Smashing Security

By Graham Cluley & Carole Theriault

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Technology

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 2168
Reviews: 23


 Jun 16, 2022


 Feb 11, 2022


 Oct 15, 2021

Tim W
 Apr 30, 2021
Enjoyable and entertaining podcast about the latest security news. You don't have to be super technical to get something out of this podcast.

Popeye
 Apr 13, 2021
Entertaining, engaging and informative.. and the hosts have great dynamical comical chemistry.

Description

A helpful and hilarious take on the week's tech SNAFUs. Computer security industry veterans Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy. It's not your typical cybersecurity podcast... Winner of the "Best Cybersecurity Podcast" in 2018 and 2019, and the "Most Entertaining" in 2022, Smashing Security has had over eight million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Rory Cellan-Jones. Follow the podcast on Twitter at @SmashinSecurity, and subscribe for free in your favourite podcast app. New episodes released at 7pm EST every Wednesday (midnight UK).

Episode Date
290: Uber, Rockstar, and crystal balls
01:04:16
Researchers reveal how your eyeglasses could be leaking secrets when you're on video conferencing calls, we take a look at the recent data breaches involving Uber and Grand Theft Auto 6, and we cast an eye at what threats may be around the corner... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by The Register's Iain Thomson. Plus - don't miss our featured interview with Sal Aurigemma, the faculty director of the Master of Science in Cyber Security program at the University of Tulsa. Warning: This podcast may contain nuts, adult themes, and rude language. Episode links: https://twitter.com/iainthomson/status/1252286893263183872 (“Iain Exotic”, Iain Thomson’s dress-up homage to Joe Exotic, the Tiger King) - Twitter. https://arxiv.org/abs/2205.03971 (“Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing”) - Research paper by Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, and Kevin Fu. https://www.twitch.tv/p/en/about/ (“We saved you a seat in chat”) - Rather large text on the Twitch website. https://grahamcluley.com/stalker-zoomed-in-on-japanese-idols-eyes-to-find-out-where-she-lived/ (Stalker zoomed in on Japanese idol’s eyes to find out where she lived) - Graham Cluley. https://twitter.com/iainthomson/status/1571868350262947840 (Uber is looking for more security staff) - Twitter. https://www.theregister.com/2022/09/19/uber_admits_breach/ (Uber explains how it was pwned this month, points finger at Lapsus$ gang) - The Register. https://grahamcluley.com/ubers-hacker-irritated-his-way-into-its-network-stole-internal-documents/ (Uber’s hacker *irritated* his way into its network, stole internal documents) - Graham Cluley. https://www.uber.com/newsroom/security-update (Security update) - Uber. https://www.theregister.com/2022/09/19/grand_theft_auto_6_hacked/ (Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist) - The Register. https://www.cisa.gov/cybersecurity-awareness-month (Cybersecurity Awareness Month )- CISA.  https://www.zdnet.com/article/the-scary-future-of-the-internet-how-the-tech-of-tomorrow-will-pose-even-bigger-cybersecurity-threats/ (The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats )- ZDNet. https://thehackernews.com/2022/08/us-government-spending-billions-on.html (U.S. Government Spending Billions on Cybersecurity) - Hacker News. https://www.youtube.com/watch?v=_ak5dFt8Ar0 (The Mitchells vs The Machines trailer) - YouTube. https://www.netflix.com/gb/title/81399614 (The Mitchells vs The Machines) - Netflix. https://www.newscientist.com/article/2338657-nasa-is-ready-to-knock-an-asteroid-off-course-with-its-dart-spacecraft/ (NASA is ready to knock an asteroid off course with its DART spacecraft) - New Scientist. https://www.nasa.gov/feature/dart-s-small-satellite-companion-takes-flight-ahead-of-impact (DART’s Small Satellite Companion Takes Flight Ahead of Impact) - NASA. https://www.heartsafe.org.uk/aed-locations/ (Search and find UK Defibrillator Locations near you now) - HeartSafe. https://www.bhf.org.uk/how-you-can-help/how-to-save-a-life/defibrillators/apply-for-a-public-access-defibrillator (Apply for a part funded Public Access Defibrillator) - British Heart Foundation. https://www.sja.org.uk/get-advice/i-need-to-know/defibrillator-guide-for-first-time-buyers/ (Defibrillator guide for first time buyers) - St John’s Ambulance.  https://www.gov.uk/government/news/every-school-will-have-a-life-saving-defibrillator-by-2223 (Every school will have a life-saving defibrillator by 22/23) - Gov.UK. https://www.smashingsecurity.com/store/ (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Sep 21, 2022
289: Printer peeves, health data hangups, and Twitter tussles - with Rory Cellan-Jones
56:31
How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Rory Cellan-Jones. Warning: This podcast may contain nuts, adult themes, and rude language. Episode links: https://h30434.www3.hp.com/t5/Printer-Ink-Cartridges-Print-Quality/Dynamic-Cartridge-Security-disable-please/td-p/8228632 (Dynamic Cartridge Security - disable please) - Angry customers complain on HP support forum. https://www.malwarebytes.com/blog/news/2022/03/update-now-many-hp-printers-affected-by-three-critical-security-vulnerabilities (Update now! Many HP printers affected by three critical security vulnerabilities) - MalwareBytes. https://www.bleepingcomputer.com/news/hardware/hp-will-pay-customers-for-blocking-non-hp-ink-cartridges-in-eu/ (HP will pay customers for blocking non-HP ink cartridges in EU) - Bleeping Computer. https://www.euroconsumers.org/activities/hp-and-euroconsumers-reach-a-settlement-on-dynamic-security-dispute (HP and Euroconsumers settle on Dynamic Security) - Euroconsumers. https://www.youtube.com/watch?v=AHX6tHdQGiQ (Ink cartridges are a scam) - YouTube. https://www.businessinsider.com/why-printer-ink-so-expensive-2019-8 (Why printer ink is so expensive) - Insider. https://www.youtube.com/watch?v=SgqaYEqJWGE (Trying to print something) - YouTube. https://rorycellanjones.substack.com/p/uk-biobank-why-wont-gps-share-data (UK Biobank - why won't GPs share data?) - Rory’s Always On Newsletter. https://rorycellanjones.substack.com/p/another-data-sharing-fiasco (Another data sharing fiasco) - Rory's Always On Newsletter. https://twitter.com/katebingham2/status/1562030863856148482 (Tweet by Kate Bingham) - Twitter. https://time.com/6208696/twitter-whistleblower-peiter-mudge-zatko-musk-interview/ (The Twitter Whistleblower Needs You to Trust Him) - Time. https://www.msn.com/en-us/money/other/twitter-denies-whistleblower-payout-violates-musk-e2-80-99s-takeover-deal/ar-AA11JPCE (Twitter denies whistleblower payout violates Musk’s takeover deal) - MSN. https://www.nytimes.com/2022/09/07/business/dealbook/elon-musk-twitter-dispute-court.html (Elon Musk earns a split decision in Delaware court) - The New York Times. https://www.theguardian.com/commentisfree/2022/aug/27/twitters-whistleblower-has-pitched-up-at-a-very-inconvenient-moment (Twitter’s whistleblower has pitched up at a very inconvenient moment) - The Guardian. https://www.theverge.com/2022/8/23/23318002/twitter-bots-lawsuit-elon-musk-mudge-zatko-ceo-agrawal (Damning claims about Twitter’s bots and security lapses are ‘a false narrative,’ says CEO) - The Verge.  https://slate.com/technology/2022/09/elon-musk-twitter-gotta-pick-one.html (The Spectator’s Guide to the Elon Musk–Twitter Fight) - Slate.  https://addons.mozilla.org/en-US/firefox/addon/don-t-fuck-with-paste/ (Don't F*** with Paste) - Firefox browser addon https://chrome.google.com/webstore/detail/dont-f-with-paste/nkgllhigpcljnhoakjkgaieabnkmgdkb (Don't F*** with Paste) - Chrome browser extension. https://www.stasimuseum.de/en/enindex.htm (Stasi Museum, Berlin.) https://www.bbc.co.uk/iplayer/episode/p0cltmw6/how-to-with-john-wilson-series-1-1-how-to-make-small-talk?seriesId=p0cltm4m (How to with John Wilson) - BBC. https://www.smashingsecurity.com/store/ (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://www.smashingsecurity.com/kolide (Kolide) – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack....
Sep 14, 2022
288: Chiquita banana, dumb criminals, and detecting ring binders
50:53
Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Mark Stockley. Warning: This podcast may contain nuts, adult themes, and rude language. Episode links: https://www.vice.com/en/article/5d3dw5/the-least-safe-day-rollout-of-gun-detecting-ai-scanners-in-schools-has-been-a-cluster-emails-show (‘The least safe day’: rollout of gun-detecting AI scanners in schools has been a ‘cluster,’ emails show) - Motherboard. https://www.techdirt.com/2022/09/02/gun-detection-ai-the-latest-tech-to-make-schools-less-safe/ (Gun detection AI the latest tech to make schools less safe) - TechDirt. https://features.propublica.org/aggression-detector/the-unproven-invasive-surveillance-technology-schools-are-using-to-monitor-students/ (The unproven, invasive surveillance technology schools are using to monitor students) - ProPublica.  https://www.vice.com/en/article/4awe7m/chromebooks-or-handguns-sensors-nyc-mayor-wants-to-install-on-subway-canstruggle-to-tell-the-difference (NYC Mayor considering a subway security system that can’t differentiate between a laptop and a handgun) - Motherboard. https://krebsonsecurity.com/2022/09/violence-as-a-service-brickings-firebombings-shootings-for-hire/ (Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire) - Brian Krebs. https://storage.courtlistener.com/recap/gov.uscourts.paed.599644/gov.uscourts.paed.599644.1.0.pdf (USA vs Patrick McGovern-Allen (PDF)) - Court Listener. https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2022/02/reports-romance-scams-hit-record-highs-2021 (Reports of romance scams hit record highs in 2021) - FTC. https://www.research.manchester.ac.uk/portal/files/188516073/JFC_PURE.pdf (Meeting you was a fake: Investigating the increase in romance fraud during COVID-19) - Academic Research. https://techcrunch.com/2022/08/31/filter-off-scam-fighters/ (This dating app fought scammers with bots… hilarity ensued) - TechCrunch. https://www.thedailybeast.com/a-romance-scammer-took-her-life-savings-in-crypto-this-firm-is-trying-to-get-it-back (She was 69. He Was Young, Hunky,,, and a Fraud) - The Daily Beast. https://www.youtube.com/watch?v=61yP5BRLhUE (Gladbeck: The Hostage Crisis trailer)  – YouTube. https://www.netflix.com/title/81446276 (Watch Gladbeck: The Hostage Crisis) - Netflix. https://theoceancleanup.com/ (The Ocean Cleanup). https://medium.com/@beweinreich/we-flooded-our-dating-app-with-bots-to-scam-scammers-dc84c3f5c89a (We flooded our dating app with bots… to scam scammers)  - Medium. https://www.craiyon.com/ (Craiyon). https://twitter.com/SmashinSecurity/status/1567558223443501056 (Carole’s attempt to ask Craiyon to draw Liz Truss eating a giant cupcake of Europe). https://twitter.com/SmashinSecurity/status/1567558920721276935 (Is this Graham eating a banana?  Craiyon seems to think so). https://www.smashingsecurity.com/store/ (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://www.smashingsecurity.com/kolide (Kolide) – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.smashingsecurity.com/solcyber (SolCyber) – SolCyber delivers Fortune 500 level cybersecurity for
Sep 07, 2022
287: Lost in translation, spiders, and slapping tortillas - with Mikko Hyppönen
53:56
We're back from our summer break as we ask how did a cryptomining campaign stay unspotted for years, quiz special guest and infosec rockstar Mikko Hyppönen about his book, and ponder what spiders teach us about misinformation. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault). Warning: This podcast may contain nuts, adult themes, and rude language. Episode links: https://matadornetwork.com/life/20-funniest-finnish-expressions-use/ (The 20 Funniest Finnish Expressions (and How To Use Them)) - Matador Network. https://www.theregister.com/2009/05/18/sophos_does_klingon/ (Sophos punts anti-virus for Klingon) - The Register. https://nakedsecurity.sophos.com/2009/05/21/helsinki-named-klingonspeaking-capital-world/ (Helsinki named Klingon-speaking capital of the world) – Naked Security. https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ (Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications) - Check Point Research. https://www.ifitssmartitsvulnerable.com/ (If It's Smart It's Vulnerable) - Book by Mikko Hyppönen. https://www.science.org/doi/10.1126/sciadv.abo6254 (Psychological inoculation improves resilience against misinformation on social media) -Science Advances. https://www.who.int/news-room/spotlight/let-s-flatten-the-infodemic-curve (Let’s flatten the infodemic curve) - WHO. https://www.cell.com/current-biology/fulltext/S0960-9822(22)01127-7 (The global spread of misinformation on spiders) - Current Biology. https://www.nytimes.com/2022/08/26/us/politics/misinformation-social-media.html (A Journey Into Misinformation on Social Media) - The New York Times. https://www.nytimes.com/2022/08/24/technology/google-search-misinformation.html (Google Looks to Vaccination to Combat Misinformation In Searches) - The New York Times. https://www.nytimes.com/2022/08/25/science/spiders-misinformation-rumors.html (Spiders Are Caught in a Global Web of Misinformation) - The New York Times. The rock-paper-scissors/tortilla wrap game. https://archive.org/details/DEFCON20Documentary (DEF CON: The Documentary.) https://carole.wtf/smashing-security-painting-giveaway/ (Smashing Security Painting competition) – Carole.wtf. https://oxfordartsociety.co.uk/open-exhibition-catalogue-2022/ (Open Exhibition, Summer 2022) - Oxford Art Society. https://www.smashingsecurity.com/store/ (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.gigamon.com/smashing (Gigamon) - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis. https://l.kolide.co/3uSdmVj (Kolide) – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed!  Follow us: Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the...
Aug 31, 2022
286: Hackers doxxed, Pornhub probs, and Co-op security measures
53:26
Pornhub has a problem, the UK's Co-op supermarket is accused of big brother tactics, and we take a look at a security researcher's attempt to reveal the true identify of hackers. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Maria Varmazis. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.cyberscoop.com/ransomware-doxxing-conti-cybercrime/ (On security researcher's newsletter, exposing cybercriminals behind ransomware) — CyberScoop. https://www.vice.com/en/article/dy77pm/imma-make-u-dig-ur-own-grave-he-doxes-ransomware-hackers-and-gets-death-threats-in-return (‘Imma Make U Dig Ur Own Grave’: He Doxes Ransomware Hackers and Gets Death Threats in Return) — Vice. https://zetter.substack.com/p/interview-with-intrusion-truth (Intrusion Truth - Five Years of Naming and Shaming China’s Spies) — Kim Zetter. https://www.dailydot.com/debug/intrusion-truth/ (Who Is 'Intrusion Truth,' Group Exposing Alleged Chinese Hackers?) — Daily Dot. https://knowyourmeme.com/memes/leopards-eating-peoples-faces-party (The Leopards Eating People's Faces Party meme) — Know Your Meme. https://twitter.com/BillAckman/status/1553510104200351746 (Tweet by Bill Ackman.) https://www.nytimes.com/2022/08/01/business/dealbook/pornhub-visa-mastercard-disney.html (Judge Refuses Visa’s Request to Escape Pornhub-Related Lawsuit ) — The New York Times. https://www.vendhq.com/blog/prevent-handle-robberies-theft-retail/ (How to Prevent and Handle Robberies and Theft in Retail ) — Vend Retail Blog. https://theconversation.com/abuse-of-shopworkers-is-on-the-rise-coronavirus-brought-it-to-our-attention-and-now-we-need-to-act-139620 (Abuse of shopworkers is on the rise – coronavirus brought it to our attention and now we need to act) — The Conversation. https://www.retail-week.com/people/tackling-violence-and-abuse-in-retail-must-be-one-of-the-industrys-highest-priorities/7040200.article?authent=1 (‘Tackling violence and abuse in retail must be one of the industry’s highest priorities’) — Retail Week. https://www.bbc.co.uk/news/uk-england-62297546 (Convenience store spy cameras face legal challenge) — BBC News. https://www.youtube.com/watch?v=I51GckrLrks (Looking back at the career of Bernard Cribbins ) — YouTube. https://www.youtube.com/watch?v=ckJgtGhxRxQ (Tribute to David Warner) — YouTube. https://www.webbcompare.com/ (Webb Compare) — John Christensen. https://profile.pmc.org/MV0113 (Support Maria Varmazis on the Pan-Mass Challenge.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.gigamon.com/smashing (Gigamon) - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed! Follow us: Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security...
Aug 03, 2022
285: Uber's hidden hack, tips for travel, and AI accent fixes
01:08:06
Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial intelligence. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Naked Security's Paul Ducklin. Plus don't miss our featured interview with Ian Farquhar of Gigamon. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.justice.gov/usao-ndca/pr/uber-enters-non-prosecution-agreement (Uber Enters Non-Prosecution Agreement Related to 2016 Data Breach ) — US Department of Justice. https://www.bloomberg.com/news/articles/2022-06-28/uber-former-security-chief-must-face-fraud-charges-judge-rules (Former Uber Security Chief Joe Sullivan Must Face Driver Fraud Charges ) — Bloomberg. https://techcrunch.com/2018/09/26/uber-to-pay-148-million-in-data-breach-settlement/ (Uber to pay $148 million in data breach settlement ) — TechCrunch. https://grahamcluley.com/uber-hackers-paid-data-breach/ (Uber paid hackers $100,000 to keep data breach quiet) — Graham Cluley. https://www.csoonline.com/article/3660560/uber-cisos-trial-underscores-the-importance-of-truth-transparency-and-trust.html (Uber CISO's trial underscores the importance of truth, transparency, and trust ) — CSO Online. https://nakedsecurity.sophos.com/2022/07/15/7-cybersecurity-tips-for-your-summer-vacation/ (7 cybersecurity tips for your summer vacation!) — Naked Security. https://www.sanas.ai/demo (Sanas demo.) https://www.prnewswire.com/news-releases/sanas-raises-32m-for-breakthrough-ai-technology-for-real-time-accent-translation-301572710.html (Sanas Raises $32M for Breakthrough AI Technology for Real-Time Accent Translation) — Sanas press release. https://spectrum.ieee.org/ai-accent-translator (This 6-Million-Dollar AI Changes Accents as You Speak) — IEEE Spectrum. https://www.newscientist.com/article/2288976-call-centre-workers-can-use-ai-to-mimic-your-accent-on-the-phone/ (Call centre workers can use AI to mimic your accent on the phone) — New Scientist. https://www.computerworld.com/article/2548265/a-little-less-accent--a-little-more-customer-service.html (A little less accent, a little more customer service ) — ComputerWorld. https://accentadvisor.com/what-is-accent-reduction/ (What Is Accent Reduction? ) — Accent Advisor. https://colinmorris.github.io/blog/compound-curse-words (Compound pejoratives on Reddit – from 'buttface' to 'wankpuffin') — Colin Morris. https://en.wikipedia.org/wiki/Melissa_(computer_virus) (Melissa computer virus) — Wikipedia. https://www.dedhamhall.co.uk/ (Dedham Hall.) https://poly.cam/capture/42434A6D-7BAB-4CAC-9059-73E914D703CA (3D capture of Carole Theriault) — Polycam. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden)– Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.smashingsecurity.com/solcyber (SolCyber) – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less? https://www.gigamon.com/smashing (Gigamon) - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis. Support the...
Jul 27, 2022
284: The Most Wanted Missing CryptoQueen
42:44
In this special edition of the "Smashing Security" podcast, computer security veterans Graham Cluley and Carole Theriault welcome back author and journalist Jamie Bartlett - host of "The Missing CryptoQueen" podcast. Jamie tells us about his new book, which shares more details about the disappearance of cryptocurrency scammer Dr Ruja Ignatova, and the subsequent hunt by law enforcement. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.bbc.co.uk/programmes/p07nkd84 (The Missing CryptoQueen podcast) — BBC. https://www.penguin.co.uk/books/442256/the-missing-cryptoqueen-by-bartlett-jamie/9780753559581 (The Missing CryptoQueen book) — Penguin. https://www.bbc.co.uk/news/world-us-canada-62005066 (Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted) — BBC News. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.smashingsecurity.com/drata (Drata) – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance. https://www.cybersecurityinside.com/smashing (Cyber Security Inside podcast) -bringing you the most important and timely security topics as well as other industry experts for insightful conversations. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed! Follow us: Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes.
Jul 20, 2022
283: Disney's social dumpster fire, Anom phones, and TikTok tragedies
54:47
A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Anna Brading. Plus don't miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://thedisneyblog.com/2022/07/07/official-disneyland-instagram-account-hacked-this-morning/ (Official Disneyland Instagram Account Hacked This Morning! ) — The Disney blog. https://www.bitdefender.com/blog/hotforsecurity/disneyland-social-media-accounts-hacked-offensive-messages-posted/ (Disneyland social media accounts hacked, offensive messages posted) — Hot for Security. https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor (We Got the Phone the FBI Secretly Sold to Criminals) — Vice. https://www.nytimes.com/2022/07/06/technology/tiktok-blackout-challenge-deaths.html?smid=nytcore-ios-share (Parents Sue TikTok, Saying Children Died After Viewing ‘Blackout Challenge’) — The New York Times. https://www.wired.com/story/social-media-addiction-laws-children-tiktok-instagram/ (Lawmakers Want Social Media Companies to Stop Getting Kids Hooked) — Wired. https://www.forbes.com/sites/johnbbrandon/2022/06/27/how-social-media-tricks-us-into-thinking-we-are-paying-attention/?sh=bbbee474731f (How Social Media Tricks Us Into Thinking We Are Paying Attention) — Forbes. https://arstechnica.com/tech-policy/2022/06/facebook-could-be-sued-for-addicting-children-under-california-bill/ (Facebook could be sued for addicting children under California bill) — Ars Technica. https://www.nytimes.com/2022/03/24/well/family/child-social-media-use.html (Kids Are Using Social Media More Than Ever, Study Finds ) — New York Times. https://en.wikipedia.org/wiki/2021_Facebook_leak (2021 Facebook leak ) — Wikipedia. https://gizmodo.com/tiktok-social-media-addiction-california-facebook-i-1848968318 (California Parents Could Soon Sue for Social Media Addiction) — Gizmodo. https://neal.fun/absurd-trolley-problems/ (Absurd Trolley Problems.) https://weirdorconfusing.com/ (Weird or Confusing.) https://quickdraw.withgoogle.com/# (Google Quick, Draw!) https://www.youtube.com/playlist?list=PLfxy4_sBQdxwf909hUFsM59Y0RC_k9fvV (Unfinished London ) — Jay Foreman on YouTube. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.smashingsecurity.com/thesecuredeveloper (The Secure Developer) – A conversational and insightful podcast, that bridges the gap between dev and sec, from Snyk. https://www.smashingsecurity.com/solcyber (SolCyber) - SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less? Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed! Follow us: Follow the show on Twitter at https://twitter.com/smashinsecurity...
Jul 13, 2022
282: Raising money through ransomware, China's mega-leak, and hackers for hire
45:18
A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by The Cyberwire's Dave Bittner. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://grahamcluley.com/dutch-university-ransomware/ (Dutch university paid $220,000 ransom to hackers after Christmas attack) — Graham Cluley. https://www.maastrichtuniversity.nl/news/remarkable-development-investigation-maastricht-university-cyberattack (Remarkable development in investigation into Maastricht University cyberattack ) — Maastricht University. https://www.theregister.com/2022/07/05/maastricht_university_ransom_return/ (Dutch University profits from returned ransomware payment) — The Register. https://www.kaspersky.com/blog/youtube-bitcoin-scam/44784/ (Favorable exchange rate on a fake cryptoexchange) — Kaspersky. https://twitter.com/cz_binance/status/1543700689611792386 (Tweet from @cz_binance about mega-leak.) https://www.wsj.com/articles/vast-cache-of-chinese-police-files-offered-for-sale-in-alleged-hack-11656940488 (Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack) — Wall Street Journal. https://www.reuters.com/investigates/special-report/usa-hackers-litigation/ (How mercenary hackers sway litigation battles) — Reuters. https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/ (Countering hack-for-hire groups) — Google. https://www.techrepublic.com/article/what-are-hackers-for-hire/ (The business of hackers-for-hire threat actors) — TechRepublic. https://www.instagram.com/fransditaa/ (Fransdita Muafidin on Instagram.) https://www.geeksaresexy.net/2018/09/21/giant-cats-disturbing-civilization-pics/ (Giant Cats Disturbing Civilization) — Geeks are sexy. https://www.hulu.com/movie/good-luck-to-you-leo-grande-b0243a6c-8add-4d53-a234-05a255c8989f (Watch Good Luck to You, Leo Grande ) — Hulu. https://www.youtube.com/watch?v=TJcbZoJFLTU (Good luck to you Leo Grande (Trailer)) — YouTube. https://thisislovepodcast.com/ (This is Love podcast.) https://en.wikipedia.org/wiki/Cain%27s_Jawbone (Cain's Jawbone ) — Wikipedia. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed! Follow us: Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes.
Jul 06, 2022
281: Debug ransomware and win $1,000,000, period-tracking apps, and AI gets emotional
59:47
A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Thom Langford from The Host Unknown podcast. Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/ (LockBit 3.0 introduces the first ransomware bug bounty program) — Bleeping Computer. https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/ (Fake copyright infringement emails install LockBit ransomware) — Bleeping Computer. https://www.theguardian.com/world/2022/jun/28/why-us-woman-are-deleting-their-period-tracking-apps (Why US women are deleting their period tracking apps) — The Guardian. https://foundation.mozilla.org/en/privacynotincluded/ (Privacy not included ) — Mozilla Foundation. https://www.vice.com/en/article/y3pgvg/the-1-period-tracker-on-the-app-store-will-hand-over-data-without-a-warrant (The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant) — Vice. https://www.nbcnews.com/tech/tech-news/microsoft-removing-emotion-recognition-features-facial-recognition-tec-rcna35087 (Microsoft is removing emotion recognition features from its facial recognition tech) — NBC News. https://research.aimultiple.com/emotional-ai-examples/ (Top 10 Emotional AI Examples in 2022 & Reasons for Success) — AI Multiple. https://ieeexplore.ieee.org/document/7155930 (Analysis of Speech Features for Emotion Detection: A Review ) — IEEE Xplore. https://blogs.microsoft.com/on-the-issues/2022/06/21/microsofts-framework-for-building-ai-systems-responsibly/ (Microsoft's framework for building AI systems responsibly ) — Microsoft. https://www.youtube.com/watch?v=d6IBiR9m3vY (The Swedish chemist shop sketch) — As performed by Mel Smith and Rowan Atkinson on Not the Nine O'Clock News. https://en.wikipedia.org/wiki/Alley_Cat_(video_game) (Alley Cat) — Wikipedia. https://archive.org/details/msdos_Alley_Cat_1984 (Play Alley Cat ) — Internet Archive. https://gamejolt.com/games/alleycatremeow/327439 (Alley Cat Remeow Edition ) — Game Jolt. https://remarkable.com/ (reMarkable.) https://www.solarthepodcast.com/listen (SOLAR podcast.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://l.kolide.co/3uSdmVj (Kolide) - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. https://bitwarden.com/smashing/ (Bitwarden) - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://snyk.co/smashing (Snyk) - Find, prioritize, and fix security vulnerabilities in your code. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed! Follow us: Follow the show on Twitter at...
Jun 29, 2022
280: Hot tub hijinx, and a sentient AI
40:20
Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault). Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.youtube.com/watch?v=EM0VwEkxWTg (Hot Tub Time Machine trailer) — YouTube. https://eaton-works.com/2022/06/20/hacking-into-the-worldwide-jacuzzi-smarttub-network/ (Hacking into the worldwide Jacuzzi SmartTub network) — Eaton Works. https://apps.apple.com/us/app/smarttub/id1318260634 (SmartTub) — Apple iOS App Store. https://play.google.com/store/apps/details?id=com.jacuzzi.smarttub&hl=en_GB&gl=US (SmartTub) — Google Play store. https://www.bbc.co.uk/news/technology-46674706 (Hot tub hack reveals washed-up security protection ) — BBC News. https://www.washingtonpost.com/technology/2022/06/11/google-ai-lamda-blake-lemoine/ (Google engineer Blake Lemoine thinks its LaMDA AI has come to life ) — The Washington Post. https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine (Google engineer put on leave after saying AI chatbot has become sentient ) — The Guardian. https://www.theregister.com/2022/06/20/ais_most_convincing_conversations_are/?td=rt-3a (AI's most convincing conversations are not what they seem) — The Register. https://cajundiscordian.medium.com/ (Blake Lemoine's blog.) https://vangoghexpo.com/bristol/ (Van Gogh Bristol Exhibition: The Immersive Experience.) https://www.youtube.com/watch?v=ib34WI0H4qI (Van Gogh: The Immersive Experience ) — YouTube. https://www.bbc.co.uk/programmes/p029399x (The Inquiry) — BBC World Service. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://l.kolide.co/3uSdmVj (Kolide) - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. https://bitwarden.com/smashing/ (Bitwarden) - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.smashingsecurity.com/drata (Drata) - Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance. Support the show: You can help the podcast by telling your friends and colleagues about "Smashing Security", and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed! Follow us: Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes.
Jun 22, 2022
279: Encrypted notes, and a deadly case of AirTag spying
36:50
How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great? All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault). Visit https://www.smashingsecurity.com/279 (https://www.smashingsecurity.com/279) to check out this episode’s show notes and episode links. Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on https://apple.co/2J1YMCu (Apple Podcasts), or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://l.kolide.co/3uSdmVj (Kolide): https://l.kolide.co/3uSdmVj (Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.) https://l.kolide.co/3uSdmVj (Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.) https://l.kolide.co/3uSdmVj (You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. ) https://www.bitwarden.com/smashing (Bitwarden): https://www.bitwarden.com/smashing (A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.) https://www.bitwarden.com/smashing (Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.) https://www.smashingsecurity.com/drata (Drata): https://www.smashingsecurity.com/drata (Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too) https://www.smashingsecurity.com/drata (Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process. ) https://www.smashingsecurity.com/drata (Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=hAu4Z6G0NiI (Welsh James Bond Timothy Dalton's cello escape in "The Living Daylights") — YouTube. https://www.wired.com/story/merryl-goldberg-music-encryption-ussr-phantom-orchestra/ (How a Saxophonist Tricked the KGB by Encrypting Secrets in Music) — Wired. https://www.theregister.com/2022/06/14/airtag_tracking_murder_charge/ (Woman accused of killing boyfriend using AirTag...
Jun 15, 2022
278: Tim Hortons, avoiding sanctions, and good faith security research
40:26
Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Lazarus Heist's Geoff White. Visit https://www.smashingsecurity.com/278 (https://www.smashingsecurity.com/278) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Geoff White. Sponsored By: https://snyk.co/smashing (Snyk): Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit. Get started right now, with a free forever account, at snyk.co/smashing https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.bitwarden.com/smashing (Bitwarden): A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all. Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://financialpost.com/technology/tim-hortons-app-tracking-customers-intimate-data (Double-double tracking: How Tim Hortons knows where you sleep, work and vacation ) — Financial Post. https://www.theregister.com/2022/06/03/tim_hortons_app_collected_location/ (Report: Tim Hortons collected location data without consent) — The Register. https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ (Joint investigation into location tracking by the Tim Hortons App) — Office of the Privacy Commissioner of Canada. https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/ (Mandiant: “No evidence” we were hacked by LockBit ransomware) — Bleeping Computer. https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act (Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act ) — Dept of Justice....
Jun 08, 2022
277: Bad bots, cheeky ransoms, and good deepfakes
51:11
Ransom acts of kindness are top of our mind, as we also explore how bad bots are hogging more and more of the internet's activity, and look at how deepfakes could be a good thing after all. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Ray [REDACTED]. Visit https://www.smashingsecurity.com/277 (https://www.smashingsecurity.com/277) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ray [REDACTED]. Sponsored By: https://www.bitwarden.com/smashing (Bitwarden): A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all. Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today. https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/popcorn-time-ransomware-invites-get-nasty-recover-files/ (Popcorn Time ransomware invites you to get ‘nasty’ to recover your files ) — Graham Cluley. https://en.wikipedia.org/wiki/Rensenware (Rensenware) — Wikipedia. https://cloudsek.com/threatintelligence/goodwill-ransomware-forces-victims-to-donate-to-the-poor-and-provides-financial-assistance-to-patients-in-need/ (GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need ) — CloudSEK. https://www.imperva.com/resources/resource-library/reports/bad-bot-report/ (Bad Bot Report ) — Imperva. https://www.cpomagazine.com/cyber-security/bad-bot-traffic-report-almost-half-of-all-2021-internet-traffic-was-not-human/ (Bad Bot Traffic Report: Almost Half of All 2021 Internet Traffic Was Not Human) — CPO Magazine. https://owasp.org/www-pdf-archive//Automation-project-briefing.pdf (Automated Threats - web applications) — OWASP. https://www.youtube.com/watch?v=2svOtXaD3gg (Home Stallone [Deepfake]) — YouTube. https://www.researchgate.net/publication/337644519_The_Emergence_of_Deepfake_Technology_A_Review (The Emergence of Deepfake Technology: A Review) — ResearchGate. https://towardsdatascience.com/positive-use-cases-of-deepfakes-49f510056387 (Positive Use Cases of Synthetic Media (aka Deepfakes)) — Towards Data Science. https://www.bbc.co.uk/news/uk-scotland-57254636 (Deepfake pornography could become an 'epidemic', expert warns) —
Jun 01, 2022
276: Webcam extortion, Michael Fish, and food foul-ups
54:30
A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one...) hacked into his female classmates' online accounts, hunting for nude photos and videos. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/276 (https://www.smashingsecurity.com/276) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.smashingsecurity.com/goodaccess (GoodAccess): GoodAccess - Free Business Cloud VPN for up to 100 Users. Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever. https://l.kolide.co/3HMcG7u (Kolide): At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated. Try Kolide Free for 14 Days; no credit card required. https://www.rumble.run (Rumble): Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems. It can even tell you which machines are missing endpoint protection, from your local network to the cloud. Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/vote (Vote for your favourite cybersecurity podcast in the European Security Blogger Awards!) https://en.wikipedia.org/wiki/Michael_Fish (Michael Fish (the weatherman)) — Wikipedia. https://www.youtube.com/watch?v=YKOxeY6ssIk ("I wish I wish Michael Fish" by Rachel & Nicki) — YouTube. https://www.youtube.com/watch?v=Db6WHtNV5-I ("John Kettley (Is A Weatherman)" by The Tribe of Toffs) — YouTube. https://www.justice.gov/usao-ndny/pr/albany-man-sentenced-111-months-stealing-nude-photos-numerous-victims-and-possessing (Albany Man Sentenced to 111 Months for Stealing Nude Photos of Numerous Victims and Possessing Child Pornography ) — Department of Justice. https://palant.info/2022/05/23/hijacking-webcams-with-screencastify/ (Hijacking webcams with Screencastify) — Almost Secure. https://www.bbc.co.uk/news/science-environment-61336659 (Cyber security: Global food supply chain at risk from malicious hackers ) — BBC News. https://www.foodlogistics.com/sustainability/agriculture/article/21965074/hub-international-4-predictions-for-food-and-agriculture-in-2022 (4 Predictions for Food and Agriculture in 2022) — Food Logistics https://www.cam.ac.uk/research/news/risks-of-using-ai-to-grow-our-food-are-substantial-and-must-not-be-ignored-warn-researchers (Risks of...
May 25, 2022
275: Jail for Bing, and mental health apps may not be good for you
01:05:35
A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Dr Jessica Barker. Plus don't miss our featured interview with Rumble's Chris Kirsch. Visit https://www.smashingsecurity.com/275 (https://www.smashingsecurity.com/275) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Chris Kirsch and Jessica Barker. Sponsored By: https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.smashingsecurity.com/goodaccess (GoodAccess): GoodAccess - Free Business Cloud VPN for up to 100 Users. Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever. https://www.rumble.run (Rumble): Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems. It can even tell you which machines are missing endpoint protection, from your local network to the cloud. Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bleepingcomputer.com/news/security/angry-it-admin-wipes-employer-s-databases-gets-7-years-in-prison/ (Angry IT admin wipes employer’s databases, gets 7 years in prison) — Bleeping Computer. https://blog.cyble.com/2022/05/12/a-closer-look-at-eternity-malware/ (A closer look at Eternity Malware) — Cyble. https://thehackernews.com/2022/05/researchers-warn-of-eternity-project.html (Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram) — The Hacker News. https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains (Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains) — BlackBerry. https://foundation.mozilla.org/en/blog/top-mental-health-and-prayer-apps-fail-spectacularly-at-privacy-security/ (Top Mental Health and Prayer Apps Fail Spectacularly at Privacy, Security) — Mozilla Foundation. https://foundation.mozilla.org/en/privacynotincluded/talkspace/ (Talkspace privacy & security guide ) — Mozilla Foundation. https://foundation.mozilla.org/en/privacynotincluded/betterhelp/ (BetterHelp privacy & security guide ) — Mozilla Foundation. https://www.economist.com/business/2021/12/11/dramatic-growth-in-mental-health-apps-has-created-a-risky-industry (Dramatic growth in mental-health...
May 18, 2022
274: Hands off my biometrics, and a wormhole squirmish
49:10
Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole? All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. And don't miss our featured interview with Artur Kane of GoodAccess. Visit https://www.smashingsecurity.com/274 (https://www.smashingsecurity.com/274) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Artur Kane. Sponsored By: https://www.smashingsecurity.com/goodaccess (GoodAccess): GoodAccess - Free Business Cloud VPN for up to 100 Users. Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever. https://www.rumble.run (Rumble): Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems. It can even tell you which machines are missing endpoint protection, from your local network to the cloud. Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run https://l.kolide.co/3HMcG7u (Kolide): At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated. Try Kolide Free for 14 Days; no credit card required. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=JQnka2wNa_M (Carl Sagan - Cosmos - Space Travel ) — YouTube. https://wormhole.com/ (Wormhole.com) https://decrypt.co/99337/tired-carl-sagan-fan-sells-wormhole-crypto-giant-jump-50k-lawsuit ('Tired' Carl Sagan Fan Sells Wormhole.com to Crypto Giant Jump for $50K After Lawsuit ) — Decrypt. https://www.aclu.org/cases/aclu-v-clearview-ai (ACLU vs Clearview AI) — American Civil Liberties Union. https://www.buzzfeednews.com/article/ryanmac/clearview-ai-international-search-table (Clearview AI Offered Free Trials To Police Around The World) — Buzzfeed News. https://iapp.org/resources/article/us-state-privacy-legislation-tracker/ (US State Privacy Legislation Tracker) — IAPP. https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html (The Secretive Company That Might End Privacy as We Know It ) — The New York Times. https://www.aclu.org/press-releases/big-win-settlement-ensures-clearview-ai-complies-with-groundbreaking-illinois (In Big Win, Settlement Ensures Clearview AI Complies With Groundbreaking Illinois Biometric Privacy Law ) — American Civil Liberties Union https://www.youtube.com/channel/UCpLQXR116cLVUa1LRY8KS4w (OwlKitty) — YouTube. https://www.wired.com/review/balldo-review/ (Review: The Balldo Made Me Rethink Sex in the Most Absurd Way Possible) — Wired. https://www.smashingsecurity.com/store (Smashing Security...
May 11, 2022
273: Password blips, and who's calling the airport?
50:12
We find out why calls to Dublin airport's noise complaints line have soared, and Carole quizzes Graham to celebrate World Password Day. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. And don't miss our special featured interview with Clint Dovholuk of NetFoundry. Visit https://www.smashingsecurity.com/273 (https://www.smashingsecurity.com/273) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Clint Dovholuk. Sponsored By: https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://netfoundry.io/smashingsecurity/ (NetFoundry): NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything. Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud. No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more. Learn more and try it for yourself at netfoundry.io/smashingsecurity/ https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.chron.com/news/houston-texas/article/Houston-Zoo-asks-FBI-to-investigate-text-message-1755868.php (Houston Zoo asks FBI to investigate text-message attack) — Houston Chronicle. https://www.independent.ie/irish-news/trunk-calls-for-rory-lion-flood-telephone-lines-26441030.html (Trunk calls for Rory Lion flood telephone lines ) — Irish Independent. https://www.dublinairport.com/corporate/corporate-social-responsibility/noise/airport-noise-noise-reports (Airport Noise & Noise Reports) — Dublin Airport. https://www.independent.ie/irish-news/news/dublin-airport-got-12272-noise-complaints-last-year-from-just-one-person-41560228.html (Dublin Airport got 12,272 noise complaints last year from just one person ) — Irish Independent. https://www.securelink.com/blog/81-hacking-related-breaches-leverage-compromised-credentials/ (Compromised Passwords Responsible for Hacking Breaches) — Securelink. https://www.verizon.com/business/resources/reports/dbir/2021/results-and-analysis/ (Verizon 2021 DBIR Results & Analysis) — Verizon. https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words (Three random words ) — NCSC. https://www.youtube.com/watch?v=SqK0ciE0rto (What’s wrong with What3Words?) — YouTube. https://cybergibbons.com/security-2/why-what3words-is-not-suitable-for-safety-critical-applications/ (Why What3Words is not suitable for safety critical applications) — Cybergibbons. https://cybergibbons.com/security-2/what3words-the-algorithm/ (What3Words – The Algorithm) — Cybergibbons....
May 04, 2022
272: Going ape over the Kardashians, and the face of romance scams
50:24
Members of The Bored Ape Yacht Club get that sinking feeling, a face unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by the BBC's cyber correspondent Joe Tidy. Visit https://www.smashingsecurity.com/272 (https://www.smashingsecurity.com/272) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Joe Tidy. Sponsored By: https://l.kolide.co/3HMcG7u (Kolide): At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated. Try Kolide Free for 14 Days; no credit card required. https://netfoundry.io/smashingsecurity/ (NetFoundry): NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything. Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud. No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more. Learn more and try it for yourself at netfoundry.io/smashingsecurity/ https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://twitter.com/etienneshrdlu/status/1485956332989693953 (Jimmy Fallon and Paris Hilton show off their Bored Ape Yacht Club NFTs.) — Twitter. https://www.coindesk.com/tech/2022/04/25/at-least-13m-in-nfts-stolen-after-bored-ape-yacht-club-instagram-discord-hacked/ (NFTs Stolen After Bored Ape Yacht Club Instagram, Discord Hacked) — CoinDesk. https://twitter.com/zachxbt/status/1518609171796611072 (Image of scam posted on Bored Ape Yacht Club's Instagram account) — Twitter. https://twitter.com/BoredApeYC/status/1518637581776437249 (Bored Ape Yacht Club confirms it had two-factor authentication enabled) — Twitter. https://www.bbc.co.uk/news/technology-61178189 (Kardashians deny faking Roblox sex tape scene) — BBC News. https://taskandpurpose.com/video/daniel-blackmon-rundown/ (How an Army colonel became the face of romance scams around the world) — Task and Purpose. https://taskandpurpose.com/news/army-daniel-blackmon-romance-scams/ (Army Col. Daniel Blackmon: The accidental face of military romance scams) — Task and Purpose. https://twitter.com/dailydorries (Daily Dorries) — Twitter (parental discretion advised) https://www.bbc.co.uk/news/technology-42217017 (Hacking the House: do MPs care about cyber-security?) — BBC News. https://www.youtube.com/watch?v=H_Df03uATMM (Rob Brydon's Directors Commentary ) — YouTube. https://www.youtube.com/watch?v=HFIQIpC5_wY ("This Is How Michael Caine Speaks" from The Trip) — YouTube. https://crowdnetwork.co.uk/podcasts/american-vigilante/ (American Vigilante )...
Apr 27, 2022
271: Crypto break-in, Google blurring, and mics not muting
50:46
A man loses $650,000 from his cryptocurrency wallet after his Apple iCloud account is hacked, video conferencing apps may not be muting your mic quite the way you imagined, and Google has unblurred military bases in Russia... or has it? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/271 (https://www.smashingsecurity.com/271) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://netfoundry.io/smashingsecurity/ (NetFoundry): NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything. Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud. No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more. Learn more and try it for yourself at netfoundry.io/smashingsecurity/ https://l.kolide.co/3HMcG7u (Kolide): At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated. Try Kolide Free for 14 Days; no credit card required. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://twitter.com/revive_dom (Domenic Iacovone on Twitter.) https://www.youtube.com/watch?v=0C1jbnBB6nc (Learn A Geordie Accent - Newcastle Accent Tutorial) — YouTube. https://twitter.com/Serpent/status/1515545806857990149 (Serpent explains the scam on Twitter.) https://www.cnet.com/personal-finance/crypto/how-an-apple-icloud-exploit-lost-a-crypto-trader-over-650k/ (How an Apple iCloud Exploit Lost a Crypto Trader Over $650K) — CNET. https://twitter.com/MetaMask/status/1515727239391809536 (MetaMask advises its users to check their iCloud backup settings) — Twitter. https://www.instagram.com/p/CcL-skZs4sv/ (Scam message received by Graham from his niece's Instagram account.) https://traveltriangle.com/blog/hidden-places-on-google-earth/ (19 Places On The Planet Google Earth Is Hiding From You) — Travel Triangle. https://www.theverge.com/2022/4/18/23030753/google-maps-russian-military-satellite-images-russia-ukraine (Google denies Ukrainian reports it unblurred satellite Maps imagery in Russia) — The Verge. https://www.google.com/maps/place/55%C2%B034'16.4%22N+38%C2%B008'34.6%22E/@55.571061,38.1424205,426m/data=!3m1!1e3!4m5!3m4!1s0x0:0x424a9c4cdef453c5!8m2!3d55.5712127!4d38.1429516?shorturl=1 (Buran shuttle) — Google Maps. https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/ ('Mute' button in conferencing apps may not actually mute your mic) — Bleeping Computer....
Apr 20, 2022
270: Bearded Barbie, EDR scams, and hobbyist crime detectives
51:01
Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook - but why? Scammers have found a new way to gain access to your most sensitive information - but how? And armchair detectives are helping investigating cold cases involving DNA - but should they? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/270 (https://www.smashingsecurity.com/270) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.keepersecurity.com/smashing (Keeper Security): Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashing https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.dailymail.co.uk/news/article-2308658/How-Barbies-body-size-look-real-life-Walking-fours-missing-half-liver-inches-intestine.html (How Barbie's body size would look in real life) — Daily Mail. https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials (Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials) — Cybereason. https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/ (Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”) — Brian Krebs. https://www.pewresearch.org/fact-tank/2021/10/27/what-we-know-about-the-increase-in-u-s-murders-in-2020/ (What we know about the increase in U.S. murders in 2020 ) — Pew Research Center. https://onlinedegrees.uwf.edu/articles/the-history-of-dna/ (The History of DNA: From Crime Scenes to Consumer Goods) — University of West Florida. https://www.nytimes.com/2018/10/15/science/gedmatch-genealogy-cold-cases.html (How an Unlikely Family History Website Transformed Cold Case Investigations ) — The New York Times. https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2020/02/20/dna-databases-are-boon-to-police-but-menace-to-privacy-critics-say (DNA Databases Are Boon to Police But Menace to Privacy, Critics Say) — PEW. https://www.nytimes.com/2022/03/27/technology/dna-tests-crime-solving.html (Philanthropists Push Police Searches of DNA Databases) — The New York Times. https://dnasolves.com/ (Help solve crimes with your DNA) —...
Apr 13, 2022
269: Trezor Deep Throat, a CCTV stalker, and Amazon's list of banned words
50:09
There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Zoë Rose. Visit https://www.smashingsecurity.com/269 (https://www.smashingsecurity.com/269) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Zoë Rose. Sponsored By: https://www.keepersecurity.com/smashing (Keeper Security): Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashing https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/trezor-wallets-hacked-dont-be-duped-by-phishing-attack-email/ (Trezor wallets hacked? Don’t be duped by phishing attack email) — Graham Cluley. https://twitter.com/Trezor/status/1510558771944333312 (Tweet by Trezor.) https://blog.trezor.io/ongoing-phishing-attacks-on-trezor-users-edd840b17304 (Ongoing phishing attacks on Trezor users) — Trezor. https://therecord.media/hacker-accessed-319-crypto-and-finance-related-mailchimp-accounts-company-said/ (Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said ) — The Record. https://www.liverpoolecho.co.uk/news/liverpool-news/stalker-used-womans-cctv-cameras-23595147 (Stalker used woman's own CCTV cameras to watch her at home) — Liverpool Echo. https://safeescape.org/ (Operation: SafeEscape.) https://www.microsoft.com/en-us/worklab/work-trend-index (Work Trend Index: Microsoft’s latest research on the ways we work) — Microsoft. https://hbr.org/2021/03/research-a-little-recognition-can-provide-a-big-morale-boost (Research: A Little Recognition Can Provide a Big Morale Boost) — HBR. https://www.cnbc.com/2022/03/18/50percent-of-companies-want-workers-back-in-office-5-days-a-week.html (50% of companies want workers back in office 5 days a week) — CNBC. https://theintercept.com/2022/04/04/amazon-union-living-wage-restrooms-chat-app/ (New Amazon Worker Chat App Would Ban Words Like “Union”) — The Intercept. https://www.netflix.com/title/81349029 (Trust No One) — Netflix. https://www.smashingsecurity.com/114 (Smashing Security episode 114: Darknet Diaries, death, and beauty apps) — Where we discussed the...
Apr 06, 2022
268: LinkedIn deepfakes, doxxing Russian spies, and a false alarm
48:39
Strange goings-on on LinkedIn, Ukraine publishes a list of alleged Russian FSB agents, and police in Pittsburgh investigate an odd report of an active shooter. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Lazarus Heist's Geoff White. Visit https://www.smashingsecurity.com/268 (https://www.smashingsecurity.com/268) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Geoff White. Sponsored By: https://www.keepersecurity.com/smashing (Keeper Security): Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashing https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=Ca8dVJrqehA (North Korea tests its ‘largest intercontinental ballistic missile’) — YouTube. https://www.linkedin.com/legal/professional-community-policies (LinkedIn Professional Community Policies) — LinkedIn. https://about.linkedin.com/transparency/community-report (Community Report) — LinkedIn. https://www.npr.org/2022/03/27/1088140809/fake-linkedin-profiles?t=1648546410323 (The latest marketing tactic on LinkedIn: AI-generated faces) — NPR. https://gur.gov.ua/content/sotrudnyky-fsb-rossyy-uchastvuiushchye-v-prestupnoi-deiatelnosty-stranyahressora-na-terrytoryy-evropy.html (List of FSB agents) — Ukraine Ministry of Defence. https://www.bbc.co.uk/news/world-europe-45747472 (How the Dutch foiled Russian 'cyber-attack' on OPCW) — BBC News. https://www.bbc.co.uk/news/world-europe-60878663 (Boris Nemtsov: Murdered Putin rival 'tailed' by agent linked to FSB hit squad) — BBC News. https://www.wpxi.com/news/top-stories/large-police-response-happening-pittsburghs-north-side/6W2RR6AEGZCRLNB3DSXEVXHHL4/?outputType=amp (Police: Autocorrected text triggered large police presence on Pittsburgh’s North Side ) — WPXI. https://www.dailymail.co.uk/femail/article-9930297/Pickle-Hilarious-autocorrect-fails-Krispy-Koreans-wet-sloppy-kids.html (Pickle me up: Hilarious autocorrect fails, from Krispy Koreans to wet, sloppy kids) — Daily Mail. https://www.netflix.com/gb/title/80998491 (After Life) — Netflix. https://www.youtube.com/watch?v=eIGGKSHMQOM (After Life trailer) — YouTube. https://canongate.co.uk/books/3476-time-on-rock-a-climber-039-s-route-into-the-mountains/ ("Time on Rock - A...
Mar 30, 2022
267: Virtual kidnapping, two helipads, and a naughty Apple employee
53:51
A Russian bank tells its customers to stop installing security updates, an Apple employee ends up in hot water, and learn our tips to avoid being virtually kidnapped. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Anna Brading. Visit https://www.smashingsecurity.com/267 (https://www.smashingsecurity.com/267) to check out this episode’s show notes and episode links. Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on https://apple.co/2J1YMCu (Apple Podcasts), or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Anna Brading. Sponsored By: https://l.kolide.co/3HMcG7u (Kolide): https://l.kolide.co/3HMcG7u (At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. ) https://l.kolide.co/3HMcG7u (Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.) https://l.kolide.co/3HMcG7u (Try Kolide Free for 14 Days; no credit card required.) https://www.smashingsecurity.com/drata (Drata): https://www.smashingsecurity.com/drata (Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too) https://www.smashingsecurity.com/drata (Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process. ) https://www.smashingsecurity.com/drata (Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/263 (Smashing Security 263: Problèmes de Weefeee, AI artists, and Web 3.0) — In which Mark Stockley discusses the NFT he created in Smashing Security's honour. https://opensea.io/assets/0x495f947276749ce646f68ac8c248420045cb7b5e/35395701019977838172203864209600394574979501666838933464063188917600798113793 (Graham or Carole? - Untitled Collection #173407394) — OpenSea. https://twitter.com/MarkStockley/status/1506193260615802882 (Mark Stockley reveals the Smashing Security NFT is being resold... for $3 million) — Twitter. https://www.youtube.com/watch?v=WyYp9xPLa8s (Секрет Шехерезады. Яхта Путина за 75 000 000 000 ₽) — YouTube (best watched with the subtitles on...) https://www.theguardian.com/world/2022/mar/22/people-clean-it-all-the-time-the-mystery-700m-super-yacht-in-italy-that-some-say-belongs-to-putin (‘Mysterious’: the $700m superyacht in Italy some say belongs to Putin ) — The Guardian. https://twitter.com/ByDonkeys/status/1500385094950952961 ("The road...
Mar 23, 2022
266: Cyberflashing, Kaspersky, and secret spies
58:22
Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it's taking a hard line on cyberflashing. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Chris Kirsch. Visit https://www.smashingsecurity.com/266 (https://www.smashingsecurity.com/266) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Chris Kirsch. Sponsored By: https://www.smashingsecurity.com/drata (Drata): Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process. Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies (Kaspersky Has Close Ties to Russian Spies) — Bloomberg. https://grahamcluley.com/kaspersky-sauna-wsj/ (Kaspersky hit by new below-the-belt sauna spy attack) — Graham Cluley. https://eugene.kaspersky.com/2015/03/20/a-practical-guide-to-making-up-a-sensation/ (A practical guide to making up a sensation) — Eugene Kaspersky. https://grahamcluley.com/us-intelligence-chiefs-dont-trust-kaspersky/ (US intelligence chiefs don’t trust Kaspersky. But why?) — Graham Cluley. https://www.reuters.com/article/us-kaspersky-cyber-britain/uk-cyber-agency-targets-kaspersky-in-warning-on-russian-software-idUKKBN1DV63S?edition-redirect=uk (UK cyber agency targets Kaspersky in warning on Russian software) — Reuters. https://therecord.media/group-ib-founder-arrested-in-moscow-on-state-treason-charges/amp/ (Group-IB founder arrested in Moscow on state treason charges ) — The Record. https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html (BSI warning about using Kaspersky.) https://www.kaspersky.com/about/press-releases/2022_kaspersky-statement-regarding-the-bsi-warning (Kaspersky statement regarding the BSI warning ) — Kaspersky....
Mar 16, 2022
265: The Nigerian supercop and Alexa vs. Alexa
54:11
The most famous policeman in Nigeria is in hot water over his links to Hushpuppi, has your Amazon Echo been talking to itself, and can an AI girlfriend save your marriage? All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Plus don't miss our featured interview with Jason Meller of Kolide. Visit https://www.smashingsecurity.com/265 (https://www.smashingsecurity.com/265) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jason Meller. Sponsored By: https://www.smashingsecurity.com/drata (Drata): Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process. Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata https://l.kolide.co/3HMcG7u (Kolide): At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated. Try Kolide Free for 14 Days; no credit card required. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.instagram.com/p/CPWDtjMHOgm/ (Abba Kyari shows off that he has had a road named after him) — Instagram. https://www.instagram.com/p/CMmn6yDHSzx/ (Birthday wishes for Abba Kyari) — Instagram. https://www.smashingsecurity.com/186 (Smashing Security episode 186: This one's for all the Karens!) — In which we first discussed the Hushpuppi case. https://www.youtube.com/watch?v=I2W5YgviOoE&t=322s (Adeola Fayehun discusses Abba Kyari's arrest) — YouTube. https://www.amazon.com/Alexa-Privacy-Hub/b?ie=UTF8&node=19149155011 (Alexa Privacy – Learn how Alexa works) — Amazon. https://www.ava-attack.org/ (Alexa vs Alexa (AvA).) https://www.theregister.com/2022/03/03/amazon_alexa_speaker_vuln/ (Amazon Alexa compromise possible through own speakers ) — The Register. https://en.wikipedia.org/wiki/The_Rescue_(2021_film) (The Rescue) — Wikipedia. https://tv.apple.com/us/movie/the-rescue/umc.cmc.hhgdxpzseg33zb3k53a8zof8 (The Rescue) — Apple TV. https://news.sky.com/story/i-fell-in-love-with-my-ai-girlfriend-and-it-saved-my-marriage-12548082 ('I fell in love with my AI girlfriend - and it saved my marriage') — Sky News. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Mar 09, 2022
264: Hacked car chargers, Telegram sextortionists, and secret bossware
47:57
Why might Russian EV chargers be displaying an anti-Putin message? Why are Telegram groups sharing sharing explicit images of women without their consent? And who is watching you in the workplace? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Jessica Barker. Visit https://www.smashingsecurity.com/264 (https://www.smashingsecurity.com/264) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jessica Barker. Sponsored By: https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.theguardian.com/uk-news/2022/mar/01/help-ukraine-uk-donate-red-cross (Three ways you can help the people of Ukraine from the UK) — The Guardian. https://www.london.gov.uk/what-we-do/communities/migrants-and-refugees/how-you-can-help-ukraine (How You Can Help Ukraine) — London City Hall. https://www.theatlantic.com/international/archive/2014/07/ukrainian-astronomers-named-a-star-putin-is-a/373950/ (Ukrainian Astronomers Named a Star 'Putin Is a D**khead') — The Atlantic. https://www.facebook.com/AutoEnterprise/posts/4671684592940582 (Video of hacked EV charger) — AutoEnterprise on Facebook. https://www.facebook.com/official.rosseti/posts/5236071213103660 (Explanation for EV charger outage) — Rosseti on Facebook. https://www.vice.com/en/article/akvya5/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead (Russian Electric Vehicle Chargers Hacked, Tell Users ‘PUTIN IS A DICKHEAD’) — Vice. https://www.vice.com/en/article/7kbd4d/roblox-currency-robux-is-outperforming-the-ruble (Roblox Currency ‘Robux’ Is Outperforming the Ruble) — Vice. https://www.bbc.co.uk/news/av/world-60393953 (Why won’t Telegram take down my naked photos? ) — BBC News. https://politikapolitika.com/2021/03/17/telegram-revenge-porn-scandal-police-investigate-as-more-than-50-000-men-share-explicit-content-of-women-and-underaged-girls/ (Telegram revenge porn scandal: police investigate as more than 50 000 men share explicit content of women and underaged girls ) — Politika. https://www.leeds-live.co.uk/news/leeds-news/ex-leeds-student-onlyfans-star-23222081 (Ex-Leeds student OnlyFans star rakes in £2m pouring beans on herself and pretending to be a giant ) — Leeds Live. https://inews.co.uk/news/post-office-scandal-explained-horizon-public-inquiry-sub-postmasters-1469862 (Post Office scandal explained: Why a public inquiry is examining the Horizon sub-postmasters scandal) — Inews. https://www.personneltoday.com/hr/tuc-warns-against-employee-monitoring-after-post-office-scandal/ (TUC warns against employee monitoring after Post Office...
Mar 02, 2022
263: Problèmes de Weefeee, AI artists, and Web 3.0
01:06:28
Ooh la la! Horreur Wi-Fi en France! Some folks have experienced the drawbacks of Web 3.0 as their NFTs are stolen, and should computers own the copyright over the art they produce? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. And don't miss our featured interview with Sean Herbert of baramundi. Visit https://www.smashingsecurity.com/263 (https://www.smashingsecurity.com/263) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Mark Stockley and Sean Herbert. Sponsored By: https://l.kolide.co/3HMcG7u (Kolide): At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated. Try Kolide Free for 14 Days; no credit card required. https://www.baramundi.com/smashingsecurity (baramundi): Optimize your IT processes with the baramundi Management Suite and make optimal use of resources by automating time-consuming routine tasks. Stay in control and maximize your productivity by automating routine tasks. The Unified Endpoint Management Software can be installed and implemented quickly, is intuitive to use, has a modular structure and offers a high level of usability and transparency. Try out the free 30-Day full version for yourself today at baramundi.com/smashingsecurity https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.anfr.fr/toutes-les-actualites/actualites/les-enquetes-de-lanfr-les-dents-le-brouilleur-et-au-lit/ (Les dents, le brouilleur et au lit!) — ANFR. https://www.bleepingcomputer.com/news/technology/dad-takes-down-towns-internet-by-mistake-to-get-his-kids-offline/ (Dad takes down town's internet by mistake to get his kids offline) — Bleeping Computer. https://en.wikipedia.org/wiki/Television_licensing_in_the_United_Kingdom (TV licenses and detector vans in the United Kingdom) — Wikipedia. https://moxie.org/2022/01/07/web3-first-impressions.html (My first impressions of web3) — Moxie Marlinspike. https://opensea.io/assets/0x495f947276749ce646f68ac8c248420045cb7b5e/35395701019977838172203864209600394574979501666838933464063188917600798113793 (Graham or Carole? - NFT for sale) — OpenSea. https://www.theverge.com/2022/2/20/22943228/opensea-phishing-hack-smart-contract-bug-stolen-nft ($1.7 million in NFTs stolen in apparent phishing attack on OpenSea users) — The Verge. https://www.artsy.net/article/artsy-editorial-art-copyright-explained (Art Copyright, Explained) — Artsy. https://www.theverge.com/2022/2/21/22944335/us-copyright-office-reject-ai-generated-art-recent-entrance-to-paradise (The US Copyright Office says an AI can’t copyright its art ) — The Verge. https://www.copyright.gov/rulings-filings/review-board/docs/a-recent-entrance-to-paradise.pdf (Ruling on "A Recent Entrance to Paradise")...
Feb 23, 2022
262: Macro progress, eyeball-tracking ads, and encryption backdoors
58:00
How does Microsoft hope to defeat the macro terror? How is the UK Government trying to influence the public's opinion on end-to-end encryption? And what is MoviePass hoping to do with your eyeballs? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Thom Langford. Visit https://www.smashingsecurity.com/262 (https://www.smashingsecurity.com/262) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Thom Langford. Sponsored By: https://l.kolide.co/3uSdmVj (Kolide): Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security. You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. https://www.baramundi.com/smashingsecurity (baramundi): Optimize your IT processes with the baramundi Management Suite and make optimal use of resources by automating time-consuming routine tasks. Stay in control and maximize your productivity by automating routine tasks. The Unified Endpoint Management Software can be installed and implemented quickly, is intuitive to use, has a modular structure and offers a high level of usability and transparency. Try out the free 30-Day full version for yourself today at baramundi.com/smashingsecurity https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://docs.microsoft.com/en-gb/DeployOffice/security/internet-macros-blocked (Macros from the internet are blocked by default in Office) — Microsoft. https://support.microsoft.com/en-us/topic/a-potentially-dangerous-macro-has-been-blocked-0952faa0-37e7-4316-b61d-5b5ed6024216 (A potentially dangerous macro has been blocked) — Microsoft. https://research.checkpoint.com/2022/the-death-of-please-enable-macros-and-what-it-means/ (The Death of "Please Enable Macros" and What it Means) — Check Point Research. https://www.noplacetohide.org.uk/ (No Place to Hide.) https://alecmuffett.com/article/15742 (Why we need EndToEndEncryption and why it’s essential for our safety, our children’s safety, and for everyone’s future) — Alec Muffet. https://www.smashingsecurity.com/68 (Smashing Security episode 68: Malware from outer space!) https://variety.com/2022/film/news/moviepass-relaunching-next-summer-pricing-1235177717/ (MoviePass Relaunching Next Summer ) — Variety. https://www.dailymail.co.uk/sciencetech/article-10511899/MoviePass-eyeball-tracking-make-watch-ads.html (MoviePass is back but with eyeball tracking to make you watch ads) — Daily Mail. https://www.vice.com/en/article/akvnba/moviepass-20-wants-to-track-your-eyeballs-to-make-sure-you-watch-ads (MoviePass 2.0 Wants to Track Your Eyeballs to Make Sure You Watch Ads) — Vice. https://www.starlink.com/ (Starlink.) https://2000ad.com/ (2000 AD - the Galaxy's Greatest Comic!) https://www.imdb.com/title/tt2822584/ (Future Shock! The Story of 2000AD) — IMDB.
Feb 16, 2022
261: North Korea hacked, DEA cosplay, and Horizon Worlds drama
50:42
Who's wearing the pyjamas while they take down North Korea's internet? Is it a case of cop or cosplay in Oregon? And what's to fear about the metaverse? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/261 (https://www.smashingsecurity.com/261) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.smashingsecurity.com/love1password (1Password): 1Password Families makes sharing passwords, logins, credit cards and more a (romantic) walk in the park. From now until February 28th, when you sign up for - or upgrade your individual account to - a 1Password Families membership, you’ll get $20 off the entire year! Learn more at smashingsecurity.com/love1password https://www.baramundi.com/smashingsecurity (baramundi): Optimize your IT processes with the baramundi Management Suite and make optimal use of resources by automating time-consuming routine tasks. Stay in control and maximize your productivity by automating routine tasks. The Unified Endpoint Management Software can be installed and implemented quickly, is intuitive to use, has a modular structure and offers a high level of usability and transparency. Try out the free 30-Day full version for yourself today at baramundi.com/smashingsecurity https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.nationalgeographic.com/pages/article/140226-north-korea-satellite-photos-darkness-energy (Space Station Photos Show North Korea at Night, Cloaked in Darkness) — National Geographic. https://www.wired.com/story/north-korea-hacker-internet-outage/ (North Korea Hacked Him. So He Took Down Its Internet) — Wired. https://www.bitdefender.com/blog/hotforsecurity/north-korean-hackers-attempt-to-hack-security-researchers-investigating-zero-day-vulnerabilities (North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities) — Hot for Security. https://www.nytimes.com/2022/02/06/us/portland-dea-imposter.html (Woman ‘Tricked’ to Believe She Was a D.E.A. Agent Trainee, Official Says) — New York Times. https://www.oregonlive.com/crime/2022/02/alleged-dea-imposter-in-portland-took-woman-on-ride-a-longs-had-her-flash-fake-badge-to-find-informants-among-homeless-people-complaint-says.html (Alleged DEA imposter in Portland took woman on ‘ride-alongs,’ had her flash fake badge to find informants among homeless people, complaint says) — Oregon Live. https://www.independent.co.uk/tech/meta-personal-boundaries-metaverse-sexual-harass-b2007878.html (Meta forced to add ‘personal boundaries’ to the Metaverse after woman was sexually harassed in virtual reality) — The Independent. https://www.washingtonpost.com/technology/2022/02/07/facebook-metaverse-horizon-worlds-kids-safety/ (Horizon Worlds metaverse app could pose danger for kids, experts say) — Washington Post. https://www.technologyreview.com/2021/12/16/1042516/the-metaverse-has-a-groping-problem/ (The metaverse has a groping problem already) — MIT Technology Review....
Feb 09, 2022
260: New hire mystery, hacktivist ransomware, and digi-dating
47:41
Who's that new guy working at your company, and why don't you recognise him from the interview? How are hacktivists raising the heat in Belarus? And should you be fully vaxxed for your online date? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/260 (https://www.smashingsecurity.com/260) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.smashingsecurity.com/brex (1Password): Secure online payments and grow your business with Brex and 1Password. Brex and 1Password have partnered to make online payments secure and frictionless. 1Password customers can now use Brex virtual credit cards to check out online with just two clicks. 1Password's integration with Brex is available right now to 1Password Teams and Business customers based in the United States. Learn more at smashingsecurity.com/brex https://www.uptycs.com (Uptycs): Uptycs is a cloud-native security analytics platform built to protect the modern attack surface. Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem. Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping. Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Find out more and try it for free at uptycs.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.askamanager.org/2022/01/the-new-hire-who-showed-up-is-not-the-same-person-we-interviewed.html (The new hire who showed up is not the same person we interviewed) — Ask a Manager. https://www.linkedin.com/pulse/how-spot-fake-candidates-video-interviews-nick-shah/ (How to Spot Fake Candidates in Video Interviews) — Nick Shah on LinkedIn. https://www.focusgts.com/how-to-avoid-the-fake-candidate-scam-in-the-tech-industry/ (How To Avoid The Fake Candidate Scam in the Tech Industry) — Focus GTS. https://twitter.com/cpartisans/status/1485618881557315588 (Tweet by Belarusian Cyber-Partisans.) https://twitter.com/cpartisans/status/1485950024148205568 (Tweet showing screenshots of hacked railroad.) https://www.vice.com/en/article/n7nd9x/ukraine-russia-invasion-belarus-railway-hack-cyber-war (‘We Can Hurt Them in Ways They Don’t Understand’: Ukraine on Russia Cyber-War) — Vice. https://www.wxyz.com/news/region/detroit/pandemic-fuels-new-trends-in-the-online-dating-world (Pandemic fuels new trends in the online dating world) — WXYZ Detroit. https://www.france24.com/en/europe/20220129-swipe-left-for-unvaxxed-vaccine-status-complicates-the-scene-on-dating-apps ('Swipe left for unvaxxed’: Vaccine status complicates the scene on dating apps) — France 24. https://www.kaspersky.co.uk/blog/dating-apps-privacy-and-safety/22299/ (Tips for private and safe dating on Tinder ) — Kaspersky....
Feb 02, 2022
259: Techquilibrium and mediocre linguistic escapades
42:48
Wordle - good or bad for the world? Whatever your opinion, at least someone wants to spoil players' fun. Meanwhile, we take a look at the threat mobile phones can pose to your mental health. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/259 (https://www.smashingsecurity.com/259) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.smashingsecurity.com/brex (1Password): Secure online payments and grow your business with Brex and 1Password. Brex and 1Password have partnered to make online payments secure and frictionless. 1Password customers can now use Brex virtual credit cards to check out online with just two clicks. 1Password's integration with Brex is available right now to 1Password Teams and Business customers based in the United States. Learn more at smashingsecurity.com/brex https://canary.tools/ (Thinkst): Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents... Listeners who mail in referencing Smashing Security get a 10% discount on their order! https://www.uptycs.com (Uptycs): Uptycs is a cloud-native security analytics platform built to protect the modern attack surface. Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem. Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping. Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Find out more and try it for free at uptycs.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.powerlanguage.co.uk/wordle/ (Wordle - A daily word game.) https://twitter.com/MarkStockley/status/1485172724288868353 (Friend of the show Mark Stockley bragging about his Wordle play) — Twitter. https://wa11y.co/ (Wordle Accessibility) — Generates descriptive text for your Wordle result. https://www.theverge.com/2022/1/24/22899339/wordle-twitter-spoilers-banned-word-puzzle-answers (Twitter suspends Wordle-ruining bot) — The Verge. https://www.amazon.co.uk/Screen-Time-peace-devices-techquilibrium/dp/1788704215 (Screen Time: How to make peace with your devices and find your techquilibrium) — Book by Becca Cady. https://www.reviews.org/mobile/cell-phone-addiction/ (2022 Cell Phone Usage Statistics: How Obsessed Are We? ) — Reviews.org. https://www.butler.org/blog/phone-affecting-your-mental-health (Is Your Phone Affecting Your Mental Health?) — Butler Hospital. https://www.bbc.co.uk/news/business-60067032 (The people deciding to ditch their smartphones) — BBC News. https://www.studyfinds.org/cell-phones-addicted-americanson-the-toilet/ (No place is sacred:...
Jan 26, 2022
258: Tesla remote hijacks and revolting YouTubers
33:05
Carole's still on jury service, but the show must go on! We take a look at how some Tesla owners are at risk of having their expensive cars remotely hijacked, and why YouTubers are up in arms over NFTs. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/258 (https://www.smashingsecurity.com/258) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.uptycs.com (Uptycs): Uptycs is a cloud-native security analytics platform built to protect the modern attack surface. Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem. Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping. Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Find out more and try it for free at uptycs.com https://www.smashingsecurity.com/university (1Password): 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels. Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet. Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you. Visit 1Password University for free online security resources, made for everyone. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://en.wikipedia.org/wiki/Monty_Hall_problem (Monty Hall problem ) — Wikipedia. https://www.youtube.com/watch?v=4Lb-6rxZxx0 (Monty Hall problem explanation video) — Numberphile on YouTube. https://twitter.com/david_colombo_ (David Colombo's Twitter account.) https://www.vice.com/en/article/akv7z5/how-a-hacker-controlled-dozens-of-teslas-using-a-flaw-in-third-party-app (How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App) — Vice. https://opensea.io/assets/0x495f947276749ce646f68ac8c248420045cb7b5e/35395701019977838172203864209600394574979501666838933464063188917600798113793 (Graham or Carole? NFT, posted by Mark Stockley) — OpenSea. https://www.inputmag.com/culture/stephanie-matto-90-day-fiance-fart-jars-nfts (The Fart Jars NFT story doesn't pass the smell test) — Input Magazine. https://www.youtube.com/watch?v=hBFTxHOSPPc (WOW! Disgusting Youtuber Exploitation Scandal, MrBeast Beat a Child, MLK Controversy, & Today's News ) — Philip DeFranco's YouTube account. https://www.eurogamer.net/articles/2022-01-17-gaming-youtubers-have-had-their-likenesses-stolen-and-sold-as-nfts (Gaming YouTubers have had their likenesses stolen and sold as NFTs ) — EuroGamer....
Jan 19, 2022
257: Pokemon-hunting cops and the Spine Collector scammer
44:16
Who has been playing video games rather than hunting down criminals? How is a man alleged to have stolen manuscripts of unpublished books from celebrity authors? Which pot contains an elephant? And why has Graham been listening to podcasts about pest control marketing? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/257 (https://www.smashingsecurity.com/257) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.uptycs.com (Uptycs): Uptycs is a cloud-native security analytics platform built to protect the modern attack surface. Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem. Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping. Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Find out more and try it for free at uptycs.com https://www.smashingsecurity.com/university (1Password): 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels. Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet. Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you. Visit 1Password University for free online security resources, made for everyone. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/technology-59953330 (Pokémon Go: Police fired for chasing Snorlax instead of robbers) — BBC News. https://kotaku.com/lapd-officers-fired-for-ignoring-robbery-to-play-pokemo-1848335699 (Pokémon Go-Playing LAPD Officers Fired For Ignoring Robbery) — Kotaku. https://www.courts.ca.gov/opinions/documents/B307412.PDF (Court of appeal documents (PDF).) https://www.vulture.com/2022/01/stealing-books-before-release-mystery.html (The Mysterious Figure Stealing Books Before Their Release) — Vulture. https://www.nytimes.com/2022/01/05/books/publishing-manuscripts-phishing-scam-filippo-bernardini.html (FBI Arrests Man Accused of Stealing Unpublished Book Manuscripts) — The New York Times. https://www.thebookseller.com/news/viacom-security-assisted-finding-employee-accused-manuscript-theft-says-karp-1298210 (ViacomCBS security group 'crucial' for FBI manuscript theft investigation, says Karp) — The Bookseller. https://www.bitdefender.com/blog/hotforsecurity/spine-collector-man-arrested-fake-email-steal-unpublished-manuscripts/ (The Spine Collector: Man arrested for using fake email addresses to steal hundreds of unpublished manuscripts) —...
Jan 12, 2022
256: Virgin Media just won't take no for an answer, NFT apes, and bad optics
50:10
After a brief discussion of the Log4Shell vulnerability panic, we chat about how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your sleeping girlfriend's facial recognition. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined by Mark Stockley for our last episode of the year! Visit https://www.smashingsecurity.com/256 (https://www.smashingsecurity.com/256) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.1password.com/resources (1Password): The first annual 1Password “State of Access” benchmark study illuminates the grave dangers unwittingly posed by checked-out, apathetic employees — including security professionals. Burned-out employees are 3 times more likely to say security rules and policies “aren’t worth the hassle,” and nearly half of burned-out security professionals say it’s unrealistic for companies to be aware of and manage all apps and devices that employees use. Read the report and find out what you can do at 1password.com/resources. https://www.uptycs.com (Uptycs): Uptycs is a cloud-native security analytics platform built to protect the modern attack surface. Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem. Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping. Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Find out more and try it for free at uptycs.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/log4shell/ (Log4Shell: The race is on to fix millions of systems and internet-connected devices) — Graham Cluley. https://ico.org.uk/media/action-weve-taken/mpns/4019153/virgin-media-limited-monetary-penalty-notice.pdf (Virgin Media Limited monetary penalty notice (PDF)) — Information Commissioner's Office. https://www.theregister.com/2021/12/08/virgin_media_pecr_fine_415000_customers_spammed/ (Virgin Media fined £50k for spamming opted-out customers ) — The Register. https://www.bbc.co.uk/news/technology-59638565 (Bored Ape NFT accidentally sells for $3,000 instead of $300,000) — BBC News. https://nypost.com/2021/12/13/man-steals-23k-using-exs-phone-through-facial-recognition-report/ (Man steals $23K using ex's phone through facial recognition: report) — NY Post. https://www.globaltimes.cn/page/202112/1241314.shtml (Man sentenced to 3.5 years in prison after transferring $23,500 on ex-girlfriend's phone by pulling up her eyelid) — Global Times. https://blog.emojipedia.org/what-every-heart-emoji-really-means/ (What Every Heart Emoji Really Means) — Emojipedia. https://opensea.io/assets/0x495f947276749ce646f68ac8c248420045cb7b5e/35395701019977838172203864209600394574979501666838933464063188917600798113793 (Graham or Carole? NFT for sale) — OpenSea....
Dec 15, 2021
255: Revolting receipts, a Twitter fandango, and shopkeeper cyber tips
53:28
"Demonically" possessed devices print out antiwork propaganda, advice on how to secure your store, and is Twitter's new photo privacy policy practical? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Dinah Davis. Visit https://www.smashingsecurity.com/255 (https://www.smashingsecurity.com/255) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dinah Davis. Sponsored By: https://www.uptycs.com (Uptycs): Uptycs is a cloud-native security analytics platform built to protect the modern attack surface. Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem. Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping. Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Find out more and try it for free at uptycs.com https://www.1password.com (1Password): It’s that time again when we’re all thinking about plans for the upcoming year. Does your plan include making your team more productive and secure? 100,000 businesses use 1Password to secure employees at scale by encrypting their passwords and sensitive information and helping them get more done, faster. That’s why, for a limited time only, new customers can get 25% off the first year of 1Password Business and find out how 1Password can boost productivity while protecting their most sensitive data. Act fast! This deal is only good until December 16, 2021. Find out more and claim your discount at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=Y8_RSl3hokg (CEO of US mortgage company fires 900 employees on a Zoom call ) — YouTube. https://edition.cnn.com/2021/12/07/business/better-zoom-firing-employees/index.html (Better.com Zoom firing: Employees share what it was like) — CNN. https://www.reddit.com/r/antiwork/ (Antiwork subreddit) — Reddit. https://www.vice.com/en/article/qjbb9d/hackers-are-spamming-businesses-receipt-printers-with-antiwork-manifestos (Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos) — Motherboard Vice. https://metro.co.uk/2021/12/03/hackers-are-spamming-printers-with-antiwork-slogans-15709807/ (Hackers are spamming printers with 'antiwork' slogans) — Metro. https://www.dumpaday.com/funny-pictures/how-to-get-back-at-your-annoyingly-loud-neighbors/ (How To Get Back At Your Annoyingly Loud Neighbors) — Dumpaday. https://www.nytimes.com/1994/08/12/business/attention-shoppers-internet-is-open.html (Attention Shoppers: Internet Is Open) — The New York Times. https://michaeltefula.medium.com/a-brief-history-of-e-commerce-c4692a3b2cd9 (A Brief History of E-commerce) — Michael Tefula. https://www.netmarket.com/store/ (NetMarket.) https://www.statista.com/statistics/379046/worldwide-retail-e-commerce-sales/ (Global retail e-commerce market size 2014-2023)...
Dec 08, 2021
254: A dead hamster, a brass pen, and The Beatles
37:54
Cryptocurrency traders suffer a hamster-related loss, beware of charity scammers this holiday season, and do you have the patience to sit through Peter Jackson's eight-hour Beatles documentary? All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, who are flying solo this week. Visit https://www.smashingsecurity.com/254 (https://www.smashingsecurity.com/254) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.uptycs.com (Uptycs): Uptycs is a cloud-native security analytics platform built to protect the modern attack surface. Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem. Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping. Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Find out more and try it for free at uptycs.com https://www.1password.com (1Password): It’s that time again when we’re all thinking about plans for the upcoming year. Does your plan include making your team more productive and secure? 100,000 businesses use 1Password to secure employees at scale by encrypting their passwords and sensitive information and helping them get more done, faster. That’s why, for a limited time only, new customers can get 25% off the first year of 1Password Business and find out how 1Password can boost productivity while protecting their most sensitive data. Act fast! This deal is only good until December 16, 2021. Find out more and claim your discount at 1Password.com https://www.perimeter81.com (Perimeter 81): Perimeter 81 is the first-ever Cybersecurity Experience Platform, designed around Instant Deployment, Unified Management, Integrated Security, and Full Visibility. Perimeter 81 allows organizations of any and all industry sizes to support IT teams with robust tools to secure and manage your global network with one unified platform. Securing remote access for cloud and hybrid businesses and organizations, Perimeter 81 provides unified solutions such as Zero Trust Network Access, Firewall as a Service, Device Posture Check, and more. Learn more and request a demo at perimeter81.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.theparisreview.org/blog/2019/07/18/how-stanley-kubrick-staged-the-moon-landing-and-other-stories/ (How Stanley Kubrick Staged the Moon Landing) — The Paris Review. https://science.nasa.gov/science-news/science-at-nasa/2008/10oct_lhc (The Day the World Didn't End) — NASA. https://theculturetrip.com/europe/finland/articles/does-finland-exist-many-dont-think-so/ (Does Finland Exist? Many Don't Think So) — The Culture Trip. https://www.bbc.co.uk/news/technology-58707641 (Mr Goxx, the crypto-trading hamster beating human investors) — BBC News. https://www.twitch.tv/mr_goxx (Mr Goxx's Twitch channel) — Twitch....
Dec 01, 2021
253: Cybercrime unicorns, HVAC hacks, and NFT piracy - with Mikko Hyppönen
48:05
Heating systems are left vulnerable to attack in the high courts, cybercrime unicorns have become a reality (but what are they?), over 15 Terabytes of NFTs are made available for anyone to download ... and Carole reveals her Pick of the Year. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mikko Hyppönen. Visit https://www.smashingsecurity.com/253 (https://www.smashingsecurity.com/253) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mikko Hyppönen. Sponsored By: https://canary.tools/ (Thinkst): Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents... Listeners who mail in referencing Smashing Security get a 10% discount on their order! https://www.perimeter81.com (Perimeter 81): Perimeter 81 is the first-ever Cybersecurity Experience Platform, designed around Instant Deployment, Unified Management, Integrated Security, and Full Visibility. Perimeter 81 allows organizations of any and all industry sizes to support IT teams with robust tools to secure and manage your global network with one unified platform. Securing remote access for cloud and hybrid businesses and organizations, Perimeter 81 provides unified solutions such as Zero Trust Network Access, Firewall as a Service, Device Posture Check, and more. Learn more and request a demo at perimeter81.com https://www.1password.com (1Password): 1Password 8 for Windows has been reimagined to feel right at home on the world's most popular desktop operating system. From Dark Mode and passwordless integration to smart search and secure item sharing, 1Password 8 is the new home for your digital life. Productivity improvements, enhanced security and privacy features, and a modern design deliver a first-class experience that offers the best of Windows 11. 1Password 8 for Windows helps you manage, remember, and protect your sensitive information more easily and securely than ever before. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.theregister.com/2021/11/23/unsecured_rcj_hvac_wifi_routers/ (Royal Courts of Justice HVAC systems had unsecured Wi-Fi AP) — The Register. https://twitter.com/kirkkorner/status/1462749660796313600 (Tweet by Tristan Kirk, court correspondent of the London Evening Standard.) https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ (Target Hackers Broke in Via HVAC Company) — Brian Krebs. https://archives.fbi.gov/archives/dallas/press-releases/2011/dl031811.htm (Former Security Guard Who Hacked Into Hospital’s Computer System Sentenced to 110 Months in Federal Prison) — FBI. https://www.youtube.com/watch?v=2UKeHbrsF94 (Video by Jesse McGraw (aka "PhantomExodizzmo")) — YouTube. https://www.ibtimes.com/cybercrime-unicorns-how-hackers-are-building-empires-rival-techs-most-sophisticated-2275974 (Cybercrime Unicorns: How Hackers Are Building...
Nov 24, 2021
252: Hotel hacks, workplace spies, and the FBI
01:01:15
Booking.com got hacked five years ago, and didn't tell its customers... but now we know who might have been behind it. Bossware rears its ugly head again in the workplace, spying on employees. And did you receive a warning email from the FBI? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Brian Klaas of the "Power Corrupts" podcast. Plus we have a featured interview with Perimeter 81 co-founder and CEO Amit Bareket. Visit https://www.smashingsecurity.com/252 (https://www.smashingsecurity.com/252) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Amit Bareket and Brian Klaas. Sponsored By: https://www.perimeter81.com (Perimeter 81): Perimeter 81 is the first-ever Cybersecurity Experience Platform, designed around Instant Deployment, Unified Management, Integrated Security, and Full Visibility. Perimeter 81 allows organizations of any and all industry sizes to support IT teams with robust tools to secure and manage your global network with one unified platform. Securing remote access for cloud and hybrid businesses and organizations, Perimeter 81 provides unified solutions such as Zero Trust Network Access, Firewall as a Service, Device Posture Check, and more. Learn more and request a demo at perimeter81.com https://www.qualys.com (Qualys): Qualys was one of the first SaaS security companies, and delivers continuous, critical security intelligence via its Qualys Cloud Platform and integrated Cloud Apps. Its powerful solutions empower organisations to streamline and consolidate their security and compliance solutions in a single platform and achieve greater business agility, better outcomes and substantial cost savings. Qualys recently announced three new solutions designed to address today’s challenges faced by enterprises: Ransomware Risk Assessment, Cybersecurity Asset Management, and Zero Touch Patch Management. Learn more at qualys.com https://www.1password.com (1Password): 1Password 8 for Windows has been reimagined to feel right at home on the world's most popular desktop operating system. From Dark Mode and passwordless integration to smart search and secure item sharing, 1Password 8 is the new home for your digital life. Productivity improvements, enhanced security and privacy features, and a modern design deliver a first-class experience that offers the best of Windows 11. 1Password 8 for Windows helps you manage, remember, and protect your sensitive information more easily and securely than ever before. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.nrc.nl/nieuws/2021/11/10/american-spy-hacked-bookingcom-company-stayed-silent-a4065086 (American spy hacked Booking.com, company stayed silent) — NRC. https://arstechnica.com/gadgets/2021/11/new-book-claims-us-intel-agency-hacked-booking-com-in-2016/ (Booking.com was reportedly hacked by a US intel agency but never told customers ) — Ars Technica. https://www.theregister.com/2021/11/11/booking_com_hacked_by_us_allegations/ (Dutch newspaper links Booking.com break-in to US spy groups ) — The Register....
Nov 17, 2021
251: PrawnHub, Tesla recall, and IoT luggage
41:59
Fishing fanatics find themselves in deep water, Teslas go haywire after an update, and is there actually some good news about IoT? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Ken Munro. Visit https://www.smashingsecurity.com/251 (https://www.smashingsecurity.com/251) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ken Munro. Sponsored By: https://www.1password.com (1Password): From start-up to enterprise, 1Password makes it easy for your team to store, generate and share strong passwords. The less time you need to spend dealing with hacks, phishing scams, and lost passwords, the better. Not just for IT and Security teams – all kinds of teams like Finance, HR, Legal, and Marketing can also store and share business credit cards, sensitive documents and shared logins in 1Password. Work securely from home or in the office. 1Password allows secure access to logins and important resources anywhere you work. Instantly deploy, grant and revoke access to shared vaults. You can securely add new team members and recover locked-out user accounts. Find out more and try 1Password free for 14 days at 1Password.com http://www.smashingsecurity.com/qualyslasvegas (Qualys): Qualys Security Conference 2021 is taking place in Las Vegas November 15-18 2021, and you can attend either in person or online. Hear from experts such as Chris Krebs, former Director of the DHS & CISA, learn strategies and tactics to secure your organization, and network with your peers and other Qualys experts to accelerate your career. To learn more about attending the Qualys Security Conference 2021 in person or online visit smashingsecurity.com/qualyslasvegas https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.londonstockexchange.com/news-article/ANG/notice-of-a-cyber-security-incident/15202688 (Notice of a cyber security incident ) — Announcement from Angling Direct on London Stock Exchange. https://www.theregister.com/2021/11/08/angling_direct/ (Angling Direct: Criminals net website of UK fishing site) — The Register. https://twitter.com/Marco_willo5/status/1457386194329800717 (Tweet from user of Angling Direct.) — Twitter. https://twitter.com/kylan_humber/status/1456886143631384577 (Tweet by Angling Direct customer) — Twitter. https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/2018-Internet-connected-radio-equipment-and-wearable-radio-equipment_en (Internet-connected radio equipment and wearable radio equipment) — European Commission. https://www.congress.gov/bill/116th-congress/house-bill/1668/text (Internet of Things Cybersecurity Improvement Act of 2020 ) — US LIbrary of Congress. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327 (Information privacy: connected devices) — Californian senate bill. https://www.washingtonpost.com/technology/2021/11/08/tesla-regulation-elon-musk/ (Tesla Full Self-Driving recall came amid increased regulatory scrutiny - The Washington Post) — Washington Post. https://www.reuters.com/business/autos-transportation/tesla-recalling-nearly-12000-us-vehicles-over-software-communication-error-2021-11-02/...
Nov 10, 2021
250: Yes, you heard that correctly. Two hundred and fifty
01:01:47
A game about Squid Game pulls the rug from under cryptocurrency investors in what appears to be a scam, PayPal hackers use a devious trick to break into 2FA-protected accounts, and have you received a job offer that's too good to be true? All this and much much more is discussed in this celebratory edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Dr Jessica Barker. Plus don't miss our featured interview with the CEO and president of Qualys, Sumedh Thakar. Oh, and huge thanks to Darknet Diaries' Jack Rhysider, F-Secure's Mikko Hyppönen, The Cyberwire's Dave Bittner, and Host Unknown's Andrew Agnês, Thom Langford, and Javvad Malik for their special contributions to this episode. Visit https://www.smashingsecurity.com/250 (https://www.smashingsecurity.com/250) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Andrew Agnês, Dave Bittner, Jack Rhysider, Javvad Malik, Jessica Barker, Mikko Hyppönen, Sumedh Thakar, and Thom Langford. Sponsored By: http://www.smashingsecurity.com/qualyslasvegas (Qualys): Qualys Security Conference 2021 is taking place in Las Vegas November 15-18 2021, and you can attend either in person or online. Hear from experts such as Chris Krebs, former Director of the DHS & CISA, learn strategies and tactics to secure your organization, and network with your peers and other Qualys experts to accelerate your career. To learn more about attending the Qualys Security Conference 2021 in person or online visit smashingsecurity.com/qualyslasvegas https://www.1password.com (1Password): From start-up to enterprise, 1Password makes it easy for your team to store, generate and share strong passwords. The less time you need to spend dealing with hacks, phishing scams, and lost passwords, the better. Not just for IT and Security teams – all kinds of teams like Finance, HR, Legal, and Marketing can also store and share business credit cards, sensitive documents and shared logins in 1Password. Work securely from home or in the office. 1Password allows secure access to logins and important resources anywhere you work. Instantly deploy, grant and revoke access to shared vaults. You can securely add new team members and recover locked-out user accounts. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/business-59059097 (Squid Game cryptocurrency rockets in first few days of trading ) — BBC News. https://www.bbc.co.uk/news/business-59129466 (Squid Game crypto token collapses in apparent scam ) — BBC News. https://coinmarketcap.com/alexandria/article/i-lost-everything-how-squid-game-token-collapsed ('I Lost Everything': How Squid Game Token Collapsed) — CoinMarketCap. https://gizmodo.com/squid-game-cryptocurrency-scammers-make-off-with-2-1-m-1847972824 (Squid Game Cryptocurrency Scammers Make Off With $3.3 Million) — Gizmodo. https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo (The Booming Underground Market for Bots That Steal Your 2FA Codes) — Vice. https://www.propublica.org/article/scammers-are-using-fake-job-ads-to-steal-peoples-identities (Scammers Are...
Nov 03, 2021
249: Devious licks, Netflix, and sensitive hackers
47:06
Ransomware attackers have got hurt feelings, what does Netflix know about you, and why are schoolkids stealing lavatory seats? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by 1Password's Matt Davey from the https://1password.com/podcast ("Random but Memorable") podcast. Visit https://www.smashingsecurity.com/249 (https://www.smashingsecurity.com/249) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Matt Davey. Sponsored By: https://canary.tools/ (Thinkst): Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents... Listeners who mail in referencing Smashing Security get a 10% discount on their order! https://www.smashingsecurity.com/university (1Password): 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels. Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet. Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you. Visit 1Password University for free online security resources, made for everyone. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/ (Governments turn tables on ransomware gang REvil by pushing it offline) — Reuters. https://www.tripwire.com/state-of-security/featured/revil-ransomware-what-you-need-to-know/ (REvil ransomware - what you need to know about the criminal enterprise) — Tripwire. https://grahamcluley.com/revil-ransomware-rampages-following-kaseya-supply-chain-attack/ (REvil ransomware rampages following Kaseya supply-chain attack) — Graham Cluley. https://grahamcluley.com/meat-supplier-jbs-probed-after-paying-11-million-ransom-to-attackers/ (Meat supplier JBS probed after paying $11 million ransom to attackers. US Congress has a beef with those who pay ransoms to cybercriminals) — Graham Cluley. https://blog.emsisoft.com/en/39181/on-the-matter-of-blackmatter/ (Hitting the BlackMatter gang where it hurts: In the wallet) — Emsisoft. https://grahamcluley.com/ransomware-gang-outraged-at-bandit-mugging-behavior-of-the-united-states-after-revil-group-pushed-offline/ (Ransomware gang outraged at “bandit-mugging behavior of the United States” after REvil group pushed offline) — Graham Cluley. https://www.wired.co.uk/article/netflix-data-tracking-privacy (All the ways Netflix tracks you and what you watch) — Wired. https://www.wired.co.uk/article/bandersnatch-black-mirror-episode-explained (The inside
Oct 27, 2021
248: Press F12 to hack
45:32
A journalist is threatened with prosecution after choosing to "View Source" on a public webpage, Amazon Ring owners might be in line for a hefty fine if their neighbours complain, and is the school lunch queue a good place for facial recognition? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/248 (https://www.smashingsecurity.com/248) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.smashingsecurity.com/university (1Password): 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels. Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet. Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you. Visit 1Password University for free online security resources, made for everyone. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.stltoday.com/news/local/education/missouri-teachers-social-security-numbers-at-risk-on-state-agencys-website/article_f3339700-ece0-54a1-9a45-f300321b7c82.html (Missouri teachers’ Social Security numbers at risk on state agency’s website) — St Louis Post-Despatch. https://missouriindependent.com/2021/10/14/missouri-governor-vows-criminal-prosecution-of-reporter-who-found-flaw-in-state-website/ (Missouri governor vows criminal prosecution of reporter who found flaw in state website) — Missouri Independent. https://oa.mo.gov/commissioners-office/news/state-missouri-addresses-data-vulnerability (State of Missouri Addresses Data Vulnerability) — State of Missouri Office of Administration press release. https://www.youtube.com/watch?v=NxJjLWa9R2g (Governor Parson Press Conference MO Education Website Hack) — YouTube. https://www.dailymail.co.uk/news/article-10085561/A-victory-privacy-Woman-100k-damages-neighbours-doorbell-cameras.html (Doctor set for £100k pay-out after judge ruled neighbour's Ring doorbell cameras breached privacy) — Daily Mail. https://www.technologyreview.com/2021/09/28/1036279/pandemic-unemployment-government-face-recognition/ (The pandemic is testing the limits of face recognition) — MIT Technology Review. https://www.theguardian.com/education/2021/oct/18/privacy-fears-as-schools-use-facial-recognition-to-speed-up-lunch-queue-ayrshire-technology-payments-uk (ICO to step in after schools use facial recognition to speed up lunch queue) — The Guardian. https://www.youtube.com/watch?v=s-lqBZCulEs (The most sassy bride in history of Married At First Sight Australia) — YouTube. https://www.channel4.com/programmes/married-at-first-sight-australia (Married at First Sight Australia) — All 4. (Series 6 is the one to watch, according to Graham)...
Oct 20, 2021
247: Rickrolling submarine secrets
49:49
A married couple are accused of selling nuclear sub secrets, Facebook continues to make young lives a misery, and a school hacker lets loose one heck of a prank. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/247 (https://www.smashingsecurity.com/247) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.justice.gov/opa/pr/maryland-nuclear-engineer-and-spouse-arrested-espionage-related-charges (Maryland Nuclear Engineer and Spouse Arrested on Espionage-Related Charges ) — US Department of Justice. https://www.theregister.com/2021/10/11/doj_alleges_nuclear_sub_data_leak/ (Couple charged with leaking US nuclear sub designs) — The Register. https://www.cnbc.com/2021/10/11/facebook-will-add-new-safety-features-for-teens-following-whistleblower-leak.html (Facebook will add new safety features, notably for teens, after whistleblower leak) — CNBC. https://louisbarclay.notion.site/Unfollow-Everything-cease-and-desist-letter-from-Facebook-ea219169421b457bb7ce010b7bf9ce1f (Unfollow Everything cease-and-desist letter from Facebook) — Louis Barclay. https://whitehoodhacker.net/posts/2021-10-04-the-big-rick (IoT Hacking and Rickrolling My High School District) — WhiteHoodHacker. https://en.boardgamearena.com/ (Board Game Arena) — Play board games online from your browser. https://www.youtube.com/watch?v=X4QYV5GTz7c (Foundation — Official Trailer) — YouTube. https://tv.apple.com/us/show/foundation/umc.cmc.5983fipzqbicvrve6jdfep4x3 (Foundation ) — Apple TV. https://filmcourage.com/ (Film Courage.) https://www.youtube.com/user/filmcourage/playlists (Film Courage) — YouTube. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Oct 13, 2021
246: Facebook has fallen
01:05:44
Facebook suffers a massive (and very public) failure, Britain announces plans for counter-attacking nation states in cyberspace, and there's a tragic story related to ransomware. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Chris Kirsch. And don't miss our featured interview with Attivo Network's Carolyn Crandall. Visit https://www.smashingsecurity.com/246 (https://www.smashingsecurity.com/246) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Carolyn Crandall and Chris Kirsch. Sponsored By: https://www.smashingsecurity.com/university (1Password): 1Password has put its 15 years of security experience into creating 1Password University, a fun, dynamic, and free learning resource for people of all skill levels. Broaden your knowledge, starting with the basic building blocks of security. Learn at your own pace and learn how to create form an entire ecosystem of tools and tactics that help keep you safe on the internet. Whether you’re a business leader looking to create a culture of security in the workplace, or you’re just trying to understand why you need a unique password for each account, 1Password University’s growing catalogue of courses has something for you. Visit 1Password University for free online security resources, made for everyone. https://www.attivonetworks.com (Attivo Networks): It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures. Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud - all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker's advantage. Learn more and kick credential attacks to the curb, by visiting attivonetworks.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://engineering.fb.com/2021/10/04/networking-traffic/outage/ (Update about the October 4th outage) — Facebook Engineering. https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ (More details about the October 4 outage) — Facebook Engineering. https://www.vice.com/en/article/qj873p/facebook-whistleblower-says-company-chooses-profits-over-safety-all-the-time (Facebook Whistleblower Says Company Chooses ‘Profits Over Safety’ All The Time) — Vice. https://www.nytimes.com/2021/09/21/technology/zuckerberg-facebook-project-amplify.html (Inside Facebook’s Push to Defend Its Image ) — The New York Times. https://www.vice.com/en/article/4avjqb/conspiracy-theories-about-facebook-outage-spread-even-without-facebook (Conspiracy Theories About Facebook Outage Spread Even Without Facebook) — Vice. https://www.theguardian.com/technology/2021/oct/05/facebook-outage-what-went-wrong-and-why-did-it-take-so-long-to-fix (Facebook outage: what went wrong and why did it take so long to fix after social platform went down?) — The Guardian. https://www.wsj.com/articles/ransomware-hackers-hospital-first-alleged-death-11633008116 (A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death) — Wall Street Journal....
Oct 06, 2021
245: The Julian Assange assassination plot, and IoT toilets
36:43
While Julian Assange was killing time in the Ecuador's embassy in London, the CIA were trying to dream up ways to kill him, and urine trouble if you put your trust in an IoT lavatory. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by nobody at all. Visit https://www.smashingsecurity.com/245 (https://www.smashingsecurity.com/245) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://news.yahoo.com/kidnapping-assassination-and-a-london-shoot-out-inside-the-ci-as-secret-war-plans-against-wiki-leaks-090057786.html (Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks) — Yahoo News. https://www.theguardian.com/media/2019/apr/11/how-ecuador-lost-patience-with-houseguest-julian-assange (The seven-year itch: Assange's awkward stay in the embassy) — The Guardian. https://www.businessinsider.com/assange-held-meetings-in-ladies-bathroom-paranoia-report-2019-7?r=US&IR=T (Assange Held Legal Meetings in Ladies' Toilet Due to Paranoia: Report) — Business Insider. https://www.independent.co.uk/news/uk/crime/julian-assange-ecuador-embassy-faeces-london-wikileaks-arrest-a8866751.html (Julian Assange smeared faeces on walls of Ecuadorian embassy, interior minister claims) — The Independent. https://www.bbc.co.uk/news/world-latin-america-47907600 (Julian Assange: Why Ecuador ended his stay in London embassy) — BBC News. https://www.bbc.co.uk/news/av/uk-47892641 (Julian Assange dragged from Ecuadorean embassy) — BBC News. https://www.theguardian.com/lifeandstyle/2021/sep/23/the-smart-toilet-era-is-here-are-you-ready-to-share-your-analprint-with-big-tech (The smart toilet era is here! Are you ready to share your analprint with big tech?) — The Guardian. https://www.bbc.co.uk/sounds/play/m00100v9 (Assume Nothing - Hack Attack) — BBC Sounds. https://www.phaidon.com/store/art/the-art-museum-9780714875026/ (The Art Museum ) — Phaidon. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Sep 29, 2021
244: Facebook Ray-Bans, VPN spies, and AI camouflage
51:23
How much do you trust the people who work at your VPN provider? How are folks fighting facial recognition? And what on earth is Ray-Ban thinking getting into bed with Facebook? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/244 (https://www.smashingsecurity.com/244) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.justice.gov/opa/pr/three-former-us-intelligence-community-and-military-personnel-agree-pay-more-168-million (Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government ) — Department of Justice. https://www.darkmatter.ae/ (DarkMatter.) https://www.reuters.com/investigates/special-report/usa-spying-raven/ (Ex-NSA cyberspies reveal how they helped hack foes of UAE) — Reuters. https://www.expressvpn.com/blog/daniel-gericke-expressvpn/ (Daniel Gericke and ExpressVPN – Official Response ) — ExpressVPN. https://www.zdnet.com/article/trust-but-verify-an-in-depth-analysis-of-expressvpns-terrible-horrible-no-good-very-bad-week/ (Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week) — ZDNet. https://techcrunch.com/2021/09/09/facebook-debuts-its-ray-ban-stories-smart-sunglasses/ (Facebook debuts its Ray-Ban Stories smart sunglasses) — TechCrunch. https://techcrunch.com/2021/09/20/facebook-warned-over-very-small-indicator-led-on-smart-glasses-as-eu-dpas-flag-privacy-concerns/ (Facebook warned over ‘very small’ indicator LED on smart glasses, as EU DPAs flag privacy concerns ) — TechCrunch. https://www.youtube.com/watch?v=_uOFWU4o3tw (Mark Zuckerberg introduces Ray-Ban Stories) — YouTube. https://cvdazzle.com/ (Computer Vision Dazzle Camouflage) — CV Dazzle. https://www.vice.com/en/article/k78v9m/researchers-defeated-advanced-facial-recognition-tech-using-makeup (Researchers Defeated Advanced Facial Recognition Tech Using Makeup) — Vice. https://www.youtube.com/watch?v=4PPgujzk7gw (Dodging Attack Using Carefully Crafted Natural Makeup ) — YouTube. https://www.amazon.co.uk/Play-Piano-Little-Ways-Live-dp-1786486423/dp/1786486423/ref=dp_ob_title_bk (How to Play the Piano by James Rhodes) — Amazon UK....
Sep 22, 2021
243: Breaking news, Apple zero-clicks, and bad blood
48:27
A Walmart press release says it's jumping aboard the cryptocurrency bus - but is it true? Theranos's Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Host Unknown's Thom Langford. Visit https://www.smashingsecurity.com/243 (https://www.smashingsecurity.com/243) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Thom Langford. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.attivonetworks.com (Attivo Networks): It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures. Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud - all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker's advantage. Learn more and kick credential attacks to the curb, by visiting attivonetworks.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/technology-58545944 (Fake Walmart news release claimed it would accept cryptocurrency) — BBC News. https://www.reuters.com/business/retail-consumer/walmart-accept-litecoin-payments-2021-09-13/ (Alerts and story on Walmart to accept Litecoin payments withdrawn) — Reuters. https://www.globenewswire.com/news-release/2021/09/13/2295959/0/en/NOTICE-TO-DISREGARD-Walmart-Inc.html (NOTICE TO DISREGARD - Walmart Inc.) — Globe Newswire https://corporate.walmart.com/newsroom/2021/09/13/walmart-statement-in-response-to-fake-litecoin-press-release (Walmart Statement in Response to Fake Litecoin Press Release) — Walmart. https://www.bloomberg.com/news/articles/2021-09-13/litecoin-foundation-screwed-up-lee-says-about-walmart-snafu?srnd=cryptocurrencies (Litecoin Foundation ‘Screwed Up,’ Lee Says of Walmart Snafu) — Bloomberg. https://www.youtube.com/watch?v=c_pFX3_Czn8 (Walmart-Litecoin Pact Hoax Jolts Crypto Market ) — YouTube. https://twitter.com/LTCFoundation/status/1437484869664137221 (Official statement from Litcoin Foundation) — Twitter. https://www.bbc.co.uk/news/business-58540936 (Apple rushes to block 'zero-click' iPhone spyware) — BBC News. https://www.bbc.co.uk/news/technology-57881364 (Pegasus: Spyware sold to governments 'targets activists' ) — BBC News. https://www.smashingsecurity.com/237...
Sep 15, 2021
242: ProtonMail privacy questioned, and Banksy blunder
56:51
ProtonMail finds itself in a privacy pickle, the big problem with Facebook's algorithmic amplification, and strange things are happening on Banksy's website. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/242 (https://www.smashingsecurity.com/242) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.privacy.com/smashing (Privacy.com): https://www.privacy.com/smashing (Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ (ProtonMail logged IP address of French activist after order by Swiss authorities) — TechCrunch. https://protonmail.com/blog/climate-activist-arrest/ (Important clarifications regarding arrest of climate activist) — ProtonMail. https://protonmail.com/law-enforcement (Information for Law Enforcement Authorities) — ProtonMail. https://twitter.com/andyyen/status/1434588316914130949 (Tweet by Andy Yen, founder of ProtonMail.) https://www.motherjones.com/politics/2021/08/why-facebook-wont-stop-pushing-propaganda/ (Why Facebook Won’t Stop Pushing Propaganda ) — Mother Jones. https://www.bbc.co.uk/news/technology-58399338 (Fake Banksy NFT sold through artist's website for £244k ) — BBC News. https://thenextweb.com/news/fake-banksy-nft-exposes-deception-risks-of-buying-digital-collectibles (A fake Banksy sold for $330K is a perfect symbol of a wild NFT market) — The Next Web. https://www.bbc.co.uk/news/technology-58437753 (Banksy was warned about website flaw before NFT hack scam) — BBC News. https://www.youtube.com/watch?v=KAkqy5QntGQ (McCartney 3,2,1 - Trailer ) — YouTube. https://www.bbc.co.uk/programmes/b008q118/episodes/guide (Classic Albums ) — BBC Four. https://www.youtube.com/watch?v=JZpGQU_2OqI (Backyard Coaster POV | Little Thunder) — YouTube. https://www.coaster101.com/2021/08/11/inside-the-most-impressive-backyard-roller-coaster-ive-ever-seen-little-thunder/ (Inside the Most Impressive Backyard Roller Coaster I've Ever Seen: Little...
Sep 08, 2021
241: Flipping dating apps, and crypto rewards for criminals
47:41
How to find your match on the Bumble dating app, convicted criminals make money out of cryptocurrency, and there are concerns about data in Afghanistan. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/241 (https://www.smashingsecurity.com/241) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.1passwordsummerschool.com (1Password): Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team. Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work. Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now. https://www.privacy.com/smashing (Privacy.com): https://www.privacy.com/smashing (Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://robertheaton.com/bumble-vulnerability/ (Vulnerability in Bumble dating app reveals any user's exact location) — Robert Heaton. https://robertheaton.com/2018/07/09/how-tinder-keeps-your-location-a-bit-private/ (How Tinder keeps your exact location (a bit) private) — Robert Heaton. https://theintercept.com/2021/08/17/afghanistan-taliban-military-biometrics/ (The Taliban Have Seized U.S. Military Biometrics Devices) — The Intercept. https://www.nbcnews.com/tech/security/us-built-biometric-system-sparks-concerns-afghans-rcna1829 (A U.S.-built biometric system sparks concerns for Afghans) — NBC News. https://www.technologyreview.com/2021/08/30/1033941/afghanistan-biometric-databases-us-military-40-data-points (This is the real story of the Afghan biometric databases abandoned to the Taliban) — MIT Technology Review. https://www.euronews.com/next/2021/08/25/sweden-must-give-bitcoin-worth-1-3-million-back-to-drug-dealers-after-costly-legal-misstep (Sweden must give Bitcoin worth €1.3 million back to drug dealers after costly legal misstep) — Euronews. https://www.netflix.com/gb/title/80227122 (Miles Davis: Birth of the Cool ) — Netflix. https://www.bbc.co.uk/iplayer/episodes/m0005bky/what-we-do-in-the-shadows (What We Do in the Shadows) — BBC iPlayer. https://www.hulu.com/series/what-we-do-in-the-shadows-0b10c46a-12f0-4357-8a00-547057b49bac (Watch What We Do in the Shadows) — Hulu. http://radio.garden/ (Radio Garden.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Sep 01, 2021
240: 3D printer hijacks, crypto fails, and a tech billionaire’s revenge
51:07
A bug unravels 3D printer security, cryptocurrency sites can't stop getting hacked, and hear our special guest spill a cup of tea while inhabiting his wife's knicker drawer. All this and much much more can be found in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by BBC cybersecurity correspondent Joe Tidy. Visit https://www.smashingsecurity.com/240 (https://www.smashingsecurity.com/240) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Joe Tidy. Sponsored By: https://www.1passwordsummerschool.com (1Password): Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team. Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work. Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now. https://www.attivonetworks.com (Attivo Networks): It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures. Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud - all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker's advantage. Learn more and kick credential attacks to the curb, by visiting attivonetworks.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.forbes.com/sites/thomasbrewster/2018/12/13/we-broke-into-a-bunch-of-android-phones-with-a-3d-printed-head/?sh=4c32c3313307 (We Broke Into A Bunch Of Android Phones With A 3D-Printed Head) — Forbes. https://www.reddit.com/r/3Dprinting/comments/p7jdhi/wake_up_this_morning_and_see_this_on_my_3d/ (Wake up this morning and see this on my 3D printer (I use octoprint and now I’m scared)) — Reddit. https://nakedsecurity.sophos.com/2021/08/23/whats-that-on-my-3d-printer-cloud-bug-lets-anyone-print-to-everyone/ (What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone ) — Naked Security. https://www.thespaghettidetective.com/blog/2021/08/19/what-happened-last-night/ (A detailed analysis of the security incident last night) — The Spaghetti Detective. https://www.bbc.co.uk/news/av/technology-47032600 (The PewDiePie Hackers: Could hacking printers ruin your life?) — BBC News. https://twitter.com/tomrobin/status/1425487745166753794?s=20 (The $600 million Poly Network hacker's Q&A) — Twitter. https://www.bbc.co.uk/news/business-58193396 (Crypto hacker offered reward after $600m heist) — BBC News. https://www.bbc.co.uk/news/business-58277359 (Hackers steal nearly $100m in Japan crypto heist) — BBC News. https://bitcoinist.com/altsbit-crypto-exchange-gets-hacked-almost-all-funds-have-gone/ (Altsbit Crypto Exchange Gets Hacked, 'Almost All Funds' Are Gone) — Bitcoinist. https://www.coindesk.com/japanese-exchange-bitpoint-hacked-by-32-million-worth-in-cryptocurrencies (Bitpoint Exchange Hacked for $32...
Aug 25, 2021
239: TikTok vigilantes, sloppy IoT, and Wikipedia woe
51:57
The Great Londini has gathered a two million strong army to out TikTok trolls, there's a bad supply chain vulnerability in many IoT devices, and how did Wikipedia pages end up covered in Nazi swastikas? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by John Hawes (who has a very controversial Pick of the Week...) Visit https://www.smashingsecurity.com/239 (https://www.smashingsecurity.com/239) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: John Hawes. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://gizmodo.com/thousands-of-wikipedia-pages-vandalized-with-giant-swas-1847494288 (Thousands of Wikipedia Pages Vandalized With Giant Swastikas) — Gizmodo. https://twitter.com/86Jofa/status/1427270014869049348 (Video of Wikipedia defacement) — Twitter. https://sco.wikipedia.org/wiki/Main_Page (Scottish Wikipedia.) https://www.theregister.com/2020/08/26/scots_wikipedia_fake/ (Um, almost the entire Scots Wikipedia was written by someone with no idea of the language – 10,000s of articles ) — The Register. https://en.wikipedia.org/wiki/Wikipedia:Protection_policy (Protection policy) — Wikipedia. https://jewishnews.timesofisrael.com/austrian-soldier-imprisoned-for-showing-photos-of-swastika-tattoo-on-testicle/ (Austrian soldier imprisoned for showing photos of swastika tattoo on testicle) — Jewish News. https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/ (Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain) — IOT Inspector. https://www.cnet.com/tech/mobile/tiktok-adds-more-safety-features-for-teens/ (TikTok adds more safety features for teens ) — CNET. https://www.insider.com/great-londini-tiktoks-masked-vigilante-group-2021-8 (TikTok Vigilante Group the Great Londini Has Made Hunting Down Trolls Its Mission) — Insider. https://www.bbc.co.uk/news/blogs-trending-58195065 (Who is TikTok’s masked vigilante?) — BBC News. https://en.wikipedia.org/wiki/News_Bunny (News Bunny ) — Wikipedia. https://nestflix.fun/ (Nestflix.) https://www.netflix.com/gb/title/80990849 (The Movies That Made Us) — Netflix. https://www.youtube.com/c/theschooloflifetv (The School of Life ) — YouTube. https://www.youtube.com/watch?v=M9i2HAE-ZSw (How Not to be Boring) — YouTube. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers...
Aug 18, 2021
238: Fashion captain, fraud family, and DEF CON. D'oh!
53:31
Pygmy hippopotamus bugs, DEF CON's data slip-up, and phishing fraudsters have their collars felt. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Naked Security's Paul Ducklin. Visit https://www.smashingsecurity.com/238 (https://www.smashingsecurity.com/238) to check out this episode’s show notes and episode links. We're going to be taking a holiday for a couple of weeks, but will be back with a regular show later in August. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Paul Ducklin. Sponsored By: https://www.1passwordsummerschool.com (1Password): Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team. Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work. Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now. https://www.smashingsecurity.com/offsec (Offensive Security): With the skills gap increasing, it’s more important than ever to train your staff effectively and efficiently. Industry-leading Offensive Security provides training for your organization designed by the same minds behind Kali Linux and the OSCP. Visit smashingsecurity.com/offsec to learn more! https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://defcon.org/html/defcon-29/dc-29-faq.html (DEF CON masks and vaccination FAQ.) https://reznok.com/hacking-def-con-29/ (Hacking DEF CON 29 ) — Reznok. https://twitter.com/thedarktangent/status/1417489399659569164 (Tweet by Jeff Moss (Dark Tangent) thanking Reznok.) https://github.com/topotam/PetitPotam (PetitPotam proof-of-concept tool) — GitHub. https://nakedsecurity.sophos.com/2021/07/26/windows-petitpotam-network-attack-how-to-protect-against-it/ (Windows “PetitPotam” network attack – how to protect against it ) — Naked Security. https://www.bitdefender.com/blog/hotforsecurity/fraud-family-cybercrime-ring-under-the-spotlight-as-arrests-made-in-the-netherlands/ (Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands) — Bitdefender. https://en.wikipedia.org/wiki/The_Trigan_Empire (The Trigan Empire) — Wikipedia. https://treasuryofbritishcomics.com/catalogue/science-fiction/RCA-B0058 (The Rise and Fall of The Trigan Empire: Volume 1) — Treasury British Comics Shop. https://www.tangleteezer.com/ (Tangle Teezer) — If you want to be a Fashion Captain, like Duck. https://www.youtube.com/watch?v=650Mt63HIBU (Modern Love trailer) — YouTube. https://en.wikipedia.org/wiki/Modern_Love_(TV_series) (Modern Love (TV series)) — Wikipedia. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Jul 28, 2021
237: NuNa, NuNu, NaNa
01:02:16
Spy software known as Pegasus has been used to carry out surveillance on the smartphones of journalists, activists, and political leaders. Can a "Freedom Phone" be trusted? And a ransomware-hit law firm demonstrates how not to keep its customers informed. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Thom Langford. Visit https://www.smashingsecurity.com/237 (https://www.smashingsecurity.com/237) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Thom Langford. Sponsored By: https://knowbe4.com/freetest (KnowBe4): Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetest https://www.smashingsecurity.com/offsec (Offensive Security): With the skills gap increasing, it’s more important than ever to train your staff effectively and efficiently. Industry-leading Offensive Security provides training for your organization designed by the same minds behind Kali Linux and the OSCP. Visit smashingsecurity.com/offsec to learn more! https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.theguardian.com/news/series/pegasus-project (The Pegasus project ) — The Guardian. https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus (Revealed: leak uncovers global abuse of cyber-surveillance weapon) — The Guardian. https://www.theguardian.com/news/2021/jul/19/nso-clients-spying-disclosures-prompt-political-rows-across-world (Pegasus: NSO clients spying disclosures prompt political rows across world) — The Guardian. https://www.bbc.co.uk/news/technology-57881364 (Pegasus: Spyware sold to governments 'targets activists' ) — BBC News. https://www.theguardian.com/news/2021/jul/18/revealed-murdered-journalist-number-selected-mexico-nso-client-cecilio-pineda-birto (Revealed: murdered journalist’s number selected by Mexican NSO client ) — The Guardian. https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ (Forensic Methodology Report: How to catch NSO Group’s Pegasus ) — Amnesty International. https://github.com/mvt-project/mvt (Mobile Verification Toolkit (MVT)) — Forensic tool to look for signs of...
Jul 21, 2021
236: Stingrays, soccer, and smart homes
01:00:36
How did investigators ask a romance scammer out on a date, smart homes continue to play dumb, and is it time for social media sites to do more about racist football fans? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by BBC technology reporter Zoe Kleinman. Visit https://www.smashingsecurity.com/236 (https://www.smashingsecurity.com/236) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Zoe Kleinman. Sponsored By: https://www.smashingsecurity.com/offsec (Offensive Security): With the skills gap increasing, it’s more important than ever to train your staff effectively and efficiently. Industry-leading Offensive Security provides training for your organization designed by the same minds behind Kali Linux and the OSCP. Visit smashingsecurity.com/offsec to learn more! https://www.privacy.com/smashing (Privacy.com): https://www.privacy.com/smashing (Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.) https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.forbes.com/sites/thomasbrewster/2021/07/06/secret-service-texts-a-suspect-before-hunting-him-down-with-surveillance/?sh=1e6b965fc88f (How Does The Secret Service Track Fugitives? One Romance Scammer Hunt Started With A Simple Text) — Forbes. https://arstechnica.com/tech-policy/2016/10/stingrays-in-use-across-england-by-police/ (Stingrays bought, quietly used by police forces across England ) — Ars Technica. https://www.bbc.co.uk/news/technology-57803940 (Euro 2020: Why abuse remains rife on social media) — BBC News. https://www.youtube.com/watch?v=cfgN5tUgjb8 (Clapper commercial) — YouTube. https://www.vice.com/en/article/z3xqdw/samsung-washing-machine-app-requires-access-to-your-contacts-and-location (Samsung Washing Machine App Requires Access to Your Contacts and Location) — Vice. https://www.propertyreporter.co.uk/property/why-first-time-buyers-should-buy-into-smart-home-tech-for-their-first-move.html (Why first-time buyers should buy into smart home tech for their first move) — Property Reporter. https://twitter.com/gcluley/status/1414536284501118976 (Graham Cluley with his Columbo mug) — Twitter. https://columbophile.com/ (The Columbophile fan site.)...
Jul 14, 2021
235: REvil returns, TikTok grows, and Gettr defaced
59:10
A ransomware gang has exploited a security hole in software used by many businesses, and are demanding $70 million for a decryption tool. Plus we take a close look at TikTok, and a website which seems to have entirely ripped-off Twitter. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by technology journalist and author Chris Stokel-Walker. Visit https://www.smashingsecurity.com/235 (https://www.smashingsecurity.com/235) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Chris Stokel-Walker. Sponsored By: https://www.privacy.com/smashing (Privacy.com): https://www.privacy.com/smashing (Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.) https://www.1password.com/resources (1Password): Did you know that almost two thirds of all IT workers admit to reusing enterprise secrets between different projects, creating a potential gateway for attackers? 1Password’s new research report, "Hiding in Plain Sight", reveals the breadth and depth of mismanaged business secrets like code, passwords, credentials, and keys, and that secrets (mis)management is the next big cybersecurity threat. Learn more by reading the full report at 1password.com/resources https://knowbe4.com/freetest (KnowBe4): Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetest https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/revil-ransomware-rampages-following-kaseya-supply-chain-attack/ (REvil ransomware rampages following Kaseya supply-chain attack) — Graham Cluley. https://www.bbc.co.uk/news/technology-57707530 (Swedish Coop supermarkets shut due to US ransomware cyber-attack ) — BBC News. https://www.youtube.com/watch?v=XfAyutRfy2A (Kaseya CEO Fred Voccola Addresses Cyberattack and Next Steps for VSA Customers) — YouTube. https://www.globenewswire.com/news-release/2021/07/06/2257884/0/en/Kaseya-Responds-Swiftly-to-Sophisticated-Cyberattack-Mitigating-Global-Disruption-to-Customers.html (Kaseya Responds Swiftly to Sophisticated Cyberattack,) — Press release. https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/ (Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO says ) — Reuters. https://www.businessinsider.com/bytedances-new-byteplus-division-selling-tiktoks-underlying-tech-2021-4?r=US&IR=T (TikTok's Underlying Tech Is About to Go on Sale) — Business Insider. https://www.businessinsider.com/tiktok-sends-user-data-to-china-year-of-research-2021-3?r=US&IR=T (This Is How TikTok Sends User Data to China) — Business Insider. https://www.cnbc.com/2021/06/25/tiktok-insiders-say-chinese-parent-bytedance-in-control.html...
Jul 07, 2021
234: Cozy Bear, dildo scams, and robo hires and fires
56:26
Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from "Amazon"... And you will NOT want to miss checking out a very special "Pick of the week"! All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by David Bisson. Visit https://www.smashingsecurity.com/234 (https://www.smashingsecurity.com/234) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: David Bisson. Sponsored By: https://www.1password.com/resources (1Password): Did you know that almost two thirds of all IT workers admit to reusing enterprise secrets between different projects, creating a potential gateway for attackers? 1Password’s new research report, "Hiding in Plain Sight", reveals the breadth and depth of mismanaged business secrets like code, passwords, credentials, and keys, and that secrets (mis)management is the next big cybersecurity threat. Learn more by reading the full report at 1password.com/resources https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://en.wikipedia.org/wiki/Cozy_Bear (Cozy Bear ) — Wikipedia. https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ (Bears in the Midst: Intrusion Into the Democratic National Committee) — Crowdstrike. https://news.sky.com/story/coronavirus-russian-cyber-spies-attempting-to-steal-vaccine-research-from-britain-us-and-canada-12029697 (Coronavirus: Russian cyber spies attempting to steal vaccine research from Britain, US and Canada ) — Sky News. https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/ (New Nobelium activity) — Microsoft Security Response Center. https://www.smashingsecurity.com/214 (Smashing Security episode 214: "Lockdown love scams, SolarWinds, and a data deletion bungle.") https://twitter.com/SmashinSecurity/status/1410254237855014912 (Screenshot of email David received from "Amazon") https://www.forbes.com/sites/susannahbreslin/2017/10/31/most-expensive-sex-toys/?sh=7129f57a6131 (This $1.3 Million Vibrator Is One Of The World's Most Expensive Sex Toys) — Forbes. https://flex.amazon.co.uk/ (Amazon Flex.) https://www.bbc.co.uk/news/technology-56515827 (AI at work: Staff 'hired and fired by algorithm') — BBC News. https://www.bloomberg.com/news/features/2021-06-28/fired-by-bot-amazon-turns-to-machine-managers-and-workers-are-losing-out (Fired by Bot: Amazon Turns to Machine Managers And Workers Are Losing Out ) — Bloomberg. https://www.reddit.com/r/AmazonFlexDrivers/comments/jmrmcn/i_read_all_the_horror_stories_about_being/ (Horror stories from Amazon Flex workers) — Reddit. https://carole.wtf/ (Art'n'Doodles from Carole Theriault) — Carole.wtf https://www.porterrobinson.com/ (⎌ Nurture ⎌) — Porter Robinson. https://theconversation.com/how-john-berger-changed-our-way-of-seeing-art-70831 (How John Berger changed our way of seeing art) — The Conversation. https://www.youtube.com/watch?v=0pDE4VX_9Kk (Ways of Seeing Episode 1, with John Berger) — YouTube. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and...
Jun 30, 2021
233: Peloton problems, romance regret, and Weiner woes
01:22:43
We take a look at why Peloton is being accused of ransomware-like behaviour, how one man lost $250,000 in a romance scam, and how a chap called Weiner has found himself in a political pickle. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Host Unknown's Andrew Agnês. Plus we have a featured interview with KnowBe4 expert Roger Grimes. Don't miss it! Visit https://www.smashingsecurity.com/233 (https://www.smashingsecurity.com/233) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Andrew Agnês and Roger A Grimes. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.smashingsecurity.com/jumpcloud (JumpCloud): JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass. With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy. Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model. https://knowbe4.com/freetest (KnowBe4): Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetest https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.cpsc.gov/Newsroom/News-Releases/2021/CPSC-Warns-Consumers-Stop-Using-the-Peloton-Tread+ (CPSC Warns Consumers: Stop Using the Peloton Tread+) — CPSC https://www.youtube.com/watch?v=onXNnlCYJ4Y (Peloton Tread+ Treadmill Safety Incident ) — YouTube. https://www.cpsc.gov/Recalls/2021/peloton-recalls-tread-plus-treadmills-after-one-child-died-and-more-than-70-incidents (Peloton Recalls Tread+ Treadmills After One Child Died and More than 70 Incidents Reported ) — CPSC. https://www.cpsc.gov/Recalls/2021/peloton-recalls-tread-treadmills-due-to-risk-of-injury (Peloton Recalls Tread Treadmills Due to Risk of Injury) — CPSC. https://support.onepeloton.com/hc/en-us/articles/360060884531-Tread-Lock (Tread Lock ) — Peloton support. https://www.bleepingcomputer.com/news/technology/peloton-tread-owners-now-forced-into-monthly-subscription-after-recall/ (Peloton Tread owners now forced into monthly subscription after recall) — Bleeping Computer....
Jun 23, 2021
232: Zoomolympics and language matters
50:40
Video gaming giant Electronic Arts suffers a hack following slack security, the Japanese Olympics are proving unpopular with everyone apart from cybercriminals, and le coq est mort. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/232 (https://www.smashingsecurity.com/232) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.deep-secure.com/smashingsecurity (Deep Secure): Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus. Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable. Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today. https://www.smashingsecurity.com/jumpcloud (JumpCloud): JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass. With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy. Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://github.com/coq (Coq on GitHub.) https://github.com/coq/coq/wiki/Alternative-names (Alternative names for Coq.) https://www.theregister.com/2021/06/15/coq_programming_language_change/ (Realizing this is getting out of hand, Coq mulls new name for programming language) — The Register. https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white (Terminology: it's not black and white ) — NCSC. https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code (Hackers Steal Wealth of Data from Game Giant EA) — Vice. https://coronavirus.jhu.edu/region/japan (Japan - COVID-19 Overview ) — Johns Hopkins. https://www.irishmirror.ie/sport/other-sport/athletics/olympics-2021-tokyo-games-start-24317885 (Olympics 2021: When Tokyo Games start and what restrictions will be in place ) — Irish Mirror....
Jun 16, 2021
231: Sexy snaps and encrypted chat traps
01:08:46
Criminals are caught in a encrypted chat trap, should you trust Apple's repair team with your sexy snaps, and do you think the FBI should be able to tell who has been reading the USA Today website? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. And don't miss our featured interview with Dr Simon Wiseman, the CTO of Deep Secure. Visit https://www.smashingsecurity.com/231 (https://www.smashingsecurity.com/231) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Dave Bittner and Simon Wiseman. Sponsored By: https://knowbe4.com/freetest (KnowBe4): Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetest https://www.deep-secure.com/smashingsecurity (Deep Secure): Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus. Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable. Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today. https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.afp.gov.au/news-media/media-releases/afp-led-operation-ironside-smashes-organised-crime (AFP-led Operation Ironside smashes organised crime) — Australian Federal Police. https://www.bbc.co.uk/news/world-57394831 (AN0M: Hundreds arrested in massive global crime sting using messaging app ) — BBC News. https://www.dailymail.co.uk/news/article-9663125/Fake-encrypted-app-cooked-beers-Aussie-cops-FBI-leads-global-sting.html (Fake encrypted app cooked up over beers by Aussie cops and the FBI leads to global sting) — Daily Mail. https://gizmodo.com/fbi-effort-to-expose-usa-today-readers-was-likely-unlaw-1847047816 (FBI Effort to Expose 'USA Today' Readers Was Likely Unlawful, Experts Say) — Gizmodo. https://eu.usatoday.com/story/news/nation/2021/02/02/sunrise-florida-shooting-fbi-agents-injured/4352344001/ (Sunrise, Florida,...
Jun 09, 2021
230: Flash card f-up and energy pipe pilfering
41:19
The US military has been caught exposing its nuclear weapons secrets, and we explore the world of nerdy miners. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by "Lola." Visit https://www.smashingsecurity.com/230 (https://www.smashingsecurity.com/230) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.1password.com (1Password): Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are. 1Password makes the secure thing to do the easiest thing to do. Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password free for 14 days at 1Password.com https://www.smashingsecurity.com/jumpcloud (JumpCloud): JumpCloud’s Directory Platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass. With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy. Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model. https://www.deep-secure.com/smashingsecurity (Deep Secure): Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus. Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable. Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://en.wikipedia.org/wiki/WarGames (WarGames (1983 movie starring Matthew Broderick)) — Wikipedia. https://www.cram.com/ (Cram: Create and Share Online Flashcards.) https://www.chegg.com/flashcards (Chegg flashcards.) https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/ (US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps) — Bellingcat. https://www.birminghammail.co.uk/black-country/three-nerds-said-behind-massive-20703503 ('Three nerds' linked to massive Bitcoin mine found in Sandwell warehouse) — Birmingham Mail. https://www.bbc.co.uk/news/uk-england-birmingham-57280115 (Sandwell Bitcoin mine found stealing electricity) — BBC News. https://www.nytimes.com/2021/05/23/style/berglas-effect-card-trick.html (The Berglas Effect: Magic's Best Card Trick ) — The New York Times. https://www.youtube.com/watch?v=mkcZhyWwTg0 (David Berglas and the Legendary Berglas Effect ) — YouTube....
Jun 02, 2021
229: Dating leaks, right to repair, and a stinky bishop
01:11:15
A big cheese ends up in jail, a Japanese dating site spills the dirt after a hack, and we learn all about the right to repair. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Paul Roberts from The Security Ledger. Plus don't miss our featured interview with Javvad Malik from KnowBe4. Visit https://www.smashingsecurity.com/229 (https://www.smashingsecurity.com/229) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Javvad Malik and Paul F Roberts. Sponsored By: https://knowbe4.com/freetest (KnowBe4): Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetest https://www.smashingsecurity.com/oneloginiamokay (OneLogin): According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic. As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies. OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokay https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.techtimes.com/articles/98684/20151023/cheese-is-addictive-as-drug-dairy-product-triggers-brain-region-linked-to-addiction.htm (Cheese Is Addictive As Drug: Dairy Product Triggers Brain Region Linked To Addiction) — Tech Times. https://www.vice.com/en/article/3aza95/how-police-took-over-encrochat-hacked (How Police Secretly Took Over a Global Phone Network for Organized Crime) — Motherboard. https://www.merseyside.police.uk/news/merseyside/news/2021/may/liverpool-man-latest-to-be-jailed-as-part-of-national-operation-venetic/ (Liverpool man latest to be jailed as part of national Operation Venetic) — Merseyside Police. https://www.theregister.com/2021/05/25/cheese_fingerprint_prison/ (Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall ) — The Register. https://www.forbes.com/sites/paulfroberts/2020/07/31/automakers-hype-hacking-threat-to-sink-pro-repair-measure/?sh=548f23df4500 (Automakers Hype Hacking Threat To Sink Pro-Repair Measure) — Forbes. https://fighttorepair.substack.com/p/ftc-report-slams-oem-restrictions (FTC Report Slams OEM Restrictions on Repair) — Fight to Repair. https://securepairs.org/ (securepairs.org – IT pros fight for a fixable future.) https://www.net-marketing.co.jp/news/5873/ (Apology for dating breach (Japanese).) https://www.bbc.com/worklife/article/20201116-how-the-pandemic-has-changed-our-romantic-relationships...
May 26, 2021
228: Pipeline pickle, Blockchain bollocks, and Eufy SNAFU - with Rory Cellan-Jones
01:12:23
The Colonial Pipeline attack has shone light on the activities of the Darkside ransomware gang, we take a skeptical look at cryptocurrencies and the blockchain, and Eufy security cameras suffer an embarrassing security failure. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by BBC technology correspondent Rory Cellan-Jones. Plus don't miss our featured interview with Vanessa Pegueros of OneLogin. Visit https://www.smashingsecurity.com/228 (https://www.smashingsecurity.com/228) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Rory Cellan-Jones and Vanessa Pegueros. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://skiff.org/smashing (Skiff): We store more personal information on our devices than we do in our homes. Where do you go online when you want to write or share something privately? Skiff is the first collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators - no one else, not even Skiff - can see what you've created. Skiff is offering listeners of Smashing Security early access. Sign up now: skiff.org/smashing https://www.smashingsecurity.com/oneloginiamokay (OneLogin): According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic. As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies. OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokay https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/major-us-oil-pipeline-shut-down-after-ransomware-attack/ (Major US oil pipeline shut down after ransomware attack) — Graham Cluley. https://www.bbc.co.uk/news/business-56888611 (Abrdn: Standard Life Aberdeen vowel-less rebrand mocked ) — BBC News. https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/ (DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized ) — Brian Krebs. https://edition.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html (Colonial Pipeline did pay ransom to hackers, sources now say ) — CNN. https://zetter.substack.com/p/darkside-retreats-to-the-dark (Darkside Retreats to the Dark ) — Kim Zetter on Substack. https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims (Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims) — Elliptic. https://www.bloomsbury.com/uk/always-on-9781472981196/ ("Always On: Hope and Fear in the Social Smartphone Era" by Rory Cellan-Jones)...
May 19, 2021
227: Phishing foul-up, Twitter tip jars, and Facebook's Apple fury
49:09
Facebook says it's sticking up for the little guys as it picks a fight with Apple, there are testing times on the trains, and Twitter takes a tip. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Ray [REDACTED]. Visit https://www.smashingsecurity.com/227 (https://www.smashingsecurity.com/227) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ray [REDACTED]. Sponsored By: https://1password.com (1Password): Introduce your family to better online security and safer browsing habits with 1Password. Share more than passwords — save logins, documents, credit cards, and more, accessible on all your devices. Sharing is made simple. Keep personal logins private, and easily share access to what they need. Recover 1Password access for family members so they never get locked out. Find out more and try 1Password free for 14 days at 1Password.com https://www.smashingsecurity.com/oneloginiamokay (OneLogin): According to the OneLogin IAMokay Mental Health Survey, more than 77% of technology leaders have said that their work-related stress increased due to the COVID-19 pandemic. As a result, CISOs and IT executives have been under ever-increasing pressure - leading to deteriorating mental health, addiction issues, and even suicidal thoughts and tendencies. OneLogin's message? You're not alone. Attend their live event on Weds May 26, "Keeping the Mind Clear and the Company Secure" at smashingsecurity.com/oneloginiamokay https://skiff.org/smashing (Skiff): We store more personal information on our devices than we do in our homes. Where do you go online when you want to write or share something privately? Skiff is the first collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators - no one else, not even Skiff - can see what you've created. Skiff is offering listeners of Smashing Security early access. Sign up now: skiff.org/smashing https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.theguardian.com/uk-news/2021/may/10/train-firms-worker-bonus-email-is-actually-cyber-security-test (Train firm’s ‘worker bonus’ email is actually cybersecurity test) — The Guardian. https://www.tssa.org.uk/en/whats-new/news/index.cfm/anger-over-shocking-covid-bonus-stunt-at-west-midlands-trains (Anger Over Shocking Covid Bonus Stunt At West Midlands Trains) — TSSA. https://portswigger.net/daily-swig/researcher-calls-out-privacy-flaw-in-twitters-new-tip-jar-donation-feature (Researcher calls out privacy flaw in Twitter’s new ‘Tip Jar’ donation feature) — The Daily Swig. https://www.wired.com/story/twitter-tip-jar-privacy-fiasco-entirely-avoidable/ (Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable) — Wired. https://www.nytimes.com/wirecutter/blog/how-iphone-apps-track-you/ (We Checked 250 iPhone Apps—This Is How They’re Tracking You ) — Wirecutter. https://arstechnica.com/gadgets/2021/05/96-of-us-users-opt-out-of-app-tracking-in-ios-14-5-analytics-find/ (96% of US users opt out of app tracking in iOS 14.5, analytics find) — Ars Technica....
May 12, 2021
226: Cryptocrazies and NFTs
50:57
How did the SCAM cryptocurrency become a success? Why is Google allowing government rip-off ads to still appear on search results? And why on earth is everyone suddenly spending millions of dollars on NFTs? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by David McClelland. Visit https://www.smashingsecurity.com/226 (https://www.smashingsecurity.com/226) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: David McClelland. Sponsored By: https://skiff.org/smashing (Skiff): We store more personal information on our devices than we do in our homes. Where do you go online when you want to write or share something privately? Skiff is the first collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators - no one else, not even Skiff - can see what you've created. Skiff is offering listeners of Smashing Security early access. Sign up now: skiff.org/smashing https://knowbe4.com/freetest (KnowBe4): Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are at risk with KnowBe4's free phishing security test. Plus, see how you stack up against your peers with the new phishing industry benchmarks. Find out more at knowbe4.com/freetest https://1password.com (1Password): Introduce your family to better online security and safer browsing habits with 1Password. Share more than passwords — save logins, documents, credit cards, and more, accessible on all your devices. Sharing is made simple. Keep personal logins private, and easily share access to what they need. Recover 1Password access for family members so they never get locked out. Find out more and try 1Password free for 14 days at 1Password.com https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.tiktok.com/@dreesuschrist? (Andre Lewis (@dreesuschrist) ) — TikTok. https://www.vice.com/en/article/m7eeq8/this-tiktokers-scam-cryptocurrency-took-off-and-he-cant-believe-it (This TikToker’s ‘SCAM’ Cryptocurrency Took Off and He Can’t Believe It) — Motherboard. https://scamily.io/ (Simple. Cool. Automatic. Money) — Scamily.io. https://www.bbc.co.uk/news/technology-56886957 (Why can't Google get a grip on rip-off ads?) — BBC News. https://support.google.com/adspolicy/answer/9736337 (New Government Services Policy) — Google Advertising Policies. https://www.collinsdictionary.com/dictionary/english/fungible (Fungible definition and meaning ) — Collins English Dictionary. https://www.theverge.com/22310188/nft-explainer-what-is-blockchain-crypto-art-faq (NFTs, explained: what they are, and why they’re suddenly worth millions ) — The Verge. https://www.nytimes.com/2021/03/26/technology/nft-sale.html (Why Did Someone Pay $560,000 for a Picture of My Column?) — The New York Times. https://www.theverge.com/2021/3/5/22316320/jack-dorsey-original-tweet-nft-cent-valuables (Jack Dorsey is trying to sell his first tweet as an NFT) — The Verge. https://www.larvalabs.com/cryptopunks (CryptoPunks) — Larva Labs....
May 05, 2021
225: Master of your domain, gripe sites, and John Deere Farmergeddon
56:37
Google loses its domain in Argentina, how do gripe sites make their dough, and has John Deere solved the cybersecurity problem? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/225 (https://www.smashingsecurity.com/225) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://1password.com/secrets/ (1Password): The 1Password you know and love, now for all your company secrets 1Password protects secrets like logins and credit cards. Secrets Automation protects secrets in your company infrastructure – like API tokens, application keys, and private certificates – and supplies them when and where they’re needed. Visit 1password.com/secrets/ to learn more. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=O-BmtYFXrhI (Smashing Security Christmas LIVE STREAM) — Including Mark Stockley and his chickens. https://traced.app/2021/04/13/whatsapp-status-loophole-is-aiding-cyberstalkers/ (How a WhatsApp status loophole is aiding cyberstalkers) — Traced. https://www.bbc.com/news/technology-56870270 (Google Argentina's domain name bought by man for £2) — BBC News. https://www.firstpost.com/tech/news-analysis/hacker-breaks-into-google-palestine-homepage-in-protest-of-maps-depiction-3635087.html (Hacker breaks into Google Palestine homepage in protest of Maps depiction) — Firstpost. https://security.googleblog.com/2016/01/google-security-rewards-2015-year-in.html (Google Security Rewards - 2015 Year in Review) — Google Online Security Blog. https://www.theregister.com/2003/11/06/microsoft_forgets_to_renew_hotmail/ (Microsoft forgets to renew hotmail.co.uk domain) — The Register. https://www.forbes.com/sites/paulfroberts/2021/04/14/184-years-in-ag-giant-john-deere-awaits-its-first-software-vulnerability/?sh=39c998505108 (184 Years In: Ag Giant John Deere Awaits Its First Software Vulnerability) — Forbes. https://www.vice.com/en/article/4avy8j/bugs-allowed-hackers-to-dox-all-john-deere-owners (Bugs Allowed Hackers to Dox John Deere Tractor Owners) — Vice. https://www.youtube.com/watch?v=A0zxE0SUG1c (The Wurzels sing "Combine Harvester") — YouTube. https://www.nytimes.com/interactive/2021/04/24/technology/online-slander-websites.html (The Slander Industry) — The New York Times. https://www.nytimes.com/2021/01/30/technology/change-my-google-results.html (A Vast Web of Vengeance) — The New York Times. https://support.google.com/websearch/answer/9172218 (Remove content about me on sites with exploitative removal practices from Google) — Google Search Help. https://www.micromacro-game.com/en/democase.html (Online demo of MicroMacro - Crime City.) https://www.micromacro-game.com/en/index.html (MicroMacro - Crime City.) https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/ (They Hacked McDonald’s Ice Cream Machines—and Started a Cold War ) — Wired. https://mcbroken.com/ (Mcbroken.) https://overheardinnewyork.com/ (Overheard In New York.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts,...
Apr 28, 2021
224: The Lazarus Heist, Facebook faux pas, and no-cost security
01:05:58
Facebook has managed to do the seemingly impossible - and had a data breach about its handling of a data breach. Meanwhile, we chat to the host of the brand new podcast about North Korea's hackers targeting the rest of the world, and discuss if an intern can be trusted to monitor your security. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Geoff White of "The Lazarus Heist" podcast. Plus! Don't miss our featured interview with Duo's Helen Patton. Visit https://www.smashingsecurity.com/224 (https://www.smashingsecurity.com/224) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Geoff White and Helen Patton. Sponsored By: https://1password.com/secrets/ (1Password): The 1Password you know and love, now for all your company secrets 1Password protects secrets like logins and credit cards. Secrets Automation protects secrets in your company infrastructure – like API tokens, application keys, and private certificates – and supplies them when and where they’re needed. Visit 1password.com/secrets/ to learn more. https://duo.com (Duo): While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications - so you can stay focused on what you do best. Proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/facebook-isnt-sorry-for-letting-someone-steal-personal-details-of-half-a-billion-users/ (Facebook isn’t sorry for letting someone steal personal details of half a billion users) — Graham Cluley. https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T (Stolen Data of 533 Million Facebook Users Leaked Online) — Business Insider. https://datanews.knack.be/ict/nieuws/interne-mail-toont-hoe-facebook-veiligheidsproblemen-wil-normaliseren/article-news-1724927.html (Interne mail toont hoe Facebook veiligheidsproblemen wil 'normaliseren' ) — Data News. https://grahamcluley.com/facebook-suffers-a-data-breach-about-how-its-hoping-to-stop-the-media-talking-about-its-last-data-breach/ (Facebook suffers a data breach about how it’s hoping to stop the media talking about its last data breach) — Graham Cluley. https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads (The Lazarus Heist podcast) — BBC World Service. https://www.infosecurity-magazine.com/news/local-government-targeted/ (Local Government Organizations Most Frequently Targeted by Ransomware) — Infosecurity Magazine. https://ckfm.ca/2021/04/16/7598/ (Update On Ransomware Attack Against Town Of Didsbury) — CKFM. https://www.dummies.com/careers/find-a-job/entry-level-information-security-positions/ (Entry-Level...
Apr 21, 2021
223: Booze, nudes, and insurance dudes
51:35
Should insurance companies be banned from helping companies pay ransomware demands? How has malware messed with motorcars in the United States? And how are cybercriminals exploiting alcohol drinking during the pandemic? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/223 (https://www.smashingsecurity.com/223) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://duo.com (Duo): While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications - so you can stay focused on what you do best. Proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.iiss.org/blogs/survival-blog/2021/04/lessons-of-the-solarwinds-hack (Lessons of the SolarWinds hack) — Article by Marcus Willett, IISS. https://www.bbc.co.uk/news/technology-55811165 (Insurers defend covering ransomware payments) — BBC News. https://grahamcluley.com/cyber-insurance-giant-cna-hit-by-ransomware-attack/ (Cyber insurance giant CNA hit by ransomware attack ) — Graham Cluley. https://grahamcluley.com/fatface-pays-out-2-million-to-conti-ransomware-gang/ (FatFace pays out $2 million to Conti ransomware gang) — Graham Cluley. https://www.theregister.com/2021/04/09/ban_cyber_insurance_payouts/ (How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director) — The Register. https://www.thedrive.com/news/40099/cyber-attack-forces-vehicle-emissions-testing-company-to-halt-operations-in-8-states (Cyber Attack Forces Vehicle Emissions Testing Company to Halt Operations in 8 States) — The Drive. https://www.bleepingcomputer.com/news/security/malware-attack-is-preventing-car-inspections-in-eight-us-states/ (Malware attack is preventing car inspections in eight US states) — Bleeping Computer. https://www.applustech.com/servicerestoration (Service Restoration Status Update) — Applus Tech. https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2770975 (Changes in Adult Alcohol Use and Consequences During the COVID-19 Pandemic in the US) — JAMA Network. https://nielseniq.com/global/en/insights/2020/rebalancing-the-covid-19-effect-on-alcohol-sales/ (Rebalancing the ‘COVID-19 effect’ on alcohol sales ) — NielsenIQ....
Apr 14, 2021
222: Facebook, deepfakes, and April Fools scandals - with Nina Schick
55:16
Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook's latest data fiasco, and some less-than-brilliant April Fool's tricks. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/222 (https://www.smashingsecurity.com/222) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Nina Schick. Sponsored By: https://duo.com (Duo): While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications - so you can stay focused on what you do best. Proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial. https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T (Stolen Data of 533 Million Facebook Users Leaked Online) — Business Insider. https://twitter.com/Daviey/status/1378646544719753216 (Mark Zuckerberg is on Signal) — Dave Walker on Twitter. https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/ (The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned) — Troy Hunt. https://grahamcluley.com/facebook-isnt-sorry-for-letting-someone-steal-personal-details-of-half-a-billion-users/ (Facebook isn’t sorry for letting someone steal personal details of half a billion users) — Graham Cluley. https://www.smashingsecurity.com/75 (Smashing Security episode 75: Quitting Facebook.) https://ninaschick.org/deepfakes/ (Deep Fakes - the coming infocalypse.) — Nina Schick. https://thispersondoesnotexist.com/ (This Person Does Not Exist.) https://www.cnbc.com/2018/12/07/deepfake-ai-trump-impersonator-highlights-election-fake-news-threat.html ('Deepfake' AI Trump impersonator highlights election fake news threat) — CNBC. https://www.newsweek.com/google-april-fools-2018-2019-prank-cancelled-covid-1580355 (Past Google April Fools Pranks As It Cancels 2021's Over COVID) — Newsweek. https://twitter.com/piersmorgan/status/1377544366248591360 ("Joke" tweet by Piers Morgan) — Twitter. https://www.aljazeera.com/economy/2021/3/31/bb-thejokeis-on-volkswagen-after-april-fools-name-change-debacle (The joke is on Volkswagen after April Fool’s name change debacle) — Al Jazeera. https://www.bbc.co.uk/news/world-europe-56617049 (Deliveroo April Fool's joke backfires in France) — BBC News. https://www.bbc.co.uk/archive/console_generations/zvcjkty (The 8 Generations of...
Apr 07, 2021
221: God bless his hairy palms
49:19
FatFace stumps up $2 million to its ransomware extortionists, an IT administrator is caught with his pants down, Mobikwik blames its users for a data breach, and we burgle a house... virtually. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Host Unknown's Thom Langford. Visit https://www.smashingsecurity.com/221 (https://www.smashingsecurity.com/221) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Thom Langford. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/fatface-would-like-everyone-to-keep-its-data-breach-strictly-private-and-confidential/ (FatFace would like everyone to keep its data breach “strictly private and confidential” ) — Graham Cluley. https://www.computerweekly.com/news/252498463/Retailer-FatFace-pays-2m-ransom-to-Conti-cyber-criminals (Retailer FatFace pays $2m ransom to Conti cyber criminals) — Computer Weekly. https://en.wikipedia.org/wiki/Streisand_effect (Streisand effect ) — Wikipedia. https://www.bbc.co.uk/news/technology-56570862 ('We have your porn collection': The rise of extortionware) — BBC News. https://economictimes.indiatimes.com/tech/startups/mobikwik-data-breach-personal-data-of-over-10-crore-users-allegedly-available-on-sale/articleshow/81756544.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst (Mobikwik Data Breach: Data of 10 crore Mobikwik users for sale on dark web, say cybersecurity experts) — The Economic Times. https://www.indiatoday.in/technology/news/story/mobikwik-data-breach-said-to-be-largest-kyc-leak-personal-data-of-3-5-million-users-up-for-sale-on-dark-web-1784957-2021-03-30 (Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web) — India Today. https://www.youtube.com/channel/UCJquYOG5EL82sKTfH9aMA9Q (Rick Beato) — YouTube. https://www.youtube.com/watch?v=X33YyowZZxQ (What Makes This Song Great? Ep.94 Gordon Lightfoot) — YouTube. https://www.youtube.com/watch?v=z5JjH2OOoNY (Adriano Celentano - Prisencolinensinainciusol ) — YouTube. https://ember.com/ (Ember: The World’s First Temperature Control Mug.) https://www.seriouseats.com/2013/10/sous-vide-101-all-about-eggs.html (Slow-cooked guide to Sous Vide Eggs) — Serious Eats. https://www.youtube.com/channel/UCYEIfebZwFvjGbi2ybsJF9A/playlists (Art History 101) — YouTube. https://twitter.com/arthist_101 (Chris Luedke, art historian) — Twitter. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Mar 31, 2021
220: Ransoms, scandals, and glitter bombs
47:39
PC manufacturer Acer might have received a $50 million ransom demand, a warning spreads on Facebook about a trick being used by hackers, and why are the City of London's police not happy about Sci Hub? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Alex Eckelberry. Visit https://www.smashingsecurity.com/220 (https://www.smashingsecurity.com/220) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Alex Eckelberry. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.smashingsecurity.com/sailpoint (Sailpoint): SailPoint Identity Security can help you enable your business and manage the cyber risk associated with the explosion of technology access in the cloud enterprise – ensuring each worker has the right access to do their job – no more, no less. Gain unmatched visibility and intelligence while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://factcheck.afp.com/hackers-cannot-post-facebook-comments-your-behalf-without-you-seeing-it (Hackers cannot post Facebook comments on your behalf without you seeing it ) — AFP Fact Check. https://www.snopes.com/fact-check/facebook-hack-hurt-offend/ (Does a Facebook Hack 'Hurt and Offend' Friends?) — Snopes. https://gmail.googleblog.com/2008/10/new-in-labs-stop-sending-mail-you-later.html (Stop sending mail you later regret) — Gmail blog. https://techcrunch.com/2008/10/07/april-fools-check-did-google-really-release-mail-goggles/ (April Fools Check: Did Google Really Release Mail Goggles?) — TechCrunch. https://twitter.com/SmashinSecurity/status/1374872662334394369 (When was blinking invented?) https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/ (Computer giant Acer hit by $50 million ransomware attack) — Bleeping Computer. https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/ (Ransomware gang says it targets firms who have cyber insurance. And what’s more, it will hack insurance firms to identify them…) — Graham Cluley. https://www.theguardian.com/science/2017/jun/27/profitable-business-scientific-publishing-bad-for-science (Is the staggeringly profitable business of scientific publishing bad for science?) — The Guardian. https://www.cityoflondon.police.uk/news/city-of-london/news/2021/march/police-warn-students-and-universities-of-accessing-an-illegal-website-to-download-published-scientific-papers/ (Police warn students and universities of accessing an illegal website to download published scientific papers ) — City of London Police. https://www.theverge.com/2018/2/8/16985666/alexandra-elbakyan-sci-hub-open-access-science-papers-lawsuit (Meet the pirate queen making academic papers free online) — The Verge. https://scholarlykitchen.sspnet.org/2016/02/25/sci-hub-how-does-it-work/ (Sci-Hub:
Mar 24, 2021
219: Cheerleaders, dating apps, and crisis PR
55:55
How are cheerleaders being creeped out by deepfakes? What might Tinder tell potential dates about your murky past? And how should companies respond to the press when a security breach occurs? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Yvonne Eskenzi. Visit https://www.smashingsecurity.com/219 (https://www.smashingsecurity.com/219) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Yvonne Eskenzi. Sponsored By: https://www.crowdsec.net/smashing (CrowdSec): https://www.crowdsec.net/smashing (CrowdSec is open-source and crowd-powered software enabling you to detect and block attacks. While sharing with its user community, you contribute to improve its efficiency and make the internet safer.) https://www.smashingsecurity.com/sailpoint (Sailpoint): SailPoint Identity Security can help you enable your business and manage the cyber risk associated with the explosion of technology access in the cloud enterprise – ensuring each worker has the right access to do their job – no more, no less. Gain unmatched visibility and intelligence while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services. https://randombutmemorable.simplecast.com/ (1Password): Check out 1Password's podcast "Random but Memorable" for lighthearted security advice and banter with hosts Matt, Anna, and Michael. Listen to the "Random but Memorable" show in your favourite podcast app to hear the latest about security horror stories, data breaches, password hacking, and more. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=_z9kdqDwA80 (Chris Farley makes an energetic entrance to the David Letterman show) — YouTube. https://www.netflix.com/title/81039393 (Cheer) — Netflix. https://www.inquirer.com/news/bucks-county-raffaela-spone-cyberbullying-deepfake-20210312.html?outputType=amp (Bucks County woman created ‘deepfake’ videos to harass rivals on her daughter’s cheerleading squad, DA says) — Philadelphia Inquirer. https://www.thesun.co.uk/news/14352116/cheerleader-appeared-deepfake-vaping-video-made-rivals-mom-speaks/ (Cheerleader, 17, who appeared in 'deepfake' vaping video 'made by rival's mom' tells how she broke down in tears) — The Sun. https://www.youtube.com/watch?v=OmnK0ty0RBE (Oliver Reed on being deadly) — YouTube. https://www.tiktok.com/@deeptomcruise? (Deep Tom Cruise) — TikTok. https://www.tiktok.com/@deeptomcruise/video/6939155822387662085 (Deep Tom Cruise pretends to be a snapping turtle) — TikTok. https://www.tiktok.com/@deeptomcruise/video/6932166297996233989 (Deep Tom Cruise demonstrates his golf swing) — TikTok. https://www.eskenzipr.com/2021/03/16/a-guide-to-crisis-communications-for-incident-response/ (A Guide to Crisis Communications for Incident Response) — Eskenzi PR. https://www.bbc.co.uk/news/technology-56409427 (Tinder to introduce in-app background checks) — BBC News. https://www.garbo.io/ (Garbo - A new kind of online background check.) https://www.tinderpressroom.com/news?item=122491 (Match Group Partners with Garbo to Make Groundbreaking Background Check Technology Accessible To
Mar 17, 2021
218: Microsoft, McAfee, and mayhem
49:53
Is it the end of the road for John McAfee? Is PornHub more legitimate than Facebook? And do you know as much as you think you do about the Microsoft Exchange Server mega-hack? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/218 (https://www.smashingsecurity.com/218) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.smashingsecurity.com/sailpoint (Sailpoint): SailPoint Identity Security can help you enable your business and manage the cyber risk associated with the explosion of technology access in the cloud enterprise – ensuring each worker has the right access to do their job – no more, no less. Gain unmatched visibility and intelligence while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services. https://randombutmemorable.simplecast.com/ (1Password): Check out 1Password's podcast "Random but Memorable" for lighthearted security advice and banter with hosts Matt, Anna, and Michael. Listen to the "Random but Memorable" show in your favourite podcast app to hear the latest about security horror stories, data breaches, password hacking, and more. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.telegraph.co.uk/technology/news/9688101/John-McAfee-disguised-as-Guatemalan-street-hawker-with-a-limp.html (John McAfee 'disguised as Guatemalan street hawker with a limp') — The Telegraph. https://gizmodo.com/exclusive-john-mcafee-wanted-for-murder-updated-5959812 (John McAfee Wanted for Murder) — Gizmodo. https://nakedsecurity.sophos.com/2013/01/07/john-mcafee-infected-laptops/ (John McAfee says he infected laptops with malware, spied and stole passwords from Belize officials ) — Naked Security. https://grahamcluley.com/john-mcafee-running-president/ (John McAfee is running for president ) — Graham Cluley. https://grahamcluley.com/good-luck-john-mcafee-socially-engineering-corpse/ (Good luck John McAfee, socially engineering a corpse… ) — Graham Cluley. https://www.youtube.com/watch?v=bKgf5PaBzyg (How To Uninstall McAfee Antivirus ) — YouTube. https://www.justice.gov/usao-sdny/pr/john-david-mcafee-and-executive-adviser-his-cryptocurrency-team-indicted-manhattan (John David McAfee And Executive Adviser Of His Cryptocurrency Team Indicted In Manhattan Federal Court For Fraud And Money Laundering Conspiracy Crimes ) — US Department of Justice. https://www.islegitsite.com/ (IsLegitSite) — Check if a website is legitimate or not. https://www.datanyze.com/market-share/team-collaboration--267/microsoft-exchange-server-market-share (Microsoft Exchange Server Market Share and Competitor Report) — Datanyze. https://www.technologyreview.com/2021/03/06/1020442/four-new-hacking-groups-microsoft-email-servers/ (Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers) — MIT Technology Review. https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ (A Basic Timeline of the Exchange Mass-Hack ) — Krebs on Security....
Mar 10, 2021
217: Would you cuddle this revolting robot? - with Robert Llewellyn
54:23
Actor, presenter and writer Robert Llewellyn, famous for playing the part of Kryten in the science-fiction comedy "Red Dwarf," joins us as we discuss robots gone rogue, electric vehicle nightmares, and creepy companions. All this and much much more can be found in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Robert Llewellyn - famous for "Fully Charged," "Scrapheap Challenge," and as Kryten on "Red Dwarf." Visit https://www.smashingsecurity.com/217 (https://www.smashingsecurity.com/217) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Robert Llewellyn. Sponsored By: https://www.1password.com/switch50 (1Password): 1Password offers seamless syncing across all your computers and mobile devices, so you can store and access unlimited passwords from anywhere at any time. Only you have the keys to decrypt your data and sensitive information – 1Password doesn’t know it, doesn’t share it, and doesn’t sell it. Protect your whole family and get 50% off when you sign up for a 1Password Family account – make your home a 1Password household. For more details visit www.1password.com/switch50 https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/technology-56239454 ('Drunk' robot vacuums spark complaints from owners) — BBC News. https://www.reddit.com/r/roomba/comments/lprthq/roomba_s9_weird_behaviour_on_version_3108/ (Roomba S9+ weird behaviour on version 3.10.8) — Reddit. https://www.reddit.com/r/roomba/comments/l3mdad/time_lapse_video_of_i7_attempting_to_return_to/ (Time lapse video of i7+ attempting to return to clean base after 3.12.8 update) — Reddit. https://www.bitdefender.com/box/blog/iot-news/robot-vacuum-cleaners-can-eavesdrop-conversations-researchers-reveal/ (Robot vacuum cleaners can eavesdrop on your conversations, researchers reveal ) — Bitdefender BOX blog. https://upstream.auto/blog/the-hidden-cyber-risks-of-electric-vehicles/ (The Hidden Cyber Risks of Electric Vehicles) — Upstream. https://www.theguardian.com/lifeandstyle/2021/feb/17/mindfulness-laughter-and-robot-dogs-can-help-relieve-loneliness-study-says (Mindfulness, laughter and robot dogs may relieve lockdown loneliness – study) — The Guardian. https://www.youtube.com/watch?t=18&v=-sR_BZ1mIHg&feature=youtu.be (Charlie) — YouTube. https://www.youtube.com/watch?v=5ifwGc-0mAY&feature=youtu.be (Aibo) — YouTube. https://www.youtube.com/watch?v=_EZ77d9p0yE (Lovot) — YouTube. https://www.youtube.com/watch?v=9s8B3RmGMlY&feature=youtu.be (Petit Qoobo) — YouTube. https://www.youtube.com/watch?v=bWqo2P_viWA&feature=youtu.be (Flatcat ) — YouTube. https://www.youtube.com/watch?v=HZS9M52Bd_w (For All Mankind trailer) — YouTube. https://apple.co/_ForAllMankind (For All Mankind) — Apple TV. https://www.amazon.co.uk/Diary-MPs-Wife-Outside-riotously/dp/0349144400/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=&sr= ("Diary of an MP's Wife: Inside and Outside Power" by Sasha Swire.) — Amazon. https://www.youtube.com/watch?v=lXrnUzP5Su0 ("I Care A Lot" trailer ) — YouTube. https://www.imdb.com/title/tt9893250/ (I Care A Lot) — IMDB....
Mar 03, 2021
216: Playboy, prison, and digital ploys - with Garry Kasparov
55:17
World-chess-champion-turned-activist Garry Kasparov returns to the show as we discuss a romance scammer with plenty of time on his hands, the surge in sextortion, and how social media is being swamped with claims of fake snow. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Garry Kasparov. Visit https://www.smashingsecurity.com/216 (https://www.smashingsecurity.com/216) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Garry Kasparov. Sponsored By: https://www.1password.com/switch50 (1Password): 1Password offers seamless syncing across all your computers and mobile devices, so you can store and access unlimited passwords from anywhere at any time. Only you have the keys to decrypt your data and sensitive information – 1Password doesn’t know it, doesn’t share it, and doesn’t sell it. Protect your whole family and get 50% off when you sign up for a 1Password Family account – make your home a 1Password household. For more details visit www.1password.com/switch50 https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/technology-56127488 (Dating apps scam committed by criminal from inside prison) — BBC News. https://www.bbc.co.uk/sounds/play/m000sj8x (File on 4 - The Dangers of Dating Apps) — BBC Sounds. https://the-eye.eu/public/Books/PlayBoy/Playboy%201989/11%20-%20November%201989.pdf (Playboy Magazine, November 1989) — Including Garry Kasparov's interview and sexy photo shoot. https://blog.avast.com/sextortion-email-scams-avast (Sextortion email scams) — Avast. https://www.snopes.com/fact-check/snow-burn/ (Has Fake Snow Been Falling on the US?) — Snopes. https://www.thedailybeast.com/tiktok-users-are-trying-to-prove-the-snow-in-texas-is-fake (TikTok Users Are Trying (and Failing) to Prove the Snow in Texas Is Fake) — Daily Beast. https://gizmodo.com/tiktok-users-are-burning-snowballs-in-viral-videos-to-p-1846322841 (TikTok Users Are Burning Snowballs in Viral Videos to 'Prove' the Snow is Fake) — Gizmodo. https://www.independent.co.uk/news/world/americas/texas-griddy-electric-bills-winter-storm-b1805357.html (Griddy: Why a Texas electricity company is under fire for astronomical bills during winter storm) — The Independent. https://www.tmz.com/2021/02/23/ted-cruz-mariachi-band-discount-hired-need-money-texas-cancun/ (Ted Cruz Mariachi Band Performed at a Discount) — TMZ. https://slowtvmap.com/ (Slow TV Map.) https://www.goldenglobes.com/tv-show/queens-gambit (The Queen's Gambit) — Golden Globes. https://en.wikipedia.org/wiki/Soulmates_(TV_series) (Soulmates (TV series) ) — Wikipedia. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Feb 24, 2021
215: Sexy cows banned on Facebook
47:44
The FBI is hoping that its hunt for Capitol rioters will go viral, a cryptocurrency con lets its perpetrator live the high life... for a while, and just what does Facebook have against cows and a team of cricketers? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman. Visit https://www.smashingsecurity.com/215 (https://www.smashingsecurity.com/215) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Zoe Kleinman. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.recordedfuture.com/podcast (Recorded Future): Recorded Future's podcast, Inside Security Intelligence, takes a deep dive into the world of cyber threat intelligence They share stories from the trenches and the operations floor, giving you the lowdown on established and emerging adversaries Whether it's the SolarWinds breach, 5G conspiracy theories, or Russian election interference, Inside Security Intelligence gives you a fresh take from a variety of industry experts https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.huffingtonpost.co.uk/entry/fbi-capitol-attack-photos-bolo-trump_n_601d5173c5b618b31987d358 (The FBI Wants You To Make These Photos Of Capitol Insurrectionists Go Viral ) — Huffington Post. https://www.fbi.gov/wanted/capitol-violence (Capitol Violence ) — FBI. https://seditionhunters.org/ (Sedition Hunters.) https://www.theatlantic.com/technology/archive/2013/04/-bostonbombing-the-anatomy-of-a-misinformation-disaster/275155/ (Boston Bombing: The Anatomy of a Misinformation Disaster) — The Atlantic. https://www.nme.com/news/music/iced-earths-singer-and-bassist-quit-band-in-response-to-recent-events-and-circumstances-2881020 (Iced Earth’s singer and bassist quit band "in response to recent events and circumstances") — NME. https://www.npr.org/2021/02/09/965472049/the-capitol-siege-the-arrested-and-their-stories?t=1613483808536#database (Capitol Insurrection: More Than 230 People Charged And What We Know About Them) — NPR. https://www.bbc.co.uk/news/technology-55981602 ('Overtly sexual' cow blocked as Facebook ad) — BBC News. https://www.digfingroup.com/virgil-stefan-qin/ (What is Stefan Qin’s edge in crypto? Fraud, says the SEC ) — Digital Finance. https://www.justice.gov/usao-sdny/pr/founder-90-million-cryptocurrency-hedge-fund-charged-securities-fraud-and-pleads-guilty (Founder Of $90 Million Cryptocurrency Hedge Fund Charged With Securities Fraud And Pleads Guilty In Federal Court ) — Department of Justice. https://fortune.com/2021/02/14/crypto-fraud-virgil-capital-convicted/ (A crypto kid had a $23,000-a-month condo. Then the feds came) — Fortune. http://radio.garden/ (Radio Garden ) — Explore live radio by rotating the globe. https://www.mydodow.com/dodow/en-gb/home (Dodow.) https://www.youtube.com/watch?v=QtAOU8_LTHw (On Her Majesty's Secret Service mind control scene) — YouTube....
Feb 17, 2021
214: Lockdown love scams, SolarWinds, and a data deletion bungle
48:06
Fingerprints and DNA records have been deleted from the UK's police database, the SolarWinds hack continues to wreak havoc and raise questions, and we have some advice for how to fall in love safely under lockdown... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Professor Alan Woodward. Visit https://www.smashingsecurity.com/214 (https://www.smashingsecurity.com/214) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Alan Woodward. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/uk-55684320 (Police probes compromised after computer records deleted ) — BBC News. https://www.theguardian.com/uk-news/2021/feb/08/home-office-admits-15000-people-deleted-from-police-records (Home Office admits 15,000 people deleted from police records ) — The Guardian. https://www.itpro.co.uk/server-storage/data-recovery/358561/home-office-confirms-more-than-15k-police-record-were-deleted (Home Office admits 'coding error' wiped 15,000 police records) — IT Pro. https://www.theguardian.com/politics/2020/nov/20/priti-patel-boris-johnson-bullying-report-findings (Boris Johnson adviser quits after being overruled on Priti Patel bullying report) — The Guardian. http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm (UK's families put on fraud alert) — BBC News. https://www.solarwinds.com/securityadvisory (Security Advisory) — SolarWinds. https://www.reuters.com/article/us-cyber-solarwinds-china-exclusive-idUSKBN2A22K8 (Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources) — Reuters. https://www.wired.com/story/solarwinds-hack-china-usda/ (A Second SolarWinds Hack Deepens Third-Party Software Fears) — Wired. https://www.crn.com/news/security/microsoft-no-evidence-solarwinds-was-hacked-via-office-365 (Microsoft: No Evidence SolarWinds Was Hacked Via Office 365) — CRN. https://www.consumer.ftc.gov/articles/what-you-need-know-about-romance-scams (What You Need to Know About Romance Scams ) — FTC. https://www.zdnet.com/article/interpol-warns-of-romance-scam-artists-using-dating-apps-to-sign-victims-up-to-fake-investment-schemes/ (Interpol warns of romance scam artists using dating apps to promote fake investments) — ZDNet. https://metro.co.uk/2021/02/03/man-lost-38000-to-scammers-posing-as-single-women-on-match-com-14007830/ (Man lost £38,000 to scammers posing as single women on Match.com ) — Metro. https://www.ftc.gov/news-events/blogs/data-spotlight/2019/02/romance-scams-rank-number-one-total-reported-losses (Romance scams rank number one on total reported losses) — FTC. https://www.bbb.org/article/news-releases/22677-bbb-scam-alert-this-romance-scam-tricks-victims-in-laundering-federal-funds (This romance scam tricks victims in laundering federal funds) — Better Business Bureau. https://www.lexulous.com/ (Lexulous.)...
Feb 10, 2021
213: No security smarts at Mensa, long-term identity theft, and GameStop's share frenzy
01:01:05
Mensa - the social club for people with high IQs - is accused of not being so smart about security, an Indian TV journalist gets an unbelievable job offer from Harvard, and we take a look at what's being going on with GameStop short selling. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/213 (https://www.smashingsecurity.com/213) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.recordedfuture.com/podcast (Recorded Future): Recorded Future's podcast, Inside Security Intelligence, takes a deep dive into the world of cyber threat intelligence They share stories from the trenches and the operations floor, giving you the lowdown on established and emerging adversaries Whether it's the SolarWinds breach, 5G conspiracy theories, or Russian election interference, Inside Security Intelligence gives you a fresh take from a variety of industry experts https://www.crowdsec.net/smashing (CrowdSec): https://www.crowdsec.net/smashing (CrowdSec is open-source and crowd-powered software enabling you to detect and block attacks. While sharing with its user community, you contribute to improve its efficiency and make the internet safer.) https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.ft.com/content/7e00a348-d768-4618-b1c9-eb040b2c54e1 (Two British Mensa directors quit over cyber security concerns) — Financial Times. https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/ (Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords) — Forbes. https://grahamcluley.com/poor-password-security-mensa/ (Poor password security at the British branch of Mensa? ) — Graham Cluley. https://www.ndtv.com/blog/how-i-fell-for-a-phishing-attack-my-story-by-nidhi-razdan-2353395 (I Am Nidhi Razdan, Not A Harvard Professor, But...) — NDTV. https://www.marketwatch.com/investing/stock/gme (GameStop stock price) — MarketWatch. https://www.bbc.co.uk/news/newsbeat-55841719 (GameStop: What is it and why is it trending?) — BBC News. https://www.theguardian.com/commentisfree/2021/jan/31/market-is-rigged-in-favour-of-rich-as-gamestop-fiasco-reveals (An uprising against Wall Street? Hardly. GameStop was about the absurdity of the stock market) — The Guardian. https://www.marketwatch.com/story/gamestop-short-squeeze-fuels-new-stock-market-services-tracking-reddit-messages-11612203740 (GameStop short squeeze fuels new stock-market services tracking Reddit messages) — MarketWatch. https://www.thebalance.com/the-basics-of-shorting-stock-356327 (The Basics of Shorting Stock) — The Balance. https://www.bbc.co.uk/iplayer/episodes/m000kxw1/the-rise-of-the-murdoch-dynasty (The Rise of the Murdoch Dynasty) — BBC iPlayer. https://www.sketchup.com/ (SketchUp.)...
Feb 03, 2021
212: Dutch leaks, Peeping Toms, and researchers under fire
44:12
Google warns security researchers that North Korean hackers are pretending to be their buddies, sensitive information connected to Coronavirus testing is available for sale in the Netherlands, and is a Peeping Tom at your home security provider spying on you through CCTV? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/212 (https://www.smashingsecurity.com/212) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.rtlnieuws.nl/nieuws/nederland/artikel/5210644/handel-gegevens-nederlanders-ggd-systemen-database-coronit-hpzone (Illegale handel in privégegevens miljoenen Nederlanders uit coronasystemen GGD) — RTL News. https://www.youtube.com/watch?v=pWop2_Yk7mg (Video conference of EU Defence Ministers where a Dutch journalist gatecrashed the system) — YouTube. https://en.wikipedia.org/wiki/John_van_den_Heuvel (John van den Heuvel ) — Wikipedia. https://www.zdnet.com/article/dutch-covid-19-patient-data-sold-on-the-criminal-underground/ (Dutch COVID-19 patient data sold on the criminal underground) — ZDNet. https://www.smashingsecurity.com/175 (Smashing Security episode 175: Zoom deepfakes, Zardoz, and 'Rona tracing.) https://www.patreon.com/posts/bonus-smashing-2-36527007 (Bonus: Smashing Security After Dark #2 - Zardoz commentary.) — Smashing Security on Patreon. https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ (New campaign targeting security researchers) — Google Threat Analysis Group (TAG). https://www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media/ (Google: North Korean hackers have targeted security researchers via social media) — ZDNet. https://gizmodo.com/a-home-security-worker-hacked-into-surveillance-systems-1846111569 (ADT Employee: I Spied on Naked Customers Through Security Cams) — Gizmodo. https://www.dallasnews.com/news/courts/2020/05/18/adt-sued-after-employee-accessed-more-than-200-customers-home-security-systems-in-dallas-area/ (ADT sued after employee accessed more than 200 customers’ home security systems in Dallas area) — Dallas Morning News. https://www.bbc.co.uk/iplayer/episodes/p09343kb/the-investigation (The Investigation) — BBC iPlayer. https://www.theguardian.com/tv-and-radio/2021/jan/18/the-investigation-drama-kim-wall-killer-tobias-lindholm (The Investigation: why my drama about Kim Wall doesn't name her killer ) — The Guardian. https://www.nordiskfilmogtvfond.com/news/stories/tobias-lindholm-on-his-take-of-the-kim-wall-murder-investigation (Tobias Lindholm on his take of the Kim Wall murder investigation) — Nordisk Film & TV Fond. https://www.engadget.com/babylon-5-remastered-hbo-max-digital-download-080058907.html (‘Babylon 5...
Jan 27, 2021
211: Fleeking, COVID-19 hacking, and Bitcoin balls-ups
47:24
Your privacy may be at risk if you're on Fleek, hackers not only steal COVID-19 vaccine data but then tamper with it to spread mistrust, and the Bitcoin bungles keep on coming... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Ron Eddings from the Hacker Valley Studio podcast. Visit https://www.smashingsecurity.com/211 (https://www.smashingsecurity.com/211) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ron Eddings. Sponsored By: https://www.1password.com/families (1Password): 1Password for Families is the safest way to share logins, passwords, credit cards and other important information with the people who matter most. Use 1Password everywhere, from your Chromebook to your Apple Watch. Until March 31, if you purchase a $50 gift card you’ll get $10 towards any YubiKey 5 Series by Yubico – the security key that provides strong two-factor authentication with a simple touch. Find out more at https://1password.com/giftcards https://www.smashingsecurity.com/recordedfuture (Recorded Future): Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources. For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express. Get it now at smashingsecurity.com/recordedfuture https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.vpnmentor.com/blog/report-fleek-breach/ (Report: X-Rated Social Media App Exposes Users in Massive Data Breach) — VPNMentor. https://threatpost.com/hackers-leak-pfizer-covid-19-vaccine-data/163008/ (Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data) — Threatpost. https://arstechnica.com/information-technology/2021/01/hackers-alter-stolen-regulatory-data-to-sow-mistrust-in-covid-19-vaccine/ (Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine) — Ars Technica. https://apnews.com/article/public-health-europe-coronavirus-pandemic-coronavirus-vaccine-56efa8e104f0509fa48381fce00b0de6 (EU regulator: Hackers 'manipulated' stolen vaccine documents) — AP News. https://www.smashingsecurity.com/58 (Smashing Security 058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO) https://bitcoinfomo.club/ (Bitcoin FOMO Calculator.) https://www.smashingsecurity.com/167 (Smashing Security 167: Coronavirus scams and an exaggerated lion) https://www.theguardian.com/uk-news/2021/jan/14/man-newport-council-50m-helps-find-bitcoins-landfill-james-howells (Man offers Newport council £50m if it helps find bitcoins in landfill ) — The Guardian. https://www.youtube.com/watch?v=L8Zw3TopDWE (Acting in Film Master Class - By Michael Caine) — YouTube. http://terribleminds.com/ramble/project/damn-fine-story/ (Damn Fine Story: Mastering the Tools of a Powerful Narrative) — Book by Chuck Wendig. https://www.netflix.com/gb/title/80202946 (Back to Life) — Netflix. https://www.smashingsecurity.com/store (Smashing Security...
Jan 20, 2021
210: DC rioters ID'd, Energydots, and ransomware gets you in a pickle
01:02:59
Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. And don't miss our featured interview with CrowdSec's Philippe Humeau. Visit https://www.smashingsecurity.com/210 (https://www.smashingsecurity.com/210) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Dave Bittner and Philippe Humeau. Sponsored By: https://www.crowdsec.net/smashing (CrowdSec): https://www.crowdsec.net/smashing (CrowdSec is open-source and crowd-powered software enabling you to detect and block attacks. While sharing with its user community, you contribute to improve its efficiency and make the internet safer.) https://www.1password.com (1Password): https://www.1password.com (With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=O-BmtYFXrhI (Smashing Security's Christmas live stream) — YouTube. https://www.smashingsecurity.com/199 (Smashing Security 199: A few tech cock-ups, and one cock lock-up.) https://grahamcluley.com/taking-a-screwdriver-to-unlock-your-iot-sex-toy-is-nuts/ (Taking a screwdriver to unlock your IoT sex toy is nuts ) — Graham Cluley. https://threader.app/thread/1347570624164753409 (Zip tie guy Twitter thread.) https://www.nytimes.com/2021/01/10/us/politics/capitol-zip-ties-arrest.html (FBI Arrests Man Who Carried Zip Ties Into Capitol ) — The New York Times. https://www.bbc.co.uk/news/technology-55613452 (SmartDot radiation-protection phone stickers 'have no effect' ) — BBC News. https://eu.usatoday.com/story/news/factcheck/2020/07/12/fact-check-anti-radiation-shields-do-not-protect-against-emf-emission/5349018002/ (Fact check: Low-powered magnets do not protect against EMF emission) — USA Today. https://www.team17.com/games/moving-out/ (Moving Out game) — Team 17. https://www.youtube.com/watch?v=WhoMkC9Zvw0 (Moving Out trailer ) — YouTube. http://polybridge.drycactus.com/ (Poly Bridge) — Dry Cactus. https://www.bbc.co.uk/sounds/brand/p090t9cl (The Cipher) — BBC Sounds. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Jan 13, 2021
209: Vengeful ex-staff, bad Santas, and iOS app nutrition facts
01:00:05
Watch out for Santas wearing hoodies! A rogue employee takes down WebEx for thousands of people, and Apple forces apps to show a privacy health warning. All this and much much more is discussed in the final episode of the "Smashing Security" podcast for 2020, with computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. And don't miss our special featured interview with Kroll's Mari DeGrazia. Visit https://www.smashingsecurity.com/209 (https://www.smashingsecurity.com/209) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Maria Varmazis and Mari DeGrazia. Sponsored By: https://www.smashingsecurity.com/kroll (Kroll): Rapidly detecting a threat is meaningless without the ability to respond with confidence. Kroll responds to over 2,000 cyber incidents every year and is uniquely positioned to bring that capability and expertise 24x7 with Responder. Kroll Responder merges hunting, detection, containment and remediation to deliver best-in-class endpoint security. See how Responder works at smashingsecurity.com/kroll https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=O-BmtYFXrhI (Smashing Security Christmas Party live stream!) — YouTube. https://www.theregister.com/2020/08/26/former_cisco_engineer_aws_webex_teams/ (Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts ) — The Register. https://www.justice.gov/usao-ndca/pr/san-jose-man-sentenced-two-years-imprisonment-damaging-cisco-s-network (San Jose Man Sentenced To Two Years Imprisonment For Damaging Cisco’s Network ) — US Department of Justice. https://www.infoworld.com/article/2653004/why-san-francisco-s-network-admin-went-rogue.html (Why San Francisco's network admin went rogue) — InfoWorld. https://www.computerworld.com/article/2517653/after-verdict-debate-rages-in-terry-childs-case.html (After verdict, debate rages in Terry Childs case) — Computerworld. https://edition.cnn.com/2020/12/05/tech/virtual-zoom-santas/index.html ('Parents are desperate'. Zoom Santas are cashing in ) — CNN. https://www.cameo.com/santagottfried?qid=1605129432 (Santa Gilbert Gottfried) — Cameo. https://laist.com/2020/11/27/dont_get_scammed_by_santa_this_holiday_season.php (Don't Get Scammed By Santa This Holiday Season) — LAist. https://twitter.com/CityAttorneyLA/status/1332361510178361346 ("The holidays are here and so are the scammers.") — LA City Attorney on Twitter https://9to5mac.com/2020/12/09/apple-apps-will-show-privacy-labels/ (Apple responds to WhatsApp criticism, confirms its own apps will show privacy labels) — 9to5Mac. https://www.imore.com/facebooks-zuckerberg-again-takes-aim-apple-over-ios-14-ad-privacy-move (Facebook's Zuckerberg again takes aim at...
Dec 16, 2020
208: Hidden treasure, COVID tracker trauma, and happy holidays with IoT
01:11:13
Was hidden treasure found with help from a hack? What security lessons can be learnt from a controversial police raid in Florida? And are you ready for safer online get-togethers this Christmas? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Anna Brading. And don't miss our special featured interview with Mimecast's Max Linscott. Visit https://www.smashingsecurity.com/208 (https://www.smashingsecurity.com/208) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Anna Brading and Max Linscott. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.culture.ai/smashing (CultureAI): CultureAI isn't just another security awareness training provider. It helps you measure and improve every end-user's cyber security behaviour, providing a management system for IT, Security and Awareness teams. Learn more and try it for yourself at culture.ai/smashing https://www.smashingsecurity.com/mimecasthub (Mimecast): Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation). Grab your copy at smashingsecurity.com/mimecasthub https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=O-BmtYFXrhI (Smashing Security's Christmas 2020 live stream) — Join us on YouTube on Thursday 17 December 2020 at 8pm (UK) / 3pm (Eastern) / Noon (Pacific). https://fennstreasure.com/ (Forrest Fenn's Treasure.) https://www.outsideonline.com/2419429/forrest-fenn-treasure-jack-stuef (The Man Who Found Forrest Fenn's Treasure) — Outside Online. https://thefinder.medium.com/a-statement-on-the-disclosure-of-my-identity-602d95f04b9f (A Statement on the Disclosure of My Identity) — Jack Steuf. https://www.chicagotribune.com/nation-world/ct-nw-treasure-chest-rocky-mountains-forrest-fenn-20200608-xltbeao5zvbkjiby732x73fhxe-story.html (A Chicago treasure hunter was on the trail of a hidden chest worth more than $1 million — but she says she was hacked and her ‘solve stolen’) — Chicago Tribune. https://www.theregister.com/2020/12/08/rebekah_jones_police_raid/ (Cops raid home of ousted data scientist who created her own Florida COVID-19 dashboard) — The Register. https://twitter.com/GeoRebekah/status/1336065787900145665 (Video of police raid on home of Rebekah Jones) — Rebekah Jones's Twitter account. https://www.jpost.com/omg/former-israeli-space-security-chief-says-aliens-exist-humanity-not-ready-651405 (Former Israeli space security chief says aliens exist, humanity not...
Dec 09, 2020
207: Cyber biowarfare, giant ladybugs, and strippers
01:12:42
Fears are raised about cyber bioterrorists, there's a widespread blackout for IoT devices caused by a cloud cock-up, and what role do strippers play in a revamp of the United States's computer crime laws? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. And don't miss our featured interview with Steve Salinas of Deep Instinct, discussing ransomware. Visit https://www.smashingsecurity.com/207 (https://www.smashingsecurity.com/207) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Mark Stockley and Steve Salinas. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.culture.ai/smashing (CultureAI): CultureAI isn't just another security awareness training provider. It helps you measure and improve every end-user's cyber security behaviour, providing a management system for IT, Security and Awareness teams. Learn more and try it for yourself at culture.ai/smashing https://www.smashingsecurity.com/deepinstinct (Deep Instinct): Most people agree that the most effective way to reduce the cost of an attack is to prevent it from happening in the first place! Deep Instinct strives to prevent all known and unknown threats using deep learning, making detection and response automated, fast and effective for any threat that cannot be prevented. Check out a report by the Ponemon Institute, which studied the cost savings of adopting an efficient prevention model. Go grab it at smashingsecurity.com/deepinstinct https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/live (Smashing Security's Christmas 2020 live stream) — Join us on YouTube on Thursday 17 December 2020 at 8pm (UK) / 3pm (Eastern) / Noon (Pacific) https://www.nature.com/articles/s41587-020-00761-y.epdf?sharing_token=WrWwDN-FkOdBex9by7Avv9RgN0jAjWel9jnR3ZoTv0NL8O3FZQt7i2a40oTwYLJPFz184wQMd47k4I9vP_m_KxdkwgB8s3TjKL3CWbYnVQOvuMrx9ODaGZMU7jFPAVy78oCfVyrz0df15z716-fLDxeCHnkIcmF6s88n63V4muk=&utm_medium=affiliate&utm_source=commission_junction&utm_campaign=3_nsn6445_deeplink_PID100051881&utm_content=deeplink (Increased cyber-biosecurity for DNA synthesis) — Nature Biotechnology. https://www.news-medical.net/news/20201130/New-cyber-biological-attack-can-trick-biologists-into-generating-dangerous-toxins.aspx (New cyber-biological attack can trick biologists into generating dangerous toxins) — News Medical Life Sciences. https://www.phe.gov/Preparedness/legal/guidance/syndna/Documents/syndna-guidance.pdf (Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA) — Department of Health and Human Services (PDF). https://www.bbc.co.uk/news/technology-55087054 (AWS: Amazon web outage breaks vacuums and doorbells) — BBC News....
Dec 02, 2020
206: Robo dogs, deepfakes and dirty deceptions with Tim Harford
01:08:00
Author and broadcaster Tim Harford joins us as we discuss the merits of robotic canine security guards, deepfakes, and the curious tale of an art forgery. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. And don't miss our special featured interview with James Moore from CultureAI. Visit https://www.smashingsecurity.com/206 (https://www.smashingsecurity.com/206) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: James Moore and Tim Harford. Sponsored By: https://www.culture.ai/smashing (CultureAI): CultureAI isn't just another security awareness training provider. It helps you measure and improve every end-user's cyber security behaviour, providing a management system for IT, Security and Awareness teams. Learn more and try it for yourself at culture.ai/smashing https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://timharford.com/books/worldaddup/ (How To Make The World Add Up) — Tim Harford. https://www.tyndall.af.mil/News/Article-Display/Article/2411598/computerized-canines-to-join-team-tyndall/ (Computerized canines to join Team Tyndall) — Tyndall Air Force Base. https://www.youtube.com/watch?v=b4dIY5mpRpw (Computerized canines semi-autonomous robot dogs into their patrolling regimen to join Team Tyndall ) — YouTube. https://www.youtube.com/watch?v=BrT23cWQ-dc (Incredible Tyndall 'Robot Dogs' Demonstration ) — YouTube. https://www.youtube.com/watch?v=XwruCMAdA60 (Perimeter-patrolling 'robo-dogs' coming to Tyndall Air Force Base) — YouTube. https://www.ghostrobotics.io/ (Revolutionizing Legged Robots ) — Ghost Robotics. https://www.immersivewisdom.com/ (Immersive Wisdom.) https://metro.co.uk/2020/02/12/norwegian-oil-company-employs-robot-dogs-patrol-areas-dangerous-humans-12226388/ (Norwegian oil company employs robot dogs to patrol dangerous areas) — Metro News. https://abc7news.com/technology/video-creepy-wolf-robot-wards-off-wild-bear-in-japanese-town/7900218/ (Japanese farm town deploys 'Monster Wolf' robots to scare off wild bears from neighborhoods) — ABC7 San Francisco. https://en.wikipedia.org/wiki/Willo_the_Wisp (Willo the Wisp ) — Wikipedia. https://www.youtube.com/watch?v=jVY78S014d0 (Willo the Wisp: "The Thoughts of Moog") — YouTube. https://www.npr.org/templates/story/story.php?storyId=92483237 (How Mediocre Dutch Artist Cast 'The Forger's Spell') — NPR. https://www.nytimes.com/interactive/2020/11/21/science/artificial-intelligence-fake-people-faces.html (Do These A.I.-Created Fake People Look Real to You?) — The New York Times. https://www.macmillandictionary.com/dictionary/british/the-liar-s-dividend (The Liar's Dividend) — Definition from Macmillan Dictionary....
Nov 25, 2020
205: Zoom password pinching and Parler problems
48:08
Watch out for a whole different type of shoulder-surfing, researchers uncover the CostaRicto hackers-for-hire gang, and we take a peek at who is behind Parler. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Chris Cochran from the Hacker Valley Studio podcast. Visit https://www.smashingsecurity.com/205 (https://www.smashingsecurity.com/205) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Chris Cochran. Sponsored By: https://www.smashingsecurity.com/recordedfuture (Recorded Future): Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources. For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express. Get it now at smashingsecurity.com/recordedfuture https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.digitalinformationworld.com/2020/11/hackers-could-now-know-what-people-type.html (Hackers could now know what people type on Zoom video call by evaluating the shoulder movement of users) — Digital Information World. https://arxiv.org/abs/2010.12078 (Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks) — Cornell University. https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced (The CostaRicto Campaign: Cyber-Espionage Outsourced) — BlackBerry. https://www.bleepingcomputer.com/news/security/new-stealthy-hacker-for-hire-group-mimics-state-backed-attackers/ (New stealthy hacker-for-hire group mimics state-backed attackers) — Bleeping Computer. https://www.washingtonpost.com/technology/2020/07/15/parler-conservative-twitter-alternative/ (The conservative alternative to Twitter wants to be a place for free speech for all. It turns out, rules still apply) — Washington Post. https://theconversation.com/parler-what-you-need-to-know-about-the-free-speech-twitter-alternative-142268 (Parler: what you need to know about the 'free speech' Twitter alternative) — The Conversation. https://www.techdirt.com/articles/20201116/01141545710/what-if-cambridge-analytica-owned-own-social-network-ca-backer-rebekah-mercer-admits-shes-co-founder-parler.shtml (What If Cambridge Analytica Owned Its Own Social Network? CA Backer Rebekah Mercer Admits She's A Co-Founder Of Parler ) — Techdirt. https://www.noodlesoft.com/ (Hazel) — Automated organization for your Mac from Noodlesoft. http://ericnuzum.com/ (Make Noise) — A creator's guide to
Nov 18, 2020
204: Green buttons, Olympic attacks, and... an apology
01:12:58
Darknet Diaries host Jack Rhysider joins us to discuss a cybersecurity goof in the wake of the US presidential elections, the US finally fingering the hackers responsible for disrupting the Winter Olympics in South Korea, and to take a long hard look at long hard legal mumbojumbo... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Jack Rhysider from Darknet Diaries. Plus don't miss our featured interview with Mimecast's Danielle Papadakis. Visit https://www.smashingsecurity.com/204 (https://www.smashingsecurity.com/204) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Danielle Papadakis and Jack Rhysider. Sponsored By: https://www.smashingsecurity.com/mimecasthub (Mimecast): Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation). Grab your copy at smashingsecurity.com/mimecasthub https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/kroll (Kroll): Rapidly detecting a threat is meaningless without the ability to respond with confidence. Kroll responds to over 2,000 cyber incidents every year and is uniquely positioned to bring that capability and expertise 24x7 with Responder. Kroll Responder merges hunting, detection, containment and remediation to deliver best-in-class endpoint security. See how Responder works at smashingsecurity.com/kroll https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://cdn.donaldjtrump.com/public-files/press_assets/verified-complaint-with-attachments.pdf (Legal complaint on behalf of Donald J Trump for President Inc and Republican National Committee) — PDF. https://donttouchthegreenbutton.com/ (Don't touch the green button!) https://www.reddit.com/r/privacy/comments/jq4y8w/the_trump_campaign_hastily_setup_a_website_to/ (Reddit thread about Donttouchthegreenbutton.com) https://twitter.com/richeyward/status/1325412472505987072 (Richey Ward's Twitter thread showing how over 163k records were exposed in the Don't Touch The Green Button database) — Twitter. https://www.bleepingcomputer.com/news/security/trump-lawsuit-site-to-report-rejected-votes-leaked-voter-data/ (Trump lawsuit site to report 'rejected votes' leaked voter data) — Bleeping Computer. https://twitter.com/BBCRosAtkins/status/1325905080189669381 (Hilarious news report of the Four Seasons Total Landscaping debacle) — Tweet by Ros Atkins of the BBC. https://grahamcluley.com/donald-trump-twitter-password/ (“Yourefired” was Donald Trump’s Twitter password,...
Nov 11, 2020
203: Testing times, naming names, and the bald truth about AI
01:10:48
Students are being spied on as they do online exams, how did a televised football match reveal the truth about artificial intelligence, and what on earth is the Canny Lumpsucker vulnerability? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast. Plus don't miss the second part of our featured interview with LastPass's Dalia Hamzeh. Visit https://www.smashingsecurity.com/203 (https://www.smashingsecurity.com/203) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Dalia Hamzeh and Thom Langford. Sponsored By: https://www.smashingsecurity.com/kroll (Kroll): Rapidly detecting a threat is meaningless without the ability to respond with confidence. Kroll responds to over 2,000 cyber incidents every year and is uniquely positioned to bring that capability and expertise 24x7 with Responder. Kroll Responder merges hunting, detection, containment and remediation to deliver best-in-class endpoint security. See how Responder works at smashingsecurity.com/kroll https://www.smashingsecurity.com/mimecasthub (Mimecast): Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation). Grab your copy at smashingsecurity.com/mimecasthub https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://insights.sei.cmu.edu/cert/2020/10/vulnonym-stop-the-naming-madness.html (Vulnonym: Stop the Naming Madness!) — Carnegie Mellon University Software Engineering Institute. https://twitter.com/vulnonym/ (Vulnonym) — A bot generating names for CVE IDs. https://thrangrycat.com/ (Thrangrycat ) — Not better known as 😾😾😾. https://www.sbnation.com/soccer/2020/10/30/21541962/soccer-match-ai-camera-bald-head-ball (Soccer match ruined when AI-controlled camera mistakes ref’s bald head for ball) — SB Nation. https://www.vice.com/en/article/n7wxvd/students-are-rebelling-against-eye-tracking-exam-surveillance-tools?utm_source=reddit.com (Students Are Rebelling Against Eye-Tracking Exam Surveillance Tools) — Motherboard. https://www.ubyssey.ca/news/proctorio-sues-linkletter/ (Proctorio sues UBC staff member for tweets sharing ‘confidential’ information about the software) — The Ubyssey. https://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/ (ProctorU confirms data breach after database leaked online) — Bleeping Computer....
Nov 04, 2020
202: The Wu-Tang Clan are Among Us
01:12:05
Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn't the only one who's been getting into the Among Us game. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by James Thomson. Plus don't miss the first part of our featured interview with LastPass's Dalia Hamzeh. Visit https://www.smashingsecurity.com/202 (https://www.smashingsecurity.com/202) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Dalia Hamzeh and James Thomson. Sponsored By: https://www.smashingsecurity.com/recordedfuture (Recorded Future): Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources. For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express. Get it now at smashingsecurity.com/recordedfuture https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.justice.gov/usao-sdga/pr/rapper-scammers-admit-faking-association-musical-group-conspiracy-cheat-hotels-bank (Rapper scammers admit faking association with musical group in conspiracy to cheat hotels, bank, limo service) — US Department of Justice. https://www.youtube.com/watch?v=q64dajbB_Po (This U.S. Election Could Be the Most Secure Yet. Here’s Why) — The New York Times on YouTube. https://apnews.com/article/virus-outbreak-elections-georgia-voting-2020-voting-c191f128b36d1c0334c9d0b173daa18c (Report: Ransomware disables Georgia county election database) — AP. https://spectator.sme.sk/c/22518767/pity-the-nation.html (Pity the nation: Americans’ choice of president on November 3 will affect Slovaks too.) — Slovak Spectator article by James Thomson. https://www.technologyreview.com/2020/10/21/1011038/aocs-among-us-livestream-hints-at-twitchs-political-power/ (AOC’s Among Us livestream hints at Twitch’s political power) — MIT Technology Review. https://arstechnica.com/gaming/2020/10/aocs-twitch-streaming-debut-attracts-over-435000-among-us-viewers/ (AOC makes explosive Twitch debut with over 435,000 Among...
Oct 28, 2020
201: Robin Hood, Flippy, and the web ad bubble
01:12:44
The Darkside ransomware gang thinks it's a modern-day Robin Hood when it donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Tim Hwang. Plus don't miss our featured interview with Recorded Future's Levi Gundert. Visit https://www.smashingsecurity.com/201 (https://www.smashingsecurity.com/201) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Levi Gundert and Tim Hwang. Sponsored By: https://www.smashingsecurity.com/recordedfuture (Recorded Future): Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and dark web sources. For up-to-the-minute security intelligence that can help you make fast and confident security decisions, install the free browser extension Recorded Future Express. Get it now at smashingsecurity.com/recordedfuture https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/live (Smashing Security celebration livestream) — YouTube. https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/ (Ransomware gang donates part of ransom demands to charity organizations) — ZDNet. https://www.bbc.co.uk/news/technology-54591761 (Mysterious 'Robin Hood' hackers donating stolen money) — BBC News. https://thewaterproject.org/donate-bitcoin (Donate Bitcoin - Give to Help Build Wells and Water Projects) — The Water Project. https://www.children.org/make-a-difference/other-ways-to-help/donate-crypto (Donate cryptocurrency to Children International) https://www.wired.com/story/ad-tech-could-be-the-next-internet-bubble/ (Ad Tech Could Be the Next Internet Bubble) — Wired. https://us.macmillan.com/books/9780374538651 (Subprime Attention Crisis: Advertising and the Time Bomb at the Heart of the Internet) — A book by Tim Hwang. https://venturebeat.com/2020/01/28/miso-robotics-unveils-its-next-gen-robot-kitchen-assistant/ (Miso Robotics unveils its next-gen robot kitchen assistant) — VentureBeat.
Oct 21, 2020
200: Two flipping hundred
01:11:54
We're in celebratory mood as we celebrate our 200th episode, but there's still time to discuss Fatima the ballerina who the UK government wants to become a cybersecurity expert, why women are quitting the tech industry, and a smartwatch which might be putting your kids at risk. Plus don't miss our featured interview with Mimecast's Michael Madon. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/200 (https://www.smashingsecurity.com/200) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Maria Varmazis and Michael Madon. Sponsored By: https://www.smashingsecurity.com/mimecasthub (Mimecast): Mimecast's State of Email Security 2020 report helps you understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering), or beyond the organization’s perimeters (the domains they own and their brands via impersonation). Grab your copy at smashingsecurity.com/mimecasthub https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/live (Join us on the Smashing Security LIVE STREAM!) — We'll be live at 8pm UK Thursday 15 October (3pm Eastern). https://www.standard.co.uk/news/uk/fatima-ballet-dancer-job-cyber-government-campaign-a4568641.html (Fury over Government campaign suggesting ballet dancer could retrain in cyber security) — London Evening Standard. https://www.theguardian.com/stage/2020/oct/13/dying-swan-or-lame-duck-why-fatima-the-ballerinas-next-job-was-tripping-up-the-government (Dying swan or lame duck? Why 'Fatima' the ballerina's next job was tripping up the government) — The Guardian. https://twitter.com/C4Ciaran/status/1315600360443125762 ("For those worried about Fatima she’s almost certainly not called Fatima and almost certainly will never work in cyber. The image is from a US photographer based in Atlanta, Georgia.") — Ciaran Jenkins on Twitter. https://www.bbc.co.uk/news/magazine-35765276 (The Vocabularist: How we use the word cyber) — BBC News. https://www.accenture.com/_acnmedia/PDF-134/Accenture-A4-GWC-Report-Final1.pdf (Resetting Tech Culture: 5 strategies to keep women in tech (PDF)) —...
Oct 14, 2020
199: A few tech cock-ups, and one cock lock-up
55:11
An internet-connected adult toy could leave its users encaged, the official NHS COVID-19 contact-tracing app alarms users, and would you be happy if a robot interviewed you for a job? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman. Visit https://www.smashingsecurity.com/199 (https://www.smashingsecurity.com/199) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Zoe Kleinman. Sponsored By: https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/live (Smashing Security LIVE STREAM!) https://www.qiui.store/product-page/cellmate-chastity-cage (CellMate chastity cage (Short model)) — QIUI. https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/ (Smart male chastity lock cock-up) — Pen Test Partners. https://www.bbc.co.uk/news/technology-54326267 (NHS Covid-19 app: 12m downloads - and lots of questions) — BBC News. https://hubert.ai/ (Hubert+1 - Add more to your team.) https://www.predictivehire.com/ (Predictive Hire - Bias-free interviews.) https://onezero.medium.com/i-got-a-job-at-an-amazon-warehouse-without-talking-to-a-single-human-c22beeeb53d6 (I Got a Job at an Amazon Warehouse Without Talking to a Single Human) — Ryan Fan, OneZero. https://www.youtube.com/watch?v=8n5RSJifbIE (Tengai demo) — YouTube. https://www.bbc.co.uk/sounds/play/m000n5pq (John Lennon at 80 - episode one.) — BBC Sounds. https://www.bbc.co.uk/programmes/m000n778 (John Lennon at 80 - episode two.) — BBC Sounds. https://www.bbc.co.uk/programmes/p08t4q98 (Sean Lennon's full conversation with Julian Lennon.) — BBC Sounds. https://www.bbc.co.uk/programmes/p08t4nnb (Sean Lennon's full conversation with Elton John.) — BBC Sounds. https://www.bbc.co.uk/programmes/p08t4mx9 (Sean Lennon's full conversation with Paul McCartney.) — BBC Sounds. https://www.bbc.co.uk/programmes/m000n65g (John Lennon at the BBC: From The Beatles’ early days to his final interview) — BBC Sounds. https://en.wikipedia.org/wiki/Television_set (Television set) — Wikipedia. https://www.youtube.com/channel/UCN8V_pO0xOFKLL4XG1tshnw (Perspective ) — YouTube. https://www.broad-canvas.com/ (Broad Canvas) — Oxford art supplies store....
Oct 07, 2020
198: Chucky the coffee maker
01:07:55
Coffee machines catching ransomware, Blacklight shines a torch on website tracking, and a woman is freaked out that a complete stranger can turn off her home's security system. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. And don't miss our featured interview with Greg Jensen from Oracle, who talks all about five free reports he has put together for listeners about cloud security. Visit https://www.smashingsecurity.com/198 (https://www.smashingsecurity.com/198) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Dave Bittner and Greg Jensen. Sponsored By: https://www.smashingsecurity.com/oraclereport (Oracle): Check out the free cloud security reports that Oracle is making available for listeners of "Smashing Security" and learn how organizations can make security an essential part of the culture of their business. Read the free reports at smashingsecurity.com/oraclereport https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://en.wikipedia.org/wiki/Trojan_Room_coffee_pot (Trojan Room coffee pot ) — Wikipedia. https://www.cl.cam.ac.uk/coffee/coffee.html (Trojan Room Coffee Machine) — Department of Computer Science and Technology, Cambridge University. https://www.evilsocket.net/2016/10/09/IoCOFFEE-Reversing-the-Smarter-Coffee-IoT-machine-protocol-to-make-coffee-using-terminal/index.html (Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal) — Evil Socket. https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/ (The Fresh Smell of ransomed coffee) — Martin Hron, Avast Threat Labs. https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ (When coffee makers are demanding a ransom, you know IoT is screwed) — Ars Technica. https://www.youtube.com/watch?v=bJrIh94RSiI (What a hacked coffee machine looks like) — YouTube. https://themarkup.org/blacklight (Blacklight) — The Markup. https://themarkup.org/blacklight/2020/09/22/what-they-know-now (What They Know … Now) — The Markup. https://www.marketdataforecast.com/market-reports/smart-home-security-market (Smart Home Security Market Share, Size & Forecast to 2024) — Market data forecast. https://www.statista.com/search/?q=home+security&Search=&qKat=search (Smart home penetration rates ) — Statista. https://www.cbc.ca/news/business/security-system-app-homeowner-stranger-1.5733444 (New homeowner 'freaked out' when stranger took control of her security system) — CBC News. https://www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/...
Sep 30, 2020
197: Greedy bosses, game cheats, and virtual beheadings
52:48
Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/197 (https://www.smashingsecurity.com/197) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=xoxhDk-hwuo (Package Thief vs. Glitter Bomb Trap ) — YouTube. https://www.youtube.com/watch?v=KC6-hllKOo8 (CSGO Cheaters trolled by fake cheat software ) — YouTube. https://www.vice.com/en_us/article/93545z/this-hacker-creates-fake-cheats-that-make-cheaters-jump-off-buildings-in-game (This Hacker Creates Fake Cheats That Make Cheaters Jump Off Buildings In-Game) — Vice. https://twitter.com/colinmadland/status/1307111816250748933 (Tweet by Colin Madland.) https://twitter.com/bascule/status/1307440596668182528 (Which will the Twitter algorithm pick: Mitch McConnell or Barack Obama?) — Tweet by @bascule. https://twitter.com/grahamorcarole (GrahamOrCarole?) — Twitter. https://www.justice.gov/usao-sdny/pr/founder-and-ceo-cyberfraud-prevention-company-arrested-and-charged-securities-fraud (Founder And CEO Of Cyberfraud Prevention Company Arrested And Charged With Securities Fraud Scheme) — Department of Justice press release. https://www.vice.com/en_us/article/3az9dw/founder-of-anti-cyber-fraud-company-charged-with-fraud (Founder of Anti Cyber Fraud Company Charged With Fraud) — Vice. https://gizmodo.com/in-ironic-twist-founder-of-cyber-fraud-prevention-star-1845112449 (Founder of cyber fraud startup ironically facing fraud charges) — Gizmodo. https://www.youtube.com/watch?v=eNszPW05w8A (Interview with NS8's Adam Rogas) — YouTube. https://www.youtube.com/watch?v=NW8yk-m5Ig8 (Mission to the Unknown Recreation - Doctor Who) — YouTube. https://www.youtube.com/watch?v=jbYq8A_6_dc (The making-of Mission to the Unknown ) — YouTube. https://www.trilliontrees.org/ (Trillion Trees.) https://www.netflix.com/gb/title/80216172 (Criminal: UK) — Netflix. https://www.smashingsecurity.com/store (Smashing...
Sep 23, 2020
196: Smart guns, smart cars, and smart street lights - oh my!
54:28
Kalashnikov unveils its "smart" shotgun, San Diego struggles with its street lights, and a researcher reveals how he found a way to hack every Tesla on the planet. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by David McClelland. Visit https://www.smashingsecurity.com/196 (https://www.smashingsecurity.com/196) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: David McClelland. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://kalashnikov.media/video/kalashnikov-predstavil-pervoe-v-rossii-smart-ruzhe-mp-155-ultima (Kalashnikov smart shotgun - MP-155 Ultima.) https://www.youtube.com/watch?v=eQsp34zo6aE (Kalashnikov reveals first Russian-made smart shotgun MP-155 Ultima) — YouTube. https://www.youtube.com/watch?v=A7rFNW1R_vo (Mike Jernigan, blind veteran, uses a TrackingPoint system to land a 300+ yard shot) — YouTube. https://hotforsecurity.bitdefender.com/blog/see-how-a-self-aiming-sniper-rifle-can-be-remotely-hacked-12385.html#new_tab (See how a self-aiming sniper rifle can be remotely hacked) — Hot for Security. https://docs.google.com/document/d/1yXni1GoD93q8mX-yom7JLBn0Q8tPOQz2A_y3m3LJi8o/edit (Tesla Network Vulnerability Report - 2017-03-24 (Annotated) ) — Google Docs. https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/ (The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he's a good guy) — Electrek. https://www.sandiego.gov/sustainability/energy-and-water-efficiency/programs-projects/smart-city (Smart Streetlights Program ) — City of San Diego. https://spectrum.ieee.org/view-from-the-valley/sensors/remote-sensing/cops-smart-street-lights (Cops Tap Smart Streetlights Sparking Controversy and Legislation) — IEEE Spectrum. https://www.sandiegouniontribune.com/news/public-safety/story/2020-09-09/mayor-orders-san-diegos-smart-streetlights-turned-off-until-surveillance-ordinance-in-place (Mayor orders San Diego's Smart Streetlights turned off until surveillance ordinance in place) — The San Diego Union-Tribune. https://www.sandiegouniontribune.com/opinion/editorials/story/2020-09-10/smart-streetlights-san-diego-surveillance-faulconer-activists (Mayor was right to shut off Smart Streetlights ) — The San Diego Union-Tribune....
Sep 16, 2020
195: Selene Delgado Lopez is not your friend, with Jon Bentley
50:08
The Gadget Show's Jon Bentley joins us to discuss the mystery of a Facebook friend you never requested, software updates for the Mercedes S-Class, and risks in the online classroom. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Jon Bentley. Visit https://www.smashingsecurity.com/195 (https://www.smashingsecurity.com/195) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jon Bentley. Sponsored By: https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.smashingsecurity.com/deepinstinct (Deep Instinct): Most people agree that the most effective way to reduce the cost of an attack is to prevent it from happening in the first place! Deep Instinct strives to prevent all known and unknown threats using deep learning, making detection and response automated, fast and effective for any threat that cannot be prevented. Check out a report by the Ponemon Institute, which studied the cost savings of adopting an efficient prevention model. Go grab it at smashingsecurity.com/deepinstinct https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://mashable.com/article/what-is-selene-delgado-lopez-hoax/?europe=true (Say hello to to the latest weird viral Facebook hoax: ‘Selene Delgado Lopez’) — Mashable. https://www.youtube.com/watch?v=XsbUVlJXrTI (Veja Quem é Selene Delgado Lopez - a Fantasma do Facebook) — YouTube. https://www.exhibit.tech/the-10-most-important-innovations-in-the-new-mercedes-benz-s%E2%80%91class/ (The 10 most important innovations in the New Mercedes-Benz S‑Class!) — Exhibit. https://www.wired.com/insights/2012/04/mercedes-mbrace2/ (Mercedes Revs mbrace2 With Cloud Updates ) — Wired. https://www.sfchronicle.com/business/article/San-Leandro-schools-stepping-up-online-security-15520213.php (San Leandro schools stepping up online security after latest Zoombomb) — San Francisco Chronicle. https://www.miamiherald.com/news/nation-world/national/article245333510.html (‘Zoombombers’ using porn to troll students across US) — Miami Herald. https://www.dailymail.co.uk/news/article-8705695/Schoolgirl-robbed-Zoom-lesson-Ecuador.html (Schoolgirl is robbed during a Zoom lesson in Ecuador ) — Daily Mail. https://securelist.com/digital-education-the-cyberrisks-of-the-online-classroom/98380/ (Digital Education: The cyberrisks of the online classroom) —...
Sep 09, 2020
194: Carry on droning
48:19
A Bitcoin bungle causes one user to lose millions, hackers attempt to bribe a Tesla employee into infecting the company's network, and are we ready for a sky full of drones? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Jessica Barker. Visit https://www.smashingsecurity.com/194 (https://www.smashingsecurity.com/194) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jessica Barker. Sponsored By: https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.confidentcyber.com/ (Confident Cyber Security by Jessica Barker.) https://twitter.com/officialmcafee/status/1117781286796562432 (Tweet by John McAfee about the mathematical impossibility of Bitcoin being less than $1 million by the end of 2020.) http://dickening.com/ (The Dickening Countdown to John McAfee Dick Eating.) https://decrypt.co/40253/bitcoin-holder-loses-16-million-in-btc-to-well-known-scam (Bitcoin Holder Loses $16 Million in BTC to Well-Known Scam) — Decrypt. https://github.com/spesmilo/electrum/issues/5072#issuecomment-683356052 (Electrum user says he has lost 1400 Bitcoin) — GitHub. https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/ (Electrum Bitcoin wallets under siege) — Malwarebytes. https://github.com/spesmilo/electrum/issues/4968 (Electrum vulnerability announcement) — Github. https://en.wikipedia.org/wiki/Sybil_attack (Sybil attack) — Wikipedia. https://www.youtube.com/watch?v=60WVDnfY-_w (Fawlty Towers: The best of Sybil) — YouTube. https://electrum.org/#home (Electrum Bitcoin Wallet homepage.) https://www.databreachtoday.com/elon-musk-says-tesla-saved-from-serious-ransom-attempt-a-14907 (Elon Musk Says Tesla Saved From 'Serious' Ransom Attempt) — Data Breach Today. https://www.youtube.com/watch?v=dly6p4Fu5TE (Jennifer Lopez - Jenny from the Block (Official Music Video)) — YouTube. https://www.birmingham.ac.uk/Documents/research/policycommission/remote-warfare/final-report-october-2014.pdf (The security impact of drones: Challenges and opportunities for the UK (PDF)) — University of Birmingham. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7206421/ (Security analysis of drones systems: Attacks, limitations, and recommendations) — NCBI....
Sep 02, 2020
193: Hacking the CIA, Bridgefy, and college lockdowns
58:57
Whatever happened to Crackas with Attitude, perfidious Albion College's approach to locking down Coronavirus, and the Bridgefy mesh messaging app falls down when it comes to security. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Anna Brading. Visit https://www.smashingsecurity.com/193 (https://www.smashingsecurity.com/193) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Anna Brading. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://grahamcluley.com/cia-boss-personal-email-account-hacked-yes-aol/ (CIA boss has his personal email account hacked… and yes, it’s on AOL ) — Graham Cluley. https://www.theguardian.com/technology/2018/apr/20/two-years-detention-for-uk-teenager-who-cyberterrorised-us-officials-kane-gamble (Two years' detention for UK teenager who 'cyberterrorised' US officials ) — The Guardian. https://www.judiciary.uk/wp-content/uploads/2018/04/r-v-gamble-sentencing.pdf (Kane Gamble sentencing remarks (PDF).) https://www.vice.com/en_us/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban (What It’s Like for a Hacker to Get Back Online After a Two-Year Internet Ban) — Motherboard. https://techcrunch.com/2020/08/19/coronavirus-albion-security-flaws-app/?guccounter=1 (Fearing coronavirus, a Michigan college is tracking its students with a flawed app) — TechCrunch. https://arstechnica.com/features/2020/08/bridgefy-the-app-promoted-for-mass-protests-is-a-privacy-disaster/ (Bridgefy, the messenger promoted for mass protests, is a privacy disaster) — Ars Technica. https://bridgefy.me/bridgefys-commitment-to-privacy-and-security/ (Bridgefy’s Commitment to Privacy and Security.) https://martinralbrecht.files.wordpress.com/2020/08/bridgefy-abridged.pdf (Mesh Messaging in Large-scale protests: Breaking Bridgefy) — Technical paper by Martin R Albecht, Jorge Blasco, Lenka Marekova, and Rikke Bjerg Jensen of Royal Holloway, University of London. https://www.digitaltrends.com/movies/how-to-watch-the-avengers-movies-in-order/ (How to Watch The Avengers Movies in Order ) — Digital Trends. https://www.youtube.com/watch?v=ue80QwXMRHg ("Thor: Ragnarok" Official Trailer) — YouTube. https://www.bbc.co.uk/programmes/m000gkf5 (Sounds of the 90s with Fearne Cotton) — BBC. https://www.etsy.com/uk/listing/834554358/super-sapiens-a-card-game-to-help-change?ga_order=most_relevant&ga_search_type=all&ga_view_type=gallery&ga_search_query=super+sapiens&ref=sr_gallery-1-1&organic_search_click=1 (Super Sapiens: a card game to help change the world) — Etsy. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Aug 26, 2020
192: Ritz and robocalls - with Rory Cellan-Jones
49:28
A scam involving restaurant bookings at The Ritz is suitably sophisticated, the second wave of UK coronavirus testing apps, and we take a look at one of the biggest studies ever into the scourge of robocalls. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by BBC technology correspondent Rory Cellan-Jones. Visit https://www.smashingsecurity.com/ (https://www.smashingsecurity.com/192) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Rory Cellan-Jones. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/programmes/p01plr2p/episodes/downloads (Tech Tent podcast) — BBC World Service. https://www.theguardian.com/media/2020/may/18/sir-frederick-barclay-releases-footage-of-alleged-ritz-bugging (Sir Frederick Barclay releases footage of alleged Ritz bugging) — The Guardian. https://www.bbc.co.uk/news/technology-53793922 (Tea at the Ritz soured by credit card scammers) — BBC News. https://twitter.com/theritzlondon/status/1294747347679956992 (Tweet from The Ritz London.) https://www.bbc.co.uk/news/technology-53753678 (Coronavirus: England's contact-tracing app gets green light for trial ) — BBC News. https://www.bbc.co.uk/news/technology-53765240 (Coronavirus: England's contact tracing app trial gets under way ) — BBC News. https://www.zdnet.com/article/a-simple-telephony-honeypot-received-1-5-million-robocalls-across-11-months/ (A simple telephony honeypot received 1.5 million robocalls across 11 months ) — ZDNet. https://www.usenix.org/conference/usenixsecurity20/presentation/prasad (Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis) — USENIX. https://www.smashingsecurity.com/pick-of-the-week (Pick of the Week archive) — Smashing Security. https://www.bbc.co.uk/programmes/w13xttx2/episodes/downloads (13 Minutes to the Moon) — BBC World Service. https://www.qcodemedia.com/borrasca (Borrasca) — QCODE. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Aug 19, 2020
191: We are on the bird
54:15
Can a video game help your company's staff choose stronger passwords? Why might satellite-based internet communications be bad for security? And what are the alternatives to TikTok? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/191 (https://www.smashingsecurity.com/191) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.usenix.org/conference/soups2020/presentation/jayakrishnan (Passworld: A Serious Game to Promote Password Awareness and Diversity in an Enterprise) — USENIX. https://www.blackhat.com/us-20/briefings/schedule/#whispers-among-the-stars-a-practical-look-at-perpetrating-and-preventing-satellite-eavesdropping-attacks-19391 (Whispers Among the Stars: A Practical Look at Perpetrating (and Preventing) Satellite Eavesdropping Attacks ) — Black Hat USA 2020. https://www.youtube.com/watch?v=dLR9uEJPwNc (Satellite Broadband Security - James Pavur) — YouTube. https://www.theverge.com/2020/8/8/21360259/twitter-and-tiktok-acquisition-trump-microsoft (Twitter and TikTok reportedly have had talks about a deal) — The Verge. https://www.theguardian.com/technology/2020/aug/06/us-senate-tiktok-ban (Trump bans US transactions with Chinese-owned TikTok and WeChat ) — The Guardian. https://www.wired.co.uk/article/tiktok-alternatives-triller-byte-reels (These apps are scrambling to become the next TikTok) — Wired. https://about.fb.com/news/2020/08/introducing-instagram-reels/ (Introducing Instagram Reels) — Facebook. https://en.wikipedia.org/wiki/Quoridor (Quoridor) — Wikipedia. https://boardgamegeek.com/boardgame/624/quoridor (Quoridor) — BoardGameGeek. https://www.ebay.com/itm/BLACK-DECKER-20V-LBX20-Li-Ion-Battery-USB-Power-Source-Adapter-w-DC-12V-Port-/373091506301 (BLACK & DECKER 20V LBX20 Li-Ion Battery USB Power Source Adapter w/DC 12V Port ) — eBay. https://www.bbc.co.uk/iplayer/episodes/p05v9qqg/the-young-offenders (The Young Offenders) — BBC iPlayer. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Aug 12, 2020
190: Twitter hack arrests, email bad behaviour, and Fawkes vs facial recognition
48:40
Special guest Geoff White can't resist using the podcast to promote his new book, "Crime Dot Com", but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don't give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes - the technology fighting back at facial recognition. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by "Crime Dot Com" author Geoff White. Visit https://www.smashingsecurity.com/190 (https://www.smashingsecurity.com/190) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Geoff White. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/crimedotcom (A free chapter of Geoff's book, "Crime Dot Com") https://jezebel.com/this-bumbling-new-start-up-helps-conservative-websites-1844532981 (Start-Up Helps Conservative Websites Like the Daily Caller Store User Names, Postal Addresses of Anonymous Readers) — Jezebel. https://www.youtube.com/watch?v=EH9X69rYARE (Permission Shmarketing: How does GetEmails work?) — YouTube. https://www.youtube.com/watch?v=gfjQP8Izecc (Some say we're criminals. Many say we're unethical. We think we're geniuses. But we're so, so bad...) — YouTube. https://www.ktvu.com/news/3-charged-in-massive-twitter-hack-bitcoin-scam (Three charged in massive Twitter hack, Bitcoin scam) — KTVU. https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles-twitter-hack (Three Individuals Charged For Alleged Roles In Twitter Hack ) — Department of Justice. https://www.theatlantic.com/technology/archive/2020/07/defund-facial-recognition/613771/ (Defund Facial Recognition Before It's Too Late ) — The Atlantic. https://venturebeat.com/2020/07/13/atlas-of-surveillance-now-provides-searchable-interactive-database-of-police-surveillance/ ('Atlas of Surveillance' now provides searchable, interactive database of police surveillance ) — VentureBeat. https://www.eff.org/deeplinks/2020/01/clearview-ai-yet-another-example-why-we-need-ban-law-enforcement-use-face (Clearview AI—Yet Another Example of Why We Need A Ban on Law Enforcement Use of Face Recognition Now) — Electronic Frontier Foundation. https://facialrecognitionmap.com/ (Facial Recognition Map.) https://www.nytimes.com/2020/08/03/technology/fawkes-tool-protects-photos-from-facial-recognition.html (This Tool Could Protect Your Photos From Facial Recognition) — The New York Times. http://sandlab.cs.uchicago.edu/fawkes/ (Fawkes - Image "Cloaking" for Personal Privacy.) https://www.youtube.com/watch?v=AWrI0EuYW6A (Fawkes: Protecting...
Aug 05, 2020
189: DNA cock-up, Garmin hack, and virtual kidnappings
49:03
Why are students faking their own kidnappings? What's the story behind Garmin's ransomware attack? And a genetic genealogy website suffers a hack or two. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Ray [REDACTED]. Visit https://www.smashingsecurity.com/189 (https://www.smashingsecurity.com/189) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ray [REDACTED]. Sponsored By: https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats. Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.tohpodcast.com (Tribe of Hackers Podcast.) https://www.bbc.co.uk/news/world-us-canada-53226327 (Golden State Killer pleads guilty to 13 murders ) — BBC News. https://en.wikipedia.org/wiki/Joseph_James_DeAngelo (Joseph James DeAngelo ) — Wikipedia. https://www.buzzfeednews.com/article/peteraldhous/hackers-gedmatch-dna-privacy (Hackers Attacked Two Leading Genetic Genealogy Websites) — Buzzfeed News. https://techcrunch.com/2020/07/22/gedmatch-investigating-dna-profile-law-enforcement/?guccounter=1 (GEDmatch confirms data breach after users’ DNA profile data made available to police) — TechCrunch. https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/ (Garmin outage caused by confirmed WastedLocker ransomware attack) — Bleeping Computer. https://www.fbi.gov/news/stories/charges-announced-in-malware-conspiracy-120519 (Charges Announced in Malware Conspiracy ) — FBI. https://grahamcluley.com/garmin-staggers-back-online-after-ransomware-attack/ (Garmin staggers back online after ransomware attack) — Graham Cluley. https://www.bbc.co.uk/news/world-asia-china-52980637 (Coronavirus: China warns students over 'risks' of studying in Australia ) — BBC News. https://www.bbc.co.uk/news/world-australia-53549933 (Chinese students in Australia targeted in virtual kidnapping scam ) — BBC News. https://www.scmp.com/news/asia/australasia/article/3094782/chinese-students-australia-are-being-targeted-kidnapping (Chinese students in Australia are being targeted in kidnapping scams, police warn ) — South China Morning Post. https://www.vice.com/en_au/article/wxq4ez/chinese-students-fake-kidnappings-australia (Chinese Students in Australia Are Faking Their Own Kidnappings. Here’s Why) — Vice. https://secondhandsongs.com/ (SecondHandSongs.) http://rudy.ca/doomsday.html (Doomsday Algorithm) — Just in...
Jul 29, 2020
188: Dinner with Elon Musk and Kris Jenner
01:02:34
Who stopped Twitter's hackers from stealing more money? Why are Covid-19 researchers being told to ramp up their cybersecurity? How can you find out if your smartphone is infected with stalkerware? And who does Graham think he is turning down a celebrity dinner invite? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Lisa Forte. Visit https://www.smashingsecurity.com/188 (https://www.smashingsecurity.com/188) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Lisa Forte. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.tripwire.com/state-of-security/featured/twitter-mega-hack-what-you-need-to-know/ (The Twitter mega-hack. What you need to know) — Tripwire State of Security. https://www.grahamcluley.com/the-twitter-hack-why-elon-musk-bill-gates-jeff-bezos-and-others-might-have-reason-to-be-worried/ (The Twitter hack: Why Elon Musk, Bill Gates, Jeff Bezos and others might have reason to be worried) — Graham Cluley. https://www.forbes.com/sites/billybambrough/2020/07/19/exclusive-twitter-hackers-could-have-stolen-a-whole-lot-more/#74d1caba2f84 (Twitter Hackers Could Have Stolen A Whole Lot More Bitcoin) — Forbes. https://www.bbc.co.uk/news/technology-53455092 (Twitter says hackers downloaded private account data) — BBC News. https://www.gov.uk/government/news/uk-condemns-russian-intelligence-services-over-vaccine-cyber-attacks (UK condemns Russian Intelligence Services over vaccine cyber attacks) — GOV.UK. https://www.rt.com/uk/495243-russia-hacking-meddling-ambassador/ (Britain’s charges of hacking & meddling ‘make no sense’ but Russia is ready to turn the page & work with UK – ambassador) — Russia Today. https://www.ipwatchdog.com/2020/07/20/russian-cyber-espionage-group-targets-covid-19-vaccine-research-ip/id=123377/ (Russian Cyber Espionage Group Targets COVID-19 Vaccine Research and IP) — IP Watchdog. https://arstechnica.com/tech-policy/2020/07/google-bans-ads-for-stalkerware-apps-with-some-exceptions/ (Google bans ads for stalkerware apps—with some exceptions) — Ars Technica. https://www.grahamcluley.com/google-stalkerware-ban/ (Google’s ad ban won’t stop stalkerware apps from promoting themselves) — Graham Cluley. https://www.cnet.com/news/1-in-10-people-uses-stalkerware-to-track-partners-and-exes-poll-says/ (1 in 10 Americans uses stalkerware to track partners and exes, poll finds ) — CNET. https://www.digitaltrends.com/mobile/stalkerware-invisible-threat-faced-by-domestic-abuse-victims/ (Stalkerware: Domestic Abuse Victims Face Invisible Threat ) — Digital Trends. https://www.wired.com/story/how-to-check-for-stalkerware/ (How to Check Your Devices for...
Jul 22, 2020
187: Huawei ban, MGM hack, and a contact-tracing cock-up
01:03:18
Login chaos for England's contact tracing service, our drill-down on the Britain's Huawei 5G ban, MGM's blockbuster breach, and how to pronounce "Gigabyte." All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Plus we have a bonus featured interview with Scott Petry, the co-founder of Authentic8, all about how you can browse the internet safely, securely, and anonymously when conducting research, collecting sensitive evidence, and analyzing data. Visit https://www.smashingsecurity.com/187 (https://www.smashingsecurity.com/187) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Maria Varmazis and Scott Petry. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/authentic8 (Authentic8): Silo for Research (Toolbox) from Authentic8 is a secure and anonymous web browsing solution that enables threat intelligence, security, and public safety professionals to conduct research, collect evidence, and analyze data across the open, deep and dark web. To learn how Silo for Research enables teams to timely and efficiently investigate, while ensuring maximum security and oversight to ensure compliance - including GDPR - go to smashingsecurity.com/authentic8 https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://news.sky.com/story/coronavirus-contact-tracers-in-england-locked-out-of-accounts-12028196 (Coronavirus: Contact tracers in England 'locked out of accounts' ) — Sky News. https://www.grahamcluley.com/dido-harding-coronavirus-app/ (TalkTalk’s ex-CEO Dido Harding heads up the UK’s Coronavirus tracing app…) — Graham Cluley. https://www.grahamcluley.com/coronavirus-tracing-scammers/ (Apparently Coronavirus-tracing scammers won’t sound professional… (Yeah, right!)) — Graham Cluley. https://www.bbc.co.uk/news/technology-53403793 (Huawei 5G kit must be removed from UK by 2027 ) — BBC News. https://www.theverge.com/2020/7/6/21314340/huawei-5g-networks-security-risk-us-uk (US sanctions make Huawei more of a security risk, says leaked UK report) — The Verge. https://www.ncsc.gov.uk/blog-post/a-different-future-for-telecoms-in-the-uk (A different future for telecoms in the UK) — NCSC. https://www.commerce.gov/news/press-releases/2020/05/commerce-addresses-huaweis-efforts-undermine-entity-list-restricts (Commerce Addresses Huawei’s Efforts to Undermine Entity List, Restricts Products Designed and Produced with U.S. Technologies ) — U.S. Department of Commerce. https://www.zdnet.com/article/a-hacker-is-selling-details-of-142-million-mgm-hotel-guests-on-the-dark-web/ (A hacker is selling details of 142 million MGM hotel guests on the dark web) — ZDNet. https://window-swap.com/ (WindowSwap.)...
Jul 15, 2020
186: This one's for all the Karens!
49:38
A high-rolling Hushpuppi gets extradited to the United States, Carole details her problems with clipboards and Disposophobia, and our guest becomes the subject of fake news during the Senegalese election. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by investigative journalist Michelle Madsen (or is it Michelle Damsen? Hmm...). Visit https://www.smashingsecurity.com/186 (https://www.smashingsecurity.com/186) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Michelle Madsen. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/authentic8 (Authentic8): Silo for Research (Toolbox) from Authentic8 is a secure and anonymous web browsing solution that enables threat intelligence, security, and public safety professionals to conduct research, collect evidence, and analyze data across the open, deep and dark web. To learn how Silo for Research enables teams to timely and efficiently investigate, while ensuring maximum security and oversight to ensure compliance - including GDPR - go to smashingsecurity.com/authentic8 https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.instagram.com/hushpuppi/ (Ray Hushpuppi's Instagram account.) https://www.theregister.com/2020/07/06/hushpuppi_extradited_bec_conspiracy/ (Your 2.3m Instagram fans won't stop the FBI... Web star accused of plotting to launder millions from cyber-crime) — The Register. http://garwarner.blogspot.com/2020/07/hushpuppi-and-mrwoodbery-bec-scammers.html (Hushpuppi and Mr. Woodbery, BEC scammers: Welcome to Chicago!) — CyberCrime & Doing Time. https://vimeo.com/432461710 (Dubai Police operation Fox Hunt 2 against Hushpuppi.) — Vimeo. https://www.agari.com/insights/whitepapers/cosmic-lynx-threat-dossier/ (Cosmic Lynx Threat Dossier) — Agari. https://dmarc.org/ (Domain Message Authentication Reporting & Conformance) — DMARC. https://www.cyber.gov.au/acsc/view-all-content/publications/how-combat-fake-emails (How to Combat Fake Emails) — Australian Cyber Security Centre. https://www.bbc.co.uk/news/world-africa-52625771 (My fake news whodunnit: Caught up in a Senegal fake news scam) — BBC News. https://www.bbc.co.uk/programmes/w3ct0t61 (The Documentary: My fake news whodunnit) — BBC World Service. https://twitter.com/jeremyburge/status/1275896482433040386 (TikTok grabbing the contents of an iPhone clipboard every 1-3 keystrokes) — Twitter. https://www.mysk.blog/2020/03/10/popular-iphone-and-ipad-apps-snooping-on-the-pasteboard/ (Popular iPhone and iPad Apps Snooping on the Pasteboard) — Mysk. https://www.youtube.com/watch?v=g4j1ZhanYLk (The Life and Times of David Lloyd George (with Ennio Morricone theme tune)) — YouTube....
Jul 08, 2020
185: Bieber fever, Roblox, and ransomware
47:11
Who's been dressing Robox players up in red baseball caps? Which ransomware victim's negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by John Hawes. Visit https://www.smashingsecurity.com/185 (https://www.smashingsecurity.com/185) to check out this episode’s show notes and episode links. Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on https://apple.co/2J1YMCu (Apple Podcasts), or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: John Hawes. Sponsored By: https://www.smashingsecurity.com/authentic8 (Authentic8): https://www.smashingsecurity.com/authentic8 (Silo for Research (Toolbox) from Authentic8 is a secure and anonymous web browsing solution that enables threat intelligence, security, and public safety professionals to conduct research, collect evidence, and analyze data across the open, deep and dark web.) https://www.smashingsecurity.com/authentic8 (To learn how Silo for Research enables teams to timely and efficiently investigate, while ensuring maximum security and oversight to ensure compliance - including GDPR - go to smashingsecurity.com/authentic8) https://www.lastpass.com/smashing (LastPass): https://www.lastpass.com/smashing (LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.) https://www.lastpass.com/smashing (But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.) https://www.lastpass.com/smashing (Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bleepingcomputer.com/news/security/roblox-accounts-being-hacked-in-support-of-trump-reelection/ (Roblox accounts being hacked in support of Trump re-election) — Bleeping Computer. https://en.help.roblox.com/hc/en-us/articles/212459863-Add-2-Step-Verification-to-Your-Account (Add 2-Step Verification to Your Roblox Account) — Roblox. https://www.wired.com/story/ransomware-magecart-coronavirus-security-news/ (Ransomware Groups Promise Not to Hit Hospitals Amid Pandemic) — Wired. https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-what-need-know/ (NetWalker Ransomware - What You Need to Know) — Tripwire. https://www.ucsf.edu/news/2020/06/417911/update-it-security-incident-ucsf (Update on IT Security Incident at UCSF) — UC San Francisco. https://www.bbc.co.uk/news/technology-53214783 (How hackers extorted $1.14m from University of California, San Francisco) — BBC News. https://en.wikipedia.org/wiki/Pizzagate_conspiracy_theory (Pizzagate conspiracy theory) — Wikipedia. https://www.nytimes.com/2020/06/29/technology/pizzagate-tiktok.html (A TikTok Twist on ‘PizzaGate’) — The New York Times. https://www.nytimes.com/2020/06/27/technology/pizzagate-justin-bieber-qanon-tiktok.html (‘PizzaGate’ Conspiracy Theory Thrives Anew in the TikTok Era) — The New York Times....
Jul 01, 2020
184: Vanity Bitcoin wallets, BlueLeaks, and a Coronavirus app conspiracy
51:12
A conspiracy spreads on social media about Coronavirus tracing apps, US police find decades' worth of sensitive data leaked online, and is there a Bitcoin bonanza to be had from watching Elon Musk YouTube videos? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by BBC technology reporter Zoe Kleinman. Visit https://www.smashingsecurity.com/184 (https://www.smashingsecurity.com/184) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Zoe Kleinman. Sponsored By: https://www.smashingsecurity.com/cyberaware (MetaCompliance): https://www.smashingsecurity.com/cyberaware (Create a more security-conscious workforce with MetaCompliance's Cyber Security Awareness for Dummies book. Download it for free at smashingsecurity.com/cyberaware) https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/av/technology-10815956/how-photographs-are-airbrushed (How photographs are airbrushed) — A 2010 BBC News article, starring Zoe Kleinman. https://www.zdnet.com/article/elon-musk-bitcoin-vanity-addresses-used-to-scam-users-out-of-2-million/ (Elon Musk Bitcoin vanity addresses used to scam users out of $2 million) — ZDNet. https://decrypt.co/9511/kate-winslet-responds-to-bitcoin-scam-faking-her-endorsement (Kate Winslet responds to Bitcoin scam faking her endorsement) — Decrypt. https://decrypt.co/25135/bitcoin-scam-uses-prince-harry-meghan-markle-to-dupe-would-be-investors (Bitcoin scam uses Prince Harry, Meghan Markle to dupe would-be investors) — Decrypt. https://www.bbc.co.uk/news/health-53120290 (Covid-19 tracing tool on smartphones is 'not app') — BBC News. https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/ (‘BlueLeaks’ Exposes Files from Hundreds of Police Departments) — Krebs on Security. https://www.kokoanalytics.com/ (Koko Analytics) — A privacy-friendly analytics plugin for WordPress. https://usefathom.com/ (Fathom) — Fast, simple and privacy-focused website analytics. https://www.youtube.com/watch?v=0ZfZj2bn_xg (Upload trailer) — YouTube. https://audioboom.com/channels/5011001 (Backspace and beyond) — Audioboom. http://rustyquill.com/the-magnus-archives/ (The Magnus Archives) — Horror podcast. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Jun 24, 2020
183: MAMILs, gameshows, and a surprise from eBay
46:19
A TV gameshow with cash prizes if you're obeying Coronavirus lockdown rules, ex-Ebay staff charged in crazy cyberstalking case, and when the wrong cyclist was accused by the internet bearing pitchforks. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/183 (https://www.smashingsecurity.com/183) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.smashingsecurity.com/cyberaware (MetaCompliance): https://www.smashingsecurity.com/cyberaware (Create a more security-conscious workforce with MetaCompliance's Cyber Security Awareness for Dummies book. Download it for free at smashingsecurity.com/cyberaware) https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://en.wikipedia.org/wiki/Mr_Blobby (Mr Blobby ) — Wikipedia. https://en.wikipedia.org/wiki/Noel%27s_House_Party (Noel's House Party) — Wikipedia. https://www.youtube.com/watch?v=DC2Ka8_nW7k (A man is surprised at home by Noel's House Party) — YouTube. https://www.amnesty.org/en/latest/news/2020/06/bahrain-kuwait-norway-contact-tracing-apps-danger-for-privacy/ (Bahrain, Kuwait and Norway contact tracing apps among most dangerous for privacy) — Amnesty International. https://www.bbc.co.uk/news/world-middle-east-53052395 (Coronavirus: Alarm over 'invasive' Kuwait and Bahrain contact-tracing apps) — BBC News. http://www.iga.gov.bh/en/article/iGA-Joint-Committee-to-Oversee-Selection-of-Are-You-At-Home-Winners (‘Are You At Home?’ Winner Selection Rules) — Bahrain's Information & eGovernment Authority. https://apps.apple.com/app/id1501478858?mt=8 (Bahrain BeAware) — iOS App Store. https://play.google.com/store/apps/details?id=bh.bahrain.corona.tracker (Bahrain BeAware) — Google Play Store. https://www.justice.gov/usao-ma/pr/six-former-ebay-employees-charged-aggressive-cyberstalking-campaign-targeting-natick (Six Former eBay Employees Charged with Aggressive Cyberstalking Campaign Targeting Natick Couple ) — Department of Justice. https://www.thestreet.com/investing/ex-ebay-ceo-messages-led-to-ouster-stalking-probe (Ex-EBay CEO's 'Inappropriate' Messages Played Role in Ouster) — TheStreet. https://twitter.com/nyccookies/status/1268640734254714883 (MAMIL throws a tantrum) — Twitter. https://edition.cnn.com/2020/06/06/us/police-arrest-cyclist-accosting-people-posting-signs-trnd/index.html (Maryland cyclist arrested for assaulting 3 people posting Black Lives Matter flyers) — CNN. https://www.smashingsecurity.com/63 (Smashing Security episode 063: Carole's back!) — In which we discuss privacy issues involving fitness trackers....
Jun 17, 2020
182: Space Force, credit card fraud, and beep-ti-beep
01:01:55
Graham finds himself in hot water with a security firm after a data breach, Carole discusses credit card fraud, and we have a pleasant surprise for Thom Langford, who appears to have mostly agreed to be a guest to promote his own podcast. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Host Unknown's Thom Langford. And don't miss our featured interview with Robbie O'Brien of MetaCompliance, all about the new book he's written - Cyber Security Awareness for Dummies. Visit https://www.smashingsecurity.com/182 (https://www.smashingsecurity.com/182) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Robert O'Brien and Thom Langford. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/cyberaware (MetaCompliance): https://www.smashingsecurity.com/cyberaware (Create a more security-conscious workforce with MetaCompliance's Cyber Security Awareness for Dummies book. Download it for free at smashingsecurity.com/cyberaware) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.grahamcluley.com/security-firm-five-billion-records-exposed-unsecured-database/ (Security firm leaves more than five billion records exposed on unsecured database) — Graham Cluley. https://twitter.com/gcluley/status/1268079959622455297 ("Following a legal threat from ███████ ████ I have removed their name from this article on my site...") — Graham Cluley on Twitter. https://www.verdict.co.uk/keepnet-labs-data-breach/ (Keepnet Labs confirms contractor exposed 'data breach database' of 5 billion records) — Verdict. https://www.keepnetlabs.com/public-statement-in-relation-to-data-briefly-exposed-on-an-elasticsearch-database/ (Public Statement in Relation to Data Briefly Exposed on an ElasticSearch Database) — Keepnet Labs. https://www.grahamcluley.com/keepnet-labs-statement-data-breach/ (After threatening me with legal action, Keepnet Labs finally issues statement over data breach) — Graham Cluley. https://www.grahamcluley.com/goodbye-naked-security/ (Goodbye Naked Security?) — Graham Cluley. https://www.cbr.com/us-military-lose-space-force-trademark-netflix/ (US Military Could Lose Space Force Trademark to Netflix Series) — CBR. https://www.theverge.com/21279403/space-force-review-netflix-steve-carell-nasa-the-office (Space Force review: astonishingly bad show) — The Verge. https://www.verdict.co.uk/cards-international/news/scammers-continue-to-ramp-up-credit-card-fraud-amid-covid-19/ (The number of credit card scams continues to soar during the pandemic) — Verdict....
Jun 10, 2020
181: Anti-cybercrime ads, tricky tracing, and a 5G Bioshield
52:22
Police are hoping to stop kids becoming cybercriminals by bombarding them with Google Ads, phishers rub their hands in glee at the NHS track and trace service, and just how does a nano-layer of quantum holographic catalyzer technology make a USB stick cost hundreds of pounds? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/181 (https://www.smashingsecurity.com/181) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.smashingsecurity.com/deepinstinct (Deep Instinct): Most people agree that the most effective way to reduce the cost of an attack is to prevent it from happening in the first place! Deep Instinct strives to prevent all known and unknown threats using deep learning, making detection and response automated, fast and effective for any threat that cannot be prevented. Check out a report by the Ponemon Institute, which studied the cost savings of adopting an efficient prevention model. Go grab it at smashingsecurity.com/deepinstinct https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats. Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://en.wikipedia.org/wiki/Cheating_in_online_games (Cheating in online games) — Wikipedia. https://krebsonsecurity.com/2020/05/uk-ad-campaign-seeks-to-deter-cybercrime/ (UK Ad Campaign Seeks to Deter Cybercrime) — Brian Krebs. https://www.nationalcrimeagency.gov.uk/?view=article&id=243:ddos-attacks-are-illegal&catid=2 (DDoS attacks are illegal) — National Crime Agency (NCA). https://www.lightbluetouchpaper.org/2018/08/28/google-doesnt-seem-to-believe-booters-are-illegal/ (Google doesn’t seem to believe booters are illegal) — Light Blue Touchpaper. https://support.google.com/adspolicy/answer/6020955?hl=en&ref_topic=1626336 (Google ad policies.) https://contact-tracing.phe.gov.uk/ (NHS Test and Trace) — Yes, the legitimate website. https://theantisocialengineer.com/2020/05/30/phishing-danger-is-just-a-hyphen-away/ (Phishing danger is just a hyphen away) — The AntiSocial Engineer. https://www.grahamcluley.com/coronavirus-tracing-scammers/ (Apparently Coronavirus-tracing scammers won't sound professional... (Yeah, right!)) — Graham Cluley. https://fullfact.org/online/test-and-trace-scam/ (This is how you can verify you are actually being contacted by the government’s Test and Trace service) — Full Fact....
Jun 03, 2020
180: Taking care of Clare
46:18
On this special splinter episode of the podcast, we're joined by actor and comedian Clare Blackwood in the hope of convincing her that cybersecurity is no laughing matter. Hear what happens in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Carole's cousin (!) Clare Blackwood. Visit https://www.smashingsecurity.com/180 (https://www.smashingsecurity.com/180) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Clare Blackwood. Sponsored By: https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats. Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.latimes.com/entertainment-arts/story/2020-04-10/coronavirus-tiktok-dance-challenge-age-debate (All ages dance on TikTok during coronavirus quarantine) — Los Angeles Times. https://nakedsecurity.sophos.com/2012/12/03/john-mcafee-location-exif/ (Fugitive John McAfee’s location revealed by photo meta-data screw-up) — Naked Security. https://haveibeenpwned.com/ (Have I Been Pwned: Check if your email has been compromised in a data breach.) https://twitter.com/clareblackwood/status/1243632908541313025 (Clare Blackwood's TikTok dance.) https://www.youtube.com/watch?v=yKf9aUIxdb4 (The Miracle Sudoku) — YouTube. https://www.youtube.com/channel/UCC-UOdK8-mIjxBQm_ot1T-Q (Cracking The Cryptic YouTube channel.) https://www.theguardian.com/lifeandstyle/2020/may/22/cracking-the-cryptic-puzzled-uk-men-become-internet-sensation-with-sudoku-channel (Puzzled man solving 'miracle' sudoku becomes YouTube sensation ) — The Guardian. https://www.dumbdice.com/ (Dumb-Dumbs and Dice.) https://www.netflix.com/title/81008221 (Into the Night) — Netflix. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
May 27, 2020
179: Deepfake Jay-Z, and beer apps spilling your data
01:02:11
Apps that belch out sensitive military information, what could the world learn from South Korea's digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump... and why? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Brian Klaas of the "Power Corrupts" podcast. Plus we have a bonus feature interview with Rachael Stockton from Logmein, the folks behind LastPass, all about their report into the psychology of passwords. Visit https://www.smashingsecurity.com/179 (https://www.smashingsecurity.com/179) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Brian Klaas and Rachael Stockton. Sponsored By: https://www.smashingsecurity.com/passwordreport (LastPass): LastPass's "Psychology of Passwords" report surveyed over 3,000 people around the world to highlight the current state of online security behaviors – and the results are alarming. Download it now at smashingsecurity.com/passwordreport https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats. Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week. https://www.smashingsecurity.com/boxcryptor (Boxcryptor): Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice. Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/ (Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App) — Bellingcat. https://time.com/5834991/south-korea-coronavirus-nightclubs/ (What South Korea's Nightclub Outbreak Can Teach Other Countries) — Time. https://arstechnica.com/gaming/2020/05/when-audio-deepfakes-put-words-in-jay-zs-mouth-did-he-have-a-legal-case/ (When audio deepfakes put words in Jay-Z’s mouth, did he have a legal case?) — Ars Technica. https://www.forbes.com/sites/williamhochberg/2020/05/18/to-sue-or-not-to-sue---that-is-the-jay-zs-deepfake-question/#5e3d2edb128b (Jay-Z’s Deepfake Hamlet Recital — To Sue, Or Not To Sue) — Forbes. https://www.youtube.com/channel/UCRt-fquxnij9wDnFJnpPS2Q/videos (Vocal Synthesis ) — YouTube channel. https://themargins.substack.com/p/doordash-and-pizza-arbitrage (Doordash and Pizza Arbitrage) — Ranjan Roy. https://www.youtube.com/watch?v=NUxI09AS8MI&list=PL9U6ws7o3ik6ZW9k8d2IcbZnWrNFzIn0V (Iron Chef Japan episodes) — YouTube. https://www.kevinroose.com/rabbit-hole (Rabbit Hole podcast.) https://www.smashingsecurity.com/passwordreport (The Psychology of...
May 20, 2020
178: Office pranks, meat dresses, and robocop dogs
50:42
Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by special guest Lisa Forte. Visit https://www.smashingsecurity.com/178 (https://www.smashingsecurity.com/178) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Lisa Forte. Sponsored By: https://www.immersivelabs.com/smashing (Immersive Labs): Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats. Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week. https://www.smashingsecurity.com/oraclereport (Oracle): Check out the free cloud security reports that Oracle is making available for listeners of "Smashing Security" and learn how organizations can make security an essential part of the culture of their business. Read the free reports at smashingsecurity.com/oraclereport https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://techcommunity.microsoft.com/t5/exchange-team-blog/me-too/ba-p/610643 (Me Too!) — Microsoft tells the story of the Bedlam DL3 email storm. https://www.businessinsider.com/microsoft-employee-github-reply-all-email-storm-2019-1?r=US&IR=T (Microsoft employees swept up in GitHub reply-all email apocalypse ) — Business Insider. https://www.theverge.com/2020/5/10/21253627/microsoft-reply-all-email-block-reply-allpocalypse-storm (Microsoft now blocks reply-all email storms to end our inbox nightmares) — The Verge. https://techcommunity.microsoft.com/t5/exchange-team-blog/reply-all-storm-protection-in-exchange-online/ba-p/1369811 (Reply All Storm Protection in Exchange Online ) — Microsoft Tech Community. https://www.grahamcluley.com/nhs-suffered-massive-email-storm-today/ (The NHS's massive email storm) — Graham Cluley. https://variety.com/2020/digital/news/entertainment-law-firm-hacked-data-breach-lady-gaga-madonna-bruce-springsteen-1234602737/ (Entertainment Law Firm Hacked in Major Data Breach, Ransomware Attack ) — Variety. https://www.bbc.co.uk/news/business-52630367 (Coronavirus: Commuters told to 'prepare to queue' in new guidance) — BBC News. https://www.nytimes.com/2020/05/11/technology/coronavirus-worker-testing-privacy.html (Employers Rush to Adopt Virus Screening. The Tools May Not Help Much) — The New York Times. https://www.bbc.co.uk/news/av/technology-52619568/coronavirus-robot-dog-enforces-social-distancing-in-singapore-park (Robot dog enforces social distancing in...
May 13, 2020
177: Elon Musk, Roblox, and Love Bug author found
01:00:31
What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down the man behind one of history's biggest virus outbreaks in Manila? And what on earth is a hacker doing breaching Roblox security? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by technology journalist Geoff White. Visit https://www.smashingsecurity.com/177 (https://www.smashingsecurity.com/177) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Geoff White. Sponsored By: https://www.domaintools.com/smashing (DomainTools): Join our friends at DomainTools for a webinar as they walk you through the process of identifying a nefarious domain, mapping connected infrastructure, and reverse-engineering a ransomware attack which used a Coronavirus disguise. Learn more about how DomainTools helps security analysts turn threat data into threat intelligence and watch the webinar at domaintools.com/smashing https://www.smashingsecurity.com/oracle (Oracle): Build, test, and deploy applications on Oracle Cloud - for free. Sign up at smashingsecurity.com/oracle and you'll soon be building, testing and deploying cloud applications securely with Oracle. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/vote (Vote for Smashing Security in the EU Security Blogger Awards!) https://soundcloud.com/user-88592135/earworm-island-1-graham-cluley (Graham Cluley on Earworm Island) — Earworm Island podcast. https://soundcloud.com/user-88592135/earworm-island-3-carole-theriault (Carole Theriault on Earworm Island) — Earworm Island podcast. https://twitter.com/elonmusk/status/1257550522132787200 (Elon Musk tweets a photo of his newborn child) — Twitter. https://www.daysoftheyear.com/days/password-day/ (World Password Day) — Days of the year. https://twitter.com/Grimezsz/status/1257836061520101377 (Grimes explains the baby's name) — Twitter. https://www.idagent.com/blog/dont-make-these-5-password-fails-but-do-notch-these-2-password-wins/ (Don’t Make These 5 Password FAILS! (But Do Notch These 2 Password Wins) ) — ID Agent. https://medium.com/@geoff_white/love-bug-virus-creator-comes-clean-420daeb02593 (Love Bug Virus Creator Comes Clean) — Geoff White. https://nakedsecurity.sophos.com/2009/03/26/memories-melissa-virus/ (Memories of the Melissa virus ) — Naked Security. https://en.wikipedia.org/wiki/Roblox (Roblox ) — Wikipedia. https://www.digitaltrends.com/gaming/what-is-roblox/ (What is Roblox? ) — Digital Trends. https://www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwords (Hacker Bribed 'Roblox' Insider to Access User Data ) — Motherboard....
May 06, 2020
176: Hacking hacks and university attacks
45:09
Journalists spying on their rivals, the NHS rejects Apple and Google's approach to Coronavirus-tracing, and universities are hit by an old-fashioned sexy lady attack. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by special guest Rik Ferguson. Visit https://www.smashingsecurity.com/176 (https://www.smashingsecurity.com/176) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Rik Ferguson. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/vote (Vote for Smashing Security in the EU Security Blogger Awards!) https://www.independent.co.uk/news/media/mark-di-stefano-financial-times-independent-evening-standard-zoom-call-a9485931.html (Financial Times reporter accessed private calls at Independent and Evening Standard) — The Independent. https://www.theguardian.com/media/2020/apr/27/ft-suspends-journalist-mark-di-stefano-accused-listening-papers-zoom-calls-independent-evening-standard (FT suspends journalist accused of listening to rival outlets' Zoom calls ) — The Guardian. https://nakedsecurity.sophos.com/2012/04/05/sky-news-admits-it-hacked-canoe-mans-email/ (Sky News admits it hacked Canoe Man’s email) — Naked Security. https://nakedsecurity.sophos.com/2013/03/19/is-it-ever-acceptable-for-a-journalist-to-hack-into-somebody-elses-email/ (Is it ever acceptable for a journalist to hack into somebody else’s email? ) — Naked Security. https://www.bbc.co.uk/news/technology-52441428 (NHS rejects Apple-Google coronavirus app plan) — BBC News. https://www.proofpoint.com/us/threat-insight/post/threat-actors-repurpose-hupigon-adult-dating-attacks-targeting-us-universities (Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities ) — Proofpoint. https://www.birminghammail.co.uk/news/midlands-news/warwick-university-kept-data-hack-18156758 (Warwick University kept data hack secret from students and staff) — Birmingham Live. https://www.justwatch.com/ (JustWatch - The Streaming Guide.) https://apps.apple.com/us/app/justwatch-movies-tv-shows/id979227482 (Just Watch) — Apple App Store. https://play.google.com/store/apps/details?id=com.justwatch.justwatch&hl=en_GB (Just Watch) — Google Play. https://www.amazon.co.uk/Amazon-Fire-Kids-Monthly-Subscription/dp/B071RKY16Z (Fire for Kids Unlimited) — Amazon UK. https://www.amazon.com/Childrens-Books-Kindle-Unlimited-Eligible/s?rh=n%3A4%2Cp_n_feature_twenty_browse-bin%3A13054657011 (Kindle Limited for Kids) — Amazon.com. http://www.j-archive.com/ (J! Archive.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Apr 29, 2020
175: Zoom deepfakes, Zardoz, and 'Rona tracing
49:45
Will deepfake disguises hit a video conference near you, can Coronavirus-tracing apps be trusted, and should Facebook shut down anti-quarantine events? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/175 (https://www.smashingsecurity.com/175) to check out this episode’s show notes and episode links. Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on https://apple.co/2J1YMCu (Apple Podcasts), or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.lastpass.com/smashing (LastPass): https://www.lastpass.com/smashing (LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.) https://www.smashingsecurity.com/boxcryptor (Boxcryptor): https://www.smashingsecurity.com/boxcryptor (Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice. Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://twitter.com/iainthomson/status/1252286893263183872 (Iain Thomson in fancy dress on Zoom.) — Twitter. https://www.smashingsecurity.com/134 (Smashing Security 134: Sextortion, silicone face masks, and a DDoS doofus.) https://github.com/alievk/avatarify (Avatarify: Avatars for Zoom and Skype) — GitHub. https://www.youtube.com/watch?v=lONuXGNqLO0 ("Elon Musk joined our Zoom call") — YouTube. https://www.youtube.com/watch?v=Q7LFDT-FRzs (Avatarify demo) — YouTube. https://www.vice.com/en_asia/article/g5xagy/this-open-source-program-deepfakes-you-during-zoom-meetings-in-real-time (This Open-Source Program Deepfakes You During Zoom Meetings, in Real Time) — Vice. https://www.youtube.com/watch?v=kbGVIdA3dx0 (Trailer for Zardoz (1974)) — YouTube. https://www.bbc.co.uk/news/world-us-canada-52363318 (Coronavirus: Governors ask Trump to call off lockdown protests ) — BBC News. https://www.theregister.co.uk/2020/04/21/coronavirus_astroturfing_outrage/ (Facebook sort-of blocks anti-quarantine events – how many folks are actually behind these 'massive' protests online?) — The Register. https://en.wikipedia.org/wiki/COVID-19_apps (COVID-19 apps ) — Wikipedia. https://www.nytimes.com/aponline/2020/04/15/science/ap-us-sci-virus-outbreak-us-surveillance.html (Would You Give Up Health or Location Data to Return to Work?) — The New York Times. https://venturebeat.com/2020/04/21/european-scientists-and-researchers-raise-privacy-concerns-over-coronavirus-contact-tracing-apps/ (European scientists and researchers...
Apr 22, 2020
174: Animal Crossing with Garry Kasparov
46:26
World-chess-champion-turned-activist Garry Kasparov joins us as we discuss celebrity lookalikes, smartphone fleeceware, the impact Coronavirus is having on security, and how a popular new video game is being used for political ends. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Garry Kasparov. Yes, the Garry Kasparov. Graham was pretty excited too. Visit https://www.smashingsecurity.com/174 (https://www.smashingsecurity.com/174) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Garry Kasparov. Sponsored By: https://www.smashingsecurity.com/boxcryptor (Boxcryptor): Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice. Listeners can get a 40% discount on the Boxcryptor Personal License (private use) and Boxcryptor Business (perfect for self-employed) by visiting smashingsecurity.com/boxcryptor https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://news.sophos.com/en-us/2020/04/08/iphone-fleeceware/ (Don’t let fleeceware sneak into your iPhone) — Sophos. https://news.sophos.com/en-us/2020/01/14/fleeceware-apps-persist-on-the-play-store/ (Fleeceware apps persist on the Play Store) — Sophos. https://www.zdnet.com/article/fleeceware-apps-discovered-on-the-ios-app-store/ (Fleeceware apps discovered on the iOS App Store) — ZDNet. https://support.apple.com/en-gb/HT202039 (How to see or cancel subscriptions on your iPhone, iPad or iPod touch) — Apple Support. https://support.google.com/googleplay/answer/7018481 (How to cancel, pause, or change a subscription on Google Play) — Google Play Help. https://www.voanews.com/silicon-valley-technology/global-move-telecommute-work-increases-security-risks (Global Move to Telecommute Work Increases Security Risks ) — Voice of America. https://blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/ (Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book ) — Malwarebytes. https://animal-crossing.com/ (Animal Crossing.) https://www.petakids.com/save-animals/vegan-guide-animal-crossing-new-horizon/ (The Vegan Guide to 'Animal Crossing: New Horizons') — PETA Kids. https://www.abacusnews.com/games/chinese-gamers-decorate-animal-crossing-propaganda-and-covid-19-references/article/3076458 (Chinese gamers decorate Animal Crossing with propaganda and Covid-19 references) — Abacus. https://www.reuters.com/article/us-nintendo-china-animalcrossing/nintendo-game-pulled-from-chinese-platforms-after-hong-kong-protest-idUSKCN21S11F (Nintendo game pulled from Chinese platforms after Hong Kong protest ) — Reuters. https://www.bbc.co.uk/news/technology-52269671 (Animal Crossing removed from sale in China amid Hong Kong protests) — BBC News....
Apr 15, 2020
173: 5G fiascos, Zoom gloom, and butt biometrics
01:03:17
We take a look at the stinky backside of surveillance, gas about the latest video-conferencing threats, and jump into the murky world of 5G conspiracy theories. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by technology broadcaster David McClelland and featuring an interview with LastPass's Barry McMahon. Visit https://www.smashingsecurity.com/173 (https://www.smashingsecurity.com/173) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Barry McMahon and David McClelland. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://phys.org/news/2011-12-unleash-car-seat-rear.html (Engineers unleash car-seat identifier that reads your rear end) — Phys.org. https://www.pnas.org/content/112/22/E2930 (Identifying personal microbiomes using metagenomic codes) — PNAS. https://www.nature.com/articles/s41551-020-0534-9 (A mountable toilet system for personalized health monitoring via the analysis of excreta) — Nature. https://www.theguardian.com/society/2020/apr/06/magic-toilet-could-monitor-users-health-say-researchers ('Magic toilet' could monitor users' health, say researchers) — The Guardian. https://www.grahamcluley.com/toilet-hack/ (Toilet hackers could snoop on your poop, steal data of a “personal nature”) — Graham Cluley. https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/ (Zoomed In: A Look into a Coinminer Bundled with Zoom Installer ) — Trend Micro. https://www.bleepingcomputer.com/news/security/psa-fake-zoom-installers-being-used-to-distribute-malware/ (PSA: Fake Zoom installers being used to distribute malware) — Bleeping Computer. https://www.snopes.com/fact-check/5g-tower-torn-down-china-covid/ (Was a 5G Tower Torn Down in China To Stop COVID-19?) — Snopes. https://www.ibtimes.com/coronavirus-5g-conspiracy-theory-uk-cell-towers-burned-over-claims-it-causes-covid-19-2953934 (Coronavirus 5G Conspiracy Theory: UK Cell Towers Burned Over Claims It Causes COVID-19) — International Business Times. https://eu.usatoday.com/story/tech/2020/04/06/coronavirus-5-g-conspiracy-theory-cellular-towers/2955557001/ (Coronavirus 5G conspiracy theory spreads as cellphone towers attacked) — USA Today. https://fullfact.org/health/5G-not-accelerating-coronavirus/ (5G is not accelerating the spread of the new coronavirus) — Full Fact. https://www.theguardian.com/media/2020/apr/08/influencers-being-key-distributors-of-coronavirus-fake-news?CMP=Share_iOSApp_Other (Influencers among 'key distributors' of coronavirus misinformation ) — The Guardian. https://www.wired.co.uk/article/5g-coronavirus-conspiracy-theory (How the 5G
Apr 08, 2020
172: UncleF***Face - with Mikko Hyppönen
51:08
Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he's bought a Facebook Portal for his in-laws. All this and much much more is discussed in the latest edition of the award-winning "Smashing Security" podcast with https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/172 (https://www.smashingsecurity.com/172) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mikko Hyppönen. Sponsored By: https://www.domaintools.com/smashing (DomainTools): DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks. Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: http://herrasmieshakkerit.fi/ (Herrasmieshakkerit) — Mikko's security podcast (in Finnish) with Tomi Tuominen. https://www.youtube.com/watch?v=Z7S3-kv1snY (Video trailer for Herrasmieshakkerit) — YouTube. https://www.grahamcluley.com/houseparty-hack-claims-reward/ (Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims) — Graham Cluley. https://twitter.com/houseparty/status/1244666579670843406 (Houseparty declares that all accounts are safe) — Twitter. https://twitter.com/houseparty/status/1244827034406121472 (Houseparty announces $1,000,000 bounty) — Twitter. https://theintercept.com/2020/03/31/zoom-meeting-encryption/ (Zoom Meetings Do Not Support End-to-End Encryption) — The Intercept. https://deviceatlas.com/blog/most-popular-smartphones (The most popular smartphones in 2019) — DeviceAtlas. https://www.acquired.fm/episodes/the-zoom-ipo-with-santi-subotovsky (The Zoom IPO (with Santi Subotovsky)) — Acquired podcast. https://cyberv19.org.uk/ (Cyber Volunteers – Protecting and Responding for our healthcare services!) — CV19. https://www.bloomberg.com/news/features/2020-03-27/bosses-panic-buy-spy-software-to-keep-tabs-on-remote-workers (Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers ) — Bloomberg. https://futurism.com/the-byte/your-boss-trying-to-spy (Your Bosses Are Trying To Spy On You Now More Than Ever) — Futurism. https://www.businessinsider.com/work-from-home-sneek-webcam-picture-5-minutes-monitor-video-2020-3?utm_source=reddit.com&r=US&IR=T (Companies are using webcams to monitor employees working from home ) — Business Insider. https://play.acast.com/s/somethingrhymeswithpurple (Something Rhymes with Purple) —...
Apr 01, 2020
171: WhatsApp hoaxes, Zoombombs, and 8-bit love
45:30
Blackmailers are threatening to infect your family with Coronavirus, trolls are making Zoom an unsafe place for those of a sensitive disposition, and what is the mysterious Dr Negrin audio message spreading on WhatsApp? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by technology journalist Geoff White. Visit https://www.smashingsecurity.com/171 (https://www.smashingsecurity.com/171) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Geoff White. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://twitter.com/Pornhub/status/1242264770071465984 ("Stay home and help flatten the curve!") — Tweet by Pornhub. https://nakedsecurity.sophos.com/2020/03/19/dirty-little-secret-extortion-email-threatens-to-give-your-family-coronavirus/ (‘Dirty little secret’ extortion email threatens to give your family coronavirus) — Naked Security. https://www.youtube.com/watch?v=yv_8dx7g-WA (Google Assistant calling the hairdresser for an appointment ) — YouTube. https://twitter.com/geoffwhite247/status/1242032994711482370 (Geoff White tweets about the "Dr Negrin" audio message.) — Twitter. https://www.reddit.com/r/funny/comments/fntilv/priest_in_italy_live_streams_mass_activates/ (Priest in Italy live streams mass, activates filters by mistake) — Reddit. https://techcrunch.com/2020/03/17/zoombombing/ (Beware of ‘ZoomBombing:’ screensharing filth to video calls) — TechCrunch. https://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html (‘Zoombombing’: When Video Conferences Go Wrong ) — The New York Times. https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/ (How to prevent your Zoom meetings being Zoom-bombed (gate-crashed) by trolls ) — ZDNet. https://www.newsweek.com/google-zoom-classroom-students-schools-closed-coronavirus-china-1493309 (Students Are Targeting Zoom and Classroom With Bad Reviews To End Homework During Coronavirus Outbreak) — Newsweek. https://archive.org/details/softwarelibrary_msdos_games?tab=collection ( MS-DOS Games you can play in your browser) — The Internet Archive. https://archive.org/details/msdos_Humbug_1990 (Humbug by Graham Cluley) — The Internet Archive. https://www.amazon.com/New-Map-Wonders-Journey-Marvels/dp/022629191X (A New Map of Wonders: A Journey in Search of Modern Marvels) — Amazon.com. https://www.youtube.com/watch?v=Z7wC2OSziZk&list=PLUO8mnyUG2ELg0DwU20epJwtK1TmVI_zS (Revolution [8 Bit Tribute to The Beatles]) — YouTube. https://www.youtube.com/channel/UCn4HDI02U4f3VEsghRX7dRw (8 Bit Universe ) — YouTube. https://www.smashingsecurity.com/store (Smashing Security merchandise...
Mar 25, 2020
170: PornHub, Coronavirus apps, and remote working
47:21
It's a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you're unexpectedly working from home. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Malicious Life's Ran Levi from his attic. Visit https://www.smashingsecurity.com/170 (https://www.smashingsecurity.com/170) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ran Levi. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.domaintools.com/smashing (DomainTools): DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks. Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware (CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware) — DomainTools. https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware (CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware) — DomainTools. https://www.reuters.com/article/us-health-coronavirus-israel/israel-to-use-anti-terror-tech-to-counter-coronavirus-invisible-enemy-idUSKBN21113V (Israel to use anti-terror tech to counter coronavirus 'invisible enemy') — Reuters. https://www.businessinsider.com/coronavirus-sophie-trudeau-idris-elba-lewis-hamilton-london-wembley-event-2020-3?r=US&IR=T (Coronavirus: Sophie Trudeau had event with Idris Elba, Lewis Hamilton ) — Business Insider. https://www.vice.com/en_us/article/xgqmb3/porn-stop-production-coronavirus (Porn Sets Asked to Stop Production to Help Slow the Spread of Coronavirus) — VICE. https://www.cnbc.com/2019/10/13/people-who-work-from-home-earn-more-than-those-who-commuteheres-why.html (People who work from home earn more than those who commute—here's why) — CNBC. https://www.theverge.com/2020/3/12/21176211/twitter-employees-work-from-home-covid-19-coronavirus (Twitter orders all employees worldwide to work from home) — The Verge. https://www.space.com/nasa-coronavirus-administrator-work-from-home-update.html (NASA chief urges space agency employees work from home amid coronavirus outbreak ) — Space. https://www.cnbc.com/2020/03/16/jpmorgan-tells-employees-around-the-world-to-work-from-home.html (JPMorgan tells employees around the world to work from...
Mar 18, 2020
169: Burglaries, breaches, and bidets
51:06
How one guy's exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/169 (https://www.smashingsecurity.com/169) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/voicemail (Leave Smashing Security a voicemail!) https://www.nbcnews.com/news/us-news/google-tracked-his-bike-ride-past-burglarized-home-made-him-n1151761 (Google tracked his bike ride past a burglarized home. That made him a suspect.) — NBC News. https://www.smashingsecurity.com/144 (Smashing Security episode 144: "Google helps the FBI, Twitter Jack’s hijack, and car data woes.") https://www.youtube.com/watch?v=B_mhJO2qHlQ (Breaking Password Dependencies: Challenges in the Final Mile at Microsoft) — YouTube. https://www.theregister.co.uk/2020/03/06/virgin_more_leak_details/ (FYI: When Virgin Media said it leaked 'limited contact info', it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more ) — The Register. https://www.virginmedia.com/help/data-incident/important-information (Data Breach Information FAQ) — Virgin Media. https://turgensec.com/virgin-media-disclosure-statement/ (Virgin Media Disclosure Statement) — TurgenSec. https://www.bbc.co.uk/news/technology-51768577 (Virgin Media breach 'linked customers to porn') — BBC News. https://www.cleverendeavourgames.com/ultimate-chicken-horse (Ultimate Chicken Horse ) — Clever Endeavour Games. https://www.youtube.com/watch?v=zCzRPTDH6QQ (Ultimate Chicken Horse - Trailer - Nintendo Switch) — YouTube. https://www.latimes.com/entertainment-arts/music/story/2020-03-03/coronavirus-hand-washing-20-seconds-happy-birthday-10-songs (Coronavirus prevention: 10 songs for hand washing) — Los Angeles Times. https://www.reddit.com/r/funny/comments/fftfcn/new_currency_circulation_in_australia/ (New currency circulation in Australia) — Reddit. https://twitter.com/LisaForteUK/status/1237003316166606848 (Lisa Forte reports on loo roll stocks in the Abu Dhabi Waitrose) — Twitter. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Mar 11, 2020
168: The Bitcoin fraud factory
52:10
Fraudsters steal millions from those hoping to jump on the Bitcoin bandwagon, Twitter verifies a fake US politician, and it's another face palm for facial recognition. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/168 (https://www.smashingsecurity.com/168) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.domaintools.com/smashing (DomainTools): DomainTools turns threat data into threat intelligence, giving organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks. Read a free report into how automation is changing IT security, and specifically the staffing of IT departments. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.dn.se/nyheter/sverige/fraudfactory/ (Inside the Kiev fraud factory stealing senior citizens’ savings ) — Dagens Nyheter. https://www.theguardian.com/world/2020/mar/01/revealed-fake-traders-allegedly-prey-on-victims-in-global-investment-scam (Revealed: fake 'traders' allegedly prey on victims in global investment scam) — The Guardian. https://www.youtube.com/watch?v=oFmzb-obNgQ (Inside the Kiev Bitcoin fraud factory) — YouTube. https://edition.cnn.com/2020/02/28/tech/fake-twitter-candidate-2020/index.html (A high school student created a fake 2020 candidate. Twitter verified it) — CNN. https://help.twitter.com/en/managing-your-account/twitter-verified-accounts (Verified account FAQs) — Twitter. https://www.wksu.org/post/londons-dazzle-club-uses-makeup-protest-police-use-facial-recognition-technology (London's Dazzle Club uses makeup to protest police use of facial recognition technology) — WKSU. https://cvdazzle.com/ (CV Dazzle: Camouflage from Face Detection.) https://www.buzzfeednews.com/article/ryanmac/clearview-ai-fbi-ice-global-law-enforcement (Clearview AI's Facial Recognition Tech Is Being Used By The Justice Department, ICE, And The FBI) — BuzzFeed. https://amazondating.co/ (Amazon Dating: The Future of Dating) — Not the real Amazon. https://amazondating.co/cookie/dp/20190210&pf_rd_p=d619462f-67ee-4647-a6ce-8a6019ab3514&pf_rd_r=hmjrg7r0cd3vejkwqedt (Carole's ideal date) — Amazon Dating. http://www.bbc.co.uk/comedy/myword/ (My Word!) — BBC. https://www.youtube.com/watch?v=jlN5jlcTZuU (My Word recording from early 1960s) — YouTube. https://www.iheart.com/podcast/1119-solve-53761293/ (Solve podcast.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Mar 04, 2020
167: Coronavirus scams and an exaggerated lion
56:21
Scammers from Africa are preying on US businesses, a drug dealer makes a mistake when hiding his Bitcoin fortune, and the Coronavirus pandemic is causing scams to soar and raising questions about facial recognition. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Naked Security's Anna Brading. Visit https://www.smashingsecurity.com/167 (https://www.smashingsecurity.com/167) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Anna Brading. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.agari.com/email-security-blog/business-email-compromise-bec-exaggerated-lion/ (Business Email Compromise (BEC) and G Suite: How the Exaggerated Lion Cybercrime Group Cashes Out) — Agari. https://arstechnica.com/information-technology/2020/02/a-weed-dealers-59m-lesson-dont-hide-bitcoin-keys-with-a-fishing-rod/ (A weed dealer’s $59M lesson: Don’t hide Bitcoin keys with a fishing rod ) — Ars Technica. https://www.irishtimes.com/news/crime-and-law/chance-encounter-with-garda%C3%AD-unmasked-bitcoin-millionaire-drug-dealer-1.4180140 (Chance encounter with gardaí unmasked bitcoin millionaire drug dealer) — Irish Times. https://www.independent.co.uk/life-style/gadgets-and-tech/news/bitcoin-value-james-howells-newport-landfill-hard-drive-campbell-simpson-laszlo-hanyecz-a8091371.html (Man who ‘threw away’ bitcoin haul now worth over $80m wants to dig up landfill site) — The Independent. https://www.rsaconference.com/novel-coronavirus-update (Novel Coronavirus Update) — RSA Conference. https://www.peakprosperity.com/the-coronavirus-is-swiftly-breaching-defenses-across-the-world/ (The Coronavirus Is Swiftly Breaching Defenses Across The World) — Peak Prosperity. https://www.scmp.com/print/news/hong-kong/law-and-crime/article/3051862/scores-hongkongers-hit-mask-scam-facebook-hundreds (Scores of Hongkongers hit by mask scam on Facebook, hundreds more could be fraud victims since coronavirus outbreak) — South China Morning Post. https://www.vice.com/en_us/article/n7jdqq/coronavirus-protection-masks-supplies (How Big of a Scam Are 'Coronavirus Protection Kits?') — Vice. https://www.abacusnews.com/tech/wearing-mask-wont-stop-facial-recognition-anymore/article/3051388 (Wearing a mask won’t stop facial recognition anymore) — Abacus News. https://www.businessinsider.com/coronavirus-email-scam-covid-19-phishing-false-information-who-cdc-2020-2?r=US&IR=T (Coronavirus phishing scam targets victims with false information) — Business Insider. https://thiscatdoesnotexist.com/ (This Cat Does Not Exist.) https://thesecatsdonotexist.com/ (These Cats Do Not Exist.) https://www.sky.com/watch/intelligence (Intelligence)
Feb 26, 2020
166: What the Dickens! Ad ban thank you scam
42:02
How to stop dick pics on Twitter, and a new way bad guys are extorting money from websites earning cash from Google ads. All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/166 (https://www.smashingsecurity.com/166) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.domaintools.com/smashing (DomainTools): DomainTools turns threat data into threat intelligence, giving organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks. Read a free report into how automation is changing IT security, and specifically the staffing of IT departments. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://twitter.com/raeBress/status/1167864845758107648 (Tweet from Kelsey Bressler.) https://safedm.com/ (safeDM – Making the Internet Safer.) https://twitter.com/ShowYoDiq (@showYoDiq) — Twitter. https://www.buzzfeed.com/cameronwilson/dick-pic-filter-twitter-test?bftwnews&utm_term=4ldqpgc#4ldqpgc (This Dick Pic Filter For Your Inbox Does Block Most Pictures Of Dicks, And Some Dick-Like Things) — Buzzfeed. https://www.smashingsecurity.com/34 (Smashing Security 034: The pen is mightier than the password) — With special guest David McClelland. https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/ (Pay Up, Or We’ll Make Google Ban Your Ads) — Krebs on Security. https://www.youtube.com/watch?v=oHG7FnBDY0Q (The Personal History of David Copperfield (Trailer)) — YouTube. https://en.wikipedia.org/wiki/The_Personal_History_of_David_Copperfield#Critical_response (The Personal History of David Copperfield) — Wikipedia. https://www.endeavoraudio.com/podcasts/thriller-podcasts/hunted (Hunted) — Endeavor Audio. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Feb 19, 2020
165: Cheapfakes, deepfakes, and Ashley Madison
48:30
Wi-Fi hopping malware, the return of Ashley Madison extortion scams, and should social media be doing anything about cheapfakes? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Jessica Barker. Visit https://www.smashingsecurity.com/165 (https://www.smashingsecurity.com/165) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jessica Barker. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/162 (Smashing Security #162: Robocalls, health hacks, and facial recognition fears) — Carole talks about the activities of Clearview AI. https://podcasts.apple.com/us/podcast/the-end-of-privacy-as-we-know-it/id1200361736?i=1000465143460 (‎The Daily: The End of Privacy as We Know It?) — Apple Podcasts. https://www.us-cert.gov/ncas/alerts/TA18-201A (Emotet Malware Advisory) — US Department of Homeland Security. https://www.proofpoint.com/us/corporate-blog/post/emotet-wishes-you-merry-christmas-greta-thunberg (Emotet Wishes You a Merry Christmas from Greta Thunberg) — Proofpoint. https://www.grahamcluley.com/coronavirus-malware/ (Coronavirus - hackers exploit fear of infection to spread malware) — Graham Cluley. https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/ (Emotet evolves with new Wi-Fi spreader ) — Binary Defense. https://arstechnica.com/information-technology/2020/02/four-plus-years-later-ashley-madison-hack-is-used-in-new-extortion-scam/ (Dear Ashley Madison user, I know everything about you. Pay up or else) — Ars Technica. https://www.grahamcluley.com/ashley-madison-blackmail-letter/ (Here's what an Ashley Madison blackmail letter looks like) — Graham Cluley. https://www.theguardian.com/us-news/2020/feb/04/nancy-pelosi-trump-speech-rips-up-handshake-snub-state-of-the-union (Nancy Pelosi rips up Trump's speech after divisive State of the Union address) — The Guardian. https://twitter.com/Scavino45/status/1226675729531887616 (Tweet by Dan Scavino Jr.) https://apnews.com/12443c46b8cfee5e9659abb31eee5142 (Video of Pelosi brings renewed attention to 'cheapfakes') — AP News. https://www.nytimes.com/2020/02/04/technology/jigsaw-doctored-images-disinformation.html (Tool to Help Journalists Spot Doctored Images Is Unveiled by Jigsaw ) — The New York Times. https://www.smashingsecurity.com/143 (Smashing Security #143: Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians.) https://digest.bps.org.uk/2018/07/24/first-survey-of-its-kind-for-50-years-finds-most-americans-still-think-they-have-above-average-intelligence/ (First survey of its kind for 50 years finds most Americans still think they have above average intelligence )...
Feb 12, 2020
164: A bitter pill to swallow
34:15
A gallery is tricked into giving millions to a fraudster, software tells doctors to push opioids onto patients, and an artist finds a novel way to trick Google Maps into thinking there's a traffic jam. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, who ended up recording without a guest this week. Visit https://www.smashingsecurity.com/164 (https://www.smashingsecurity.com/164) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on https://castbox.fm/channel/Smashing-Security-id2153954 (Castbox), Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bloomberg.com/news/articles/2020-01-30/fraudsters-posing-as-art-dealer-got-gallery-to-transfer-millions (Fraudsters Posing as Art Dealer Got Gallery to Pay Millions) — Bloomberg. https://www.tate.org.uk/art/artworks/constable-lucas-hampstead-heath-harrow-in-the-distance-t04073 (‘Hampstead Heath, Harrow in the Distance’, John Constable, David Lucas, published 1855) — Tate. https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-145-million-resolve-criminal-and-civil-investigations-0 (Electronic Health Records Vendor to Pay $145 Million to Resolve Criminal and Civil Investigations ) — Department of Justice. https://www.latimes.com/business/story/2020-01-30/health-records-company-pushed-opioids-to-doctors-in-secret-deal (In secret deal with drugmaker, health-records tool pushed opioids) — Los Angeles Times. https://www.practicefusion.com/practice-management/ (Practice Management Software) — Practice Fusion. https://en.wikipedia.org/wiki/Opioid_epidemic_in_the_United_States (Opioid epidemic in the United States ) — Wikipedia. https://www.reuters.com/article/us-purdue-pharma-investigation-opioids-e/exclusive-oxycontin-maker-purdue-is-pharma-co-x-in-us-opioid-kickback-probe-sources-idUSKBN1ZR2RY (Exclusive: OxyContin maker Purdue is 'Pharma Co X' in U.S. opioid kickback probe - sources ) — Reuters. https://www.smashingsecurity.com/122 (Smashing Security 122: The big fat con at Office Depot.) http://www.simonweckert.com/googlemapshacks.html (Google Maps hacks) — Simon Weckert. https://www.youtube.com/watch?v=k5eL_al_m7Q (Google Maps Hacks by Simon Weckert) — YouTube. https://www.youtube.com/watch?v=YhLpQaAplMQ (Telling Lies launch trailer) — YouTube. https://apps.apple.com/us/app/telling-lies/id1261458837 (‎Telling Lies) — iOS App Store. https://store.steampowered.com/app/762830/Telling_Lies/ (Telling Lies) — Steam. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Feb 05, 2020
163: Russian heists and Ring wrongs
58:07
Should possessing malware be illegal in itself? How did a Russian cryptocurrency exchange millionaire lose his fortune? And what on earth are Amazon Ring doorbell cams up to now? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Lisa Forte. And don't miss our special featured interview with Adrian Sanabria, all about Thinkst Canary. Visit https://www.smashingsecurity.com/163 (https://www.smashingsecurity.com/163) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on https://castbox.fm/channel/2153954 (Castbox), Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Adrian Sanabria and Lisa Forte. Sponsored By: https://canary.tools/ (Thinkst): Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents... Listeners who mail in referencing Smashing Security get a 10% discount on their order! https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: http://mgaleg.maryland.gov/2020RS/bills/sb/sb0030f.pdf (Senate Bill 30 (PDF)) https://www.theregister.co.uk/2020/01/27/ransomware_possession_criminal_maryland/ (Maryland: Make malware possession a crime! Yes, yes, researchers get a free pass ) — The Register. https://www.techdirt.com/articles/20191004/19564743128/city-baltimore-blew-off-76000-ransomware-demand-only-to-find-out-bunch-data-had-never-been-backed-up.shtml (The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up ) — Techdirt. https://www.smashingsecurity.com/151 (Smashing Security 151: Frankly, sometimes paying the ransom is a good idea.) https://statelaws.findlaw.com/maryland-law/maryland-computer-crimes-laws.html (Maryland Computer Crimes Laws) — FindLaw. https://www.youtube.com/watch?v=NcSp7DcKBHE (Maryland Cookies TV advert ) — YouTube. https://www.bbc.co.uk/news/world-europe-50821547 (Hunting the missing millions from collapsed cryptocurrency) — BBC News. https://nypost.com/2019/07/13/inside-the-hellish-workday-of-an-amazon-warehouse-employee/ (Inside the hellish workday of an Amazon warehouse employee) — New York Post. https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers (Ring Doorbell App Packed with Third-Party Trackers ) — Electronic Frontier Foundation. https://www.bbc.co.uk/news/entertainment-arts-51278023 (Nicholas Parsons: 'Broadcasting legend' dies at 96 after short illness) — BBC News. https://en.wikipedia.org/wiki/Just_a_Minute (Just a Minute ) — Wikipedia....
Jan 29, 2020
162: Robocalls, health hacks, and facial recognition fears
52:17
A hospital gets hacked because of an ex-employee's grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Michael Hucks. Visit https://www.smashingsecurity.com/162 (https://www.smashingsecurity.com/162) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on https://castbox.fm/channel/2153954 (Castbox), Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Michael Hucks. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.domaintools.com/smashing (DomainTools): DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks. Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=urnOhIiiuYI (YOU Season 2 Trailer) — YouTube. https://www.dailymail.co.uk/news/article-7898807/Hospital-administrator-sacked-using-NHS-computer-download-10-000-records-spared-jail.html (Hospital administrator sacked for using NHS computer to download over 10,000 records is spared jail ) — Daily Mail. https://eu.usatoday.com/story/tech/2020/01/15/robocalls-americans-got-58-5-billion-2019/4476018002/ (Robocalls: Americans got 58.5 billion in 2019, up 22% from last year) — USA Today. https://www.zdnet.com/article/microsoft-and-google-just-cant-agree-on-proposed-ban-on-facial-recognition/ (Microsoft and Google just can't agree on proposed ban on facial recognition ) — ZDNet. https://clearview.ai/ (Clearview - Technology to help solve the hardest crimes.) https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html (The Secretive Company That Might End Privacy as We Know It) — New York Times. https://int.nyt.com/data/documenthelper/6690-clearview-faq/c8b081a0bcca12e7903a/optimized/full.pdf#page=1 (Clearview FAQ (PDF).) https://columbophile.com/2017/07/23/episode-review-columbo-double-shock/ (Episode review: Columbo Double Shock) — Graham got it wrong. It was Martin Landau, not Leonard Nimoy, who played the twins. And they weren't surgeons (but Nimoy did play an evil surgeon in a different Columbo episode that season) https://eunoia.world/ (Eunoia: Words that Don't Translate.) https://www.youtube.com/watch?v=wseIvny9O-U (Dog wagging her tail every time she sees her owner) — YouTube. https://www.amazon.com/She-Said-Breaking-Harassment-Movement/dp/0525560343 (She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement) —...
Jan 22, 2020
161: Love, lucky dips, and 23andMe
42:21
The man who hacked the UK National Lottery didn't end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Thom Langford. Visit https://www.smashingsecurity.com/161 (https://www.smashingsecurity.com/161) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Thom Langford. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://nationalcrimeagency.gov.uk/news/cyber-criminal-jailed-over-national-lottery-hack (Cyber criminal jailed over National Lottery hack) — National Crime Agency. https://hotforsecurity.bitdefender.com/blog/man-who-hacked-national-lottery-for-just-5-is-jailed-for-nine-months-22038.html (Man who hacked National Lottery for just £5 is jailed for nine months ) — Hot for Security. https://siliconangle.com/2020/01/06/booking-data-stolen-japanese-short-time-love-hotel-booking-service-happyhotel/ (Booking data stolen from Japanese short-time love hotel booking service HappyHotel) — SiliconANGLE. https://www.bloomberg.com/news/articles/2020-01-09/23andme-licenses-drug-compound-to-spanish-drugmaker-almirall (23andMe Licenses Drug Compound to Spanish Drugmaker Almirall) — Bloomberg. https://www.wired.com/story/wired25-stephen-quake-anne-wojcicki/ (Big Data and the End of Painful, Invasive Medical Procedures |) — Wired. https://www.wired.com/2017/04/23andme-won-back-right-foretell-diseases/ (How 23andMe Won Back the Right to Foretell Your Diseases ) — Wired. https://www.23andme.com/en-gb/about/privacy/#full-privacy-statement (Privacy policy.) — 23andMe. http://tbswitcher.rugarciap.com/ (Turbo Boost Switcher for macOS.) https://www.thesun.co.uk/news/10705098/embarrassed-patients-photos-genitals-sti-checks/ (Embarrassed patients can now send photos of genitals to doc for STI checks ) — The Sun. https://www.youtube.com/watch?v=mjLWuzGVyew (Messiah trailer) — YouTube. https://www.netflix.com/title/80117557 (Messiah) — Netflix. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Jan 15, 2020
160: SNAFUs! MS Word, Amazon Ring, and TikTok
53:06
We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you're comfortable with, and how teens are flocking to TikTok (and why that might be a problem). All this and much much more is covered in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/160 (https://www.smashingsecurity.com/160) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.justice.gov/usao-sdny/pr/senior-manager-global-internet-company-pleads-guilty-wire-fraud (Senior Manager Of Global Internet Company Pleads Guilty To Wire Fraud ) — Department of Justice. https://www.theregister.co.uk/2020/01/04/tech_manager_theft/ (IT exec sets up fake biz, uses it to bill his bosses $6m for phantom gear, gets caught by Microsoft Word metadata) — The Register. https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security (We Tested Ring’s Security. It’s Awful ) — Motherboard. https://www.fightforthefuture.org/news/2020-01-06-amazon-ring-isnt-even-good-at-pretending-to-care/ (Amazon Ring isn’t even good at pretending to care about your privacy and safety) — Fight for the Future https://www.geekwire.com/2020/amazons-ring-will-let-customers-opt-receiving-police-video-requests-app-update/ (Amazon’s Ring to let customers opt out of receiving police video requests) — GeekWire. https://www.wyden.senate.gov/imo/media/doc/112019%20Wyden%20Markey%20Can%20Hollen%20Coons%20Peters%20Ring%20Letter%20to%20Amazon.pdf (Letter to Amazon's Jeff Bezos from Senator Ron Wyden and others (PDF).) https://www.engadget.com/2019/12/14/house-apple-google-app-foreign-disclosure/?guccounter=1 (House panel asks Apple, Google if app makers must reveal foreign ties) — Engadget. https://www.wsj.com/articles/u-s-military-bans-tiktok-over-ties-to-china-11578090613 (U.S. Military Bans TikTok Over Ties to China) — Wall Street Journal. https://www.piie.com/blogs/china-economic-watch/growing-popularity-chinese-social-media-outside-china-poses-new-risks (The Growing Popularity of Chinese Social Media Outside China Poses New Risks in the West ) — PIIE. https://www.tiktok.com/legal/privacy-policy?lang=en#privacy-us (TikTok Privacy Policy.) https://newsroom.tiktok.com/en-us/statement-on-tiktoks-content-moderation-and-data-security-practices (Statement on TikTok's content moderation and data security practices ) — TikTok. https://www.theguardian.com/technology/2019/sep/25/revealed-how-tiktok-censors-videos-that-do-not-please-beijing (Revealed: how TikTok censors videos that do not please Beijing ) — The Guardian....
Jan 08, 2020
159: Rap, robbery, and IoT holiday hell
55:04
A rapping bank worker is accused of stealing from the vault, the devices that can hide your car's true mileage, and why it may be a case of "No No No" rather than "Ho Ho Ho" when it comes to IoT toys this Christmas. And as Carole sups the mulled wine, Graham has problems with his internet connection... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/159 (https://www.smashingsecurity.com/159) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://cointelegraph.com/news/no-chance-john-mcafee-halts-crypto-promo-as-us-2020-elections-near (‘No Chance:’ John McAfee Halts Crypto Promo as US 2020 Elections Near) — Coin Telegraph. https://www.justice.gov/usao-wdnc/pr/fbi-arrests-former-bank-employee-charged-stealing-cash-bank-vault (FBI Arrests Former Bank Employee Charged With Stealing Cash From Bank Vault ) — US Department of Justice. https://www.instagram.com/p/BohORYYAXA7/ ("Problem" video) — Aceey4oez on Instagram. https://www.smh.com.au/world/north-america/man-posted-photos-of-himself-with-stacks-of-cash-after-stealing-from-bank-charges-20191215-p53k62.html (Man posted photos of himself with stacks of cash after stealing from bank: charges) — Sydney Morning Herald. http://www.angelfire.com/fl4/cadillacs/images/seville.html (The 1980 Cadillac Seville.) https://www.youtube.com/watch?v=f4af1OBU5nQ (Naughty CANbus odometer "interface". (Fakes mileage.)) — Bigclivedotcom on YouTube. http://www.lse.ac.uk/media-and-communications/assets/documents/research/projects/childrens-privacy-online/Evidence-review-final.pdf (Children’s data and privacy online Growing up in a digital age (PDF)) — London School of Economics. https://www.cbsnews.com/news/amazon-echo-dot-kids-privacy-violations-puts-kids-at-risk-complaint-alleges/ (Amazon Echo Dot Kids: Privacy violations puts kids at risk, lawsuit alleges) — CBS News. https://www.itpro.co.uk/security/25669/parents-should-be-wary-of-all-connected-toys-expert-says (Parents should be wary of all connected toys, expert says ) — IT Pro. https://www.which.co.uk/news/2017/11/safety-alert-see-how-easy-it-is-for-almost-anyone-to-hack-your-childs-connected-toys/ (Safety alert: see how easy it is for almost anyone to hack your child’s connected toys ) — Which? https://www.which.co.uk/news/2019/12/kids-karaoke-machines-and-smart-toys-from-mattel-and-vtech-among-those-found-to-have-security-flaws-in-a-which-investigation/ (Kids’ karaoke machines and smart toys from Mattel and Vtech among those found to have...
Dec 18, 2019
158: The man behind The Missing Cryptoqueen
01:12:20
We're joined by special guest Jamie Bartlett, of the chart-topping "The Missing Cryptoqueen" podcast, in this bumper episode where we discuss his investigation into the OneCoin cryptocurrency scam, the Russian cybercriminals behind Evil Corp, and the mysterious leaks about the NHS that have turned oh-so-political... All this and much much more can be found in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/158 (https://www.smashingsecurity.com/158) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jamie Bartlett. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=mRUaqWBHI5c (Russian hacking group "Evil Corp" accused of targeting American businesses) — CBS News, YouTube. https://www.youtube.com/watch?v=Bi2TenWFljk (Evil Corp donuts) — YouTube. https://www.nationalcrimeagency.gov.uk/news/international-law-enforcement-operation-exposes-the-world-s-most-harmful-cyber-crime-group (International law enforcement operation exposes the world’s most harmful cyber crime group ) — National Crime Agency. https://home.treasury.gov/news/press-releases/sm845 (Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware ) — U.S. Department of the Treasury. https://www.vice.com/en_us/article/mbmmgx/uk-government-releases-photos-of-russian-hackers-whose-lives-look-awesome (UK Government Releases Photos of Russian Hackers, Whose Lives Look Awesome ) — Motherboard. https://meduza.io/en/feature/2019/12/08/hackers-with-high-placed-daddies (Hackers with high-placed daddies ‘Evil Corp’ member designated by U.S. Treasury is son of former Russian mayor) — Meduza. https://www.bbc.co.uk/programmes/p07nkd84 (The Missing Cryptoqueen) — BBC Sounds. https://www.theguardian.com/society/2019/nov/27/jeremy-corbyn-reveals-dossier-proving-nhs-up-for-sale (Jeremy Corbyn reveals dossier 'proving NHS up for sale' ) — The Guardian. https://techcrunch.com/2019/12/07/reddit-links-uk-us-trade-talk-leak-to-russian-influence-campaign/ (Reddit links UK-US trade talk leak to Russian influence campaign ) — TechCrunch. https://www.youtube.com/watch?v=HzhmLSH59HQ (Corbyn v Johnson: BBC election debate round-up) — YouTube. https://twitter.com/Cassetteboy/status/1202510614314278914 (Stammer Time!) — Cassetteboy on Twitter. https://www.vice.com/en_uk/article/ywaydx/nhs-for-sale-labour-documents-leaks (The Inside Story of Labour's 'NHS For Sale' Leak ) — Motherboard. https://truepublica.org.uk/united-kingdom/more-proof-nhs-is-up-for-sale-as-amazon-exploits-nhs-for-free/ (More proof NHS is up for sale as Amazon exploits NHS for free ) — TruePublica....
Dec 11, 2019
157: A biometric knuckle duster
01:05:41
What is Kaspersky's ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer? Plus we have a bonus feature interview with Rachael Stockton from Logmein, the folks behind LastPass, all about behavioral biometrics! All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/157 (https://www.smashingsecurity.com/157) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Maria Varmazis and Rachael Stockton. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/012-eau-de-eugene-kaspersky ("Eau de Eugene Kaspersky") — Smashing Security, episode 12. https://www.youtube.com/watch?v=k_y1OvEhZvg (Kaspersky Labs - Packin' The K) — YouTube. https://www.grahamcluley.com/hmrc-voiceprint-data/ (Thousands of taxpayers tell HMRC to delete voiceprint data it stored without consent) — Graham Cluley. https://www.tripwire.com/state-of-security/security-data-protection/hackers-steal-fingerprints/ (Hackers Have Stolen Almost Six Million US Government Fingerprints) — Tripwire. https://www.grahamcluley.com/video-fingerprints-passwords/ (Fingerprints are not the same as passwords) — Graham Cluley. https://www.youtube.com/watch?v=95VvTW1FvS8 (Face/Off trailer) — YouTube. https://twitter.com/SmashinSecurity/status/1202244111933280256 (Picture of the (rather ugly) Kaspersky ring) — Twitter. https://www.youtube.com/watch?v=dZ813bu0Q-E (Kasperky's synthetic fingerprint ring) — YouTube. https://www.pcmag.com/news/372302/this-ring-uses-a-fake-fingerprint-to-protect-your-biometric (This Ring Uses a Fake Fingerprint to Protect Your Biometric Data ) — PC Magazine. https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 (How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if you’ve never used Disney+ or NordVPN.) — Derek Johnson. https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ (The Rise of “Bulletproof” Residential Networks ) — Krebs on Security. https://nordvpn.com/blog/smartplay-explained/ (SmartPlay by NordVPN: What is it and how does it work? ) — NordVPN. https://medium.com/@xianghangmi/resident-evil-understanding-residential-ip-proxy-as-a-dark-service-dea9010a0e29 (Resident Evil: Understanding Residential IP Proxy as a Dark Service) — XiangHang Mi. https://www.hollywoodreporter.com/thr-esq/alleged-music-hacker-indicted-impersonating-a-producer-steal-unreleased-music-1258199 (Alleged Music Hacker Indicted for Impersonating a Producer to Steal Unreleased Music)...
Dec 04, 2019
156: Better safe than Sony
22:32
In this clip from a special bonus episode produced for our Patreon supporters, https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault discuss the 2014 hack of Sony Pictures - reportedly carried out by North Korea for the very oddest of reasons... Visit https://www.smashingsecurity.com/156 (https://www.smashingsecurity.com/156) to check out this episode’s show notes and episode links, and become one of our https://www.patreon.com/smashingsecurity ("bonus content" Patreon supporters) to hear the full episode in all its glory, get early access to future episodes, occasional bonus content, and even receive stickers! Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening and Happy Thanksgiving! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=uUQRog4fW6c (Hackers leak Hollywood salaries, embarrassing emails - PBS Newshour) — YouTube. https://www.grahamcluley.com/north-korea-hack-sony-seems-hard-believe/ (Did North Korea hack Sony? It seems hard to believe) — Graham Cluley. https://www.grahamcluley.com/wikileaks-sony-pictures-passwords/ (Poor passwords at Sony, WikiLeaks shows with archive of hacked documents) — Graham Cluley. https://www.youtube.com/watch?v=DkJA1rb8Nxo (The Interview Trailer (2014)) — YouTube. https://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html (U.S. Said to Find North Korea Ordered Cyberattack on Sony) — The New York Times. https://hotforsecurity.bitdefender.com/blog/sony-hackers-failed-to-hide-their-north-korean-ip-addresses-says-fbi-11141.html (Sony hackers failed to hide their North Korean IP addresses, says FBI) — Hot for Security. https://www.grahamcluley.com/nsa-hacked-north-koreas-networks-sony-attacks-theres-obvious-question/ (NSA allegedly hacked North Korea's networks before Sony attacks) — Graham Cluley.
Nov 27, 2019
155: Juice jacking, YouTube hacking, password slacking
50:39
A bank has some of the worst password advice ever, travellers are told to be wary when USB charging their smartphones and laptops, and a gamer has his YouTube account hacked. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Geoff White. Visit https://www.smashingsecurity.com/155 (https://www.smashingsecurity.com/155) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Geoff White. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://twitter.com/g_bonfiglio/status/1194301327607771140 (Giorgio Bonfiglio tweets about Fineco's bizarre attitude to passwords) — Twitter. https://www.vice.com/en_us/article/kz4jjv/this-bank-had-the-worst-password-policy-weve-ever-seen (This Bank Had the Worst Password Policy We've Ever Seen) — Motherboard. https://pages.nist.gov/800-63-3/sp800-63b.html (NIST password guidelines.) https://www.zdnet.com/article/officials-warn-about-the-dangers-of-using-public-usb-charging-stations/ (Officials warn about the dangers of using public USB charging stations ) — ZDNet. https://twitter.com/marcostylenl (MarcoStyle on Twitter.) https://www.forbes.com/sites/paultassi/2019/11/14/a-youtuber-with-350000-subscribers-was-hacked-youtube-verified-his-hacker/#57985ff26fe6 (A YouTuber With 350,000 Subscribers Was Hacked, YouTube Verified His Hacker) — Forbes. https://www.zdnet.com/article/massive-wave-of-account-hijacks-hits-youtube-creators/ (Massive wave of account hijacks hits YouTube creators) — ZDNet. https://reclaimthenet.org/marcostyle-hacked/ (Popular gaming channel MarcoStyle has been hacked for days, running scams, but YouTube isn't responding) — Reclaim the net. https://www.youtube.com/watch?v=BJ9S6zdm6VE (How my Youtube Channel got hacked for 2 weeks) — MarcoStyle on YouTube. https://www.netflix.com/title/80025678 (The Crown) — Netflix. https://en.wikipedia.org/wiki/Aberfan_disaster (Aberfan disaster ) — Wikipedia. https://aberfan.walesonline.co.uk/ (Aberfan - 50 years on) — WalesOnline. https://www.youtube.com/watch?v=FvBq5ucFw90 (Cliff Michelmore eyewitness report from Aberfan ) — YouTube. https://www.wnycstudios.org/podcasts/dolly-partons-america (Dolly Parton's America) — WNYC Studios. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Nov 20, 2019
154: A buttock of biometrics
50:03
The UK's Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple's credit card is accused of being sexist, and what is Google up to with Project Nightingale? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by John Hawes. Visit https://www.smashingsecurity.com/154 (https://www.smashingsecurity.com/154) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: John Hawes. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.grahamcluley.com/that-sophisticated-labour-cyber-attack-dont-panic/ (That "sophisticated" Labour cyber-attack - don't panic) — Graham Cluley. https://www.bbc.co.uk/news/election-2019-50388879 (General election 2019: Labour Party hit by second cyber-attack) — BBC News. https://www.thetimes.co.uk/article/election-2019-security-flaw-leaves-donors-details-online-3rn9b2d5f (Election 2019: Security flaw leaves donors’ details online) — The Times. https://www.bbc.co.uk/news/business-50365609 (Apple's 'sexist' credit card investigated by US regulator) — BBC News. https://www.theregister.co.uk/2019/11/11/apples_credit_card/ (Apple's credit card caper probed over sexism claims – after women screwed over on limits) — The Register. https://arstechnica.com/science/2019/11/would-you-trust-google-with-your-medical-records-it-might-already-have-them/ (Google has access to detailed health records on tens of millions of Americans) — Ars Technica. https://www.wsj.com/articles/google-s-secret-project-nightingale-gathers-personal-health-data-on-millions-of-americans-11573496790?shareToken=st98ed7303aedb45d281bc0bda02eb90b4 (Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans ) — WSJ. https://arstechnica.com/gadgets/2019/11/google-buys-fitbit-for-2-1-billion/ (Google buys Fitbit for $2.1 billion) — Ars Technica. https://www.cnet.com/news/icon-smart-condom-ring/ (Smart condom ring i.Con is like a Fitbit for your man bits) — CNET. https://www.bbc.co.uk/programmes/p07nkd84/episodes/downloads (The Missing Cryptoqueen) — BBC Sounds. https://www.amazon.com/Undone-Season-1/dp/B07SVHR2KH (Undone) — Amazon Prime. https://www.youtube.com/watch?v=pJFPBYTCOyc (Speed Monopoly - How to Play in under 30 minutes!) — YouTube. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Nov 13, 2019
153: Cybercrime doesn’t pay (but Uber does)
49:50
The cybercrime lovebirds who hijacked Washington DC's CCTV cameras in the run-up to Donald Trump's inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Lisa Forte. Visit https://www.smashingsecurity.com/153 (https://www.smashingsecurity.com/153) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Lisa Forte. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.grahamcluley.com/ransomware-attack-impacted-70-washington-dc-police-surveillance-cameras/ (Ransomware attack impacted 70% of Washington DC police surveillance cameras) — Graham Cluley. https://www.wsj.com/articles/the-hapless-shake-down-crew-that-hacked-trumps-inauguration-11572014333 (The Hapless Shakedown Crew That Hacked Trump’s Inauguration) — Wall Street Journal. https://www.instagram.com/eveline.cis/ (Eveline Cismaru's Instagram account.) https://www.bloomberg.com/news/articles/2019-10-21/london-investment-bankers-charged-in-insider-trading-ring (London Investment Bankers Charged in Insider-Trading Ring) — Bloomberg. https://www.wsj.com/articles/trade-secrets-case-linked-to-google-seen-as-warning-to-silicon-valley-11567513977 (Trade-Secrets Case Linked to Google Seen as Warning to Silicon Valley) — Wall Street Journal. https://www.theguardian.com/technology/2017/nov/21/uber-data-hack-cyber-attack (Uber concealed massive hack that exposed data of 57m users and drivers ) — The Guardian. https://www.uber.com/newsroom/2016-data-incident/ (Uber's statement about its 2016 "Data Security Incident") https://www.zdnet.com/article/hackers-who-extorted-uber-and-linkedin-plead-guilty/ (Hackers who extorted Uber and LinkedIn plead guilty) — ZDNet. https://www.i-cio.com/management/insight/item/maersk-springing-back-from-a-catastrophic-cyber-attack (Maersk: Springing back from a catastrophic cyber-attack) — I-CIO. https://en.wikipedia.org/wiki/The_Master_Game (The Master Game ) — Wikipedia. https://kenilworthian.blogspot.com/2014/03/bbcs-master-game.html (BBC's The Master Game) — The Kenilworthian. https://www.channel4.com/programmes/gogglebox (Gogglebox) — Channel 4. https://www.ndemiccreations.com/en/ (Ndemic Creations, makers of Plague Inc.) https://www.youtube.com/watch?v=V44GtChUW4A (Plague Inc. trailer) — YouTube. https://apps.apple.com/gb/app/plague-inc/id525818839 (‎Plague Inc.) — iOS App Store. https://play.google.com/store/apps/details?id=com.miniclip.plagueinc&hl=en_GB (Plague Inc.) — Google Play. https://www.youtube.com/watch?v=iYJyYGKV8GM...
Nov 06, 2019
152: Cats, hoodies, and rent
54:22
What's the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland. Visit https://www.smashingsecurity.com/152 (https://www.smashingsecurity.com/152) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: David McClelland. Sponsored By: https://immersivelabs.com/lite (Immersive Labs): Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform. Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs. https://www.code42.com/smashing (Code42): Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave. To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.zdnet.com/article/security-researcher-gets-access-to-all-xiaomi-pet-feeders-around-the-world/ (Security researcher gets access to all Xiaomi pet feeders around the world) — ZDNet. https://www.gizmochina.com/2019/05/18/xiaomi-crowdfunds-the-furrytail-pet-smart-feeder-with-app-control-for-199-yuan-28/ (Xiaomi crowdfunds the Furrytail Pet Smart Feeder with app control for 199 yuan ($28) ) — Gizmochina. https://www.bbc.co.uk/news/blogs-magazine-monitor-30848303 (How to say Xiaomi ) — BBC News. https://www.youtube.com/watch?v=dIkKIQ6jJ9o (Xiaomi Furrytail Boss Cat Bed) — YouTube. https://www.theregister.co.uk/2019/10/28/cybersecurity_stock_image_challenge/ (Remember that competition for non-hoodie hacker pics? Here's their best entries ) — The Register. https://uploads-ssl.webflow.com/5a147545b687370001bfd10c/5db1332e083f4b96b09f9b7f_Cybersecurity%20Visuals%20Challenge%20Finalist%20Catalog.pdf (Cybersecurity visuals challenge finalist catalog (PDF)) https://smartrent.com/ (SmartRent - Smart Apartment Solutions.) https://www.cnet.com/news/install-smart-home-tech-evict-renters-surveillance-company-tells-landlords/ (Smart home tech can help evict renters, surveillance company tells landlords) — CNet. https://www.reuters.com/article/us-usa-property-smarthomes-smartrent/smartrent-funding-heralds-new-wave-in-smart-home-market-idUSKCN1TK1CL (SmartRent funding heralds new wave in 'smart home' market) —
Oct 30, 2019
151: Frankly, sometimes paying the ransom is a good idea
55:49
Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn't the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, with a featured interview with Rachael Stockton from Logmein. Visit https://www.smashingsecurity.com/151 (https://www.smashingsecurity.com/151) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Rachael Stockton. Sponsored By: https://www.code42.com/smashing (Code42): Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave. To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing https://immersivelabs.com/lite (Immersive Labs): Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform. Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.patreon.com/smashingsecurity (Support Smashing Security on Patreon) — Now also includes free stickers! https://www.tripwire.com/state-of-security/featured/ransomware-baltimore-network/ (RobbinHood ransomware attack brings down parts of City of Baltimore's computer network) — Tripwire. https://www.youtube.com/watch?v=BVp7GZDeZi4 (Some Baltimore City Services Still Shut Down Due To Ransomware Attack) — YouTube. https://www.baltimorebrew.com/2019/05/17/baltimore-government-could-have-lost-its-website-last-week-and-not-because-of-hackers/ (Baltimore government could have lost its website last week. And not because of hackers) — Baltimore Brew. https://www.baltimoresun.com/politics/bs-md-ci-ransomware-expenses-20190828-njgznd7dsfaxbbaglnvnbkgjhe-story.html (Baltimore transfers $6 million to pay for ransomware attack; city considers insurance against hacks) — Baltimore Sun. https://www.baltimoresun.com/politics/bs-md-ci-audit-it-20190927-23hrwbtdyzcu7lmmwdqzbmzja4-story.html (Baltimore IT department uses ‘mind-boggling,' outdated data storage method, audit finds) https://arstechnica.com/information-technology/2019/09/whats-a-backup-baltimore-city-it-kept-data-on-local-drives/ (Councilman “mind-boggled” by Baltimore City IT department ineptitude) — Ars...
Oct 23, 2019
150: Liverpool WAGs, Facebook politics, and a selfie stalker
51:23
Footballers' wives go to war over Instagram leaks, it turns out fake news is fine on Facebook (just so long as it's in a political ad), and things take a horrific turn in Japan, as a stalker uses a scary technique to find out where his pop idol lives. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/150 (https://www.smashingsecurity.com/150) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.code42.com/smashing (Code42): Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave. To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing https://immersivelabs.com/lite (Immersive Labs): Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform. Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://twitter.com/ColeenRoo/status/1181864136155828224 (Tweet by Coleen Rooney on Twitter.) https://twitter.com/RebekahVardy/status/1181871914081509376 (Tweet by Rebekah Vardy on Twitter.) https://www.theguardian.com/uk-news/2019/oct/04/prince-harry-begins-legal-proceedings-against-sun-and-mirror-meghan (Prince Harry launches phone-hacking case against Sun and Mirror owners) — The Guardian. https://edition.cnn.com/2019/10/01/tech/mark-zuckerberg-leaked-audio-elizabeth-warren/index.html (Mark Zuckerberg: An Elizabeth Warren presidency would 'suck' for Facebook) — CNN. https://www.theverge.com/2019/10/1/20756701/mark-zuckerberg-facebook-leak-audio-ftc-antitrust-elizabeth-warren-tiktok-comments (In leaked audio, Mark Zuckerberg rallies Facebook against critics, competitors, and Elizabeth Warren) — The Verge. https://www.engadget.com/2019/10/12/elizabeth-warren-facebook-ad/ (Elizabeth Warren Facebook ad mocks Facebook's fact checking policies) — Engadget. https://twitter.com/gcluley/status/1184103309948252162 (Graham getting thrashed by Garry Kasparov) — @gcluley on Twitter https://www.grahamcluley.com/stalker-zoomed-in-on-japanese-idols-eyes-to-find-out-where-she-lived/ (Stalker zoomed in on Japanese idol's eyes to find out where she lived) — Graham Cluley. https://www.asiaone.com/asia/obsessed-fan-finds-japanese-idols-home-zooming-her-eyes (Obsessed fan finds...
Oct 16, 2019
149: Falling in love with fraudsters
46:25
We take a trip to Staten Island, New York, to hear how a case of cyberstalking resulted in the arrest of 20 alleged mobsters, learn about the nude photo-loving insider threat at Yahoo, and discover how fraudsters might be boosting Match.com's profits. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Ran Levi of the "Malicious Life" podcast. Visit https://www.smashingsecurity.com/149 (https://www.smashingsecurity.com/149) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ran Levi. Sponsored By: https://www.code42.com/smashing (Code42): Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave. To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing https://immersivelabs.com/lite (Immersive Labs): Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform. Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.youtube.com/watch?v=0d2LAs-WL_4 (The "You Think I'm Funny?" scene from "Goodfellas") — YouTube. https://www.justice.gov/usao-edny/pr/20-defendants-charged-crimes-including-racketeering-extortion-loansharking (20 Defendants Charged with Crimes, Including Racketeering, Extortion, Loansharking) — Department of Justice. https://www.justice.gov/usao-edny/press-release/file/1206856/download (Indictment against Joseph Amato and others (PDF)) — Department of Justice. https://www.theregister.co.uk/2019/10/04/gps_cyberstalking_indictment/ (GPS cyberstalking of girlfriend brings surveillance and indictment for alleged American mobster) — The Register. https://gpstrackingreview.com/how-to-find-a-gps-tracker-on-your-vehicle/ (How to Find a GPS Tracker on Your Vehicle.) https://www.justice.gov/usao-ndca/pr/former-yahoo-software-engineer-pleads-guilty-using-work-access-hack-yahoo-users (Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts ) — Department of Justice. https://www.theverge.com/2019/10/1/20893462/yahoo-engineer-hacking-accounts-stolen-nude-photos-videos-guilty-plea (Former Yahoo engineer pleads guilty to searching 6,000 user accounts for nudes) — The Verge. https://www.consumer.ftc.gov/blog/2019/09/using-matchcom-read (Using Match.com? Read this) — FTC Consumer Information....
Oct 09, 2019
148: Billboard boobs, face forensics, and Alexa gets way too personal
50:24
Drivers are distracted by a hacked billboard, we take a deeper look at how the deepfake problem has... uh... deepened, and Carole is less than happy about Amazon's announcement about new Alexa integrations. All this, an annoying goose, and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/148 (https://www.smashingsecurity.com/148) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://immersivelabs.com/lite (Immersive Labs): Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform. Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.dailymail.co.uk/news/article-1371800/Wonderbra-Hello-Boys-advert-voted-iconic-time.html (Wonderbra 'Hello Boys' advert voted most iconic of all time) — Daily Mail. https://www.thesun.co.uk/archives/news/600525/hello-boys-the-greatest-billboard-ads-of-all-time/ (Hello boys! The greatest billboard ads of all time) — The Sun. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/11499/326679.pdf (Outdoor advertisements and signs: a guide for advertisers (PDF)) — UK Government. https://www.wxyz.com/news/pornographic-video-plays-on-i-75-billboard-police-investigating (Pornographic video plays on I-75 billboard, police investigating) — WXYZ Detroit. https://eu.freep.com/story/news/local/michigan/oakland/2019/09/30/i-75-billboard-pornography/3817218002/ (Porn plays on I-75 billboard, police searching for suspects caught on video) — Detroit Free Press. https://www.vice.com/en_us/article/9kenw8/porn-michigan-highway-billboard-could-have-caused-an-accident (Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say) — Motherboard. https://www.imdb.com/name/nm7699656/?ref_=tt_cl_t1 (Xev Bellringer's filmography) — IMDB. https://www.wxyz.com/news/police-2-people-broke-into-shed-hacked-into-computers-to-put-pornography-on-billboard (Two people broke into shed, hacked into computers to put pornography on billboard) — WXYZ Detroit. https://nakedsecurity.sophos.com/2009/01/29/motorists-warned-zombies-hacked-road-sign/ (Motorists warned of “Zombies Ahead” on hacked road sign) — Naked Security. https://nakedsecurity.sophos.com/2012/05/25/dalek-invasion-hacked-road-sign/ (Motorists warned of Dalek invasion by hacked road sign) — Naked Security. https://q13fox.com/2019/09/25/hacked-seattle-road-sign-says-impeach-the-bastard/ (Hacked Seattle road sign says ‘Impeach
Oct 02, 2019
147: Don't Snapchat and drive
50:00
How is private medical data leaking onto the streets of Milton Keynes, what is widening the cybersecurity skills gap, and how is Australia controversially tackling the problem of drivers using their mobile phones? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University. Visit https://www.smashingsecurity.com/147> to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Joe Carrigan. Sponsored By: https://www.smashingsecurity.com/detectify (Detectify): Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers. Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectify https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.theguardian.com/cities/2017/jan/20/50-reasons-love-milton-keynes-concrete-cows-wd-40 (50 reasons to love Milton Keynes (what, only 50?) ) — The Guardian. https://www.youtube.com/watch?v=USADM5Gk9Gs (Logan's Run movie trailer) — YouTube. https://www.youtube.com/watch?v=wBmcDAwjhso (Understanding Milton Keynes) — YouTube. https://afcul.org/ (A Festival of Creative Urban Living.) https://twitter.com/Costermk/status/1175304332864098308 (Tweet by @Costermk about "Utopia Station".) https://www.thesun.co.uk/news/9982719/unshredded-nhs-records-dumped-town-centre/ (Unshredded NHS records were dumped in a town centre to weigh down scaffolding at art festival ) — The Sun. https://www.dailymail.co.uk/news/article-7493609/Outrage-thousands-NHS-patients-medical-records-dumped-town-centre.html (Outrage as thousands of NHS patients' medical records are dumped in town centre ) — Daily Mail. https://www.forbes.com/sites/martenmickos/2019/06/19/the-cybersecurity-skills-gap-wont-be-solved-in-a-classroom/#2322dca51c30 (The Cybersecurity Skills Gap Won't Be Solved in a Classroom) — Forbes. https://blog.isc2.org/isc2_blog/2018/10/cybersecurity-skills-shortage-soars-nearing-3-million.html (Cybersecurity Skills Shortage Soars, Nearing 3 Million ) — (ISC)² Blog. https://www.darkreading.com/application-security/what-cyber-skills-shortage/a/d-id/1334848 (What Cyber Skills Shortage?) — Dark Reading. https://time.com/5683862/australia-technology-drivers-driving-phones/ (Australia Is Using New Technology to Catch Drivers on Phones) — Time.com. https://www.simplyinsurance.com/texting-and-driving-statistics/ (Texting And Driving Statistics In America) — Simply Insurance....
Sep 25, 2019
146: Password secrets and baking brownies
38:57
In the latest edition of the "Smashing Security" podcast, hosted by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, Carole has suffered an injury, we journey back in time to one of our earliest episodes to discuss the perils of passwords, and Rachael Stockton from LastPass drops by for a chat. Visit https://www.smashingsecurity.com/146 (https://www.smashingsecurity.com/146) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Rachael Stockton and Vanja Švajcer. Sponsored By: https://www.smashingsecurity.com/detectify (Detectify): Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers. Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectify https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Sep 18, 2019
145: Apple and Google willy wave while home assistants spy - DoH!
44:22
Apple is furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by web security journalist John Leyden. Visit https://www.smashingsecurity.com/145 (https://www.smashingsecurity.com/145) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: John Leyden. Sponsored By: https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html (A very deep dive into iOS Exploit chains found in the wild) — Google Project Zero. https://www.bbc.co.uk/news/technology-49520355 (Google finds 'indiscriminate iPhone attack lasting years' ) — BBC News. https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/ (A message about iOS security) — Apple. https://gs.statcounter.com/os-market-share/mobile-tablet/china/#monthly-201808-201908 (Mobile & Tablet Operating System Market Share in China) — Statcounter. https://www.vice.com/en_us/article/qvgv4p/apple-disputes-googles-claims-of-a-devastating-iphone-hack (Apple Disputes Google’s Claims of a Devastating iPhone Hack) — Motherboard. https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/ (What’s next in making Encrypted DNS-over-HTTPS the Default) — Mozilla. https://portswigger.net/daily-swig/firefox-dns-over-https-rollout-starts-later-this-month (Firefox DNS-over-HTTPS rollout starts later this month) — The Daily Swig. https://portswigger.net/daily-swig/isp-trade-association-backtracks-on-mozilla-internet-villain-nomination (ISP trade association backtracks on Mozilla ‘internet villain’ nomination) — The Daily Swig....
Sep 11, 2019
144: Google helps the FBI, Twitter Jack’s hijack, and car data woes
51:34
Should Google really be helping the FBI with a bank robbery? What's the story behind the Twitter CEO claiming there's a bomb in their offices? And how much does your car really know about you? And we mourn the loss of Doctor Who legend Terrance Dicks... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by technology journalist Geoff White. Visit https://www.smashingsecurity.com/144 (https://www.smashingsecurity.com/144) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Geoff White. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/detectify (Detectify): Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers. Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectify https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.theverge.com/2019/8/28/20836855/reverse-location-search-warrant-dragnet-bank-robbery-fbi (Feds ordered Google location dragnet to solve Wisconsin bank robbery) — The Verge. https://www.scribd.com/document/423567347/Google-reverse-location-search-warrant (Google reverse location search warrant.) https://gothamist.com/news/manhattan-da-got-innocent-peoples-google-phone-data-through-a-reverse-location-search-warrant (Manhattan DA Got Innocent People's Google Phone Data Through A 'Reverse Location' Search Warrant ) — Gothamist. https://eu.azcentral.com/story/news/local/southwest-valley/2019/07/31/jorge-luis-molina-says-avondale-police-used-google-data-wrongfully-arrest-him-murder-joe-knight/1873878001/ (Jorge Molina: Avondale police used Google data to wrongfully arrest me) — AZCentral. https://www.grahamcluley.com/twitter-ceo-jack-dorsey-hacked/ (About the Twitter CEO '@jack hack') — Graham Cluley. https://www.businessinsider.com/trump-twitter-account-hack-jack-dorsey-2019-8?r=US&IR=T (Trump says it 'shouldn't be too bad' if someone hacks his Twitter ) — Business Insider. https://en.wikipedia.org/wiki/Chuckle_Brothers (Chuckle Brothers) — Wikipedia. https://www.consumerreports.org/privacy/wipe-data-from-your-car-before-selling-it/ (Wipe Data From Your Car Before Selling It) — Consumer Reports. https://dataconomy.com/2019/01/connected-cars-telematics-and-connectivity-as-a-service-%E2%80%8B-whats-the-future/ (Connected Cars, Telematics and Connectivity-as-a-Service ​: What's the Future? ) — Dataconomy. https://www.theregister.co.uk/2018/09/07/connected_cars_privacy/ (It looks like tech-savvy drivers will have to lead connected car data purge) — The Register....
Sep 04, 2019
143: Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians
43:35
Was a cybercrime committed on the International Space Station? What on earth were Ukrainian scientists thinking when they plugged a nuclear power station into the internet? And someone has cloned Canadian clinical psychologist Jordan Peterson's voice... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/143 (https://www.smashingsecurity.com/143) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.nytimes.com/2019/08/23/us/nasa-astronaut-anne-mcclain.html (NASA Astronaut Anne McClain Accused by Spouse of Crime in Space) — The New York Times. https://www.nasa.gov/feature/goddard/2019/data-rate-increase-on-the-international-space-station-supports-future-exploration/ (Space Station's Data Rate Increase Supports Future Exploration) — NASA. https://twitter.com/AstroAnnimal/status/1165365672702070785 (Astronaut Anne McClain denies cybercrime allegations) — @AstroAnnimal on Twitter. https://interestingengineering.com/the-moon-is-covered-with-400000-pounds-of-human-trash (The Moon is Covered With 400,000 Pounds of Human Trash) — Interesting Engineering. https://airandspace.si.edu/explore-and-learn/topics/apollo/apollo-program/spacecraft/lrv.cfm (Lunar Roving Vehicle (LRV)) — National Air and Space Museum. (Apparently it's top speed is a paltry 8 miles per hour, not the 17 miles per hour Graham claimed) https://cointelegraph.com/news/ukraine-crypto-miners-arrested-for-compromising-nuclear-plant-security (Ukraine: Crypto Miners Arrested for Compromising Nuclear Plant Security) — Coin Telegraph. https://www.vice.com/en_us/article/43kwgb/not-jordan-peterson-voice-generator-shut-down-deepfakes (A Site Faking Jordan Peterson's Voice Shuts Down After Peterson Decries Deepfakes) — Motherboard. https://www.jordanbpeterson.com/blog-posts/i-didnt-say-that/ (I Didn't Say That ) — Jordan Peterson. https://www.theguardian.com/commentisfree/2019/jul/23/to-fix-the-problem-of-deepfakes-we-must-treat-the-cause-not-the-symptoms (To fix the problem of deepfakes we must treat the cause, not the symptoms ) — The Guardian. https://twitter.com/jordanbpeterson/status/995424134179049473 (Dr Jordan Peterson with Kermit the Frog) — Twitter....
Aug 28, 2019
142: Mercedes secret sensors, smart cities, and ransomware runs riot
49:31
Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the security threats impacting smart cities, and a new feature coming to your Facebook app. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault. Visit https://www.smashingsecurity.com/142 (https://www.smashingsecurity.com/142) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jack Rhysider. Sponsored By: https://immersivelabs.com/lite (Immersive Labs): Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform. Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.thesun.co.uk/motors/9756250/mercedes-spies-drivers-tracking-devices/ (Mercedes spies on drivers by secretly installing tracking devices in cars and passing information to bailiffs) — The Sun. https://www.bbc.co.uk/news/technology-47705912 (Three-unique-words 'map' used to rescue mother and child) — BBC News. https://www.youtube.com/watch?v=QQh56geU0X8 (Rolling a Reliant Robin - Top Gear) — YouTube. https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault?t=1566417658323 (Ransomware Attack Affects Computers In 22 Towns In Texas) — NPR. https://www.computerworld.com/article/3427835/what-is-a-smart-city--how-to-define-a-smart-city.html (What Is A Smart City?) — ComputerWorld. https://hub.beesmart.city/services/smart-city-tenders (Access the latest smart city tenders) — Bee Smart City. https://www.smartcitiesdive.com/news/hacking-20-of-cars-could-freeze-traffic-in-nyc-study-finds/559865/ (Hacking 20% of cars could freeze traffic in NYC, study finds ) — Smart Cities Dive. https://www.abiresearch.com/press/lack-critical-infrastructure-cybersecurity-investments-smart-cities-will-seed-future-iot-vulnerabilities/ (Lack of Critical Infrastructure Cybersecurity Investments in Smart Cities will Seed the Future IoT Vulnerabilities) — ABI research. https://www.bbc.com/news/technology-49410371 (Facebook to stop stalking you off-site - but only if asked) — BBC News. https://newsroom.fb.com/news/2019/08/off-facebook-activity/ (Now You Can See and Control the Data That Apps and Websites Share With Facebook) — Facebook News Room. https://www.facebook.com/off-facebook-activity (Off-Facebook Activity: Control your information) — Facebook. https://www.smashingsecurity.com/75 (Smashing Security #075: Quitting Facebook.)...
Aug 21, 2019
141: Black Hat and Bridezillas
51:31
Say cheese to ransomware on your camera! A sponsored speech at Black Hat causes uproar, and should you trust that Lightning cable you're about to plug into your MacBook? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Visit https://www.smashingsecurity.com/141 (https://www.smashingsecurity.com/141) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Dave Bittner. Sponsored By: https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/ (Say Cheese: Ransomware-ing a DSLR Camera ) — Check Point Research. https://www.youtube.com/watch?v=75fVog7MKgg (Ransomware on a DSLR Camera) — YouTube. https://global.canon/en/support/security/d-camera.html (Security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions) — Canon. https://www.vice.com/en_us/article/8xw9kp/black-hat-talk-about-time-ai-causes-uproar-is-deleted-by-conference (Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference) — Motherboard. https://www.pcmag.com/news/370119/black-hat-attendees-sponsored-session-was-snake-oil-crypto (Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto') — PC Magazine. https://www.youtube.com/watch?v=yd_2HwAmge8 (Crown Sterling Presents: TIME AI) — YouTube. https://www.businesswire.com/news/home/20190810005027/en/Crown-Sterling-Issues-Statement-Allegations-Black-Hat (Crown Sterling Issues Statement Regarding Recent Allegations Made at Black Hat 2019) — Business Wire. https://www.vice.com/en_us/article/evj4qw/these-iphone-lightning-cables-will-hack-your-computer (These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer) — Motherboard. http://mg.lol/blog/defcon-2019/ (O.MG cable.) https://www.youtube.com/watch?v=Rfh7A0lH1ac (Remain Seated Please - The Hoot and Chief Story (Epcot Horizons)) — YouTube. https://dangerousminds.net/comments/the_true_story_of_the_unauthorized_daredevil_documentation_of_the_horizons_ (The true story of the unauthorized, daredevil documentation of the Horizons ride at Disney World) — Dangerous Minds. https://www.netflix.com/title/81044103 (Bathtubs over Broadway) — Netflix. https://www.youtube.com/watch?v=QTgS1SXr0nc&feature=youtu.be...
Aug 14, 2019
140: Love, PINs, and 8chan
54:52
Is the PIN you use for your bank card secure? How did one woman get duped into giving a romance scammer $200,000? And Cloudflare and other online services take aim at a vile corner of the internet... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/140 (https://www.smashingsecurity.com/140) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes (Most Common iPhone Passcodes) — Daniel Amitay. https://monzo.com/blog/2019/08/05/weve-fixed-an-issue-storing-some-customers-pins (We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly) — Monzo. https://www.grahamcluley.com/500000-monzo-banking-customers-told-to-change-their-pins/ (500,000 Monzo banking customers told to change their PINs) — Graham Cluley. https://new.blog.cloudflare.com/terminating-service-for-8chan/ (Terminating Service for 8Chan) — Cloudflare. https://edition.cnn.com/2019/08/04/tech/cloudflare-8chan/index.html (8chan struggling to stay online after its alleged use by El Paso shooting suspect) — CNN. https://9to5mac.com/2019/07/22/online-dating-apps/ (Online dating apps and websites the most common way to meet) — 9to5Mac. https://abcnews.go.com/US/woman-man-met-tinder-swindled-200k-didnt-dump/story?id=62806053 (Woman says a man she met on Tinder swindled her out of $200K: 'He didn't just dump you, he never existed' ) — ABC News. https://www.ic3.gov/media/2019/190805.aspx (Cyber Actors Use Online Dating Sites To Conduct Confidence/Romance Fraud And Recruit Money Mules) — Internet Crime Complaint Center (IC3). https://www.youtube.com/watch?v=tcrNsIaQkb4 (The Boys trailer) — YouTube. https://www.amazon.com/dp/B07QQQHK1Y/ (The Boys) — Amazon Prime. https://camelcamelcamel.com/ (Camelcamelcamel.) https://www.newyorker.com/culture/podcast-dept/conviction-reviewed-a-bronx-pi-pursues-justice-and-glory (“Conviction,” Reviewed: A Bronx P.I. Pursues Justice, and Glory) — The New Yorker. https://gimletmedia.com/shows/conviction (Conviction podcast) — Gimlet....
Aug 07, 2019
139: Capital One hacked, iMessage flaws, and anonymity my ass!
47:59
Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and are introduced to... Penelope? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole 'Penelope' Theriault, joined this week by technology broadcaster David McClelland. Visit https://www.smashingsecurity.com/139 (https://www.smashingsecurity.com/139) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: David McClelland. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.tripwire.com/state-of-security/featured/woman-arrested-capital-one-hack-personal-info-106-million-credit-card-applicants/ (Woman arrested after Capital One hack spills personal info on 106 million) — Tripwire. https://www.seattletimes.com/business/seattle-woman-arrested-in-breach-of-capital-one-systems-millions-of-credit-applications/ (South Seattle woman arrested, charged in massive data breach of Capital One) — The Seattle Times. http://news.bbc.co.uk/1/hi/sci/tech/817269.stm (Love Bug suspect speaks) — BBC News speaks to the author of the Michael-B Word macro virus. https://regmedia.co.uk/2019/07/29/capital_one_paige_thompson.pdf (United States vs Paige A Thompson (PDF)) https://twitter.com/RanjiKIRO7/status/1156260773091373056 (Ranji Sinha on Twitter: "Managed to get video of the raid in Seattle that lead to the arrest of Paige Thompson") — Twitter. https://news.bloomberglaw.com/class-action/capital-one-hit-with-first-class-action-over-security-breach (Capital One Hit With First Class Action Over Security Breach) — Bloomberg. https://www.bbc.co.uk/news/technology-49165946 (Google reveals fistful of flaws in Apple's iMessage app) — BBC News. https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/ (Google researchers disclose vulnerabilities for 'interactionless' iOS attacks) — ZDNet. https://www.grahamcluley.com/earn-200000-apple-finally-launches-bug-bounty/ (Earn up to $200,000 as Apple *finally* launches a bug bounty) — Graham Cluley. https://www.blackhat.com/us-19/briefings/schedule/#look-no-hands----the-remote-interaction-less-attack-surface-of-the-iphone-15203 (Look, No Hands! -- The Remote, Interaction-less...
Jul 31, 2019
138: Logic bombs, brain data exploitation, and Digga D tweets
49:52
Logic bombs in Excel spreadsheets, how should we protect our brain data from big companies, and how did bizarre messages about Drill rap end up on the Metropolitan Police's Twitter account and website? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by BJ Mendelson. Visit https://www.smashingsecurity.com/138 (https://www.smashingsecurity.com/138) to check out this episode’s show notes and episode links. Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on https://apple.co/2J1YMCu (Apple Podcasts), or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: B J Mendelson. Sponsored By: https://www.lastpass.com/smashing (LastPass): https://www.lastpass.com/smashing (LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.) https://www.lastpass.com/smashing (But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.) https://www.lastpass.com/smashing (Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.) https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: http://tinleyconsulting.com/ (Tinley Consulting's website.) https://www.phrases.org.uk/meanings/come-a-cropper.html (The meaning and origin of 'Come a cropper'.) https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/ (Siemens contractor pleads guilty to planting logic bomb in company spreadsheets) — ZDNet. http://blog.practicalethics.ox.ac.uk/2019/05/regulating-the-untapped-trove-of-brain-data/ (Brain data regulation) — Practical Ethics, University of Oxford. https://www.youtube.com/watch?v=sm2d0w87wQE (Monkey uses brain to control prothetic arm) — YouTube. https://waitbutwhy.com/2017/04/neuralink.html (Neuralink and the Brain's Magical Future) — Wait But Why. https://www.theverge.com/2017/2/22/14631122/kernel-neuroscience-bryan-johnson-human-intelligence-ai-startup (Kernel is trying to hack the human brain - but neuroscience has a long way to go) — The Verge. https://www.grahamcluley.com/no-the-met-police-wasnt-hacked-but-its-twitter-account-and-website-were-hijacked/ (No, the Met Police wasn't hacked. But its Twitter account and website were hijacked) — Graham Cluley. https://www.theguardian.com/music/2018/jun/22/the-war-against-rap-censoring-drill-may-seem-radical-but-its-not-new (The war against rap: censoring drill may seem radical but it's not new) — The Guardian. https://www.grahamcluley.com/katie-hopkins-twitter-hacked/ (Katie Hopkins got her Twitter hacked - you had best continue ignoring her) — Graham Cluley. https://www.grahamcluley.com/sorry-nazi-spam-twitter-account/ (Sorry for the Nazi spam from my Twitter account) — Graham Cluley. https://www.animatedknots.com/ (Animated Knots by Grog.) https://www.reddit.com/r/imsorryjon/ (Expel your shallow human form and offer it up to new Garfield!) — /r/imsorryjon on Reddit. https://garfieldminusgarfield.net/ (Garfield minus Garfield.) https://www.theguardian.com/world/2019/jul/21/flying-soldier-to-attempt-channel-crossing-flyboard-franky-zapata (French inventor to...
Jul 24, 2019
137: Porn trolling lawyers, Insta hacking, and Ctrl-Alt-LED
44:09
Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after a researcher finds a simple way to hack into anybody's account. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/137 (https://www.smashingsecurity.com/137) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://ieeexplore.ieee.org/document/8754078 (CTRL-ALT-LED: Leaking Data from Air-Gapped Computers Via Keyboard LEDs ) — IEEE. https://www.zdnet.com/article/academics-steal-data-from-air-gapped-systems-via-a-keyboards-leds/ (Academics steal data from air-gapped systems via a keyboard's LEDs) — ZDNet. https://thezerohack.com/hack-any-instagram#articlescroll (How I Could Have Hacked Any Instagram Account) — The Zero Hack. https://hotforsecurity.bitdefender.com/blog/how-any-instagram-account-could-be-hacked-in-less-than-10-minutes-21409.html (How any Instagram account could be hacked in less than 10 minutes) — Hot for Security. https://en.wikipedia.org/wiki/Takeru_Kobayashi (Takeru Kobayashi - hotdog-eating world record holder) — Wikipedia. https://www.smashingsecurity.com/92 (Smashing Security 092: Hacky sack hack hack.) https://www.bbc.co.uk/news/technology-48950503 (Porn pirating lawyer jailed for five years) — BBC News. https://www.theregister.co.uk/2019/06/14/prenda_law_copyright_troll_jailed/ (Stiff penalty: Prenda Law copyright troll gets 14 years of hard time for blue view 'n sue scam) — The Register. https://www.theregister.co.uk/2019/07/09/prenda_law_john_steele_jailed/ (Prenda Law boss John Steele to miss 2020 Olympics... unless they show it in prison) — The Register. https://inspirobot.me/ (InspiroBot.) https://www.sbnation.com/a/17776-football (What football will look like in the future) — (Maria says don't try to read it on your smartphone) https://www.reddit.com/r/drawing/comments/cdc2a2/the_life_of_a_rock/ (The Life Of A Rock.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Jul 17, 2019
136: Oops, we created Iran's hacking exploit
50:00
Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Charl van der Walt. Visit https://www.smashingsecurity.com/136 (https://www.smashingsecurity.com/136) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Charl van der Walt. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 (Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!) https://www.grahamcluley.com/zoom-mac-flaw-allows-webcams-to-be-hijacked-because-they-wanted-to-save-you-a-click/ (Zoom Mac flaw allows webcams to be hijacked - because they wanted to save you a click) — Graham Cluley. https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 (USCYBERCOM Malware Alert on Twitter.) https://www.dhs.gov/cisa/news/2019/06/22/cisa-statement-iranian-cybersecurity-threats (CISA Statement on Iranian Cybersecurity Threats) — Department of Homeland Security. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774 (Patch for Microsoft Outlook security vulnerability.) https://www.forbes.com/sites/zakdoffman/2019/07/03/u-s-cyber-command-warns-millions-of-outlook-users-of-malicious-hack-linked-to-iran/#3f07f83626fd (U.S. Military Warns Outlook Users To Update Immediately Over Hack Linked To Iran) — Forbes. https://www.securityweek.com/us-cyber-command-shares-malware-virustotal (U.S. Cyber Command Shares Malware via VirusTotal) — SecurityWeek. https://www.youtube.com/watch?v=r1jng79a5xc (Steve Buscemi Swapped On Jennifer Lawrence) — YouTube. https://www.bbc.co.uk/news/technology-48908736 (Fake voices 'help cyber-crooks steal cash') — BBC News. https://www.theverge.com/2019/6/27/18760896/deepfake-nude-ai-app-women-deepnude-non-consensual-pornography (New AI deepfake app creates nude images of women in seconds) — The Verge....
Jul 10, 2019
135: Zombie grannies and unintended leaks
56:27
We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Oli Skertchly. Visit https://www.smashingsecurity.com/135 (https://www.smashingsecurity.com/135) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Oli Skertchly. Sponsored By: https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.wandera.com/mobile-security/scary-granny-game-stealing-data/ (This scary game app is coming for your credentials) — Wandera. https://www.wandera.com/mobile-security/risky-apps/ (App vetting: How do you measure the risk level of risky apps?) — Wandera. https://www.pentestpartners.com/security-blog/the-not-so-ultra-lock/ (The not so ultra lock) — Pen Test Partners. https://twitter.com/payoletter/status/1145042462848749568 (Cat playing the flute) — Twitter. https://www.wired.com/story/larry-sanger-declaration-of-digital-independence/ (Proposing a 'Declaration of Digital Independence') — Wired. https://larrysanger.org/2019/06/declaration-of-digital-independence/ (Declaration of Digital Independence) — Larry Sanger. https://infosec.exchange/@gcluley (@gcluley@infosec.exchange) — Follow Graham on Mastodon. https://en.wikipedia.org/wiki/Fediverse (The Fediverse) — Wikipedia. https://apolloinrealtime.org/11/ (Apollo 11 in Real-time.) https://www.netflix.com/gb/title/80100172 (Dark) — Netflix. https://www.amazon.com/product-reviews/B0000V0E14/ref=acr_dpx_hist_1??ie=UTF8&filterByStar=one_star&showViewpoints=0 (Amazon reviews of the Chillow cooling pillow.) https://www.health.com/sleep/cooling-pillows (The Best Cooling Pillows for Night Sweats) — Health.com. https://www.instagram.com/olilightindustries/ (Oli Skertchly on Instagram.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff))
Jul 03, 2019
134: Sextortion, silicone face masks, and a DDoS doofus
47:04
Scammers steal millions by impersonating a French politician, we offer fashion tips for DDoS attackers, and hear how a small town fought a sextortionist preying on young women. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Jessica Barker. Visit https://www.smashingsecurity.com/134 (https://www.smashingsecurity.com/134) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Jessica Barker. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.edgewise.net/ (Edgewise Networks): Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure. Learn more and get a free trial at edgewise.net. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.zdnet.com/article/anonymous-hacker-exposed-after-dropping-usb-drive-while-throwing-molotov-cocktail/ (Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail ) — ZDNet. https://www.hln.be/in-de-buurt/roeselare/18-maanden-cel-voor-hacker-die-website-crelan-en-pizzeria-plat-legde~a6abbf8b/ (18 maanden cel voor hacker die website Crelan en pizzeria plat legde) — HLN. https://www.bbc.com/news/amp/world-europe-48510027 (The fake French minister in a silicone mask who stole millions) — BBC News. https://www.wired.com/story/cyberstalked-teen-girls-for-years-fought-back/ (He Cyberstalked Teen Girls for Years—Then They Fought Back) — Wired. https://www.childline.org.uk/info-advice/ (Childline) — A counselling service for children and young people in the UK. https://www.consumer.ftc.gov/articles/0028-cyberbullying (Cyberbullying information) — FTC. https://www.ncpc.org/resources/cyberbullying/ (Information and resources to curb the growing problem of cyberbullying ) — National Crime Prevention Council. https://www.thecoddling.com/ (The Coddling of the American Mind.) https://www.cbsnews.com/news/suicide-depression-anxiety-mental-health-issues-increase-teens-young-adults/ (Depression, anxiety, suicide increase in teens and young adults, study finds) — CBS News. https://www.penguinrandomhouse.com/books/232363/dreyers-english-by-benjamin-dreyer/9780812995701/ (Dreyer's English by Benjamin Dreyer) — Penguin Random House. https://www.cafe.com/stay-tuned-the-laws-of-language-with-ben-dreyer/ (Stay Tuned: The Laws of Language (with Ben Dreyer).) https://www.youtube.com/watch?v=wP7b8xaWmG0 (The Defiant Ones (trailer)) — YouTube. https://www.hbo.com/the-defiant-ones (The Defiant Ones) — HBO. https://mynoise.net/ (myNoise.net)...
Jun 26, 2019
133: Cookie cock-ups, Hong Kong protests, and smart TV virus scans
56:26
We head to Hong Kong to look at how technology has helped anti-government protesters (and how China has tried to disrupt it), Samsung is skittish over whether to tell TV owners to virus-scan their devices, and you won't believe whose website is not GDPR-compliant. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by James Thomson. Visit https://www.smashingsecurity.com/133 (https://www.smashingsecurity.com/133) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. "Chickens!" Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: James Thomson. Sponsored By: https://www.edgewise.net/ (Edgewise Networks): Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure. Learn more and get a free trial at edgewise.net. https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/ (Information about Cookies) — ICO. https://allaboutdnt.com/ (All About Do Not Track.) https://www.macworld.com/article/3338152/apple-safari-removing-do-not-track.html (Apple is removing the Do Not Track toggle from Safari, but for a good reason) — Macworld. https://www.grahamcluley.com/myopt-outs-google-chrome-privacy/ (Google Chrome privacy extension hasn't been updated for years) — Graham Cluley. https://twitter.com/adam_rose/status/1140151337834962944 (Tweet by Adam Rose) — Twitter. https://www.civicuk.com/cookie-control/ (Cookie Control plugin) — Civic. https://www.bbc.co.uk/news/blogs-china-blog-48552907 (China social media: WeChat and the Surveillance State) — Stephen McDonell, BBC News. https://www.tripwire.com/state-of-security/featured/ddos-attack-telegram-offline-hong-kong-protests/ (DDoS attack that knocked Telegram secure messaging service offline) — Tripwire. https://www.bbc.co.uk/news/av/world-asia-china-48667221/inside-china-s-thought-transformation-camps (Inside China's 'thought transformation' camps) — BBC News. https://www.samsung.com/us/support/tip/TIP00083197/ (Scan your TV to prevent malware) — Samsung. https://gizmodo.com/samsung-deletes-terrifying-tweet-warning-that-its-smart-1835577964 (Samsung Deletes Frightening Tweet Warning That Its Smart TVs Can Get Viruses) — Gizmodo. https://www.zdnet.com/article/samsung-heres-how-were-securing-your-smart-tv/ (​Samsung: Here's how we're securing your smart TV) — ZDNet. https://www.grahamcluley.com/cias-weeping-angel-spying-tv-viewers/ (Is the CIA's Weeping Angel spying on TV viewers?) — Graham Cluley. https://www.vice.com/en_us/article/xy9p7n/samsung-tizen-operating-system-bugs-vulnerabilities (Samsung's Android Replacement Is a...
Jun 19, 2019
132: CBP cyber attack, an iPhone privacy boost, and Twitter list abuse
48:14
United States Customs and Border Protection had sensitive data stolen, but the hackers didn't have to breach its network. Apple has ambitious plans to make iPhone users safer online. And trolls are using Twitter lists to target their victims. All this and much much more is discussed in the latest edition of the MULTI-AWARD-WINNING "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by special guest Maria Varmazis. Visit https://www.smashingsecurity.com/132 (https://www.smashingsecurity.com/132) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.edgewise.net/ (Edgewise Networks): Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure. Learn more and get a free trial at edgewise.net. https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.grahamcluley.com/smashing-security-named-the-best-security-podcast/ (Smashing Security named the Best Security Podcast) — Graham Cluley. https://www.washingtonpost.com/technology/2019/06/10/us-customs-border-protection-says-photos-travelers-into-out-country-were-recently-taken-data-breach/ (U.S. Customs and Border Protection says photos of travelers into and out of the country were recently taken in a data breach) — Washington Post. https://www.theregister.co.uk/2019/05/23/perceptics_hacked_license_plate_recognition/ (Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online) — The Register. https://www.theregister.co.uk/2019/06/10/us_custom_border_patrol_contractor_hacked/ (US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped) — The Register. https://twitter.com/soffes/status/1137113335889924096 (Tweet from Sam Soffes.) https://www.apple.com/newsroom/2019/06/apple-previews-ios-13/ (Apple previews iOS 13) — Apple. https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple/overview/ (Sign In with Apple human user interface guidelines) — Apple. https://www.cnbc.com/2019/06/07/how-trolls-use-twitter-lists-to-target-and-harass-other-users.html (How trolls use Twitter lists to target and harass other users) — CNBC. https://www.komando.com/happening-now/572320/if-you-use-twitter-clever-trolls-are-spreading (Trolls get tricky on Twitter with targeted harassment lists) — Kim Komando. https://www.youtube.com/watch?v=JN_Idjov348 (10 hours worth of the original Firestorm TV series (Japanese, with English subtitles)) — YouTube....
Jun 12, 2019
131: Zap yourself from the net, and patch now against BlueKeep
34:14
Microsoft issues warning to unpatched Windows users about worm risk, and how do you delete all traces of yourself off the internet after you murder your podcast co-host? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, who aren't joined by a special guest this week. Visit https://www.smashingsecurity.com/131 (https://www.smashingsecurity.com/131) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.grahamcluley.com/wannacry-ransomware-hits-systems-worldwide/ (WannaCry ransomware hits systems worldwide) — Graham Cluley. https://www.smashingsecurity.com/021-wannacry-whos-to-blame (WannaCry - Who's to blame?) — Smashing Security #021. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 (Remote Desktop Services Remote Code Execution Vulnerability CVE-2019-0708 ) — Microsoft. https://blogs.technet.microsoft.com/msrc/2019/05/30/a-reminder-to-update-your-systems-to-prevent-a-worm/ (A Reminder to Update Your Systems to Prevent a Worm) — Microsoft. https://arstechnica.com/information-technology/2019/05/microsoft-says-its-confident-an-exploit-exists-for-wormable-bluekeep-flaw/ (Microsoft practically begs Windows users to fix wormable BlueKeep flaw) — Ars Technica. https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html (Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708)) — Errata Security. https://www.zdnet.com/article/intense-scanning-activity-detected-for-bluekeep-rdp-flaw/ (Intense scanning activity detected for BlueKeep RDP flaw) — ZDNet. https://www.youtube.com/watch?v=IYzlVDlE72w (Greatest Love Of All (Official Music Video) - Whitney Houston) — YouTube. https://joindeleteme.com/ (DeleteMe.) https://www.deseat.me/ (Deseat.me.) https://support.google.com/legal/troubleshooter/1114905 (Removing Content From Google.) https://www.reddit.com/r/opsec/comments/blzf7y/i_want_to_know_how_to_go_about_deleting/ (I want to know how to go about deleting everything about myself online) — Reddit. https://www.zdnet.com/article/how-to-erase-your-digital-footprint-and-make-google-forget-you/ (Remove yourself from the internet, hide your identity, and erase your online presence) — ZDNet. https://www.youtube.com/watch?v=s9APLXM9Ei8 (Chernobyl Trailer) — YouTube....
Jun 05, 2019
130: Doctored videos, Bcc blunders, and a diva
48:11
You won't believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware... and how Carole gets her diva on. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, who aren't joined by a guest this week. Visit https://www.smashingsecurity.com/130 (https://www.smashingsecurity.com/130) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Sponsored By: https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/vote (Final chance to vote for Smashing Security!) https://medium.com/@katelerickson/apple-podcasts-new-noteworthy-whats-hot-sections-are-back-3045a1667d58 (Apple Podcasts New & Noteworthy, What’s Hot Sections Are Back) — Kate Erickson. https://www.theregister.co.uk/2018/11/21/security_awareness_train_reply_all_gaffe/ (When selling security awareness training by email, probably a good shout not to hit 'reply all') — The Register. https://www.ghostery.com/blog/ghostery-news/ghostery-email-incident-update/ (Ghostery Email Incident Update) — Ghostery. https://www.theregister.co.uk/2016/11/14/nhs_email_test_reply_all_fail_1_2_million_users/ (NHS IT bod sends test email to 850k users – and then responses are sent 'reply all') — The Register. https://www.theregister.co.uk/2017/02/01/google_mistakes_entire_nhs_for_a_botnet/ (Google mistakes the entire NHS for massive cyber-attacking botnet) — The Register. https://www.theregister.co.uk/2016/11/14/nhs_blames_supplier_accenture_850k_user_reply_all_email/ (UK NHS 850k Reply-all email fail: State health service blames Accenture) — The Register. https://www.safesendsoftware.com/bcc-warning-when-emailing-to-many-to-cc-recipients/ (BCC warning when emailing to many TO/CC recipients) — SafeSend. https://www.standss.com/sendguard/ (SendGuard for Outlook.) https://www.computable.nl/artikel/nieuws/crm/6670704/250449/autoriteit-persoonsgegevens-blundert-met-cc-knop.html (Privacywaakhond AP blundert met cc-knop) — Computable. https://twitter.com/privasense/status/1133458921392418828?s=11 (Tweet by Jeroen Terstegge.)...
May 30, 2019
129: Too Long; Didn't Listen
51:34
Don't hire a hacker, they might scam you! What works and what doesn't when it comes to protecting your email account? And China's controversial social credit system comes under the microscope. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Maria Varmazis. Visit https://www.smashingsecurity.com/129 (https://www.smashingsecurity.com/129) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Maria Varmazis. Sponsored By: https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/vote (Vote for Smashing Security in the EU Security Blogger Awards) https://www.grahamcluley.com/hack-facebook-account-earth-answer-voicemail/ ("How to hack a Facebook account..." - how on earth to answer?) — Graham Cluley. https://www.sysnet.ucsd.edu/~voelker/pubs/hackforhire-www19.pdf (Hack for Hire: Exploring the Emerging Marketfor Account Hijacking) — Report from University of California, San Diego and Google. https://www.zdnet.com/article/google-research-most-hacker-for-hire-services-are-frauds/ (Google research: Most hacker-for-hire services are frauds) — ZDNet. https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html (New research: How effective is basic account hygiene at preventing hijacking) — Google Online Security Blog. https://www.wired.co.uk/article/china-social-credit-system-explained (The complicated truth about China's social credit system) — Wired. https://www.theguardian.com/world/2019/mar/01/china-bans-23m-discredited-citizens-from-buying-travel-tickets-social-credit-system (China bans 23m from buying travel tickets as part of 'social credit' system) — The Guardian. https://www.technologyreview.com/f/613027/chinas-social-credit-system-isnt-as-orwellian-as-it-sounds/ (Is China’s social credit system as Orwellian as it sounds?) — MIT Technology Review. https://www.livemint.com/opinion/columns/opinion-why-india-needs-to-be-wary-of-china-style-social-credit-ratings-1550423726392.html (Opinion: Why India needs to be wary of China-style social credit ratings) — LiveMInt. https://www.youtube.com/watch?v=30uRAk591no (Mihail Tal vs. Vassily Smyslov // Sacrificial Maniac vs. Positional Maestro) — YouTube. https://www.youtube.com/channel/UCVfSsCg38hOzrezIFvMz9oA (Outray Chess) — YouTube. https://ds9documentary.com/ (What We...
May 22, 2019
128: Shackled ankles, photo scrapes, and SIM card swaps
50:34
A bad software update causes big headaches for Dutch police, but brings temporary freedom to criminals. SIM swaps are in the news again as fraudsters steal millions. And does your cloud photo storage service have a dirty little secret? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Rip Off Britain's David McClelland. Visit https://www.smashingsecurity.com/128 (https://www.smashingsecurity.com/128) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: David McClelland. Sponsored By: https://www.smashingsecurity.com/gartner (Gartner): Gartner's Security & Risk Management Summit, running from June 17-20 2019 in National Harbor, Maryland, is the premier cybersecurity conference for CISOs, IT Security & Risk Professionals. Get the latest unbiased research and advice on cyber attacks, and emerging technologies including AI, blockchain, machine-learning and more. Visit smashingsecurity.com/gartner to find out more. Smashing Security listeners can save $350 off the standard registration rate by using the code "SMASHING". Promo Code: SMASHING https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/vote (Vote for Smashing Security in the EU Security Blogger Awards ) https://www.zdnet.com/article/software-update-crashes-police-ankle-monitors-in-the-netherlands/ (Software update crashes police ankle monitors in the Netherlands) — ZDNet. https://www.independent.ie/irish-news/news/irishman-20-facing-more-than-100-years-in-us-prison-for-alleged-2-5m-cryptocurrency-fraud-38098424.html (Irishman facing more than 100 years in US prison for alleged $2.5m cryptocurrency fraud) — Independent.ie https://uk.reuters.com/article/us-crypto-currency-lawsuit/u-s-investor-awarded-75-million-in-cryptocurrency-crime-case-idUKKCN1SG2CO (U.S. investor awarded $75 million in cryptocurrency crime case) — Reuters. https://www.wired.com/story/sim-swap-fix-carriers-banks/ (The SIM Swap Fix That the US Isn't Using) — Wired. https://www.youtube.com/watch?v=Pmx5zAvTQYs&feature=youtu.be&t=25 (Everalbum Photo Organizing App) — YouTube. https://www.nbcnews.com/tech/internet/facial-recognition-s-dirty-little-secret-millions-online-photos-scraped-n981921 (Facial recognition's 'dirty little secret':...
May 15, 2019
127: I do love the Dutch
45:24
Israel strikes back at Hamas's hacking HQ, a new sextortion email comes with a twist, and Carole saves the world with some help from hacked Roomba vacuum cleaners. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Malicious Life's Ran Levi. Visit https://www.smashingsecurity.com/127 (https://www.smashingsecurity.com/127) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Ran Levi. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/gartner (Gartner): Gartner's Security & Risk Management Summit, running from June 17-20 2019 in National Harbor, Maryland, is the premier cybersecurity conference for CISOs, IT Security & Risk Professionals. Get the latest unbiased research and advice on cyber attacks, and emerging technologies including AI, blockchain, machine-learning and more. Visit smashingsecurity.com/gartner to find out more. Smashing Security listeners can save $350 off the standard registration rate by using the code "SMASHING". Promo Code: SMASHING https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bleepingcomputer.com/news/security/new-extortion-email-scam-threatens-to-release-your-sex-tape/ (New Extortion Email Scam Threatens to Release Your Sex Tape) — Bleeping Computer. https://www.grahamcluley.com/ashley-madison-blackmail-letter/ (Here's what an Ashley Madison blackmail letter looks like) — Graham Cluley. https://www.grahamcluley.com/suicide-ashley-madison/ (Suicide and Ashley Madison) — Graham Cluley. https://www.grahamcluley.com/israel-bombs-building-containing-alleged-hamas-hackers/ (Israel bombs building containing alleged Hamas hackers) — Graham Cluley. https://www.timesofisrael.com/idf-says-it-thwarted-a-hamas-cyber-attack-during-weekend-battle/ (IDF says it thwarted a Hamas cyber attack during weekend battle) — Times of Israel. https://www.bloomberg.com/news/articles/2018-07-03/israel-hamas-tried-to-spy-on-soldiers-with-fake-dating-apps (Israel: Hamas Tried to Spy on Soldiers With Fake Dating Apps) — Bloomberg. https://www.zdnet.com/article/ransomware-attack-on-israeli-users-fails-miserably-due-to-coding-error/ (Ransomware attack on Israeli users fails miserably due to coding error) — ZDNet. https://twitter.com/michaelreeves08 (Michael Reeves on Twitter.) https://www.youtube.com/watch?v=c2gq4IwIc_s&feature=youtu.be&t=504 (A Robot That Picks Tomatoes Out...
May 08, 2019
126: Zombie chickens and fast-food victims
49:11
What's the worst that can happen if you join a Hollywood hard man's Facebook page? What drove a man to hijack a website's name at gunpoint? And can you solve the mystery of the Canadian Hamburglar? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by Naked Security's Mark Stockley. Visit https://www.smashingsecurity.com/126 (https://www.smashingsecurity.com/126) to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Mark Stockley. Sponsored By: https://www.smashingsecurity.com/gartner (Gartner): Gartner's Security & Risk Management Summit, running from June 17-20 2019 in National Harbor, Maryland, is the premier cybersecurity conference for CISOs, IT Security & Risk Professionals. Get the latest unbiased research and advice on cyber attacks, and emerging technologies including AI, blockchain, machine-learning and more. Visit smashingsecurity.com/gartner to find out more. Smashing Security listeners can save $350 off the standard registration rate by using the code "SMASHING". Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.bbc.co.uk/news/uk-england-manchester-47969165 (Fraudster poses as Jason Statham to steal victim's money) — BBC News. https://www.grahamcluley.com/nine-men-arrested-in-united-states-for-stealing-millions-through-business-email-compromise-and-romance-scams/ (Nine men arrested in United States for stealing millions through business email compromise and romance scams) — Graham Cluley. https://techcrunch.com/2009/12/18/twitter-dns-attack-iran/ (Twitter Hack: Part Of Broader Iranian Strategy) — TechCrunch. https://gizmodo.com/hackers-hit-google-palestine-and-defaced-the-front-page-1203355371 (Hackers Hit Google Palestine and Defaced the Front Page) — Gizmodo. https://nakedsecurity.sophos.com/2019/04/24/gunpoint-domain-hijack-turns-out-to-have-been-a-family-affair/ (Gunpoint domain hijack turns out to have been a family affair) — Naked Security. https://www.justice.gov/usao-ndia/pr/jury-convicts-social-media-entrepreneur-plot-hijack-internet-domain (Jury Convicts Social Media Entrepreneur in Plot to Hijack Internet Domain) — Department of Justice. https://www.cbc.ca/news/business/mcdonald-s-app-fraudster-online-account-1.5113012...
May 01, 2019
125: Pick of the thief!
47:19
WannaCry's "accidental hero" pleads guilty to malware charges, Samsung and Nokia have fingerprint fumbles, the NCSC publishes a list of 100,000 dreadful passwords, and Apple finds itself at the centre of an identity mix-up. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by John Hawes. Follow the show on Twitter at @SmashinSecurity, on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: John Hawes. Sponsored By: https://www.smashingsecurity.com/metacompliance (MetaCompliance): People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Go to smashingsecurity.com/metacompliance Promo Code: SMASHING https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://www.smashingsecurity.com/38 ("Gents! Stop airdropping your pics!") — Smashing Security episode 038, where we discussed the arrest of Marcus Hutchins. https://www.courtlistener.com/recap/gov.uscourts.wied.77855/gov.uscourts.wied.77855.124.0.pdf (Marcus Hutchins plea agreement) — PDF https://www.malwaretech.com/public-statement (Statement from Marcus Hutchins (aka MalwareTech)) https://twitter.com/MalwareTechBlog/status/1119694262440882176 ("Stick to the good side.") — Marcus Hutchins on Twitter. https://www.grahamcluley.com/the-samsung-galaxy-s10s-ultrasonic-fingerprint-scanner-is-hacked/ (The Samsung Galaxy S10's ultrasonic fingerprint scanner is hacked) — Graham Cluley. https://twitter.com/decodedpixel/status/1120069664170807296 (Video of Nokia 9's fingerprint sensor failure) — Decoded Pixel on Twitter. https://www.zdnet.com/article/nokia-9-buggy-update-lets-anyone-bypass-fingerprint-scanner-with-a-pack-of-gum/ (Nokia 9 buggy update lets anyone bypass fingerprint scanner with a pack of gum) — ZDNet. https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security (Most hacked passwords revealed as UK cyber survey exposes gaps in online security) — NCSC. https://www.grahamcluley.com/facebook-hoovered-up-1-5-million-users-email-contacts-without-permission-unintentionally/ (Facebook hoovered up 1.5 million users' email contacts without permission... "unintentionally") — Graham Cluley. https://nakedsecurity.sophos.com/2019/04/19/facebook-we-logged-100x-more-instagram-plaintext-passwords-than-we-thought/ (Facebook: we logged 100x more Instagram plaintext passwords than we thought) — Naked Security. https://www.information-age.com/psd2-8-things-businesses-needs-know-123470930/ (Second Payment Services Directive (PSD2): 8 things businesses needs to know) — Information Age. https://9to5mac.com/2019/04/22/apple-store-thefts-lawsuit/ (Teen sues Apple over...
Apr 24, 2019
124: Poisoned porn ads, the A word, and why why why Wipro?
52:41
The hacker who lived the high life after spreading malware via porn sites, Wipro demonstrates how to turn a cybersecurity crisis into a PR disaster, and why are humans listening in to your Alexa conversations? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and Carole Theriault, joined this week by special guest Brian Honan. Follow the show on Twitter at @SmashinSecurity, on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Brian Honan. Sponsored By: https://www.lastpass.com/smashing (LastPass): LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses. https://www.smashingsecurity.com/intelligence (Recorded Future): For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you. "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks. Download it for free at smashingsecurity.com/intelligence https://www.patreon.com/smashingsecurity (Support Smashing Security) Links: https://nationalcrimeagency.gov.uk/news/hacker-from-russian-crime-group-jailed-for-multi-million-pound-global-blackmail-conspiracy (Hacker from Russian crime group jailed for multi-million pound global blackmail conspiracy) — NCA. https://www.nomoreransom.org/ (The No More Ransom Project.) https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/ (Experts: Breach at IT Outsourcing Giant Wipro) — Krebs on Security. https://twitter.com/Wipro/status/1118084262849171456 (Statement from Wipro Limited confirming security breach.) https://www.grahamcluley.com/talktalk-phone-scams-arrests-indian-center/ (TalkTalk phone scams: arrests made at Indian call center) — Graham Cluley. https://krebsonsecurity.com/2019/04/how-not-to-acknowledge-a-data-breach/ (How Not to Acknowledge a Data Breach ) — Krebs on Security. https://twitter.com/gcluley/status/1118203223528169474 ("The Wipro quarterly earnings call would have gone really well if that pesky @briankrebs hadn't shown up... ") — Graham Cluley on Twitter. https://www.bbc.co.uk/news/technology-47893082 (Smart speaker recordings reviewed by humans ) — BBC News. https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio (Is Anyone Listening to You on Alexa? A Global Team Reviews Audio) — Bloomberg. https://www.cnbc.com/2019/04/11/how-to-stop-amazon-from-listening-to-what-you-say-to-alexa.html (How to stop Amazon from listening to what you say to Alexa) — CNBC. https://techcrunch.com/2018/11/14/amazon-echo-recordings-judge-murder-case/ (Judge orders Amazon to turn over Echo recordings in double murder case) — TechCrunch. https://t