006: A romantic ransomware hotel break

Workers wonder if their colleagues are actually AI, and we take a deeper look into the curious scams going on via Booking.com.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Art Musings - Gratuitous plug for Carole’s new podcast with Sally Anne-Stewart.Smashing Security #344: What’s cooking at Booking.com? And a podcast built by AI - Smashing Security.Fraudsters target Booking.com customers claiming hotel stay could be cancelled - Graham Cluley.Scammers try to trick Graham again via Booking.com - Twitter.'Thieves used fake Booking.com emails to steal £1,000 from me before my wedding' - The Mirror. Includes gratuitous mention of Graham’s hunt for aubergines.Unmasking a Sophisticated Phishing Campaign That Targets Hotel Guests - Akamai.Did AI Write Product Reviews? Gannett Says No - The New York Times.Is my co-worker AI? Bizarre product reviews leave Gannett staff wondering - The Verge.How to spot a fake review - Which?Lonely Water - Public information film from 1973.Scarred for Life Volume 1: The 1970s - Lulu.Scarred for Life Volume 2: Television in the 1980s - Lulu.Scarred for Life Twitter account.Say More with Dr? Sheila - Apple Podcasts.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Panoptica - Panoptica is a cloud native application security solution connecting developer and security teams to their organization’s biggest cloud threats from code to production.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

1 Marras 202341min

Ahoy! There's trouble in the South China Seas as Filipino organisations fail to secure their systems, we take a close look at Google IP protection, and we take a look at just how so much genetic profile data leaked out of 23andMe.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Philippines’ cybersecurity failures exposed as hackers leak state secrets, people’s data - South China Morning Post.IT admins are just as culpable for weak password use - Outpost24.Google Chrome wants to hide your IP address - MalwareBytes.The 23andMe data breach reveals the vulnerabilities of our interconnected data - The Conversation.23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews - Wired.Worried about the 23andMe hack? Here's what you can do - Washington Post.Paris Police 1905 - BBC iPlayer.British Hen Welfare Trust.Art Musings - Art Musings podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

25 Loka 202354min

How hunting for an aubergine could be all it takes for you to hand your credit card details over to a scammer, and just how good is a podcast entirely built by AI?All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Support Alie Hothersall’s fundraising for Mind - JustGiving.Fraudsters target Booking.com customers claiming hotel stay could be cancelled - Graham Cluley.Security.txt - A proposed standard which allows websites to define security policies.Develop AI launches a completely synthetic podcast - Develop AI. Develop AI podcast.Is It Legal To Pay - The err.. https version of a map of which countries allow you to pay ransom demands.Licorice Pizza - BBC iPlayer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Devo – Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get 10% off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

18 Loka 202344min

Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Former Soldier Indicted for Attempting to Pass National Defense Information to People’s Republic of China - US Department of Justice.‘Dream’ AI Girlfriend Randomly Turns Into Nude Jennifer Lopez, Has Four Legs - 404 Media.LoveGPT: How “single ladies” looking for your data upped their game with ChatGPT - Avast Threat Labs.5 Signs Your Tinder Match Is a Scam Bot - LifeWire.Support Alie Hothersall’s fundraising for Mind - JustGiving.“The Last Action Heroes” by Nick de Semlyen - Pan Macmillan.Life Kit - NPR.Tom Hanks has made a complaint - Twitter.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Devo – Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!Moonlock — cybersecurity wing of MacPaw. Developers of the antimalware tech in CleanMyMac X — Moonlock Engine.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

11 Loka 202348min

Is a deepfake Tom Hanks better than the real thing? Who has been attacking the British Royal Family's website, and why? And how can you protect your vehicle from the spate of keyless car thefts?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Plus don't miss our featured interview with Devo CISO Kayla Williams.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:The disturbing uncanny valley of Robert Zemeckis film 'Polar Express' - Far Out magazine.Tom Hanks warns of deepfake video promoting dental plan - Instagram.Fuming Tom Hanks says he had nothing to do with that AI dental ad clone of him - The Register.Tom Hanks warns dental plan ad image is AI fake - BBC News.Robin Williams’ Daughter Zelda Criticizes Use of AI to Re-create His Voice: “I Find It Personally Disturbing” - Hollywood Reporter.Bruce Willis denies selling rights to his face - BBC News.Deepfake Bruce Willis in Russian telecoms advert - YouTube.Could you get "carhacked"? The growing risk of keyless vehicle thefts and how to protect yourself - CBS News.Keyless car theft: What is a relay attack, how can you prevent it, and will your car insurance cover it? - Leasing.com.Testing Phone-Sized Faraday Bags - Matt Blaze.Famous DDoS attacks - Cloudflare.The sinister Russian hackers who've claimed responsibility for crashing Buckingham Palace website - Daily Mail.King Charles rebukes Russia's 'horrifying' invasion of Ukraine in unprecedented speech - Express.Visually, how much paper would a GB and a TB of data fill in terms of physical size? - Quora.“The shop around the corner” - Wikipedia.Evan Designs.“Eight Detectives” by Alex Pavesi - Penguin Books.Review of “Eight Detectives” - The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Hunters – A SOC platform, built to empower your security team to reduce risk, complexity and costs.Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Devo - Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

4 Loka 20231h 8min

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:T-Mobile customer reports privacy breach - Twitter.T-Mobile US exposes some customer data – but don't call it a breach - The Register.T-Mobile denies new data breach rumors, points to authorized retailer - Bleeping Computer.Connectivity Source - Despite appearances, don’t confuse it with T-Mobile.ThemeBleed exploit is another reason to patch Windows quickly - MalwareBytes.If I Embarrass My Baby on TikTok, Will He Stay My Baby Forever? - New York Times.They Gossiped At Brunch. Now There's a Mob After Them - Rolling Stone.The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech - 404 Media.Egg crack challenge,the last baby is so cute - YouTube.Trailer for “The Deepest Breath” - YouTube.“The Deepest Breath” - Netflix.Nitpick: Meaningless communications.Naked Security.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

27 Syys 202358min

Do you know what data your car is collecting about you? Do you think it's right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email to Graham about his sex video?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Andrew Agnês.Plus don't miss our featured interview with Gigamon's Mark Jow.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Yikes! My sex video has been uploaded to YouPorn, apparently - Graham Cluley.1 million YouPorn users exposed; data breach required no security penetration - Computer World article from 2012.The YouPorn Sextortion Email Spam Campaign Explained - MalwareTips.BMW deems drivers worthy of warmth, ends heated car seat subscription - The Register.Hackers crack Tesla software to get free features - The Independent.It's Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy - Mozilla Foundation.Car Companies: Stop Your Huge Data Collection Programs - Mozilla Foundation.Programming language inventor or serial killer? - Vole.wtf.Rask - AI video localisation.Verbalate - Video translation and lip sync software.The Following Events Are Based on a Pack of Lies review - The Guardian.The Following Events Are Based on a Pack of Lies - BBC iPlayer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

20 Syys 20231h 3min

Deepfakes are being used for good (perhaps), common usernames could pose a security threat, and someone has paid a $500,000 fee... just to send $1,865.Oh, and our guest mentions Mr Blobby (to the horror of the show's hosts...)All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Tweet by Jameson Lopp.Bitcoin user’s costly error leads to record transaction fee of $510,000 - Cryptoslate.Root Admin User: When Do Common Usernames Pose a Threat? - GovInfoSecurity.Dave’s conversation with Crosstalk’s Chris Sherwood - Hacking Humans podcast.Passkey authentication - Wikipedia.Passkeys: Accelerating the Availability of Simpler, Stronger Passwordless Sign-Ins - FIDO Alliance.Test your mental image ability - Aphantasia.How to create your own personal deepfake - Axios.Deepfakes are being used for good – here’s how - Connecting Research - University of Reading.Six things you need to know about deepfakes - BBC Radio 4.Mitigating Aphantasia with Generative Reality - Medium.Ethical Deepfake Maker - Synthesia.HeyGen deepfakes - HeyGen.Deepfakes are being used for good – here's how - The Conversation.Search engines required to stamp out AI-generated images of child abuse under Australia’s new code - The Guardian.Induction Hob with Rotary Controls - Cookology.Top 10 WTF Mr Blobby Moments - YouTube.Lessons in Chemistry by Bonnie Garmus review – the right comic formula - The Guardian."Lessons in Chemistry” - Book by Bonnie Garmus.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!Moonlock — cybersecurity wing of MacPaw. Developers of the antimalware tech in CleanMyMac X — Moonlock Engine.Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

13 Syys 202351min