Smashing Security

This clever scam nearly hijacked a tech CEO's Apple ID

Thu, 19 Mar 2026 00:00:25 +0000

In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you're immune?

Plus: would you donate your lifetime medical history to science if you were promised anonymity? We unpack serious concerns around UK Biobank, where “de-identified” data may not be as anonymous as you think — and how surprisingly little information it takes to reveal everything.

And! Human-powered “AI”, and a punishment worse than prison: eight hours on the RSA expo floor...

All this, and much more, in episode 459 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Paul Ducklin.

EPISODE LINKS:

DOGE employee stole Social Security data and put it on a thumb drive, report says - TechCrunch.
Foreign hacker in 2023 compromised Epstein files held by FBI, source and documents show - Reuters.
New font-rendering trick hides malicious commands from AI tools - Bleeping Computer.
Lockdown Mode - Apple support.
Gone (Almost) Phishin’ - Matt Mullenweg.
Listen to the Live Scam Call Targeting Matt Mullenweg’s Apple Account - YouTube.
Confidential health records from UK BioBank project exposed online - The Guardian.
A message from Professor Sir Rory Collins, Chief Executive and Principal Investigator of UK Biobank - UK BioBank.
Psychotherapy data breach blackmailer sent to prison - Paul Ducklin.
Your AI slop bores me.
Post by Vaughan Shanks - LinkedIn.
Judge Sentences CISO to 8 Consecutive Hours on RSA Expo Floor as Formal Punishment for Security Breach - The Exploit.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Adaptive Security - request a custom demo featuring a real CEO deepfake simulation.
Meter - Network infrastructure for the enterprise. Get a free personalised demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

How not to steal $46 million from the US government

Thu, 12 Mar 2026 00:00:02 +0000

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia.

Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call.

Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick.

All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

EPISODE LINKS:

Major data leak forum dismantled in global action against cybercrime forum - Europol.
Ericsson blames vendor vishing slip-up for breach exposing thousands of records - The Register.
How hackers bypassed MFA with a $120 phishing kit – until law enforcement shut them down - Hot for Security.
Wikipedia hit by self-propagating JavaScript worm that vandalized pages - Bleeping Computer.
FBI arrests crypto thief accused of stealing $46 million from seized government wallet - Tom’s Hardware.
Twitter thread by ZachXBT about John Daghita’s arrest - Twitter.
Asterix - Wikipedia.
Robin Hobb.
The Complete Farseer trilogy - Harper Collins.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
Meter - Network infrastructure for the enterprise. Get a free personalised demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

How a cybersecurity boss framed his own employee

Thu, 05 Mar 2026 00:00:58 +0000

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush.

In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling zero-day exploits to a Russia-linked broker.

Plus: are nation states quietly poisoning AI models to bend reality itself? We explore how “foreign information manipulation interference” could target not just social media users, but the large language models we increasingly trust for answers — and what that might mean for truth, trust, and the future of online influence.

All this, and much more, in episode 457 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Carl Miller.

EPISODE LINKS:

Large-Scale Online Deanonymization with LLMs - Simon Lermen.
Hacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes - Wired.
“Stay safe out there gamers”: Streamers say Amazon just made Wishlists a doxxing risk - Daily Dot.
Apple alerts exploit developer that his iPhone was targeted with government spyware - TechCrunch.
Former General Manager for U.S. Defense Contractor Sentenced to 87 Months for Selling Stolen Trade Secrets to Russian Broker - US Department of Justice.
Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools - US Department of Treasury.
Inside the story of the US defense contractor who leaked hacking tools to Russia - TechCrunch.
Hundreds of English-language websites link to pro-Kremlin propaganda - Guardian.
The Incredible Shrinking Man - Internet Archive.
“The Immortalists” by Aleks Kortoski - Penguin Books.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.
Meter - Network infrastructure for the enterprise. Get a free personalised demo.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

How to lose friends and DDoS people

Thu, 26 Feb 2026 00:00:03 +0000

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name.

In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window.

Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next?

All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.

EPISODE LINKS:

This App Will Detect People Wearing Smart Glasses Near You - Lifehacker.
Patients listed as dead after major NZ health app MediMap hacked - 1News.
Why fake AI videos of UK urban decline are taking over social media - BBC News.
FBI orders domain registrar to reveal who runs mysterious Archive.is site - Ars Technica.
Archive.today CAPTCHA page executes DDoS; Wikipedia considers banning site - Ars Technica.
Archive.today is directing a DDOS attack against my blog - Gyrovague.
Critical buffer overflow bug - in ESXi ransomware - SolCyber.
Yoga with Adriene - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Coreview - Download "Total Tenant Takeover", a white paper about the Microsoft 365 Disaster No One Is Ready For.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Face off: Meta’s Glasses and America’s internet kill switch

Thu, 19 Feb 2026 00:00:33 +0000

Could America turn off Europe's internet?

That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B?

Plus we explore if Meta is quietly plotting to turn its smart glasses into face-recognising surveillance specs? With reports of internal memos suggesting they plan to launch controversial features while everyone’s distracted by political chaos, we ask: is this innovation really wanted by the public... or something far creepier?

All of this, and much more, in episode 455 of the award-winning "Smashing Security" podcast with cybersecurity veteran Graham Cluley, joined this week by journalist and author James Ball.

EPISODE LINKS:

IcedID malware developer fakes his own death to escape the FBI - Risky Business.
Sex toys maker Tenga says hacker stole customer information - TechCrunch.
Dutch police arrest man for "hacking" after accidentally sending him confidential files - Hot for Security.
Meta Plans to Add Facial Recognition Technology to Its Smart Glasses - New York Times.
Trading Sovereignty for Scale? The Costs of the US - UK Tech Prosperity Deal - Just Security.
Just Mercy - Wikipedia.
Just Mercy trailer - YouTube.
Bryan Stevenson’s TED talk: We need to talk about an injustice - YouTube.
The Residence - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Passwork - a reliable secrets manager and password management solution.
Adaptive Security - request a custom demo featuring a real CEO deepfake simulation.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

AI was not plotting humanity’s demise. Humans were

Thu, 12 Feb 2026 00:00:31 +0000

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity... or so the internet would have you believe.

We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as bots.

Plus we discuss why "vibe coding" your app might be a catastrophically bad idea, when security researchers can easily peek inside rifle through your private messages, API keys, and databases.

Also this week we learn that pro-Russian hackers are circling the Winter Olympics - or is it the Jamaican Bobsleigh team?

All this and more is discussed in episode 454 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Iain Thomson.

EPISODE LINKS:

SPONSORS:

Meter - Network infrastructure for the enterprise. Get a free personalised demo.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Passwork - a reliable secrets manager and password management solution.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The Epstein Files didn’t hide this hacker very well

Thu, 05 Feb 2026 00:00:31 +0000

Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting.

Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we learn how trust - once cracked - can be almost impossible to fully restore.

Elsewhere, the spotlight turns to insider threat in the age of AI, after a senior US cybersecurity official uploads sensitive government material into the public version of ChatGPT. Oops.

All this, and much more, in episode 453 of Smashing Security with cybersecurity veteran Graham Cluley and special guest Tricia Howard.

EPISODE LINKS:

Notepad++ hijacked to serve malware in targeted attacks - Notepad++.
Porn-quitting app caught leaking users’ sexual habits - 404 Media.
MicroWorld Technologies’ eScan anti-virus update turned into a malware delivery system - Morphisec.
Jmail.World.
Informant told FBI that Jeffrey Epstein had a ‘personal hacker’ - Techcrunch.
Confidential informant statement given to FBI - US Department of Justice.
Post by Graham Cluley - LinkedIn.
Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - Politico.
We are Lady Parts - Channel 4.
We are Lady Parts trailer - YouTube.
“Bashir with a good beard” by We are Lady Parts - YouTube.
“Voldermort under my headscarf” by We are Lady Parts - YouTube.
Doctor Who: The Shakespeare Notebooks - Penguin.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Passwork - a reliable secrets manager and password management solution.
Meter - Network infrastructure for the enterprise. Get a free personalised demo.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The dark web's worst assassins, and Pegasus in the dock

Thu, 29 Jan 2026 00:00:28 +0000

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device.

Plus, we go looking for professional hitmen online - only to uncover uncomfortable questions about why some crimes attract customers but very few complaints.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Joe Tidy.

EPISODE LINKS:

Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch - The Register.
Russian state hackers likely behind wiper malware attack on Poland’s power grid - The Record.
US charges 31 more suspects linked to ATM malware attacks - Bleeping Computer.
Dark web arrests in Romania linked to portal which offered services including murder - ROCU.
Romanian scammers ran fake hitman-for-hire site, lured desperate perpetrators as 'incompetent assassins' - Fox News.
This Fake Hitman Site Is the Most Elaborate, Twisted Dark Web Scam Yet - VICE.
Unlikely Assassin, The Murder of Amy Allwine - Rooster.
Saudi dissident awarded $4.1 million by UK court for hacking, assault 'by Saudi Arabia' - Reuters.
Stalkerware: The software that spies on your partner - BBC News.
Using 'stalkerware' to spy on a colleague's phone - YouTube.
“Polite Society” trailer - YouTube.
Elegoo Saturn 3 3D printer - Elegoo.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Passwork - a reliable secrets manager and password management solution.
Coreview - Download "Total Tenant Takeover", a white paper about the Microsoft 365 Disaster No One Is Ready For.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

I hacked the government, and your headphones are next

Thu, 22 Jan 2026 00:00:25 +0000

In episode 451 of "Smashing Security," we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more - and then helpfully posted screenshots (and even someone’s blood type) on an account called "I hacked the government."

Plus we discuss how researchers uncovered a creepy flaw that lets attackers hijack wireless headphones, listen in on calls, inject audio, and even turn your earbuds into a stalking device - all without you noticing.

All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Ray [REDACTED]

EPISODE LINKS:

Tennessee Man Pleads in Hacking U.S. Supreme Court, AmeriCorps, and VA Health System - US Department of Justice.
Paris Hilton’s hacker sentenced to 57 months in prison - Graham Cluley.
WhisperPair.
One Tap To Hijack Them All - A Security Analysis of the Google Fast Pair Protocol - YouTube.
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking - Wired.
Line of Duty - Wikipedia.
Line of Duty - BBC iPlayer.
Forgive the haters - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

From Instagram panic to Grok gone wild

Thu, 15 Jan 2026 00:00:57 +0000

Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale - sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for.

And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children - raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away.

All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Monica Verma.

EPISODE LINKS:

Free Speech Union website down after alleged funders exposed by trans hackers - Pink News.
Illinois Man Charged in Snapchat Hacking Investigation - US Dept of Justice.
Hackers get hacked, as BreachForums database is leaked - Hot for Security.
Post by Malwarebytes - Bluesky.
Post by Instagram - Twitter.
Instagram denies breach amid claims of 17 million account data leak - Bleeping Computer.
Ofcom asks X about reports its Grok AI makes sexualised images of children - BBC News.
Musk’s Grok blocked by Indonesia, Malaysia over sexualized images in world first - CNN.
Elon Musk shares AI images of Starmer in bikini in row over grim Grok deepfakes - Mirror.
Soul Music - BBC Sounds.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Meter - Network infrastructure for the enterprise. Get a free personalised demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

How to scam someone in seven days

Thu, 08 Jan 2026 00:00:00 +0000

Romance scammers have apparently discovered astrology... and Taurus is their secret weapon.

In episode 449 of "Smashing Security", we take a look inside an actual romance-fraud handbook - complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto.

Then Lesley "hacks4pancakes" Carhart delivers a reality check on the dire cybersecurity jobs market for juniors: why entry-level roles are evaporating, how automated CV screening is chewing candidates up, and what hopeful newcomers (and weary veterans) can do about it.

Plus, Graham talks to ThreatLocker CEO Danny Jenkins about why misconfigurations are behind an uncomfortable number of breaches, how default-deny security actually works in practice, and why detecting attacks after they’ve started is already too late.

All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Lesley Carhart.

EPISODE LINKS:

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
Meter - Network infrastructure for the enterprise. Get a free personalised demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

The Kindle that got pwned

Thu, 18 Dec 2025 00:00:59 +0000

Think your Kindle is harmless? Think again! In this episode, Graham and special guest Danny Palmer unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account and seize control of your credit card.

Plus a blast from 2021's "summer of ransomware" returns to haunt Ireland's Health Service Executive, as victims are offered €750 each.

And because it's the last show before the Christmas break, there's also a Pick of the Week that veers from cosy rom-com comfort to pointy-polygon nostalgia.

All this, and more, in episode 448 of the "Smashing Security" podcast with Graham Cluley, and special guest Danny Palmer.

🎅 🎄 Thanks to everyone for listening to "Smashing Security" during 2025 - we look forward to being back in your ear'oles in early January. Stay safe! 🎅 🎄

EPISODE LINKS:

Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK - ICO.
Trump Administration Turning to Private Firms in Cyber Offensive - Bloomberg.
Russian ban on Roblox gaming platform sparks rare protest - Reuters.
Once upon an exploit: how fake audiobook led to Kindle takeover - Cybernews.
Four years later, Irish health service offers €750 to victims of ransomware attack - Bitdefender.
When Harry Met Sally - Wikipedia.
When Harry Met Sally trailer - YouTube.
Tomb Raider 1-3 Remastered review - you were never going to smooth these games out - Eurogamer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Grok the stalker, the Louvre heist, and Microsoft 365 mayhem

Thu, 11 Dec 2025 00:00:18 +0000

On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily doxxing real people, mapping out stalking "strategies," and handing out revenge-porn tips.

Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what "looks normal" - the same kind of bias we’re now baking into security AIs.

Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.

All this, and more, in episode 447 of the "Smashing Security" podcast with Graham Cluley, and special guest Jenny Radcliffe.

EPISODE LINKS:

Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware - The Record.
US Posts $10 Million Bounty for Iranian Hackers - Security Week.
Infostealer has entered the chat - Kaspersky.
Dave Portnoy posts a photo of his lawn (including a manatee-shaped mailbox) - Twitter.
Elon Musk’s Grok AI Is Doxxing Home Addresses of Everyday People - Futurism.
Elon Musk’s Grok Is Providing Extremely Detailed and Creepy Instructions for Stalking - Futurism.
How the Louvre thieves exploited human psychology to avoid suspicion – and what it reveals about AI - The Conversation.
Outrageous (TV series) - Wikipedia.
Outrageous trailer - YouTube.
Man charged with theft after allegedly swallowing Fabergé pendant in jewellery store - The Guardian.
Free Microsoft 365 Tenant Security Scanner - CoreView.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.
CoreView - Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

A hacker doxxes himself, and social engineering-as-a-service

Thu, 04 Dec 2025 00:00:06 +0000

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025.

Plus, Graham rants about recipe sites that won’t shut up, and there's even more love for Lily Allen's album "West End Girl" album.

All this and more is discussed in episode 446 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Rik Ferguson.

EPISODE LINKS:

Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin - The Register.
4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign - Koi.
Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts - Push Security.
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ - Krebs on Security.
Jonathan Ross email goof highlights Twitter security issue - Graham Cluley.
VIDEO: Mark Zuckerberg’s password choices are dadada-dumb! - Graham Cluley.
Password to Louvre’s video surveillance system was 'Louvre', according to employee - ABC News.
Just the Recipe.
West End Girl - Wikipedia.
West End Girl - Spotify.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

1Password - Take the first step to better security by securing your team’s credentials.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

The hack that brought back the zombie apocalypse

Thu, 27 Nov 2025 00:00:34 +0000

America's airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.

Meanwhile, we look at how a worker at a cybersecurity firm allegedly leaked internal information to a hacking gang - raising big questions about insider threats.

Plus: Frankenstein on Netflix, Vine nostalgia, and why Barney the Dinosaur may be the true criminal mastermind behind it all.

All this and more is discussed in episode 445 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Dan Raywood.

EPISODE LINKS:

Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix - Acronis.
Tokyo Court Finds Cloudflare Liable For Manga Piracy in Long-Running Lawsuit - TorrentFreak.
Former Google chief accused of spying on employees through account ‘backdoor’ - LA Times.
Bogus zombie apocalypse warnings undermine US emergency alert system - Ars Technica.
2013 EAS Zombie Hoax - Emergency Alert System Wiki.
The 1987 Max Headroom incident - YouTube.
Nation-wide radio station hack airs hours of vulgar “furry sex” ramblings - Ars Technica.
ESPN 97.5 Houston Victim Of Barix Hack - Radio Insight.
ESPN Houston apologises to viewers - Facebook.
CrowdStrike fires ‘suspicious insider’ who passed information to hackers - TechCrunch.
Frankenstein official trailer - YouTube.
Frankenstein - Netflix.
Vine: Six Seconds that changed the world - Global Player.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

We’re sorry. Wait, did a company actually say that?

Thu, 20 Nov 2025 00:00:31 +0000

Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests.

In episode 444 of "Smashing Security" we examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that abuses trust in apps and CAPTCHAs, and chat about autonomous pen testing, AI-turbocharged cybercrime, and what CISOs should really be asking on Monday morning.

And lost Doctor Who is brought back to life by one very dedicated animator, and we take a look at Eddie Murphy’s career.

All this and more is discussed in episode 444 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

Plus - don't miss our featured interview with Snehal Antani from Horizon3.ai!

EPISODE LINKS:

A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers - Wired.
British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News.
Cloudflare experiences a massive outage - LifeHacker.
Protecting our Merchants: Standing up to Extortion - Checkout.
A miracle: A company says sorry after a cyber attack - and donates the ransom to cybersecurity research - Hot for Security.
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware - The Hacker News.
Unmasking a Sophisticated Phishing Campaign That Targets Hotel Guests - Akamai.
Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 1 - YouTube.
Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 2 - YouTube.
Being Eddie - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Tinder’s camera roll and the Buffett deepfake

Thu, 13 Nov 2025 00:00:28 +0000

Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips."

Meanwhile, will agentic AI replace your co-hosts before you can say "EDR for robots"? and why you should still read books.

All this, plus Lily Allen's new album and Claude Code come up for discussion in episode 443 of the "Smashing Security" podcast, with special guest Ron Eddings.

EPISODE LINKS:

‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones - TechCrunch.
Cyber insurers paid out over twice as much for UK ransomware attacks last year - The Register.
Lost iPhone? Don’t fall for phishing texts saying it was found - Bleeping Computer.
Tinder to use AI to get to know users, tap into their Camera Roll photos - TechCrunch.
Facebook’s AI can now suggest edits to the photos still on your phone - TechCrunch.
Berkshire warns of AI deepfakes impersonating Warren Buffett - Reuters.
West End Girl - Wikipedia.
West End Girl - Spotify.
Claude Code.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

The hack that messed with time, and rogue ransomware negotiators

Thu, 06 Nov 2025 00:00:22 +0000

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away.

Plus when ransomware negotiators turn to the dark side, what could possibly go wrong?

All this and more is discussed in episode 442 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Dave Bittner.

EPISODE LINKS:

Alleged Meduza Stealer malware admins arrested after hacking Russian org - Bleeping Computer.
Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices - Zimperium.
Postcode Lottery's lucky dip turns into data slip as players draw each other's info - The Register.
Chinese Ministry of State Security MSS WeChat post - WeChat.
China blames US for cyber break-in, claims America is world's biggest bit burglar - The Register.
Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says - Chicago Sun Times.
MicroMacro: Crime City.
Star Wars 3.5 foot animated LED R2-D2 - Home Depot.
TrackaLacker.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Inside the mob's million-dollar poker hack, and a Formula 1 fumble

Thu, 30 Oct 2025 00:00:16 +0000

Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table.

Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars.

Plus: Graham’s “Pick of the Week” turns CAPTCHA hell into a delightfully deranged browser game that will make you question vegetables, geometry, and your life choices, while Danny takes a trip to ancient Africa...

All this and more is discussed in episode 441 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Danny Palmer.

EPISODE LINKS:

SPONSORS:

Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.
SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

How to hack a prison, and the hidden threat of online checkouts

Wed, 22 Oct 2025 23:00:40 +0000

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.

Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio.

All this and more is discussed in episode 440 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.

EPISODE LINKS:

What caused the AWS outage - and why did it make the internet fall apart? - BBC News.
China blames US for cyber break-in, claims America is world's biggest bit burglar - The Register.
Nintendo allegedly hacked by Crimson Collective hacking group - screenshot shows leaked folders, production assets, developer files, and backups - Tom’s Hardware.
Romanian inmate hacks into prison IT system, modifies sentences for others - Romania Insider.
New Version of PCI DSS Designed to Tackle Emerging Payment Threats - Infosecurity Magazine.
What is Magecart? How this hacker group steals payment card data - CSO.
Keyboard Maestro.
Screen Studio.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

A breach, a burnout, and a bit of Fleetwood Mac

Wed, 15 Oct 2025 23:00:37 +0000

A critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole.

Meanwhile we dig into the bit we don't talk about enough: the human cost of defending companies from hackers - stress, burnout, and how better leadership culture can help make security teams safer and saner.

Plus we say a heartfelt "la di dah" to Diane Keaton, and tune in to a freshly re-released slice of pre-Fleetwood Mac history for the music-obsessed amongst us.

All this and more is discussed in episode 439 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Annabel Berry.

EPISODE LINKS:

Cyber-attacks rise by 50% in past year, UK security agency says - The Guardian.
What does the end of free support for Windows 10 mean for its users? - The Guardian.
Satellites found exposing unencrypted data, including phone calls and some military comms - TechCrunch.
Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS - Forescout.
Caught in the act: Ransomware attack sticks to our AI-created honeypot - Forescout.
Human Performance in Security Operations: A Survey on Burnout, Wellbeing and Flow State Among Practitioners - NDSS Symposium.
State of the Security Profession 23/24 - Chartered Institute of Information Security.
Leading Cyber.
Mental Health in Cybersecurity Foundation.
“Play it Again, Sam” - IMDB.
“Play it Again, Sam” clip - YouTube.
“Buckingham Nicks” - Spotify.
Fleetwood Mac - Silver Springs (Live, 1997) - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

If anything we've discussed today has resonated with you, or if you're going through a tough time, please know you are not alone. There is always someone ready to listen, without judgment. Here are a few of the available resources:

Shout - text 85258 (24x7)
Samaritans - tel 116123 (24x7)
Suicide prevention - tel 0800 689 5652 (6pm - 3.30am)
SANEline - tel 0300 304 7000 (4.30pm - 10.30pm)

SPONSORS:

SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

When your mouse turns snitch, and hackers grow a conscience

Wed, 08 Oct 2025 23:00:10 +0000

Your computer's mouse might not be as innocent as it looks - and one ransomware crew has a crisis of conscience that nobody saw coming.

We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need to think carefully about their reputation.

Meanwhile, Graham reveals a baked potato hack that might just change your life, and we take an unexpected detour to South America for a bit of literary adventure involving inflatable pigs.

All this and more is discussed in episode 438 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Geoff White.

EPISODE LINKS:

Discord users' data stolen by hackers in third-party data breach - Bitdefender.
North Korean hackers increasingly targeting wealthy crypto holders - BBC News.
Scattered Lapsus$ Hunters offering $10 in Bitcoin to 'endlessly harass' execs - The Register.
Vacanti mouse - Wikipedia.
Mic-E-Mouse.
Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors - Arvix.
Mic-E-Mouse Pipeline Demonstration - YouTube.
Hackers say they have deleted children's pictures and data after nursery attack backlash - BBC News.
Baked Potato - Wikipedia.
“At the Tomb of the Inflatable Pig: Travels through Paraguay” - Penguin.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off.
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Salesforce's trusted domain of doom

Wed, 01 Oct 2025 23:00:34 +0000

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars.

And we discuss why data breach communications still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable walk-back.

Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.

Hear all this and more in episode 437 of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Paul Ducklin.

EPISODE LINKS:

Harrods suffers new data breach exposing 430,000 customer records - Bleeping Computer.
Caméras dissimulées : la CNIL sanctionne la Samaritaine - CNIL.
‘Total internet blackout’ in Afghanistan sparks panic after Taliban vowed to stamp out immoral activities - CNN.
ForcedLeak: AI Agent risks exposed in Salesforce AgentForce - Noma.
The Hack - itvX.
The Hack - YouTube.
The Rosetta Stone: The Story of the Decoding of Hieroglyphics - Amazon.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

The €600,000 gold heist, powered by ransomware

Wed, 24 Sep 2025 23:00:58 +0000

Ransomware doesn’t just freeze computers - it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, quietly stealing secrets.

But it’s not all doom and gloom - unless you count your kitchen appliances turning into ad billboards.

All this and more is discussed in episode 436 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Zoë Rose.

EPISODE LINKS:

SPONSORED BY:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Lights! Camera! Hacktion!

Wed, 17 Sep 2025 23:00:50 +0000

When "bad actors" stop being hackers and start being... actual actors.

This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake casting calls for a serious film. We unpack why positive lures can short-circuit scepticism just as effectively as fear.

Plus, the UK's ICO says students are increasingly hacking their own schools.

Meanwhile, Graham heads to 1960s Oxford with Endeavour, while Jenny investigates the Wirral’s mysterious "Catman".

All this, and more, in episode 435 of the "Smashing Security" podcast.

EPISODE LINKS:

Shai-Hulud Worm Compromises npm Ecosystem in Supply Chain Attack - Unit 42.
Jaguar Land Rover extends production shutdown after cyber-attack - The Guardian.
AI-Driven Deepfake Military ID Fraud Campaign by Kimsuky APT - Genians.
Israel says suspected Iranian hackers targeted actors in phishing attack - Iran International.
Iranian Educated Manticore Targets Leading Tech Academics - Check Point.
Children hacking their own schools for 'fun', watchdog warns - BBC News.
Endeavour - ITVx.
Crowds armed with torches hunt the “cat man” every night - Liverpool Echo.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off!
Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Whopper Hackers, and AI Whoppers

Wed, 10 Sep 2025 23:00:28 +0000

Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon.

Meanwhile, over in Silicon Valley, one AI wunderkind managed to turn a $7 million payday into a career-ending lawsuit by allegedly walking trade secrets straight out the door as he jumped ship for a rival.

All this and much more is discussed in episode 434 of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Lianne Potter. Hear them they chew over catastrophic fast-food security, insider threats with extra fries, and why even the biggest brains in AI can't stop themselves from doing something utterly stupid.

EPISODE LINKS:

We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance - Internet archive wayback machine.
DMCA notice - Bobdahacker.
xAI sues former engineer, alleging he stole trade secrets after being paid $7M - San Francisco Standard.
xAI vs Xuechen Li - Court documents.
Classic Reload.
Digger - Classic Reload.
Kingdom of Kroz - Classic Reload.
The Bad Movie Bible - YouTube.
Shark Attack 3: Megalodon - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORED BY:

Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.
Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

How hackers turned AI into their new henchman

Wed, 03 Sep 2025 23:00:38 +0000

Your AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator).

Meanwhile, new research from Anthropic reveals that hackers have already used AI agents to break into networks, steal passwords, sift through stolen data, and even write custom ransom notes. In other words, one hacker with an AI helper can work like an entire team of cybercriminals.

Plus: a joyous geek detour into keyboard history, and the most diabolically annoying, fully functional AI-generated CAPTCHA that you will love to inflict on your friends.

EPISODE LINKS:

LegalPwn: Abusing Legal Disclaimers to Trigger Prompt Injections - Pangea Labs.
LegalPwn: Tricking LLMs by burying badness in lawyerly fine print - The Register.
LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code - HackRead.
One long sentence is all it takes to make LLMs misbehave - The Register.
Londoners give up eldest children in public Wi-Fi security horror show - The Guardian.
Targeted social engineering is en vogue as ransom payment sizes increase - Coveware.
State of Malware 2025 - ThreatDown.
Cybercrime in the Age of AI - ThreatDown.
Threat Intelligence Report: August 2025 - Anthropic.
The Day Return Became Enter - Marcin Wichary.
Ethan Mollick’s terrible AI-generated CAPTCHAs - Twitter.
The very worst AI-generated CAPTCHA? - Claude.ai.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORED BY:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Oops! I auto-filled my password into a cookie banner

Wed, 27 Aug 2025 23:00:00 +0000

We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault.

Then we time-hop to the post-quantum scramble: "harvest-now, decrypt later", Microsoft's 2033 quantum-safe pledge, and whether your printer will survive the update apocalypse.

All this, plus a gloriously dodgy URL “shadyfier,” and turning the iconic iMac G4 into a modern media hub.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Thom Langford.

EPISODE LINKS:

DOM-based Extension Clickjacking: Your Password Manager Data at Risk - Marek Tóth.
Major password managers can leak logins in clickjacking attacks - Bleeping Computer.
Microsoft to Make All Products Quantum Safe by 2033 - Infosecurity Magazine.
Shady URL.
DockLite G4 - Juicy Crumb.
I perfected the iMac G4 - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

How to mine millions without paying the bill

Wed, 20 Aug 2025 23:00:00 +0000

In episode 431 of the "Smashing Security" podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills.

Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins.

And for something a little different, we peek into the Internet Archive’s dystopian Wayforward Machine and take a detour to Mary Shelley’s resting place in Bournemouth.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Allan "Ransomware Sommelier" Liska.

Episode links:

Crypto Influencer Sentenced to Prison for Multi-Million Dollar “Cryptojacking” Scheme - US Department of Justice.
Ransomware crews don't care about your endpoint security – they've already killed it - The Register.
Way Forward Machine - The Internet Archive.
Mary Shelley’s grave - Atlas Obscura.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Proton Drive - Protect your files with end-to-end encryption in Switzerland’s secure cloud — only on Proton Drive.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Poisoned Calendar invites, ChatGPT, and Bromide

Wed, 13 Aug 2025 23:00:00 +0000

A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Dave Bittner from The Cyberwire.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Invitation Is All You Need: Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite - SafeBreach.
Invitation attack curses - YouTube.
Invitation attack opens shutters - YouTube.
Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT - 404 Media.
Superman (2025) trailer - YouTube.
Billy Joel: And so it goes - HBO Max.
Billy Joel: And so it goes trailer - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Proton - Break free from Gmail. You should be able to choose what happens to your data. With Proton, only you can read your emails.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Replit panics, and the AI that will kill you

Wed, 06 Aug 2025 23:00:00 +0000

Those of you who tuned in to last week's episode (#428) will have heard the big news from my podcast pal Carole that she's decided to move on from her co-hosting duties on the show.

There have been some lovely messages of support sent through for Carole, and indeed for me too. Thank you very much to all of you - it's really heart-warming to hear how much the last 428 episodes have meant to you all, and how much you want the show to go on.

And so - as I said last week - it will carry on. Next week there will be a regular edition of "Smashing Security" with a special guest well known to all of you, and I plan to carry on as normal every week with guests after that...

This week though I felt like I needed to catch my breath, and take a break. But I didn't want to leave you without something to listen to...

So, here is a special edition of "Smashing Security" with a couple of clips from recent episodes of its sister show "The AI Fix", which I co-host with Mark Stockley.

If you enjoy "The AI Fix," please do follow it in your favourite podcast apps and tell your friends!

Until next week, cheerio bye bye.

Episode links:

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy

Red flags, leaked chats, and a final farewell

Wed, 30 Jul 2025 23:00:00 +0000

The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself - after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes.

Plus, Carole takes us down memory lane as she hangs up her co-host mic after 428 glorious episodes. Expect tea, tears, and Tom Lehrer.

All this is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Update regarding cybersecurity incident - Tea.
Hackers steal images from women's dating safety app that vets men - BBC News.
A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating - 404 Media.
American musical satirist Tom Lehrer dies at 97 - BBC News.
Tom Lehrer website.
Tom Lehrer sings The Elements, live in Copenhagen, 1967 - YouTube.
Tom Lehrer sings “New Math” (animated) - YouTube.
Carole’s Substack.
Libby - Library app.
Shokz UK.
Two Birds Yoga - YouTube.
Thermapen.
BBC Sounds.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

When 2G attacks, and a romantic road trip goes wrong

Wed, 23 Jul 2025 23:00:00 +0000

In this episode, Graham warns why it is high time we said goodbye to 2G - the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once.

Meanwhile, Carole unpacks a painfully awkward tale of amour fou, as a 76-year-old Belgian man drives 476 miles to meet his dream woman... only to be greeted by her very-much-still-husband at the gate.

Plus: Sky Arts painting competitions get a thumbs up, Mark Zuckerberg never loses at board games, and the scandalous Facebook memoir Meta tried to silence.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Teen arrested for 'smishing scam' using technology never before seen in New Zealand - RNZ.
Op Orca — smishing scam smashed - New Zealand police.
SMS blasting incidents are rising - Risky Bulletin.
Bangkok busts SMS Blaster sending 1 million scam texts from a van - Bleeping Computer.
Police warn of SMS scams as ‘blaster’ is used to send thousands of texts - The Guardian.
Reports of SMS Messages Sent by Fake Base Stations - Commsrisk.
Keeping your Android device safe from text message fraud - Google Security blog.
What is Paris syndrome? How culture shock can kill a trip - The Independent.
Belgian man crushed after driving nearly 500 miles to meet French model he believed was his 'future wife' - Fox News.
French is the language of love: myth, reality, and romance - ICLS.
Romance scam victim travels 700km 'to marry French beauty queen' - BBC News.
Un homme se présente chez moi pour être mon futur mari… - YouTube.
Sky Artist of the Year.
Careless People - The Guardian Bookshop.
Careless People: We read the book that Mark Zuckerberg doesn’t want you to read - Slate.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Choo Choo Choose to ignore the vulnerability

Wed, 16 Jul 2025 23:00:00 +0000

In episode 426 of the "Smashing Security" podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation.

Meanwhile, Carole investigates how Grok went berserk, which didn't stop the Department of Defense signing a contract with Elon’s AI chatbot. So who is responsible when your chatbot becomes a bigot?

Plus: Email headaches, SPF rage, and a glowing review for... Taskmaster SuperMax Plus?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Schoolboy hacks into city's tram system - The Telegraph.
Caboose - Wikipedia.
Neil Smith discusses his findings - Twitter thread.
End-of-Train and Head-of-Train Remote Linking Protocol - CISA.
The Cheap Radio Hack That Disrupted Poland’s Railway System - Wired.
Grok, Elon Musk’s AI Chatbot, Shares Antisemitic Posts on X - The New York Times.
X ordered its Grok chatbot to ‘tell like it is.’ Then the Nazi tirade began - Washington Post.
Hacker uses Elmo's X account to post antisemitic rant and demand release of Epstein files - ABC News.
Elon Musk Announces Sensuous Grok AI Companion - Mashable.
Grok Rolls Out Pornographic Anime Companion, Lands Department of Defense Contract - The Rolling Stone.
Learn DMARC.
TASKMASTER SUPERMAX+.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Call of Duty: From pew-pew to pwned

Wed, 09 Jul 2025 23:00:00 +0000

In episode 425 of "Smashing Security", Graham reveals how "Call of Duty: WWII" has been weaponised - allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microsoft’s Game Pass.

Meanwhile, Carole digs into a con targeting the recently incarcerated, with scammers impersonating bail bond agents to fleece desperate families.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Call of Duty: WWII trailer - YouTube.
Warning: Do NOT Play COD WWII on PC Gamepass - YouTube.
2017 Wichita swatting - Wikipedia.
Call of Duty: WW2 on PC Game Pass yanked offline amid reports security exploits are leaving players with screens full of smut - Eurogamer.
Common Bail Bond Scams and How to Avoid Them - US Attorneys.
Can I Check out Another Person's Criminal Record? - Nolo.
Belton Bail Bond Testimonials.
‘They know everything’: Families of inmates at Sumner County Jail targeted in bail scam - Nashville WKRN.
Latest scam targets NJ families of those who were recently arrested, demanding bail - New Jersey 1050.
John & Paul: A Love Story in Songs by Ian Leslie review – let it be the new gold standard in Beatles studies - The Guardian.
Introducing 'John & Paul: A Love Story In Songs' - Ian Leslie.
Charles Paris mysteries - BBC Radio 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Surveillance, spyware, and self-driving snafus

Wed, 02 Jul 2025 23:00:00 +0000

A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because "ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect.

Meanwhile, Carole checks the rear-view mirror on the driverless car industry. Whatever happened to those million Tesla robotaxis Elon Musk promised by 2020? Spoiler: they’re here — sort of — but they sometimes drive into oncoming traffic.

Plus: Leighton House, heatwave survival gadgets, and an unflushable toilet situation (not what you think).

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Mexican drug cartel hacker spied on FBI official’s phone to track and kill informants, report says - TechCrunch.
Audit of the Federal Bureau of Investigation's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - US Department of Justice Office of the Inspector General.
Tesla driver tells police he was using 'self-drive' system when his car hit a parked police vehicle - AP News.
‘Lidar is lame’: why Elon Musk’s vision for a self-driving Tesla taxi faltered - The Guardian.
Tesla invited influencers to test its robotaxi. Here's what they had to say - USA Today Europe.
Elon Musk Hails 'Successful' Tesla Robotaxis Launch in Austin Amid Reported Glitches - eWEEK.
A Fatal Tesla Crash Shows the Limits of Full Self-Driving - Bloomberg.
The Arab Hall at Leighton House.
Spandau Ballet’s “Gold” - shot at Leighton House!
Shark FlexBreeze Fan With InstaCool Mist Attachment - Shark.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Operation Endgame, deepfakes, and dead slugs

Wed, 25 Jun 2025 23:00:00 +0000

In this episode, Graham unravels Operation Endgame - the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram.

Meanwhile, Carole exposes the AI-generated remote hiring threat. Could your next coworker be a North Korean hacker with a perfect LinkedIn?

And BBC cyber correspondent Joe Tidy joins us to talk about "Ctrl-Alt-Chaos", his new book diving into the murky world of teenage hackers, ransomware gangs, and the strange motivations that lie behind digital mayhem.

Plus: competitive pond husbandry, dead slugs, Hitster the board game, and a shoutout to the AI startup that hijacked Graham's SEO.

All this and more is discussed in episode 423 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault - it's like a cauldron of life... but for cybersecurity.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Operation Endgame.
Ctrl+Alt+Chaos.
Lizard Squad Member: Why I Took Down Xbox and PlayStation - YouTube.
Reckoning With the Rise of Deepfakes - The Regulatory Review.
Deepfake interviews: Navigating the growing AI threat in recruitment and organizational security - Fast Company.
Why Your Hiring Process is Now a Cybersecurity Vulnerability - Pindrop.
Best Practices for Defeating Deepfake Candidate Fraud - Dice Hiring.
Phanpy - A minimalistic opinionated Mastodon web client.
How to make a mini pond - Gardener’s World.
Hitster board game.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Flare- Uncover the latest threats across the dark web and Telegram. Start your free trial today.
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The curious case of the code copier

Wed, 18 Jun 2025 23:00:00 +0000

A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment, and somehow walks free... only to get booted back Down Under.

Plus: flow states, Bob Mortimer, and the joys of pretending to carry an owl around on a cushion.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The Cheltenham Doughnut - Wikipedia.
Summer placements - GCHQ.
Spy school dropout: GCHQ intern jailed for swiping classified data - The Register.
Former GCHQ intern jailed for taking top secret files home - Crown Prosecution Service.
United States government says it will deport Australian hacker David Kee Crees - ABC News.
Australian national known as “DR32” sentenced in U.S. federal court – DataBreaches.
ICE takes steps to deport the Australian hacker known as “DR32” – DataBreaches.
Aussie Travel Cover has hundreds of thousands of records stolen in hacking, policy holders not informed - ABC News.
Australian cybercriminal to be deported from US - Information Age.
Government sites hit by Aussie Travel Cover hacker - ZDNET.
Abdilo, Australia-based computer hacker, live streams attack on US education sites - ABC News.
Bob Mortimer's Pet Owl - YouTube.
And Away… by Bob Mortimer - Simon & Schuster.
Flow by Mihaly Csikszentmihaly - HarperCollins.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Toothpick flirts, Google leaks, and ICE ICE scammers

Wed, 11 Jun 2025 23:00:00 +0000

What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the "Smashing Security" podcast obviously.

Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force your full phone number. Meanwhile, Carole dives into a chilling scam where ICE impersonators used fear, spoofed numbers, and... Apple gift cards to extort terrified migrants.

Plus: Nazis, door safety, and the age-old struggle of telling Ralph Fiennes from Liam Neeson.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Bruteforcing the phone number of any Google user - Brutecat.
Leaking the phone number of any Google user - YouTube.
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account - The Hacker News.
Google fixes flaw that could unmask YouTube users' email addresses - Bleeping Computer.
ICE Scammers Are On The Rise: What To Do - Newsweek.
Student visa holder tricked by fake ICE agent scam, loses thousands - Newsweek.
Conspiracy - IMDB.
Schindler’s List - IMDB.
Dutch Reach car door opening method - The AA.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Fake Susies, flawed systems, and fruity fixes for anxiety

Wed, 04 Jun 2025 23:00:00 +0000

A bizarre case of political impersonation, where Trump’s top aide Susie Wiles is cloned (digitally, not biologically — we think), and high-ranking Republicans start getting invitations to link up with "her" on Telegram to share their Trump pardon wishlists. Was it a deepfake? Or just someone with a halfway decent impression and access to a shady data broker?

Meanwhile, we take a worryingly familiar journey into the mental health crisis in the UK — and how TikTok is stepping in with advice like “eat an orange in the shower” to cure your anxiety. Spoiler: it won’t. But it might make your bathroom smell nice.

Plus: a nostalgic tech support tale involving a CRT monitor, a wooden door, and an unexpected shade of brown.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Federal Authorities Probe Effort to Impersonate White House Chief of Staff - Wall Street Journal.
FBI probes effort to impersonate White House chief of staff Susie Wiles, sources say - CBS News.
The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.
The Trump campaign is still being hacked - Popular Information.
The Big Mental Health Report - Mind.
Mental Health Pressures - British Medical Association.
More than half of top 100 mental health TikToks contain misinformation, study finds - The Guardian.
‘They thought they were doing good but it made people worse’: why mental health apps are under scrutiny - The Guardian.
How to find therapy or counselling - Mind.
Carole in the shower with an orange? - Twitter.
Matter - modern read-later app for iPhone, iPad, and web.
Techie fixed a ‘brown monitor’ by closing a door - The Register.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

MetaCompliance - MetaCompliance's Security Awareness Planner is your free 12-month roadmap to reduce risk and build a culture of cyber awareness.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Harmonic - Let your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. Harmonic Security gives you full control and stops leaks so your teams can innovate confidently.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Star Wars, the CIA, and a WhatsApp malware mirage

Wed, 28 May 2025 23:00:00 +0000

Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world's hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it just a load of hacker hokum?

All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Allan Liska.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

How I found a Star Wars website made by the CIA - Ciro Santilli on YouTube.
How the CIA failed Iranian informants in its secret war with Tehran - Reuters.
Isis and al-Qaeda sending coded messages through eBay, pornography and Reddit - Independent.
Games Without Frontiers: Investigating Video Games as a Covert Channel - IEEE.
General David Petraeus used clever Gmail trick during affair - Network World.
Cambodia is home to world’s most powerful criminal network: report - SCMP.
How to protect yourself from suspicious messages and scams- WhatsApp.
Is WhatsApp Safe? Tips for Staying Secure - WhatsApp.
Hacked on WhatsApp – how to stay safe when using the messaging app - BBC.
Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp - The Hacker News.
Kon-Tiki: The Epic Raft Journey Across the Pacific - YouTube.
Still Standing with Jonny Harris - CBC.
Niki de Saint Phalle & Jean Tinguely - Myths & Machines - Hauser & Wirth.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
1Password Extended Access Management– Secure every sign-in for every app on every device.
MetaCompliance - MetaCompliance's Security Awareness Planner is your free 12-month roadmap to reduce risk and build a culture of cyber awareness.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Grid failures, Instagram scams, and Legal Aid leaks

Wed, 21 May 2025 23:00:00 +0000

In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society's most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account - and how a parental control accidentally saved the day.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Dinah Davis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

418 - I’m a teapot - MDN Web Docs.
2025 Iberian Peninsula blackout - Wikipedia.
What could have caused the major power outage in Spain and Portugal? Experts weigh in - Euro News.
Spain investigates cyber weaknesses in blackout probe - Financial Times.
Report on Working Conditions at INCIBE, the company Investigating the blackout - El Cierre Digital.
My Teen's Instagram Account was Hacked - Dinah Davis.
We Got Her Account Back, Here’s What the Forensics Revealed - Dinah Davis.
'Significant amount' of private data stolen in Legal Aid hack - BBC News.
Civil legal aid: millions still without access to justice - The Law Society.
Civil representation - Legal aid data - GOV.UK.
Legal aid statistics England and Wales bulletin Oct to Dec 2024 - GOV.UK.
Funding for justice down 22% since 2010 - Bar Council.
The Assembly - ITV.
The Assembly review – this celebrity interview show is going to be massive - The Guardian.
The Assembly: Inside the most groundbreaking TV show of the year - The Independent.
David Tennant gets emotional from neurodivergent musicians - YouTube.
OceanMan.
All the Colours of the Dark by Chris Whitaker - Orion Books.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
1Password Extended Access Management – Secure every sign-in for every app on every device.
MetaCompliance - MetaCompliance's Security Awareness Planner is your free 12-month roadmap to reduce risk and build a culture of cyber awareness.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hello, Pervert! - Sextortion scams and Discord disasters

Wed, 14 May 2025 23:00:00 +0000

Don't get duped, doxxed, or drained! In this episode of "Smashing Security" we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger's Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus! Don't miss our featured interview with Drata's Matt Hillary.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Ledger secures Discord after hacker bot tried to steal seed phrases - CoinTelegraph.
Binance Founder CZ Warns: Ledger Discord Hack Targets Recovery Phrases - CoinPedia.
Ledger confirms physical scam letters requesting seed phrase in fake security upgrade - The Block.
Physical addresses of 270K Ledger owners leaked on hacker forum - Bleeping Computer.
Criminals are mailing altered Ledger devices to steal cryptocurrency - Bleeping Computer.
New Hello Pervert Email Attack Warning — ‘I Know Where You Live’ - Forbes.
‘Hello pervert’: the sextortion scam claiming to have videoed you - The Guardian.
"Hello Pervert" Email Is A Total Scam - What You Need To Know - Malware Tips.
Scam email sent from my own email address - Microsoft Community.
Thunderbolts* review: 'The greatest Marvel offering in years' - BBC.
Limelight, Exemplar - BBC Radio 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

High street hacks, and Disney's Wingdings woe

Wed, 07 May 2025 23:00:00 +0000

Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of "Malware or metal?", and we wonder just happens when you have sex on top of a piano?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus! Don't miss our featured interview with Jon Cho of Dashlane.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Why is the M&S cyber attack chaos taking so long to resolve? - BBC News.
M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos' - Sky News.
Hackers target the Co-op as police probe M&S cyber attack - BBC News.
Harrods latest retailer to be hit by cyber attack - BBC News.
Alleged ‘Scattered Spider’ Member Extradited to US - Krebs on Security.
British 'ringleader' of hacking group 'behind M&S cyber attack' fled his home after 'masked thugs burst in and threatened him with blowtorches' - Daily Mail.
Incidents impacting retailers – recommendations - NCSC.
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus - The Register.
United States of America V Michael Sheuer - Plea Agreement - US District Court PDF.
The Tall Guy - IMDB.
At 99, David Attenborough shares strongest message for the ocean - Oceanographic magazine.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hacking hijinks at the hospital, and WASPI scams

Wed, 30 Apr 2025 23:00:00 +0000

He's not a pop star, but Jeffrey Bowie is alleged to have toured staff areas of a hospital in Oklahoma, hunting for computers he could install spyware on. We dive into the bizarre case of the man accused of hacking medical networks and then sharing how he did it on LinkedIn.

Plus! Move over Nigerian princes — the WASPI scams are here. Fraudsters are now targeting UK women born in the 1950s, exploiting pension injustice for phishing gain.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Cybersecurity Firm CEO Charged with Installing Malware on a Hospital Computer - HIPAA Journal.
Edmond cybersecurity CEO accused in major hack at hospital - YouTube.
Jeffrey Bowie’s post on LinkedIn - Wayback Machine.
Martin Lewis issues scam warning as fraudsters use him to target WASPI women - Metro News.
‘Waspi’ women warned over fake compensation websites - The Guardian.
WASPI campaigners warn of "dangerous" spike in fake compensation scams - Financial Reporter.
National Trust.
Wallet Creator - iOS App Store.
DIY Dubai chocolate: Ravneet Gill’s recipe for crunchy pistachio chocolate - The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
1Password Extended Access Management – Secure every sign-in for every app on every device.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Zoom.. just one click and your data goes boom!

Wed, 23 Apr 2025 23:00:00 +0000

Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his life.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Elusive Comet advisory - Security Alliance.
Mitigating Elusive Comet Zoom remote control attacks - Trail of Bits.
Aureon Capital: The Fake VCs who Almost Hacked Me - David Z Morris.
Requesting or giving Remote Control - Zoom knowledgebase article.
Has Bryan Johnson’s anti-aging experiment backfired? Biohacker spending $2 million-a-year admits to a costly misstep - Economic Times.
How Blueprint Founder Bryan Johnson Sought Control Via Confidentiality Agreements - The New York Times.
Anti-aging mogul Bryan Johnson claims NY Times preparing ‘hit piece’ about alleged use of prostitutes, drugs - NY Post.
KOReader - document reader for E Ink devices.
Killing Thatcher: The IRA, the Manhunt and the Long War on the Crown - Bookshop.org.
The Urge - Our history of addiction by Carl Erik Fisher.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
1Password Extended Access Management – Secure every sign-in for every app on every device.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hacking the hackers... with a credit card?

Wed, 16 Apr 2025 23:00:00 +0000

A cybersecurity firm is buying access to underground crime forums to gather intelligence. Does that seem daft to you?

And over in Nigeria, even if romance scammers would like to update their LinkedIn profiles, just how easy is it to turn a new leaf after a sweet-talking career in cybercrime?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Sell your forum accounts - PRODAFT.
International Scammers Steal Over $1 Trillion in 12 Months in Global State of Scams Report 2024 - Gasa.org.
Why Nigeria's internet scammers are 'role models' - BBC News.
28-year-old fraudster surrenders to EFCC, confesses to romance scams - Punch Newspapers.
Black Box - BBC iPlayer.
Black Box trailer - YouTube.
Katherine Ryan Battleaxe Tour - LW Theatres.
Louis Theroux Interviews - Series 1: 5. Katherine Ryan - BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Signalgate sucks, and the quandary of quishing

Wed, 09 Apr 2025 23:00:00 +0000

QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider.

Plus! Don't miss our featured interview with Josh Donelson of Material and Tony Albano from Google, about detection and response in today's AI-driven world.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.
Here Are the Attack Plans That Trump’s Advisers Shared on Signal - The Atlantic.
How the Atlantic’s Jeffrey Goldberg got added to the White House Signal group chat - The Guardian.
From convenience to compromise: The rising threat of quishing scams - Fast Company.
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware - Hacker News.
QR Code Statistics 2024: Trends & Use Cases - QR Code.
Honey Garlic Scallop Kabobs - Heinz.
With QR Code Redemption Set to Surge to 5.3 Billion in 2025, Cybercriminals will Increase Their Quishing Attacks - Wealth & Finance International.
Chess Masters: The End Game - BBC iPlayer.
Cribbage Classic - iOS app store.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
1Password Extended Access Management – Secure every sign-in for every app on every device.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The fall of Troy, and whisky barrel scammers

Wed, 02 Apr 2025 23:00:00 +0000

Renowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details, and don't lose your life savings in a whisky scam...

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus! Don't miss our featured interview with Alastair Paterson, CEO and co-founder of Harmonic Security, discussing how companies can adopt Generative AI without putting their sensitive data at risk.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

A Sneaky Phish Just Grabbed my Mailchimp Mailing List - Troy Hunt.
Thunderbird breach notice.
Opération Cactus - Le Groupement d’Intérêt Public Action contre la Cybermalveillance.
Cancer patient lost life savings to whisky barrel scammers - BBC.
How to spot an investment scam - Saga Money.
More than £612 million was lost to investment fraud in the UK last year - City of London Police.
Adolescence - Netflix.
Behind the scenes of Adolescence - YouTube.
Thames Water: Inside the Crisis - BBC iPlayer.
Who let the BBC inside Thames Water? - The New Statesman.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Harmonic - Let your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. Harmonic Security gives you full control and stops leaks so your teams can innovate confidently.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Unleash the AI bot army against the scammers - now!

Wed, 26 Mar 2025 23:00:00 +0000

A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

O2’s AI granny Daisy unveils what she’s learnt from her time on the phone to scammers – and what you can do to ruin their day - O2.
Lenny - The Telemarketing Troll.
I Built a Bot Army that Scams Scammers - Kitboga on YouTube.
Takeaways From Our Money Laundering Investigation - The New York Times.
Infiltrating scammer networks with the world’s top fraud fighters - YouTube.
Open Street Map - Open Street Map.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
1Password Extended Access Management – Secure every sign-in for every app on every device.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Peeping perverts and FBI phone calls

Wed, 19 Mar 2025 23:00:00 +0000

In episode 409 of the "Smashing Security" podcast, we uncover the curious case of the Chinese cyber-attack on Littleton's Electric Light Company, and a California landlord's hidden camera scandal.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

This is the FBI, open up. China's Volt Typhoon is on your network - The Register.
Landlord recorded nude videos of woman tenant with cameras hidden in bedroom smoke detectors, lawsuit says - The Independent.
Landlord arrested after tenant discovers hidden camera in rented room - PBSO.
Hidden Cameras: What Travelers Need to Know - The New York Times.
Shakespeare insults t-shirt - Royal Shakespeare Company.
OAS Exhibitions - Oxford Art Society.
Carole’s “Rusty Sage” - Bluesky.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

A gag order backfires, and a snail mail ransom demand

Wed, 12 Mar 2025 23:00:00 +0000

What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps?

Find out about this, and more, in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

'We wanted to help': Students arrested after exposing FreeHour security flaw - Times of Malta.
Medusa ransomware gang demands $2M from UK private health services provider - DataBreaches.net.
Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach - DataBreaches.net.
HCRG Care’s lawyers claimed an injunction issued in a “private” hearing required us to remove two posts. We didn’t comply - DataBreaches.net.
Security firm leaves more than five billion records exposed on unsecured database - Graham Cluley.
After threatening me with legal action, Keepnet Labs finally issues statement over data breach - Graham Cluley.
Sophos apologises for going legal on school techies - The Register.
Mail Scam Targeting Corporate Executives Claims Ties to Ransomware - IC3.
One of the nastiest ransomware groups around may have a whole new way of doing things - TechRadar.
Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear - GuidePoint Security.
Severance - Apple TV+.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Palo Alto Networks - Get the 2025 Unit 42 Global Incident Response report to discover emerging threat trends, attacker tactics and expert recommendations to safeguard your business.
Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

HP's hold music, and human trafficking

Wed, 05 Mar 2025 23:00:00 +0000

Journey with us to Myanmar's shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company's mandatory hold time for tech support could lead to innocent users having their computers compromised.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus - don't miss our featured interview with Acronis CISO Gerald Beuchelt!

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

HP deliberately adds 15 minutes waiting time for telephone support calls - The Register.
HP mandated 15-minute wait time for callers - why that was good news for criminals - Bob Sullivan.
How vulnerable people are trafficked to fuel a global cyber scam industry - ABC News.
Hundreds of foreigners freed from Myanmar's scam centres - BBC News.
'I need help': Freed from Myanmar's scam centres, thousands are now stranded - BBC News.
Some foreigners pulled out of Myanmar scam centres face struggle to get home - Yahoo! News.
'Pig Butchering' Scam: How China's 'Broken Tooth' stole over $75 bn from global investors using crypto currencies - The Economic Times.
Scunthorpe problem - Wikipedia.
Scunthorpe Sans font.
Sociopath: A Memoir by Patric Gagne - Goodreads.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Acronis - Integrated cybersecurity, data protection and endpoint management built for MSPs.
Threat Vector - The podcast from Palo Alto Networks that gives you timely analysis of current security trends and challenges.
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

History's biggest heist just happened, and online abuse

Wed, 26 Feb 2025 23:00:00 +0000

We explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Incident Update: Unauthorized Activity Involving ETH Cold Wallet - Bybit.
Bybit Launches Recovery Bounty Program with Rewards up to 10% of Stolen Funds - Bybit.
ZachXBT links Bybit hack to Lazarus Group - Twitter.
Online Safety Act: explainer - GOV.UK
These Are The 10 Most Complained-About TV Moments In Ofcom's History - Ofcom.
Ofcom to push for better age verification, filters and 40 other checks in new online child safety code - TechCrunch.
UK’s internet watchdog toughens approach to deepfake porn - TechCrunch.
Girlguiding research exposes alarming online harms facing girls - Charity Today News.
Ofcom's approach to implementing the Online Safety Act - Ofcom.
Women's abuse online: 'I get trolled every second, every day' - BBC.
Amanda’s funniest moments in Motherland - YouTube.
Amandaland - BBC iPlayer.
Cassandra Sci-Fi Thriller limited series - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demo

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

A crypto con exchange, and soaring ticket scams

Wed, 19 Feb 2025 23:00:00 +0000

From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around the world.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

PLUS! Don't miss our featured interview with Cliff Crosland of Scanner.dev

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Russian National And Bitcoin Exchange Charged In 21-Count Indictment For Operating Alleged International Money Laundering Scheme And Allegedly Laundering Funds From Hack Of Mt. Gox - US Dept of Justice.
BTC-e Operator Pleads Guilty to Money Laundering Conspiracy - US Dept of Justice.
US releases Russian cybercriminal as part of exchange for teacher Marc Fogel - The Guardian.
Lloyds Bank issues urgent warning over Taylor Swift ticket scams - Lloyds.
Warning after more than 120k people queue for Black Sabbath Villa Park tickets as fans say 'scam' - Birmingham Live.
‘Don’t buy tickets for Beyoncé’ - Minister Gayton McKenzie warns South Africans of concert scam - Independent Online.
Beyonce Cowboy Carter tour fake tickets scam: Ticketmaster warns fans - USA Today.
Singapore ticket scam queen jailed for three years after conning 76 Taylor Swift fans of S$110,000 - Malaysia News.
Did Ozzy Osbourne really eat a bat? - Rock and Roll Garage.
How to stop hiccups - Graham Cluley.
The Telepathy Tapes podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demo
Harmonic - Stop data leaks, not innovation. Zero-touch data protection for the GenAI era.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Podcast not found

Wed, 12 Feb 2025 23:00:00 +0000

The story of how hackers managed to compromise the US Government's official SEC Twitter account to boost the price of Bitcoins, AI isn't helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware?

All this and more is discussed in episode 404 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Jane Wakefield.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

SEC's Twitter account hacked to say Bitcoin ETFs approved - Hot for Security.
Twitter says it’s not its fault the SEC’s account got hacked - Graham Cluley.
SEC Twitter hack blamed on SIM swap attack - Hot for Security.
The SEC’s X account got hacked by a 25-year-old who went by ‘AGiantSchnauzer’ and got paid in Bitcoin, feds say - Fortune.
Pupils share conspiracy theories for fun, with girls ‘more susceptible’ - The Times.
AI chatbots unable to accurately summarise news, BBC finds - BBC News.
US-led cybersecurity coalition vows to not pay hackers' ransom demands - TechCrunch.
35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments - Chain Analysis.
Ransomware: proposals to increase incident reporting and reduce payments to criminals - GOV.UK.
The 2024 Ransomware Landscape: ‘Looking back on another painful year’ - IT Wire.
The Space Doctor’s Big Idea by Randall Munroe - The New Yorker.
Reading guide: Creation Lake by Rachel Kushner - Booker Prizes.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.
Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demo

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Coinbase crypto heists, QR codes, and ransomware in the classroom

Wed, 05 Feb 2025 23:00:00 +0000

In episode 403 of "Smashing Security" we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham's DMs, Geoff gives a poor grade for PowerSchool's security, and Carole takes a curious look at QR codes.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

ZachXBT’s thread - Twitter.
Coinbase employee tells users not to use a VPN or ad blocker - Twitter.
What PowerSchool won’t say about its data breach affecting millions of students - TechCrunch.
QR code - Wikipedia.
Reed–Solomon error correction - Wikipedia.
Urgent warning over QR code scam tricking drivers out of £100s at popular car parks - Express.
Scam alert: QR code on an unexpected package - Consumer Advice
New Star Blizzard spear-phishing campaign targets WhatsApp accounts - Microsoft Security Blog.
What You Must Know Before Scanning a QR Code - AARP.
“More” - Niall Conlon.
“Money Men” by Dan McCrum - Penguin Books.
Bitter Orange Marmalade Recipe - Ballymaloe Cooking School.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
Cortex Symphony 2025 - Ready to transform your cybersecurity? Register now to see the future of security innovation with exclusive insights, demos, and stories from pros.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hackers get hacked, the British Museum IT shutdown, and social media kidnaps

Wed, 29 Jan 2025 23:00:00 +0000

What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee's actions led to chaos and raise urgent questions about the security of cultural treasures. And join us as we explore the alarming trend of social media influencers staging fake kidnappings.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated by Threat Actors and Disrupting Its Operations - CloudSEK.
British Museum forced to partly close after alleged IT attack by former employee - The Guardian.
Chart: What Do You Want to be When You Grow Up?- Statista.
Tikked off: What happens when TikTok fame fades - Vox.
Influencer burnout is real - Vox.
Influencer slammed for staging fake kidnapping plot because she was ‘bored’ - Mirror Online.
"Mom influencer" Katie Sorensen sentenced to jail for falsely claiming couple tried to kidnap her kids at a crafts store - CBS News.
Stock market influencer on the way to Coldplay concert kidnapped by data theft gang - The New Indian Express.
Raycast.
“Thank Goodness You’re Here” video game.
The We Society Podcast - Academy of Social Sciences.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hacks on the high seas, and how your home can be stolen under your nose

Wed, 22 Jan 2025 23:00:00 +0000

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.

All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Plus - don't miss our featured interview with Avery Pennarun of Tailscale.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Report from Corriere Di Bologna newspaper.
Caro Musk, assumi subito l’hacker quindicenne di Cesena – Il Foglio.
15-Year-Old Hacker Diverts Ships in Mediterranean Sea for Fun – Hot for Security.
90-year-old immigrant could lose Brooklyn home after deed theft scam, family says – CBS News.
Protect your home. Spot the signs of deed theft – Better Business Bureau.
Woman Charged for Scheme to Defraud Elvis Presley’s Family – DOJ.
Home Title Theft: How To Protect Yourself – Forbes Advisor.
Here’s How Scammers in America Can Take the Title to Your Home Without You Knowing It – Moneywise.
Could a Criminal Use Deed Fraud to Steal Your Entire Home? – AARP.
Could Fraudsters Steal Your Home From Under Your Nose? – HomeOwners Alliance.
Wizard Zines.
Listen for the Lie – Amazon.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hacker games, AI travel surveillance, and 25 years of IoT

Wed, 15 Jan 2025 23:00:00 +0000

The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games?

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Player of Games - Grimes.
‘Path of Exile 2’ Players Call Bulls**t on Elon Musk’s Video Game Stream - Gizmodo.
Elon Musk "Playing" Path of Exile 2 - YouTube.
Elon Musk is Lying About Being Good at Video Games - YouTube.
Elon Musk Streams His ”Totally Not Boosted” ‘Path of Exile 2’ Character, Proves He Has No Idea What He’s Doing - Vice.
Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters - 404 Media.
Inside the Black Box of Predictive Travel Surveillance - WIRED.
Average Number of Smart Devices in a Home 2025 - Consumer Affairs.
Global IoT and non-IoT connections 2010-2025 - Statista.
U.S. Cyber Trust Mark: New Label for IoT Devices - National Law Review.
How the Internet of Things will be good for the planet - Thales Group.
The ‘Worst in Show’ CES products put your data at risk and cause waste, privacy advocates say - AP News.
The CES worst in show awards lampoon AI everthing - The Register.
The Worst Devices of CES 2025!! - YouTube.
This Could Be Your AI Robot Girlfriend - For $175,000 - Forbes.
Pick of the week! archive - Smashing Security.
Elton John: Never too late - Disney Plus.
Apple News.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Honey in hot water, and reset your devices

Wed, 08 Jan 2025 23:00:00 +0000

Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.

Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Exposing the Honey Influencer Scam - MegaLag on YouTube.
The Honey Scam: Explained - Marques Brownlee on YouTube.
14 million people don’t know how to erase their data from an old device - ICO.
Electronics hoarding habit among Brits and Americans - SellCell.
Practical advice for online and electronic devices - ICO.
How to factory reset your Google Pixel phone - Google.
How to factory reset your iPhone, iPad, or iPod touch - Apple.
Reset your Android device to factory settings - Google.
Erase your Mac and reset it to factory settings - Apple.
Reset your PC - Microsoft.
How do I perform a factory reset on my Samsung mobile device? - Samsung.
Kagi search engine.
Battery Heated Clothing - Fieldsheer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Fake CAPTCHAs, Harmageddon, and Krispy Kreme

Wed, 18 Dec 2024 23:00:00 +0000

This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing a ransomware attack.

All this and more is discussed in the latest jam-packed edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of "The AI Fix" podcast.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

CAPTCHAs from hell - Reddit.
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising - Guardio.
AI Safety Clock Ticks Closer To ‘Midnight,’ Signifying Rising Risk - Forbes.
Krispy Kreme admits there's a hole in its security - The Register.
Nutritional and Allergen Information - Krispy Kreme.
&UDM=14.
Does one line fix Google? - Tedium.
ElevenLabs.
The GCHQ Christmas Challenge 2024 - GCHQ.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Snowflake hackers, and under the influence

Wed, 11 Dec 2024 23:00:00 +0000

A Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Accused Kitchener hacker unmasked after threatening woman online - The Waterloo Region Record.
Canadian Man Arrested in Snowflake Data Extortions - Krebs on Security.
Who wants to be next? - Bluesky post by Allison Nixon.
Crypto Trader Kills His Mum For £500k After Going Into Debt To Maintain 'Perfect Lifestyle' - IB Times.
Autopsy reveals injuries on body of Colleen Rebelo’s body after alleged murder - Australia News.
Influencer Marketing Statistics 2024 - Artios.
BLACKkKLANSMAN trailer - YouTube.
A Soft Murmur.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Dishy DDoS dramas, and mining our minds for data

Wed, 04 Dec 2024 23:00:00 +0000

A CEO is arrested for turning satellite receivers into DDoS attack weapons, and we journey into the world of bossware and "affective computing" and explore how AI is learning to read our emotions – is this the future of work, or a recipe for dystopia?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Korea arrests CEO for adding DDoS feature to satellite receivers - Bleeping Computer.
Data on our minds: affective computing at work - IFOW.
How Much Does 'Bossware' Really Curb Remote Work Slacking? - Inc.
MN8 – 2 Channel EEG Headphones - Emotiv.
Commercial EEG Headsets for Enterprises - Emotiv.
‘Bossware’ computer tracking devices harm workers’ wellbeing, says report - The Times.
Your Company’s Bossware Could Get You in Legal Trouble - 1Password.
The Abandoned, Apocalyptic Architecture of One Bold 1970s Retail Chain - Atlas Obscura.
Bankrupt - BEST Products Co. - YouTube.
Defunct BEST Products Store Architecture Documentary - YouTube.
Play Winning Cribbage - Amazon.
Cribbage Classic - iOS App Store.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Gym hacking, disappearing DNA, and a social lockout

Wed, 27 Nov 2024 23:00:00 +0000

A Kansas City man is accused of hacking into local businesses, not to steal money, but to... get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what's happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

KC Man Indicted for Computer Hacking - Department of Justice.
DNA testing company vanishes along with its customers’ genetic data - Malwarebytes.
DNA firm holding highly sensitive data 'vanishes' without warning - BBC News.
Australia proposes 'world-leading' ban on social media for children under 16 - Reuters.
The government has introduced laws for its social media ban. But key details are still missing - The Conversation.
Australia's under-16 social media age ban legislation excludes messaging apps - YouTube.
Australia’s plan to ban children from social media popular but problematic - PBS News.
Which Countries Are Considering Social Media Bans For Teens? - Newsweek.
Graham’s previous encounter with hobs with knobs - Smashing Security.
“The Day of the Jackal” trailer - YouTube.
"Anora” trailer - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Digital arrest scams and stream-jacking

Wed, 20 Nov 2024 23:00:00 +0000

In our latest episode we discuss how a woman hid under the bed after scammers told her she was under "digital arrest", how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

'You are under digital arrest': Inside a scam looting millions from Indians - BBC News.
Digital Arrest Scam: How You Can Stay Safe - YouTube.
Tamil Nadu Professor Placed Under Digital Arrest, Duped of Rs 10 Lakh - YouTube.
'Mann Ki Baat' episode 115 - India Prime Minister Narendra Modi.
“My YouTube Channel Got Deleted Last Night..” - Bitz on YouTube.
NCA shuts down major fraud platform responsible for 1.8 million scam calls - National Crime Agency.
O2 launches free anti-scam caller identification for millions of customers - O2.
AI Scambaiters: O2 creates AI Granny to waste scammers’ time - YouTube.
“StreamJacking” - Hijacking Hundreds of YouTube Channels Per Day Propagating Elon Musk Branded Crypto Giveaway Scams - Guardio.
Graham Cluley on Bluesky.
Maria Varmazis on Bluesky.
Dan Da Dan - Netflix.
Butter by Asako Yuzuki - Harper Collins.
'Butter' book review: Meditations on murders - The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Who needs a laptop to hack when you have a Firestick?

Wed, 13 Nov 2024 23:00:00 +0000

Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil's COVID vaccination data, his exploits were legendary. But his hacking spree took a bizarre turn when he was placed under police protection... in a Travelodge outside Oxford.

Plus Bengal cat lovers in Australia should be on their guard, as your furry feline friends might be leading you into a dangerous trap., and there's yet more headaches for troubled 23andMe.

All this and much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Plus don't miss our featured interview with Paul Fryer from BlackBerry.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

FBI issues warning as crooks ramp up emergency data request scams - The Register.
Optimistic father of LAPSUS$ hacking suspect says he’s going to try to stop him using computers - Graham Cluley.
LAPSUS$: GTA 6 hacker handed indefinite hospital order - BBC News.
This Teenage Hacker Became a Legend Attacking Companies. Then His Rivals Attacked Him - Wall Street Journal.
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign - Sophos.
Struggling DNA-testing site 23andMe to lay off 40% of its workers - BBC News.
Remember That DNA You Gave 23andMe? - The Atlantic.
Big Pharma Would Like Your DNA - The Atlantic.
Addressing Data Security Concerns - Action Plan - 23andMe Blog.
YTCH - YouTube-like cable TV.
Space: 1999 opening titles - YouTube.
Space: 1999 - Wikipedia.
Wicked movie: Mattel 'deeply regrets' porn site misprint on dolls - BBC News.
The Wicked Movie - Official Wicked Movie site.
Mattel's 'Wicked' Movie Dolls Mistakenly List Porn Site on Packaging - Variety.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, Bluesky, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Pasta spies and private eyes, and are you applying for a ghost job?

Wed, 06 Nov 2024 23:00:00 +0000

Mamma Mia! A major hacking scandal in Italy has expanded to include alleged involvement from Israel and the Vatican, and just why are companies advertising jobs that don't exist?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Massive hack-for-hire scandal rocks Italian political elites - Politico.
Dossieraggi, i contatti con il Mossad e i dati passati al Vaticano. “Aiutiamo la Chiesa contro la Russia o no?” - La Repubblica.
That position you just applied for might be a 'ghost job' that'll never be filled - The Register.
Ghost jobs: why do 40% of companies advertise positions that don’t exist? - The Guardian.
Job boards are still rife with 'ghost jobs'. What's the point? - BBC.
How To Spot Ghost Jobs And Make Your Job Search More Efficient - Forbes.
What Are Ghost Jobs and How Can You Avoid Them? - Tech.co
That job you applied for might not exist. Here's what's behind a boom in "ghost jobs." - CBS News.
The Coming Storm - BBC Radio 4.
Things fell apart - BBC Sounds.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Flashpoint - Access the industry’s best threat data and intelligence.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The secret Strava service, deepfakes, and crocodiles

Wed, 30 Oct 2024 23:00:00 +0000

In this week's episode your hosts practice standing on one leg, Carole gives Graham a deepfake quiz, and we investigate how Strava may be exposing the movements of world leaders.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Smashing Security #063: Carole’s back.
Privacy of fitness tracking apps in the spotlight after soldiers' exercise routes shared online - We Live Security.
Smashing Security #330: Deepfake Martin Lewis, and a deadly jog in the park.
How Emmanuel Macron can be tracked - Le Monde.
How Emmanuel Macron can be tracked - YouTube.
The Pentagon Wants to Use AI to Create Deepfake Internet Users - Intercept.
Is AI eroding democracy ahead of the US election? - BBC News.
Fooled twice: People cannot detect deepfakes but think they can - PMC.
Detect Fakes - Kellogg Northwestern.
DON'T LET AI STEAL YOUR VOTE! - YouTube.
Deepfakes fool more than half of Americans, UVU study shows - KLS News radio.
Crocodiles Of The World.
Here's How Long You Should Be Able To Stand On 1 Leg By Age - Huffington Post.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

When security firms get hacked, and your new North Korean remote worker

Wed, 23 Oct 2024 23:00:00 +0000

The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired... but what's their plan?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

SolarWinds Sunburst supply chain attack - Wikipedia.
Rep. Katie Porter slams SolarWinds for its poor passwords - Twitter.
SEC Charges Four Companies With Misleading Cyber Disclosures - SEC.
Western firm hacked by North Korean cybercriminal hired as remote IT worker - Computing.
Engaging with a Remote Workforce: Statistics and Strategies for Success - Government Events.
67% Of U.S. Employers To Lose Employees To Remote Work In 2024 - Forbes.
A company's remote-working hire turns out to be in North Korea. He tried to hold it to ransom - Business Insider.
US company accidentally hires North Korean for remote work, gets blackmailed when they try to fire him - IBTimes.
Watch “Undercover: Exposing the Far Right” - Channel 4.
Undercover film exposing UK far-right activists pulled from London festival - The Guardian.
Kermode and Mayo’s Take - YouTube.
The Fear of God: 25 Years of the Exorcist – BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

WordPress vs WP Engine, and the Internet Archive is down

Wed, 16 Oct 2024 23:00:00 +0000

WordPress's emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

WP Engine is not WordPress - WordPress.
Secure Custom Fields - WordPress.
Tweet from Advanced Custom Fields.
Advisory: Advanced Custom Fields changes - Tim Nash.
WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly - The Register.
Internet Archive hacked, data breach impacts 31 million users - Bleeping Computer.
The Internet Archive is still down but will return in ‘days, not weeks’ - The Verge.
Dimsdale podcasts - OTR radio drama comedy and more.
Jeff Goldblum’s furiously fun Greek gods drama is a masterpiece - The Guardian.
KAOS - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Flashpoint - Access the industry’s best threat data and intelligence.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Vacuum cleaner voyeur, and pepperoni pact blocks payout

Wed, 09 Oct 2024 23:00:00 +0000

Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

We hacked a robot vacuum — and could watch live through its camera - ABC News.
Their Uber Driver Crashed. A Pizza Order Unraveled Their Injury Lawsuit - NY Times.
A court blocks a couple from suing Uber over a crash, citing terms and conditions - NPR.
Taken for a Ride: Parents Can't Sue Uber Over Crash After Daughter's Uber Eats Order - Law.inc
New Jersey Court Bars Uber Crash Victims from Lawsuit, Citing App Agreement - The Legal Journal.
Couple Seriously Injured in Uber Crash Blocked From Court by Uber Eats Terms - The Insurance Journal.
Disney axes bid to stop wrongful death lawsuit over Disney+ terms - BBC.
Sherwood - BBC iPlayer.
Chocolate Guinness Cake - Nigella.
The Best Banana Cake I've Ever Had - Sally's Baking Addiction.
My Favorite Carrot Cake Recipe - Sally's Baking Addiction.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

SentinelOne - secure and protect every aspect of your cloud in real-time.
1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Breaches in your genes, and Kaspersky switcheroo raises a red flag

Wed, 02 Oct 2024 23:00:00 +0000

From family tree to jail cell? A hacker is alleged to have exploited information on genealogy websites to steal millions from public companies. Meanwhile, Kaspersky's US customers are wondering - what on earth is UltraAV?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

U.K. National Charged with Multimillion-Dollar Hack-to-Trade Fraud Scheme - US Department of Justice.
Sophos punts anti-virus for Klingons - The Register.
Designating Kaspersky Lab Leadership in Response to Continued Cybersecurity Risks - US Department of Treasury.
Kaspersky says Uncle Sam snubbed its verification proposal - The Register.
Use Kaspersky Antivirus Software? You'll Be Migrated to Pango's UltraAV - PC Mag.
Kaspersky software replaced by 'UltraAV' on some US PCs - The Register.
Need Instructions on Refunds for those who bought multi-year subscriptions - Kaspersky.
US bans Kaspersky antivirus software for alleged Russian links - BBC News.
Who gave you permission to put UltraAV on my computer? - Kaspersky Total Security.
MusicBrainz Picard - Cross-platform music tagger powered by the MusicBrainz database.
100 Chefs Will Slice Through the Competition in Culinary Class Wars - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

SentinelOne - secure and protect every aspect of your cloud in real-time.
1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The $230 million crypto handbag heist, and misinformation on social media

Wed, 25 Sep 2024 23:00:00 +0000

Two men are accused of stealing almost a quarter of a billion dollars from one person's cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments...

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

ZachXBT’s thread on Twitter.
Indictment Charges Two in $230 Million Cryptocurrency Scam - Department of Justice.
Two men arrested one month after $230 million of cryptocurrency stolen from a single victim - Bitdefender.
Skylar Harrison tells her handbag story - TikTok.
Social media’s role in fueling extremism and misinformation in a divided political climate - PBS News.
Misinformation on social media - statistics & facts - Pew Research.
Social Media and News Fact Sheet, 2024 - Pew Research Center.
"Hyperactive" by Lasse Gjertsen - YouTube.
Cribbage JD - Play Online - Cardsjd.
Paddlers Cribbage - L.L. Bean.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

SentinelOne - secure and protect every aspect of your cloud in real-time.
1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

TFL security derailed, and is Trump the king of crypto?

Wed, 18 Sep 2024 23:00:00 +0000

Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities verified... in-person. Who might have been behind the attack and why? Meanwhile, Donald Trump's curious relationship with cryptocurrency is explored.

All this and Demi Moore is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

(This episode was recorded before the former US President survived a second assassination attempt)

Episode links:

TFL cybersecurity incident announcement.
TFL Employee Hub.
DICK'S shuts down email, locks employee accounts after cyberattack - Bleeping Computer.
MGM Resorts shuts down IT systems and slot machines go quiet following "cybersecurity incident" - Hot for Security.
Teenage suspect in MGM Resorts hack arrested in Britain - The Record.
Arrest made in NCA investigation into Transport for London cyber attack - NCA.
Donald Trump Prepares to Unveil World Liberty Financial, a Cryptocurrency Business - The New York Times.
Behind the Trump Crypto Project Is a Self-Described ‘Dirtbag of the Internet’ - Bloomberg.
Cryptocurrency price on July 22: Bitcoin hits $68,000 level, Dogecoin, Avalanche surge up to 11% - The Economic Times.
Trump vows to make US ‘world capital of crypto,’ taps Musk for new task force - CoinTelegraph.
What bankers need to know about Trump's World Liberty Financial - Yahoo! Finance.
Bitcoin soars to two-week high after Trump attack - Reuters.
Trump pitches himself as 'crypto president' at San Francisco tech fundraiser - Reuters.
Aave fork on Blast mistakenly liquidated $26m - Crypto news.
Crypto Talk With Chase Hero - Ep.7 (The Watchers) - YouTube.
Tamdrum.
”Inside Out” by Demi Moore - HarperCollins.
THE SUBSTANCE trailer - YouTube.
Demi's Big Moment - Vanity Fair.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Flashpoint - Access the industry’s best threat data and intelligence.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

A room with a view, AI music shenanigans, and a cocaine bear

Wed, 11 Sep 2024 23:00:00 +0000

It's a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Ukrainian detained for allegedly installing CCTV cameras to aid Russian attacks - The Record.
Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine - The Record.
Christo and Jeanne-Claude art projects.
North Carolina Musician Charged With Music Streaming Fraud Aided By Artificial Intelligence - United States Department of Justice.
Man Arrested for Creating Fake Bands With AI, Then Making $10 Million by Listening to Their Songs With Bots - The Futurist.
Kobo Clara BW ereader - Kobo.
Cocaine Bear: Why? - The Atlantic.
Cocaine Bear Official trailer - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The Godfather club, and AirTags to the rescue

Wed, 04 Sep 2024 23:00:00 +0000

There's a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief.

Plus - don't miss our featured interview with Maya Levine of Sysdig.

All this, and a very bad Cockney accent, in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Mail Theft Suspect Apprehended Using AirTag - Santa Barbara County Sheriff’s Office.
Google and Apple deliver support for unwanted tracking alerts in Android and iOS - Google Security blog.
Apple and Google deliver support for unwanted tracking alerts in iOS and Android - Apple.
Barclays Scams Bulletin: Men more likely to fall victim to romance scams, while women lose more money - Barclays.
3 men trapped by same woman: Journalist on modus operandi of dating app scams - India Today.
Mumbai club under fire for 'dating scam' after man gets Rs 61,000 bill - India News.
Romance scams in 2024 + online dating statistics - Norton.
Tips for romance scams - Better Business Bureau.
What to know about romance scams - Consumer Advice.
The Godfather club dating app scam in Mumbai - YouTube.
What accent does Butcher have in ‘The Boys’? - NME.
Shokz bone conduction headphones - Shokz.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management - Secure every sign-in for every app on every device.
Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.
Material Security – email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Smashing Security presents The AI Fix: An AI cookery dumpster fire, the ARC prize, and a creepy new AI friend

Mon, 05 Aug 2024 23:00:00 +0000

While "Smashing Security" is on its summer holiday, here's a chance to listen to an episode of its sister show - "The AI Fix".

In episode ten of The AI Fix, Graham attempts to say "quinoa", Mark draws a line in the amper-sand, ChatGPT becomes an expert in solar panels and bomb disposal, and our hosts watch a terrifying trailer for a creepy new AI friend.

Graham discovers that the world of AI cookery is a soggy, limey mess, and learns an unusual trick for making a great mojito, while Mark pits his co-host against the cleverest AI brains in the world.

Episode links:

The AI Fix

The AI Fix podcast is presented by Graham Cluley and Mark Stockley.

Learn more about the podcast at theaifix.show, and follow us on Twitter at @TheAIFix.

Never miss another episode by following us in your favourite podcast app. It's free!

Like to give us some feedback or sponsor the podcast? Get in touch.

Privacy & Opt-Out: https://redcircle.com/privacy

CrowdStrike, Dark Wire, and the Paris Olympics

Wed, 24 Jul 2024 23:00:00 +0000

Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app!

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault, joined this week by cybersecurity journalist and the author of “Dark Wire”, Joseph Cox.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

How a single IT update caused global havoc - BBC News.
Anti-Virus Software Sees Self as Malware, Deletes Itself - NBC News report about Sophos snafu in 2012.
Tweet about CrowdStrike outage by Kaspersky - Twitter.
“Dark Wire” by Joseph Cox.
Inside the Biggest FBI Sting Operation in History - WIRED.
Trump shooter's online activity shows searches of rally site, use of encrypted platforms, officials say - CBS News.
Mass Surveillance - Privacy International.
338 sites internet frauduleux de revente de billets recensés à quelques semaines du début de la compétition - France Info.
From wiretapping to geolocation data collection: AI mass surveillance for the Paris Olympics draws privacy concerns - Fast Company.
Heading to the Paris Olympics? Don't Fall for These Scams - PC Mag.
AI mass surveillance at Paris Olympics – a legal scholar on the security boon and privacy nightmare - Scientific American.
AI mass surveillance at Paris Olympics – a legal scholar on the security boon and privacy nightmare - The Conversation.
Paris 2024: Medal table predictions, facts, opening day schedule and records that could be broken - Euronews.
Paris Olympics 2024: Your ultimate guide - The Telegraph.
Breaking at the Olympic Qualifier Series - Official Olympics website.
White Rabbit museum, Barcelona.
White Rabbit - YouTube.
Microsoft Flight Simulator - XBOX.
Niceaunties.
Auntlantis by Niceaunties - YouTube.
The Weird and Wonderful Art of Niceaunties - TED.
"The AI Fix" - podcast with Graham Cluley and Mark Stockley.
"Sticky Pickles" - podcast with Carole Theriault and Maria Varmazis.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
mWISE – Don’t miss the cybersecurity conference built by practitioners, for practitioners. mWISE runs September 18 – 19 2024 in Denver.
Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Trump assassination conspiracies, Squarespace account hijacks, and the butt stops here

Wed, 17 Jul 2024 23:00:00 +0000

Social media fuels conspiracies galore after Donald Trump is shot at a rally, cryptocurrency websites are hijacked after a screw-up at Squarespace, and our guest takes a close look at bottoms on Instagram.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Killed by Google.
Squarespace Enters Definitive Agreement to Acquire Google Domains Assets - Squarespace.
A Squarespace Retrospective, or How to Coordinate an Industry-Wide Incident Response - Security Alliance.
Trump shooting: all seven conspiracy theories examined - The Telegraph.
Fact-checking the wild conspiracy theories related to the attempted Trump assassination - PBS News.
We fact-checked some of the rumors spreading online about the Trump assassination attempt - Reuters.
Minutes after Trump shooting, misinformation started flying. Here are the facts - AP News.
Joy Reid suggests Trump couldn't 'avoid the consequences' of his own rhetoric after assassination attempt - Fox News.
The Gunshots Rang Out. Then the Conspiracy Theories Erupted Online - New York Times.
Trump assassination attempt – News, Research and Analysis - The Conversation.
Douglas is Cancelled - ITV.
Douglas Is Cancelled review – you might hate this show for daring to exist - The Guardian.
Klappbollerwagen 'Cruiser' - PinoLino.
Videos for Cats to Watch - YouTube.
Cat TV for Cats to Watch - YouTube.
Entertainment for Cats - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
mWISE – Don’t miss the cybersecurity conference built by practitioners, for practitioners. mWISE runs September 18 – 19 2024 in Denver.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Teachers TikTok targeted, and fraud in the doctors’ waiting room

Wed, 10 Jul 2024 23:00:00 +0000

Execs at a health tech startup are sentenced to jail after a massive ad fraud, and a school is shaken after teachers are targeted via TikTok.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus don't miss our featured interview with Jason Meller of 1Password.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Outcome, a hot tech startup, misled advertisers with manipulated information, sources say - Wall Street Journal.
Three Former Executives Sentenced for $1B Corporate Fraud Scheme - US Department of Justice.
Graham dancing - TikTok.
Students Target Teachers in Group TikTok Attack, Shaking Their School - The New York Times.
“Thank you very much indeed”
Presumed Innocent — Official Trailer - Youtube.
Presumed Innocent - Apple TV+.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
mWISE - Don't miss the cybersecurity conference built by practitioners, for practitioners. mWISE runs September 18 – 19 2024 in Denver.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Private nights, evil twins, and crypto home invasions

Wed, 03 Jul 2024 23:00:00 +0000

Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new "The AI Fix" podcast (co-hosted with Graham!).

Talk about nepotism.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Hoos Out Tonight? Dundee medical student launches new app which reveals ‘hot’ pubs - The Courier.
‘It’s completely invasive’: New app lets you spy on SF bars to see if they’re poppin’ - San Francisco Standard.
Florida Man Convicted in Violent Crypto Theft Spree - Crypto Daily.
Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree - Wired.
Man charged over creation of ‘evil twin’ free WiFi networks to access personal data - Australian Federal Police.
Police allege 'evil twin' in-flight Wi-Fi used to steal info - The Register.
Australian charged for ‘Evil Twin’ WiFi attack on plane - Bleeping Computer.
Suno - make a song about anything.
The AI Fix podcast - hosted by Graham Cluley and Mark Stockley.
Putty Pals - Nintendo Switch.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Julian Assange, inside a DDoS attack, and deepfake traumas

Wed, 26 Jun 2024 23:00:00 +0000

Wikileaks's Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Eleanor Dallaway.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Julian Assange lands in Australia a free man - BBC News.
Smashing Security episode 245: The Julian Assange assassination plot, and IoT toilets.
Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks - Yahoo News.
Surprise! WikiLeaks won’t just hand over details of zero-day vulnerabilities to tech firms - Graham Cluley.
Tubthumping (Q3 2021 Issue) - Infosecurity Magazine.
Infosecurity Magazine suffering ‘significant’ DDoS attack - Cybernews.
Infosecurity Magazine is Back Online! - Infosecurity Magazine.
YouTube now lets you report AI deepfakes of yourself - MSN.
Two private schools face police probe over claims pupils used AI to 'create deepfake porn images of up to a dozen girls' - Daily Mail.
We're calling on the next government to protect women and girls from
image-based abuse - Glamour Magazine.
Deepfakes as a Security Issue: Why Gender Matters - WiisGlobal.
AI poses disproportionate risks to women - Brookings.
'Violating and dehumanising': How AI deepfakes are being used to target women - Euronews.
Snapshot Paper - Deepfakes and Audiovisual Disinformation - GOV.UK.
Government cracks down on ‘deepfakes’ creation - GOV.UK.
Je chie dans la seine.
Paris Olympics Poop Protest Postponed After French Officials Refuse To Swim In Sewage Water - Brobible.
'I’m not a cat': lawyer gets stuck on Zoom kitten filter during court case - YouTube.
Guy Goma: 'Greatest' case of mistaken identity on live TV ever? - BBC News on YouTube.
‘It’s just Bernie being Bernie’ — How a photo of Sanders wearing mittens at Inauguration Day went viral - CNBC News.
HiKeep Hand Exercise Balls - Amazon.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

An unhealthy data dump, railway surveillance, and a cheater sues Apple

Wed, 19 Jun 2024 23:00:00 +0000

There's a wee data breach with unhealthy implications in Scotland, privacy has gone off the rails in the UK, and a cheater blames Apple for his expensive divorce.

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter of the "Compromising Positions" podcast.

Plus don't miss our featured interview with Abhishek Agrawal, CEO of Material Security.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Cyber attacks update - NHS Dumfries & Galloway.
J Paul Getty - Wikipedia.
Cyber expert urges against 'panic' over NHS data leak - BBC News.
“Don’t panic” - Corporal Jones from Dad’s Army - YouTube.
All households in Scottish region to get alert about hackers publishing stolen medical data - The Record.
Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers - Wired.
Man ludicrously blames Apple for his wife catching him communicating with prostitutes - Apple Insider.
Businessman sues Apple after wife finds ‘deleted’ iPhone messages to prostitute - LBC.
‘Tech made me do it’ is no excuse for adultery - The Times.
Is it DNS?
“My name is Barbra” - Amazon.
”I'm Glad My Mom Died” by Jennette McCurdy - Simon & Schuster.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management – Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Material Security – email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

iOS 18 for cheaters, and a model cop extortionist?

Wed, 12 Jun 2024 23:00:00 +0000

Apple announces a new privacy feature in iOS that will allow you to hide and lock away your apps - but will it be philanderers who benefit the most? And an ex-police officer is arrested for extortion.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Graham’s video thanking people for voting for “Smashing Security” - Twitter.
iOS 18 makes iPhone more personal, capable, and intelligent than ever - Apple.
Apple's new iOS 18 feature is being called 'a cheater's paradise' - Daily Mail.
2 Accused In Internet Extortion Scheme Against Boss - Patch.
District Attorney: Ex-police officer turned model among duo arrested in Orange County - Westchester News.
Former N.Y. cop, internet model Ally Thueson arrested for extortion - NY Daily News.
Extortion - FindLaw.
Smile politely, nod awkwardly: greeting people you barely know - University Times.
How to pass people in hallway without awkwardness? - Reddit.
How Long Should a Great Kiss Last? - Psychology Today.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

1Password Extended Access Management - Secure every sign-in for every app on every device.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Crashing robo-taxis, and name-dropping rappers

Wed, 05 Jun 2024 23:00:00 +0000

Drones, some coloured cardboard, and a piece of tinfoil may be all the kit you need to crash a robot-driven taxi, and a rapper is accused of using Justin Bieber's name to defraud a TV company.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Riding Baidu's self-driving robo-taxi - YouTube.
Malicious Attacks against Multi-Sensor Fusion in Autonomous Driving - Research paper.
Researchers warn robot cars can be crashed with tinfoil and paint daubed on cardboard - The Register.
Gang of Hackers Tries to Steal Baidu’s Driverless Car Secrets - Bloomberg.
Rapper Sean Kingston agrees to return to Florida, where he and mother are charged with $1M in fraud - AP News.
Sean Kingston Extradited From California to Florida in Fraud and Theft Case - Entertainment Tonight.
Rapper Sean Kingston, his mother arrested on fraud charges after SWAT raid at his Southwest Ranches home - Sun Sentinel.
What is fraudulent use of personal identification information? - Pumphrey Law.
Google’s AI really is that stupid, feeds people answers from The Onion - AV Club.
Some of Google’s “best” AI search results - Twitter.
Google Rolls Back A.I. Search Feature After Flubs and Flaws - NY Times.
Sure, Google’s AI overviews could be useful – if you like eating rocks - The Guardian.
Citymapper.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Material - email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Microsoft’s Recall controversy, and the North Korean insider threat

Wed, 29 May 2024 23:00:00 +0000

Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and is your company hiring North Korean IT workers?

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Microsoft's new Windows 11 Recall is a privacy nightmare - Bleeping Computer.
Statement in response to Microsoft Recall feature - ICO.
Arizona woman charged in North Korean IT worker scheme that raised millions - CNN.
Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea - US Department of Justice.
New FTC Data Shed Light on Companies Most Frequently Impersonated by Scammers - FTC website.
Who’s who in scams: a spring roundup - FTC.
Udio.
Geoff's Labyrinth ext v2 - Graham’s AI song about Geoff White’s book “Rinsed”.
“Nuclear War” by Annie Jacobsen - Amazon.
The Patient - Disney+.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Kiteworks – Step into the future of secure managed file transfer with Kiteworks.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

iPhone undeleted photos, and stealing Scarlett Johansson’s voice

Wed, 22 May 2024 23:00:00 +0000

iPhone photos come back from the dead! Scarlett Johansson sounds upset about GPT-4o, and there's a cockup involving celebrity fakes.

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Anna Brading of Malwarebytes.

Plus! Don't miss our featured interview with Sandy Bird of Sonrai Security.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

When NASA Lost a Spacecraft Due to a Metric Math Mistake - Simscale.
The worst sales promotion in history - The Hustle.
Nonconsensual AI Porn Maker Accidentally Leaks His Customers' Emails - 404 Media.
UK's Ministry of Defence fined after Bcc email blinder that put the lives of Afghan citizens at risk - Hot for Security.
£200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder - Graham Cluley.
Apple's Photo Bug Exposes the Myth of 'Deleted' - Wired.
OpenAI Voice Scandal: Sky's Fall From Grace - YouTube.
How the voices for ChatGPT were chosen - OpenAI.
As AI becomes more human-like, experts warn users must think more critically about its responses - CBC News.
What We Lose When ChatGPT Sounds Like Scarlett Johansson - The New York Times.
Scarlett Johansson’s Statement About Her Interactions With Sam Altman - The New York Times.
Kin TV series - Wikipedia.
Portal connecting Dublin and New York 'reawakens' under new restrictions after 'inappropriate behaviour' - Sky News.
How to cook the perfect chicken rendang – recipe - The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Sonrai’s Cloud Permissions Firewall – A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The fake deepfake, and Estate insecurity

Wed, 15 May 2024 23:00:00 +0000

Remember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage daughter's cheerleading rivals kicked off the team? Well, there has been a surprising development. And learn how cybercriminals have been stealing boomers' one-time-passcodes via a secretive online service.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts - TechCrunch.
Cheerleader's mom created deepfake videos to allegedly harass her daughter's rivals - ABC News.
Bucks County mom doctored videos to harass girls on daughter's cheerleading sqaud, prosecutors say - Philly Voice.
Spone v. Reiss, Civil Action 23-0147 - Casetext.
Mother 'used deepfake to frame cheerleading rivals' - BBC News.
She was accused of faking an incriminating video of teenage cheerleaders. She was arrested, outcast and condemned. The problem? Nothing was fake after all - The Guardian.
Parkrun - Wikipedia.
Parkrun UK.
Oxfordshire Artweeks 2024 - Artweeks homepage.
Carole’s art website - carole.wtf
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Unmasking LockBitsupp, company extortion, and a Tinder fraudster

Wed, 08 May 2024 23:00:00 +0000

The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster stole £80,000 from women he met on Tinder.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company - US Department of Justice.
United States vs Vincent Cannady (PDF) - US Department of Justice.
LockBit leader unmasked and sanctioned - NCA.
Romance fraudster defrauded women of £80,000 - BBC News.
15 of the Most Trustworthy Accents in the UK Revealed - Country Living.
Omoton phone car mount - Omoton.
Stories are weapons by Annalee Newitz - WW Norton.
All the Beauty in the World: A Museum Guard's Adventures in Life, Loss and Art by Patrick Bringley - Penguin.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The closed loop conundrum, default passwords, and Baby Reindeer

Wed, 01 May 2024 23:00:00 +0000

The UK Government takes aim at IoT devices shipping with weak or default passwords, a man spends two years incarcerated after being mistaken for the person who stole his identity, and are you au fait with the latest scams?

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

New laws to protect consumers from cyber criminals come into force in the UK - UK Government.
Mirai - Wikipedia.
Identity theft victim wrongly locked up for 2 years is exonerated at last - Paul Ducklin.
Amount of fraud in UK more than doubled to £2.3bn in 2023, report finds - The Guardian.
5 scams you need to know about in 2024 - Which? News.
How fraudsters are getting fake articles onto Facebook - BBC News.
Five Scams To Beware In 2024 - Forbes Advisor UK.
Eerie ‘breathing’ mistake to listen out for exposes costly AI ‘audio deepfake' scam calls that take just seconds to make - The Sun.
How to spot fraud - UK Government.
Etymology Monday: David Crystal on the word ‘gaggle’ - Literary Minded.
Moon - Wikipedia.
Baby Reindeer - Netflix.
Why row over Baby Reindeer sleuths will change real-life drama for ever - The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Sonrai’s Cloud Permissions Firewall – A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Keeping the lights on after a ransomware attack

Wed, 24 Apr 2024 23:00:00 +0000

Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

When a breach goes from 25 documents to 1.3 terabytes… - Graham Cluley.
Leicester street lights stuck on all day due to cyber attack - Leicester Mercury.
Top AI researchers race to detect ‘deepfake’ videos: ‘We are outgunned - Washington Post.
AI deepfakes threaten to upend global elections. No one can stop them - Washington Post.
Models, dead netas, campaigning from jail: How AI is shaping Lok Sabha polls - India Today.
Why Elections Take So Long in India - The New York Times.
How A.I. Tools Could Change India’s Elections - The New York Times.
Bollywood deepfakes fuel AI election meddling fears in India - GG2.
World Explained: How India's politicians are using AI to reach voters in the world’s most populous country - The Scotsman.
12 Angry Men - Wikipedia.
VIA Rail.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Sonrai's Cloud Permissions Firewall - A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Gary Barlow, and a scam turns deadly

Wed, 17 Apr 2024 23:00:00 +0000

Take That's Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn - for both the person being scammed and an innocent participant - in Ohio.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Animal Crossing with Garry Kasparov - Smashing Security.
Gary Barlow - Wikipedia.
I was catfished by a fake Gary Barlow on Facebook - Daily Mail.
Video shows Clark County man charged with murder confront Uber driver - Springfield News.
Uber driver, 61, shot dead by Ohio man, 81, who was being targeted by scammers - Daily Mail.
Boxfit classes - Better.
Waschii - PocketSized SolarHeated Washjing Machine - Indiegogo.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

WhatsApp at Westminster, unhealthy AI, and Drew Barrymore

Wed, 10 Apr 2024 23:00:00 +0000

MPs aren't just getting excited about an upcoming election, but also the fruity WhatsApp messages they're receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff - Politico.
How I was targeted in the Westminster honeytrap - BBC News.
The Westminster honeytrap plotter tried to catch me too - The Times.
How Westminster WhatsApp ‘honey trapper’ targeted party conference season - Politico.
William Wragg quits Commons roles over Westminster honeytrap - BBC News.
A new prescription - The Economist.
Change Healthcare faces second ransomware dilemma weeks after ALPHV attack - The Register.
‘The Drew Barrymore Show’ Targeted by Fraudsters in Celebrity Scamming Effort - Yahoo! News.
‘Drew Barrymore Show' Targeted in Hacking, ID Fraud Scam by Imposter Who Posed as Producer and More - Variety.
Guy Fieri Calls Drew Barrymore “Gangster” For Talking With Her “Mouth Full Of Food” On ‘The Drew Barrymore Show’ - Decider.
Beware The Fake Drew Barrymore Le Creuset Cookware Giveaway Scam - Malware Tips.
Carmen - Royal Opera House.
Mandy - BBC iPlayer.
Anita de Monte Laughs Last - Bloomsbury.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Money-making bots, and Incognito isn’t private

Wed, 03 Apr 2024 23:00:00 +0000

Google says it is deleting your Google Chrome Incognito private-browsing data that it should never have collected anyway. Can a zero-risk millionaire-making bot be trusted? And what countries are banned from buying your sensitive data?

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Scammer Convinced Investors to Send Him $1.5 Million to Build Magic Money Making Bot - 404.
Biden Bans Rival Nations From Buying Sensitive US Data - Good Luck - Wired.
6 practical reasons to use Incognito mode in your browser - USA Today.
Brown v. Google LLC Settlement Agreement - DocumentCloud.
Google agrees to settle $5bn lawsuit claiming it secretly tracked users - The Guardian.
Chrome updates Incognito warning to admit Google tracks users in “private” mode - Ars Technica.
Google changes wording for Incognito browsing in Chrome - Malwarebytes.
The Incognito Mode Myth Has Fully Unraveled - Wired.
Google Agrees to Delete ‘Incognito’ Browsing Data to Settle Class-Action Lawsuit - TIME.
Amazon refuses to refund me £700 for iPhone 15 it didn’t deliver - Graham Cluley.
Concorde - Lego.
Cover song: samsung dryer no. 2 - YouTube.
Play Drums on Samsung Washing Machine Song - YouTube.
With samsung washing machine violinist - YouTube.
Samsung Washing Machine Song with Piano [Franz Schubert's "Die Forelle"] - YouTube.
Duet for harp and dryer - YouTube.
The Washing Machine Song - YouTube.
SAMSUNG Washing Machine collaboration - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hacking hotels, Google’s AI goof, and cyberflashing

Wed, 27 Mar 2024 23:00:00 +0000

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search pushes malware and scams.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Unsaflok - Security vulnerabilities in Saflok hotel locks.
3 million doors open to uninvited guests in keycard exploit - The Register.
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds - Wired.
Google's new AI search results promotes sites pushing malware, scams - Bleeping Computer.
Man who sent nude picture to teenage girl is jailed under new cyberflashing laws - The Independent.
Cyber-flashing convict is first to be jailed under new law - BBC News.
What to do if you’re a victim of cyber flashing and how to report it - Metro.
The first cyberflasher has been convicted: meet the woman who made it happen - Yahoo!
What is cyber flashing? 'Banter' – or a sinister breach of consent - UK News.
Love Island star sent unsolicited pictures online calls for tougher cyber laws - Bristol Live.
Secret Agent Shenanigans: 13 Weird Spy Weapons And Gadgets - Stay Weird.
Baldur’s Gate 3.
Merlin Bird ID - Conell Labs.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Bing pop-up wars, and the British Library ransomware scandal

Wed, 20 Mar 2024 23:00:00 +0000

There's a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Search engine market share - Oberlo.
A compilation of Bing ads - YouTube.
With Edge, Microsoft’s forced Windows updates just sank to a new low - The Verge.
Microsoft fixes Edge browser bug that was stealing Chrome tabs and data - The Verge.
Is this Microsoft Bing Popup Malware? - Reddit.
Microsoft confirms Bing pop-up ads in Chrome on Windows 11 & Windows 10 - Windows Latest.
‘A 22-carat disaster’: what next for British Library staff and users after data theft? - The Guardian.
LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review - British Library.
The Disturbing Impact of the Cyberattack at the British Library - The New Yorker.
Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them? - The Guardian.
Have we literally broken the English language? - The Guardian.
According to the dictionary, "literally" now also means "figuratively" - Salon.
Good Morning, Monster: A Therapist Shares Five Heroic Stories of Emotional Recovery - Amazon.
Good Morning, Monster - Apple Podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Stuck streaming sticks, TikTok conspiracies, and spying cars

Wed, 13 Mar 2024 23:00:00 +0000

Roku users are revolting after their TVs are bricked by the company, we learn how to make money through conspiracy videos on TikTok, and just how much is your car snooping on your driving?

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Smashing Security episode 317 - Includes a discussion of which came first - Battle Bots or Robot Wars?
“Disgraceful”: Messy ToS update allegedly locks Roku devices until users give in - Ars Technica.
Dispute resolution terms - Roku.
Enshittification - Wikipedia.
Craig Shergold - Wikipedia.
“Why TikTok Is Becoming A Conspiracy Playground” - YouTube.
Dave Bittner’s AI-generated image of Graham Cluley - Twitter.
Graham’s AI-generated video about pig butchering - Twitter.
Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies - New York Times.
Drivers concerned as automakers share driving data with insurance companies - NewsByte.
Carmakers are sharing driving habits with insurance companies, unbeknownst to owners - TechSpot.
Google Arts & Culture.
WELI - Kangaroo Time (Club Edit) (From Dance Your PhD 2024 - OVERALL WINNER) - YouTube.
Dance Your Ph.D. - Wikipedia.
Animal DNA Run - CrazyGames.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Ransomware fraud, pharmacy chaos, and suicide

Wed, 06 Mar 2024 23:00:00 +0000

Is there any truth behind the alleged data breach at Fortnite maker Epic Games? Who launched the ransomware attack that caused a fallout at pharmacies? And what's the latest on the heart-breaking hack of Finnish therapy clinic Vastaamo?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Mogilevich claims it has breached Epic Games - Twitter.
Fraudster’s fake data breach claims should remind media to be carefu what we report - DataBreaches.net.
Prescription orders delayed as US pharmacies grapple with "nation-state" cyber attack - Bitdefender.
US pharmacy outage triggered by 'Blackcat' ransomware at UnitedHealth unit, sources say - Reuters.
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment - Wired.
Vastaamo data breach - Wikipedia.
The CEO who also ran IT, Strava strife, and TikTok tall tales - Smashing Security podcast.
Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes - Bitdefender.
Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security – Sophos.
Vastaamo victims' lawyer: Some took their own lives after patient record leak - Yle.
Prosecutors call for maximum penalty over Vastaamo hacking - Helsinki Times.
Self-pay gas station pumps break across NZ as software can’t handle Leap Day - Ars Technica.
Citrix, Sophos software impacted by 2024 leap year bugs - Bleeping Computer.
Resident Alien trailer - YouTube.
Resident Alien - Netflix.
r/SpottedonRightmove - Reddit.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kiteworks - Step into the future of secure managed file transfer with Kiteworks.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Wireless charging woe, AI romance apps, and ransomware revisited

Wed, 28 Feb 2024 23:00:00 +0000

Your smartphone may be toast - if you use a hacked wireless charger, we take a closer look at the latest developments in the unfolding LockBit ransomware drama, and Carole dips her toe into online AI romance apps.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger - ArXiv.
FBI offers free decryption help for LockBit ransomware victims - Paul Ducklin.
LockBitsupp unmasked!!? Graham’s reaction to the FBI and NCA’s LockBit ransomware revelation - YouTube.
Dating Statistics And Facts In 2024 – Forbes Health.
Romantic AI Chatbots Don't Have Your Privacy at Heart - Mozilla Privacy Not Included.
Promptsmart.
Solving a celestial mystery: the Sun, Earth and Moon model - Museum of Natural History, Oxford.
Lotus Bud.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

BlackBerry – BlackBerry helps keeps you one step ahead. Cylance AI stops more attacks, earlier and with less effort than other solutions in the market today
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

LockBit locked out, and funeral Facebook scams

Wed, 21 Feb 2024 23:00:00 +0000

Heaven's above! Scammers are exploiting online funerals, and LockBit - the "Walmart of Ransomware" - is dismantled in style by cyber cops.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus! Don't miss our featured interview with Keiron Holyome about how BlackBerry is using predictive AI to stay one step ahead against threats.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Law enforcement disrupt world’s biggest ransomware operation - Europol
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - Krebs on Security.
International investigation disrupts the world’s most harmful cyber crime group - UK National Crime Agency.
LockBit Victim Reporting Form - FBI.
Fake Funeral Live Stream Scams Are All Over Facebook - 404 Media.
Closed Captions (CC) vs Subtitles - Subly.
Fingernails — Official Trailer - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

BlackBerry – BlackBerry helps keeps you one step ahead. Cylance AI stops more attacks, earlier and with less effort than other solutions in the market today
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Declaring war on ransomware gangs, mobile muddles, and AI religion

Wed, 14 Feb 2024 23:00:00 +0000

Holy mackerel! AI is jumping on the religion bandwagon, ransomware gangs target hospitals, and what's happened to your old mobile phone number?

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

I changed my number and now i can log into others accounts - Reddit.
Post by Alexander Hanff - LinkedIn.
Meta says risk of account theft after phone number recycling isn't its problem to solve - The Register.
Things to bear in mind when you change your mobile number - T-Mobile.
20+ hospitals in Romania hit hard by ransomware attack on IT service provider - Graham Cluley.
Ransomware gang claims responsibility for Christmas attack on Massachusetts hospital - The Record.
Cyberattack Disrupts Operations at Chicago Children’s Hospital: An Examination of the Threat and Its Impact - Medriva.
Gods in the machine? The rise of artificial intelligence may result in new religions - The Conversation.
AI: a way to freely share technology and stop it being misused already exists - The Conversation.
The Friar Who Became the Vatican’s Go-To Guy on AI - The New York Times.
How AI could change our relationship with religion - The Conversation.
Meet the Vatican’s AI mentor – POLITICO.
Focus Areas - AI and Faith - Rome Call.
Are chatbots changing the face of religion? Three faith leaders on grappling with AI - The Guardian.
“One Day” - Netflix.
[Clicks mouth]
"The Saint" - Amazon Prime.
The Saint goes to Palm Springs - YouTube.
God's Favorite Idiot - IMDb.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

BlackBerry - BlackBerry helps keeps you one step ahead. Cylance AI stops more attacks, earlier and with less effort than other solutions in the market today
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hong Kong hijinks, pig butchers, and poor ransomware gangs

Wed, 07 Feb 2024 23:00:00 +0000

Is this the real life? Is this just fantasy? A company in Hong Kong suffers a sophisticated deepfake duping, be one your guard from pig butchers as Valentine's Day approaches, and spare a moment to feel sorry for poor ransomware gangs.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

‘Everyone looked real’: multinational firm’s Hong Kong office loses HK$200 million after scammers stage deepfake video meeting - South China Morning Post.
Countdown’s Rachel Riley is deepfaked by HSBC - Vimeo.
Scameter - Cyber Defender HK.
Warning as scammers fake police Scameter app - The Standard.
Ransomware payment rates drop to new low – now 'only 29% of victims' fork over cash - The Register.
New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying - Coveware.
Romance scam reports rose by a fifth in 2023, says Lloyds Bank - The Independent.
What is a ‘pig-butchering’ scam – and why is it on the rise? - BBC.
Pig butchering mining scams: What they are and how to stop them - SC Media.
No love for romance scammers in 2024 - Consumer Advice.
Romance scammer reveals how he tricks women after failing to fool Go Public reporter - CBC.
Sudoku Exchange.
Learn Improv at Laugh at Leeds.
Mr Mercedes - Disney+.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Interview with an iPhone thief, anti-AI, and have we gone too far?

Wed, 31 Jan 2024 23:00:00 +0000

The iPhone security setting that you should enable right now, the worrying way that AI is predicting what criminals look like, and we play a game of face fake or real...

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Mobile phone stolen every six minutes in London, says Met Police - BBC News.
iPhone Thief Explains How He Breaks Into Your Phone - YouTube.
About Stolen Device Protection for iPhone - Apple.
Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It - Wired.
Will ChatGPT write ransomware? Yes - Malwarebytes.
AI chatbots are making scams more convincing than ever, warn spy chiefs - The Telegraph.
Test yourself: which faces were made by AI? - New York Times.
AI vs. Human Writing: Experts Fooled Almost 62% of the Time- Neuroscience News.
I know that I know nothing - Wikipedia.
Yours truly, Johnny Dollar - Comic book.
I Heart Umami.
Libby.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Big dumpers, AI defamation, and the slug that slurped

Wed, 24 Jan 2024 23:00:00 +0000

This week the podcast is more lavatorial than usual, as we explore how privacy may have gone to sh*t on Google Maps, our guest drives hands-free on Britain's motorways (and is defamed by AI), and ransomware attacks an airplane-leasing firm.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The Great British Public Toilet Map.
How one man’s pay-to-use toilet gag revealed Google Maps can be used to track people - Crikey.
Please Rob Me site exposes danger of sharing too much information online - Graham Cluley.
Artist creates a virtual traffic jam in Google Maps - YouTube.
How to Get Google to Quit Tracking Your Location - PC Magazine.
Grieving With Google Street View - Slate.
Zoe describes her curious tangle with AI - Twitter.
What happens when you think AI is lying about you? - BBC News.
Aercap confirms cyber threat involving ransomware - Air Finance.
Ransomware crims slime AerCap, claim to have stolen 1TB - The Register.
AerCap discloses cybersecurity incident - Reuters.
BBC staffers warned of payroll data breach. BA and Boots also affected by MOVEit vulnerability - Graham Cluley.
Randy Rainbow - YouTube.
Donald in the John With Boxes - A Randy Rainbow Song Parody - YouTube.
Zoe drives hands-free on a British motorway - Twitter.
How to Play Taco Cat Goat Cheese Pizza - Wikihow.
Asmodee Taco Cat Card Game - John Lewis.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Fishy Rishi, 23andMe, and the labour of love

Wed, 17 Jan 2024 23:00:00 +0000

Has the British Prime Minister been caught secretly profiting from a cryptocurrency app? Were 23andMe right to blame their users after a data breach? And Indian men have hard feelings after falling for a money-for-sex scam.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

What Rishi Sunak gets up to over Christmas… - YouTube.
Boris Johnson's Love Actually parody (Conservative Party election broadcast) - YouTube.
UK's Rishi Sunak becomes richest ever occupant of Number 10 - Reuters.
Over 100 Deep-Faked Rishi Sunak Ads Found on Meta’s Platform - Fenimore Harper Communications.
Slew of deepfake video adverts of Sunak on Facebook raises alarm over AI risk to election - The Guardian.
23andMe Blames User “Negligence” for Data Breach - Infosecurity Magazine.
All India Pregnant Job service: Indian men conned by 'impregnating women' scam - BBC News.
World War II: From the Frontlines - Netflix.
Spintronics - Upper Story.
Reacher - Amazon Prime.
The Trust - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Chuck Norris and the fake CEO, artificial KYC, and an Airbnb scam

Wed, 10 Jan 2024 23:00:00 +0000

Chuck Norris gives a helping hand to a mysterious cryptocurrency CEO who may have separated investors from over a billion dollars, generative AI creates a nightmare for those wanting to Know Their Customer, and a determined journalist finally gets their revenge on a sneaky Airbnb scammer.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Chief executive of collapsed crypto fund HyperVerse does not appear to exist - The Guardian.
Crypto hedge fund CEO may not exist; probe finds no record of identity - Ars Technica.
BUSTED: Fake HyperVerse CEO Who Stole $1.3 Billion Unmasked! - YouTube.
Hyperverse’s Steven Reece Lewis outed as Steve Harrison - Behind MLM.
HyperVerse crypto promoter ‘Bitcoin Rodney’ arrested and charged in US - The Guardian.
GenAI could make KYC effectively useless - TechCrunch.
Airbnb Grifter Busted for $7.5 Million 'Bait-and-Switch' Scam, Feds Say - The Daily Beast.
I Accidentally Uncovered a Nationwide Scam Run by Fake Hosts on Airbnb - Vice.
Percentage Point vs. Percent Difference - Macroption.
“Is Math Real?” - Book by Eugenia Cheng.
“Julia” trailer - YouTube.
Watch Before We Die - Channel 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Phone hacking, Piers Morgan, and Carole’s Christmas cockup

Wed, 20 Dec 2023 23:00:00 +0000

Piers Morgan is less than happy after a judgement that there is "no doubt" he knew phone hacking was going on at the Daily Mirror, and a shopper comes a-cropper just before Christmas.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Piers Morgan denies knowing of phone hacking after judge rules he did - The Guardian.
I've never told anyone to hack a phone - Piers Morgan tells Laura Kuenssberg - BBC News.
Piers Morgan interviewed by BBC’s Amol Rajan about phone hacking at Daily Mirror - BBC News.
Piers Morgan will find many ways to deny phone hacking – but how long before his number is up? - Archie Bland’s article in The Guardian.
Piers Morgan tells Charlotte Church how to stop her mobile phone from being hacked - YouTube.
I'm sorry, Macca, for introducing you to this monster - Piers Morgan describes in the Daily Mail a voicemail he heard between Paul McCartney and Heather Mills.
The human cost of phone hacking - Graham Cluley.
Eudesignhouse.shop Review – Unmasking the Store Closing Scam - MyAntiSpyware.
Whois Domain Lookup.
Myth Maker: The Lost Legacy of Donald Cotton - SoundCloud.
15 virtual Christmas party games to play this festive season - Country Living.
21 Virtual Christmas Games To Play On Zoom With Adults - Team Building.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

For research purposes only

Wed, 13 Dec 2023 23:00:00 +0000

A hacker bursts the bubble of inflatable fetish fans, Hollywood celebrities unwittingly record videos in a Kremlin plot, and there's a particularly devious WordPress-related malware campaign.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Fuzzy Duck - Wikipedia.
Cybercrime author Geoff White demonstrates his NSFW balloon trick at the "Smashing Security" podcast Christmas party - Reddit.
Rule 34 - Wikipedia.
We are (temporarily) offline - InflateVids on Patreon.
Fast Company’s Apple News access hijacked to send an obscene push notification - The Verge.
Fast Company Hacker on Rogue Apple News Notification: ‘Anyone Could Have Done It’ - Vice.
The WordPress backdoor with its own backdoor! (And fake CVE numbers, too) - Paul Ducklin.
Russian influence and cyber operations adapt for long haul and exploit war fatigue - Microsoft.
How Zelensky became Hollywood man of the hour - The Guardian.
Nigel Farage wishes Hugh Janus a happy birthday - YouTube.
Don Johnson - Cameo.
Hollywood plays unwitting Cameo in Kremlin plot to discredit Zelensky - The Register.
Winning hearts and minds - Military Wiki.
AdGuard Home - GitHub.
Garmin Edge 130 Plus - Garmin.
Garmin Connect IQ - Garmin.
The Thermapen.
Flat Whisk Stainless Steel Egg Beater Mixer Kitchen Tool - Amazon.
Small Silicone Spatulas - Amazon.
3 Pcs Rubber Jar Gripper Pads - Amazon.
Marble Dough Roller - Amazon.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Push Security – Monitor and secure your entire identity attack surface, including non-SSO identities. Get notified in real-time to vulnerabilities across all your internet-facing identities, and have your staff guided to fix simple issues.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Nuclear cybersecurity, Marketplace scams, and face up to porn

Wed, 06 Dec 2023 23:00:00 +0000

Hacking fears are raised at Western Europe's most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Why Facebook Is Rebranding Itself as Meta - INSEAD.
Windscale fire - Wikipedia.
Sellafield nuclear site hacked by groups linked to Russia and China - The Guardian.
Response to a news report on cyber security at Sellafield - UK Government.
Response to Guardian news article - Office for Nuclear Regulation.
Common Facebook Marketplace scams and how to avoid them - Comparitech.
Advice from Google on how to remove malware and unsafe software from Android devices - Google.
New Report Reveals Truths About How Teens Engage with Pornography - Common Sense Media.
‘A lot of it is actually just abuse’- Young people and pornography - Children's Commissioner for England.
Implementing the Online Safety Act: Protecting children from online pornography - Ofcom.
UK age assurance guidance for porn sites gives thumbs up to AI age checks, digital ID wallets and more - TechCrunch.
Demotivational posters.
"Her Time: How Trailblazing Women Scientists Decoded the Hidden Universe," by Shohini Ghos.
Meet Your Second Wife - Saturday Night Live sketch, YouTube.
‘Modern Love Podcast’: Our 34-Year Age Gap Didn’t Matter, Until It Did - New York Times.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Push Security – Monitor and secure your entire identity attack surface, including non-SSO identities. Get notified in real-time to vulnerabilities across all your internet-facing identities, and have your staff guided to fix simple issues.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Think before you shrink! And our guest is faked

Wed, 29 Nov 2023 23:00:00 +0000

Don't minimise your Teams Meeting video call too hastily, you might reveal your dirty secrets! Would you be prepared to pay for Facebook and Instagram? And who is being faked to promote cryptocurrency scams?

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Jane Wakefield.

Plus - don't miss our featured interview with Push Security founder and CEO Adam Bateman.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

XtraVue Trailer demo - YouTube.
Nvidia sued after video call mistake showed 'stolen' data - BBC News.
Valeo v. Nvidia complaint - DocumentCloud.
Fake BBC news article using Jane Wakefield’s name - Twitter.
Report a fraudulent webpage to Google Safe Browsing - Google.
Meta's EU ad-free subscription faces early privacy challenge - Yahoo!
Meta to offer ad-free subscription in Europe in bid to keep tracking other users - TechCrunch.
Meta’s EU ad-free subscription faces early privacy challenge - TechCrunch.
Facebook and Instagram to Offer Subscription for No Ads in Europe - Facebook.
noyb files GDPR complaint against Meta over “Pay or Okay” - NOYB.
Big Mac index 2023 - Statista.
Euro aea wages 2023 - Take-profit.org.
Boat Story review - The Guardian.
GlasgowGPT - the world's first Scottish artificial intelligence chatbot.
Gergely Orosz uncovers fake female speakers at a tech conference - Twitter.
Eliza-May Austin shares her experiences of being invited to speak at tech conferences - LinkedIn.
Boat Story - BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Push Security - Monitor and secure your entire identity attack surface, including non-SSO identities. Get notified in real-time to vulnerabilities across all your internet-facing identities, and have your staff guided to fix simple issues.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Ransomware gang reports its own crime, and what happened at OpenAI?

Wed, 22 Nov 2023 23:00:00 +0000

Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Hackers Use Online Casinos to Gamble Mountains of Cash They Steal from Victims - 404.
AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC - DataBreaches.net.
SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies - US Securities and Exchange Committee.
OpenAI announces leadership transition - OpenAI.
The Fear and Tension That Led to Sam Altman’s Ouster at OpenAI - The New York Times.
Emergency Pod: Sam Altman is Out at Open AI - The New York Times.
What We Know About Sam Altman’s Ouster From OpenAI - The New York Times.
Ousted OpenAI C.E.O. Makes Plans for New Artificial Intelligence Company - The New York Times.
Microsoft Hires Sam Altman Hours After OpenAI Rejects His Return - The New York Times.
In the battle to bring ousted founder Sam Altman back to OpenAI, Microsoft and Satya Nadella hold the trump cards - Fortune.
Rate your resignation letter - Twitter account.
Suella Braverman’s resignation letter - Twitter.
Analysis of letter by Dame Andrea Jenkyns - Twitter.
Thread about letter from Dame Andrea Jenkyns - Twitter.
The Future by Naomi Alderman review - The Guardian.
The Future by Naomi Alderman - Harper Collins.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hacking for chimp change, and AI chatbot birthday

Wed, 15 Nov 2023 23:00:00 +0000

Who's more incompetent - the cryptocurrency exchanges or some of the people who hack them? Plus a closer look at the reliability of AI chatbots.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Bored Ape NFT Partygoers Blame UV Lights For Burned Eyes And Skin - Kotaku.
Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked - The Register.
Raft Suffers $3.3M Exploit That Drove Down Stablecoin 50%, but Hacker Likely Lost Money on Attack - CoinDesk.
Leaderboard Comparing LLM Performance at Producing Hallucinations when Summarizing Short Documents - Github.
Cut the Bull…. Detecting Hallucinations in Large Language Models - Vectara.
Chatbots May ‘Hallucinate’ More Often Than Many Realize - The New York Times.
Bing's ChatGPT-Powered Search Has a Misinformation Problem - Vice.
ChatGPT gets code questions wrong 52% of the time - The Register.
FreeTube.
The Wonderful Story of Henry Sugar - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Panoptica – Panoptica is a cloud native application security solution connecting developer and security teams to their organization’s biggest cloud threats from code to production.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Trolls, military data, and the hitman and her

Wed, 08 Nov 2023 23:00:00 +0000

A woman's attempt to hire an assassin online backfires badly, it's scary just how cheap it is to buy information about US military personnel, and trolls and tattoos don't mix.

Plus don’t miss our featured interview with Jason Meller of Kolide.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Woman jailed after RentaHitman.com assassin turned out to be – surprise – FBI - The Register.
Zandra Ellis criminal complaint (PDF).
Rent-A-Hitman: Your Point & Click Solution! - YouTube.
It’s shockingly easy to buy sensitive data about US military personnel - MIT Technology Review.
This Guy Trolls His TikTok Haters By Getting Tattoos of Them - Vice.
Man Gets Back at Trolls Online With Revenge Tattoos - MSN.
The Beatles - “Now and Then” music video - YouTube.
“The Last of Us” piano scene, episode 3 - YouTube.
Celeritas podcast.
Pick of the week archive - Smashing Security.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Panoptica – Panoptica is a cloud native application security solution connecting developer and security teams to their organization’s biggest cloud threats from code to production.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

How hackers are breaching Booking.com, and the untrustworthy reviews

Wed, 01 Nov 2023 23:00:00 +0000

Workers wonder if their colleagues are actually AI, and we take a deeper look into the curious scams going on via Booking.com.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Art Musings - Gratuitous plug for Carole’s new podcast with Sally Anne-Stewart.
Smashing Security #344: What’s cooking at Booking.com? And a podcast built by AI - Smashing Security.
Fraudsters target Booking.com customers claiming hotel stay could be cancelled - Graham Cluley.
Scammers try to trick Graham again via Booking.com - Twitter.
'Thieves used fake Booking.com emails to steal £1,000 from me before my wedding' - The Mirror. Includes gratuitous mention of Graham’s hunt for aubergines.
Unmasking a Sophisticated Phishing Campaign That Targets Hotel Guests - Akamai.
Did AI Write Product Reviews? Gannett Says No - The New York Times.
Is my co-worker AI? Bizarre product reviews leave Gannett staff wondering - The Verge.
How to spot a fake review - Which?
Lonely Water - Public information film from 1973.
Scarred for Life Volume 1: The 1970s - Lulu.
Scarred for Life Volume 2: Television in the 1980s - Lulu.
Scarred for Life Twitter account.
Say More with Dr? Sheila - Apple Podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Panoptica - Panoptica is a cloud native application security solution connecting developer and security teams to their organization’s biggest cloud threats from code to production.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Cyber sloppiness, and why does Google really want to hide your IP address?

Wed, 25 Oct 2023 23:00:00 +0000

Ahoy! There's trouble in the South China Seas as Filipino organisations fail to secure their systems, we take a close look at Google IP protection, and we take a look at just how so much genetic profile data leaked out of 23andMe.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Philippines’ cybersecurity failures exposed as hackers leak state secrets, people’s data - South China Morning Post.
IT admins are just as culpable for weak password use - Outpost24.
Google Chrome wants to hide your IP address - MalwareBytes.
The 23andMe data breach reveals the vulnerabilities of our interconnected data - The Conversation.
23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews - Wired.
Worried about the 23andMe hack? Here's what you can do - Washington Post.
Paris Police 1905 - BBC iPlayer.
British Hen Welfare Trust.
Art Musings - Art Musings podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

What’s cooking at Booking.com? And a podcast built by AI

Wed, 18 Oct 2023 23:00:00 +0000

How hunting for an aubergine could be all it takes for you to hand your credit card details over to a scammer, and just how good is a podcast entirely built by AI?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Support Alie Hothersall’s fundraising for Mind - JustGiving.
Fraudsters target Booking.com customers claiming hotel stay could be cancelled - Graham Cluley.
Security.txt - A proposed standard which allows websites to define security policies.
Develop AI launches a completely synthetic podcast - Develop AI.
Develop AI podcast.
Is It Legal To Pay - The err.. https version of a map of which countries allow you to pay ransom demands.
Licorice Pizza - BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Devo – Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!
Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get 10% off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Four-legged girlfriends, LoveGPT, and a military intelligence failure

Wed, 11 Oct 2023 23:00:00 +0000

Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Former Soldier Indicted for Attempting to Pass National Defense Information to People’s Republic of China - US Department of Justice.
‘Dream’ AI Girlfriend Randomly Turns Into Nude Jennifer Lopez, Has Four Legs - 404 Media.
LoveGPT: How “single ladies” looking for your data upped their game with ChatGPT - Avast Threat Labs.
5 Signs Your Tinder Match Is a Scam Bot - LifeWire.
Support Alie Hothersall’s fundraising for Mind - JustGiving.
“The Last Action Heroes” by Nick de Semlyen - Pan Macmillan.
Life Kit - NPR.
Tom Hanks has made a complaint - Twitter.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Devo – Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!
Moonlock — cybersecurity wing of MacPaw. Developers of the antimalware tech in CleanMyMac X — Moonlock Engine.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Royal family attacked, keyless car theft, and a deepfake Tom Hanks

Wed, 04 Oct 2023 23:00:00 +0000

Is a deepfake Tom Hanks better than the real thing? Who has been attacking the British Royal Family's website, and why? And how can you protect your vehicle from the spate of keyless car thefts?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus don't miss our featured interview with Devo CISO Kayla Williams.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The disturbing uncanny valley of Robert Zemeckis film 'Polar Express' - Far Out magazine.
Tom Hanks warns of deepfake video promoting dental plan - Instagram.
Fuming Tom Hanks says he had nothing to do with that AI dental ad clone of him - The Register.
Tom Hanks warns dental plan ad image is AI fake - BBC News.
Robin Williams’ Daughter Zelda Criticizes Use of AI to Re-create His Voice: “I Find It Personally Disturbing” - Hollywood Reporter.
Bruce Willis denies selling rights to his face - BBC News.
Deepfake Bruce Willis in Russian telecoms advert - YouTube.
Could you get "carhacked"? The growing risk of keyless vehicle thefts and how to protect yourself - CBS News.
Keyless car theft: What is a relay attack, how can you prevent it, and will your car insurance cover it? - Leasing.com.
Testing Phone-Sized Faraday Bags - Matt Blaze.
Famous DDoS attacks - Cloudflare.
The sinister Russian hackers who've claimed responsibility for crashing Buckingham Palace website - Daily Mail.
King Charles rebukes Russia's 'horrifying' invasion of Ukraine in unprecedented speech - Express.
Visually, how much paper would a GB and a TB of data fill in terms of physical size? - Quora.
“The shop around the corner” - Wikipedia.
Evan Designs.
“Eight Detectives” by Alex Pavesi - Penguin Books.
Review of “Eight Detectives” - The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Hunters – A SOC platform, built to empower your security team to reduce risk, complexity and costs.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Devo - Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Another T-Mobile breach, ThemeBleed, and farewell Naked Security

Wed, 27 Sep 2023 23:00:00 +0000

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

T-Mobile customer reports privacy breach - Twitter.
T-Mobile US exposes some customer data – but don't call it a breach - The Register.
T-Mobile denies new data breach rumors, points to authorized retailer - Bleeping Computer.
Connectivity Source - Despite appearances, don’t confuse it with T-Mobile.
ThemeBleed exploit is another reason to patch Windows quickly - MalwareBytes.
If I Embarrass My Baby on TikTok, Will He Stay My Baby Forever? - New York Times.
They Gossiped At Brunch. Now There's a Mob After Them - Rolling Stone.
The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech - 404 Media.
Egg crack challenge,the last baby is so cute - YouTube.
Trailer for “The Deepest Breath” - YouTube.
“The Deepest Breath” - Netflix.
Nitpick: Meaningless communications.
Naked Security.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Heated seats, car privacy, and Graham’s porn video

Wed, 20 Sep 2023 23:00:00 +0000

Do you know what data your car is collecting about you? Do you think it's right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email to Graham about his sex video?

Plus don't miss our featured interview with Gigamon's Mark Jow.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Yikes! My sex video has been uploaded to YouPorn, apparently - Graham Cluley.
1 million YouPorn users exposed; data breach required no security penetration - Computer World article from 2012.
The YouPorn Sextortion Email Spam Campaign Explained - MalwareTips.
BMW deems drivers worthy of warmth, ends heated car seat subscription - The Register.
Hackers crack Tesla software to get free features - The Independent.
It's Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy - Mozilla Foundation.
Car Companies: Stop Your Huge Data Collection Programs - Mozilla Foundation.
Programming language inventor or serial killer? - Vole.wtf.
Rask - AI video localisation.
Verbalate - Video translation and lip sync software.
The Following Events Are Based on a Pack of Lies review - The Guardian.
The Following Events Are Based on a Pack of Lies - BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames?

Wed, 13 Sep 2023 23:00:00 +0000

Deepfakes are being used for good (perhaps), common usernames could pose a security threat, and someone has paid a $500,000 fee... just to send $1,865.

Oh, and our guest mentions Mr Blobby (to the horror of the show's hosts...)

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Tweet by Jameson Lopp.
Bitcoin user’s costly error leads to record transaction fee of $510,000 - Cryptoslate.
Root Admin User: When Do Common Usernames Pose a Threat? - GovInfoSecurity.
Dave’s conversation with Crosstalk’s Chris Sherwood - Hacking Humans podcast.
Passkey authentication - Wikipedia.
Passkeys: Accelerating the Availability of Simpler, Stronger Passwordless Sign-Ins - FIDO Alliance.
Test your mental image ability - Aphantasia.
How to create your own personal deepfake - Axios.
Deepfakes are being used for good – here’s how - Connecting Research - University of Reading.
Six things you need to know about deepfakes - BBC Radio 4.
Mitigating Aphantasia with Generative Reality - Medium.
Ethical Deepfake Maker - Synthesia.
HeyGen deepfakes - HeyGen.
Deepfakes are being used for good – here's how - The Conversation.
Search engines required to stamp out AI-generated images of child abuse under Australia’s new code - The Guardian.
Induction Hob with Rotary Controls - Cookology.
Top 10 WTF Mr Blobby Moments - YouTube.
Lessons in Chemistry by Bonnie Garmus review – the right comic formula - The Guardian.
"Lessons in Chemistry” - Book by Bonnie Garmus.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Moonlock — cybersecurity wing of MacPaw. Developers of the antimalware tech in CleanMyMac X — Moonlock Engine.
Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Catfishing services, bad sports, and another cockup

Wed, 06 Sep 2023 23:00:00 +0000

AI news is bad news, an online service to catch your cheating partner, and an IoT-enabled dick cage fails to keep a grip on its own security.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Plus don't miss our featured interview with Alex Lawrence, principal security architect at Sysdig.

Warning: This podcast may contain nuts, adult themes, and rude language. May? Who are we kidding...

Episode links:

199: A few tech cock-ups, and one cock lock-up - Smashing Security.
Smart male chastity lock cock-up - Pen Test Partners.
“My sexual urges are so out of control I’m considering buying a chastity cage” - Dear Deidre, The Sun.
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed - TechCrunch.
Dispatch pauses AI sports writing program - Axios.
Would Your Partner Cheat? These ‘Testers’ Will Give You an Answer - The New York Times.
Loyalty Test.
Nitpick: Why don’t induction hobs have knobs?
Longevity… simplified - book by Dr Howard J Luks.
Oxford Art Society Open Exhibition 2023.
Carole Theriault art website.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Sysdig – Is your cloud secure? Not without runtime insights! Sysdig delivers the industry’s ONLY complete, consolidated Cloud-Native Application Protection Platform (CNAPP) – powered by runtime insights – to prioritize critical risks and stay ahead of unknown threats. Learn how runtime insights reduces fatigue so developers can focus on delivering software and your security teams can focus on other demands.
ClearVPN – Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The DEA’s crypto calamity, and scammers’ blue tick bonanza

Wed, 30 Aug 2023 23:00:00 +0000

Seized cryptocurrency is stolen from the DEA, blue-ticks are being exploited, a bath full of dollar bills, the comfort offered by an ostrich's head, and how Graham is refusing to call Twitter "X".

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer - Forbes.
Stranger sent dick pics so I convinced him he was dying - YouTube.
Creeps Airdropping Dick Pics Is the Latest Air Travel Nightmare - Vice.
Airdrop scam tokens - Trezor.
Brother of Criminal Bitcoin Mixing CEO Pleads Guilty to Stealing 712 Bitcoins From IRS - CoinDesk.
Blue-tick scammers target consumers who complain on X - The Guardian.
Infinite Mac.
Classic Mac OS - Wikipedia.
Perplexity AI - chatbot.
CrazyGames.
Braingle.
40 Weirdest Things on Amazon That People Actually Love to Buy - Good Housekeeping.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Beyond Identity – Enables companies with the ability to completely eliminate reliance on passwords and protect against password-based breaches, fraud, and ransomware attacks. Get a free demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Pizza pests, and securing your wearables

Wed, 23 Aug 2023 23:00:00 +0000

Surely you should be able to order pizza without being pestered for sex? And Carole takes a look at the what and why of wearables...

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

One in three young people falling prey to ‘text pests’ as ICO calls for victims to come forward - ICO.
My pizza order turned into a terrifying ordeal after creepy delivery driver stole my data & I was sent sinister messages - The Sun.
Share your experience of unwanted contact after giving your personal information to a business for a legitimate reason - ICO.
IoT, wearables and the new health insurance paradigm - IT-Online.
Top 10 Innovative Wearable IoT Devices - IOT Design Pro.
Explosive Growth Forecasted: IoT in Healthcare Market Set to Reach US$ 952.3 Billion by 2032 with a Remarkable CAGR of 18.0% - PharmiWeb.
Sweat it out: Novel wearable biosensor for monitoring sweat electrolytes for use in healthcare and sports -Science Daily.
New Apple Watch X Leaked: MAJOR Redesign & Magnetic Band System! -YouTube.
Wearables | Privacy & security guide - Mozilla Foundation.
5 trending wearables in 2023 to look out for - Ignitec.
Internet of Things Becomes Greater Focus for Pharma -Health Leaders media.
Hospitals are selling treasure troves of medical data — what could go wrong? - The Verge.
Opt out of sharing your health records - NHS.
Legal lullabies - Drift asleep listening to Instagram's terms of service.
The Sound: Mystery of Havana Syndrome.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Beyond Identity – Enables companies with the ability to completely eliminate reliance on passwords and protect against password-based breaches, fraud, and ransomware attacks. Get a free demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

AI chat wars, and hacker passwords exposed

Wed, 16 Aug 2023 23:00:00 +0000

AI chatbots are under fire in Las Vegas, the secrets of hackers' passwords are put under the microscope, and Graham reveals (possibly) the greatest TV programme of all time.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

100,000 Hackers Exposed from Top Cybercrime Forums - Hudson Rock.
Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer - Hudson Rock.
People coaxed AI into saying 9+10=21 and giving instructions for spying — it shows how these systems are prone to flaws and bias - Business Insider.
These Women Tried to Warn Us About AI - Rolling Stone.
Chatbots: Why does White House want hackers to trick AI? - BBC News.
I, Claudius - BBC iPlayer.
Drama Connections: I, Claudius - BBC documentary from 2005, on YouTube.
'Painkiller' Review: Netflix Series Fails To Capture Opioid Crisis - Variety.
”Painkiller” trailer - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Sysdig – Is your cloud secure? Not without runtime insights! Sysdig delivers the industry’s ONLY complete, consolidated Cloud-Native Application Protection Platform (CNAPP) – powered by runtime insights – to prioritize critical risks and stay ahead of unknown threats. Learn how runtime insights reduces fatigue so developers can focus on delivering software and your security teams can focus on other demands.
Beyond Identity - Enables companies with the ability to completely eliminate reliance on passwords and protect against password-based breaches, fraud, and ransomware attacks. Get a free demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Acoustic attacks, and the tears of a crypto rapper

Wed, 09 Aug 2023 23:00:00 +0000

Razzlekhan, the self-proclaimed Crocodile of Wall Street, pleads guilty to the biggest crypto laundering scheme in history, and just how safe are you typing while on a Zoom call?

Meanwhile, Graham rants about public EV chargers.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

With Nvidia Eye Contact, you’ll never look away from a camera again - Ars Technica.
“A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” - Technical paper (PDF).
New acoustic attack steals data from keystrokes with 95% accuracy - Bleeping Computer.
Bitfinex users to share 36% of bitcoin losses after hack - BBC News.
Bitfinex’s Latest News & Updates - BitFinex blog.
Heather R. Morgan - Wikipedia.
Razzlekhan and husband guilty of $4.5bn Bitcoin launder - BBC News.
Record-high seizure of $4bn in stolen Bitcoin - BBC News.
‘Sexy horror comedy’: Bitcoin laundering suspect is also ‘raunchy rapper’ Razzlekhan - The Guardian.
”Versace Bedouin” music video by Razzlekhan - YouTube.
“Pho King Badd Bhech” music video by Razzlekhan - YouTube.
SWARCO - Nit Pick of the Week.
Esim Holafly - Holafly.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
ClearVPN – Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Barbie and the stalking spouse

Wed, 02 Aug 2023 23:00:00 +0000

Carole takes us into the sinister side of Barbie, while Graham describes a stalkerware operation that has been spilling its secrets.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

SpyHide couldn’t hide forever - Maia arson crimew.
Spyhide stalkerware is spying on tens of thousands of phones - TechCrunch.
Coalition against Stalkerware.
Use Google Play Protect to help keep your apps safe and your data private - Google.
Eyeing Barbie movie download? Beware of online scam, says McAfee - Tech News.
A Complete History of the Barbie Movie - Vanity Fair.
20 Things You Probably Didn't Know About Barbie - Readers Digest.
Influencer's 'Honest Review' of 'Barbie' Goes Viral - Newsweek.
How scammers are using ‘Barbie’ craze to steal personal information - The Hill.
‘Barbie’ Box Office to Blast Past $700M Globally After Record Week - The Hollywood Reporter.
Scammers Love Barbie: Fake Videos Promote Bogus Ticket Offers That Steal Personal Info - McAfee.
History vs Hollywood.
Weird: The Al Yankovic story - History vs Hollywood.
The News Meeting - Tortoise podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Hunters – A SOC platform, built to empower your security team to reduce risk, complexity and costs.
Moonlock - The cybersecurity wing of MacPaw. Developers of CleanMyMac X antimalware tech, Moonlock Engine.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Nudes leak at the plastic surgery, Mali mail mix-up, and WormGPT

Wed, 26 Jul 2023 23:00:00 +0000

Dr 90210 finds himself in a sticky situation after his patients' plastic surgery photos AND more end up in the hands of hackers, emails to the US military end up in the wrong hands, and script kiddies salivate at the thought of Business Email Compromise powered by generative AI.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

90210 plastic surgeon Dr Gary Motykie.
Dr Gary Motykie videos - YouTube.
More plastic surgery patients have their nude photos and information leaked - DataBreaches.net.
Typo watch: 'Millions of emails' for US military sent to .ml addresses in error - The Register.
Hundreds of thousands of US military e-mails wind up in Mali - Le Monde.
Beware of WormGPT: AI Tool Enables Cyber Attacks and Impersonation Scams - IB Times.
WormGPT: a generative AI tool to compromise business emails - CSO Online.
WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks - SlashNext.
“Who shat on the floor at my wedding?”
Futurama - Wikipedia.
Radiooooo.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
ClearVPN - Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Boris Johnson’s WhatsApps, and sextorting party girls

Wed, 19 Jul 2023 23:00:00 +0000

Former Prime Minister Boris Johnson wants to hand over his WhatsApp messages - or does he? And a couple of fun-loving girls from Aberdeen have come up with a sinister twist on sextortion scams.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley (from a mystery location) and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The UK Covid-19 Inquiry.
Court orders ministers to hand Boris Johnson’s WhatsApps to Covid inquiry - The Guardian.
Boris Johnson ‘has forgotten’ passcode for phone wanted by Covid inquiry - The Guardian.
The Lockdown Files: Matt Hancock rejected expert advice on care home testing, WhatsApp messages reveal - The Telegraph.
Boris Johnson's Personal Phone Number Has Been Hiding in Plain Sight Online For 15 Years - Vice.
Party girls netted £120,000 from terrified men in ‘sextortion’ scam -The Times.
Exclusive: Women posed as underage girls to blackmail men out of nearly £122000 -Press and Journal.
Musicless music video of Lionel Richie’s “Hello” - YouTube.
Musicless music video of Rolling Stones performing live in 1964 - YouTube.
Intrigue: Burning Sun - BBC podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Deepfake Martin Lewis, and a deadly jog in the park

Wed, 12 Jul 2023 23:00:00 +0000

Going for a jog can be bad for your privacy (but even worse for your health), and Britain's consumer finance champion finds his face is being faked.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Russian commander shot dead after posting runs on Strava running app - Kyiv Post.
Martin Lewis felt 'sick' seeing deepfake scam ad on Facebook - BBC News.
How synthetic media, or deepfakes, could soon change our world eing deepfake scam ad on Facebook - 60 Minutes on YouTube.
Nicki Minaj wants to delete the “whole internet” after viral AI deepfake video -Technology Inquirer.
Fears grow of deepfake ID scams following Progress hack - Ars Technica.
“Deep Fake Neighbour Wars”: ITV’s comedy shows how AI can transform popular culture -The Conversation.
”My Old School” - BBC Scotland.
”My Old School” trailer - YouTube.
MP doesn’t know whether she attended Downing St Party - YouTube.
”Non-Censored” with Rosie Holt podcast - Audioboom.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide - Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Sysdig - Is your cloud secure? Not without runtime insights! Sysdig delivers the industry's ONLY complete, consolidated Cloud-Native Application Protection Platform (CNAPP) - powered by runtime insights - to prioritize critical risks and stay ahead of unknown threats. Learn how runtime insights reduces fatigue so developers can focus on delivering software and your security teams can focus on other demands.
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Pornhub, Barbie dolls, and can you trust a free TV?

Wed, 05 Jul 2023 23:00:00 +0000

Just how much do porn websites know about your sexual peccadillos? How are Barbie dolls involved in identity scams? And would you trust a completely free telly?

Oh, and Graham has some opinions to share about "Indiana Jones and the Dial of Destiny".

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Matt Davey from the "Random but Memorable" podcast.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Pornhub Is Being Accused of Illegal Data Collection - Wired.
StopDataPorn brings Pornhub to court for abusing users’ personal data with GDPR complaints - StopDataPorn.
The Password Game - Neal.fun.
The True Cost of a Free TV - Wired.
Telly dual-screen TV first look: it’s free and may be the future - The Verge.
Swindlers Used Barbie Dolls to Rob COVID Relief Program - The Messenger.
How rampant abuse by fintech fueled covid relief fraud - The Washington Post.
'Biggest fraud in a generation': The looting of the Covid relief plan known as PPP - NBC News.
"We Are Not the Fraud Police": How Fintechs Facilitated Fraud in the Paycheck Protection Program - Fox News.
‘The Dial Of Destiny’ Is Now The Worst-Reviewed ‘Indiana Jones’ Movie - Forbes.
“Jury Duty” TV series - Wikipedia.
“Jury Duty” trailer - YouTube.
Spray Cork: What Is It? - Build with Rise.
CorkSol.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

UPS smishing, ChatGPT 101, and storing secret files

Wed, 28 Jun 2023 23:00:00 +0000

UPS delivers some smishing advice (but have they kept something under wraps?), we ask ChatGPT to take a long hard look at itself, and we debate what the penalty should be for taking national secrets home with you.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

UPS discloses data breach after exposed customer info used in SMS phishing - Bleeping Computer.
Example of UPS SMS phishing message related to Lego order - Twitter.
Another example of a Lego-related UPS phishing message - Twitter.
Former FBI Analyst Sentenced for Retaining Classified Documents - US Department of Justice.
How The Intercept might have helped unmask Reality Winner to the NSA - Graham Cluley.
Bad adverts leave people scratching their heads - MSN.
How Cybercriminals Can Perform Virtual Kidnapping Scams Using AI Voice Cloning Tools and ChatGPT - Trend Micro.
Which Jobs Will Be Most Impacted by ChatGPT? - Visual Capitalist.
Unraveling an AI Scam with AI - Imperva.
100,000 Hacked ChatGPT Accounts Discovered on Dark Web - Hackread.
97+ ChatGPT Statistics & User Numbers In June 2023 (New Data) - Nerdy Nav.
“Speed Cubers” - Netflix.
Trailer for “Speed Cubers” - YouTube.
KBDcraft.
”How to Win Friends and Disappear People” - Qcode Podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Mark’s metaverse for minors, and getting down to business

Wed, 21 Jun 2023 23:00:00 +0000

There's some funny business going on on Google, and Zuckerberg's $14 billion bet on the metaverse is beginning to look a little childish...

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Google sues alleged scammer over fake business and review scheme - The Verge.
Meta to Lower Age for Users of Virtual Reality Headset to 10 From 13 - New York Times.
Introducing New Parent-Managed Meta Accounts for Families - Meta Blog.
Keep Connected - ages 10–14 - Keep Connected.
The Metaverse Police: A VR content moderator shares his insights - Mixed News.
“Untold: The Girlfriend Who Didn't Exist” - Netflix.
Tommy Siegel - Some candy hearts comics I drew, a thread - Twitter.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Right Royal security threats and MOVEit mayhem

Wed, 14 Jun 2023 23:00:00 +0000

There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Declassified files reveal ‘large number’ of security scares at Windsor Castle - Metro.
Intruder at Windsor: Security 400 scared of unpleasant Andrew' to turn away fantasist - Express.
The US Is Openly Stockpiling Dirt on All Its Citizens - Wired.
I don’t care about cookies browser plugin.
MOVEit hack: Media watchdog Ofcom latest victim of mass hack - BBC News.
BBC, BA and Boots issued with ultimatum by cyber gang Clop - BBC News.
Ukrainian police arrest multiple Clop ransomware gang suspects - TechCrunch.
BBC and British Airways affected by data breach at payroll company Zellis - The Record.
BA, Boots and BBC staff details targeted in Russia-linked cyber-attack - The Guardian.
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft - Mandiant.
MOVEit Transfer and MOVEit Cloud Vulnerability - Progress.
MOVEit announces second vulnerability; Minnesota schools agency breached with original bug - The Record.
An Update on the Steps We are Taking to Protect MOVEit Customers - Ipswitch.
Spider-Man: Across the Spider-Verse - IMDB.
Spider-Man: Across the Spider-Verse trailer - YouTube.
The Muppets Mayhem - Disney+.
The Muppets Mayhem trailer - YouTube.
NT-USB microphone - Rode.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Hunters - A SOC platform, built to empower your security team to reduce risk, complexity and costs.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Rick Astley and the little birdie scam

Wed, 07 Jun 2023 23:00:00 +0000

Australia's signal intelligence agency calls upon an Eighties popstar to fight terrorism, and a simple act of kindness leads to a woman being scammed for thousands.

All this and much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus - don't miss our featured interview with Max Power of Bitwarden.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Australian cyber-op attacked ISIL with the terrifying power of Rickrolling - The Register.
“Breaking the code: Cyber Secrets Revealed” - ABC.
Scam Alert: Woman tries helping injured bird, ends up losing Rs 1 lakh to cyber criminals - MSN News.
Toll-free Hijack Alert (misdial scam) - AT&T.
“Connected: the hidden science of everything” - Netflix.
“Connections” with James Burke - YouTube.
“I wanna marry Harry” reality show - Wikipedia.
“Space cadets” reality show - Wikipedia.
Unreal: A Critical History of Reality TV - Apple Podcasts.
Famous Studios - Famous Studios website.
Unreal: A Critical History of Reality TV - BBC Sounds.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Centripetal – Centripetal’s CleanINTERNET defends your assets from cyber threats by leveraging dynamic threat intelligence on a mass scale.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

.ZIP domains, AI lies, and did social media inflame a riot?

Wed, 31 May 2023 23:00:00 +0000

ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Plus don't miss our featured interview with David Ahn of Centripetal.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

8 new top-level domains for dads, grads and techies - Google.
Tweet by Citizen Lab’s John Scott-Railton - Twitter.
File Archiver in the browser - mr.d0x.
A Lawyer's Filing "Is Replete with Citations to Non-Existent Cases" - Thanks, ChatGPT? - Reason.
Ely riot: Live updates as police investigate CCTV showing police van following bike moments before fatal crash - Wales Online.
Cardiff riot: Police force refers itself to watchdog as CCTV shows its van following e-bike before fatal crash - Sky News.
Two boys killed in Cardiff crash which was followed by riot are named - Sky News.
Cardiff riots: social media rumours about crash started unrest, says police commissioner - The Guardian.
Black Butterflies - Netflix.
Black Butterflies trailer - YouTube.
“The End of the World Is Just the Beginning: Mapping the Collapse of Globalization” by Peter Zeihan - Amazon.
Science Vs - Gimlet Media Podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Centripetal – Centripetal’s CleanINTERNET defends your assets from cyber threats by leveraging dynamic threat intelligence on a mass scale.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Botched Bitcoin blackmail, iSpoof, and Meta’s billion dollar data bungle

Wed, 24 May 2023 23:00:00 +0000

13 years jail for spoofing scammer, a rogue IT security expert's Bitcoin blackmail goes wrong, and Facebook's eyewatering GDPR fine may be only the beginning of its problems.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the Imposter Syndrome Network podcast's Zoë Rose.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Man convicted of blackmail and other offences - SEROCU.
EU hits Meta with record €1.2B privacy fine - Politico.
Police text 70,000 victims in UK's biggest anti-fraud operation - BBC News.
iSpoof fraudster guilty of £100m scam sentenced to 13 years - BBC News.
Fraudster pleads guilty to £100m iSpoof scam - BBC News.
300: Interplanetary file systems, iSpoof, and don’t delete Twitter - Smashing Security.
"John Was Trying to Contact Aliens" - Netflix.
Sleep mask - Amazon.
Blackout blind with suction cups - Amazon.
Jewish Matchmaking - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Centripetal - Centripetal's CleanINTERNET defends your assets from cyber threats by leveraging dynamic threat intelligence on a mass scale.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

When you buy a criminal’s phone, and paying for social media scams

Wed, 17 May 2023 23:00:00 +0000

Personal information is going for a song, and the banks want social media sites to pay when their users get scammed.

All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Vote for "Smashing Security" in the European Security Blogger Awards.
Re-Victimization from Police-Auctioned Cell Phones - Krebs on Security.
Fraud Strategy: stopping scams and protecting the public - UK Gov.
Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested - Hacker News.
Social media firms should reimburse online fraud victims, say UK bankers - The Guardian.
How Many People Use Social Media in 2023? - Oberlo.
Scam social media quizzes dupes people into revealing personal details - ITV News.
Where are you most likely to be scammed: phone, text or social media? - This is Money.
Major bank calls out Meta for huge rise in scams on its platforms - This is Money.
The Legend of Zelda: Tears of the Kingdom - Nintendo.
ScanSnap SV600 - Fujitsu.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Outpost24 – Understand your shadow IT risk with a free attack surface analysis.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Eurovision, acts of war, and Twitter circles

Wed, 10 May 2023 23:00:00 +0000

Twitter shares explicit photos without users' permission, one US company can look forward to a $1.4 billion payout seven years after an infamous cyberattack, and how might hackers target Eurovision?

Plus don't miss our featured interview with Outpost24's John Stock.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Introducing Twitter Circle, a new way to Tweet to a smaller crowd - Twitter.
Twitter Circles Is Broken, Revealing Nudes Not Meant For The General Public - Buzzfeed News.
Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout - The Register.
What is Hostile or Warlike?: An in-depth look at the Merck war exclusion decision and its shortfalls - Kennedys Law.
Eurovision voting scandal: Six juries cheated and voted for each other - EuroVision World.
Eurovision: MP seeks assurances contest voting will be protected from Russian threats - Sky News.
Fears pro-Russian hackers could ruin Eurovision by disrupting broadcasts and silencing the song contest next week - Daily Mail.
Cyber security experts hope to protect Eurovision voting from possible Russian threat - ITV News.
The technology of the Eurovision Song Contest - Technology and Engineering.
Cyber security experts hope to protect Eurovision voting from possible Russian threat - Eurovision News.
Eurovision voting scandal: Six juries cheated and voted for each other - Eurovision News.
Eurovision 2023: Tickets for Liverpool sell out after huge demand - BBC News.
Eurovision 2023: Hotel phishing scam targets song contest fans - BBC News.
“My Lovely Horse”, Father Ted’s Eurosong contest entry 1996 - YouTube.
Doctor Who: Tony Hadoke’s Time Travels podcast.
Toby Hadoke.
MyBuilder.
Carole Theriault art gallery - Carole Theriault’s art website.
Carole Theriault and John Hawes exhibition - Oxfordshire Artweeks.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Outpost24 – Understand your shadow IT risk with a free attack surface analysis.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

City Jerks, AI animals, and is the BBC hacking again?

Wed, 03 May 2023 23:00:00 +0000

Two unsavoury websites suffer from a worrying leak, scientists are going animal crackers over AI, and the BBC is intercepting scammers' live phone calls with victims.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Hackers steal emails, private messages from hookup websites - TechCrunch.
Scam Interceptors - BBC.
‘They’re coming up with devious ways to take your money’: the TV hackers taking on the scammers - The Guardian.
Did BBC break the law by using a botnet to send spam? - Naked Security.
How a horse whisperer can help engineers build better robots - Science Daily.
How Scientists Are Using AI to Talk to Animals - Scientific American.
“I don’t know”, sung by 76-year-old Paul McCartney - YouTube.
“I don’t know”, sung by AI Paul McCartney - YouTube.
AI makes Paul McCartney’s voice youthful - The Daily Beatle.
“New”, sung by the AI Beatles - YouTube.
AI Freddie Mercury sings “Yesterday” - YouTube.
The Evaporated - Campside Media.
Tetris - Apple TV+.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Outpost24 - Understand your shadow IT risk with a free attack surface analysis.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The CEO who also ran IT, Strava strife, and TikTok tall tales

Wed, 26 Apr 2023 23:00:00 +0000

A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava's privacy isn't so private, and a private investigator uncovers some TikTok tall tales.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Finnish therapy clinic’s CEO fired after despicable data breach and blackmail threats - Graham Cluley.
Lizard Squad Member: Why I Took Down Xbox and PlayStation - Sky News on YouTube.
Hacker Charged With Extorting Online Psychotherapy Service - Krebs on Security.
Finland’s Most-Wanted Hacker Nabbed in France - Krebs on Security.
Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes - Bitdefender.
Hackers can find your home on Strava even if you use privacy settings, researchers find - Yahoo Sports.
Iron Bianca hashtag on TikTok - TIkTok.
Investigators warn of fake suicide scams on social media platforms - MSN News.
How did Iron Bianca die? Tribute Pours In As Tiktok Star Passed Away - PBK News.
Spill-the-Tea-007 TikTok Channel - TikTok.
Mike Bolhius Private Investigator - Mike Bolhius homepage.
Paint trailer - YouTube.
Bob Ross: Happy Accidents, Betrayal & Greed - Netflix.
Star Trek: Picard - Paramount Plus.
The Diplomat - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
hCaptcha – hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats.Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Tesla workers spy on drivers, and Operation Fox Hunt scams

Wed, 19 Apr 2023 23:00:00 +0000

Graham wonders what would happen if his bouncing buttocks were captured on camera by a Tesla employee, and we take a look at canny scams connected to China's Operation Fox Hunt.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

(Oh, and when Carole mentioned Colin the Accountant as her "Pick of the Week" she really meant "Colin from Accounts". Sorry!)

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Countering Threats Posed by the Chinese Government Inside the US - Speech by the FBI’s Christopher Wray.
Criminals Pose as Chinese Authorities to Target US-based Chinese Community - FBI.
FBI: How fake Xi cops prey on Chinese nationals in the US - The Register.
Special Report: Tesla workers shared sensitive images recorded by customer cars - Reuters.
303: Secret Roomba snaps, Christmas cab scams, and the future of AI - Smashing Security.
Lawsuit: Tesla must be punished for “tasteless” sharing of car-camera images - Ars Technica.
Customer Privacy Notice - Tesla.
Tesla hit with class action lawsuit over alleged privacy intrusion - Reuters.
Tesla About Autopilot - Tesla.
“Wet Nellie” - Wikipedia.
Device Orchestra - YouTube.
“Smoke on the Water”, as performed by Device Orchestra - YouTube.
“Eye of the Tiger”, as performed by Device Orchestra - YouTube.
Cabin Camera - Tesla.
Colin from Accounts - Amazon Prime.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?

Wed, 12 Apr 2023 23:00:00 +0000

Everyone's talking juice-jacking - but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn't been hacked. And Carole hosts the "AI-a-go-go or a no-no?" quiz for Dave and Graham.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Uber driver info stolen yet again: This time from law firm - The Register.
Letter from law firm Genova Burns to impacted Uber drivers (PDF)
Tweet by FBI Denver - Twitter.
FBI warns against using public phone charging stations - CNBC.
'Juice Jacking': The Dangers of Public USB Charging Stations - FCC.
Stop! Don’t charge your phone this way - Seattle Times.
This Seemingly Normal Lightning Cable Will Leak Everything You Type - Vice.
Cybersecurity Myths You Might Still Believe – Debunked! - CXO Today.
China to require 'security assessment' for new AI products - France24.
Cybercrime: be careful what you tell your chatbot helper…- The Guardian.
12 Jobs that AI will never replace - In Hunt World.
ChatGPT Fabricates Sexual Harassment Scandal, Names Real US Law Professor As Accused - Republic World.
Insurable cyberattacks? - Caveat podcast.
UBI board game - Board Game Geek.
The Eye, The Pyramid, The Map: The Psychogeography of ‘The World According to Ubi’ - We Are The Mutants.
They Finally Let Me Into Abbey Road Studios! - Rick Beato, YouTube.
Robot Wars: Episode 5 Battle Recaps 2017 - BBC Two, YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
hCaptcha – hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats.Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Of Musk and Afroman

Wed, 05 Apr 2023 23:00:00 +0000

An Elon Musk-worshipping college principal gets schooled, and rapper Afroman turns the tables after armed police raid his house.

All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

These Men's Rights Activists Literally Worship Elon Musk - Buzzfeed News.
Florida principal who sent $100K to scammer posing as Elon Musk says she was 'groomed' - WESH.
Florida principal resigns after sending $100K to scammer posing as Elon Musk - NY Post.
Afroman - Will You Help Me Repair My Door - YouTube.
Official Music Video for Because I Got High performed by Afroman - YouTube.
Police sue rapper Afroman for using footage of home raid in his music videos - The Guardian.
Afroman Complaint - Adams County Court.
Afroman Got Raided by Cops, So He Put Them in His Music Video - Vice.
Afroman - Wikipedia.
Afroman sued by seven officers who raided his home - NME.
Afroman Isn’t Worried About a Police Lawsuit Over His Music Videos - Rolling Stone.
Afroman Cops Wrecked My Home In Raid, For Nothing ...I Need Ben Crump!!! - TMZ.
Afroman I'm Missin' $400 In Cash After Raid... Thinks Cops Swiped It - TMZ.
Atlas Obscura.
Oak Beams, New College Oxford - Atlas Obscura.
BeyerDynamic DT 770 PRO Headphones - BeyerDynamic.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Crypto hacker hijinks, government spyware, and Utah social media shocker

Wed, 29 Mar 2023 23:00:00 +0000

A cryptocurrency hack leads us down a maze of twisty little passages, Joe Biden's commercial spyware bill, and Utah gets tough on social media sites.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Tweet by Euler Finance confirming security breach - Twitter.
Euler Finance to Offer $1M Reward as It Reels From Nearly $200M Exploit - Coindesk.
Hackers stole over $500m in cryptocurrency in record-making heist, Ronin says - The Guardian.
Hacker Behind $200M Euler Attack Apologizes, Returns Millions in Ether, Dai to Protocol - Coindesk.
President Biden kind of mostly bans commercial spyware from US govt - The Register.
Utah Law Could Curb Use of TikTok and Instagram by Children and Teens - New York Times.
Utah’s social media for kids law could be coming to a state near you - Vox.
Utah Governor Spencer Cox signs a landmark social media bill - YouTube.
RRR - Netflix.
RRR trailer - YouTube.
RRR Naatu Naatu dance scene - YouTube.
Best films of 2022 in the UK, No 7: RRR - The Guardian.
He Died with a Felafel in His Hand - Wikipedia.
Swarm - Amazon Prime.
Night of the Lepus - Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
hCaptcha - hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats. Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Photo cropping bombshell, TikTok debates, and real estate scams

Wed, 22 Mar 2023 23:00:00 +0000

It could be a case of aCropalypse now for Google Pixel users, there's a warning for house buyers, and just why is TikTok being singled out for privacy concerns?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Stop pixelating! New tool reveals the secrets of "redacted" documents - Hot for Security.
Google Pixel exploit reverses edited parts of screenshots - The Verge.
Tweet by researcher Simon Aarons - Twitter.
aCropalypse demo.
Samsung 'Fake' Moon Shots Controversy Puts Computational Photography in the Spotlight - MacRumors.
Android phones can be hacked just by someone knowing your phone number - Graham Cluley.
BBC advises staff to delete TikTok from work phones - BBC News.
TikTok: UK ministers banned from using Chinese-owned app on government phones - BBC News.
TikTok banned from official Welsh government phones - BBC News.
Danish public broadcaster advises staff against using TikTok - BBC News.
Canada bans TikTok on government devices - BBC News.
European Commission bans TikTok on staff devices - BBC News.
New bill would ban TikTok in the US but it faces long odds - BBC News.
A Retired Teacher and Her Daughter Were Scammed Out of $200,000 Over Email: 'I'm 69 Years Old and Now I'm Broke and Homeless' - Entrepreneur.
Retired Colorado teacher left homeless and broke after scammers hijack house sale - MSN.
Homebuyers scammed out of nearly $200,000 - YouTube.
Stolen life savings Vickie and Sarah Ragle - Go Fund Me.
The Play That Goes Wrong.
The Goes Wrong Show 90 Degrees clip - YouTube.
The Goes Wrong Show Series One - Amazon Prime.
Poo Pays.
MiniPresso NS2 - Wacaco.
Restart Podcast - BBC.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Tesla twins and deepfake dramas

Wed, 15 Mar 2023 23:00:00 +0000

The twisted tale of the two Teslas, and a deepfake sandwich.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

B.C. man says he accidentally unlocked and drove someone else’s Tesla using the app - Global News.
A College Girl Found Deepfake Porn of Herself Online. Who Did It Shocked Her - Rolling Stone.
Denmark Tries to Attract Tourists Using ChatGPT, Deepfakes, and Famous Paintings UK PC Mag.
Deepfake Tools Are Made To Facilitate Harassment—So Why Are They Available in the App Store? - MSN.
Spot the Deepfake - Microsoft.
Sholay trailer - YouTube.
Sholay: Review of the monumental Indian epic - YouTube.
Rent or buy Sholay - YouTube Movies.
Jazz Pianist Brad Mehldau Plays The Beatles - NPR.
Brad Mehldau - Brad Mehldau website.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Super grannies, bar trolls, and US Marshals

Wed, 08 Mar 2023 23:00:00 +0000

Scammers get pwned by a Canadian granny! Don't be seduced in a bar by an iPhone thief! And will the US Marshals be able to track down the villains who stole their data?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Plus don’t miss our featured interview with Jason Meller of Kolide.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

They thought they could scam this Windsor grandmother of nearly $10K. She turned the tables on them - CBC.
Canada grandma helps stop fraud scheme targeting senior citizens - BBC News.
A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life - Wall Street Journal.
Ransomware attack on US Marshals Service affects ‘law enforcement sensitive information’ - CNN.
Hackers steal sensitive law enforcement data in a breach of the U.S. Marshals Service - NPR.
9 millionaires and billionaires with the most bizarre spending habits - Business Insider.
Phishing still the leading way attackers breach security controls: IBM - IT World Canada.
New White House cyber strategy picks a fight with ransomware - AXIOS.
Happy Valley - BBC.
My 80s TV.
Everything Everywhere All at Once - IMDB.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Zero Trust for Okta. Watch a demo today!
Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

TikTok, wiretapping, and your deepfake voice is your password

Wed, 01 Mar 2023 23:00:00 +0000

Who has been warning Italian criminals that their phones are wiretapped? Can you trust your voice to protect your bank account? And why is TikTok being singled out by investigators?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Wiretapping Italian police tune in to hear their secrets being sold - The Times.
Jeremy Paxman stuns Silvio Berlusconi with Angela Merkel insult allegation - The Guardian.
Silvio Berlusconi interviewed by Jeremy Paxman on BBC Newsnight - YouTube.
Protests grow in Italy over the wiretapping of journalists - Independent.
How I Broke Into a Bank Account With an AI-Generated Voice - Vice.
TikTok under investigation by Canadian privacy authorities - BBC.
The UN's cyber crime treaty could be a privacy disaster - IT Pro.
TikToker outlines how she quit every job she’s had over the ‘most minor inconveniences’ Yahoo News.
“Check It Out” episode about nuclear war from July 1980 - YouTube.
The North-West Is Our Mother: The Story of Louis Riel's People, the Métis Nation - GoodReads.
Fleishman is in Trouble review – Jesse Eisenberg’s endlessly witty divorce drama is almost too good - The Guardian.
Fleishman is in Trouble - Disney+
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Zero Trust for Okta. Watch a demo today!
Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Verified blue ticks and horny AI chatbots

Wed, 22 Feb 2023 23:00:00 +0000

Boyfriends who are bots, Facebook's checkmark charge, Twitter Blue, and Will Ferrell's taunt of football fans...

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Testing Meta Verified to Help Creators Establish Their Presence - Meta.
As Twitter forces users to remove text message 2FA, it’s in danger of decreasing security - Graham Cluley.
A pre-match message from Will Ferrell - QPR Twitter account.
BBC Takes Down Story About Will Ferrell After Being Fooled By Fake Twitter Account - Deadline.
Replika CEO Says AI Companions Were Not Meant to Be Horny. Users Aren't Buying It - Vice.
‘My AI Is Sexually Harassing Me’: Replika Users Say the Chatbot Has Gotten Way Too Horny - Vice.
Replika homepage - Replika.
Click and Drag - xkcd.
1110: Click and Drag - Explain xkcd.
xkcd 1110: Click and Drag map - Zoomable map of “Click and drag”
Only Murders in the Building - Disney Plus.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Zero Trust for Okta. Watch a demo today!
SecurEnvoy – With growing cyber security threats everyone in your organisation needs multi-factor authentication tailored to their specific access needs and the risk profile of their role. Check out SecurEnvoy’s free guide now.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Synthetic voices, ChatGPT reflections, and social skirmishes

Wed, 15 Feb 2023 23:00:00 +0000

AI-generated voices are weaponised by online trolls, how ChatGPT reflects who we are as a society, and social media is in the firing line again.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

‘Disrespectful to the Craft:’ Actors Say They’re Being Asked to Sign Away Their Voice to AI - Vice.
AI-Generated Voice Firm Clamps Down After 4chan Makes Celebrity Voices for Abuse - Vice.
Video Game Voice Actors Doxed and Harassed in Targeted AI Voice Attack - Vice.
ChatGPT Can Be Broken by Entering These Strange Words, And Nobody Is Sure Why - Vice.
My Strange Day With Bing’s New AI Chatbot - Wired.
We asked ChatGPT to write performance reviews and they are wildly sexist (and racist) - Fast Company.
How social media affects teen mental health: a missing link - Nature.
California bill to let parents sue social media gets second try - Bloomberg.
How to protect children from big tech companies - Wall Street Journal.
Three out of four parents say social media is a major distraction for students, according to new study - Phys.org.
Remarks of President Joe Biden – State of the Union address as prepared for delivery - The White House.
Why the past 10 years of American life have been uniquely stupid - The Atlantic.
Now Mesa public schools are also declaring that they have failed in educating their children by suing social media - Techdirt.
Seattle school district files laughably stupid lawsuit against basically every social media company for… ‘being a public nuisance’ - Techdirt.
The evidence just doesn’t support any of the narratives about the harms of social media - Techdirt.
Vasectomy - NHS.
Birth of BASIC documentary - YouTube.
Zero Waste Club reusable coffee filter - Peace with the Wild.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
DigiCert – DigiCert’s Trust Lifecycle Manager sets a new bar for unified management of digital trust.
SecurEnvoy – With growing cyber security threats everyone in your organisation needs multi-factor authentication tailored to their specific access needs and the risk profile of their role. Check out SecurEnvoy’s free guide now.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Jail after VPN fail, criminal messaging apps, and wolf-crying watches

Wed, 08 Feb 2023 23:00:00 +0000

When Ubiquiti suffered a hack the world assumed it was just a regular security breach, but the truth was much stranger... why are police happy that criminals keep using end-to-end encrypted messaging systems... and why is the Apple Watch being accused of crying wolf?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Plus don't miss our featured interview with SecurEnvoy's Chris Martin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Sponsored by:

Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.
SecurEnvoy - With growing cyber security threats everyone in your organisation needs authentication tailored to their specific access needs and the risk profile of their role. Check out SecurEnvoy's free guide now.

Episode links:

Ubiquiti tells customers to change passwords after security breach - ZD Net.
“No way out” trailer - YouTube.
Ubiquiti sues journalist, alleging defamation in coverage of data breach - Ars Technica.
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack - Bitdefender.
Final Thoughts on Ubiquiti - Krebs on Security.
Former Employee Of Technology Company Pleads Guilty To Stealing Confidential Data And Extorting Company For Ransom - Department of Justice.
Dutch Police Read Messages of Encrypted Messenger 'Exclu' - Vice.
Shock and applause for Apple Watch's chilling real-life emergency call ad - Campaign Live.
911 call made from Apple Watch of Washington woman buried alive released - Yahoo! News.
Apple Watch 8 series save yet another life - Live Mint.
Some first responders are asking iPhone users to disable Emergency SOS and crash detection due to influx of false positives - 9to5mac.
Emergency SOS via satellite available today on the iPhone 14 lineup in the US and Canada - Apple.
Inoreader.
”The Social Life of Animals” by Ashley Ward - Amazon.
Black Butterflies - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

ChatGPT and the Minister for Foreign Affairs

Wed, 01 Feb 2023 23:00:00 +0000

Could a senior Latvian politician really be responsible for scamming hundreds of "mothers-of-two" in the UK? (Probably not, despite Graham's theories...) And should we be getting worried about the AI wonder that is ChatGPT?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Plus don't miss our featured interview with DigiCert’s Brian "PKI" Trzupek.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Artis Pabriks.
‘I left my partner and lost £80,000 to a fake Facebook romance’: Manchester mum’s warning over catfishing scam - Manchester World.
'I know I have been a fool but these are the things we do for love', says mum duped out of £80k by Facebook lover - Manchester Evening News.
Amazon Warns Employees to Beware of ChatGPT - Gizmodo.
ChatGPT's soaring popularity has added $5 billion to the wealth of Nvidia's founder as Wall Street bets on AI boom for the chipmaker - Business Insider.
ChatGPT raises red flags by acing MBA exam.
ChatGPT passes exams from law and business schools - CNN.
I asked ChatGPT how to negotiate a raise. Career coaches said I'd probably get one by following the AI chatbot's steps and script - Business Insider.
Real estate agents say they can’t imagine working without ChatGPT now - CNN.
Science journals ban listing of ChatGPT as co-author on papers - The Guardian.
Blakes 7 Bot - an automated bot that posts lines of dialogue from Blakes 7.
Yarn - Find video clips by quotes.
The New Gurus Podcast - BBC Sounds.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
DigiCert – DigiCert’s Trust Lifecycle Manager sets a new bar for unified management of digital trust.
Sealit – Zero Trust Data Protection: protect, share, and monitor confidential emails and files – without passwords. Integrated with Gmail, Outlook, and file systems. Learn more and take advantage of Sealit’s special offer to “Smashing Security” listeners.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

No Fly lists, cell phones, and the end of ransomware riches?

Wed, 25 Jan 2023 23:00:00 +0000

What are prisoners getting up to with mobile phones? Why might ransomware no longer be generating as much revenue for cybercriminals? And how on earth did an airline leave the US government's "No Fly" list accessible for anyone in the world to download?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Sponsored by:

Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
ManageEngine PAM360 – A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.
NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.

Episode links:

The Complete Idiot's Guide to Writing Erotic Romance - Amazon.
The Many Ingenious Ways People in Prison Use (Forbidden) Cell Phone - The Marshall Project.
How Did They Run an Elaborate “Sextortion” Scam From Prison? Cellphones - The Marshall Project.
Alarm Over Death Row Cell Phone Threats - CBS News.
How to completely own an airline in 3 easy steps - Maia arson crimew.
U.S. airline accidentally exposes ‘No Fly List’ on unsecured server - Daily Dot.
Cyber-crime gangs' earnings slide as victims refuse to pay - BBC.
Ransomware Revenue Down As More Victims Refuse to Pay - ChainAnalysis.
Leaked Ransomware Docs Show Conti Helping Putin From the Shadows - Wired.
Luxe Listings Sydney trailer - YouTube.
Luxe Listing Sydney - Wikipedia.
Matt Shearer WBZ - Twitter.
Hot Skull - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Norton unlocked, and police leaks

Wed, 18 Jan 2023 23:00:00 +0000

Carole is in her sick bed, which leaves Graham in charge of the good ship "Smashing Security" as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information.

Find out more in this latest edition of the "Smashing Security" podcast, hosted by Graham Cluley with special guest BJ Mendelson.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Operation Protect the Innocent - LA Police Department.
A Police App Exposed Secret Details About Raids and Suspects - Wired.
ODIN Intelligence website is defaced as hackers claim breach - TechCrunch.
Norton LifeLock says thousands of customer accounts breached - TechCrunch.
Ugh! Norton LifeLock password manager accounts accessed by hackers - Graham Cluley.
Reports: Twitter’s sudden third-party client lockouts were intentional - Ars Technica.
Spring app - Twitter.
Spring app - Mac App Store.
Mona app - Mastodon.
Tulsa King trailer - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
ManageEngine PAM360 – A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.
DigiCert - DigiCert's Trust Lifecycle Manager sets a new bar for unified management of digital trust.

Support the show:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Oxford's dating disaster, cheap security robots, and faking a suicide

Wed, 11 Jan 2023 23:00:00 +0000

Someone called OxShagger thinks he has come up with the perfect Valentine's surprise for Oxford students, but is the way he has gone about "bookworms with benefits" really a good idea? Robot security guards are trundling the streets of - you guessed it - America. And a writer of paranormal bully romances (no, we don't know what that means either) returns from the grave...

Warning: This podcast may contain nuts, adult themes, and rude language.

Sponsored by:

Bitwarden - Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
ManageEngine PAM360 - A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.
NordLayer - NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.

Episode links:

Dating site for horny Oxford students slammed for privacy violations - Cherwell.
OxShag will not be running this term as creator says they ‘made some poor choices’ - The Oxford Tab.
Dysfunctional: OxShag to shut down amid controversy - Cherwell.
Oxford University dating website for staff and students shut down after ‘huge data breach’ - The Times.
CES 2023 Robots: Humanoid Helpers, Coding Pups and Farming Planters - CNet.
One of America's most hated companies hired a security robot. It didn't go well - ZDNet.
Robot security downtown getting lots of attention, KHON2 News - YouTube.
4 New Contracts for 8 Machines to Kick Off New Year at Knightscope - Knightscope.
Why was Susan Meachen bullied in 2020? - Reddit.
Fan outrage at Susan Meachen, the romance novelist accused of faking her death - BBC.
The Book Community Thought This Author Died. Now, It Seems Her Suicide Was a Hoax - Rolling Stone.
Vampire Survivors - Steam.
Vampire Survivors trailer - YouTube.
Vampire Survivors, a cheap, minimalistic indie game, is my game of the year - Ars Technica.
Rewind.
Rewind support article on the importance of consent - Rewind.
Air Lounger - Orsen.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Secret Roomba snaps, Christmas cab scams, and the future of AI

Wed, 21 Dec 2022 23:00:00 +0000

Beware your Roomba's roving eye, the Finns warn of AI threats around the corner, and watch out when hailing a taxi cab in Dublin...

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook? - MIT Technology Review.
Building Smart Robots Requires Responsible Development - Roomba CEO Colin Angle on LinkedIn.
OpenAI predicts biz can break a billion in revs by 2024 - The Register.
The security threat of AI-enabled cyberattacks (PDF) - The Finnish Transport and Communications Agency, Traficom.
Ireland Christmas weather ‘roller-coaster’ amid new ‘Beast from the East’ threat - Irish Mirror.
Christmas revellers warned about sophisticated taxi scam as €300,000 is stolen from victims - MSN.
Taxi cab scam has cleaned out €300,000 from bank accounts of victims - Irish Independent.
“La Cabina” - YouTube.
“Last and First Men” by Olaf Stapledon - Wikipedia.
”The other side of night” by Adam Hamdy - Pan MacMillan Press.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Lensa AI, and a dog called Bob

Wed, 14 Dec 2022 23:00:00 +0000

Drug dealers come unstuck while using the Encrochat encrypted-messaging app, and we put the Lensa AI avatar-generation tool under the microscope.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Plus - don't miss our featured interview with Rico Acosta, IT manager at Bitwarden.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Smashing Security 229: Dating leaks, right to repair, and a stinky bishop - Smashing Security.
Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall - The Register.
Operation Venetic: Pet dog and accidental selfies help convict international drugs traffickers - NCA.
What does the Lensa AI app do with my self-portraits and why has it gone viral? - The Guardian.
Lensa, the AI portrait app, has soared in popularity. But many artists question the ethics of AI art - NBC News.
I Uploaded Photos of Myself to the New Lensa A.I. Portrait Generator. The Results Were Stunning, Strange… and Super Creepy - Artnet.
People keep sharing their AI-generated portraits: What to know about Lensa, and why some push back on it - USA Today.
How Is Everyone Making Those A.I. Selfies? - New York Times.
Lensa AI: Security concerns regarding app behind colourful selfies on social media - The National News.
‘Magic Avatar’ App Lensa Generated Nudes From My Childhood Photos - Wired.
Celebrities Are Obsessed With This Amazing New AI Portrait App - Hello Giggles.
This AI Self-Portrait App is Taking Over the Internet - Medium.
Wednesday Shows Off Her Moves - YouTube.
‘Wednesday’ faces backlash over Jenna Ortega’s COVID dance scene - NME.
Channel Television Disco Dancin' Final - YouTube.
Sticky Pickles.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

AI chatbot or the start of Skynet? Eufy privacy, and hot desks

Wed, 07 Dec 2022 23:00:00 +0000

An AI chatbot is causing a stir - both impressing and terrifying users in equal measure. A security researcher discovers that a "smart" cam that doesn't use the internet is err.. using the internet. And university students revolt over under-the-belt surveillance.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

While anticipation builds for GPT-4, OpenAI quietly releases GPT-3.5 - TechCrunch.
OpenAI upgrades GPT-3, stunning with rhyming poetry and lyrics - Ars Technica.
GPT-3.5 finds a security vulnerability - Twitter.
Mind-Blowing examples of OpenAI ChatGPT for Security, Infosec & Hacking - YouTube.
OpenAI's new ChatGPT bot: 10 dangerous things it's capable of - Bleeping Computer.
What GPT-3.5 really thinks about us humans - Twitter.
We asked GPT-3.5 to write a story about the “Smashing Security” hosts - Twitter.
GPT-Chat - OpenAI.
Researcher Paul Moore questions Eufy about its privacy - Twitter.
Eufy’s “local storage” cameras can be streamed from anywhere, unencrypted - Ars Technica.
Eufy privacy statement - Eufy.
‘NO’: Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them - Vice.
Max Von Himmel Twitter Feed - Twitter.
It’s Not Science, Just Surveillance (and it's Under Your Desk) - TWC newsletter.
Northeastern University - Northeastern University homepage.
Space Management Platform - Spaceti homepage.
Twitter is going great!
Pennyworth - IMDB.
BBC Maestro.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Interplanetary file systems, iSpoof, and don't delete Twitter

Wed, 30 Nov 2022 23:00:00 +0000

Why deleting your Twitter account may be a very bad idea, how the police unravelled the iSpoof fraud gang, and a trip into outer space (or at least interplanetary file systems).

What an amazing 6 years of bickering it has been… thanks to all of you who have tuned in, appeared on the show, or supported us! 🙏

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Smashing Security #001: “One cup, two hotel guests” - YouTube.
Whoopi Goldberg Quitting Twitter: “As Of Tonight I’m Done” - Deadline.
Stephen Fry Joins Celebrity Twitter Exodus, Says “Goodbye” With Scrabble Message - Deadline.
Twitter Users Warned Not To Delete Their Accounts - Here’s Why - Forbes
How to deactivate your account - Twitter.
InterPlanetary File System - Wikipedia.
Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns - Cisco Talos.
Decentralized IPFS networks forming the 'hotbed of phishing' - The Register.
UK police arrest 120 in largest-ever cyber fraud crackdown - Computer Weekly.
Grote spoofingdienst uit de lucht gehaald door internationale samenwerking - Politie.nl.
Received a text from the Metropolitan Police about iSpoof? - Cel solicitors.
iSpoof' service dismantled, main operator and 145 users arrested - Bleeping Computer.
iSpoof: What is iSpoof and how did police take down scam call site linked to 200,000 victims? - The Scotman.
Listen to the message the Met Police left on the iSpoof gang’s Telegram channel - Twitter.
Scrotum Concealment - Spy Museum.
The CIA's Fake Scrotum That Hid a Radio - YouTube.
Blitzed! (2020) - IMDB.
Watch Blitzed: The 80s Blitz Kids Story - NOW TV.
Bob Dylan on the Songs That Captivate and Define Us - New York Times.
Bob Dylan Gets Tangled Up in Book Autograph Controversy- New York Times.
Bob Dylan apologises for machine-printed 'signatures' - BBC News.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

EV charging risks, FTX, and an ancient apocalypse

Wed, 23 Nov 2022 23:00:00 +0000

Deepfake shenanigans strike users of troubled crypto firm FTX, the perils of charging your electric vehicle, and is Microsoft's takeover of Activision good news for video game fanatics.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Larry David promotes FTX in Superbowl ad - YouTube.
Crypto giant FTX collapses into bankruptcy - BBC News.
FTX's new CEO: "Never in my career have I seen such a complete failure" - CBS News.
Tom Brady, Giselle Bündchen, Larry David & Steph Curry Caught In FTX Crypto Fallout With Class Action Suit - Deadline.
Bankman-Fried's FTX, senior staff, parents bought Bahamas property worth $300 milion - Reuters.
Tweet showing Sam Bankman-Fried deepfake scam - Twitter.
FTX Founder Deepfake Offers Refund to Victims in Verified Twitter Account Scam - Vice.
Crypto.com CEO admits company accidentally sent 320,000 ETH ($416 million) to another crypto exchange a few weeks prior - Web3 is going great.
Sandia studies vulnerabilities of electric vehicle charging infrastructure - Sandia Labs.
Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defenses - MDPI.
Shocker: EV charging infrastructure is seriously insecure - The Register.
Microsoft to acquire Activision Blizzard to bring the joy and community of gaming to everyone, across every device - Microsoft.
Gaming for everyone, everywhere: our view on the Activision Blizzard acquisition - Microsoft.
Video gaming market leaders - Statistics & Facts - Statista.
Microsoft says UK influenced by Sony in probing Activision Blizzard deal - Reuters.
Can Big Tech Get Bigger? Microsoft Presses Governments to Say Yes -New York Times.
Microsoft Reveals Sony’s Activision Deal Is Blocking ‘Call Of Duty’ From Game Pass - Forbes.
EU to launch advanced Microsoft-Activision probe - Politico.
Microsoft / Activision Blizzard merger inquiry - Gov.uk.
Microsoft Buying Activision Blizzard Might Be Good For Gamers, But Bad for Developers - Time.
A Day in London 1930s in colour - YouTube.
Ancient Apocalypse - Netflix.
Ancient Apocalypse is the most dangerous show on Netflix - The Guardian.
How to Draw Large Pictures with Da Vinci Eye -Youtube.
Da Vinci Eye: AR Art Projector - Apple app store.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Pentera – Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way.
Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Housing market scams, Twitter 2FA, and the fesshole

Wed, 16 Nov 2022 23:00:00 +0000

Elon Musk is still causing chaos at Twitter (and it's beginning to impact users), are scammers selling your house without your permission, and Google gets stung with a record-breaking fine.

Plus don't miss our featured interview with Pentera's Shakel Ahmed talking about automating continuous cyber defence validation.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Graham offers Dave Bittner some advice on “Welcome Datacomp”... in 1995! - Usenet.
Elon Musk apologises to users for Twitter being slow - Twitter.
Former Twitter employee doesn’t think Elon Musk knows what he’s talking about - Twitter.
Eric Frohnhoefer says Elon Musk is wrong - Twitter.
Twitter engineer calls out Elon Musk for technical BS in unusual career move - The Register.
Elon Musk says that he is turning off microservices “bloatware” - Twitter.
Twitter’s SMS Two-Factor Authentication Is Melting Down - Wired.
Elon only trusts Elon - Platformer.
Elon’s paranoid purge - Platformer.
Google to pay nearly $400 million over deceptive location tracking practices - The Record.
Follow Smashing Security on Mastodon.
South Bay Man Pleads Guilty to Participating in a Multimillion-Dollar Real Estate Scam Involving Fake Open Houses at Not-for-Sale Homes - Justice.gov.
A South Bay man accepted hundreds of offers from open houses. But the homes weren’t for sale - LA Times.
The typing of the Regex.
Fesshole - Twitter.
If Books Could Kill - Apple Podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Pentera – Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way.
Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Mastodon 101, and the Hushpuppi saga

Wed, 09 Nov 2022 23:00:00 +0000

Graham offers some security and privacy advice for those exodusing Twitter to Mastodon, and Carole slams the door shut on a notorious scammer with a huge Instagram following.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who aren't joined by a guest this week.

Warning: This podcast may contain nuts, adult themes, some snorting, and rude language.

Episode links:

Mastodon: What you need to know for your security and privacy - Graham Cluley.
Follow Graham Cluley on Mastodon.
Hushpuppi: Notorious Nigerian fraudster jailed for 11 years in US - BBC.
Influencer involved in $1.1 million Qatar school financing scam jailed - Alarabiya.
Influencer ‘Ray Hushpuppi’ jailed over plan to launder $300m - The Guardian.
Hushpuppi’s wife, Imams write judge as US court sentences fraudster today - Premium Times.
Living trailer - YouTube.
Kleo - Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Sealit - Zero Trust Data Protection: protect, share, and monitor confidential emails and files - without passwords. Integrated with Gmail, Outlook, and file systems. Learn more and take advantage of Sealit's special offer to "Smashing Security" listeners.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Twitter turmoil, AI animal chatters, and metaverse at work

Wed, 02 Nov 2022 23:00:00 +0000

Twitter has a new chief twit in the form of Elon Musk and he's causing problems, scientists say artificial intelligence may help us communicate with animals, and is the office of the future set in the metaverse?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Warning: This podcast may contain nuts, adult themes, dolphin noises, and rude language.

Episode links:

Twitter employees are sleeping on the office floor to meet Elon Musk’s deadlines - The Verge.
Elon Musk shows what being Chief Twit is all about across weird weekend - The Register.
Pranksters pretending to be laid-off Twitter employees leave San Francisco HQ - YouTube.
Twitter Limits Content-Enforcement Work as US Election Looms - Bloomberg.
Twitter’s Yoel Roth comments on the firm’s trust and safety staff having their access to moderation and enforcement tools frozen - Twitter.
Paul Pelosi Conspiracy Theory Trends on Twitter After Elon Musk Pushes It - Rolling Stone.
Yoel Roth describes how Twitter will warn users of misleading information - Twitter.
Yoel Roth describes “surge in hateful conduct on Twitter” - Twitter.
The Demise of Digg: How an Online Giant Lost Control of the Digital Crowd - Harvard.
Follow Graham on Mastodon.
How tech is helping us talk to animals - Vox.
“The Sounds of Life: How Digital Technology Is Bringing Us Closer to the Worlds of Animals and Plants” - Book by Karen Bakker.
Project CETI - The Cetacean Translation Initiative. Not to be mixed-up with Project SETI.
The Dark Side Of VR - The Intercept.
The Metaverse Is the Ultimate Surveillance Tool - Vice.
What I Learned From Diving Headfirst Into The Metaverse - CNN.
Zuckerberg thinks the metaverse is the future of work. So what will this look like? - Smart Company.
Is the Metaverse Really the Future of Work? An Unbiased Investigation - Gizmodo.
How to Turn Off the “Sign in with Google” Prompt on Websites - How-To Geek.
Julia Davis and the Russian Media Monitor - Twitter.
Weiner Staatsoper Opera House.
Emojis instead of emotions in Simon Stone's Traviata in Vienna – BackTrack.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Akamai – Make the most of Cybersecurity Awareness Month by connecting with Akamai’s experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day?

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Slushygate, sextortion, and nano-targeting

Wed, 26 Oct 2022 23:00:00 +0000

What is slushygate and how does it link to sextortion in the States? What is the most impersonated brand when it comes to delivering phishing emails? And what the flip is nano-targeting?

Warning: This podcast may contain nuts, adult themes, and rude language.

No contortionists were hurt during the making of this episode.

Episode links:

Memorandum of sentencing of Bryan Wilson - United States District Court Western District Court of Kentucky at Louisville.
Accurint for Law Enforcement - LexisNexis.
LexisNexis illegally collected and sold people's personal data, lawsuit alleges - CBS News.
Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos - Bitdefender.
Congress should consider enhancing protections around scores used to rank consumers (PDF) - Government Accountability Office.
Online Shoppers Beware: Scammers Most Likely to Impersonate DHL - Check Point.
Why Am I Seeing That Political Ad? Check Your ‘Trump Resistance’ Score - New York Times.
I Got Access to My Secret Consumer Score. Now You Can Get Yours, Too - New York Times.
Mixed Idioms.
Apollo Remastered.
Cosmic Background.
Death of an Artist - Pushkin podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Sealit - Zero Trust Data Protection: protect, share, and monitor confidential emails and files - without passwords. Integrated with Gmail, Outlook, and file systems. Learn more and take advantage of Sealit's special offer to "Smashing Security" listeners.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

The Virgin trains swindler, cyber clowns, and AirTag election debacle

Wed, 19 Oct 2022 23:00:00 +0000

Someone's election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany, and a swindler steals a fortune due to trains being delayed.

Plus don't miss our featured interview with Akamai's Patrick Sullivan talking about how retailers can better thwart bots this holiday season.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The rundown on becoming runZero: What I learned rebranding a company - Chris Kirsch on the runZero blog.
Tweet by Melissa Shusterman - Twitter.
Apple AirTag Used To Find Over 100 Stolen Democratic Campaign Signs, Police Say - Forbes.
Wie eine russische Firma ungestört Deutschland hackt - ZDF Magazin Royale on YouTube.
German cybersecurity chief investigated over Russia ties - AP News.
German cybersecurity chief sacked following reports of Russia ties - The Guardian.
Fraudster swindled Virgin Trains out of £116,000 in 'sophisticated' scam - MSN.
Virgin Trains worker, 37, swindled rail firm out of £116,000 in 'delay and repay' compensation scam by photoshopping tickets to exploit flaw in system - Daily Mail.
Train delays:How to claim if it's late or cancelled - Money Saving Expert.
How many trains arrive on time - Gov.uk.
Employee swindled Virgin Trains out of £116,000 in delay and repay compensation scam - Birmingham Mail.
Fat Bear Week 2022.
‘Fat Bear Week’ Hit By Voter-Fraud Attempt - Rolling Stone.
PimEyes - Face search engine.
The Fear of God: 25 Years of the Exorcist - BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Akamai – Make the most of Cybersecurity Awareness Month by connecting with Akamai’s experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day?

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Massive crypto bungle, and the slave scammers

Wed, 12 Oct 2022 23:00:00 +0000

A couple unexpectedly find $10.5 million in their cryptocurrency account, and in Cambodia people are being forced to commit pig-butchering scams.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are flying solo again this week.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

DeFi bug accidentally gives $90 million to users, founder begs them to return it - CNBC.
Compound boss begs users to return $90 million worth of cryptocurrency they were accidentally gifted - Robert Leshner on Twitter.
Couple mistakenly given $10.5m from Crypto.com thought they had won contest, court hears - The Guardian.
Mother accused of spending spree after mistakenly receiving $10 million in crypto bungle heads to trial - 9 News.
Sold to gangs, forced to run online scams: inside Cambodia’s cybercrime crisis - The Guardian.
ZÈRTZ game.
ZÈRTZ - Wikipedia.
GIPF project - Wikipedia.
The Capture - BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Trussterflucks and eBay stalking

Wed, 05 Oct 2022 23:00:00 +0000

Has new UK prime minister Liz Truss been careless with her mobile phone, and hear the most extraordinary story of corporate cyberstalking.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths - Graham Cluley.
Two Former eBay Executives Sentenced to Prison for Cyberstalking - US Department of Justice.
Jonathan Pie: Welcome to Britain. Everything is Terrible - NYT Opinion.
UK Supermarket’s Loans-for-Groceries Offer Attracts Huge Take Up - Bloomberg.
Liz Truss' mobile number is being sold online for £6.49 - Daily Mail.
How to Cook a Soft Boiled Egg Perfectly Every Time - YouTube.
11 Best Twitter Bots to Follow to Boost Productivity - Gadgetshouse.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Akamai - Make the most of Cybersecurity Awareness Month by connecting with Akamai’s experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day?

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Deepfake dangers, AI image opt out, and controlling your urges

Wed, 28 Sep 2022 23:00:00 +0000

Anti-porn "shameware" apps take a privacy pounding, is your image already being used by AI, and deepfake danger continues to deepen.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps - WIRED.
Covenant Eyes.
Sick and tired of trying to quit porn? You’re not alone - Covenant Eyes promotional video.
Fortify.
AI Is Probably Using Your Images and It's Not Easy to Opt Out - Vice.
ISIS Executions and Non-Consensual Porn Are Powering AI Art - Vice.
Have I been trained?
The Deepfake Danger: When It Wasn’t You On That Zoom Call - CSO Online.
Deepfake Audio Has A Tell – Researchers Use Fluid Dynamics To Spot Artificial Imposter Voices - The Conversation.
Deephy: On Deepfake Phylogeny - Cornell University.
On The Horizon: Interactive And Compositional Deepfakes - Microsoft.
Detect DeepFakes: How to counteract misinformation created by AI - MIT University.
New Deepfake Threats Loom, Says Microsoft’s Chief Science Officer - Venture Beat.
The Joy of Sets - BBC Archive.
Steam Deck.
Am I Being Unreasonable? - BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
The Cyber Security Inside podcast – Relevant cybersecurity topics in clear, easy-to-understand language. With every episode, you’ll walk away smarter about cybersecurity, and have fun while you’re at it!

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Uber, Rockstar, and crystal balls

Wed, 21 Sep 2022 23:00:00 +0000

Researchers reveal how your eyeglasses could be leaking secrets when you're on video conferencing calls, we take a look at the recent data breaches involving Uber and Grand Theft Auto 6, and we cast an eye at what threats may be around the corner...

Plus - don't miss our featured interview with Sal Aurigemma, the faculty director of the Master of Science in Cyber Security program at the University of Tulsa.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

“Iain Exotic”, Iain Thomson’s dress-up homage to Joe Exotic, the Tiger King - Twitter.
“Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing” - Research paper by Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, and Kevin Fu.
“We saved you a seat in chat” - Rather large text on the Twitch website.
Stalker zoomed in on Japanese idol’s eyes to find out where she lived - Graham Cluley.
Uber is looking for more security staff - Twitter.
Uber explains how it was pwned this month, points finger at Lapsus$ gang - The Register.
Uber’s hacker *irritated* his way into its network, stole internal documents - Graham Cluley.
Security update - Uber.
Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist - The Register.
Cybersecurity Awareness Month - CISA.
The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats - ZDNet.
U.S. Government Spending Billions on Cybersecurity - Hacker News.
The Mitchells vs The Machines trailer - YouTube.
The Mitchells vs The Machines - Netflix.
NASA is ready to knock an asteroid off course with its DART spacecraft - New Scientist.
DART’s Small Satellite Companion Takes Flight Ahead of Impact - NASA.
Search and find UK Defibrillator Locations near you now - HeartSafe.
Apply for a part funded Public Access Defibrillator - British Heart Foundation.
Defibrillator guide for first time buyers - St John’s Ambulance.
Every school will have a life-saving defibrillator by 22/23 - Gov.UK.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Pentera - Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way.
Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Printer peeves, health data hangups, and Twitter tussles - with Rory Cellan-Jones

Wed, 14 Sep 2022 23:00:00 +0000

How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight?

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Dynamic Cartridge Security - disable please - Angry customers complain on HP support forum.
Update now! Many HP printers affected by three critical security vulnerabilities - MalwareBytes.
HP will pay customers for blocking non-HP ink cartridges in EU - Bleeping Computer.
HP and Euroconsumers settle on Dynamic Security - Euroconsumers.
Ink cartridges are a scam - YouTube.
Why printer ink is so expensive - Insider.
Trying to print something - YouTube.
UK Biobank - why won't GPs share data? - Rory’s Always On Newsletter.
Another data sharing fiasco - Rory's Always On Newsletter.
Tweet by Kate Bingham - Twitter.
The Twitter Whistleblower Needs You to Trust Him - Time.
Twitter denies whistleblower payout violates Musk’s takeover deal - MSN.
Elon Musk earns a split decision in Delaware court - The New York Times.
Twitter’s whistleblower has pitched up at a very inconvenient moment - The Guardian.
Damning claims about Twitter’s bots and security lapses are ‘a false narrative,’ says CEO - The Verge.
The Spectator’s Guide to the Elon Musk–Twitter Fight - Slate.
Don't F*** with Paste - Firefox browser addon
Don't F*** with Paste - Chrome browser extension.
Stasi Museum, Berlin.
How to with John Wilson - BBC.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
The Cyber Security Inside podcast - Relevant cybersecurity topics in clear, easy-to-understand language. With every episode, you’ll walk away smarter about cybersecurity, and have fun while you’re at it!

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Chiquita banana, dumb criminals, and detecting ring binders

Wed, 07 Sep 2022 23:00:00 +0000

Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

‘The least safe day’: rollout of gun-detecting AI scanners in schools has been a ‘cluster,’ emails show - Motherboard.
Gun detection AI the latest tech to make schools less safe - TechDirt.
The unproven, invasive surveillance technology schools are using to monitor students - ProPublica.
NYC Mayor considering a subway security system that can’t differentiate between a laptop and a handgun - Motherboard.
Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire - Brian Krebs.
USA vs Patrick McGovern-Allen (PDF) - Court Listener.
Reports of romance scams hit record highs in 2021 - FTC.
Meeting you was a fake: Investigating the increase in romance fraud during COVID-19 - Academic Research.
This dating app fought scammers with bots… hilarity ensued - TechCrunch.
She was 69. He Was Young, Hunky,,, and a Fraud - The Daily Beast.
Gladbeck: The Hostage Crisis trailer – YouTube.
Watch Gladbeck: The Hostage Crisis - Netflix.
The Ocean Cleanup.
We flooded our dating app with bots… to scam scammers - Medium.
Craiyon.
Carole’s attempt to ask Craiyon to draw Liz Truss eating a giant cupcake of Europe.
Is this Graham eating a banana? Craiyon seems to think so.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Lost in translation, spiders, and slapping tortillas - with Mikko Hyppönen

Wed, 31 Aug 2022 23:00:00 +0000

We're back from our summer break as we ask how did a cryptomining campaign stay unspotted for years, quiz special guest and infosec rockstar Mikko Hyppönen about his book, and ponder what spiders teach us about misinformation.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

The 20 Funniest Finnish Expressions (and How To Use Them) - Matador Network.
Sophos punts anti-virus for Klingon - The Register.
Helsinki named Klingon-speaking capital of the world – Naked Security.
Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications - Check Point Research.
If It's Smart It's Vulnerable - Book by Mikko Hyppönen.
Psychological inoculation improves resilience against misinformation on social media -Science Advances.
Let’s flatten the infodemic curve - WHO.
The global spread of misinformation on spiders - Current Biology.
A Journey Into Misinformation on Social Media - The New York Times.
Google Looks to Vaccination to Combat Misinformation In Searches - The New York Times.
Spiders Are Caught in a Global Web of Misinformation - The New York Times.
The rock-paper-scissors/tortilla wrap game.
DEF CON: The Documentary.
Smashing Security Painting competition – Carole.wtf.
Open Exhibition, Summer 2022 - Oxford Art Society.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.
Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Hackers doxxed, Pornhub probs, and Co-op security measures

Wed, 03 Aug 2022 23:00:00 +0000

Pornhub has a problem, the UK's Co-op supermarket is accused of big brother tactics, and we take a look at a security researcher's attempt to reveal the true identify of hackers.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

On security researcher's newsletter, exposing cybercriminals behind ransomware — CyberScoop.
‘Imma Make U Dig Ur Own Grave’: He Doxes Ransomware Hackers and Gets Death Threats in Return — Vice.
Intrusion Truth - Five Years of Naming and Shaming China’s Spies — Kim Zetter.
Who Is 'Intrusion Truth,' Group Exposing Alleged Chinese Hackers? — Daily Dot.
The Leopards Eating People's Faces Party meme — Know Your Meme.
Tweet by Bill Ackman.
Judge Refuses Visa’s Request to Escape Pornhub-Related Lawsuit — The New York Times.
How to Prevent and Handle Robberies and Theft in Retail — Vend Retail Blog.
Abuse of shopworkers is on the rise – coronavirus brought it to our attention and now we need to act — The Conversation.
‘Tackling violence and abuse in retail must be one of the industry’s highest priorities’ — Retail Week.
Convenience store spy cameras face legal challenge — BBC News.
Looking back at the career of Bernard Cribbins — YouTube.
Tribute to David Warner — YouTube.
Webb Compare — John Christensen.
Support Maria Varmazis on the Pan-Mass Challenge.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Privacy & Opt-Out: https://redcircle.com/privacy

Uber's hidden hack, tips for travel, and AI accent fixes

Wed, 27 Jul 2022 23:00:00 +0000

Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial intelligence.

Plus don't miss our featured interview with Ian Farquhar of Gigamon.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

Uber Enters Non-Prosecution Agreement Related to 2016 Data Breach — US Department of Justice.
Former Uber Security Chief Joe Sullivan Must Face Driver Fraud Charges — Bloomberg.
Uber to pay $148 million in data breach settlement — TechCrunch.
Uber paid hackers $100,000 to keep data breach quiet — Graham Cluley.
Uber CISO's trial underscores the importance of truth, transparency, and trust — CSO Online.
7 cybersecurity tips for your summer vacation! — Naked Security.
Sanas demo.
Sanas Raises $32M for Breakthrough AI Technology for Real-Time Accent Translation — Sanas press release.
This 6-Million-Dollar AI Changes Accents as You Speak — IEEE Spectrum.
Call centre workers can use AI to mimic your accent on the phone — New Scientist.
A little less accent, a little more customer service — ComputerWorld.
What Is Accent Reduction? — Accent Advisor.
Compound pejoratives on Reddit – from 'buttface' to 'wankpuffin' — Colin Morris.
Melissa computer virus — Wikipedia.
Dedham Hall.
3D capture of Carole Theriault — Polycam.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden– Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?
Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Privacy & Opt-Out: https://redcircle.com/privacy

The Most Wanted Missing CryptoQueen

Wed, 20 Jul 2022 23:00:00 +0000

In this special edition of the "Smashing Security" podcast, computer security veterans Graham Cluley and Carole Theriault welcome back author and journalist Jamie Bartlett - host of "The Missing CryptoQueen" podcast.

Jamie tells us about his new book, which shares more details about the disappearance of cryptocurrency scammer Dr Ruja Ignatova, and the subsequent hunt by law enforcement.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

The Missing CryptoQueen podcast — BBC.
The Missing CryptoQueen book — Penguin.
Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted — BBC News.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.
Cyber Security Inside podcast -bringing you the most important and timely security topics as well as other industry experts for insightful conversations.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Privacy & Opt-Out: https://redcircle.com/privacy

Disney's social dumpster fire, Anom phones, and TikTok tragedies

Wed, 13 Jul 2022 23:00:00 +0000

A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Plus don't miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

Official Disneyland Instagram Account Hacked This Morning! — The Disney blog.
Disneyland social media accounts hacked, offensive messages posted — Hot for Security.
We Got the Phone the FBI Secretly Sold to Criminals — Vice.
Parents Sue TikTok, Saying Children Died After Viewing ‘Blackout Challenge’ — The New York Times.
Lawmakers Want Social Media Companies to Stop Getting Kids Hooked — Wired.
How Social Media Tricks Us Into Thinking We Are Paying Attention — Forbes.
Facebook could be sued for addicting children under California bill — Ars Technica.
Kids Are Using Social Media More Than Ever, Study Finds — New York Times.
2021 Facebook leak — Wikipedia.
California Parents Could Soon Sue for Social Media Addiction — Gizmodo.
Absurd Trolley Problems.
Weird or Confusing.
Google Quick, Draw!
Unfinished London — Jay Foreman on YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
The Secure Developer – A conversational and insightful podcast, that bridges the gap between dev and sec, from Snyk.
SolCyber - SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Privacy & Opt-Out: https://redcircle.com/privacy

Raising money through ransomware, China's mega-leak, and hackers for hire

Wed, 06 Jul 2022 23:00:00 +0000

A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

Dutch university paid $220,000 ransom to hackers after Christmas attack — Graham Cluley.
Remarkable development in investigation into Maastricht University cyberattack — Maastricht University.
Dutch University profits from returned ransomware payment — The Register.
Favorable exchange rate on a fake cryptoexchange — Kaspersky.
Tweet from @cz_binance about mega-leak.
Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack — Wall Street Journal.
How mercenary hackers sway litigation battles — Reuters.
Countering hack-for-hire groups — Google.
The business of hackers-for-hire threat actors — TechRepublic.
Fransdita Muafidin on Instagram.
Giant Cats Disturbing Civilization — Geeks are sexy.
Watch Good Luck to You, Leo Grande — Hulu.
Good luck to you Leo Grande (Trailer) — YouTube.
This is Love podcast.
Cain's Jawbone — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Privacy & Opt-Out: https://redcircle.com/privacy

Debug ransomware and win $1,000,000, period-tracking apps, and AI gets emotional

Wed, 29 Jun 2022 23:00:00 +0000

A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling.

Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

LockBit 3.0 introduces the first ransomware bug bounty program — Bleeping Computer.
Fake copyright infringement emails install LockBit ransomware — Bleeping Computer.
Why US women are deleting their period tracking apps — The Guardian.
Privacy not included — Mozilla Foundation.
The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant — Vice.
Microsoft is removing emotion recognition features from its facial recognition tech — NBC News.
Top 10 Emotional AI Examples in 2022 & Reasons for Success — AI Multiple.
Analysis of Speech Features for Emotion Detection: A Review — IEEE Xplore.
Microsoft's framework for building AI systems responsibly — Microsoft.
The Swedish chemist shop sketch — As performed by Mel Smith and Rowan Atkinson on Not the Nine O'Clock News.
Alley Cat — Wikipedia.
Play Alley Cat — Internet Archive.
Alley Cat Remeow Edition — Game Jolt.
reMarkable.
SOLAR podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Snyk - Find, prioritize, and fix security vulnerabilities in your code.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Privacy & Opt-Out: https://redcircle.com/privacy

Hot tub hijinx, and a sentient AI

Wed, 22 Jun 2022 23:00:00 +0000

Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

Hot Tub Time Machine trailer — YouTube.
Hacking into the worldwide Jacuzzi SmartTub network — Eaton Works.
SmartTub — Apple iOS App Store.
SmartTub — Google Play store.
Hot tub hack reveals washed-up security protection — BBC News.
Google engineer Blake Lemoine thinks its LaMDA AI has come to life — The Washington Post.
Google engineer put on leave after saying AI chatbot has become sentient — The Guardian.
AI's most convincing conversations are not what they seem — The Register.
Blake Lemoine's blog.
Van Gogh Bristol Exhibition: The Immersive Experience.
Van Gogh: The Immersive Experience — YouTube.
The Inquiry — BBC World Service.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Kolide - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Bitwarden - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Drata - Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.

Support the show:

You can help the podcast by telling your friends and colleagues about "Smashing Security", and leaving us a review on Apple Podcasts or Podchaser.

Become a Patreon supporter for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Privacy & Opt-Out: https://redcircle.com/privacy

Encrypted notes, and a deadly case of AirTag spying

Wed, 15 Jun 2022 22:00:00 +0000

How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/279 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

Welsh James Bond Timothy Dalton's cello escape in "The Living Daylights" — YouTube.
How a Saxophonist Tricked the KGB by Encrypting Secrets in Music — Wired.
Woman accused of killing boyfriend using AirTag tracking — The Register.
Andre Smith fatally struck by car outside Tilly's Pub, woman charged — Indy Star.
Indianapolis woman Gaylyn Morris accused of tracking boyfriend with Apple AirTag, killing him with car, police say — The Washington Post.
An update on AirTag and unwanted tracking — Apple.
Apple Updates iPhone with 'Safety Check' for Domestic Victims — Gizmodo.
Web3 is going just great.
Audm - Listen to feature stories from The Atlantic, WIRED, and more.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Tim Hortons, avoiding sanctions, and good faith security research

Wed, 08 Jun 2022 22:00:00 +0000

Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?

Visit https://www.smashingsecurity.com/278 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

Support Smashing Security

Links:

Double-double tracking: How Tim Hortons knows where you sleep, work and vacation — Financial Post.
Report: Tim Hortons collected location data without consent — The Register.
Joint investigation into location tracking by the Tim Hortons App — Office of the Privacy Commissioner of Canada.
Mandiant: “No evidence” we were hacked by LockBit ransomware — Bleeping Computer.
Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act — Dept of Justice.
DOJ: Congress looked into CFAA updates but effort was stalled by extortion concerns — The Record.
The (still) unanswered questions around the CFAA and ‘good faith’ security research — SC Magazine.
Sex Education — Netflix.
Forest fr1ends — Twitter.
Inch Calculator.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Bad bots, cheeky ransoms, and good deepfakes

Wed, 01 Jun 2022 22:00:00 +0000

Ransom acts of kindness are top of our mind, as we also explore how bad bots are hogging more and more of the internet's activity, and look at how deepfakes could be a good thing after all.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].

Visit https://www.smashingsecurity.com/277 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Ray [REDACTED].

Sponsored By:

Support Smashing Security

Links:

Popcorn Time ransomware invites you to get ‘nasty’ to recover your files — Graham Cluley.
Rensenware — Wikipedia.
GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need — CloudSEK.
Bad Bot Report — Imperva.
Bad Bot Traffic Report: Almost Half of All 2021 Internet Traffic Was Not Human — CPO Magazine.
Automated Threats - web applications — OWASP.
Home Stallone [Deepfake] — YouTube.
The Emergence of Deepfake Technology: A Review — ResearchGate.
Positive Use Cases of Synthetic Media (aka Deepfakes) — Towards Data Science.
Deepfake pornography could become an 'epidemic', expert warns — BBC News.
Europol report finds deepfake technology could become staple tool for organised crime — Europol.
Google quietly bans deepfake training projects on Colab — Bleeping Computer.
Japanese man spends £12,500 on ultra-realistic dog costume so he can live like an animal — Daily Mail.
Google Colab FAQ.
Talky.
The Relationship Between Valence and Chills in Music: A Corpus Analysis.
Frisson: This playlist is scientifically verified to give you chills — Big Think.
A Spotify playlist with 715 songs known to give people chills — Quartz.
Songs to give you chills — Spotify playlist.
Zen Motoring — BBC iPlayer.
Ogmios School of Zen Motoring Ep 1 — YouTube.
Zen School of Motoring: TV that will cleanse your spirit like meditation — The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Webcam extortion, Michael Fish, and food foul-ups

Wed, 25 May 2022 22:00:00 +0000

A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one...) hacked into his female classmates' online accounts, hunting for nude photos and videos.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/276 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

Vote for your favourite cybersecurity podcast in the European Security Blogger Awards!
Michael Fish (the weatherman) — Wikipedia.
"I wish I wish Michael Fish" by Rachel & Nicki — YouTube.
"John Kettley (Is A Weatherman)" by The Tribe of Toffs — YouTube.
Albany Man Sentenced to 111 Months for Stealing Nude Photos of Numerous Victims and Possessing Child Pornography — Department of Justice.
Hijacking webcams with Screencastify — Almost Secure.
Cyber security: Global food supply chain at risk from malicious hackers — BBC News.
4 Predictions for Food and Agriculture in 2022 — Food Logistics
Risks of using AI to grow our food are substantial and must not be ignored, warn researchers — University of Cambridge.
With food prices continuing to climb, UN warns of crippling global shortages — NPR.
OutHorse Your Email.
Solitary Bee Nesting Equipment — Mason Bees.
Limelight — BBC Radio 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Jail for Bing, and mental health apps may not be good for you

Wed, 18 May 2022 22:00:00 +0000

A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to?

Plus don't miss our featured interview with Rumble's Chris Kirsch.

Visit https://www.smashingsecurity.com/275 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Chris Kirsch and Jessica Barker.

Sponsored By:

Support Smashing Security

Links:

Angry IT admin wipes employer’s databases, gets 7 years in prison — Bleeping Computer.
A closer look at Eternity Malware — Cyble.
Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram — The Hacker News.
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains — BlackBerry.
Top Mental Health and Prayer Apps Fail Spectacularly at Privacy, Security — Mozilla Foundation.
Talkspace privacy & security guide — Mozilla Foundation.
BetterHelp privacy & security guide — Mozilla Foundation.
Dramatic growth in mental-health apps has created a risky industry — The Economist.
Meltdown Three Mile Island — Netflix.
The China Syndrome trailer — YouTube.
Slow Horses — Apple TV+.
Therapist Uncensored podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Hands off my biometrics, and a wormhole squirmish

Wed, 11 May 2022 22:00:00 +0000

Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

And don't miss our featured interview with Artur Kane of GoodAccess.

Visit https://www.smashingsecurity.com/274 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Artur Kane.

Sponsored By:

Support Smashing Security

Links:

Carl Sagan - Cosmos - Space Travel — YouTube.
Wormhole.com
'Tired' Carl Sagan Fan Sells Wormhole.com to Crypto Giant Jump for $50K After Lawsuit — Decrypt.
ACLU vs Clearview AI — American Civil Liberties Union.
Clearview AI Offered Free Trials To Police Around The World — Buzzfeed News.
US State Privacy Legislation Tracker — IAPP.
The Secretive Company That Might End Privacy as We Know It — The New York Times.
In Big Win, Settlement Ensures Clearview AI Complies With Groundbreaking Illinois Biometric Privacy Law — American Civil Liberties Union
OwlKitty — YouTube.
Review: The Balldo Made Me Rethink Sex in the Most Absurd Way Possible — Wired.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Password blips, and who's calling the airport?

Wed, 04 May 2022 22:00:00 +0000

We find out why calls to Dublin airport's noise complaints line have soared, and Carole quizzes Graham to celebrate World Password Day.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

And don't miss our special featured interview with Clint Dovholuk of NetFoundry.

Visit https://www.smashingsecurity.com/273 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Clint Dovholuk.

Sponsored By:

Support Smashing Security

Links:

Houston Zoo asks FBI to investigate text-message attack — Houston Chronicle.
Trunk calls for Rory Lion flood telephone lines — Irish Independent.
Airport Noise & Noise Reports — Dublin Airport.
Dublin Airport got 12,272 noise complaints last year from just one person — Irish Independent.
Compromised Passwords Responsible for Hacking Breaches — Securelink.
Verizon 2021 DBIR Results & Analysis — Verizon.
Three random words — NCSC.
What’s wrong with What3Words? — YouTube.
Why What3Words is not suitable for safety critical applications — Cybergibbons.
What3Words – The Algorithm — Cybergibbons.
Why bother with What Three Words? — Terence Eden.
River (TV series) — Wikipedia.
Wearing shoes inside the house is gross – and there’s science to back that up — The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Going ape over the Kardashians, and the face of romance scams

Wed, 27 Apr 2022 22:00:00 +0000

Members of The Bored Ape Yacht Club get that sinking feeling, a face unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox?

Visit https://www.smashingsecurity.com/272 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Joe Tidy.

Sponsored By:

Support Smashing Security

Links:

Jimmy Fallon and Paris Hilton show off their Bored Ape Yacht Club NFTs. — Twitter.
NFTs Stolen After Bored Ape Yacht Club Instagram, Discord Hacked — CoinDesk.
Image of scam posted on Bored Ape Yacht Club's Instagram account — Twitter.
Bored Ape Yacht Club confirms it had two-factor authentication enabled — Twitter.
Kardashians deny faking Roblox sex tape scene — BBC News.
How an Army colonel became the face of romance scams around the world — Task and Purpose.
Army Col. Daniel Blackmon: The accidental face of military romance scams — Task and Purpose.
Daily Dorries — Twitter (parental discretion advised)
Hacking the House: do MPs care about cyber-security? — BBC News.
Rob Brydon's Directors Commentary — YouTube.
"This Is How Michael Caine Speaks" from The Trip — YouTube.
American Vigilante — Crowd Network.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Crypto break-in, Google blurring, and mics not muting

Wed, 20 Apr 2022 22:00:00 +0000

A man loses $650,000 from his cryptocurrency wallet after his Apple iCloud account is hacked, video conferencing apps may not be muting your mic quite the way you imagined, and Google has unblurred military bases in Russia... or has it?

Visit https://www.smashingsecurity.com/271 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

Domenic Iacovone on Twitter.
Learn A Geordie Accent - Newcastle Accent Tutorial — YouTube.
Serpent explains the scam on Twitter.
How an Apple iCloud Exploit Lost a Crypto Trader Over $650K — CNET.
MetaMask advises its users to check their iCloud backup settings — Twitter.
Scam message received by Graham from his niece's Instagram account.
19 Places On The Planet Google Earth Is Hiding From You — Travel Triangle.
Google denies Ukrainian reports it unblurred satellite Maps imagery in Russia — The Verge.
Buran shuttle — Google Maps.
'Mute' button in conferencing apps may not actually mute your mic — Bleeping Computer.
You’re muted — or are you? Videoconferencing apps may listen even when mic is off — University of Wisconsin-Madison.
Gerry Anderson: A Life Uncharted — BritBox.
Gerry Anderson: A Life Uncharted trailer — YouTube.
Bloodline — Netflix.
Succession — HBO.
Succession review – brilliant dissection of a dysfunctional dynasty — The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Bearded Barbie, EDR scams, and hobbyist crime detectives

Wed, 13 Apr 2022 22:00:00 +0000

Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook - but why? Scammers have found a new way to gain access to your most sensitive information - but how? And armchair detectives are helping investigating cold cases involving DNA - but should they?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/270 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

How Barbie's body size would look in real life — Daily Mail.
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials — Cybereason.
Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” — Brian Krebs.
What we know about the increase in U.S. murders in 2020 — Pew Research Center.
The History of DNA: From Crime Scenes to Consumer Goods — University of West Florida.
How an Unlikely Family History Website Transformed Cold Case Investigations — The New York Times.
DNA Databases Are Boon to Police But Menace to Privacy, Critics Say — PEW.
Philanthropists Push Police Searches of DNA Databases — The New York Times.
Help solve crimes with your DNA — DNASolves.
Hackers Attacked Two Leading Genetic Genealogy Websites — BuzzFeed.
How to Pronounce Moët & Chandon? And WHY?! — YouTube.
How to Pronounce Wednesday? (CORRECTLY) — YouTube.
Julien Miquel on YouTube.
Support Maria Varmazis as she raises money for Cancer Research — Pan-Mass Challenge.
The House (2022 film) — Wikipedia.
The House — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Trezor Deep Throat, a CCTV stalker, and Amazon's list of banned words

Wed, 06 Apr 2022 22:00:00 +0000

There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.

Visit https://www.smashingsecurity.com/269 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Zoë Rose.

Sponsored By:

Support Smashing Security

Links:

Trezor wallets hacked? Don’t be duped by phishing attack email — Graham Cluley.
Tweet by Trezor.
Ongoing phishing attacks on Trezor users — Trezor.
Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said — The Record.
Stalker used woman's own CCTV cameras to watch her at home — Liverpool Echo.
Operation: SafeEscape.
Work Trend Index: Microsoft’s latest research on the ways we work — Microsoft.
Research: A Little Recognition Can Provide a Big Morale Boost — HBR.
50% of companies want workers back in office 5 days a week — CNBC.
New Amazon Worker Chat App Would Ban Words Like “Union” — The Intercept.
Trust No One — Netflix.
Smashing Security episode 114: Darknet Diaries, death, and beauty apps — Where we discussed the mysterious case of Gerry Cotten and QuadrigaCX.
Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty — Graham Cluley.
Hamilton One Essential S1 Magicfold Premium Buggy — Kruidvat NL.
Infantino 4-in-1 Flip Advanced Draagzak BK-05204 — Bol.
Cosco Scenera Next Convertible Car Seat, Boulder — Canadian Tire.
Literature Clock.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

LinkedIn deepfakes, doxxing Russian spies, and a false alarm

Wed, 30 Mar 2022 22:00:00 +0000

Strange goings-on on LinkedIn, Ukraine publishes a list of alleged Russian FSB agents, and police in Pittsburgh investigate an odd report of an active shooter.

Visit https://www.smashingsecurity.com/268 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

Support Smashing Security

Links:

North Korea tests its ‘largest intercontinental ballistic missile’ — YouTube.
LinkedIn Professional Community Policies — LinkedIn.
Community Report — LinkedIn.
The latest marketing tactic on LinkedIn: AI-generated faces — NPR.
List of FSB agents — Ukraine Ministry of Defence.
How the Dutch foiled Russian 'cyber-attack' on OPCW — BBC News.
Boris Nemtsov: Murdered Putin rival 'tailed' by agent linked to FSB hit squad — BBC News.
Police: Autocorrected text triggered large police presence on Pittsburgh’s North Side — WPXI.
Pickle me up: Hilarious autocorrect fails, from Krispy Koreans to wet, sloppy kids — Daily Mail.
After Life — Netflix.
After Life trailer — YouTube.
"Time on Rock - A Climber's Route into the Mountains" by Anna Fleming — Canongate Books.
Severance — Apple TV.
Severance trailer — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Virtual kidnapping, two helipads, and a naughty Apple employee

Wed, 23 Mar 2022 23:00:00 +0000

A Russian bank tells its customers to stop installing security updates, an Apple employee ends up in hot water, and learn our tips to avoid being virtually kidnapped.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Visit https://www.smashingsecurity.com/267 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Anna Brading.

Sponsored By:

Support Smashing Security

Links:

Smashing Security 263: Problèmes de Weefeee, AI artists, and Web 3.0 — In which Mark Stockley discusses the NFT he created in Smashing Security's honour.
Graham or Carole? - Untitled Collection #173407394 — OpenSea.
Mark Stockley reveals the Smashing Security NFT is being resold... for $3 million — Twitter.
Секрет Шехерезады. Яхта Путина за 75 000 000 000 ₽ — YouTube (best watched with the subtitles on...)
‘Mysterious’: the $700m superyacht in Italy some say belongs to Putin — The Guardian.
"The road from Moscow to Kyiv passes through Belgravia" — Video from Led By Donkeys, posted on Twitter.
Burger King owner says operator in Russia refuses to shut shops — The Guardian.
Pitcairn Islands relays most spam per person, reveals Sophos — Sophos.
Pitcairn spam haven, North Korea definitely isn't — The Guardian.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus — Ars Technica.
Activists are targeting Russians with open-source "protestware" — MIT Technology Review.
JavaScript library updated to wipe files from Russia systems — The Register.
After ‘protestware’ attacks, a Russian bank has advised clients to stop updating software — The Verge.
Irish petrol station offers 24-7 laundry service — Petrol Plaza.
Clip from Mel Gibson movie "ransom", starring Mel Gibson — YouTube.
FBI warns of ‘virtual kidnapping’ scheme executed on Miami couple — Local 10.
FBI Chicago Warns Public About Virtual Kidnapping Scams — FBI.
Former Employee Charged With Defrauding Apple, Money Laundering, And Tax Crimes — Department of Justice.
U.S. charges former Apple buyer with defrauding more than $10 million from company — Reuters.
Mandy — BBC iPlayer.
Diane Morgan as Mandy — YouTube.
Heardle — The daily musical intros game.
Color wheel, a color palette generator — Adobe Color.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cyberflashing, Kaspersky, and secret spies

Wed, 16 Mar 2022 23:00:00 +0000

Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it's taking a hard line on cyberflashing.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.

Visit https://www.smashingsecurity.com/266 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Chris Kirsch.

Sponsored By:

Support Smashing Security

Links:

Kaspersky Has Close Ties to Russian Spies — Bloomberg.
Kaspersky hit by new below-the-belt sauna spy attack — Graham Cluley.
A practical guide to making up a sensation — Eugene Kaspersky.
US intelligence chiefs don’t trust Kaspersky. But why? — Graham Cluley.
UK cyber agency targets Kaspersky in warning on Russian software — Reuters.
Group-IB founder arrested in Moscow on state treason charges — The Record.
BSI warning about using Kaspersky.
Kaspersky statement regarding the BSI warning — Kaspersky.
Collateral Damage — on Cybersecurity — Open letter from Eugene Kaspersky.
Apple's AirTag uncovers a secret German intelligence agency — Apple Insider.
Bundesservice Telekommunikation — wie ich versehentlich eine Tarnbehörde in der Bundesverwaltung fand — Lilith Wittmann.
Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter — Lilith Wittmann.
Loophole in law means men will still get away with sending penis pictures — Cambridgeshire Live.
Cyberflashing to be criminalised under new online safety bill — The Independent.
‘Cyberflashing’ to become a criminal offence — UK Government.
Is there hidden sexual abuse going on in your school? — TES Magazine.
13 genius ways to respond to unsolicited dick pics — Cosmopolitan.
Whatever Happened to Pizza at McDonald's?
A Podcast Answers a Fast-Food Question That Nobody Is Asking — The New York Times.
Forget Adnan and Richard Simmons, ‘Whatever Happened to Pizza at McDonald’s?’ Is the Mystery-Solving Podcast You Need — Vulture.
Cook-Out on Oculus Quest — Oculus.
Cook-Out: A Sandwich Tale trailer — YouTube.
100,000 Stars.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

The Nigerian supercop and Alexa vs. Alexa

Wed, 09 Mar 2022 23:00:00 +0000

The most famous policeman in Nigeria is in hot water over his links to Hushpuppi, has your Amazon Echo been talking to itself, and can an AI girlfriend save your marriage?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Plus don't miss our featured interview with Jason Meller of Kolide.

Visit https://www.smashingsecurity.com/265 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jason Meller.

Sponsored By:

Support Smashing Security

Links:

Abba Kyari shows off that he has had a road named after him — Instagram.
Birthday wishes for Abba Kyari — Instagram.
Smashing Security episode 186: This one's for all the Karens! — In which we first discussed the Hushpuppi case.
Adeola Fayehun discusses Abba Kyari's arrest — YouTube.
Alexa Privacy – Learn how Alexa works — Amazon.
Alexa vs Alexa (AvA).
Amazon Alexa compromise possible through own speakers — The Register.
The Rescue — Wikipedia.
The Rescue — Apple TV.
'I fell in love with my AI girlfriend - and it saved my marriage' — Sky News.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Hacked car chargers, Telegram sextortionists, and secret bossware

Wed, 02 Mar 2022 23:00:00 +0000

Why might Russian EV chargers be displaying an anti-Putin message? Why are Telegram groups sharing sharing explicit images of women without their consent? And who is watching you in the workplace?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Visit https://www.smashingsecurity.com/264 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jessica Barker.

Sponsored By:

Support Smashing Security

Links:

Three ways you can help the people of Ukraine from the UK — The Guardian.
How You Can Help Ukraine — London City Hall.
Ukrainian Astronomers Named a Star 'Putin Is a D**khead' — The Atlantic.
Video of hacked EV charger — AutoEnterprise on Facebook.
Explanation for EV charger outage — Rosseti on Facebook.
Russian Electric Vehicle Chargers Hacked, Tell Users ‘PUTIN IS A DICKHEAD’ — Vice.
Roblox Currency ‘Robux’ Is Outperforming the Ruble — Vice.
Why won’t Telegram take down my naked photos? — BBC News.
Telegram revenge porn scandal: police investigate as more than 50 000 men share explicit content of women and underaged girls — Politika.
Ex-Leeds student OnlyFans star rakes in £2m pouring beans on herself and pretending to be a giant — Leeds Live.
Post Office scandal explained: Why a public inquiry is examining the Horizon sub-postmasters scandal — Inews.
TUC warns against employee monitoring after Post Office scandal — Personnel Today.
Post Office scandal: What the Horizon saga is all about — BBC News.
I’ll be watching you - What is workplace monitoring? — TUC.
TUC and legal experts warn of “huge gaps” in British law over use of AI at work — TUC.
Intrusive worker surveillance tech risks “spiralling out of control” without stronger regulation, TUC warns — TUC.
Kind of Bloop — An 8-Bit Tribute to Miles Davis' Kind of Blue.
Space Force — Netflix.
Who Won the US Military Vs. Space Force Trademark Dispute? — CBR.
'Space Force? Is that Real?' Guardians Still Struggling with an Unconvinced Public — Military.com.
Yoga with Kassandra — YouTube.
Five Parks Yoga w/ Erin Sampson — YouTube.
YOGA UPLOAD with Maris Aylward — YouTube.
Breathe and Flow — YouTube.
Two Birds Yoga — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Problèmes de Weefeee, AI artists, and Web 3.0

Wed, 23 Feb 2022 23:00:00 +0000

Ooh la la! Horreur Wi-Fi en France! Some folks have experienced the drawbacks of Web 3.0 as their NFTs are stolen, and should computers own the copyright over the art they produce?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

And don't miss our featured interview with Sean Herbert of baramundi.

Visit https://www.smashingsecurity.com/263 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Mark Stockley and Sean Herbert.

Sponsored By:

Support Smashing Security

Links:

Les dents, le brouilleur et au lit! — ANFR.
Dad takes down town's internet by mistake to get his kids offline — Bleeping Computer.
TV licenses and detector vans in the United Kingdom — Wikipedia.
My first impressions of web3 — Moxie Marlinspike.
Graham or Carole? - NFT for sale — OpenSea.
$1.7 million in NFTs stolen in apparent phishing attack on OpenSea users — The Verge.
Art Copyright, Explained — Artsy.
The US Copyright Office says an AI can’t copyright its art — The Verge.
Ruling on "A Recent Entrance to Paradise" — Copyright Review Board.
Appeals court blasts PETA for using selfie monkey as ‘an unwitting pawn’ — The Verge.
'Monkey selfie' case: Photographer wins two year legal fight against Peta over the image copyright — The Independent.
What I Wish They Taught Me about Copyright in Art School — Library of Congress.
Who is Banksy and why did he lose the trademark for four of his most famous works? — Sydney Morning Herald.
The Tinder Swindler — Netflix.
You Can’t Make This Up: The Making of a Swindler (Part one) — Podcast going behind the scenes of "The Tinder Swindler."
Why insects do not (and cannot) attack healthy plants — YouTube.
Eye of the Storm — BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Macro progress, eyeball-tracking ads, and encryption backdoors

Wed, 16 Feb 2022 23:00:00 +0000

How does Microsoft hope to defeat the macro terror? How is the UK Government trying to influence the public's opinion on end-to-end encryption? And what is MoviePass hoping to do with your eyeballs?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Visit https://www.smashingsecurity.com/262 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Thom Langford.

Sponsored By:

Support Smashing Security

Links:

Macros from the internet are blocked by default in Office — Microsoft.
A potentially dangerous macro has been blocked — Microsoft.
The Death of "Please Enable Macros" and What it Means — Check Point Research.
No Place to Hide.
Why we need EndToEndEncryption and why it’s essential for our safety, our children’s safety, and for everyone’s future — Alec Muffet.
Smashing Security episode 68: Malware from outer space!
MoviePass Relaunching Next Summer — Variety.
MoviePass is back but with eyeball tracking to make you watch ads — Daily Mail.
MoviePass 2.0 Wants to Track Your Eyeballs to Make Sure You Watch Ads — Vice.
Starlink.
2000 AD - the Galaxy's Greatest Comic!
Future Shock! The Story of 2000AD — IMDB.
40 Strange Etiquette Rules Through the Years — Good Housekeeping.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

North Korea hacked, DEA cosplay, and Horizon Worlds drama

Wed, 09 Feb 2022 23:00:00 +0000

Who's wearing the pyjamas while they take down North Korea's internet? Is it a case of cop or cosplay in Oregon? And what's to fear about the metaverse?

Visit https://www.smashingsecurity.com/261 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

Space Station Photos Show North Korea at Night, Cloaked in Darkness — National Geographic.
North Korea Hacked Him. So He Took Down Its Internet — Wired.
North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities — Hot for Security.
Woman ‘Tricked’ to Believe She Was a D.E.A. Agent Trainee, Official Says — New York Times.
Alleged DEA imposter in Portland took woman on ‘ride-alongs,’ had her flash fake badge to find informants among homeless people, complaint says — Oregon Live.
Meta forced to add ‘personal boundaries’ to the Metaverse after woman was sexually harassed in virtual reality — The Independent.
Horizon Worlds metaverse app could pose danger for kids, experts say — Washington Post.
The metaverse has a groping problem already — MIT Technology Review.
Sexual harassment in the metaverse? Woman says she was virtually raped — USA Today.
Talking Telephone Numbers Breakdown w/ separated Transmission & Talkback audio — YouTube.
2013 Tony Awards Director On FIRE!!! — YouTube.
Ghosts — BBC iPlayer.
Chateau Snavely — A terrible Fawlty Towers remake from 1978, with Betty White.
Amanda's By the Sea — A terrible Fawlty Towers remake from 1983, with Bea Arthur.
Payne — A terrible Fawlty Towers remake from 1999, which doesn't star anyone from The Golden Girls.
Couples Therapy — BBC iPlayer.
Couples Therapy trailer — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

New hire mystery, hacktivist ransomware, and digi-dating

Wed, 02 Feb 2022 23:00:00 +0000

Who's that new guy working at your company, and why don't you recognise him from the interview? How are hacktivists raising the heat in Belarus? And should you be fully vaxxed for your online date?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/260 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

The new hire who showed up is not the same person we interviewed — Ask a Manager.
How to Spot Fake Candidates in Video Interviews — Nick Shah on LinkedIn.
How To Avoid The Fake Candidate Scam in the Tech Industry — Focus GTS.
Tweet by Belarusian Cyber-Partisans.
Tweet showing screenshots of hacked railroad.
‘We Can Hurt Them in Ways They Don’t Understand’: Ukraine on Russia Cyber-War — Vice.
Pandemic fuels new trends in the online dating world — WXYZ Detroit.
'Swipe left for unvaxxed’: Vaccine status complicates the scene on dating apps — France 24.
Tips for private and safe dating on Tinder — Kaspersky.
Survey Says Bumble Users Are Burned Out on One Thing in Particular — Bumble.
Cookie Clicker.
Getting Curious with Jonathan Van Ness — Netflix.
Chicken fattee with rice, crispbread and yoghurt recipe — Moro.
Chocolate and Apricot Tart report — Happy Foodie.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Techquilibrium and mediocre linguistic escapades

Wed, 26 Jan 2022 23:00:00 +0000

Wordle - good or bad for the world? Whatever your opinion, at least someone wants to spoil players' fun. Meanwhile, we take a look at the threat mobile phones can pose to your mental health.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/259 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

Wordle - A daily word game.
Friend of the show Mark Stockley bragging about his Wordle play — Twitter.
Wordle Accessibility — Generates descriptive text for your Wordle result.
Twitter suspends Wordle-ruining bot — The Verge.
Screen Time: How to make peace with your devices and find your techquilibrium — Book by Becca Cady.
2022 Cell Phone Usage Statistics: How Obsessed Are We? — Reviews.org.
Is Your Phone Affecting Your Mental Health? — Butler Hospital.
The people deciding to ditch their smartphones — BBC News.
No place is sacred: Addicted Americans use cell phones at weddings, funerals, on the toilet! — Study Finds.
Is Your Mobile Phone Use Bad for Your Mental Health? — Mental Health.
From low sense of control to problematic smartphone use severity during Covid-19 outbreak: The mediating role of fear of missing out and the moderating role of repetitive negative thinking — PLOS.
Ten ways to take control of your smartphone — The Guardian.
It's A Knockout 1973, Heat 4 - Ely Vs Hertford — YouTube.
It's a Royal Knockout, 1987 — YouTube.
The Grand Knockout Tournament — Wikipedia.
Embarrassing 80's - Royal It's a Knockout — YouTube.
'Brand New Cherry Flavor' Review: Dark New Netflix Show Gets Gross — Variety.
Brand New Cherry Flavor — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Tesla remote hijacks and revolting YouTubers

Wed, 19 Jan 2022 23:00:00 +0000

Carole's still on jury service, but the show must go on! We take a look at how some Tesla owners are at risk of having their expensive cars remotely hijacked, and why YouTubers are up in arms over NFTs.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/258 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

Monty Hall problem — Wikipedia.
Monty Hall problem explanation video — Numberphile on YouTube.
David Colombo's Twitter account.
How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App — Vice.
Graham or Carole? NFT, posted by Mark Stockley — OpenSea.
The Fart Jars NFT story doesn't pass the smell test — Input Magazine.
WOW! Disgusting Youtuber Exploitation Scandal, MrBeast Beat a Child, MLK Controversy, & Today's News — Philip DeFranco's YouTube account.
Gaming YouTubers have had their likenesses stolen and sold as NFTs — EuroGamer.
Prominent Gaming YouTubers' Likenesses Sold As NFTs Without Consent — Nintendo Life.
Cleanup.pictures — Remove objects, people, text and defects from any picture for free.
Quick, Draw!
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Pokemon-hunting cops and the Spine Collector scammer

Wed, 12 Jan 2022 23:00:00 +0000

Who has been playing video games rather than hunting down criminals? How is a man alleged to have stolen manuscripts of unpublished books from celebrity authors? Which pot contains an elephant? And why has Graham been listening to podcasts about pest control marketing?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/257 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

Pokémon Go: Police fired for chasing Snorlax instead of robbers — BBC News.
Pokémon Go-Playing LAPD Officers Fired For Ignoring Robbery — Kotaku.
Court of appeal documents (PDF).
The Mysterious Figure Stealing Books Before Their Release — Vulture.
FBI Arrests Man Accused of Stealing Unpublished Book Manuscripts — The New York Times.
ViacomCBS security group 'crucial' for FBI manuscript theft investigation, says Karp — The Bookseller.
The Spine Collector: Man arrested for using fake email addresses to steal hundreds of unpublished manuscripts — Hot for Security.
Pest Control Marketing Live! — YouTube.
Pest Control Marketing Podcast.
Pest Control Marketing Jingles.
Think with Pinker — BBC Radio 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Virgin Media just won't take no for an answer, NFT apes, and bad optics

Wed, 15 Dec 2021 23:00:00 +0000

After a brief discussion of the Log4Shell vulnerability panic, we chat about how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your sleeping girlfriend's facial recognition.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined by Mark Stockley for our last episode of the year!

Visit https://www.smashingsecurity.com/256 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

Log4Shell: The race is on to fix millions of systems and internet-connected devices — Graham Cluley.
Virgin Media Limited monetary penalty notice (PDF) — Information Commissioner's Office.
Virgin Media fined £50k for spamming opted-out customers — The Register.
Bored Ape NFT accidentally sells for $3,000 instead of $300,000 — BBC News.
Man steals $23K using ex's phone through facial recognition: report — NY Post.
Man sentenced to 3.5 years in prison after transferring $23,500 on ex-girlfriend's phone by pulling up her eyelid — Global Times.
What Every Heart Emoji Really Means — Emojipedia.
Graham or Carole? NFT for sale — OpenSea.
Mare of Easttown: Official Trailer — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Revolting receipts, a Twitter fandango, and shopkeeper cyber tips

Wed, 08 Dec 2021 23:00:00 +0000

"Demonically" possessed devices print out antiwork propaganda, advice on how to secure your store, and is Twitter's new photo privacy policy practical?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.

Visit https://www.smashingsecurity.com/255 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dinah Davis.

Sponsored By:

Support Smashing Security

Links:

CEO of US mortgage company fires 900 employees on a Zoom call — YouTube.
Better.com Zoom firing: Employees share what it was like — CNN.
Antiwork subreddit — Reddit.
Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos — Motherboard Vice.
Hackers are spamming printers with 'antiwork' slogans — Metro.
How To Get Back At Your Annoyingly Loud Neighbors — Dumpaday.
Attention Shoppers: Internet Is Open — The New York Times.
A Brief History of E-commerce — Michael Tefula.
NetMarket.
Global retail e-commerce market size 2014-2023 — Statista.
Ecommerce Fraud Prevention: How To Protect Your Online Store — Big Commerce.
How to Secure Your E-Commerce Website: 6 Basic Steps — PC Magazine.
How to Secure Your eCommerce Website: 7 Tips — MailMunch.
Twitter Will Take Down Pictures of People Posted Without Their Permission — The New York Times.
Far-right activists using Twitter new rule against anti-extremist researchers — The Washington Post.
Far-right target critics with Twitter's new media policy — BBC News.
The Guardian Crosswords.
‎Guardian Puzzles & Crosswords for iOS — iOS App Store.
Guardian Puzzles & Crosswords for Android — Google Play store.
Now that's what I call a Hacker — Jitbit.
Taskmaster — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

A dead hamster, a brass pen, and The Beatles

Wed, 01 Dec 2021 23:00:00 +0000

Cryptocurrency traders suffer a hamster-related loss, beware of charity scammers this holiday season, and do you have the patience to sit through Peter Jackson's eight-hour Beatles documentary?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are flying solo this week.

Visit https://www.smashingsecurity.com/254 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

How Stanley Kubrick Staged the Moon Landing — The Paris Review.
The Day the World Didn't End — NASA.
Does Finland Exist? Many Don't Think So — The Culture Trip.
Mr Goxx, the crypto-trading hamster beating human investors — BBC News.
Mr Goxx's Twitch channel — Twitch.
RIP Mr. Goxx: Cryptocurrency trading HAMSTER DIES of unknown causes — Daily Mail.
Epstein’s death proves feeding ground for conspiracy theories — Financial Times.
Smashing Security episode 114: Darknet Diaries, death, and beauty apps — In which we discussed the Quadriga case.
Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty — Graham Cluley.
Fraud: Charities warned to be extra vigilant over coming months — UK Fundraising.
Donate safely this Giving Tuesday — FTC.
Watch The Beatles: Get Back — Disney +
The Beatles: Get Back trailer — YouTube.
Kaweco Brass Sport pen.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Cybercrime unicorns, HVAC hacks, and NFT piracy - with Mikko Hyppönen

Wed, 24 Nov 2021 23:00:00 +0000

Heating systems are left vulnerable to attack in the high courts, cybercrime unicorns have become a reality (but what are they?), over 15 Terabytes of NFTs are made available for anyone to download ... and Carole reveals her Pick of the Year.

Visit https://www.smashingsecurity.com/253 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mikko Hyppönen.

Sponsored By:

Support Smashing Security

Links:

Royal Courts of Justice HVAC systems had unsecured Wi-Fi AP — The Register.
Tweet by Tristan Kirk, court correspondent of the London Evening Standard.
Target Hackers Broke in Via HVAC Company — Brian Krebs.
Former Security Guard Who Hacked Into Hospital’s Computer System Sentenced to 110 Months in Federal Prison — FBI.
Video by Jesse McGraw (aka "PhantomExodizzmo") — YouTube.
Cybercrime Unicorns: How Hackers Are Building Empires That Rival Tech's Most Sophisticated, Highly Valued Startups — International Business Times.
Will we see a cybercrime unicorn? — Comic strip featuring Mikko Hyppönen.
'Piracy' website offers NFT art as free downloads — BBC News.
Someone Made a Pirate Bay for NFTs — Motherboard.
The NFT Bay.
NFTs are causing chaos in online artist communities — Polygon.
Think cryptocurrency is bad? NFTs are even worse — Mashable.
MailMate.
The Ted Dabney Experience — Podcast about vintage video games.
Ruben Brandt, Collector — IMDB.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Hotel hacks, workplace spies, and the FBI

Wed, 17 Nov 2021 23:00:00 +0000

Booking.com got hacked five years ago, and didn't tell its customers... but now we know who might have been behind it. Bossware rears its ugly head again in the workplace, spying on employees. And did you receive a warning email from the FBI?

Plus we have a featured interview with Perimeter 81 co-founder and CEO Amit Bareket.

Visit https://www.smashingsecurity.com/252 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Amit Bareket and Brian Klaas.

Sponsored By:

Support Smashing Security

Links:

American spy hacked Booking.com, company stayed silent — NRC.
Booking.com was reportedly hacked by a US intel agency but never told customers — Ars Technica.
Dutch newspaper links Booking.com break-in to US spy groups — The Register.
Belgium’s largest telecoms company says it was hacked — Graham Cluley.
GCHQ “infected Belgium’s largest telecom company with spyware” — Graham Cluley.
Is your company secretly monitoring your work at home? — Los Angeles Times.
School janitor says she was fired for not installing smartphone tracking app — Graham Cluley.
Hawaii’s ballistic missile false alarm and a user interface failure — Graham Cluley.
FBI system hacked to email 'urgent' warning about fake cyberattacks — Bleeping Computer.
Hoax Email Blast Abused Poor Coding in FBI Website — Krebs on Security.
Vinny Troia's website.
FBI Statement on Incident Involving Fake Emails — FBI.
What is Trailmakers? — YouTube.
Trailmakers - Build vehicles and explore the world.
"Apologies to My Censor" by Mitch Moxley.
"I Hate Suzie" trailer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

PrawnHub, Tesla recall, and IoT luggage

Wed, 10 Nov 2021 23:00:00 +0000

Fishing fanatics find themselves in deep water, Teslas go haywire after an update, and is there actually some good news about IoT?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ken Munro.

Visit https://www.smashingsecurity.com/251 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Ken Munro.

Sponsored By:

Support Smashing Security

Links:

Notice of a cyber security incident — Announcement from Angling Direct on London Stock Exchange.
Angling Direct: Criminals net website of UK fishing site — The Register.
Tweet from user of Angling Direct. — Twitter.
Tweet by Angling Direct customer — Twitter.
Internet-connected radio equipment and wearable radio equipment — European Commission.
Internet of Things Cybersecurity Improvement Act of 2020 — US LIbrary of Congress.
Information privacy: connected devices — Californian senate bill.
Tesla Full Self-Driving recall came amid increased regulatory scrutiny - The Washington Post — Washington Post.
Tesla recalls nearly 12,000 U.S. vehicles over software communication error — Reuters.
The World of the Unknown series of books: UFOs, Ghosts, and Monsters — Usborne.
World of the Unknown UFOs trailer — YouTube.
Airwheel SR5 Intelligent Suitcase.
Hijacking smart luggage — Pen Test Partners.
AeroPress Coffee Maker.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff

Privacy & Opt-Out: https://redcircle.com/privacy

Yes, you heard that correctly. Two hundred and fifty

Wed, 03 Nov 2021 23:00:00 +0000

A game about Squid Game pulls the rug from under cryptocurrency investors in what appears to be a scam, PayPal hackers use a devious trick to break into 2FA-protected accounts, and have you received a job offer that's too good to be true?

All this and much much more is discussed in this celebratory edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker.

Plus don't miss our featured interview with the CEO and president of Qualys, Sumedh Thakar.

Oh, and huge thanks to Darknet Diaries' Jack Rhysider, F-Secure's Mikko Hyppönen, The Cyberwire's Dave Bittner, and Host Unknown's Andrew Agnês, Thom Langford, and Javvad Malik for their special contributions to this episode.

Visit https://www.smashingsecurity.com/250 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Andrew Agnês, Dave Bittner, Jack Rhysider, Javvad Malik, Jessica Barker, Mikko Hyppönen, Sumedh Thakar, and Thom Langford.

Sponsored By:

Support Smashing Security

Links:

Squid Game cryptocurrency rockets in first few days of trading — BBC News.
Squid Game crypto token collapses in apparent scam — BBC News.
'I Lost Everything': How Squid Game Token Collapsed — CoinMarketCap.
Squid Game Cryptocurrency Scammers Make Off With $3.3 Million — Gizmodo.
The Booming Underground Market for Bots That Steal Your 2FA Codes — Vice.
Scammers Are Using Fake Job Ads to Steal People’s Identities — ProPublica.
FBI Warns Cyber Criminals Are Using Fake Job Listings to Target Applicants’ Personally Identifiable Information — FBI.
Don’t let job scams block your path forward — FTC Consumer Information.
Pit — Wikipedia.
Pit game description — Board Game Geek.
Metal Shop Masters — Netflix.
Metal Shop Masters trailer — YouTube.
Techjunkie Tools.
15 Secret Websites — Alphr.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Devious licks, Netflix, and sensitive hackers

Wed, 27 Oct 2021 22:00:00 +0000

Ransomware attackers have got hurt feelings, what does Netflix know about you, and why are schoolkids stealing lavatory seats?

Visit https://www.smashingsecurity.com/249 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Matt Davey.

Sponsored By:

Support Smashing Security

Links:

Governments turn tables on ransomware gang REvil by pushing it offline — Reuters.
REvil ransomware - what you need to know about the criminal enterprise — Tripwire.
REvil ransomware rampages following Kaseya supply-chain attack — Graham Cluley.
Meat supplier JBS probed after paying $11 million ransom to attackers. US Congress has a beef with those who pay ransoms to cybercriminals — Graham Cluley.
Hitting the BlackMatter gang where it hurts: In the wallet — Emsisoft.
Ransomware gang outraged at “bandit-mugging behavior of the United States” after REvil group pushed offline — Graham Cluley.
All the ways Netflix tracks you and what you watch — Wired.
The inside story of Bandersnatch, the weirdest Black Mirror episode yet — Wired.
Netflix’s Secret Special Algorithm Is a Human — The New Yorker.
Why Netflix Might Run Ads: Analysts See $1 Billion Revenue Upside — Variety.
Devious Licks Trend — Know Your Meme.
TikTok's 'devious licks' challenge source of destruction in Summit County schools, businesses — MSN.
TikTok Bans 'Devious Licks' Trend Which Saw High School Students Arrested — Newsweek.
TikTok to be in congressional hotseat over school-trashing content — Reuters.
Kid destroys printer for TikTok in front of his parents — Reddit.
To combat all the devious licks, we are now met with angelic yields — TikTok.
Woodmere Avenue Width Restriction Crashes Compilation — YouTube.
Woodmere Avenue Crashes YouTube channel.
Moment 11 vehicles including a police van smash into steel post in just four weeks — Daily Mail.
Jon Richardson & The Futurenauts podcast.
Dead Air podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Press F12 to hack

Wed, 20 Oct 2021 22:00:00 +0000

A journalist is threatened with prosecution after choosing to "View Source" on a public webpage, Amazon Ring owners might be in line for a hefty fine if their neighbours complain, and is the school lunch queue a good place for facial recognition?

Visit https://www.smashingsecurity.com/248 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

Missouri teachers’ Social Security numbers at risk on state agency’s website — St Louis Post-Despatch.
Missouri governor vows criminal prosecution of reporter who found flaw in state website — Missouri Independent.
State of Missouri Addresses Data Vulnerability — State of Missouri Office of Administration press release.
Governor Parson Press Conference MO Education Website Hack — YouTube.
Doctor set for £100k pay-out after judge ruled neighbour's Ring doorbell cameras breached privacy — Daily Mail.
The pandemic is testing the limits of face recognition — MIT Technology Review.
ICO to step in after schools use facial recognition to speed up lunch queue — The Guardian.
The most sassy bride in history of Married At First Sight Australia — YouTube.
Married at First Sight Australia — All 4. (Series 6 is the one to watch, according to Graham)
Dark Air with Terry Carnation — Audioboom.
Vigil — BBC iPlayer.
Art Bell — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Rickrolling submarine secrets

Wed, 13 Oct 2021 22:00:00 +0000

A married couple are accused of selling nuclear sub secrets, Facebook continues to make young lives a misery, and a school hacker lets loose one heck of a prank.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/247 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.

Support Smashing Security

Links:

Maryland Nuclear Engineer and Spouse Arrested on Espionage-Related Charges — US Department of Justice.
Couple charged with leaking US nuclear sub designs — The Register.
Facebook will add new safety features, notably for teens, after whistleblower leak — CNBC.
Unfollow Everything cease-and-desist letter from Facebook — Louis Barclay.
IoT Hacking and Rickrolling My High School District — WhiteHoodHacker.
Board Game Arena — Play board games online from your browser.
Foundation — Official Trailer — YouTube.
Foundation — Apple TV.
Film Courage.
Film Courage — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Facebook has fallen

Wed, 06 Oct 2021 22:00:00 +0000

Facebook suffers a massive (and very public) failure, Britain announces plans for counter-attacking nation states in cyberspace, and there's a tragic story related to ransomware.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.

And don't miss our featured interview with Attivo Network's Carolyn Crandall.

Visit https://www.smashingsecurity.com/246 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Carolyn Crandall and Chris Kirsch.

Sponsored By:

Support Smashing Security

Links:

Update about the October 4th outage — Facebook Engineering.
More details about the October 4 outage — Facebook Engineering.
Facebook Whistleblower Says Company Chooses ‘Profits Over Safety’ All The Time — Vice.
Inside Facebook’s Push to Defend Its Image — The New York Times.
Conspiracy Theories About Facebook Outage Spread Even Without Facebook — Vice.
Facebook outage: what went wrong and why did it take so long to fix after social platform went down? — The Guardian.
A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death — Wall Street Journal.
Baby's Death Alleged to Be Linked to Ransomware — Threatpost.
US unites 30 countries to disrupt global ransomware attacks — Bleeping Computer.
Interpol urges police to unite against 'potential ransomware pandemic' — Bleeping Computer.
More than 20,000 arrests in year-long global crackdown on phone and Internet scams — Interpol.
Lancashire partners welcome NCF to the North West — Lancashire Enterprise Partnership
National Cyber Force to be based in Samlesbury — BBC News.
BoardGameGeek.
I Expect You To Die — Schell Games.
Midnight Mass — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

The Julian Assange assassination plot, and IoT toilets

Wed, 29 Sep 2021 22:00:00 +0000

While Julian Assange was killing time in the Ecuador's embassy in London, the CIA were trying to dream up ways to kill him, and urine trouble if you put your trust in an IoT lavatory.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by nobody at all.

Visit https://www.smashingsecurity.com/245 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks — Yahoo News.
The seven-year itch: Assange's awkward stay in the embassy — The Guardian.
Assange Held Legal Meetings in Ladies' Toilet Due to Paranoia: Report — Business Insider.
Julian Assange smeared faeces on walls of Ecuadorian embassy, interior minister claims — The Independent.
Julian Assange: Why Ecuador ended his stay in London embassy — BBC News.
Julian Assange dragged from Ecuadorean embassy — BBC News.
The smart toilet era is here! Are you ready to share your analprint with big tech? — The Guardian.
Assume Nothing - Hack Attack — BBC Sounds.
The Art Museum — Phaidon.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Facebook Ray-Bans, VPN spies, and AI camouflage

Wed, 22 Sep 2021 22:00:00 +0000

How much do you trust the people who work at your VPN provider? How are folks fighting facial recognition? And what on earth is Ray-Ban thinking getting into bed with Facebook?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/244 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government — Department of Justice.
DarkMatter.
Ex-NSA cyberspies reveal how they helped hack foes of UAE — Reuters.
Daniel Gericke and ExpressVPN – Official Response — ExpressVPN.
Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week — ZDNet.
Facebook debuts its Ray-Ban Stories smart sunglasses — TechCrunch.
Facebook warned over ‘very small’ indicator LED on smart glasses, as EU DPAs flag privacy concerns — TechCrunch.
Mark Zuckerberg introduces Ray-Ban Stories — YouTube.
Computer Vision Dazzle Camouflage — CV Dazzle.
Researchers Defeated Advanced Facial Recognition Tech Using Makeup — Vice.
Dodging Attack Using Carefully Crafted Natural Makeup — YouTube.
How to Play the Piano by James Rhodes — Amazon UK.
Music and the inner self, TEDx talk by James Rhodes — YouTube.
Yamaha P-45 — Thomann.
Origins: How the Earth Shaped Human History by Lewis Dartnell — Amazon UK.
Life Lines — BBC Radio 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Breaking news, Apple zero-clicks, and bad blood

Wed, 15 Sep 2021 22:00:00 +0000

A Walmart press release says it's jumping aboard the cryptocurrency bus - but is it true? Theranos's Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack?

Visit https://www.smashingsecurity.com/243 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Thom Langford.

Sponsored By:

Support Smashing Security

Links:

Fake Walmart news release claimed it would accept cryptocurrency — BBC News.
Alerts and story on Walmart to accept Litecoin payments withdrawn — Reuters.
NOTICE TO DISREGARD - Walmart Inc. — Globe Newswire
Walmart Statement in Response to Fake Litecoin Press Release — Walmart.
Litecoin Foundation ‘Screwed Up,’ Lee Says of Walmart Snafu — Bloomberg.
Walmart-Litecoin Pact Hoax Jolts Crypto Market — YouTube.
Official statement from Litcoin Foundation — Twitter.
Apple rushes to block 'zero-click' iPhone spyware — BBC News.
Pegasus: Spyware sold to governments 'targets activists' — BBC News.
Smashing Security #237: NuNa, NuNu, NaNa — Podcast episode where we previously discussed NSO Group's activities.
The rise and fall of Theranos: so many lessons in a drop of blood — The Conversation.
Theranos Didn’t Just Harm Investors — Bloomberg.
Theranos founder Elizabeth Holmes 'lied and cheated', trial hears — BBC News.
Theranos Founder Elizabeth Holmes Is on Trial. Silicon Valley Is Watching — Wired.
#susanalbumparty: The ad campaigns that accidentally (or not) launched filthy hashtags — BBC.
‎Bad Blood: The Final Chapter — Apple Podcasts.
"The Trip" trailer — YouTube.
TraffickCam.
101 Great Cuss/Swear Word Alternatives — WeHaveKids.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

ProtonMail privacy questioned, and Banksy blunder

Wed, 08 Sep 2021 22:00:00 +0000

ProtonMail finds itself in a privacy pickle, the big problem with Facebook's algorithmic amplification, and strange things are happening on Banksy's website.

Visit https://www.smashingsecurity.com/242 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

ProtonMail logged IP address of French activist after order by Swiss authorities — TechCrunch.
Important clarifications regarding arrest of climate activist — ProtonMail.
Information for Law Enforcement Authorities — ProtonMail.
Tweet by Andy Yen, founder of ProtonMail.
Why Facebook Won’t Stop Pushing Propaganda — Mother Jones.
Fake Banksy NFT sold through artist's website for £244k — BBC News.
A fake Banksy sold for $330K is a perfect symbol of a wild NFT market — The Next Web.
Banksy was warned about website flaw before NFT hack scam — BBC News.
McCartney 3,2,1 - Trailer — YouTube.
Classic Albums — BBC Four.
Backyard Coaster POV | Little Thunder — YouTube.
Inside the Most Impressive Backyard Roller Coaster I've Ever Seen: Little Thunder — Coaster 101.
Pre-owned Rides for sale.
Netflix Drops Trailer for New Norwegian Vampire Comedy Post Mortem: No One Dies in Skarnes — Netflix.
Post Mortem: No One Dies in Skarnes — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Flipping dating apps, and crypto rewards for criminals

Wed, 01 Sep 2021 22:00:00 +0000

How to find your match on the Bumble dating app, convicted criminals make money out of cryptocurrency, and there are concerns about data in Afghanistan.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/241 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Vulnerability in Bumble dating app reveals any user's exact location — Robert Heaton.
How Tinder keeps your exact location (a bit) private — Robert Heaton.
The Taliban Have Seized U.S. Military Biometrics Devices — The Intercept.
A U.S.-built biometric system sparks concerns for Afghans — NBC News.
This is the real story of the Afghan biometric databases abandoned to the Taliban — MIT Technology Review.
Sweden must give Bitcoin worth €1.3 million back to drug dealers after costly legal misstep — Euronews.
Miles Davis: Birth of the Cool — Netflix.
What We Do in the Shadows — BBC iPlayer.
Watch What We Do in the Shadows — Hulu.
Radio Garden.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

3D printer hijacks, crypto fails, and a tech billionaire’s revenge

Wed, 25 Aug 2021 22:00:00 +0000

A bug unravels 3D printer security, cryptocurrency sites can't stop getting hacked, and hear our special guest spill a cup of tea while inhabiting his wife's knicker drawer.

All this and much much more can be found in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC cybersecurity correspondent Joe Tidy.

Visit https://www.smashingsecurity.com/240 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Joe Tidy.

Sponsored By:

Support Smashing Security

Links:

We Broke Into A Bunch Of Android Phones With A 3D-Printed Head — Forbes.
Wake up this morning and see this on my 3D printer (I use octoprint and now I’m scared) — Reddit.
What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone — Naked Security.
A detailed analysis of the security incident last night — The Spaghetti Detective.
The PewDiePie Hackers: Could hacking printers ruin your life? — BBC News.
The $600 million Poly Network hacker's Q&A — Twitter.
Crypto hacker offered reward after $600m heist — BBC News.
Hackers steal nearly $100m in Japan crypto heist — BBC News.
Altsbit Crypto Exchange Gets Hacked, 'Almost All Funds' Are Gone — Bitcoinist.
Bitpoint Exchange Hacked for $32 Million in Cryptocurrency — CoinDesk.
Coincheck: World's biggest ever digital currency 'theft' — BBC News.
The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster — Wired.
Buying a pink NFT cat was a crypto nightmare — BBC News.
Hearings Continue In Case Of Wealthy Robotics Founder Sued By His Wife For ‘Indefensible’ Sale Price Of His Startup — Forbes.
Google ‘founder’ created revenge site against estranged wife — New York Post.
Billionaire investor who helped launch Google is accused of 'divorce terrorism' in bitter break-up — Daily Mail.
Cracker (British TV series) — Wikipedia.
Cracker — BritBox.
K&F Concept 4K WiFi 30MP Trail Camera Game Camera with 940nm Infrared Outdoor IP66 Waterproof Hunting Infrared Night Vision Camera — K&F Concept.
Keeping the Wolf Out — BBC Radio 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

TikTok vigilantes, sloppy IoT, and Wikipedia woe

Wed, 18 Aug 2021 22:00:00 +0000

The Great Londini has gathered a two million strong army to out TikTok trolls, there's a bad supply chain vulnerability in many IoT devices, and how did Wikipedia pages end up covered in Nazi swastikas?

Visit https://www.smashingsecurity.com/239 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: John Hawes.

Sponsored By:

Support Smashing Security

Links:

Thousands of Wikipedia Pages Vandalized With Giant Swastikas — Gizmodo.
Video of Wikipedia defacement — Twitter.
Scottish Wikipedia.
Um, almost the entire Scots Wikipedia was written by someone with no idea of the language – 10,000s of articles — The Register.
Protection policy — Wikipedia.
Austrian soldier imprisoned for showing photos of swastika tattoo on testicle — Jewish News.
Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain — IOT Inspector.
TikTok adds more safety features for teens — CNET.
TikTok Vigilante Group the Great Londini Has Made Hunting Down Trolls Its Mission — Insider.
Who is TikTok’s masked vigilante? — BBC News.
News Bunny — Wikipedia.
Nestflix.
The Movies That Made Us — Netflix.
The School of Life — YouTube.
How Not to be Boring — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Fashion captain, fraud family, and DEF CON. D'oh!

Wed, 28 Jul 2021 22:00:00 +0000

Pygmy hippopotamus bugs, DEF CON's data slip-up, and phishing fraudsters have their collars felt.

Visit https://www.smashingsecurity.com/238 to check out this episode’s show notes and episode links.

We're going to be taking a holiday for a couple of weeks, but will be back with a regular show later in August.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Paul Ducklin.

Sponsored By:

Support Smashing Security

Links:

DEF CON masks and vaccination FAQ.
Hacking DEF CON 29 — Reznok.
Tweet by Jeff Moss (Dark Tangent) thanking Reznok.
PetitPotam proof-of-concept tool — GitHub.
Windows “PetitPotam” network attack – how to protect against it — Naked Security.
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands — Bitdefender.
The Trigan Empire — Wikipedia.
The Rise and Fall of The Trigan Empire: Volume 1 — Treasury British Comics Shop.
Tangle Teezer — If you want to be a Fashion Captain, like Duck.
Modern Love trailer — YouTube.
Modern Love (TV series) — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

NuNa, NuNu, NaNa

Wed, 21 Jul 2021 22:00:00 +0000

Spy software known as Pegasus has been used to carry out surveillance on the smartphones of journalists, activists, and political leaders. Can a "Freedom Phone" be trusted? And a ransomware-hit law firm demonstrates how not to keep its customers informed.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Visit https://www.smashingsecurity.com/237 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Thom Langford.

Sponsored By:

Support Smashing Security

Links:

The Pegasus project — The Guardian.
Revealed: leak uncovers global abuse of cyber-surveillance weapon — The Guardian.
Pegasus: NSO clients spying disclosures prompt political rows across world — The Guardian.
Pegasus: Spyware sold to governments 'targets activists' — BBC News.
Revealed: murdered journalist’s number selected by Mexican NSO client — The Guardian.
Forensic Methodology Report: How to catch NSO Group’s Pegasus — Amnesty International.
Mobile Verification Toolkit (MVT) — Forensic tool to look for signs of infection in smartphone devices.
Freedom Phone.
MAGA World’s ‘Freedom Phone’ Actually Budget Chinese Phone — Daily Beast.
Hacker Fantastic on Twitter.
Finnish therapy clinic’s CEO fired after despicable data breach and blackmail threats — Graham Cluley.
Campbell Conroy & O’Neil Provides Notice of Data Privacy Incident – — Campbell Conroy & O'Neil.
They were competitive eaters. Then they fell in love — Wired.
Brickit: Rebuild your Lego.
Central Park — Apple TV.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Stingrays, soccer, and smart homes

Wed, 14 Jul 2021 22:00:00 +0000

How did investigators ask a romance scammer out on a date, smart homes continue to play dumb, and is it time for social media sites to do more about racist football fans?

Visit https://www.smashingsecurity.com/236 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Zoe Kleinman.

Sponsored By:

Support Smashing Security

Links:

How Does The Secret Service Track Fugitives? One Romance Scammer Hunt Started With A Simple Text — Forbes.
Stingrays bought, quietly used by police forces across England — Ars Technica.
Euro 2020: Why abuse remains rife on social media — BBC News.
Clapper commercial — YouTube.
Samsung Washing Machine App Requires Access to Your Contacts and Location — Vice.
Why first-time buyers should buy into smart home tech for their first move — Property Reporter.
Graham Cluley with his Columbo mug — Twitter.
The Columbophile fan site.
How Columbo Became an Unlikely Quarantine Hit — GQ.
Bose QuietComfort Earbuds — Bose.
Late Night POV Cooking with J Kenji López-Alt — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

REvil returns, TikTok grows, and Gettr defaced

Wed, 07 Jul 2021 22:00:00 +0000

A ransomware gang has exploited a security hole in software used by many businesses, and are demanding $70 million for a decryption tool. Plus we take a close look at TikTok, and a website which seems to have entirely ripped-off Twitter.

Visit https://www.smashingsecurity.com/235 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Chris Stokel-Walker.

Sponsored By:

Support Smashing Security

Links:

REvil ransomware rampages following Kaseya supply-chain attack — Graham Cluley.
Swedish Coop supermarkets shut due to US ransomware cyber-attack — BBC News.
Kaseya CEO Fred Voccola Addresses Cyberattack and Next Steps for VSA Customers — YouTube.
Kaseya Responds Swiftly to Sophisticated Cyberattack, — Press release.
Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO says — Reuters.
TikTok's Underlying Tech Is About to Go on Sale — Business Insider.
This Is How TikTok Sends User Data to China — Business Insider.
TikTok insiders say Chinese parent ByteDance is in control — CNBC.
“Happy July 4th!” from Mark Zuckerberg — Instagram.
Team Trump quietly launches new social media platform — Politico.
Pro-Trump social media app hacked on launch day as half million sign up — Reuters.
Pro-Trump social media site Gettr hacked — CNET.
The Trump Team’s New Social Media Platform Is Already Flooded With Hentai — Mother Jones.
Broken Sword 5: The Serpent's Curse — Revolution Software.
This Is a Robbery: The World's Biggest Art Heist — Netflix.
Passenger List — Radiotopia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cozy Bear, dildo scams, and robo hires and fires

Wed, 30 Jun 2021 22:00:00 +0000

Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from "Amazon"...

And you will NOT want to miss checking out a very special "Pick of the week"!

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.

Visit https://www.smashingsecurity.com/234 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: David Bisson.

Sponsored By:

Support Smashing Security

Links:

Cozy Bear — Wikipedia.
Bears in the Midst: Intrusion Into the Democratic National Committee — Crowdstrike.
Coronavirus: Russian cyber spies attempting to steal vaccine research from Britain, US and Canada — Sky News.
New Nobelium activity — Microsoft Security Response Center.
Smashing Security episode 214: "Lockdown love scams, SolarWinds, and a data deletion bungle."
Screenshot of email David received from "Amazon"
This $1.3 Million Vibrator Is One Of The World's Most Expensive Sex Toys — Forbes.
Amazon Flex.
AI at work: Staff 'hired and fired by algorithm' — BBC News.
Fired by Bot: Amazon Turns to Machine Managers And Workers Are Losing Out — Bloomberg.
Horror stories from Amazon Flex workers — Reddit.
Art'n'Doodles from Carole Theriault — Carole.wtf
⎌ Nurture ⎌ — Porter Robinson.
How John Berger changed our way of seeing art — The Conversation.
Ways of Seeing Episode 1, with John Berger — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Peloton problems, romance regret, and Weiner woes

Wed, 23 Jun 2021 22:00:00 +0000

We take a look at why Peloton is being accused of ransomware-like behaviour, how one man lost $250,000 in a romance scam, and how a chap called Weiner has found himself in a political pickle.

Plus we have a featured interview with KnowBe4 expert Roger Grimes. Don't miss it!

Visit https://www.smashingsecurity.com/233 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Andrew Agnês and Roger A Grimes.

Sponsored By:

Support Smashing Security

Links:

CPSC Warns Consumers: Stop Using the Peloton Tread+ — CPSC
Peloton Tread+ Treadmill Safety Incident — YouTube.
Peloton Recalls Tread+ Treadmills After One Child Died and More than 70 Incidents Reported — CPSC.
Peloton Recalls Tread Treadmills Due to Risk of Injury — CPSC.
Tread Lock — Peloton support.
Peloton Tread owners now forced into monthly subscription after recall — Bleeping Computer.
Is Your Peloton Spinning Up Malware? — McAfee.
A fake wedding, and a $250,000 scam — BBC News.
Romance fraud advice — Action Fraud.
OnlyFans, Twitter ban users for leaking politician's BDSM video — Bleeping Computer.
Statement by Zack Weiner — Twitter.
Anthony Weiner documentary trailer — YouTube.
Blue — Joni Mitchell.
Timekettle Voice Language Translator.
Finders Keepers trailer — YouTube.
Finders Keepers (2015 film) — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Zoomolympics and language matters

Wed, 16 Jun 2021 22:00:00 +0000

Video gaming giant Electronic Arts suffers a hack following slack security, the Japanese Olympics are proving unpopular with everyone apart from cybercriminals, and le coq est mort.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/232 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Coq on GitHub.
Alternative names for Coq.
Realizing this is getting out of hand, Coq mulls new name for programming language — The Register.
Terminology: it's not black and white — NCSC.
Hackers Steal Wealth of Data from Game Giant EA — Vice.
Japan - COVID-19 Overview — Johns Hopkins.
Olympics 2021: When Tokyo Games start and what restrictions will be in place — Irish Mirror.
Tokyo Olympic Games: When are they and will they go ahead despite Covid? — BBC News.
Tokyo Olympics organizers' data swept up in Fujitsu hack: report — CyberScoop.
Tokyo Games organizers hit by data breach and info leak — The Japan Times.
XPOL-2-5G antenna — Poynting.
Mondo Mascots — Twitter.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Sexy snaps and encrypted chat traps

Wed, 09 Jun 2021 22:00:00 +0000

Criminals are caught in a encrypted chat trap, should you trust Apple's repair team with your sexy snaps, and do you think the FBI should be able to tell who has been reading the USA Today website?

And don't miss our featured interview with Dr Simon Wiseman, the CTO of Deep Secure.

Visit https://www.smashingsecurity.com/231 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Dave Bittner and Simon Wiseman.

Sponsored By:

Support Smashing Security

Links:

AFP-led Operation Ironside smashes organised crime — Australian Federal Police.
AN0M: Hundreds arrested in massive global crime sting using messaging app — BBC News.
Fake encrypted app cooked up over beers by Aussie cops and the FBI leads to global sting — Daily Mail.
FBI Effort to Expose 'USA Today' Readers Was Likely Unlawful, Experts Say — Gizmodo.
Sunrise, Florida, shooting: 2 FBI agents killed in shootout identified — USA Today.
Apple paid woman millions after technicians used her iPhone to post explicit videos — The Guardian.
Get your iPhone, iPad, or iPod touch ready for service — Apple Support.
The Three Investigators.
Mini Motorways.
Mini Motorways gameplay video — YouTube.
Mini Metro — A strategy simulation game about designing a subway map for a growing city.
Love Death & Robots review – prestige TV with added sexbots — The Guardian.
Netflix’s Love, Death & Robots Volume 2 Ranked Best to Worst — Vulture.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Flash card f-up and energy pipe pilfering

Wed, 02 Jun 2021 22:00:00 +0000

The US military has been caught exposing its nuclear weapons secrets, and we explore the world of nerdy miners.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by "Lola."

Visit https://www.smashingsecurity.com/230 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

WarGames (1983 movie starring Matthew Broderick) — Wikipedia.
Cram: Create and Share Online Flashcards.
Chegg flashcards.
US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps — Bellingcat.
'Three nerds' linked to massive Bitcoin mine found in Sandwell warehouse — Birmingham Mail.
Sandwell Bitcoin mine found stealing electricity — BBC News.
The Berglas Effect: Magic's Best Card Trick — The New York Times.
David Berglas and the Legendary Berglas Effect — YouTube.
West Cork podcast — Acast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Dating leaks, right to repair, and a stinky bishop

Wed, 26 May 2021 22:00:00 +0000

A big cheese ends up in jail, a Japanese dating site spills the dirt after a hack, and we learn all about the right to repair.

Plus don't miss our featured interview with Javvad Malik from KnowBe4.

Visit https://www.smashingsecurity.com/229 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Javvad Malik and Paul F Roberts.

Sponsored By:

Support Smashing Security

Links:

Cheese Is Addictive As Drug: Dairy Product Triggers Brain Region Linked To Addiction — Tech Times.
How Police Secretly Took Over a Global Phone Network for Organized Crime — Motherboard.
Liverpool man latest to be jailed as part of national Operation Venetic — Merseyside Police.
Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall — The Register.
Automakers Hype Hacking Threat To Sink Pro-Repair Measure — Forbes.
FTC Report Slams OEM Restrictions on Repair — Fight to Repair.
securepairs.org – IT pros fight for a fixable future.
Apology for dating breach (Japanese).
Coronavirus: Why dating feels so different now — BBC Worklife.
How Covid-19 has upended dating for singles — Vox.
Japan's biggest dating app hit by major cyberattack — TechRadar.
Omiai(お見合い)
The Pursuit of Love — BBC.
Adapting The Pursuit of Love for BBC One — BBC Writers Room.
The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms — MIT Technology Review.
Obscura.
Fstoppers Reviews Obscura 2: A Superb iOS Photo App that Rethinks the 'Interface' — Fstoppers.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Pipeline pickle, Blockchain bollocks, and Eufy SNAFU - with Rory Cellan-Jones

Wed, 19 May 2021 22:00:00 +0000

The Colonial Pipeline attack has shone light on the activities of the Darkside ransomware gang, we take a skeptical look at cryptocurrencies and the blockchain, and Eufy security cameras suffer an embarrassing security failure.

Plus don't miss our featured interview with Vanessa Pegueros of OneLogin.

Visit https://www.smashingsecurity.com/228 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Rory Cellan-Jones and Vanessa Pegueros.

Sponsored By:

Support Smashing Security

Links:

Major US oil pipeline shut down after ransomware attack — Graham Cluley.
Abrdn: Standard Life Aberdeen vowel-less rebrand mocked — BBC News.
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized — Brian Krebs.
Colonial Pipeline did pay ransom to hackers, sources now say — CNN.
Darkside Retreats to the Dark — Kim Zetter on Substack.
Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims — Elliptic.
"Always On: Hope and Fear in the Social Smartphone Era" by Rory Cellan-Jones — Bloomsbury.
Eufy privacy breach leaks both live and recorded cam feeds — 9to5 Mac.
WARNING Disconnect any Eufy Security products you own immediately — Reddit.
Server glitch allowed Eufy owners to see through other homes’ cameras — The Verge.
Crown Court (TV series) — Wikipedia.
Fulchester Crown Court — Fan website.
Crown Court - The Jawbone of an Ass (1978) — YouTube.
Crown Court - Treason — YouTube.
BBC Weather app for Android — Google Play Store.
‎BBC Weather app for iOS — iOS App Store.
The Hyacinth Disaster - A Sci Fi Audio Drama.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Phishing foul-up, Twitter tip jars, and Facebook's Apple fury

Wed, 12 May 2021 22:00:00 +0000

Facebook says it's sticking up for the little guys as it picks a fight with Apple, there are testing times on the trains, and Twitter takes a tip.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].

Visit https://www.smashingsecurity.com/227 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Ray [REDACTED].

Sponsored By:

Support Smashing Security

Links:

Train firm’s ‘worker bonus’ email is actually cybersecurity test — The Guardian.
Anger Over Shocking Covid Bonus Stunt At West Midlands Trains — TSSA.
Researcher calls out privacy flaw in Twitter’s new ‘Tip Jar’ donation feature — The Daily Swig.
Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable — Wired.
We Checked 250 iPhone Apps—This Is How They’re Tracking You — Wirecutter.
96% of US users opt out of app tracking in iOS 14.5, analytics find — Ars Technica.
App Privacy Details on the App Store — Apple.
What is App Tracking Transparency and how do you block app tracking? — MacWorld.
Daily iOS 14.5 Opt-in Rate — Flurry.
If an app asks to track your activity — Apple Support.
Another Kind of Mind – A Different Kind of Beatles Podcast.
One Sweet Dream podcast.
The Pret Index: Pret Sandwich Sales Show Where U.K. Workers Are Returning to the Office — Bloomberg.
Unframed : Intimacies, Félix Vallotton — YouTube.
Unframed, a virtual reality series about Swiss painters.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cryptocrazies and NFTs

Wed, 05 May 2021 22:00:00 +0000

How did the SCAM cryptocurrency become a success? Why is Google allowing government rip-off ads to still appear on search results? And why on earth is everyone suddenly spending millions of dollars on NFTs?

Visit https://www.smashingsecurity.com/226 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: David McClelland.

Sponsored By:

Support Smashing Security

Links:

Andre Lewis (@dreesuschrist) — TikTok.
This TikToker’s ‘SCAM’ Cryptocurrency Took Off and He Can’t Believe It — Motherboard.
Simple. Cool. Automatic. Money — Scamily.io.
Why can't Google get a grip on rip-off ads? — BBC News.
New Government Services Policy — Google Advertising Policies.
Fungible definition and meaning — Collins English Dictionary.
NFTs, explained: what they are, and why they’re suddenly worth millions — The Verge.
Why Did Someone Pay $560,000 for a Picture of My Column? — The New York Times.
Jack Dorsey is trying to sell his first tweet as an NFT — The Verge.
CryptoPunks — Larva Labs.
Johnny Depp selling Winona Ryder poem as part of NFT collection — Female First.
NFTs are suddenly everywhere, but they have some big problems — CNN.
Chrome can now caption audio and video — Google.
Gosforth Handyman.
Gosforth Handyman — YouTube.
Grow Bag Pros And Cons – Advantages And Disadvantages Of Grow Bags — Gardening KnowHow.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Master of your domain, gripe sites, and John Deere Farmergeddon

Wed, 28 Apr 2021 13:00:00 +0000

Google loses its domain in Argentina, how do gripe sites make their dough, and has John Deere solved the cybersecurity problem?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/225 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

Smashing Security Christmas LIVE STREAM — Including Mark Stockley and his chickens.
How a WhatsApp status loophole is aiding cyberstalkers — Traced.
Google Argentina's domain name bought by man for £2 — BBC News.
Hacker breaks into Google Palestine homepage in protest of Maps depiction — Firstpost.
Google Security Rewards - 2015 Year in Review — Google Online Security Blog.
Microsoft forgets to renew hotmail.co.uk domain — The Register.
184 Years In: Ag Giant John Deere Awaits Its First Software Vulnerability — Forbes.
Bugs Allowed Hackers to Dox John Deere Tractor Owners — Vice.
The Wurzels sing "Combine Harvester" — YouTube.
The Slander Industry — The New York Times.
A Vast Web of Vengeance — The New York Times.
Remove content about me on sites with exploitative removal practices from Google — Google Search Help.
Online demo of MicroMacro - Crime City.
MicroMacro - Crime City.
They Hacked McDonald’s Ice Cream Machines—and Started a Cold War — Wired.
Mcbroken.
Overheard In New York.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

The Lazarus Heist, Facebook faux pas, and no-cost security

Wed, 21 Apr 2021 22:00:00 +0000

Facebook has managed to do the seemingly impossible - and had a data breach about its handling of a data breach. Meanwhile, we chat to the host of the brand new podcast about North Korea's hackers targeting the rest of the world, and discuss if an intern can be trusted to monitor your security.

Plus! Don't miss our featured interview with Duo's Helen Patton.

Visit https://www.smashingsecurity.com/224 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Geoff White and Helen Patton.

Sponsored By:

Support Smashing Security

Links:

Facebook isn’t sorry for letting someone steal personal details of half a billion users — Graham Cluley.
Stolen Data of 533 Million Facebook Users Leaked Online — Business Insider.
Interne mail toont hoe Facebook veiligheidsproblemen wil 'normaliseren' — Data News.
Facebook suffers a data breach about how it’s hoping to stop the media talking about its last data breach — Graham Cluley.
The Lazarus Heist podcast — BBC World Service.
Local Government Organizations Most Frequently Targeted by Ransomware — Infosecurity Magazine.
Update On Ransomware Attack Against Town Of Didsbury — CKFM.
Entry-Level Information Security Positions — Dummies.
How to get an Entry-Level Cyber Security Job in 2021 — Comparitech.
Getting into cyber security — Cisco.
Cybersecurity training — NIST.
Best online cybersecurity courses of 2021: free and paid certification programs, degrees and masters — TechRadar.
PISCES: Public Infrastructure Security Cyber Education System.
Paperball Deluxe — Nintendo store.
Paperball — Steam.
Paperball Deluxe – Indie Super Monkey Ball!? — YouTube.
Jeff Mills - "Exhibitionist Mix" ( Full version) — YouTube.
Invincible — Amazon Prime.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Booze, nudes, and insurance dudes

Wed, 14 Apr 2021 22:00:00 +0000

Should insurance companies be banned from helping companies pay ransomware demands? How has malware messed with motorcars in the United States? And how are cybercriminals exploiting alcohol drinking during the pandemic?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/223 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Lessons of the SolarWinds hack — Article by Marcus Willett, IISS.
Insurers defend covering ransomware payments — BBC News.
Cyber insurance giant CNA hit by ransomware attack — Graham Cluley.
FatFace pays out $2 million to Conti ransomware gang — Graham Cluley.
How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director — The Register.
Cyber Attack Forces Vehicle Emissions Testing Company to Halt Operations in 8 States — The Drive.
Malware attack is preventing car inspections in eight US states — Bleeping Computer.
Service Restoration Status Update — Applus Tech.
Changes in Adult Alcohol Use and Consequences During the COVID-19 Pandemic in the US — JAMA Network.
Rebalancing the ‘COVID-19 effect’ on alcohol sales — NielsenIQ.
Alcohol does not protect against COVID-19; access should be restricted during lockdown — WHO.
Lockdown Saw Rise in Wine Domains and Wine Scammers — Recorded Future.
The Raven Remastered — THQ Nordic.
The Raven Remastered trailer — YouTube.
Westworld — HBO.
Thermapen Fast, Accurate Instant-read Thermometers — Thermoworks.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Facebook, deepfakes, and April Fools scandals - with Nina Schick

Wed, 07 Apr 2021 22:00:00 +0000

Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook's latest data fiasco, and some less-than-brilliant April Fool's tricks.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/222 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Nina Schick.

Sponsored By:

Support Smashing Security

Links:

Stolen Data of 533 Million Facebook Users Leaked Online — Business Insider.
Mark Zuckerberg is on Signal — Dave Walker on Twitter.
The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned — Troy Hunt.
Facebook isn’t sorry for letting someone steal personal details of half a billion users — Graham Cluley.
Smashing Security episode 75: Quitting Facebook.
Deep Fakes - the coming infocalypse. — Nina Schick.
This Person Does Not Exist.
'Deepfake' AI Trump impersonator highlights election fake news threat — CNBC.
Past Google April Fools Pranks As It Cancels 2021's Over COVID — Newsweek.
"Joke" tweet by Piers Morgan — Twitter.
The joke is on Volkswagen after April Fool’s name change debacle — Al Jazeera.
Deliveroo April Fool's joke backfires in France — BBC News.
The 8 Generations of Video Game Consoles — BBC Archive.
The Terror — BBC iPlayer.
Pretend it's a city — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

God bless his hairy palms

Wed, 31 Mar 2021 22:00:00 +0000

FatFace stumps up $2 million to its ransomware extortionists, an IT administrator is caught with his pants down, Mobikwik blames its users for a data breach, and we burgle a house... virtually.

Visit https://www.smashingsecurity.com/221 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Thom Langford.

Sponsored By:

1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.

Support Smashing Security

Links:

FatFace would like everyone to keep its data breach “strictly private and confidential” — Graham Cluley.
Retailer FatFace pays $2m ransom to Conti cyber criminals — Computer Weekly.
Streisand effect — Wikipedia.
'We have your porn collection': The rise of extortionware — BBC News.
Mobikwik Data Breach: Data of 10 crore Mobikwik users for sale on dark web, say cybersecurity experts — The Economic Times.
Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web — India Today.
Rick Beato — YouTube.
What Makes This Song Great? Ep.94 Gordon Lightfoot — YouTube.
Adriano Celentano - Prisencolinensinainciusol — YouTube.
Ember: The World’s First Temperature Control Mug.
Slow-cooked guide to Sous Vide Eggs — Serious Eats.
Art History 101 — YouTube.
Chris Luedke, art historian — Twitter.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Ransoms, scandals, and glitter bombs

Wed, 24 Mar 2021 23:00:00 +0000

PC manufacturer Acer might have received a $50 million ransom demand, a warning spreads on Facebook about a trick being used by hackers, and why are the City of London's police not happy about Sci Hub?

Visit https://www.smashingsecurity.com/220 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Alex Eckelberry.

Sponsored By:

Support Smashing Security

Links:

Hackers cannot post Facebook comments on your behalf without you seeing it — AFP Fact Check.
Does a Facebook Hack 'Hurt and Offend' Friends? — Snopes.
Stop sending mail you later regret — Gmail blog.
April Fools Check: Did Google Really Release Mail Goggles? — TechCrunch.
When was blinking invented?
Computer giant Acer hit by $50 million ransomware attack — Bleeping Computer.
Ransomware gang says it targets firms who have cyber insurance. And what’s more, it will hack insurance firms to identify them… — Graham Cluley.
Is the staggeringly profitable business of scientific publishing bad for science? — The Guardian.
Police warn students and universities of accessing an illegal website to download published scientific papers — City of London Police.
Meet the pirate queen making academic papers free online — The Verge.
Sci-Hub: How Does it Work? — The Scholarly Kitchen.
Glitterbomb Trap Catches Phone Scammer (who gets arrested) — YouTube.
After Life — Netflix.
The One — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cheerleaders, dating apps, and crisis PR

Wed, 17 Mar 2021 23:00:00 +0000

How are cheerleaders being creeped out by deepfakes? What might Tinder tell potential dates about your murky past? And how should companies respond to the press when a security breach occurs?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Yvonne Eskenzi.

Visit https://www.smashingsecurity.com/219 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Yvonne Eskenzi.

Sponsored By:

Support Smashing Security

Links:

Chris Farley makes an energetic entrance to the David Letterman show — YouTube.
Cheer — Netflix.
Bucks County woman created ‘deepfake’ videos to harass rivals on her daughter’s cheerleading squad, DA says — Philadelphia Inquirer.
Cheerleader, 17, who appeared in 'deepfake' vaping video 'made by rival's mom' tells how she broke down in tears — The Sun.
Oliver Reed on being deadly — YouTube.
Deep Tom Cruise — TikTok.
Deep Tom Cruise pretends to be a snapping turtle — TikTok.
Deep Tom Cruise demonstrates his golf swing — TikTok.
A Guide to Crisis Communications for Incident Response — Eskenzi PR.
Tinder to introduce in-app background checks — BBC News.
Garbo - A new kind of online background check.
Match Group Partners with Garbo to Make Groundbreaking Background Check Technology Accessible To Users, Starting with Tinder — Press release.
Notificationsounds.com
Blinkist — Summaries of over 3,000 bestselling non-fiction books.
Acriflex — Antiseptic burns cream.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Microsoft, McAfee, and mayhem

Wed, 10 Mar 2021 23:00:00 +0000

Is it the end of the road for John McAfee? Is PornHub more legitimate than Facebook? And do you know as much as you think you do about the Microsoft Exchange Server mega-hack?

Visit https://www.smashingsecurity.com/218 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

John McAfee 'disguised as Guatemalan street hawker with a limp' — The Telegraph.
John McAfee Wanted for Murder — Gizmodo.
John McAfee says he infected laptops with malware, spied and stole passwords from Belize officials — Naked Security.
John McAfee is running for president — Graham Cluley.
Good luck John McAfee, socially engineering a corpse… — Graham Cluley.
How To Uninstall McAfee Antivirus — YouTube.
John David McAfee And Executive Adviser Of His Cryptocurrency Team Indicted In Manhattan Federal Court For Fraud And Money Laundering Conspiracy Crimes — US Department of Justice.
IsLegitSite — Check if a website is legitimate or not.
Microsoft Exchange Server Market Share and Competitor Report — Datanyze.
Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers — MIT Technology Review.
A Basic Timeline of the Exchange Mass-Hack — Krebs on Security.
New nation-state cyberattacks — Microsoft.
The Kilobyte’s Gambit — A 1k chess game.
The Repair Shop — Netflix.
The Repair Shop — BBC One.
Sideways — BBC Radio 4.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Would you cuddle this revolting robot? - with Robert Llewellyn

Wed, 03 Mar 2021 23:00:00 +0000

Actor, presenter and writer Robert Llewellyn, famous for playing the part of Kryten in the science-fiction comedy "Red Dwarf," joins us as we discuss robots gone rogue, electric vehicle nightmares, and creepy companions.

Visit https://www.smashingsecurity.com/217 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Robert Llewellyn.

Sponsored By:

Support Smashing Security

Links:

'Drunk' robot vacuums spark complaints from owners — BBC News.
Roomba S9+ weird behaviour on version 3.10.8 — Reddit.
Time lapse video of i7+ attempting to return to clean base after 3.12.8 update — Reddit.
Robot vacuum cleaners can eavesdrop on your conversations, researchers reveal — Bitdefender BOX blog.
The Hidden Cyber Risks of Electric Vehicles — Upstream.
Mindfulness, laughter and robot dogs may relieve lockdown loneliness – study — The Guardian.
Charlie — YouTube.
Aibo — YouTube.
Lovot — YouTube.
Petit Qoobo — YouTube.
Flatcat — YouTube.
For All Mankind trailer — YouTube.
For All Mankind — Apple TV.
"Diary of an MP's Wife: Inside and Outside Power" by Sasha Swire. — Amazon.
"I Care A Lot" trailer — YouTube.
I Care A Lot — IMDB.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Playboy, prison, and digital ploys - with Garry Kasparov

Wed, 24 Feb 2021 23:00:00 +0000

World-chess-champion-turned-activist Garry Kasparov returns to the show as we discuss a romance scammer with plenty of time on his hands, the surge in sextortion, and how social media is being swamped with claims of fake snow.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Garry Kasparov.

Visit https://www.smashingsecurity.com/216 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Garry Kasparov.

Sponsored By:

Support Smashing Security

Links:

Dating apps scam committed by criminal from inside prison — BBC News.
File on 4 - The Dangers of Dating Apps — BBC Sounds.
Playboy Magazine, November 1989 — Including Garry Kasparov's interview and sexy photo shoot.
Sextortion email scams — Avast.
Has Fake Snow Been Falling on the US? — Snopes.
TikTok Users Are Trying (and Failing) to Prove the Snow in Texas Is Fake — Daily Beast.
TikTok Users Are Burning Snowballs in Viral Videos to 'Prove' the Snow is Fake — Gizmodo.
Griddy: Why a Texas electricity company is under fire for astronomical bills during winter storm — The Independent.
Ted Cruz Mariachi Band Performed at a Discount — TMZ.
Slow TV Map.
The Queen's Gambit — Golden Globes.
Soulmates (TV series) — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Sexy cows banned on Facebook

Wed, 17 Feb 2021 23:00:00 +0000

The FBI is hoping that its hunt for Capitol rioters will go viral, a cryptocurrency con lets its perpetrator live the high life... for a while, and just what does Facebook have against cows and a team of cricketers?

Visit https://www.smashingsecurity.com/215 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Zoe Kleinman.

Sponsored By:

Support Smashing Security

Links:

The FBI Wants You To Make These Photos Of Capitol Insurrectionists Go Viral — Huffington Post.
Capitol Violence — FBI.
Sedition Hunters.
Boston Bombing: The Anatomy of a Misinformation Disaster — The Atlantic.
Iced Earth’s singer and bassist quit band "in response to recent events and circumstances" — NME.
Capitol Insurrection: More Than 230 People Charged And What We Know About Them — NPR.
'Overtly sexual' cow blocked as Facebook ad — BBC News.
What is Stefan Qin’s edge in crypto? Fraud, says the SEC — Digital Finance.
Founder Of $90 Million Cryptocurrency Hedge Fund Charged With Securities Fraud And Pleads Guilty In Federal Court — Department of Justice.
A crypto kid had a $23,000-a-month condo. Then the feds came — Fortune.
Radio Garden — Explore live radio by rotating the globe.
Dodow.
On Her Majesty's Secret Service mind control scene — YouTube.
Mark Kermode's Secrets of Cinema — BBC.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Lockdown love scams, SolarWinds, and a data deletion bungle

Wed, 10 Feb 2021 23:00:00 +0000

Fingerprints and DNA records have been deleted from the UK's police database, the SolarWinds hack continues to wreak havoc and raise questions, and we have some advice for how to fall in love safely under lockdown...

Visit https://www.smashingsecurity.com/214 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Alan Woodward.

Sponsored By:

1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.

Support Smashing Security

Links:

Police probes compromised after computer records deleted — BBC News.
Home Office admits 15,000 people deleted from police records — The Guardian.
Home Office admits 'coding error' wiped 15,000 police records — IT Pro.
Boris Johnson adviser quits after being overruled on Priti Patel bullying report — The Guardian.
UK's families put on fraud alert — BBC News.
Security Advisory — SolarWinds.
Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources — Reuters.
A Second SolarWinds Hack Deepens Third-Party Software Fears — Wired.
Microsoft: No Evidence SolarWinds Was Hacked Via Office 365 — CRN.
What You Need to Know About Romance Scams — FTC.
Interpol warns of romance scam artists using dating apps to promote fake investments — ZDNet.
Man lost £38,000 to scammers posing as single women on Match.com — Metro.
Romance scams rank number one on total reported losses — FTC.
This romance scam tricks victims in laundering federal funds — Better Business Bureau.
Lexulous.
Scrabble fans slam 'sparkly abomination' new app — BBC News.
‎Best Bubble Breaker — Apple App Store.
Jawbreaker (Windows Mobile game) — The original BubbleBreaker?
IKEA Klippan, 2 Seater sofa cover — Bemz.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

No security smarts at Mensa, long-term identity theft, and GameStop's share frenzy

Wed, 03 Feb 2021 23:00:00 +0000

Mensa - the social club for people with high IQs - is accused of not being so smart about security, an Indian TV journalist gets an unbelievable job offer from Harvard, and we take a look at what's being going on with GameStop short selling.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/213 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

Two British Mensa directors quit over cyber security concerns — Financial Times.
Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords — Forbes.
Poor password security at the British branch of Mensa? — Graham Cluley.
I Am Nidhi Razdan, Not A Harvard Professor, But... — NDTV.
GameStop stock price — MarketWatch.
GameStop: What is it and why is it trending? — BBC News.
An uprising against Wall Street? Hardly. GameStop was about the absurdity of the stock market — The Guardian.
GameStop short squeeze fuels new stock-market services tracking Reddit messages — MarketWatch.
The Basics of Shorting Stock — The Balance.
The Rise of the Murdoch Dynasty — BBC iPlayer.
SketchUp.
The Office ASMR — A Podcast to Sleep To.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Dutch leaks, Peeping Toms, and researchers under fire

Wed, 27 Jan 2021 23:00:00 +0000

Google warns security researchers that North Korean hackers are pretending to be their buddies, sensitive information connected to Coronavirus testing is available for sale in the Netherlands, and is a Peeping Tom at your home security provider spying on you through CCTV?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/212 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.

Support Smashing Security

Links:

Illegale handel in privégegevens miljoenen Nederlanders uit coronasystemen GGD — RTL News.
Video conference of EU Defence Ministers where a Dutch journalist gatecrashed the system — YouTube.
John van den Heuvel — Wikipedia.
Dutch COVID-19 patient data sold on the criminal underground — ZDNet.
Smashing Security episode 175: Zoom deepfakes, Zardoz, and 'Rona tracing.
Bonus: Smashing Security After Dark #2 - Zardoz commentary. — Smashing Security on Patreon.
New campaign targeting security researchers — Google Threat Analysis Group (TAG).
Google: North Korean hackers have targeted security researchers via social media — ZDNet.
ADT Employee: I Spied on Naked Customers Through Security Cams — Gizmodo.
ADT sued after employee accessed more than 200 customers’ home security systems in Dallas area — Dallas Morning News.
The Investigation — BBC iPlayer.
The Investigation: why my drama about Kim Wall doesn't name her killer — The Guardian.
Tobias Lindholm on his take of the Kim Wall murder investigation — Nordisk Film & TV Fond.
‘Babylon 5 Remastered’ now available to buy or stream on HBO Max — Engadget.
High Maintenance — HBO.
Hear the New Trailer for Wondery's Podcast 'The Apology Line' — Rolling Stone.
Allan Bridge — Wikipedia.
The Apology Line — Wondery.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Fleeking, COVID-19 hacking, and Bitcoin balls-ups

Wed, 20 Jan 2021 23:00:00 +0000

Your privacy may be at risk if you're on Fleek, hackers not only steal COVID-19 vaccine data but then tamper with it to spread mistrust, and the Bitcoin bungles keep on coming...

Visit https://www.smashingsecurity.com/211 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Ron Eddings.

Sponsored By:

Support Smashing Security

Links:

Report: X-Rated Social Media App Exposes Users in Massive Data Breach — VPNMentor.
Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data — Threatpost.
Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine — Ars Technica.
EU regulator: Hackers 'manipulated' stolen vaccine documents — AP News.
Smashing Security 058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO
Bitcoin FOMO Calculator.
Smashing Security 167: Coronavirus scams and an exaggerated lion
Man offers Newport council £50m if it helps find bitcoins in landfill — The Guardian.
Acting in Film Master Class - By Michael Caine — YouTube.
Damn Fine Story: Mastering the Tools of a Powerful Narrative — Book by Chuck Wendig.
Back to Life — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

DC rioters ID'd, Energydots, and ransomware gets you in a pickle

Wed, 13 Jan 2021 23:00:00 +0000

Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation?

And don't miss our featured interview with CrowdSec's Philippe Humeau.

Visit https://www.smashingsecurity.com/210 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Dave Bittner and Philippe Humeau.

Sponsored By:

Support Smashing Security

Links:

Smashing Security's Christmas live stream — YouTube.
Smashing Security 199: A few tech cock-ups, and one cock lock-up.
Taking a screwdriver to unlock your IoT sex toy is nuts — Graham Cluley.
Zip tie guy Twitter thread.
FBI Arrests Man Who Carried Zip Ties Into Capitol — The New York Times.
SmartDot radiation-protection phone stickers 'have no effect' — BBC News.
Fact check: Low-powered magnets do not protect against EMF emission — USA Today.
Moving Out game — Team 17.
Moving Out trailer — YouTube.
Poly Bridge — Dry Cactus.
The Cipher — BBC Sounds.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Vengeful ex-staff, bad Santas, and iOS app nutrition facts

Wed, 16 Dec 2020 23:00:00 +0000

Watch out for Santas wearing hoodies! A rogue employee takes down WebEx for thousands of people, and Apple forces apps to show a privacy health warning.

All this and much much more is discussed in the final episode of the "Smashing Security" podcast for 2020, with computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

And don't miss our special featured interview with Kroll's Mari DeGrazia.

Visit https://www.smashingsecurity.com/209 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Maria Varmazis and Mari DeGrazia.

Sponsored By:

Support Smashing Security

Links:

Smashing Security Christmas Party live stream! — YouTube.
Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts — The Register.
San Jose Man Sentenced To Two Years Imprisonment For Damaging Cisco’s Network — US Department of Justice.
Why San Francisco's network admin went rogue — InfoWorld.
After verdict, debate rages in Terry Childs case — Computerworld.
'Parents are desperate'. Zoom Santas are cashing in — CNN.
Santa Gilbert Gottfried — Cameo.
Don't Get Scammed By Santa This Holiday Season — LAist.
"The holidays are here and so are the scammers." — LA City Attorney on Twitter
Apple responds to WhatsApp criticism, confirms its own apps will show privacy labels — 9to5Mac.
Facebook's Zuckerberg again takes aim at Apple over iOS 14 ad privacy move — iMore.
Apple Launches Privacy Labels For Apps — Silicon UK Tech News.
Let's Crack Zodiac - Episode 1 — David Oranchak on YouTube.
Let's Crack Zodiac - Episode 5 - The 340 Is Solved! — David Oranchak on YouTube.
Zodiac Killer: Code-breakers solve San Francisco killer's cipher — BBC News.
Met Opera on Demand.
The Magic Flute (with puppets) — Met Opera on Demand.
Akhnaten — Met Opera on Demand.
ars Paradoxica — The Whisperforge.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Hidden treasure, COVID tracker trauma, and happy holidays with IoT

Wed, 09 Dec 2020 23:00:00 +0000

Was hidden treasure found with help from a hack? What security lessons can be learnt from a controversial police raid in Florida? And are you ready for safer online get-togethers this Christmas?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

And don't miss our special featured interview with Mimecast's Max Linscott.

Visit https://www.smashingsecurity.com/208 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Anna Brading and Max Linscott.

Sponsored By:

Support Smashing Security

Links:

Smashing Security's Christmas 2020 live stream — Join us on YouTube on Thursday 17 December 2020 at 8pm (UK) / 3pm (Eastern) / Noon (Pacific).
Forrest Fenn's Treasure.
The Man Who Found Forrest Fenn's Treasure — Outside Online.
A Statement on the Disclosure of My Identity — Jack Steuf.
A Chicago treasure hunter was on the trail of a hidden chest worth more than $1 million — but she says she was hacked and her ‘solve stolen’ — Chicago Tribune.
Cops raid home of ousted data scientist who created her own Florida COVID-19 dashboard — The Register.
Video of police raid on home of Rebekah Jones — Rebekah Jones's Twitter account.
Former Israeli space security chief says aliens exist, humanity not ready — The Jerusalem Post.
Christmas pizza from Pizza Hut — Rotisserie Chicken paired with Crispy Bacon and Sage & Onion stuffing, all on top of a Red Wine Gravy base. (Contains Alcohol)
Tiger Pig (Pig in Blanket) — Subway.
Christmas menu at Pret A Manger.
Festive food from Marks & Spencer.
Brian & Roger.
Carole, Graham, and Anna's Christmas party 2009 (with Yogi) — Tweet by Anna Brading.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cyber biowarfare, giant ladybugs, and strippers

Wed, 02 Dec 2020 23:00:00 +0000

Fears are raised about cyber bioterrorists, there's a widespread blackout for IoT devices caused by a cloud cock-up, and what role do strippers play in a revamp of the United States's computer crime laws?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

And don't miss our featured interview with Steve Salinas of Deep Instinct, discussing ransomware.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Mark Stockley and Steve Salinas.

Sponsored By:

Support Smashing Security

Links:

Smashing Security's Christmas 2020 live stream — Join us on YouTube on Thursday 17 December 2020 at 8pm (UK) / 3pm (Eastern) / Noon (Pacific)
Increased cyber-biosecurity for DNA synthesis — Nature Biotechnology.
New cyber-biological attack can trick biologists into generating dangerous toxins — News Medical Life Sciences.
Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA — Department of Health and Human Services (PDF).
AWS: Amazon web outage breaks vacuums and doorbells — BBC News.
The Supreme Court will finally rule on controversial US hacking law — Ars Technica.
18 U.S. Code § 1030 - Fraud and related activity in connection with computers≈ — Legal Information Institute, Cornell University.
Online-voting company pushes to make it harder for researchers to find security flaws — CNET.
The Supreme Court will hear its first big CFAA case — TechCrunch.
Response to Voatz’s Supreme Court Amicus Brief. — An open letter from the security community.
The Queen's Gambit Netflix series — Wikipedia.
Twitter thread by Sarah Jamie Lewis.
Win by Segfault and other notes on Exploiting Chess Engines — Sarah Jamie Lewis.
One-Straw Revolution — A book by Masanobu Fukuoka.
Bed of Lies podcast — The Telegraph.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Robo dogs, deepfakes and dirty deceptions - with Tim Harford

Wed, 25 Nov 2020 23:00:00 +0000

Author and broadcaster Tim Harford joins us as we discuss the merits of robotic canine security guards, deepfakes, and the curious tale of an art forgery.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

And don't miss our special featured interview with James Moore from CultureAI.

Visit https://www.smashingsecurity.com/206 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: James Moore and Tim Harford.

Sponsored By:

Support Smashing Security

Links:

How To Make The World Add Up — Tim Harford.
Computerized canines to join Team Tyndall — Tyndall Air Force Base.
Computerized canines semi-autonomous robot dogs into their patrolling regimen to join Team Tyndall — YouTube.
Incredible Tyndall 'Robot Dogs' Demonstration — YouTube.
Perimeter-patrolling 'robo-dogs' coming to Tyndall Air Force Base — YouTube.
Revolutionizing Legged Robots — Ghost Robotics.
Immersive Wisdom.
Norwegian oil company employs robot dogs to patrol dangerous areas — Metro News.
Japanese farm town deploys 'Monster Wolf' robots to scare off wild bears from neighborhoods — ABC7 San Francisco.
Willo the Wisp — Wikipedia.
Willo the Wisp: "The Thoughts of Moog" — YouTube.
How Mediocre Dutch Artist Cast 'The Forger's Spell' — NPR.
Do These A.I.-Created Fake People Look Real to You? — The New York Times.
The Liar's Dividend — Definition from Macmillan Dictionary.
BBC Motion Graphic archive — Ravensbourne University London.
Emu's Broadcasting Company (1978) — BBC Motion Graphics archive.
Discovering Portuguese (1987) — BBC Motion Graphics archive.
I Claudius (1976) — BBC Motion Graphics archive.
The Rise and Fall of Getting Things Done — The New Yorker.
Sticky Pickles.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Zoom password pinching and Parler problems

Wed, 18 Nov 2020 23:00:00 +0000

Watch out for a whole different type of shoulder-surfing, researchers uncover the CostaRicto hackers-for-hire gang, and we take a peek at who is behind Parler.

Visit https://www.smashingsecurity.com/205 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Chris Cochran.

Sponsored By:

Support Smashing Security

Links:

Hackers could now know what people type on Zoom video call by evaluating the shoulder movement of users — Digital Information World.
Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks — Cornell University.
The CostaRicto Campaign: Cyber-Espionage Outsourced — BlackBerry.
New stealthy hacker-for-hire group mimics state-backed attackers — Bleeping Computer.
The conservative alternative to Twitter wants to be a place for free speech for all. It turns out, rules still apply — Washington Post.
Parler: what you need to know about the 'free speech' Twitter alternative — The Conversation.
What If Cambridge Analytica Owned Its Own Social Network? CA Backer Rebekah Mercer Admits She's A Co-Founder Of Parler — Techdirt.
Hazel — Automated organization for your Mac from Noodlesoft.
Make Noise — A creator's guide to podcasting and great audio storytelling by Eric Nuzum.
Rendevous C'était un Rendez vous 1976 — YouTube.
C'etait un Rendezvous, The Original Street Racing Video — YouTube documentary.
C'était un rendez-vous — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Green buttons, Olympic attacks, and... an apology

Wed, 11 Nov 2020 23:00:00 +0000

Darknet Diaries host Jack Rhysider joins us to discuss a cybersecurity goof in the wake of the US presidential elections, the US finally fingering the hackers responsible for disrupting the Winter Olympics in South Korea, and to take a long hard look at long hard legal mumbojumbo...

Plus don't miss our featured interview with Mimecast's Danielle Papadakis.

Visit https://www.smashingsecurity.com/204 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Danielle Papadakis and Jack Rhysider.

Sponsored By:

Support Smashing Security

Links:

Legal complaint on behalf of Donald J Trump for President Inc and Republican National Committee — PDF.
Don't touch the green button!
Reddit thread about Donttouchthegreenbutton.com
Richey Ward's Twitter thread showing how over 163k records were exposed in the Don't Touch The Green Button database — Twitter.
Trump lawsuit site to report 'rejected votes' leaked voter data — Bleeping Computer.
Hilarious news report of the Four Seasons Total Landscaping debacle — Tweet by Ros Atkins of the BBC.
“Yourefired” was Donald Trump’s Twitter password, claim hackers — Graham Cluley.
Donald Trump’s Twitter password is “maga2020!”, and there’s no 2FA, claims hacker — Graham Cluley.
Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace — Department of Justice.
What does your phone know about you? — Think Money.
Popular app T&Cs 'longer than Harry Potter' — BBC News.
Study on consumers' attitudes towards Terms and Conditions (T&Cs) — European Commission (PDF).
Terms of Service; Didn't Read
TLDRLegal — Software Licenses Explained in Plain English.
TermsFeed — Generator of Privacy Policy, Terms & Conditions, Disclaimer, EULA.
Simply Docs — Legal, Business & Property Documents & Templates.
The Armstrongs Episode 1 Part 1 — YouTube.
Oral Breeze — Jack's pick for the best dental irrigator for water flossing.
‎You're Wrong About — Apple Podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Testing times, naming names, and the bald truth about AI

Wed, 04 Nov 2020 23:00:00 +0000

Students are being spied on as they do online exams, how did a televised football match reveal the truth about artificial intelligence, and what on earth is the Canny Lumpsucker vulnerability?

Plus don't miss the second part of our featured interview with LastPass's Dalia Hamzeh.

Visit https://www.smashingsecurity.com/203 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Dalia Hamzeh and Thom Langford.

Sponsored By:

Support Smashing Security

Links:

Vulnonym: Stop the Naming Madness! — Carnegie Mellon University Software Engineering Institute.
Vulnonym — A bot generating names for CVE IDs.
Thrangrycat — Not better known as 😾😾😾.
Soccer match ruined when AI-controlled camera mistakes ref’s bald head for ball — SB Nation.
Students Are Rebelling Against Eye-Tracking Exam Surveillance Tools — Motherboard.
Proctorio sues UBC staff member for tweets sharing ‘confidential’ information about the software — The Ubyssey.
ProctorU confirms data breach after database leaked online — Bleeping Computer.
Proctorio CEO releases student’s chat logs, sparking renewed privacy concerns — The Ubyssey.
Some news about proctoring at the University of Calgary — Reddit.
My wife has proctored (webcam monitored) online classes. We live in a studio apartment, so I’m relegated to the bathroom. Rate my setup. — Reddit.
How Many Potatoes Does It Take To Run DOOM? — YouTube.
Raspberry Pi 400: the $70 desktop PC.
Raspberry Pi 400: New All-in-One Pi! — YouTube.
All Tilted Room Sketches — Shaun Micallef on YouTube.
The Goes Wrong Show - Series 1: 6. 90 Degrees — BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

The Wu-Tang Clan are Among Us

Wed, 28 Oct 2020 23:00:00 +0000

Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn't the only one who's been getting into the Among Us game.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson.

Plus don't miss the first part of our featured interview with LastPass's Dalia Hamzeh.

Visit https://www.smashingsecurity.com/202 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Dalia Hamzeh and James Thomson.

Sponsored By:

Support Smashing Security

Links:

Rapper scammers admit faking association with musical group in conspiracy to cheat hotels, bank, limo service — US Department of Justice.
This U.S. Election Could Be the Most Secure Yet. Here’s Why — The New York Times on YouTube.
Report: Ransomware disables Georgia county election database — AP.
Pity the nation: Americans’ choice of president on November 3 will affect Slovaks too. — Slovak Spectator article by James Thomson.
AOC’s Among Us livestream hints at Twitch’s political power — MIT Technology Review.
AOC makes explosive Twitch debut with over 435,000 Among Us viewers — Ars Technica.
A massive spam attack is ruining public 'Among Us' games — Engadget.
AOC Among Us FULL STREAM — YouTube.
Among Us Has A Cheating Problem — Kotaku.
Trump News Today | What The Fuck Just Happened Today?
‎WTF Just Happened Today — Apple Podcasts.
No Filter — Book by Sarah Frier.
Fake Instagram follower services slapped with lawsuit — HOTforSecurity.
From Our Own Correspondent — BBC Radio 4.
From Our Own Correspondent Podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Robin Hood, Flippy, and the web ad bubble

Wed, 21 Oct 2020 22:00:00 +0000

The Darkside ransomware gang thinks it's a modern-day Robin Hood when it donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Tim Hwang.

Plus don't miss our featured interview with Recorded Future's Levi Gundert.

Visit https://www.smashingsecurity.com/201 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Levi Gundert and Tim Hwang.

Sponsored By:

Support Smashing Security

Links:

Smashing Security celebration livestream — YouTube.
Ransomware gang donates part of ransom demands to charity organizations — ZDNet.
Mysterious 'Robin Hood' hackers donating stolen money — BBC News.
Donate Bitcoin - Give to Help Build Wells and Water Projects — The Water Project.
Donate cryptocurrency to Children International
Ad Tech Could Be the Next Internet Bubble — Wired.
Subprime Attention Crisis: Advertising and the Time Bomb at the Heart of the Internet — A book by Tim Hwang.
Miso Robotics unveils its next-gen robot kitchen assistant — VentureBeat.
Flippy — Miso Robotics.
Miso Robotics Flippy Robot flips burgers like it's its job — YouTube.
Flippy the burger-flipping robot too good, fired after one day — Naked Security.
Cybersecurity a Must for Safe IIoT Robots — Robotics Online.
How to Improve Cybersecurity for Robots — RIA Robotics Blog.
Airplane Mode — Steam.
Enjoy a 6-hour flight in real-time with economy class sim Airplane Mode from tomorrow — Eurogamer.
Airplane Mode: Live Action Trailer — YouTube.
Airplane Mode Gameplay — YouTube.
Gef the Talking Mongoose — Wikipedia.
Gef! The Strange Tale of an Extra-Special Talking Mongoose — MIT Press.
Dirty Diana — QCODE.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Two flipping hundred

Wed, 14 Oct 2020 22:00:00 +0000

We're in celebratory mood as we celebrate our 200th episode, but there's still time to discuss Fatima the ballerina who the UK government wants to become a cybersecurity expert, why women are quitting the tech industry, and a smartwatch which might be putting your kids at risk.

Plus don't miss our featured interview with Mimecast's Michael Madon.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/200 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Maria Varmazis and Michael Madon.

Sponsored By:

Support Smashing Security

Links:

Join us on the Smashing Security LIVE STREAM! — We'll be live at 8pm UK Thursday 15 October (3pm Eastern).
Fury over Government campaign suggesting ballet dancer could retrain in cyber security — London Evening Standard.
Dying swan or lame duck? Why 'Fatima' the ballerina's next job was tripping up the government — The Guardian.
"For those worried about Fatima she’s almost certainly not called Fatima and almost certainly will never work in cyber. The image is from a US photographer based in Atlanta, Georgia." — Ciaran Jenkins on Twitter.
The Vocabularist: How we use the word cyber — BBC News.
Resetting Tech Culture: 5 strategies to keep women in tech (PDF) — Accenture and Girls Who Code.
Exposing covert surveillance backdoors in children’s smartwatches — Mnemonic.
Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch — Ars Technica.
Introducing the Xplora GO — YouTube.
Commerce Department to Add Two Dozen Chinese Companies with Ties to WMD and Military Activities to the Entity List — U.S. Department of Commerce.
Skribbl — Free Multiplayer Drawing & Guessing Game.
Hades — Super Giant Games.
Sticky Pickles — A new podcast by Carole Theriault and Anna Brading.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

A few tech cock-ups, and one cock lock-up

Wed, 07 Oct 2020 22:00:00 +0000

An internet-connected adult toy could leave its users encaged, the official NHS COVID-19 contact-tracing app alarms users, and would you be happy if a robot interviewed you for a job?

Visit https://www.smashingsecurity.com/199 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Zoe Kleinman.

Sponsored By:

Support Smashing Security

Links:

Smashing Security LIVE STREAM!
CellMate chastity cage (Short model) — QIUI.
Smart male chastity lock cock-up — Pen Test Partners.
NHS Covid-19 app: 12m downloads - and lots of questions — BBC News.
Hubert+1 - Add more to your team.
Predictive Hire - Bias-free interviews.
I Got a Job at an Amazon Warehouse Without Talking to a Single Human — Ryan Fan, OneZero.
Tengai demo — YouTube.
John Lennon at 80 - episode one. — BBC Sounds.
John Lennon at 80 - episode two. — BBC Sounds.
Sean Lennon's full conversation with Julian Lennon. — BBC Sounds.
Sean Lennon's full conversation with Elton John. — BBC Sounds.
Sean Lennon's full conversation with Paul McCartney. — BBC Sounds.
John Lennon at the BBC: From The Beatles’ early days to his final interview — BBC Sounds.
Television set — Wikipedia.
Perspective — YouTube.
Broad Canvas — Oxford art supplies store.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Chucky the coffee maker

Wed, 30 Sep 2020 22:00:00 +0000

Coffee machines catching ransomware, Blacklight shines a torch on website tracking, and a woman is freaked out that a complete stranger can turn off her home's security system.

And don't miss our featured interview with Greg Jensen from Oracle, who talks all about five free reports he has put together for listeners about cloud security.

Visit https://www.smashingsecurity.com/198 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Dave Bittner and Greg Jensen.

Sponsored By:

Support Smashing Security

Links:

Trojan Room coffee pot — Wikipedia.
Trojan Room Coffee Machine — Department of Computer Science and Technology, Cambridge University.
Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal — Evil Socket.
The Fresh Smell of ransomed coffee — Martin Hron, Avast Threat Labs.
When coffee makers are demanding a ransom, you know IoT is screwed — Ars Technica.
What a hacked coffee machine looks like — YouTube.
Blacklight — The Markup.
What They Know … Now — The Markup.
Smart Home Security Market Share, Size & Forecast to 2024 — Market data forecast.
Smart home penetration rates — Statista.
New homeowner 'freaked out' when stranger took control of her security system — CBC News.
Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach — Forbes.
John Miles - Music — YouTube.
You Can't Unhear This — YouTube.
The Mystery Singer in All You Need Is Love — YouTube.
New Climate Maps Show a Transformed United States — ProPublica.
‎Hank the Cowdog — Apple Podcasts.
Matthew Mcconaughey Lincoln MKZ Commercials compilation — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Greedy bosses, game cheats, and virtual beheadings

Wed, 23 Sep 2020 22:00:00 +0000

Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/197 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

Package Thief vs. Glitter Bomb Trap — YouTube.
CSGO Cheaters trolled by fake cheat software — YouTube.
This Hacker Creates Fake Cheats That Make Cheaters Jump Off Buildings In-Game — Vice.
Tweet by Colin Madland.
Which will the Twitter algorithm pick: Mitch McConnell or Barack Obama? — Tweet by @bascule.
GrahamOrCarole? — Twitter.
Founder And CEO Of Cyberfraud Prevention Company Arrested And Charged With Securities Fraud Scheme — Department of Justice press release.
Founder of Anti Cyber Fraud Company Charged With Fraud — Vice.
Founder of cyber fraud startup ironically facing fraud charges — Gizmodo.
Interview with NS8's Adam Rogas — YouTube.
Mission to the Unknown Recreation - Doctor Who — YouTube.
The making-of Mission to the Unknown — YouTube.
Trillion Trees.
Criminal: UK — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Smart guns, smart cars, and smart street lights - oh my!

Wed, 16 Sep 2020 22:00:00 +0000

Kalashnikov unveils its "smart" shotgun, San Diego struggles with its street lights, and a researcher reveals how he found a way to hack every Tesla on the planet.

Visit https://www.smashingsecurity.com/196 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: David McClelland.

Sponsored By:

Support Smashing Security

Links:

Kalashnikov smart shotgun - MP-155 Ultima.
Kalashnikov reveals first Russian-made smart shotgun MP-155 Ultima — YouTube.
Mike Jernigan, blind veteran, uses a TrackingPoint system to land a 300+ yard shot — YouTube.
See how a self-aiming sniper rifle can be remotely hacked — Hot for Security.
Tesla Network Vulnerability Report - 2017-03-24 (Annotated) — Google Docs.
The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he's a good guy — Electrek.
Smart Streetlights Program — City of San Diego.
Cops Tap Smart Streetlights Sparking Controversy and Legislation — IEEE Spectrum.
Mayor orders San Diego's Smart Streetlights turned off until surveillance ordinance in place — The San Diego Union-Tribune.
Mayor was right to shut off Smart Streetlights — The San Diego Union-Tribune.
Hints of life on Venus — University of Manchester.
"This Is Paris - The Real Story of Paris Hilton" — YouTube.
“This is Paris” is a quixotic redemption story about what it means to be a human and a brand at once — Salon.com.
Moriarty's Game: A Killer in the Hive.
Castolog - a podcast recommendation podcast — That's Not Canon Productions.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Selene Delgado Lopez is not your friend - with Jon Bentley

Wed, 09 Sep 2020 22:00:00 +0000

The Gadget Show's Jon Bentley joins us to discuss the mystery of a Facebook friend you never requested, software updates for the Mercedes S-Class, and risks in the online classroom.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jon Bentley.

Visit https://www.smashingsecurity.com/195 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jon Bentley.

Sponsored By:

Support Smashing Security

Links:

Say hello to to the latest weird viral Facebook hoax: ‘Selene Delgado Lopez’ — Mashable.
Veja Quem é Selene Delgado Lopez - a Fantasma do Facebook — YouTube.
The 10 most important innovations in the New Mercedes-Benz S‑Class! — Exhibit.
Mercedes Revs mbrace2 With Cloud Updates — Wired.
San Leandro schools stepping up online security after latest Zoombomb — San Francisco Chronicle.
‘Zoombombers’ using porn to troll students across US — Miami Herald.
Schoolgirl is robbed during a Zoom lesson in Ecuador — Daily Mail.
Digital Education: The cyberrisks of the online classroom — SecureList.
E-safety for schools — NSPCC Learning.
A robot wrote this entire article. Are you scared yet, human? — The Guardian.
Smart heater for water & milk — Heatle.
Autopia: The Future of Cars by Jon Bentley — Amazon.
Rayvolt Cruzer V3 E-Bike — CostCo.
Harry Hill's TV Burp - Gadget Show Competition Prizes — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Carry on droning

Wed, 02 Sep 2020 22:00:00 +0000

A Bitcoin bungle causes one user to lose millions, hackers attempt to bribe a Tesla employee into infecting the company's network, and are we ready for a sky full of drones?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Visit https://www.smashingsecurity.com/194 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jessica Barker.

Sponsored By:

Support Smashing Security

Links:

Confident Cyber Security by Jessica Barker.
Tweet by John McAfee about the mathematical impossibility of Bitcoin being less than $1 million by the end of 2020.
The Dickening Countdown to John McAfee Dick Eating.
Bitcoin Holder Loses $16 Million in BTC to Well-Known Scam — Decrypt.
Electrum user says he has lost 1400 Bitcoin — GitHub.
Electrum Bitcoin wallets under siege — Malwarebytes.
Electrum vulnerability announcement — Github.
Sybil attack — Wikipedia.
Fawlty Towers: The best of Sybil — YouTube.
Electrum Bitcoin Wallet homepage.
Elon Musk Says Tesla Saved From 'Serious' Ransom Attempt — Data Breach Today.
Jennifer Lopez - Jenny from the Block (Official Music Video) — YouTube.
The security impact of drones: Challenges and opportunities for the UK (PDF) — University of Birmingham.
Security analysis of drones systems: Attacks, limitations, and recommendations — NCBI.
Drone Delivery? Amazon Moves Closer With F.A.A. Approval — New York Times.
What Security Threats Are Posed By Drones? — Avast.
The Surprising Ways Drones Are Saving Lives — National Geographic.
HEAVE HO!
Heave Ho - Launch Trailer — YouTube.
Behind the Schemes: Heave Ho with Le Cartel — YouTube.
StartUp (TV series) — Wikipedia.
StartUp - Launch Trailer — YouTube.
Steal the Stars podcast — Tor Labs.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Hacking the CIA, Bridgefy, and college lockdowns

Wed, 26 Aug 2020 22:00:00 +0000

Whatever happened to Crackas with Attitude, perfidious Albion College's approach to locking down Coronavirus, and the Bridgefy mesh messaging app falls down when it comes to security.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Visit https://www.smashingsecurity.com/193 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Anna Brading.

Sponsored By:

Support Smashing Security

Links:

CIA boss has his personal email account hacked… and yes, it’s on AOL — Graham Cluley.
Two years' detention for UK teenager who 'cyberterrorised' US officials — The Guardian.
Kane Gamble sentencing remarks (PDF).
What It’s Like for a Hacker to Get Back Online After a Two-Year Internet Ban — Motherboard.
Fearing coronavirus, a Michigan college is tracking its students with a flawed app — TechCrunch.
Bridgefy, the messenger promoted for mass protests, is a privacy disaster — Ars Technica.
Bridgefy’s Commitment to Privacy and Security.
Mesh Messaging in Large-scale protests: Breaking Bridgefy — Technical paper by Martin R Albecht, Jorge Blasco, Lenka Marekova, and Rikke Bjerg Jensen of Royal Holloway, University of London.
How to Watch The Avengers Movies in Order — Digital Trends.
"Thor: Ragnarok" Official Trailer — YouTube.
Sounds of the 90s with Fearne Cotton — BBC.
Super Sapiens: a card game to help change the world — Etsy.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Ritz and robocalls - with Rory Cellan-Jones

Wed, 19 Aug 2020 22:00:00 +0000

A scam involving restaurant bookings at The Ritz is suitably sophisticated, the second wave of UK coronavirus testing apps, and we take a look at one of the biggest studies ever into the scourge of robocalls.

Visit https://www.smashingsecurity.com/192 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Rory Cellan-Jones.

Sponsored By:

Support Smashing Security

Links:

Tech Tent podcast — BBC World Service.
Sir Frederick Barclay releases footage of alleged Ritz bugging — The Guardian.
Tea at the Ritz soured by credit card scammers — BBC News.
Tweet from The Ritz London.
Coronavirus: England's contact-tracing app gets green light for trial — BBC News.
Coronavirus: England's contact tracing app trial gets under way — BBC News.
A simple telephony honeypot received 1.5 million robocalls across 11 months — ZDNet.
Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis — USENIX.
Pick of the Week archive — Smashing Security.
13 Minutes to the Moon — BBC World Service.
Borrasca — QCODE.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

We are on the bird

Wed, 12 Aug 2020 22:00:00 +0000

Can a video game help your company's staff choose stronger passwords? Why might satellite-based internet communications be bad for security? And what are the alternatives to TikTok?

Visit https://www.smashingsecurity.com/191 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

Passworld: A Serious Game to Promote Password Awareness and Diversity in an Enterprise — USENIX.
Whispers Among the Stars: A Practical Look at Perpetrating (and Preventing) Satellite Eavesdropping Attacks — Black Hat USA 2020.
Satellite Broadband Security - James Pavur — YouTube.
Twitter and TikTok reportedly have had talks about a deal — The Verge.
Trump bans US transactions with Chinese-owned TikTok and WeChat — The Guardian.
These apps are scrambling to become the next TikTok — Wired.
Introducing Instagram Reels — Facebook.
Quoridor — Wikipedia.
Quoridor — BoardGameGeek.
BLACK & DECKER 20V LBX20 Li-Ion Battery USB Power Source Adapter w/DC 12V Port — eBay.
The Young Offenders — BBC iPlayer.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Twitter hack arrests, email bad behaviour, and Fawkes vs facial recognition

Wed, 05 Aug 2020 22:00:00 +0000

Special guest Geoff White can't resist using the podcast to promote his new book, "Crime Dot Com", but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don't give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes - the technology fighting back at facial recognition.

Visit https://www.smashingsecurity.com/190 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

Support Smashing Security

Links:

A free chapter of Geoff's book, "Crime Dot Com"
Start-Up Helps Conservative Websites Like the Daily Caller Store User Names, Postal Addresses of Anonymous Readers — Jezebel.
Permission Shmarketing: How does GetEmails work? — YouTube.
Some say we're criminals. Many say we're unethical. We think we're geniuses. But we're so, so bad... — YouTube.
Three charged in massive Twitter hack, Bitcoin scam — KTVU.
Three Individuals Charged For Alleged Roles In Twitter Hack — Department of Justice.
Defund Facial Recognition Before It's Too Late — The Atlantic.
'Atlas of Surveillance' now provides searchable, interactive database of police surveillance — VentureBeat.
Clearview AI—Yet Another Example of Why We Need A Ban on Law Enforcement Use of Face Recognition Now — Electronic Frontier Foundation.
Facial Recognition Map.
This Tool Could Protect Your Photos From Facial Recognition — The New York Times.
Fawkes - Image "Cloaking" for Personal Privacy.
Fawkes: Protecting Personal Privacy against Unauthorized Deep Learning Models (USENIX Security 2020) — YouTube.
Rush Hour (puzzle) — Wikipedia.
Rush Hour games — ThinkFun.
How To Play: Rush Hour - by ThinkFun — YouTube.
Unblock Me — iOS App Store.
Origins - How the earth shaped human history — Lewis Dartnell.
The Umbrella Academy — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

DNA cock-up, Garmin hack, and virtual kidnappings

Wed, 29 Jul 2020 22:00:00 +0000

Why are students faking their own kidnappings? What's the story behind Garmin's ransomware attack? And a genetic genealogy website suffers a hack or two.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].

Warning: This podcast may contain nuts, adult themes, and rude language.

Links:

Tribe of Hackers Podcast.
Golden State Killer pleads guilty to 13 murders — BBC News.
Joseph James DeAngelo — Wikipedia.
Hackers Attacked Two Leading Genetic Genealogy Websites — Buzzfeed News.
GEDmatch confirms data breach after users’ DNA profile data made available to police — TechCrunch.
Garmin outage caused by confirmed WastedLocker ransomware attack — Bleeping Computer.
Charges Announced in Malware Conspiracy — FBI.
Garmin staggers back online after ransomware attack — Graham Cluley.
Coronavirus: China warns students over 'risks' of studying in Australia — BBC News.
Chinese students in Australia targeted in virtual kidnapping scam — BBC News.
Chinese students in Australia are being targeted in kidnapping scams, police warn — South China Morning Post.
Chinese Students in Australia Are Faking Their Own Kidnappings. Here’s Why — Vice.
SecondHandSongs.
Doomsday Algorithm — Just in case you didn't understand Ray's explanation...
Incredibox.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

Immersive Labs - Giving security professionals practical and gamified content to keep pace with the latest threats. Listeners can get access to more than 24 hours of free labs AND a new lab to try out each week.
LastPass - The trusted enterprise password manager of over 33,000 businesses.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Dinner with Elon Musk and Kris Jenner

Wed, 22 Jul 2020 22:00:00 +0000

Who stopped Twitter's hackers from stealing more money? Why are Covid-19 researchers being told to ramp up their cybersecurity? How can you find out if your smartphone is infected with stalkerware? And who does Graham think he is turning down a celebrity dinner invite?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.

Visit https://www.smashingsecurity.com/188 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Lisa Forte.

Sponsored By:

Support Smashing Security

Links:

The Twitter mega-hack. What you need to know — Tripwire State of Security.
The Twitter hack: Why Elon Musk, Bill Gates, Jeff Bezos and others might have reason to be worried — Graham Cluley.
Twitter Hackers Could Have Stolen A Whole Lot More Bitcoin — Forbes.
Twitter says hackers downloaded private account data — BBC News.
UK condemns Russian Intelligence Services over vaccine cyber attacks — GOV.UK.
Britain’s charges of hacking & meddling ‘make no sense’ but Russia is ready to turn the page & work with UK – ambassador — Russia Today.
Russian Cyber Espionage Group Targets COVID-19 Vaccine Research and IP — IP Watchdog.
Google bans ads for stalkerware apps—with some exceptions — Ars Technica.
Google’s ad ban won’t stop stalkerware apps from promoting themselves — Graham Cluley.
1 in 10 Americans uses stalkerware to track partners and exes, poll finds — CNET.
Stalkerware: Domestic Abuse Victims Face Invisible Threat — Digital Trends.
How to Check Your Devices for Stalkerware — Wired.
Find and remove stalkerware and bossware from your phone — Traced.
President Trump goes one-on-one with Chris Wallace — YouTube.
Montreal Cognitive Assessment (MOCA) — A similar test to that taken by President Donald Trump.
Quiz: Could you pass Donald Trump's cognitive test? — BBC News.
"How to cognitive" — Sarah Cooper on Twitter.
Don't F**k with Cats: Hunting an Internet Killer — IMDB.
60 Versions of Leonard Cohen's 'Hallelujah,' Ranked — Newsweek.
Hallelujah (COVER) - Shaun Brown & Jeremy Dunham — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Huawei ban, MGM hack, and a contact-tracing cock-up

Wed, 15 Jul 2020 22:00:00 +0000

Login chaos for England's contact tracing service, our drill-down on the Britain's Huawei 5G ban, MGM's blockbuster breach, and how to pronounce "Gigabyte."

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus we have a bonus featured interview with Scott Petry, the co-founder of Authentic8, all about how you can browse the internet safely, securely, and anonymously when conducting research, collecting sensitive evidence, and analyzing data.

Visit https://www.smashingsecurity.com/187 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Maria Varmazis and Scott Petry.

Sponsored By:

Support Smashing Security

Links:

Coronavirus: Contact tracers in England 'locked out of accounts' — Sky News.
TalkTalk’s ex-CEO Dido Harding heads up the UK’s Coronavirus tracing app… — Graham Cluley.
Apparently Coronavirus-tracing scammers won’t sound professional… (Yeah, right!) — Graham Cluley.
Huawei 5G kit must be removed from UK by 2027 — BBC News.
US sanctions make Huawei more of a security risk, says leaked UK report — The Verge.
A different future for telecoms in the UK — NCSC.
Commerce Addresses Huawei’s Efforts to Undermine Entity List, Restricts Products Designed and Produced with U.S. Technologies — U.S. Department of Commerce.
A hacker is selling details of 142 million MGM hotel guests on the dark web — ZDNet.
WindowSwap.
How do you pronounce "Gigawatt"? — Waldo Jaquith on Twitter.
Metric (SI) Prefixes — NIST.
No podcast.
In the No Part 1 — Radiolab.
21 OSINT Tools for Cyber Threat Intelligence — Authentic8.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

This one's for all the Karens!

Wed, 08 Jul 2020 22:00:00 +0000

A high-rolling Hushpuppi gets extradited to the United States, Carole details her problems with clipboards and Disposophobia, and our guest becomes the subject of fake news during the Senegalese election.

Visit https://www.smashingsecurity.com/186 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Michelle Madsen.

Sponsored By:

Support Smashing Security

Links:

Ray Hushpuppi's Instagram account.
Your 2.3m Instagram fans won't stop the FBI... Web star accused of plotting to launder millions from cyber-crime — The Register.
Hushpuppi and Mr. Woodbery, BEC scammers: Welcome to Chicago! — CyberCrime & Doing Time.
Dubai Police operation Fox Hunt 2 against Hushpuppi. — Vimeo.
Cosmic Lynx Threat Dossier — Agari.
Domain Message Authentication Reporting & Conformance — DMARC.
How to Combat Fake Emails — Australian Cyber Security Centre.
My fake news whodunnit: Caught up in a Senegal fake news scam — BBC News.
The Documentary: My fake news whodunnit — BBC World Service.
TikTok grabbing the contents of an iPhone clipboard every 1-3 keystrokes — Twitter.
Popular iPhone and iPad Apps Snooping on the Pasteboard — Mysk.
The Life and Times of David Lloyd George (with Ennio Morricone theme tune) — YouTube.
Dogmatix chasing a Roman legionary, to the tune of Ennio Morricone's Chi Mai. — YouTube.
A Tribute to Ennio Morricone. — Tableau.
An Abridged Micro List — Malaika Kegode on Facebook.
Karen (slang) — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Bieber fever, Roblox, and ransomware

Wed, 01 Jul 2020 22:00:00 +0000

Who's been dressing Robox players up in red baseball caps? Which ransomware victim's negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels...

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Visit https://www.smashingsecurity.com/185 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: John Hawes.

Sponsored By:

Support Smashing Security

Links:

Roblox accounts being hacked in support of Trump re-election — Bleeping Computer.
Add 2-Step Verification to Your Roblox Account — Roblox.
Ransomware Groups Promise Not to Hit Hospitals Amid Pandemic — Wired.
NetWalker Ransomware - What You Need to Know — Tripwire.
Update on IT Security Incident at UCSF — UC San Francisco.
How hackers extorted $1.14m from University of California, San Francisco — BBC News.
Pizzagate conspiracy theory — Wikipedia.
A TikTok Twist on ‘PizzaGate’ — The New York Times.
‘PizzaGate’ Conspiracy Theory Thrives Anew in the TikTok Era — The New York Times.
TikTok Teens Are Obsessed With Pizzagate — The Daily Beast.
Building the Perfect Squirrel Proof Bird Feeder — YouTube.
DARK Season 1 Trailer — YouTube.
DARK - The Official Guide — Netflix.
Conan Doyle estate sues Netflix for giving Sherlock Holmes too many feelings — The Verge.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Vanity Bitcoin wallets, BlueLeaks, and a Coronavirus app conspiracy

Wed, 24 Jun 2020 22:00:00 +0000

A conspiracy spreads on social media about Coronavirus tracing apps, US police find decades' worth of sensitive data leaked online, and is there a Bitcoin bonanza to be had from watching Elon Musk YouTube videos?

Visit https://www.smashingsecurity.com/184 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Zoe Kleinman.

Sponsored By:

Support Smashing Security

Links:

How photographs are airbrushed — A 2010 BBC News article, starring Zoe Kleinman.
Elon Musk Bitcoin vanity addresses used to scam users out of $2 million — ZDNet.
Kate Winslet responds to Bitcoin scam faking her endorsement — Decrypt.
Bitcoin scam uses Prince Harry, Meghan Markle to dupe would-be investors — Decrypt.
Covid-19 tracing tool on smartphones is 'not app' — BBC News.
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments — Krebs on Security.
Koko Analytics — A privacy-friendly analytics plugin for WordPress.
Fathom — Fast, simple and privacy-focused website analytics.
Upload trailer — YouTube.
Backspace and beyond — Audioboom.
The Magnus Archives — Horror podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

MAMILs, gameshows, and a surprise from eBay

Wed, 17 Jun 2020 22:00:00 +0000

A TV gameshow with cash prizes if you're obeying Coronavirus lockdown rules, ex-Ebay staff charged in crazy cyberstalking case, and when the wrong cyclist was accused by the internet bearing pitchforks.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/183 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Mr Blobby — Wikipedia.
Noel's House Party — Wikipedia.
A man is surprised at home by Noel's House Party — YouTube.
Bahrain, Kuwait and Norway contact tracing apps among most dangerous for privacy — Amnesty International.
Coronavirus: Alarm over 'invasive' Kuwait and Bahrain contact-tracing apps — BBC News.
‘Are You At Home?’ Winner Selection Rules — Bahrain's Information & eGovernment Authority.
Bahrain BeAware — iOS App Store.
Bahrain BeAware — Google Play Store.
Six Former eBay Employees Charged with Aggressive Cyberstalking Campaign Targeting Natick Couple — Department of Justice.
Ex-EBay CEO's 'Inappropriate' Messages Played Role in Ouster — TheStreet.
MAMIL throws a tantrum — Twitter.
Maryland cyclist arrested for assaulting 3 people posting Black Lives Matter flyers — CNN.
Smashing Security episode 063: Carole's back! — In which we discuss privacy issues involving fitness trackers.
What It’s Like to Get Doxed for Taking a Bike Ride — New York magazine.
Staged — BBC iPlayer.
The Mars Challenge by Alison Wilgus — Macmillan.
Mars trip to use astronaut poo as radiation shield — New Scientist.
Culture quiz: from Bob Holness 007 to the Daily Mail's feast of filth — The Guardian.
Quizzes — The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Space Force, credit card fraud, and beep-ti-beep

Wed, 10 Jun 2020 22:00:00 +0000

Graham finds himself in hot water with a security firm after a data breach, Carole discusses credit card fraud, and we have a pleasant surprise for Thom Langford, who appears to have mostly agreed to be a guest to promote his own podcast.

And don't miss our featured interview with Robbie O'Brien of MetaCompliance, all about the new book he's written - Cyber Security Awareness for Dummies.

Visit https://www.smashingsecurity.com/182 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Robert O'Brien and Thom Langford.

Sponsored By:

Support Smashing Security

Links:

Security firm leaves more than five billion records exposed on unsecured database — Graham Cluley.
"Following a legal threat from ███████ ████ I have removed their name from this article on my site..." — Graham Cluley on Twitter.
Keepnet Labs confirms contractor exposed 'data breach database' of 5 billion records — Verdict.
Public Statement in Relation to Data Briefly Exposed on an ElasticSearch Database — Keepnet Labs.
After threatening me with legal action, Keepnet Labs finally issues statement over data breach — Graham Cluley.
Goodbye Naked Security? — Graham Cluley.
US Military Could Lose Space Force Trademark to Netflix Series — CBR.
Space Force review: astonishingly bad show — The Verge.
The number of credit card scams continues to soar during the pandemic — Verdict.
Pandemic Brings Huge Increases In Card Fraud And Mobile Banking — Forbes.
Credit Card Fraud During the Pandemic — Consumer Reports.
Credit Card Fraud — Advice from the FBI.
How to Reduce Credit Card Fraud — The New York Times.
Ian's Shoelace Site – Introduction
Magnet – Window manager for Mac.
The Host Unknown Podcast.
DEVS — BBC iPlayer.
Cyber Security Awareness for Dummies — A free book for listeners from MetaCompliance.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Anti-cybercrime ads, tricky tracing, and a 5G Bioshield

Wed, 03 Jun 2020 22:00:00 +0000

Police are hoping to stop kids becoming cybercriminals by bombarding them with Google Ads, phishers rub their hands in glee at the NHS track and trace service, and just how does a nano-layer of quantum holographic catalyzer technology make a USB stick cost hundreds of pounds?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/181 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

Cheating in online games — Wikipedia.
UK Ad Campaign Seeks to Deter Cybercrime — Brian Krebs.
DDoS attacks are illegal — National Crime Agency (NCA).
Google doesn’t seem to believe booters are illegal — Light Blue Touchpaper.
Google ad policies.
NHS Test and Trace — Yes, the legitimate website.
Phishing danger is just a hyphen away — The AntiSocial Engineer.
Apparently Coronavirus-tracing scammers won't sound professional... (Yeah, right!) — Graham Cluley.
This is how you can verify you are actually being contacted by the government’s Test and Trace service — Full Fact.
Glastonbury calls for 5G inquiry — Glastonbury Town Council.
Trading Standards squad targets anti-5G USB stick — BBC News.
Reverse Engineering a 5g 'Bioshield' — Pen Test Partners.
Glastonbury 5G report 'hijacked by conspiracy theorists' — BBC News.
Tweet by the BBC's Rory Cellan-Jones.
5GBioShield.
Swopper chair — Stuhl.
The Swopper by Aeris — YouTube.
The Knowledge: How to Rebuild our World from Scratch — Book by Lewis Dartnell.
Men hired for sexual fantasy break into wrong house — BBC News.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Taking care of Clare

Wed, 27 May 2020 22:00:00 +0000

On this special splinter episode of the podcast, we're joined by actor and comedian Clare Blackwood in the hope of convincing her that cybersecurity is no laughing matter.

Hear what happens in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Carole's cousin (!) Clare Blackwood.

Visit https://www.smashingsecurity.com/180 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Clare Blackwood.

Sponsored By:

Support Smashing Security

Links:

All ages dance on TikTok during coronavirus quarantine — Los Angeles Times.
Fugitive John McAfee’s location revealed by photo meta-data screw-up — Naked Security.
Have I Been Pwned: Check if your email has been compromised in a data breach.
Clare Blackwood's TikTok dance.
The Miracle Sudoku — YouTube.
Cracking The Cryptic YouTube channel.
Puzzled man solving 'miracle' sudoku becomes YouTube sensation — The Guardian.
Dumb-Dumbs and Dice.
Into the Night — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Deepfake Jay-Z, and beer apps spilling your data

Wed, 20 May 2020 22:00:00 +0000

Apps that belch out sensitive military information, what could the world learn from South Korea's digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump... and why?

Plus we have a bonus feature interview with Rachael Stockton from Logmein, the folks behind LastPass, all about their report into the psychology of passwords.

Visit https://www.smashingsecurity.com/179 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Brian Klaas and Rachael Stockton.

Sponsored By:

Support Smashing Security

Links:

Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App — Bellingcat.
What South Korea's Nightclub Outbreak Can Teach Other Countries — Time.
When audio deepfakes put words in Jay-Z’s mouth, did he have a legal case? — Ars Technica.
Jay-Z’s Deepfake Hamlet Recital — To Sue, Or Not To Sue — Forbes.
Vocal Synthesis — YouTube channel.
Doordash and Pizza Arbitrage — Ranjan Roy.
Iron Chef Japan episodes — YouTube.
Rabbit Hole podcast.
The Psychology of Passwords — LastPass.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Office pranks, meat dresses, and robocop dogs

Wed, 13 May 2020 22:00:00 +0000

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

Visit https://www.smashingsecurity.com/178 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Lisa Forte.

Sponsored By:

Support Smashing Security

Links:

Me Too! — Microsoft tells the story of the Bedlam DL3 email storm.
Microsoft employees swept up in GitHub reply-all email apocalypse — Business Insider.
Microsoft now blocks reply-all email storms to end our inbox nightmares — The Verge.
Reply All Storm Protection in Exchange Online — Microsoft Tech Community.
The NHS's massive email storm — Graham Cluley.
Entertainment Law Firm Hacked in Major Data Breach, Ransomware Attack — Variety.
Coronavirus: Commuters told to 'prepare to queue' in new guidance — BBC News.
Employers Rush to Adopt Virus Screening. The Tools May Not Help Much — The New York Times.
Robot dog enforces social distancing in city park — BBC News.
Onkalo spent nuclear fuel repository — Wikipedia.
Into Eternity — Wikipedia.
Finland buries its nuclear past — BBC News.
The plan to protect humans from radioactive waste with color-changing cats — Business Insider.
How colour-changing cats might warn future humans of radioactive waste — The Guardian.
The Summit trailer — YouTube.
No Way Down: Life and Death on K2 — Amazon.com.
Jim Lahey's No-Knead Bread Recipe — Leite's Culinaria.
No Knead Bread Recipe — YouTube.
No-Knead Bread Recipe — New York Times.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Elon Musk, Roblox, and Love Bug author found

Wed, 06 May 2020 22:00:00 +0000

What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down the man behind one of history's biggest virus outbreaks in Manila? And what on earth is a hacker doing breaching Roblox security?

Visit https://www.smashingsecurity.com/177 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

Support Smashing Security

Links:

Vote for Smashing Security in the EU Security Blogger Awards!
Graham Cluley on Earworm Island — Earworm Island podcast.
Carole Theriault on Earworm Island — Earworm Island podcast.
Elon Musk tweets a photo of his newborn child — Twitter.
World Password Day — Days of the year.
Grimes explains the baby's name — Twitter.
Don’t Make These 5 Password FAILS! (But Do Notch These 2 Password Wins) — ID Agent.
Love Bug Virus Creator Comes Clean — Geoff White.
Memories of the Melissa virus — Naked Security.
Roblox — Wikipedia.
What is Roblox? — Digital Trends.
Hacker Bribed 'Roblox' Insider to Access User Data — Motherboard.
I'm Officially RICHER Than ROBLOX!! (WORLD RECORD BROKEN) — Linkmon99 on YouTube.
WM97/Michael-B virus analysis — Sophos.
Bookcase Credibility — @BCredibility on Twitter.
Five Minutes With: Brian Sewell — YouTube. So you can see how good Graham's impression is.
Syncplay.
Netflix Party.
Whole Chicken in a Can — Ashens on YouTube.
Poundland Food Special - All Day Breakfast — Ashens on YouTube.
MRE & Ration Reviews — YouTube. A man experiencing and reviewing military rations from 1863-current day.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Hacking hacks and university attacks

Wed, 29 Apr 2020 22:00:00 +0000

Journalists spying on their rivals, the NHS rejects Apple and Google's approach to Coronavirus-tracing, and universities are hit by an old-fashioned sexy lady attack.

Visit https://www.smashingsecurity.com/176 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Rik Ferguson.

Sponsored By:

Support Smashing Security

Links:

Vote for Smashing Security in the EU Security Blogger Awards!
Financial Times reporter accessed private calls at Independent and Evening Standard — The Independent.
FT suspends journalist accused of listening to rival outlets' Zoom calls — The Guardian.
Sky News admits it hacked Canoe Man’s email — Naked Security.
Is it ever acceptable for a journalist to hack into somebody else’s email? — Naked Security.
NHS rejects Apple-Google coronavirus app plan — BBC News.
Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities — Proofpoint.
Warwick University kept data hack secret from students and staff — Birmingham Live.
JustWatch - The Streaming Guide.
Just Watch — Apple App Store.
Just Watch — Google Play.
Fire for Kids Unlimited — Amazon UK.
Kindle Limited for Kids — Amazon.com.
J! Archive.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Zoom deepfakes, Zardoz, and 'Rona tracing

Wed, 22 Apr 2020 22:00:00 +0000

Will deepfake disguises hit a video conference near you, can Coronavirus-tracing apps be trusted, and should Facebook shut down anti-quarantine events?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/175 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Iain Thomson in fancy dress on Zoom. — Twitter.
Smashing Security 134: Sextortion, silicone face masks, and a DDoS doofus.
Avatarify: Avatars for Zoom and Skype — GitHub.
"Elon Musk joined our Zoom call" — YouTube.
Avatarify demo — YouTube.
This Open-Source Program Deepfakes You During Zoom Meetings, in Real Time — Vice.
Trailer for Zardoz (1974) — YouTube.
Coronavirus: Governors ask Trump to call off lockdown protests — BBC News.
Facebook sort-of blocks anti-quarantine events – how many folks are actually behind these 'massive' protests online? — The Register.
COVID-19 apps — Wikipedia.
Would You Give Up Health or Location Data to Return to Work? — The New York Times.
European scientists and researchers raise privacy concerns over coronavirus contact tracing apps — VentureBeat.
European experts ready smartphone technology to help stop coronavirus — Reuters.
2 billion phones cannot use Google and Apple contact-tracing tech — Ars Technica.
Contact Tracing in the Real World — Light Blue Touchpaper.
Tracking the Global Response to COVID-19 — Privacy International.
Apple and Google Respond to Covid-19 Contact Tracing Concerns — Wired.
Sketchplanations - A weekly explanation in a sketch.
Make These Projects to Fight COVID-19 Right Now — Make.
3D Print This Simple Tool Now, To Help Local Sewists Make More Masks for Covid-19 — Make.
Fix The Mask.
Turn a T-shirt into a face mask — Ronit Bose Roy on Twitter.
Educational Documentaries on Netflix — YouTube.
Remote Tourism.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Animal Crossing with Garry Kasparov

Wed, 15 Apr 2020 22:00:00 +0000

World-chess-champion-turned-activist Garry Kasparov joins us as we discuss celebrity lookalikes, smartphone fleeceware, the impact Coronavirus is having on security, and how a popular new video game is being used for political ends.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Garry Kasparov.

Yes, the Garry Kasparov. Graham was pretty excited too.

Visit https://www.smashingsecurity.com/174 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Garry Kasparov.

Sponsored By:

Support Smashing Security

Links:

Don’t let fleeceware sneak into your iPhone — Sophos.
Fleeceware apps persist on the Play Store — Sophos.
Fleeceware apps discovered on the iOS App Store — ZDNet.
How to see or cancel subscriptions on your iPhone, iPad or iPod touch — Apple Support.
How to cancel, pause, or change a subscription on Google Play — Google Play Help.
Global Move to Telecommute Work Increases Security Risks — Voice of America.
Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book — Malwarebytes.
Animal Crossing.
The Vegan Guide to 'Animal Crossing: New Horizons' — PETA Kids.
Chinese gamers decorate Animal Crossing with propaganda and Covid-19 references — Abacus.
Nintendo game pulled from Chinese platforms after Hong Kong protest — Reuters.
Animal Crossing removed from sale in China amid Hong Kong protests — BBC News.
Animal Crossing game removed from sale in China over Hong Kong democracy messages — The Guardian.
Retirement day fighter jet ride ends in chaos after OAP pulls ejector seat lever — Daily Star.
Extraordinary Times: A COVID-19 Visual Journal — Maria Photinakis.
French air investigation report.
Coronavirus: 20 suspected phone mast attacks over Easter — BBC News.
Coronavirus: Scientists brand 5G claims 'complete rubbish' — BBC News.
The Weirdly Enduring Appeal of Weird Al Yankovic — The New York Times.
‎The Daily: The Sunday Read: Weird Al Yankovic’s Weirdly Enduring Appeal — Apple Podcasts.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

5G fiascos, Zoom gloom, and butt biometrics

Wed, 08 Apr 2020 22:00:00 +0000

We take a look at the stinky backside of surveillance, gas about the latest video-conferencing threats, and jump into the murky world of 5G conspiracy theories.

Visit https://www.smashingsecurity.com/173 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Barry McMahon and David McClelland.

Sponsored By:

Support Smashing Security

Links:

Engineers unleash car-seat identifier that reads your rear end — Phys.org.
Identifying personal microbiomes using metagenomic codes — PNAS.
A mountable toilet system for personalized health monitoring via the analysis of excreta — Nature.
'Magic toilet' could monitor users' health, say researchers — The Guardian.
Toilet hackers could snoop on your poop, steal data of a “personal nature” — Graham Cluley.
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer — Trend Micro.
PSA: Fake Zoom installers being used to distribute malware — Bleeping Computer.
Was a 5G Tower Torn Down in China To Stop COVID-19? — Snopes.
Coronavirus 5G Conspiracy Theory: UK Cell Towers Burned Over Claims It Causes COVID-19 — International Business Times.
Coronavirus 5G conspiracy theory spreads as cellphone towers attacked — USA Today.
5G is not accelerating the spread of the new coronavirus — Full Fact.
Influencers among 'key distributors' of coronavirus misinformation — The Guardian.
How the 5G coronavirus conspiracy theory tore through the internet — Wired.
Call for social media platforms to act on 5G mast conspiracy theory — The Guardian.
Totally Reliable Delivery Service - The Game About Terrible Delivery Drivers.
Totally Reliable Delivery Service - Launch Trailer — YouTube.
LET'S GO LIVE with Maddie & Greg — YouTube.
Power Corrupts Podcast.
The godfather of fake news — BBC News.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

UncleF***Face - with Mikko Hyppönen

Wed, 01 Apr 2020 22:00:00 +0000

Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he's bought a Facebook Portal for his in-laws.

All this and much much more is discussed in the latest edition of the award-winning "Smashing Security" podcast with Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/172 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mikko Hyppönen.

Sponsored By:

Support Smashing Security

Links:

Herrasmieshakkerit — Mikko's security podcast (in Finnish) with Tomi Tuominen.
Video trailer for Herrasmieshakkerit — YouTube.
Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims — Graham Cluley.
Houseparty declares that all accounts are safe — Twitter.
Houseparty announces $1,000,000 bounty — Twitter.
Zoom Meetings Do Not Support End-to-End Encryption — The Intercept.
The most popular smartphones in 2019 — DeviceAtlas.
The Zoom IPO (with Santi Subotovsky) — Acquired podcast.
Cyber Volunteers – Protecting and Responding for our healthcare services! — CV19.
Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers — Bloomberg.
Your Bosses Are Trying To Spy On You Now More Than Ever — Futurism.
Companies are using webcams to monitor employees working from home — Business Insider.
Something Rhymes with Purple — Acast.
Susie Dent on Twitter.
Virtual choir from Finland: "Song of the Fearless" — YouTube.
Someone's built the entire Earth in Minecraft - to scale — Eurogamer.
The Earth in Minecraft, 1:1 scale ...for the first time — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

WhatsApp hoaxes, Zoombombs, and 8-bit love

Wed, 25 Mar 2020 23:00:00 +0000

Blackmailers are threatening to infect your family with Coronavirus, trolls are making Zoom an unsafe place for those of a sensitive disposition, and what is the mysterious Dr Negrin audio message spreading on WhatsApp?

Visit https://www.smashingsecurity.com/171 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

Support Smashing Security

Links:

"Stay home and help flatten the curve!" — Tweet by Pornhub.
‘Dirty little secret’ extortion email threatens to give your family coronavirus — Naked Security.
Google Assistant calling the hairdresser for an appointment — YouTube.
Geoff White tweets about the "Dr Negrin" audio message. — Twitter.
Priest in Italy live streams mass, activates filters by mistake — Reddit.
Beware of ‘ZoomBombing:’ screensharing filth to video calls — TechCrunch.
‘Zoombombing’: When Video Conferences Go Wrong — The New York Times.
How to prevent your Zoom meetings being Zoom-bombed (gate-crashed) by trolls — ZDNet.
Students Are Targeting Zoom and Classroom With Bad Reviews To End Homework During Coronavirus Outbreak — Newsweek.
MS-DOS Games you can play in your browser — The Internet Archive.
Humbug by Graham Cluley — The Internet Archive.
A New Map of Wonders: A Journey in Search of Modern Marvels — Amazon.com.
Revolution [8 Bit Tribute to The Beatles] — YouTube.
8 Bit Universe — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

PornHub, Coronavirus apps, and remote working

Wed, 18 Mar 2020 23:00:00 +0000

It's a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you're unexpectedly working from home.

Visit https://www.smashingsecurity.com/170 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Ran Levi.

Sponsored By:

Support Smashing Security

Links:

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware — DomainTools.
CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware — DomainTools.
Israel to use anti-terror tech to counter coronavirus 'invisible enemy' — Reuters.
Coronavirus: Sophie Trudeau had event with Idris Elba, Lewis Hamilton — Business Insider.
Porn Sets Asked to Stop Production to Help Slow the Spread of Coronavirus — VICE.
People who work from home earn more than those who commute—here's why — CNBC.
Twitter orders all employees worldwide to work from home — The Verge.
NASA chief urges space agency employees work from home amid coronavirus outbreak — Space.
JPMorgan tells employees around the world to work from home — CNBC.
Pornhub handing out free premium subs to help Italy fight coronavirus — The Next Web.
Tweet from ProtonVPN.
PornHub Insights.
Coronavirus insights — PornHub Insights.
A global map of wind, weather, and ocean conditions.
Cold podcast — Wondery.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Burglaries, breaches, and bidets

Wed, 11 Mar 2020 23:00:00 +0000

How one guy's exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/169 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Leave Smashing Security a voicemail!
Google tracked his bike ride past a burglarized home. That made him a suspect. — NBC News.
Smashing Security episode 144: "Google helps the FBI, Twitter Jack’s hijack, and car data woes."
Breaking Password Dependencies: Challenges in the Final Mile at Microsoft — YouTube.
FYI: When Virgin Media said it leaked 'limited contact info', it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more — The Register.
Data Breach Information FAQ — Virgin Media.
Virgin Media Disclosure Statement — TurgenSec.
Virgin Media breach 'linked customers to porn' — BBC News.
Ultimate Chicken Horse — Clever Endeavour Games.
Ultimate Chicken Horse - Trailer - Nintendo Switch — YouTube.
Coronavirus prevention: 10 songs for hand washing — Los Angeles Times.
New currency circulation in Australia — Reddit.
Lisa Forte reports on loo roll stocks in the Abu Dhabi Waitrose — Twitter.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

The Bitcoin fraud factory

Wed, 04 Mar 2020 23:00:00 +0000

Fraudsters steal millions from those hoping to jump on the Bitcoin bandwagon, Twitter verifies a fake US politician, and it's another face palm for facial recognition.

Visit https://www.smashingsecurity.com/168 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

Inside the Kiev fraud factory stealing senior citizens’ savings — Dagens Nyheter.
Revealed: fake 'traders' allegedly prey on victims in global investment scam — The Guardian.
Inside the Kiev Bitcoin fraud factory — YouTube.
A high school student created a fake 2020 candidate. Twitter verified it — CNN.
Verified account FAQs — Twitter.
London's Dazzle Club uses makeup to protest police use of facial recognition technology — WKSU.
CV Dazzle: Camouflage from Face Detection.
Clearview AI's Facial Recognition Tech Is Being Used By The Justice Department, ICE, And The FBI — BuzzFeed.
Amazon Dating: The Future of Dating — Not the real Amazon.
Carole's ideal date — Amazon Dating.
My Word! — BBC.
My Word recording from early 1960s — YouTube.
Solve podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Coronavirus scams and an exaggerated lion

Wed, 26 Feb 2020 23:00:00 +0000

Scammers from Africa are preying on US businesses, a drug dealer makes a mistake when hiding his Bitcoin fortune, and the Coronavirus pandemic is causing scams to soar and raising questions about facial recognition.

Visit https://www.smashingsecurity.com/167 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Anna Brading.

Sponsored By:

Support Smashing Security

Links:

Business Email Compromise (BEC) and G Suite: How the Exaggerated Lion Cybercrime Group Cashes Out — Agari.
A weed dealer’s $59M lesson: Don’t hide Bitcoin keys with a fishing rod — Ars Technica.
Chance encounter with gardaí unmasked bitcoin millionaire drug dealer — Irish Times.
Man who ‘threw away’ bitcoin haul now worth over $80m wants to dig up landfill site — The Independent.
Novel Coronavirus Update — RSA Conference.
The Coronavirus Is Swiftly Breaching Defenses Across The World — Peak Prosperity.
Scores of Hongkongers hit by mask scam on Facebook, hundreds more could be fraud victims since coronavirus outbreak — South China Morning Post.
How Big of a Scam Are 'Coronavirus Protection Kits?' — Vice.
Wearing a mask won’t stop facial recognition anymore — Abacus News.
Coronavirus phishing scam targets victims with false information — Business Insider.
This Cat Does Not Exist.
These Cats Do Not Exist.
Intelligence — Sky.
This Country — BBC Three.
Farkle — Wikipedia.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

What the Dickens! Ad ban thank you scam

Wed, 19 Feb 2020 23:00:00 +0000

How to stop dick pics on Twitter, and a new way bad guys are extorting money from websites earning cash from Google ads.

All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/166 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

Tweet from Kelsey Bressler.
safeDM – Making the Internet Safer.
@showYoDiq — Twitter.
This Dick Pic Filter For Your Inbox Does Block Most Pictures Of Dicks, And Some Dick-Like Things — Buzzfeed.
Smashing Security 034: The pen is mightier than the password — With special guest David McClelland.
Pay Up, Or We’ll Make Google Ban Your Ads — Krebs on Security.
The Personal History of David Copperfield (Trailer) — YouTube.
The Personal History of David Copperfield — Wikipedia.
Hunted — Endeavor Audio.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cheapfakes, deepfakes, and Ashley Madison

Wed, 12 Feb 2020 23:00:00 +0000

Wi-Fi hopping malware, the return of Ashley Madison extortion scams, and should social media be doing anything about cheapfakes?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Visit https://www.smashingsecurity.com/165 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jessica Barker.

Sponsored By:

Support Smashing Security

Links:

Smashing Security #162: Robocalls, health hacks, and facial recognition fears — Carole talks about the activities of Clearview AI.
‎The Daily: The End of Privacy as We Know It? — Apple Podcasts.
Emotet Malware Advisory — US Department of Homeland Security.
Emotet Wishes You a Merry Christmas from Greta Thunberg — Proofpoint.
Coronavirus - hackers exploit fear of infection to spread malware — Graham Cluley.
Emotet evolves with new Wi-Fi spreader — Binary Defense.
Dear Ashley Madison user, I know everything about you. Pay up or else — Ars Technica.
Here's what an Ashley Madison blackmail letter looks like — Graham Cluley.
Nancy Pelosi rips up Trump's speech after divisive State of the Union address — The Guardian.
Tweet by Dan Scavino Jr.
Video of Pelosi brings renewed attention to 'cheapfakes' — AP News.
Tool to Help Journalists Spot Doctored Images Is Unveiled by Jigsaw — The New York Times.
Smashing Security #143: Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians.
First survey of its kind for 50 years finds most Americans still think they have above average intelligence — Research Digest.
Grumpy Website.
The Courage to Be Disliked: The Japanese Phenomenon That Shows You How to Change Your Life and Achieve Real Happiness — Amazon.
Sophie's World: A Novel About the History of Philosophy — Amazon.com.
Fake Heiress – The woman who scammed New York — BBC Radio Four.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

A bitter pill to swallow

Wed, 05 Feb 2020 23:00:00 +0000

A gallery is tricked into giving millions to a fraudster, software tells doctors to push opioids onto patients, and an artist finds a novel way to trick Google Maps into thinking there's a traffic jam.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who ended up recording without a guest this week.

Visit https://www.smashingsecurity.com/164 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

Support Smashing Security

Links:

Fraudsters Posing as Art Dealer Got Gallery to Pay Millions — Bloomberg.
‘Hampstead Heath, Harrow in the Distance’, John Constable, David Lucas, published 1855 — Tate.
Electronic Health Records Vendor to Pay $145 Million to Resolve Criminal and Civil Investigations — Department of Justice.
In secret deal with drugmaker, health-records tool pushed opioids — Los Angeles Times.
Practice Management Software — Practice Fusion.
Opioid epidemic in the United States — Wikipedia.
Exclusive: OxyContin maker Purdue is 'Pharma Co X' in U.S. opioid kickback probe - sources — Reuters.
Smashing Security 122: The big fat con at Office Depot.
Google Maps hacks — Simon Weckert.
Google Maps Hacks by Simon Weckert — YouTube.
Telling Lies launch trailer — YouTube.
‎Telling Lies — iOS App Store.
Telling Lies — Steam.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Russian heists and Ring wrongs

Wed, 29 Jan 2020 23:00:00 +0000

Should possessing malware be illegal in itself? How did a Russian cryptocurrency exchange millionaire lose his fortune? And what on earth are Amazon Ring doorbell cams up to now?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.

And don't miss our special featured interview with Adrian Sanabria, all about Thinkst Canary.

Visit https://www.smashingsecurity.com/163 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Adrian Sanabria and Lisa Forte.

Sponsored By:

Support Smashing Security

Links:

Senate Bill 30 (PDF)
Maryland: Make malware possession a crime! Yes, yes, researchers get a free pass — The Register.
The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up — Techdirt.
Smashing Security 151: Frankly, sometimes paying the ransom is a good idea.
Maryland Computer Crimes Laws — FindLaw.
Maryland Cookies TV advert — YouTube.
Hunting the missing millions from collapsed cryptocurrency — BBC News.
Inside the hellish workday of an Amazon warehouse employee — New York Post.
Ring Doorbell App Packed with Third-Party Trackers — Electronic Frontier Foundation.
Nicholas Parsons: 'Broadcasting legend' dies at 96 after short illness — BBC News.
Just a Minute — Wikipedia.
Nicholas Parsons interviewed by Richard Herring — YouTube.
Her Story - A Video Game About a Woman Talking to the Police.
Her Story trailer — YouTube.
Her Story follow-up takes place on a stolen NSA hard drive — Polygon.
Bezos learns the harsh lesson of texting a crown prince fond of crucifixions — Marina Hyde, writing in The Guardian.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Robocalls, health hacks, and facial recognition fears

Wed, 22 Jan 2020 23:00:00 +0000

A hospital gets hacked because of an ex-employee's grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks.

Visit https://www.smashingsecurity.com/162 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Michael Hucks.

Sponsored By:

Support Smashing Security

Links:

YOU Season 2 Trailer — YouTube.
Hospital administrator sacked for using NHS computer to download over 10,000 records is spared jail — Daily Mail.
Robocalls: Americans got 58.5 billion in 2019, up 22% from last year — USA Today.
Microsoft and Google just can't agree on proposed ban on facial recognition — ZDNet.
Clearview - Technology to help solve the hardest crimes.
The Secretive Company That Might End Privacy as We Know It — New York Times.
Clearview FAQ (PDF).
Episode review: Columbo Double Shock — Graham got it wrong. It was Martin Landau, not Leonard Nimoy, who played the twins. And they weren't surgeons (but Nimoy did play an evil surgeon in a different Columbo episode that season)
Eunoia: Words that Don't Translate.
Dog wagging her tail every time she sees her owner — YouTube.
She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement — Amazon.com.
Harvey Weinstein Paid Off Sexual Harassment Accusers for Decades — New York Times.
‘She Said’ Recounts How Two Times Reporters Broke the Harvey Weinstein Story — New York Times.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Love, lucky dips, and 23andMe

Wed, 15 Jan 2020 23:00:00 +0000

The man who hacked the UK National Lottery didn't end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Visit https://www.smashingsecurity.com/161 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Thom Langford.

Sponsored By:

Support Smashing Security

Links:

Cyber criminal jailed over National Lottery hack — National Crime Agency.
Man who hacked National Lottery for just £5 is jailed for nine months — Hot for Security.
Booking data stolen from Japanese short-time love hotel booking service HappyHotel — SiliconANGLE.
23andMe Licenses Drug Compound to Spanish Drugmaker Almirall — Bloomberg.
Big Data and the End of Painful, Invasive Medical Procedures — Wired.
How 23andMe Won Back the Right to Foretell Your Diseases — Wired.
Privacy policy — 23andMe.
Turbo Boost Switcher for macOS.
Embarrassed patients can now send photos of genitals to doc for STI checks — The Sun.
Messiah trailer — YouTube.
Messiah — Netflix.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

SNAFUs! MS Word, Amazon Ring, and TikTok

Wed, 08 Jan 2020 23:00:00 +0000

We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you're comfortable with, and how teens are flocking to TikTok (and why that might be a problem).

All this and much much more is covered in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/160 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Senior Manager Of Global Internet Company Pleads Guilty To Wire Fraud — Department of Justice.
IT exec sets up fake biz, uses it to bill his bosses $6m for phantom gear, gets caught by Microsoft Word metadata — The Register.
We Tested Ring’s Security. It’s Awful — Motherboard.
Amazon Ring isn’t even good at pretending to care about your privacy and safety — Fight for the Future
Amazon’s Ring to let customers opt out of receiving police video requests — GeekWire.
Letter to Amazon's Jeff Bezos from Senator Ron Wyden and others (PDF).
House panel asks Apple, Google if app makers must reveal foreign ties — Engadget.
U.S. Military Bans TikTok Over Ties to China — Wall Street Journal.
The Growing Popularity of Chinese Social Media Outside China Poses New Risks in the West — PIIE.
TikTok Privacy Policy.
Statement on TikTok's content moderation and data security practices — TikTok.
Revealed: how TikTok censors videos that do not please Beijing — The Guardian.
Parents warned to check kids' phones for 15 popular apps used by paedos and bullies to target youngsters — The Sun.
Dracula — BBC iPlayer.
Dracula — Netflix.
Obsessed With... - Dracula - Episode 1: The Rules of the Beast feat. Mark Gatiss and Steven Moffat — BBC Sounds.
Dracula TV series — Wikipedia.
The Witcher — Netflix.
The Witcher Soundtrack - Toss A Coin To Your Witcher Lyrics — YouTube.
Ricky Gervais 2020 Golden Globe Monologue — Reddit.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Rap, robbery, and IoT holiday hell

Wed, 18 Dec 2019 23:00:00 +0000

A rapping bank worker is accused of stealing from the vault, the devices that can hide your car's true mileage, and why it may be a case of "No No No" rather than "Ho Ho Ho" when it comes to IoT toys this Christmas.

And as Carole sups the mulled wine, Graham has problems with his internet connection...

Visit https://www.smashingsecurity.com/159 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

‘No Chance:’ John McAfee Halts Crypto Promo as US 2020 Elections Near — Coin Telegraph.
FBI Arrests Former Bank Employee Charged With Stealing Cash From Bank Vault — US Department of Justice.
"Problem" video — Aceey4oez on Instagram.
Man posted photos of himself with stacks of cash after stealing from bank: charges — Sydney Morning Herald.
The 1980 Cadillac Seville.
Naughty CANbus odometer "interface". (Fakes mileage.) — Bigclivedotcom on YouTube.
Children’s data and privacy online Growing up in a digital age (PDF) — London School of Economics.
Amazon Echo Dot Kids: Privacy violations puts kids at risk, lawsuit alleges — CBS News.
Parents should be wary of all connected toys, expert says — IT Pro.
Safety alert: see how easy it is for almost anyone to hack your child’s connected toys — Which?
Kids’ karaoke machines and smart toys from Mattel and Vtech among those found to have security flaws — Which?
FTC fines Google $170 million for violating children's privacy on YouTube — CBS News.
The movies that made us — Netflix.
Die Hard — Wikipedia.
Strong Songs podcast.
Truth Be Told Official Trailer — YouTube.
Truth Be Told doesn’t know how to make a murderer — The Verge.
Truth Be Told — Apple TV+
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

The man behind The Missing Cryptoqueen

Wed, 11 Dec 2019 23:00:00 +0000

We're joined by special guest Jamie Bartlett, of the chart-topping "The Missing Cryptoqueen" podcast, in this bumper episode where we discuss his investigation into the OneCoin cryptocurrency scam, the Russian cybercriminals behind Evil Corp, and the mysterious leaks about the NHS that have turned oh-so-political...

All this and much much more can be found in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/158 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jamie Bartlett.

Sponsored By:

Support Smashing Security

Links:

Russian hacking group "Evil Corp" accused of targeting American businesses — CBS News, YouTube.
Evil Corp donuts — YouTube.
International law enforcement operation exposes the world’s most harmful cyber crime group — National Crime Agency.
Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware — U.S. Department of the Treasury.
UK Government Releases Photos of Russian Hackers, Whose Lives Look Awesome — Motherboard.
Hackers with high-placed daddies ‘Evil Corp’ member designated by U.S. Treasury is son of former Russian mayor — Meduza.
The Missing Cryptoqueen — BBC Sounds.
Jeremy Corbyn reveals dossier 'proving NHS up for sale' — The Guardian.
Reddit links UK-US trade talk leak to Russian influence campaign — TechCrunch.
Corbyn v Johnson: BBC election debate round-up — YouTube.
Stammer Time! — Cassetteboy on Twitter.
The Inside Story of Labour's 'NHS For Sale' Leak — Motherboard.
More proof NHS is up for sale as Amazon exploits NHS for free — TruePublica.
Tweet by Rik Ferguson about his fragrant armpits — Twitter.
nuud.
Accused of Killing a Gambino Mob Boss, He’s Presenting a Novel Defense — The New York Times.
Graham and Carole appear on the BeerConOne Stream — Twitch. Graham & Carole show up at about 1 hour 48 minutes into the show.
The Beer Farmers raise funds for the Electronic Frontier Foundation and Mental Health Hackersy The Beer Farmers : BeerConOne. — GoFundMe.
The Radio Adventures Of Dr. Floyd.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

A biometric knuckle duster

Wed, 04 Dec 2019 23:00:00 +0000

What is Kaspersky's ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer?

Plus we have a bonus feature interview with Rachael Stockton from Logmein, the folks behind LastPass, all about behavioral biometrics!

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/157 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Maria Varmazis and Rachael Stockton.

Sponsored By:

Support Smashing Security

Links:

"Eau de Eugene Kaspersky" — Smashing Security, episode 12.
Kaspersky Labs - Packin' The K — YouTube.
Thousands of taxpayers tell HMRC to delete voiceprint data it stored without consent — Graham Cluley.
Hackers Have Stolen Almost Six Million US Government Fingerprints — Tripwire.
Fingerprints are not the same as passwords — Graham Cluley.
Face/Off trailer — YouTube.
Picture of the (rather ugly) Kaspersky ring — Twitter.
Kasperky's synthetic fingerprint ring — YouTube.
This Ring Uses a Fake Fingerprint to Protect Your Biometric Data — PC Magazine.
How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if you’ve never used Disney+ or NordVPN. — Derek Johnson.
The Rise of “Bulletproof” Residential Networks — Krebs on Security.
SmartPlay by NordVPN: What is it and how does it work? — NordVPN.
Resident Evil: Understanding Residential IP Proxy as a Dark Service — XiangHang Mi.
Alleged Music Hacker Indicted for Impersonating a Producer to Steal Unreleased Music — Hollywood Reporter.
Hacker stole unreleased music and then tried to frame someone else — ZDNet.
Manhattan U.S. Attorney Announces Charges Against Austin Man For Computer Hacking And Fraud Scheme To Steal Unreleased Music From Music Industry Professionals — Department of Justice.
Why the f**k was I breached?
President Nixon Never Actually Gave This Apollo 11 Disaster Speech. MIT Brought It To Life To Illustrate Power Of Deepfakes — WBUR News.
Which Classic Toy Came First? — Mental Floss.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Better safe than Sony

Wed, 27 Nov 2019 15:00:00 +0000

In this clip from a special bonus episode produced for our Patreon supporters, Graham Cluley and Carole Theriault discuss the 2014 hack of Sony Pictures - reportedly carried out by North Korea for the very oddest of reasons...

Visit https://www.smashingsecurity.com/156 to check out this episode’s show notes and episode links, and become one of our "bonus content" Patreon supporters to hear the full episode in all its glory, get early access to future episodes, occasional bonus content, and even receive stickers!

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening and Happy Thanksgiving!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Support Smashing Security

Links:

Hackers leak Hollywood salaries, embarrassing emails - PBS Newshour — YouTube.
Did North Korea hack Sony? It seems hard to believe — Graham Cluley.
Poor passwords at Sony, WikiLeaks shows with archive of hacked documents — Graham Cluley.
The Interview Trailer (2014) — YouTube.
U.S. Said to Find North Korea Ordered Cyberattack on Sony — The New York Times.
Sony hackers failed to hide their North Korean IP addresses, says FBI — Hot for Security.
NSA allegedly hacked North Korea's networks before Sony attacks — Graham Cluley.

Privacy & Opt-Out: https://redcircle.com/privacy

Juice jacking, YouTube hacking, password slacking

Wed, 20 Nov 2019 23:00:00 +0000

A bank has some of the worst password advice ever, travellers are told to be wary when USB charging their smartphones and laptops, and a gamer has his YouTube account hacked.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Geoff White.

Visit https://www.smashingsecurity.com/155 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

Support Smashing Security

Links:

Giorgio Bonfiglio tweets about Fineco's bizarre attitude to passwords — Twitter.
This Bank Had the Worst Password Policy We've Ever Seen — Motherboard.
NIST password guidelines.
Officials warn about the dangers of using public USB charging stations — ZDNet.
MarcoStyle on Twitter.
A YouTuber With 350,000 Subscribers Was Hacked, YouTube Verified His Hacker — Forbes.
Massive wave of account hijacks hits YouTube creators — ZDNet.
Popular gaming channel MarcoStyle has been hacked for days, running scams, but YouTube isn't responding — Reclaim the net.
How my Youtube Channel got hacked for 2 weeks — MarcoStyle on YouTube.
The Crown — Netflix.
Aberfan disaster — Wikipedia.
Aberfan - 50 years on — WalesOnline.
Cliff Michelmore eyewitness report from Aberfan — YouTube.
Dolly Parton's America — WNYC Studios.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

A buttock of biometrics

Wed, 13 Nov 2019 23:00:00 +0000

The UK's Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple's credit card is accused of being sexist, and what is Google up to with Project Nightingale?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Visit https://www.smashingsecurity.com/154 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: John Hawes.

Sponsored By:

Support Smashing Security

Links:

That "sophisticated" Labour cyber-attack - don't panic — Graham Cluley.
General election 2019: Labour Party hit by second cyber-attack — BBC News.
Election 2019: Security flaw leaves donors’ details online — The Times.
Apple's 'sexist' credit card investigated by US regulator — BBC News.
Apple's credit card caper probed over sexism claims – after women screwed over on limits — The Register.
Google has access to detailed health records on tens of millions of Americans — Ars Technica.
Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans — WSJ.
Google buys Fitbit for $2.1 billion — Ars Technica.
Smart condom ring i.Con is like a Fitbit for your man bits — CNET.
The Missing Cryptoqueen — BBC Sounds.
Undone — Amazon Prime.
Speed Monopoly - How to Play in under 30 minutes! — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cybercrime doesn’t pay (but Uber does)

Wed, 06 Nov 2019 23:00:00 +0000

The cybercrime lovebirds who hijacked Washington DC's CCTV cameras in the run-up to Donald Trump's inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.

Visit https://www.smashingsecurity.com/153 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Lisa Forte.

Sponsored By:

Support Smashing Security

Links:

Ransomware attack impacted 70% of Washington DC police surveillance cameras — Graham Cluley.
The Hapless Shakedown Crew That Hacked Trump’s Inauguration — Wall Street Journal.
Eveline Cismaru's Instagram account.
London Investment Bankers Charged in Insider-Trading Ring — Bloomberg.
Trade-Secrets Case Linked to Google Seen as Warning to Silicon Valley — Wall Street Journal.
Uber concealed massive hack that exposed data of 57m users and drivers — The Guardian.
Uber's statement about its 2016 "Data Security Incident"
Hackers who extorted Uber and LinkedIn plead guilty — ZDNet.
Maersk: Springing back from a catastrophic cyber-attack — I-CIO.
The Master Game — Wikipedia.
BBC's The Master Game — The Kenilworthian.
Gogglebox — Channel 4.
Ndemic Creations, makers of Plague Inc.
Plague Inc. trailer — YouTube.
‎Plague Inc. — iOS App Store.
Plague Inc. — Google Play.
The great contemporary art bubble. BBC documentary - YouTube — YouTube.
BBC art documentaries playlist — YouTube.
Painters and artists documentaries — YouTube.
Art documentaries playlist — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cats, hoodies, and rent

Wed, 30 Oct 2019 23:00:00 +0000

What's the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?

Visit https://www.smashingsecurity.com/152 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: David McClelland.

Sponsored By:

Support Smashing Security

Links:

Privacy & Opt-Out: https://redcircle.com/privacy

Frankly, sometimes paying the ransom is a good idea

Wed, 23 Oct 2019 22:00:00 +0000

Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn't the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, with a featured interview with Rachael Stockton from Logmein.

Visit https://www.smashingsecurity.com/151 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Rachael Stockton.

Sponsored By:

Support Smashing Security

Links:

Support Smashing Security on Patreon — Now also includes free stickers!
RobbinHood ransomware attack brings down parts of City of Baltimore's computer network — Tripwire.
Some Baltimore City Services Still Shut Down Due To Ransomware Attack — YouTube.
Baltimore government could have lost its website last week. And not because of hackers — Baltimore Brew.
Baltimore transfers $6 million to pay for ransomware attack; city considers insurance against hacks — Baltimore Sun.
Baltimore IT department uses ‘mind-boggling,' outdated data storage method, audit finds
Councilman “mind-boggled” by Baltimore City IT department ineptitude — Ars Technica.
The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up — Techdirt.
"Backin Up" by The Gregory Brothers — YouTube.
Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping — Security Research Labs.
Zoomquilt 2.
Arkadia Zoomquilt.
Historia Civilis — YouTube.
2019 Global Password Security Report — LastPass.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Liverpool WAGs, Facebook politics, and a selfie stalker

Wed, 16 Oct 2019 22:00:00 +0000

Footballers' wives go to war over Instagram leaks, it turns out fake news is fine on Facebook (just so long as it's in a political ad), and things take a horrific turn in Japan, as a stalker uses a scary technique to find out where his pop idol lives.

Visit https://www.smashingsecurity.com/150 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

Tweet by Coleen Rooney on Twitter.
Tweet by Rebekah Vardy on Twitter.
Prince Harry launches phone-hacking case against Sun and Mirror owners — The Guardian.
Mark Zuckerberg: An Elizabeth Warren presidency would 'suck' for Facebook — CNN.
In leaked audio, Mark Zuckerberg rallies Facebook against critics, competitors, and Elizabeth Warren — The Verge.
Elizabeth Warren Facebook ad mocks Facebook's fact checking policies — Engadget.
Graham getting thrashed by Garry Kasparov — @gcluley on Twitter
Stalker zoomed in on Japanese idol's eyes to find out where she lived — Graham Cluley.
Obsessed fan finds Japanese idol's home by zooming in on her eyes — AsiaOne.
Ni No Kuni: Wrath of the White Witch - Nintendo Switch Trailer — YouTube.
Funny English Idioms - and why we say them! — YouTube.
Vice — Amazon Prime.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Falling in love with fraudsters

Wed, 09 Oct 2019 22:00:00 +0000

We take a trip to Staten Island, New York, to hear how a case of cyberstalking resulted in the arrest of 20 alleged mobsters, learn about the nude photo-loving insider threat at Yahoo, and discover how fraudsters might be boosting Match.com's profits.

Visit https://www.smashingsecurity.com/149 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Ran Levi.

Sponsored By:

Support Smashing Security

Links:

The "You Think I'm Funny?" scene from "Goodfellas" — YouTube.
20 Defendants Charged with Crimes, Including Racketeering, Extortion, Loansharking — Department of Justice.
Indictment against Joseph Amato and others (PDF) — Department of Justice.
GPS cyberstalking of girlfriend brings surveillance and indictment for alleged American mobster — The Register.
How to Find a GPS Tracker on Your Vehicle.
Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts — Department of Justice.
Former Yahoo engineer pleads guilty to searching 6,000 user accounts for nudes — The Verge.
Using Match.com? Read this — FTC Consumer Information.
Why Match.com allegedly luring lonely customers with fake ‘winks’ is just another form of ‘phishing’ — MarketWatch.
Fembots land Ashley Madison in hot water with the FTC — Graham Cluley.
Mark Lewisohn Official Website.
Hornsey Road with Mark Lewisohn.
The Beatles' Abbey Road (Super Deluxe Edition) — Spotify.
Jigsaw Explorer — Online Jigsaw Puzzles.
Criminal — Netflix.
Criminal Review: Netflix Crime Drama With Parts Better Than the Whole — Collider.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Billboard boobs, face forensics, and Alexa gets way too personal

Wed, 02 Oct 2019 22:00:00 +0000

Drivers are distracted by a hacked billboard, we take a deeper look at how the deepfake problem has... uh... deepened, and Carole is less than happy about Amazon's announcement about new Alexa integrations.

All this, an annoying goose, and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/148 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Wonderbra 'Hello Boys' advert voted most iconic of all time — Daily Mail.
Hello boys! The greatest billboard ads of all time — The Sun.
Outdoor advertisements and signs: a guide for advertisers (PDF) — UK Government.
Pornographic video plays on I-75 billboard, police investigating — WXYZ Detroit.
Porn plays on I-75 billboard, police searching for suspects caught on video — Detroit Free Press.
Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say — Motherboard.
Xev Bellringer's filmography — IMDB.
Two people broke into shed, hacked into computers to put pornography on billboard — WXYZ Detroit.
Motorists warned of “Zombies Ahead” on hacked road sign — Naked Security.
Motorists warned of Dalek invasion by hacked road sign — Naked Security.
Hacked Seattle road sign says ‘Impeach the Bastard’ — Q13Fox.
Hackers have been f**king with downtown LA's road signs — Graham Cluley.
The FaceForensics dataset — GitHub.
This Deepfake of Mark Zuckerberg Tests Facebook’s Fake Video Policies — Motherboard.
The Deepfake Detection Challenge.
Smashing Security episode 063 — The first time Maria discussed deepfakes.
Amazon bolsters Alexa privacy after user trust takes a hit — CNET.
Alexa’s new Echo eyeglasses and ring show big tech’s privacy conundrum — Vox.
Amazon's Rekognition software lets cops track faces: Here's what you need to know — CNET.
Amazon may soon be able to track your phone’s location, activists warn — Business Insider.
Your Google history.
Untitled Goose Game.
Find wi-fi hotspots with hotspot directories — BT Wi-Fi.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Don't Snapchat and drive

Wed, 25 Sep 2019 22:00:00 +0000

How is private medical data leaking onto the streets of Milton Keynes, what is widening the cybersecurity skills gap, and how is Australia controversially tackling the problem of drivers using their mobile phones?

Visit https://www.smashingsecurity.com/147 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Joe Carrigan.

Sponsored By:

Support Smashing Security

Links:

50 reasons to love Milton Keynes (what, only 50?) — The Guardian.
Logan's Run movie trailer — YouTube.
Understanding Milton Keynes — YouTube.
A Festival of Creative Urban Living.
Tweet by @Costermk about "Utopia Station".
Unshredded NHS records were dumped in a town centre to weigh down scaffolding at art festival — The Sun.
Outrage as thousands of NHS patients' medical records are dumped in town centre — Daily Mail.
The Cybersecurity Skills Gap Won't Be Solved in a Classroom — Forbes.
Cybersecurity Skills Shortage Soars, Nearing 3 Million — (ISC)² Blog.
What Cyber Skills Shortage? — Dark Reading.
Australia Is Using New Technology to Catch Drivers on Phones — Time.com.
Texting And Driving Statistics In America — Simply Insurance.
Distracted Driving Worsens As Drivers Use Phones In Riskier Ways — Forbes.
Restrictions on cell phone use while driving in the United States — Wikipedia.
RAC research: dangerous phone use at the wheel rockets among some age groups — RAC.
Really Rude Map.
Shitterton comes on top of list of Britain's worst place names including Pratts Bottom, Crapstone and Slag Lane... but those who live there insist it's still a lovely place to live — Daily Mail.
Heavens-Above.
Shower Orange an Enlightenment of the Soul — Reddit.
Carole's shower adventures with an orange — @caroletheriault on Twitter.
Graham's shower adventures with a banana — @gcluley on Twitter.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Password secrets and baking brownies

Wed, 18 Sep 2019 22:00:00 +0000

In the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault, Carole has suffered an injury, we journey back in time to one of our earliest episodes to discuss the perils of passwords, and Rachael Stockton from LastPass drops by for a chat.

Visit https://www.smashingsecurity.com/146 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Rachael Stockton and Vanja Švajcer.

Sponsored By:

Support Smashing Security

Links:

Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Apple and Google willy wave while home assistants spy - DoH!

Wed, 11 Sep 2019 22:00:00 +0000

Apple is furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

Visit https://www.smashingsecurity.com/145 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: John Leyden.

Sponsored By:

Support Smashing Security

Links:

A very deep dive into iOS Exploit chains found in the wild — Google Project Zero.
Google finds 'indiscriminate iPhone attack lasting years' — BBC News.
A message about iOS security — Apple.
Mobile & Tablet Operating System Market Share in China — Statcounter.
Apple Disputes Google’s Claims of a Devastating iPhone Hack — Motherboard.
What’s next in making Encrypted DNS-over-HTTPS the Default — Mozilla.
Firefox DNS-over-HTTPS rollout starts later this month — The Daily Swig.
ISP trade association backtracks on Mozilla ‘internet villain’ nomination — The Daily Swig.
Apple apologises for allowing workers to listen to Siri recordings — The Guardian.
Apple contractors 'regularly hear confidential details' on Siri recordings — The Guardian.
Almost a quarter of Britons now own one or more smart home devices — YouGov.
The Bright Side of Humans Eavesdropping on Your Alexa Recordings — Gizmodo.
Smart Speakers That Listen When They Shouldn't — Consumer Reports.
BetterTouchTool for Mac.
The SwigCast — A security podcast from The Daily Swig, featuring John Leyden.
The Wii — Wikipedia.
Just Dance 4: Rock Lobster - The B-52's — YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Google helps the FBI, Twitter Jack’s hijack, and car data woes

Wed, 04 Sep 2019 22:00:00 +0000

Should Google really be helping the FBI with a bank robbery? What's the story behind the Twitter CEO claiming there's a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks...

Visit https://www.smashingsecurity.com/144 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

Support Smashing Security

Links:

Feds ordered Google location dragnet to solve Wisconsin bank robbery — The Verge.
Google reverse location search warrant.
Manhattan DA Got Innocent People's Google Phone Data Through A 'Reverse Location' Search Warrant — Gothamist.
Jorge Molina: Avondale police used Google data to wrongfully arrest me — AZCentral.
About the Twitter CEO '@jack hack' — Graham Cluley.
Trump says it 'shouldn't be too bad' if someone hacks his Twitter — Business Insider.
Chuckle Brothers — Wikipedia.
Wipe Data From Your Car Before Selling It — Consumer Reports.
Connected Cars, Telematics and Connectivity-as-a-Service : What's the Future? — Dataconomy.
It looks like tech-savvy drivers will have to lead connected car data purge — The Register.
It’s too easy to steal a second‑hand connected car — We Live Security.
Doctor Who writer Terrance Dicks dies, aged 84 — Radio Times.
Terrance Dicks inspired me to write – and not to feel ashamed of my stammer — New Statesman.
Terrance Dicks obituary — The Guardian.
On The Outside It Looked Like An Old Fashioned Police Box... — A radio documentary about the Doctor Who novelisations, many of which were written by Terrance Dicks.
Cybercrime Investigations podcast — Features some chap called Geoff White.
Elisabeth Schwarzkopf's appearance on the BBC's Desert Island Discs, 1958 — Where she chooses seven of her own songs.
Intelligence Squared podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians

Wed, 28 Aug 2019 22:00:00 +0000

Was a cybercrime committed on the International Space Station? What on earth were Ukrainian scientists thinking when they plugged a nuclear power station into the internet? And someone has cloned Canadian clinical psychologist Jordan Peterson's voice...

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/143 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

Support Smashing Security

Links:

NASA Astronaut Anne McClain Accused by Spouse of Crime in Space — The New York Times.
Space Station's Data Rate Increase Supports Future Exploration — NASA.
Astronaut Anne McClain denies cybercrime allegations — @AstroAnnimal on Twitter.
The Moon is Covered With 400,000 Pounds of Human Trash — Interesting Engineering.
Lunar Roving Vehicle (LRV) — National Air and Space Museum. (Apparently it's top speed is a paltry 8 miles per hour, not the 17 miles per hour Graham claimed)
Ukraine: Crypto Miners Arrested for Compromising Nuclear Plant Security — Coin Telegraph.
A Site Faking Jordan Peterson's Voice Shuts Down After Peterson Decries Deepfakes — Motherboard.
I Didn't Say That — Jordan Peterson.
To fix the problem of deepfakes we must treat the cause, not the symptoms — The Guardian.
Dr Jordan Peterson with Kermit the Frog — Twitter.
Portsmouth Sinfonia — Wikipedia.
Portsmouth Sinfonia perform "Also sprach Zarathustra" — YouTube.
Portsmouth Sinfonia Plays the Popular Classics — YouTube.
The Eden Project.
Lebanese Mountain Bread Recipe — AllRecipes.com
Sourdough No-Knead Bread Recipe — The New York Times.
Japanese Milk Bread Rolls recipe — King Arthur Flour.
My Best Sourdough Recipe — The Perfect Loaf.
Common Bread Baking Calculators — The Perfect Loaf.
Beginner's Sourdough Bread — The Perfect Loaf.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Mercedes secret sensors, smart cities, and ransomware runs riot

Wed, 21 Aug 2019 22:00:00 +0000

Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the security threats impacting smart cities, and a new feature coming to your Facebook app.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/142 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jack Rhysider.

Sponsored By:

Support Smashing Security

Links:

Mercedes spies on drivers by secretly installing tracking devices in cars and passing information to bailiffs — The Sun.
Three-unique-words 'map' used to rescue mother and child — BBC News.
Rolling a Reliant Robin - Top Gear — YouTube.
Ransomware Attack Affects Computers In 22 Towns In Texas — NPR.
What Is A Smart City? — ComputerWorld.
Access the latest smart city tenders — Bee Smart City.
Hacking 20% of cars could freeze traffic in NYC, study finds — Smart Cities Dive.
Lack of Critical Infrastructure Cybersecurity Investments in Smart Cities will Seed the Future IoT Vulnerabilities — ABI research.
Facebook to stop stalking you off-site - but only if asked — BBC News.
Now You Can See and Control the Data That Apps and Websites Share With Facebook — Facebook News Room.
Off-Facebook Activity: Control your information — Facebook.
Smashing Security #075: Quitting Facebook.
Amazon.com: Logitech M705 Marathon Wireless Mouse — Amazon.
40 brilliant idioms that simply can’t be translated literally — TED Blog.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Black Hat and Bridezillas

Wed, 14 Aug 2019 22:00:00 +0000

Say cheese to ransomware on your camera! A sponsored speech at Black Hat causes uproar, and should you trust that Lightning cable you're about to plug into your MacBook?

Visit https://www.smashingsecurity.com/141 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Dave Bittner.

Sponsored By:

Support Smashing Security

Links:

Say Cheese: Ransomware-ing a DSLR Camera — Check Point Research.
Ransomware on a DSLR Camera — YouTube.
Security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions — Canon.
Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference — Motherboard.
Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' — PC Magazine.
Crown Sterling Presents: TIME AI — YouTube.
Crown Sterling Issues Statement Regarding Recent Allegations Made at Black Hat 2019 — Business Wire.
These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer — Motherboard.
O.MG cable.
Remain Seated Please - The Hoot and Chief Story (Epcot Horizons) — YouTube.
The true story of the unauthorized, daredevil documentation of the Horizons ride at Disney World — Dangerous Minds.
Bathtubs over Broadway — Netflix.
Bathtubs over Broadway - Official Trailer — YouTube.
The Amelia Project podcast.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Love, PINs, and 8chan

Wed, 07 Aug 2019 22:00:00 +0000

Is the PIN you use for your bank card secure? How did one woman get duped into giving a romance scammer $200,000? And Cloudflare and other online services take aim at a vile corner of the internet...

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/140 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Most Common iPhone Passcodes — Daniel Amitay.
We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly — Monzo.
500,000 Monzo banking customers told to change their PINs — Graham Cluley.
Terminating Service for 8Chan — Cloudflare.
8chan struggling to stay online after its alleged use by El Paso shooting suspect — CNN.
Online dating apps and websites the most common way to meet — 9to5Mac.
Woman says a man she met on Tinder swindled her out of $200K: 'He didn't just dump you, he never existed' — ABC News.
Cyber Actors Use Online Dating Sites To Conduct Confidence/Romance Fraud And Recruit Money Mules — Internet Crime Complaint Center (IC3).
The Boys trailer — YouTube.
The Boys — Amazon Prime.
Camelcamelcamel.
“Conviction,” Reviewed: A Bronx P.I. Pursues Justice, and Glory — The New Yorker.
Conviction podcast — Gimlet.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Capital One hacked, iMessage flaws, and anonymity my ass!

Wed, 31 Jul 2019 22:00:00 +0000

Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and are introduced to... Penelope?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole 'Penelope' Theriault, joined this week by technology broadcaster David McClelland.

Visit https://www.smashingsecurity.com/139 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: David McClelland.

Sponsored By:

Support Smashing Security

Links:

Woman arrested after Capital One hack spills personal info on 106 million — Tripwire.
South Seattle woman arrested, charged in massive data breach of Capital One — The Seattle Times.
Love Bug suspect speaks — BBC News speaks to the author of the Michael-B Word macro virus.
United States vs Paige A Thompson (PDF)
Ranji Sinha on Twitter: "Managed to get video of the raid in Seattle that lead to the arrest of Paige Thompson" — Twitter.
Capital One Hit With First Class Action Over Security Breach — Bloomberg.
Google reveals fistful of flaws in Apple's iMessage app — BBC News.
Google researchers disclose vulnerabilities for 'interactionless' iOS attacks — ZDNet.
Earn up to $200,000 as Apple *finally* launches a bug bounty — Graham Cluley.
Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone — Black Hat USA 2019
Your Data Were ‘Anonymized’? These Scientists Can Still Identify You — New York Times.
Estimating the success of re-identifications in incomplete datasets using generative models — Nature.
Hackers breach FSB contractor, expose Tor deanonymization project and more — ZDNet.
The Legend of Zelda: Breath of the Wild — Wikipedia.
The Making of The Legend of Zelda: Breath of the Wild – The Beginning — YouTube.
Steve Jobs book by Walter Isaacson — Simon & Schuster
The Innovators by Walter Isaacson — Simon & Schuster
What knowledge might save your life one day? — Reddit.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Logic bombs, brain data exploitation, and Digga D tweets

Wed, 24 Jul 2019 22:00:00 +0000

Logic bombs in Excel spreadsheets, how should we protect our brain data from big companies, and how did bizarre messages about Drill rap end up on the Metropolitan Police's Twitter account and website?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BJ Mendelson.

Visit https://www.smashingsecurity.com/138 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: B J Mendelson.

Sponsored By:

Support Smashing Security

Links:

Tinley Consulting's website.
The meaning and origin of 'Come a cropper'.
Siemens contractor pleads guilty to planting logic bomb in company spreadsheets — ZDNet.
Brain data regulation — Practical Ethics, University of Oxford.
Monkey uses brain to control prothetic arm — YouTube.
Neuralink and the Brain's Magical Future — Wait But Why.
Kernel is trying to hack the human brain - but neuroscience has a long way to go — The Verge.
No, the Met Police wasn't hacked. But its Twitter account and website were hijacked — Graham Cluley.
The war against rap: censoring drill may seem radical but it's not new — The Guardian.
Katie Hopkins got her Twitter hacked - you had best continue ignoring her — Graham Cluley.
Sorry for the Nazi spam from my Twitter account — Graham Cluley.
Animated Knots by Grog.
Expel your shallow human form and offer it up to new Garfield! — /r/imsorryjon on Reddit.
Garfield minus Garfield.
French inventor to attempt to cross Channel on jet-powered flyboard — The Guardian.
Spider-Man vs Green Goblin — YouTube.
'Like a damp towel on a line': the day Boris Johnson got stuck on a zip wire — The Guardian.
B.J. Mendelson on Patreon.
Smashing Security on Patreon.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Porn trolling lawyers, Insta hacking, and Ctrl-Alt-LED

Wed, 17 Jul 2019 22:00:00 +0000

Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after a researcher finds a simple way to hack into anybody's account.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Visit https://www.smashingsecurity.com/137 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

CTRL-ALT-LED: Leaking Data from Air-Gapped Computers Via Keyboard LEDs — IEEE.
Academics steal data from air-gapped systems via a keyboard's LEDs — ZDNet.
How I Could Have Hacked Any Instagram Account — The Zero Hack.
How any Instagram account could be hacked in less than 10 minutes — Hot for Security.
Takeru Kobayashi - hotdog-eating world record holder — Wikipedia.
Smashing Security 092: Hacky sack hack hack.
Porn pirating lawyer jailed for five years — BBC News.
Stiff penalty: Prenda Law copyright troll gets 14 years of hard time for blue view 'n sue scam — The Register.
Prenda Law boss John Steele to miss 2020 Olympics... unless they show it in prison — The Register.
InspiroBot.
What football will look like in the future — (Maria says don't try to read it on your smartphone)
The Life Of A Rock.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Oops, we created Iran's hacking exploit

Wed, 10 Jul 2019 22:00:00 +0000

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

Visit https://www.smashingsecurity.com/136 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Charl van der Walt.

Sponsored By:

Support Smashing Security

Links:

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
Zoom Mac flaw allows webcams to be hijacked - because they wanted to save you a click — Graham Cluley.
USCYBERCOM Malware Alert on Twitter.
CISA Statement on Iranian Cybersecurity Threats — Department of Homeland Security.
Patch for Microsoft Outlook security vulnerability.
U.S. Military Warns Outlook Users To Update Immediately Over Hack Linked To Iran — Forbes.
U.S. Cyber Command Shares Malware via VirusTotal — SecurityWeek.
Steve Buscemi Swapped On Jennifer Lawrence — YouTube.
Fake voices 'help cyber-crooks steal cash' — BBC News.
New AI deepfake app creates nude images of women in seconds — The Verge.
Horrifying DeepNude App Undresses a Photo of Any Woman With a Single Click — Motherboard.
Learn how to spot deepfake videos — Slate.
507 Mechanical Movements.
‘Born a Crime,’ Trevor Noah’s Raw Account of Life Under Apartheid — The New York Times.
The global tree restoration potential — Science.
How to erase 100 years of carbon emissions? Plant trees—lots of them — National Geographic.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Support us on Patreon!

Privacy & Opt-Out: https://redcircle.com/privacy

Zombie grannies and unintended leaks

Wed, 03 Jul 2019 22:00:00 +0000

We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.

Visit https://www.smashingsecurity.com/135 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Oli Skertchly.

Sponsored By:

Support Smashing Security

Links:

This scary game app is coming for your credentials — Wandera.
App vetting: How do you measure the risk level of risky apps? — Wandera.
The not so ultra lock — Pen Test Partners.
Cat playing the flute — Twitter.
Proposing a 'Declaration of Digital Independence' — Wired.
Declaration of Digital Independence — Larry Sanger.
@[email protected] — Follow Graham on Mastodon.
The Fediverse — Wikipedia.
Apollo 11 in Real-time.
Dark — Netflix.
Amazon reviews of the Chillow cooling pillow.
The Best Cooling Pillows for Night Sweats — Health.com.
Oli Skertchly on Instagram.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Sextortion, silicone face masks, and a DDoS doofus

Wed, 26 Jun 2019 22:00:00 +0000

Scammers steal millions by impersonating a French politician, we offer fashion tips for DDoS attackers, and hear how a small town fought a sextortionist preying on young women.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Visit https://www.smashingsecurity.com/134 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Jessica Barker.

Sponsored By:

Support Smashing Security

Links:

Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail — ZDNet.
18 maanden cel voor hacker die website Crelan en pizzeria plat legde — HLN.
The fake French minister in a silicone mask who stole millions — BBC News.
He Cyberstalked Teen Girls for Years—Then They Fought Back — Wired.
Childline — A counselling service for children and young people in the UK.
Cyberbullying information — FTC.
Information and resources to curb the growing problem of cyberbullying — National Crime Prevention Council.
The Coddling of the American Mind.
Depression, anxiety, suicide increase in teens and young adults, study finds — CBS News.
Dreyer's English by Benjamin Dreyer — Penguin Random House.
Stay Tuned: The Laws of Language (with Ben Dreyer).
The Defiant Ones (trailer) — YouTube.
The Defiant Ones — HBO.
myNoise.net
NCSC CyberThreat 2019 (London, GB).
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

Cookie cock-ups, Hong Kong protests, and smart TV virus scans

Wed, 19 Jun 2019 22:00:00 +0000

We head to Hong Kong to look at how technology has helped anti-government protesters (and how China has tried to disrupt it), Samsung is skittish over whether to tell TV owners to virus-scan their devices, and you won't believe whose website is not GDPR-compliant.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson.

Visit https://www.smashingsecurity.com/133 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language. "Chickens!"

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: James Thomson.

Sponsored By:

Support Smashing Security

Links:

Information about Cookies — ICO.
All About Do Not Track.
Apple is removing the Do Not Track toggle from Safari, but for a good reason — Macworld.
Google Chrome privacy extension hasn't been updated for years — Graham Cluley.
Tweet by Adam Rose — Twitter.
Cookie Control plugin — Civic.
China social media: WeChat and the Surveillance State — Stephen McDonell, BBC News.
DDoS attack that knocked Telegram secure messaging service offline — Tripwire.
Inside China's 'thought transformation' camps — BBC News.
Scan your TV to prevent malware — Samsung.
Samsung Deletes Frightening Tweet Warning That Its Smart TVs Can Get Viruses — Gizmodo.
Samsung: Here's how we're securing your smart TV — ZDNet.
Is the CIA's Weeping Angel spying on TV viewers? — Graham Cluley.
Samsung's Android Replacement Is a Hacker's Dream — Motherboard.
All of the Mueller report’s major findings in less than 30 minutes — PBS NewsHour, YouTube.
СтопХам - Урок географии — YouTube.
Where Mimes Patrolled the Streets and the Mayor Was Superman — New York Times.
Documentaries - watch free online documentaries — IHaveNoTV.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy

CBP cyber attack, an iPhone privacy boost, and Twitter list abuse

Wed, 12 Jun 2019 22:00:00 +0000

United States Customs and Border Protection had sensitive data stolen, but the hackers didn't have to breach its network. Apple has ambitious plans to make iPhone users safer online. And trolls are using Twitter lists to target their victims.

All this and much much more is discussed in the latest edition of the MULTI-AWARD-WINNING "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.

Visit https://www.smashingsecurity.com/132 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Maria Varmazis.

Sponsored By:

Support Smashing Security

Links:

Smashing Security named the Best Security Podcast — Graham Cluley.
U.S. Customs and Border Protection says photos of travelers into and out of the country were recently taken in a data breach — Washington Post.
Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online — The Register.
US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped — The Register.
Tweet from Sam Soffes.
Apple previews iOS 13 — Apple.
Sign In with Apple human user interface guidelines — Apple.
How trolls use Twitter lists to target and harass other users — CNBC.
Trolls get tricky on Twitter with targeted harassment lists — Kim Komando.
10 hours worth of the original Firestorm TV series (Japanese, with English subtitles) — YouTube.
Gerry Anderson’s Firestorm Exclusive FULL Minisode — YouTube.
Gerry Anderson's Firestorm — A brand new science fiction series from the creator of Thunderbirds (or, more precisely, his son).
AITA — Reddit.
Ecosia - the search engine that plants trees.
Ecosia privacy policy and the data it collects.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Privacy & Opt-Out: https://redcircle.com/privacy