006: A romantic ransomware hotel break

What are prisoners getting up to with mobile phones? Why might ransomware no longer be generating as much revenue for cybercriminals? And how on earth did an airline leave the US government's "No Fly" list accessible for anyone in the world to download?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Warning: This podcast may contain nuts, adult themes, and rude language.Sponsored by:Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager. ManageEngine PAM360 – A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.Episode links:The Complete Idiot's Guide to Writing Erotic Romance - Amazon.The Many Ingenious Ways People in Prison Use (Forbidden) Cell Phone - The Marshall Project.How Did They Run an Elaborate “Sextortion” Scam From Prison? Cellphones - The Marshall Project.Alarm Over Death Row Cell Phone Threats - CBS News.How to completely own an airline in 3 easy steps - Maia arson crimew.U.S. airline accidentally exposes ‘No Fly List’ on unsecured server - Daily Dot.Cyber-crime gangs' earnings slide as victims refuse to pay - BBC. Ransomware Revenue Down As More Victims Refuse to Pay - ChainAnalysis.Leaked Ransomware Docs Show Conti Helping Putin From the Shadows - Wired. Luxe Listings Sydney trailer - YouTube.Luxe Listing Sydney - Wikipedia.Matt Shearer WBZ - Twitter.Hot Skull - Netflix. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Support the show:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!Follow us:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

25 Tammi 202350min

Carole is in her sick bed, which leaves Graham in charge of the good ship "Smashing Security" as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information.Find out more in this latest edition of the "Smashing Security" podcast, hosted by Graham Cluley with special guest BJ Mendelson.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Operation Protect the Innocent - LA Police Department.A Police App Exposed Secret Details About Raids and Suspects - Wired.ODIN Intelligence website is defaced as hackers claim breach - TechCrunch.Norton LifeLock says thousands of customer accounts breached - TechCrunch.Ugh! Norton LifeLock password manager accounts accessed by hackers - Graham Cluley.Reports: Twitter’s sudden third-party client lockouts were intentional - Ars Technica.Spring app - Twitter.Spring app - Mac App Store.Mona app - Mastodon.Tulsa King trailer - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.ManageEngine PAM360 – A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.DigiCert - DigiCert's Trust Lifecycle Manager sets a new bar for unified management of digital trust. Support the show:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!Follow us:Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

18 Tammi 202339min

Someone called OxShagger thinks he has come up with the perfect Valentine's surprise for Oxford students, but is the way he has gone about "bookworms with benefits" really a good idea? Robot security guards are trundling the streets of - you guessed it - America. And a writer of paranormal bully romances (no, we don't know what that means either) returns from the grave...All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Andrew Agnês.Warning: This podcast may contain nuts, adult themes, and rude language.Sponsored by:Bitwarden - Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager. ManageEngine PAM360 - A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure. From managing and governing access to all your enterprise resources to automating the access management life cycle in your organization, PAM360 does it all.NordLayer - NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.Episode links:Dating site for horny Oxford students slammed for privacy violations - Cherwell.OxShag will not be running this term as creator says they ‘made some poor choices’ - The Oxford Tab.Dysfunctional: OxShag to shut down amid controversy - Cherwell.Oxford University dating website for staff and students shut down after ‘huge data breach’ - The Times.CES 2023 Robots: Humanoid Helpers, Coding Pups and Farming Planters - CNet.One of America's most hated companies hired a security robot. It didn't go well - ZDNet.Robot security downtown getting lots of attention, KHON2 News - YouTube.4 New Contracts for 8 Machines to Kick Off New Year at Knightscope - Knightscope.Why was Susan Meachen bullied in 2020? - Reddit.Fan outrage at Susan Meachen, the romance novelist accused of faking her death - BBC. The Book Community Thought This Author Died. Now, It Seems Her Suicide Was a Hoax - Rolling Stone. Vampire Survivors - Steam.Vampire Survivors trailer - YouTube.Vampire Survivors, a cheap, minimalistic indie game, is my game of the year - Ars Technica.Rewind.Rewind support article on the importance of consent - Rewind.Air Lounger - Orsen.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

11 Tammi 202350min

Beware your Roomba's roving eye, the Finns warn of AI threats around the corner, and watch out when hailing a taxi cab in Dublin...All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook? - MIT Technology Review.Building Smart Robots Requires Responsible Development - Roomba CEO Colin Angle on LinkedIn.OpenAI predicts biz can break a billion in revs by 2024 - The Register.The security threat of AI-enabled cyberattacks (PDF) - The Finnish Transport and Communications Agency, Traficom.Ireland Christmas weather ‘roller-coaster’ amid new ‘Beast from the East’ threat - Irish Mirror.Christmas revellers warned about sophisticated taxi scam as €300,000 is stolen from victims - MSN. Taxi cab scam has cleaned out €300,000 from bank accounts of victims - Irish Independent. “La Cabina” - YouTube.“Last and First Men” by Olaf Stapledon - Wikipedia.”The other side of night” by Adam Hamdy - Pan MacMillan Press. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

21 Joulu 202248min

Drug dealers come unstuck while using the Encrochat encrypted-messaging app, and we put the Lensa AI avatar-generation tool under the microscope.All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.Plus - don't miss our featured interview with Rico Acosta, IT manager at Bitwarden.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Smashing Security 229: Dating leaks, right to repair, and a stinky bishop - Smashing Security.Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall - The Register.Operation Venetic: Pet dog and accidental selfies help convict international drugs traffickers - NCA.What does the Lensa AI app do with my self-portraits and why has it gone viral? - The Guardian. Lensa, the AI portrait app, has soared in popularity. But many artists question the ethics of AI art - NBC News.I Uploaded Photos of Myself to the New Lensa A.I. Portrait Generator. The Results Were Stunning, Strange… and Super Creepy - Artnet.People keep sharing their AI-generated portraits: What to know about Lensa, and why some push back on it - USA Today.How Is Everyone Making Those A.I. Selfies? - New York Times. Lensa AI: Security concerns regarding app behind colourful selfies on social media - The National News. ‘Magic Avatar’ App Lensa Generated Nudes From My Childhood Photos - Wired. Celebrities Are Obsessed With This Amazing New AI Portrait App - Hello Giggles. This AI Self-Portrait App is Taking Over the Internet - Medium.Wednesday Shows Off Her Moves - YouTube.‘Wednesday’ faces backlash over Jenna Ortega’s COVID dance scene - NME.Channel Television Disco Dancin' Final - YouTube.Sticky Pickles.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

14 Joulu 202254min

An AI chatbot is causing a stir - both impressing and terrifying users in equal measure. A security researcher discovers that a "smart" cam that doesn't use the internet is err.. using the internet. And university students revolt over under-the-belt surveillance. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:While anticipation builds for GPT-4, OpenAI quietly releases GPT-3.5 - TechCrunch.OpenAI upgrades GPT-3, stunning with rhyming poetry and lyrics - Ars Technica.GPT-3.5 finds a security vulnerability - Twitter.Mind-Blowing examples of OpenAI ChatGPT for Security, Infosec & Hacking - YouTube.OpenAI's new ChatGPT bot: 10 dangerous things it's capable of - Bleeping Computer.What GPT-3.5 really thinks about us humans - Twitter.We asked GPT-3.5 to write a story about the “Smashing Security” hosts - Twitter.GPT-Chat - OpenAI.Researcher Paul Moore questions Eufy about its privacy - Twitter.Eufy’s “local storage” cameras can be streamed from anywhere, unencrypted - Ars Technica.Eufy privacy statement - Eufy.‘NO’: Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them - Vice. Max Von Himmel Twitter Feed - Twitter. It’s Not Science, Just Surveillance (and it's Under Your Desk) - TWC newsletter. Northeastern University - Northeastern University homepage. Space Management Platform - Spaceti homepage. Twitter is going great!Pennyworth - IMDB.BBC Maestro.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

7 Joulu 202256min

Why deleting your Twitter account may be a very bad idea, how the police unravelled the iSpoof fraud gang, and a trip into outer space (or at least interplanetary file systems).All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original show co-host Vanja Švajcer.What an amazing 6 years of bickering it has been… thanks to all of you who have tuned in, appeared on the show, or supported us! 🙏Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Smashing Security #001: “One cup, two hotel guests” - YouTube.Whoopi Goldberg Quitting Twitter: “As Of Tonight I’m Done” - Deadline.Stephen Fry Joins Celebrity Twitter Exodus, Says “Goodbye” With Scrabble Message - Deadline.Twitter Users Warned Not To Delete Their Accounts - Here’s Why - ForbesHow to deactivate your account - Twitter.InterPlanetary File System - Wikipedia.Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns - Cisco Talos.Decentralized IPFS networks forming the 'hotbed of phishing' - The Register.UK police arrest 120 in largest-ever cyber fraud crackdown - Computer Weekly. Grote spoofingdienst uit de lucht gehaald door internationale samenwerking - Politie.nl.Received a text from the Metropolitan Police about iSpoof? - Cel solicitors.iSpoof' service dismantled, main operator and 145 users arrested - Bleeping Computer.iSpoof: What is iSpoof and how did police take down scam call site linked to 200,000 victims? - The Scotman.Listen to the message the Met Police left on the iSpoof gang’s Telegram channel - Twitter.Scrotum Concealment - Spy Museum.The CIA's Fake Scrotum That Hid a Radio - YouTube.Blitzed! (2020) - IMDB.Watch Blitzed: The 80s Blitz Kids Story - NOW TV.Bob Dylan on the Songs That Captivate and Define Us - New York Times. Bob Dylan Gets Tangled Up in Book Autograph Controversy- New York Times. Bob Dylan apologises for machine-printed 'signatures' - BBC News.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

30 Marras 20221h 4min

Deepfake shenanigans strike users of troubled crypto firm FTX, the perils of charging your electric vehicle, and is Microsoft's takeover of Activision good news for video game fanatics.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes of AMTSO.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Larry David promotes FTX in Superbowl ad - YouTube.Crypto giant FTX collapses into bankruptcy - BBC News.FTX's new CEO: "Never in my career have I seen such a complete failure" - CBS News.Tom Brady, Giselle Bündchen, Larry David & Steph Curry Caught In FTX Crypto Fallout With Class Action Suit - Deadline.Bankman-Fried's FTX, senior staff, parents bought Bahamas property worth $300 milion - Reuters.Tweet showing Sam Bankman-Fried deepfake scam - Twitter.FTX Founder Deepfake Offers Refund to Victims in Verified Twitter Account Scam - Vice.Crypto.com CEO admits company accidentally sent 320,000 ETH ($416 million) to another crypto exchange a few weeks prior - Web3 is going great.Sandia studies vulnerabilities of electric vehicle charging infrastructure - Sandia Labs.Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defenses - MDPI.Shocker: EV charging infrastructure is seriously insecure - The Register.Microsoft to acquire Activision Blizzard to bring the joy and community of gaming to everyone, across every device - Microsoft.Gaming for everyone, everywhere: our view on the Activision Blizzard acquisition - Microsoft.Video gaming market leaders - Statistics & Facts - Statista.Microsoft says UK influenced by Sony in probing Activision Blizzard deal - Reuters.Can Big Tech Get Bigger? Microsoft Presses Governments to Say Yes -New York Times.Microsoft Reveals Sony’s Activision Deal Is Blocking ‘Call Of Duty’ From Game Pass - Forbes.EU to launch advanced Microsoft-Activision probe - Politico.Microsoft / Activision Blizzard merger inquiry - Gov.uk.Microsoft Buying Activision Blizzard Might Be Good For Gamers, But Bad for Developers - Time.A Day in London 1930s in colour - YouTube.Ancient Apocalypse - Netflix.Ancient Apocalypse is the most dangerous show on Netflix - The Guardian.How to Draw Large Pictures with Da Vinci Eye -Youtube.Da Vinci Eye: AR Art Projector - Apple app store. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Pentera – Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way. Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.

23 Marras 202257min