2016 - Metropolitan Police
- UK govt steams ahead with £5m facial recog system amid furore over innocents' mugshots - The Register
- ECHR court reverses ruling on sacking over private messages - BBC News
- Monitoring at work - UK Citizens Advice
- Through the Keyhole: Privacy in the Workplace, an Endangered Right - American Civil Liberties Union
- Employers, Schools, and Social Networking Privacy - American Civil Liberties Union
- The Big Sick (2017) - IMDb
- Group Therapy Radio | Streaming live every Friday - YouTube
- Above & Beyond - SoundCloud
- Above & Beyond present Group Therapy 250
- How To Fix a Toilet And Other Things We Can't Do Without Search
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
040: The show that cost Troy Hunt 14 dollars
30 augusti 2017 |
48 min
Are public figures lying about being hacked? What were online criminals doing with 711 million email addresses? And how could scammers profit from Hurricane Harvey?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Troy Hunt.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Troy Hunt.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- Trump appointee says for the 'past several years' he has been the victim of 'multiple cyber attacks' — Graham Cluley.
- Trump appointee: Comment calling Obama's mother a 'w@!re' result of 'Internet crimes' against me — CNN.
- Inside the Massive 711 Million Record Onliner Spambot Dump — Troy Hunt.
- Have I been pwned? — Check if your email has been compromised in a data breach
- Harvey Hoax: There are no sharks on Houston's flooded freeways — WCVB 5.
- Photo of planes at flooded Houston airport is a fake — Daily Mail.
- Charity Listing - BBB Wise Giving Alliance — Give.org.
- Wise giving in the wake of Hurricane Harvey — FTC.
- The Phoenix Comic
- Little Ripper Lifesaver Drones Spot Sharks Electronically — YouTube.
- ChirpChange
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
039: Woah - are we talking to a cyborg?
24 augusti 2017 |
46 min
Hackers could change emails in your inbox after they are delivered, the web is getting more and more encrypted, and hacked robots can be commanded to umm... stab you.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by researcher Scott Helme.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Scott Helme.
Sponsored By:
- Rapid7: Identifying, prioritizing and managing vulnerabilities all the way through to remediation is not only possible, it can be simple. Right now. Build a vulnerability management program that works for you with Insight VM, by Rapid7. Get started with your free 30 day trial now.
Links:
- Introducing the ROPEMAKER Email Exploit — Mimecast.
- Did ROPEMAKER just unravel email security? Nah, it's likely a feature — The Register.
- Measuring HTTPS adoption on the web [USENIX 17] — Research presented by Adrienne Porter Felt (Google) and April King (Mozilla).
- Alexa Top 1 Million Analysis - August 2017 — Scott Helme's report.
- ALPHA 2, The World's First Humanoid Robot for the Family — YouTube.
- UBTech Alpha 2 turns Chucky — YouTube
- Researchers warn against 'hackable' robots — IT Pro.
- Overcooked — Team 17.
- "Could you be paying for things using just your hand? — BBC Click on Twitter.
- 250,000 Dominoes - The Incredible Science Machine — YouTube.
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
038: Gents! Stop airdropping your pics!
17 augusti 2017 |
45 min
WannaCry hero Marcus Hutchins (aka MalwareTech) pleads not guilty to malware charges, the Scottish parliament is hit by a brute force attack, IoT smart locks aren't so smart, and.. ahem.. someone is sending intimate pics via AirDrop to unsuspecting commuters.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Geoff White.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- "The Secret Life of Your Mobile Phone" — Geoff White's show at the Edinburgh Festival Fringe
- MalwareTech is back online, as he pleads not guilty to Kronos malware charges — Graham Cluley.
- Scottish parliament hit by cyber-attack similar to Westminster assault — The Guardian.
- Hackers try to break into Scottish parliament email accounts weeks after Westminster attack — Graham Cluley.
- Blocking Brute Force Attacks — Advice from OWASP.
- Hundreds of 'smart' locks bricked by flubbed remote update — Graham Cluley.
- Friendly neighborhood hacker helps family regain access to locked car — Graham Cluley.
- AirDropping penis pics is the latest horrifying subway trend — New York Post.
- Is there a way to view AirDrop transfer history? — Apple Support community.
- What Is AirDrop? How Does It Work? — Lifewire.
- Exposing yourself is illegal - so why should the law tolerate cyber-flashing on online dating apps? — The Independent.
- Saint Louis Rapid & Blitz — Grand Chess Tour.
- Amazon's LoveFilm postal rentals is shutting down — Radio Times.
- "Waking up with Sam Harris"
- Smashing Security podcast on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
037: Boobs, dragons and data breaches
9 augusti 2017 |
38 min
Hackers are holding HBO to ransom after a massive data breach, and have leaked the phone numbers and email addresses of "Game of Thrones" cast members. Has security firm Carbon Black been leaking customers's sensitive files while trying to scan them? And Disney's mobile apps are accused of spying on kids...
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Hawes.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- FBI arrests WannaCry's 'accidental hero' in connection with Kronos banking trojan
- HBO hack ransom note: Watch the video, set to Game of Thrones music
- Game of Thrones stars' personal phone numbers leaked, as HBO hackers attempt to extort ransom
- Markus Ueberall's tweet
- Movie studio tells all about Dark Overlord's leak of 'Orange Is the New Black'
- Harvesting Cb Response Data Leaks for fun and profit | DirectDefense
- DirectDefense Incorrectly Asserts Architectural Flaw in Cb Response | Carbon Black — Carbon Black responds.
- Children's Online Privacy Protection Rule ("COPPA") | Federal Trade Commission
- Parents claim Disney gobbled up kids' info through mobile games • The Register
- Adult Life Skills (2016) - IMDb
- Intelligence (Canadian TV series) - Wikipedia
- Secrets, Crimes & Audiotape
- BBC Radio 4 - Seriously...
- Smashing Security podcast on Facebook
- Smashing Security online store
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
036: Flash? Clunk flush... and hacking security researchers
3 augusti 2017 |
45 min
A security threat researcher is badly hacked in a revenge attack. Some people want to save Adobe Flash, but is that wise? And a poorly-secured electronic billboard starts displaying offensive images...
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Maria Varmazis.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- Hackers Leak Data From Mandiant Security Researcher in Operation #LeakTheAnalyst — Bleeping Computer.
- Hackers kick off #leaktheanalyst campaign by dumping data of $1bn security firm — The Next Web
- LinkedIn profile of a Mandiant employee — Warning - contains image of hairy bottom. This is really here just for Maria.
- How to choose a strong password - simple tips for better security — YouTube video from 2009, featuring Graham (and filmed by Carole). So, who remembered correctly what we actually said in the video?
- Smashing Security podcast: Protecting webmail — A Smashing Security splinter.
- Flash & The Future of Interactive Content — Adobe.
- Petition to open source Flash and Shockwave — Github.
- Adobe Flash Fans Want a Chance to Fix Its One Million Bugs Under an Open Source License — Gizmodo.
- Hackers hijack central Cardiff billboard to display swastikas and more... — Graham Cluley.
- Hackers plant obscene image on electronic billboard in Atlanta — Graham Cluley.
- Motorists warned of Dalek invasion by hacked road sign — Naked Security.
- How to Lock Down TeamViewer for More Secure Remote Access — How-To Geek.
- Long Distance — Reply All podcast by Gimlet Media.
- Tickled movie — Wikipedia.
- Tickled documentary to air on HBO with bonus follow-up special — The A.V. Club.
- Clock face with actual human face uses eyes to tell time — Mashable.
- Picture of Carole's clock (which Graham hates) — Twitter.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
035: Up the Roomba with mandatory Chinese spyware
26 juli 2017 |
37 min
China is forcing people to install smartphone spyware, young cyberoffenders are offered rehab, and robot vacuum cleaners want to sell maps of the inside of your house to tech firms.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dan Ring.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Dan Ring.
Sponsored By:
- Rapid7: Identifying, prioritizing and managing vulnerabilities all the way through to remediation is not only possible, it can be simple. Right now. Build a vulnerability management program that works for you with Insight VM, by Rapid7. Get started with your free 30 day trial now.
Links:
- Xinjiang Users Arrested over State Spyware Usage — Infosecurity Magazine
- China crams spyware on phones in Muslim-majority province — The Register.
- Rehab camp aims to put young cyber-crooks on right track — BBC News.
- Roomba vacuum maker iRobot betting big on the 'smart' home — Reuters.
- iRobot Wants to Sell Mapping Data Collected by Roomba Vacuums to a Tech Company Like Apple — Mac Rumors.
- Griffin BreakSafe Magnetic USB C Charging Cable — To make your upgraded MacBook Pro a little less of a downgrade.
- USB-C MagSafe - Will it work!?!? — iJustine's video on YouTube.
- Chipotle Blames Norovirus Outbreak on a Sick Employee — Pick of the week?
- Jim'll Paint It — See what Microsoft Paint can do in the hands of a genius.
- MS Paint is here to stay — Microsoft.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
034: The pen is mightier than the password
20 juli 2017 |
49 min
The UK government wants you to give your credit card details to porn sites, Ashley Madison offers compensation to the people whose lives it ruined, and an adult website wants you to pass its unorthodox and below-the-belt biometric identity check... gulp!
All this and Myspace, Google Glass, Fleabag, and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: David McClelland.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- BBC One - X-Ray, Summer Specials, Photography Special — Watch David McClelland on iPlayer if you're in the UK. There may also be ways of watching this outside the UK. We couldn't possibly comment...
- Vladimir Putin Cut From Two Upcoming Hollywood Movies — Hollywood Reporter
- It's not Yourspace, it's Myspace — Leigh-Anne Galloway shares her research on Myspace's diabolical security.
- Myspace fixes account security hole - but delete your account anyway
- The UK will block online porn from next year. Here's what we know — Wired
- Ashley Madison will pay $11.2 million to data breach victims — Engadget
- You can now use a dick pic as a password. Why, god? Why. — Mashable
- Nasty Bug Left Thousands of Internet of Things Devices Open to Hackers — Motherboard
- Millions of IoT devices at hacking risk due to flaw in open source software library — Bitdefender Box blog
- Meet the Thirteenth Doctor Who — YouTube.
- Fleabag — Sadly there is no way at all for anyone outside the UK to watch shows on BBC iPlayer. Definitely not. Nope. No way at all. Impossible.
- IRL Podcast: Online Life is Real Life — Mozilla's new podcast
- Google Glass is officially back with a clearer vision — Engadget
- Black Mirror: The Entire History of You — We didn't mention it on the podcast, but this episode of "Black Mirror" includes the new Doctor Who - Jodie Whittaker.
- This Startup Wants to Replace Your Office With 3D Holograms - Bloomberg — Article about Meta, which is testing augmented reality technology on its employees
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
033: 1Password, net neutrality, and spatchcock chicken
13 juli 2017 |
42 min
Is password manager 1Password treating its customers unfairly? Are autonomous cars driving us around the bend? And what is this Net Neutrality thing anyway?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks from PC Pitstop.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Michael Hucks.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- sweetsweet — Michael's band.
- Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud — Motherboard report.
- 1Password irks security experts in push toward cloud-based vaults — AppleInsider report.
- Are local vaults going to exist for the foreseeable future? — AgileBits Support Forum — 1Password's support forum.
- 1Password wants you to sync via the cloud, but won't force you
- The new Audi A8 luxury sedan is a high-tech beast that can drive itself — The Verge.
- Tesla owners are ignoring autopilot safety advice and putting the results on YouTube — The Verge.
- The biggest threat facing connected autonomous vehicles is cybersecurity — TechCrunch.
- Join the Battle for Net Neutrality
- The coming battle over 'net neutrality' — BBC News
- The FCC Insists It Can't Stop Impostors From Lying About My Views On Net Neutrality — Karl Bode isn't very happy in this Techdirt article.
- A Bot Is Flooding The FCC Website With Fake Anti-Net Neutrality Comments... In Alphabetical Order — Arnold Aardvark isn't a fan of net neutrality apparently.
- Alexa calls cops on man allegedly beating his girlfriend — Horrendous report from the New York Post, but for once Amazon's Alexa sounds like it did some good.
- Southern Rail on Twitter — Eddie takes over Southern Rail's Twitter account.
- Work experience boy runs Southern Rail's Twitter account — Sky News.
- The Red Pill movie — Wikipedia.
- Rapidfire Chimney Starter — Weber.
- Griddled spatchcock poussins with shallot vinaigrette recipe — Apparently Carole makes a mean one of these, although we've only got her word for it.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
032: The iPhone 8, a data breach at the AA, and a mystery no show
6 juli 2017 |
35 min
The iPhone 8 is on its way and may use 3D facial recognition rather than a fingerprint sensor to lock out intruders, and the UK's Automobile Association claims it hasn't leaked any credit card data, so why is it getting so upset about security researchers publishing screenshots of leaked data?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by umm.. nobody.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
Links:
- Yes - despite what it says - AA customer credit card data was exposed
- Apple Readies iPhone Overhaul for Smartphone’s 10th Anniversary - Bloomberg
- The World's Blackest Material - An Inside Look At Vantablack — YouTube video.
- About Touch ID advanced security technology - Apple Support
- He thought a book would stop a bullet and make him a YouTube star. Now he’s dead. - The Washington Post
- Firik Sleep Headphones — For those of you who want to look like John McEnroe when you're snoozing in bed.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
031: Petya (don't know the name of this ransomware)
29 juni 2017 |
45 min
Another major ransomware outbreak rattles the world - but no-one can decide what it's called, the danger posed to driverless cars by kangaroos, and do you really want an Amazon Echo Show?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest David Bisson.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: David Bisson.
Sponsored By:
- Rapid7: Identifying, prioritizing and managing vulnerabilities all the way through to remediation is not only possible, it can be simple. Right now. Build a vulnerability management program that works for you with Insight VM, by Rapid7. Get started with your free 30 day trial now.
Links:
- Martijn Grooten on Twitter: "Seriously injured man lies next to tree..." — Martijn seems to be suggesting the infosecurity industry might have the wrong priorities.
- Global ransomware outbreak hits organisations hard
- Cybereason discovers NotPetya kill switch — You might want to create a file called "perfc" in your Windows folder.
- Info on the PetrWrap/Petya ransomware: Email account in question already blocked since midday — Don't pay the ransom folks...
- Driverless cars: Kangaroos throwing off animal detection software — Cripes!
- How Flying Cars Will Boost Intel, Uber and Airbus
- Amazon’s New Echo Show Is Very Cool And A Little Creepy
- [PSA] Intercom (drop-in) does require calling to be enabled and needs access to your contact list
- Malicious Life podcast — Interviewing Graham Cluley, Vesselin Bontchev, and others about the early days of malware.
- 50th anniversary of the ATM opens debate about mobile payments
- Why Was The World's First Cash Machine In Enfield?
- "On The Buses" - YouTube — Starring Reg Varney, famous for being one of the first people in the world to use an ATM.
- The Bright Sessions podcast
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
030: GDPR - The good and the bad
22 juni 2017 |
27 min
In this special "splinter" episode, regular hosts Graham Cluley and Carole Theriault are joined by special guest Kevin Gorsline to discuss the European Union's General Data Protection Regulation (GDPR), and what it means for your business even if you're not based in Europe.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Kevin Gorsline.
Links:
- The EU's GDPR legislation — A gentle read before bedtime...
- EU data protection rules affect everyone, say legal experts — The EU's new data protection rules will impact every entity that holds or uses European personal data both inside and outside of Europe, according to legal experts.
- Preparing for GDPR - 12 steps to take now (PDF) — Advice from the UK's Information Commissioner's Office.
- EU GDPR demystified: a straight-forward guide for US firms (Part I) – — Our own Carole Theriault writes about GDPR on the TBG Security blog.
- EU GDPR demystified: a straightforward reference guide for US firms (Part II) — More from Carole Theriault on the TBG Security blog.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
029: Exploits to get your English teeth into
15 juni 2017 |
38 min
Microsoft gives us a Patch Tuesday shock, malware grows up for the Mac, and your mouse movements might reveal if you're an identity thief.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik of AlienVault.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Javvad Malik.
Sponsored By:
- Foursys: IT security professionals! Register for your free place at SecureTour17, being held at Manchester United's Old Trafford stadium on July 6 2017, and hear security experts (and Graham) talk about threats and the latest technology to fight them.
Links:
- June 2017 security update release — Microsoft reveals it is releasing security updates for older versions of Windows that are no longer officially supported.
- Microsoft security advisory — Guidance related to June 2017 security update release.
- Microsoft security advisory - guidance for older platforms
- MacSpy: OS X RAT as a Service — Information from experts at AlienVault on the MacOS malware-as-a-service threat.
- MacRansom: Offered as Ransomware as a Service — Fortinet's analysis of MacRansom.
- Identity theft can be thwarted by artificial intelligence analysis of a user's mouse movements — Your mouse movements can indicate whether you're lying.
- The detection of faked identity using unexpected questions and mouse dynamics — Check out the technical paper by Monaro, Gamberini and Sartori.
- Rude security video from Javvad Malik — Why spend thousands on complex and innovative security awareness activities, when all you need to do, is train your staff to be rude.
- Divide and conquer: How Microsoft researchers used AI to master Ms. Pac-Man - Next at Microsoft — Microsoft's researchers have been busy...
- Video of Microsoft's Ms Pac Man-playing AI.
- Max Hawkins's website — "For the past two years I’ve been letting randomized computer programs decide what I do."
- Eager To Burst His Own Bubble, A Techie Made Apps To Randomize His Life — NPR take a look at the odd lifestyle of Max Hawkins.
- The Dice Man — 1971 novel by Luke Rhinehart.
- Logitech finally finds a good use for wireless charging: A mouse pad — Would you buy one of these? Seriously?
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
024: Reality Winner, Gordon Ramsay and a leaky bucket
7 juni 2017 |
38 min
Evidence of Russia hacking the US election leaks from the NSA and Reality is not a winner, confidential data is accidentally exposed in the cloud by a defence contractor, and Gordon Ramsay has a few choice words for his hacking father-in-law.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Ian Whalley.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Ian Whalley.
Sponsored By:
- iovation: iovation is offering Smashing Security listeners a free demonstration of its mobile multifactor solution product, LaunchKey, which can be built into your mobile apps, websites and online services to provide a simple, streamlined remote login function.
Links:
- The classic era Smashing Security team... reunited at Infosec — Graham and Carole bumped into someone called Vanja Svajcer at the Infosec show in London, and couldn't resist getting a selfie.
- Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election — The Intercept report which kicked everything off.
- Affidavit in support of application for Reality Winner's arrest warrant — Read the PDF for yourself.
- How The Intercept might have helped unmasked Reality Winner to the NSA — David Bisson writes on grahamcluley.com.
- How The Intercept Outed Reality Winner — Robert Graham's blog post about the really rather hard-to-see little yellow dots.
- Defense contractor stored intelligence data in Amazon cloud unprotected — Booz Allen Hamilton engineer posted geospatial intelligence to Amazon S3 bucket.
- Gordon Ramsay's father-in-law jailed over hacking plot — BBC News Online.
- Gordon Ramsay the hypocrite: How TV chef defended sharks... but previously caught two rare ones for fun — The controversial Daily Mail article that included pictures stolen from Gordon Ramsay's email account.
- Malcolm Tucker's best insults (Explicit) — YouTube clips from BBC's "The Thick of It". Not for young ears or the easily offended...
- Smashing Security: 014: Protecting webmail - a Smashing Security splinter — In this podcast we run through our tips on how to better secure your web-based email accounts. Chances are that you're not doing all of these!
- Smashing Security: Passwords - a Smashing Security splinter — Password best practices explained in our podcast.
- Boxcryptor - Encryption software to secure cloud files — Encrypt your files before you shove them in the cloud...
- How to use Google Maps offline — Ian's tip on how to use your smartphone to navigate, even when you don't have a data connection.
- Trump in translation: president's mangled language stumps interpreters — Carole's pick of the week from The Guardian.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
023: Covfefe
31 maj 2017 |
40 min
Hackers are blackmailing cosmetic surgery patients, and threatening to release their naked photos. A British Airways IT snafu causes travel chaos for thousands. And Germany is threatening to throw hefty fines at Facebook if it can't police its content properly.
All this and "Covfefe" is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest John Hawes.
Show notes:
- Cosmetic surgery hacked. Nude photos and data exposed on the dark web, as hackers blackmail patients - Bitdefender.
- Lithuanian cosmetic surgery firm's website - Grožio Chirurgija.
- British Airways: Chaos continues at Heathrow - BBC News.
- What went wrong at BA? - BBC News.
- Delta finally explained how one power outage grounded an entire airline - BGR.
- Facebook said Germany's plan to tackle fake news would make social media companies delete legal content - Business Insider.
- Sgt. Pepper's Lonely Hearts Club Band - The Beatles.
- Spanish art restorer, 82, who turned Jesus into a 'hairy monkey' in clumsy restoration of famous work signs merchandising deal as image gets imprinted on T-shirts - Daily Mail.
- Clash of Clans - Supercell.
- This is what Candy Crush does to your brain - The Guardian.
- Sweet Sweet - Reverb Nation.
- Help Sweet Sweet - Bonnaroo Bound! - GoFundMe.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Hawes.
Sponsored By:
- iovation: iovation is offering Smashing Security listeners a free demonstration of its mobile multifactor solution product, LaunchKey, which can be built into your mobile apps, websites and online services to provide a simple, streamlined remote login function.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
022: Walk this way... to defeat biometrics
24 maj 2017 |
32 min
The Samsung Galaxy S8 claims that its iris recognition technology provides "airtight security", but the Chaos Computer Club knows better and shows how it can be easily bypassed. Australian researchers create a wearable gizmo that authenticates you through your walk, but is it ever going to be practical? Mac malware reportedly wastes no time stealing information from a software developer. And the boss of the Bank of England is smart enough not to fall for an email prankster.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul "Duck" Ducklin.
Show notes:
- Chaos Computer Clubs breaks iris recognition system of the Samsung Galaxy S8 - Chaos Computer Club.
- Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy - Ars Technica.
- New technology uses the way you walk as a password - CNet.
- Hofmeister - follow the bear TV advert - YouTube.
- Monty Python's Flying Circus's Ministry of Silly Walks sketch - YouTube.
- Source Code for Several Panic Apps Stolen via HandBrake Malware Attack - MacRumors.
- Bank of England accused of airbrushing Jane Austen on the new £10 note - Liverpool Echo.
- Bank of England governor falls for email prank but maintains his composure - The Guardian.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Paul Ducklin.
Sponsored By:
- iovation: iovation is offering Smashing Security listeners a free demonstration of its mobile multifactor solution product, LaunchKey, which can be built into your mobile apps, websites and online services to provide a simple, streamlined remote login function.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
021: WannaCry - Who's to blame?
18 maj 2017 |
35 min
The WannaCry ransomware has struck! But before we tackle that subject, and who we should blame for one of the highest profile malware attacks for years, we discuss how HP has been unwittingly capturing the keystrokes of its laptop users. Then we briefly discuss what might be the worst cinema date in history, before rounding things off with a discussion of hackers extorting money out of movie studios.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul "Pob" Baccas.
Show notes:
- Hello to Jason Isaacs - Witterpedia.
- Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package - modzero Security Advisory.
- Keylogger Found in Audio Driver of HP Laptops - Bleeping Computer.
- HP responds to laptop keylogger fiasco, promises ‘fix shortly' - Trusted Reviews.
- Tweet from @ths - Twitter.
- Backin Up Song - YouTube.
- The Sobig Worm - Wikipedia.
- Customer Guidance for WannaCrypt attacks - Microsoft.
- Microsoft Security Bulletin MS17-010 - Microsoft.
- Microsoft: WannaCry outbreak reveals why governments shouldn't hoard vulnerabilities - Graham Cluley.
- ‘THIS IS CRAZY’: Austin man sues date for texting during movie - Statesman.
- Hackers Seem to Dump Pirates of the Caribbean on Torrent Sites Ahead of Premiere - Softpedia.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Paul Baccas.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
020: Phishing for Donald Trump
10 maj 2017 |
31 min
Gizmodo's attempt to reveal Donald Trump's administration ineptitude when it comes to cybersecurity fails to impress. Mac users are warned that the HandBrake DVD-ripping app has been compromised by malware. And will the US Army insist IT security professionals spend months ironing their bedsheets..?
All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin from Sophos.
Show notes:
- Here's How Easy It Is to Get Trump Officials to Click on a Fake Link in Email - Gizmodo.
- Opinion: Some thoughts about Gizmodo's Phishing story - CSO Online.
- Mac video app HandBrake – now with free spyware - Naked Security.
- OS X malware spread via signed Transmission app... again - Graham Cluley.
- DOD’s new Internet strategy boosts role in defending “US interests” - Ars Technica.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Paul Ducklin.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
019: The Love Bug virus
3 maj 2017 |
29 min
On May 4th 2000, the Love Bug virus (also known as ILOVEYOU or LoveLetter) rapidly spread around the world, clogging up email systems.
Computer security veterans Graham Cluley and Carole Theriault are joined this week by special guest John Hawes for a trip down memory lane.
Show notes:
- Memories of the Love Bug worm - Naked Security
- "Subject: I Love You" movie trailer - YouTube
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Hawes.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
018: Windows is a virus. True or False?
27 april 2017 |
31 min
Security firm Webroot drops a clanger when it declared Windows was malicious and borked customers' PCs, millennials are streaming a lot of movies illegally, and blackmailers are targeting members of the Ashley Madison cheating site again.
All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Michael Hucks from PC Matic.
Show notes:
- Webroot antivirus goes bananas, starts trashing Windows system files - The Register.
- Webroot causes massive headaches after falsely flagging Windows files as malicious - Graham Cluley.
- Tweet by Webroot user Bob Ripley - @M5_Driver.
- W32.Trojan.Gen false positive - advice for home users - Webroot.
- W32.Trojan.Gen false positive - advice for business users - Webroot.
- Most millennials regularly stream pirated content, survey finds - Torrent Freak.
- Malware, data theft, and scams: researchers expose risks of free livestreaming websites - Ku Leuven.
- File sharer hit with $675,000 fine - Digital Trends.
- Ashley Madison blackmail roars back to life - ZDNet.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Michael Hucks.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
017: Data breaches, zero day exploits, and toenail clippings
20 april 2017 |
31 min
Hotel malware has been stealing guests' payment card details... again, should businesses relay delay rolling out vulnerability patches, and Burger King's Whopper TV ad campaign tries to take advantage of viewers' Google Home devices with predictable results.
All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin.
Show notes:
- InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region - IHG.
- Affected hotel look-up tool - IHG.
- Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware - Bitdefender.
- Microsoft patches Word zero-day booby-trap exploit - Naked Security.
- Microsoft zero-day vulnerability was being exploited for cyber-espionage - Graham Cluley.
- The Shadow Brokers - Wikipedia.
- Burger King's 'OK Google' sad ad saga somehow gets worse - The Register.
- Burger King Connected Whopper ad - YouTube.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Paul Ducklin.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
016: Wonga wronga!
13 april 2017 |
27 min
Spyware companies are filmed plotting to break global sanctions to ship surveillance and spying equipment to dodgy authoritarian regimes, an unsecured database exposed diabetics’ sensitive data, and a massive data breach leaves hundreds of thousands of current and former Wonga customers at risk.
All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Lisa Vaas.
Show notes:
- Spyware firms in breach of global sanctions - Al Jazeera.
- Al Jazeera Investigations - Spy Merchants - YouTube.
- Mounties admit to using cellphone-snooping ‘stingrays’ - Sophos Naked Security.
- A huge trove of patient data leaks, thanks to telemarketers' bad security - ZDNet.
- Leak of diabetic patients’ data highlights risks of giving info to telemarketers - DataBreaches.net.
- Unsecured database exposed diabetics’ sensitive data - Sophos Naked Security.
- Fraudsters Target People With Diabetes - AARP.
- Wonga.com TV advert - YouTube.
- Wonga security incident FAQ - Wonga.com.
- Wonga data breach puts up to 245,000 UK current and former customers at risk - Graham Cluley.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Lisa Vaas.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
015: Bad vibrations
5 april 2017 |
27 min
Don't let an internet-enabled sex toy make your most private moments oh-so-public. Samsung's wannabe-Android-killer is found lacking. And did you hear about the firm that is micro-chipping its employees?
All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest John Hawes.
Show notes:
- Vulnerable Wi-Fi dildo camera endoscope. Yes really - Pen Test Partners
- Samsung's Android Replacement Is a Hacker's Dream - Motherboard
- Companies start implanting microchips into workers' bodies - LA Times
This episode of Smashing Security is made possible by the generous support of Recorded Future — the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.
Sign up for free daily threat intelligence updates at recordedfuture.com/intel
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: John Hawes.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
014: Protecting webmail - a Smashing Security splinter
30 mars 2017 |
31 min
What can you do to better protect your online email accounts?
In this special "splinter" episode (or should it be a "shard"?) regular hosts Graham Cluley and Carole Theriault discuss with Paul Ducklin tips on how to defend your Gmail/Yahoo/Hotmail/Outlook/etc account.
SHOW NOTES:
- Passwords - a Smashing Security splinter
- How to better protect your Google account with two-step verification and Google Authenticator - Graham Cluley
- How to protect your Yahoo account with two-step verification (2SV) - Graham Cluley
- NIST declares the age of SMS-based 2-factor authentication over - TechCrunch
- The lesson we all must learn from the Celebgate nude photo hack - Graham Cluley
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Paul Ducklin.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.
- Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
013: Assault with a deadly tweet
23 mars 2017 |
34 min
Graham is embarrassed by a Twitter security snafu. How an animated GIF could prove deadly. Social engineering threats against your workforce. And will you be able to do any work on your laptop next time you catch an airplane?
All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Alex Eckelberry.
SHOW NOTES:
- Sorry for the Nazi spam from my Twitter account - Graham Cluley
- Newsweek reporter Kurt Eichenwald on Fox News, 15 December 2016 - YouTube
- Maryland man arrested for cyberstalking - US Dept of Justice
- US man held for sending flashing tweet to epileptic writer - BBC News
- Epilepsy site hacked with seizure images - CBS News
- How to really pronounce GIF - howtoreallypronouncegif.com
- Gif's inventor says ignore dictionaries and say 'Jif' - BBC News
- How to disable animated GIFs in different web browsers - The Windows Club
- How to disable autoplaying videos on Twitter - Twitter
- This is the email that hacked Hillary Clinton’s campaign chief - Bitdefender Hot for Security
- Fry all the things! USB Kill zaps tons of computing devices - Graham Cluley
- UK flight ban on electronic devices announced - BBC News
- Electronics banned from cabins on some Middle Eastern and African flights to U.S. - CNN
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Alex Eckelberry.
Sponsored By:
- Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at https://recordedfuture.com/intel
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
012: Eau de Eugene Kaspersky
16 mars 2017 |
29 min
Androids pre-installed with malware - can the supply chain be trusted? Will WikiLeaks help vendors get zero-days fixed? And what on earth has the Kaspersky marketing department dreamt up this time?
Graham Cluley, Carole Theriault and special guest Nick FitzGerald discuss the latest news from the world of computer security.
SHOW NOTES:
- Preinstalled Malware Targeting Mobile Users - CheckPoint
- Chinese Android smartphone comes with malware pre-installed - Graham Cluley
- WikiLeaks says it will work with software vendors to fix CIA zero-day exploits... but when? - Graham Cluley
- Kaspersky launches a range of perfumes to, er, defend your odour - The Register
- Toilet hackers could snoop on your poop, steal data of a "personal nature" - Graham Cluley
- Beauty blogger Scarlett London launches Threat de Toilette in bid to stop youngsters oversharing online - The Sun
- Jackie Chan and Eugene Kaspersky - YouTube
- Packin' the K music video - YouTube
This episode of Smashing Security is made possible by the generous support of Recorded Future — the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.
Sign up for free daily threat intelligence updates at recordedfuture.com/intel
Thanks to Recorded Future for their support.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Nick FitzGerald.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
011: WikiLeaks and the CIA
9 mars 2017 |
34 min
Has the CIA been using a Weeping Angel to spy on you via your Smart TV? Have WhatsApp, Telegram and Signal been compromised? What is the secret of the SATAN ransomware? And can you avoid having your data searched as you pass through border control?
Computer security veterans Graham Cluley, Carole Theriault and special guest Paul Ducklin discuss.
SHOW NOTES:
- Nintendo Classic Mini
- WikiLeaks says it releases files on CIA cyber spying tools
- The CIA didn't break Signal or WhatsApp, despite what you've heard
- After NSA hacking exposé, CIA staffers asked where Equation Group went wrong
- Apple, Samsung Respond To Wikileaks Claims Of CIA Hacking Programs
- Twitter reactions to the WikiLeaks CIA data dump
- Is the CIA's Weeping Angel spying on TV viewers?
- Satan ransomware: old name, new business model
- 3 (free) things that journalists can do right now to protect their data and their sources at the border
- The US Gov Can Download the Entire Contents of Your Computer at Border Crossings
- What Are Your Rights if Border Agents Want to Search Your Phone?
- Stop Fabricating Travel Security Advice
This episode of Smashing Security is sponsored by Foursys - check out their free end-user cybersecurity training kit - it's everything you need to roll out infosecurity best practice training (right from your desk).
Grab it now from https://www.foursys.co.uk/toolkit
Thanks to Foursys for sponsoring this episode of Smashing Security.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Paul Ducklin.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
010: The dolls must be destroyed
2 mars 2017 |
36 min
A creepy teddybear leaks two million voicemail messages, Windows 10 pushes you into only installing vetted apps, and Boeing warns 36,000 employees their personal information could have been exposed after a worker sends a spreadsheet to his wife.
All this and more is discussed by computer security veterans Graham Cluley, Vanja Svajcer and Carole Theriault.
SHOW NOTES:
- Announcing the first SHA1 collision
- Tavis Ormandy: Cloudflare Reverse Proxies are Dumping Uninitialized Memory
- Incident report on memory leak caused by Cloudflare parser bug
- List of Sites possibly affected by Cloudflare's #Cloudbleed HTTPS Traffic Leak
- Quantifying the impact of "CloudBleed"
- CloudPets commercial
- Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages
- Microsoft slaps Apple Gatekeeper-like controls on Windows 10: Install only apps from store
- Boeing Notifies 36,000 Employees Following Breach
This episode of Smashing Security is sponsored by NetFort - https://www.netfort.com/
NetFort LANGuardian is easy-to-use network traffic and security monitoring software that tells you what is really happening on your network - no specialist hardware required!
Check out the demo of LANGuardian and download a free trial from https://www.netfort.com/. Mention "Smashing Security" and you'll save 20% off your order!
Thanks to NetFort for sponsoring this episode of Smashing Security.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Vanja Švajcer.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
009: False flags and hacker clues
23 februari 2017 |
26 min
The Lazarus malware attempts to trick you into believing it was written by Russians, second-hand connected cars may be easier to steal, and is your child a malicious hacker?
All this and more is discussed by computer security veterans Graham Cluley, Vanja Svajcer and Carole Theriault.
Oh, and Carole makes Graham and Vanja apologise for their past mistakes.
SHOW NOTES:
- You Only Live Twice - space capsule scene
- Lazarus's false flag malware
- Hackers behind bank attack campaign use Russian as decoy
- It’s too easy to steal a second-hand connected car
- Nissan Figaro
- Is your child a hacker? Liverpudlian parents get warning signs checklist
- How do I remove a tag from a Facebook photo or post I’m tagged in?
- Code Red IIS worm
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Vanja Švajcer.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Macs and malware - a Smashing Security splinter
21 februari 2017 |
16 min
Do you run an anti-virus on your Mac? Should you?
In this special "splinter" episode (or should it be a "shard"?) regular hosts Graham Cluley, Carole Theriault and Vanja Svajcer discuss the malware threat for Apple Macs and MacBooks.
SHOW NOTES:
- 600,000 Macs infected with Flashback trojan, 274 in Cupertino
- Flashback to the biggest Mac malware attack of all time - Is it still a threat?
- Hackers target Iranian activists’ Mac devices with revamped malware
- Microsoft Office macro malware targets Macs
- 12 security suites for Mac OS X put to the test
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Special Guest: Vanja Švajcer.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
00:00
-00:00
En liten tjänst av I'm With Friends. Finns även på engelska.