Smashing Security

Should possessing malware be illegal in itself? How did a Russian cryptocurrency exchange millionaire lose his fortune? And what on earth are Amazon Ring doorbell cams up to now?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.And don't miss our special featured interview with Adrian Sanabria, all about Thinkst Canary.Visit https://www.smashingsecurity.com/163 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Adrian Sanabria and Lisa Forte.Sponsored By:Thinkst: Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Go to canary.tools to find out why its Physical, VM and Cloud Based Canaries are deployed and loved on all 7 continents...Listeners who mail in referencing Smashing Security get a 10% discount on their order!LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Senate Bill 30 (PDF)Maryland: Make malware possession a crime! Yes, yes, researchers get a free pass — The Register.The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up — Techdirt.Smashing Security 151: Frankly, sometimes paying the ransom is a good idea.Maryland Computer Crimes Laws — FindLaw.Maryland Cookies TV advert — YouTube.Hunting the missing millions from collapsed cryptocurrency — BBC News.Inside the hellish workday of an Amazon warehouse employee — New York Post.Ring Doorbell App Packed with Third-Party Trackers — Electronic Frontier Foundation.Nicholas Parsons: 'Broadcasting legend' dies at 96 after short illness — BBC News.Just a Minute — Wikipedia.Nicholas Parsons interviewed by Richard Herring — YouTube.Her Story - A Video Game About a Woman Talking to the Police.Her Story trailer — YouTube.Her Story follow-up takes place on a stolen NSA hard drive — Polygon.Bezos learns the harsh lesson of texting a crown prince fond of crucifixions — Marina Hyde, writing in The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

29 Jan 202058min

A hospital gets hacked because of an ex-employee's grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks.Visit https://www.smashingsecurity.com/162 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Michael Hucks.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.DomainTools: DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card.Support Smashing SecurityLinks:YOU Season 2 Trailer — YouTube.Hospital administrator sacked for using NHS computer to download over 10,000 records is spared jail — Daily Mail.Robocalls: Americans got 58.5 billion in 2019, up 22% from last year — USA Today.Microsoft and Google just can't agree on proposed ban on facial recognition — ZDNet.Clearview - Technology to help solve the hardest crimes.The Secretive Company That Might End Privacy as We Know It — New York Times.Clearview FAQ (PDF).Episode review: Columbo Double Shock — Graham got it wrong. It was Martin Landau, not Leonard Nimoy, who played the twins. And they weren't surgeons (but Nimoy did play an evil surgeon in a different Columbo episode that season)Eunoia: Words that Don't Translate.Dog wagging her tail every time she sees her owner — YouTube.She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement — Amazon.com.Harvey Weinstein Paid Off Sexual Harassment Accusers for Decades — New York Times.‘She Said’ Recounts How Two Times Reporters Broke the Harvey Weinstein Story — New York Times.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

22 Jan 202052min

The man who hacked the UK National Lottery didn't end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.Visit https://www.smashingsecurity.com/161 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Thom Langford.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Cyber criminal jailed over National Lottery hack — National Crime Agency.Man who hacked National Lottery for just £5 is jailed for nine months — Hot for Security.Booking data stolen from Japanese short-time love hotel booking service HappyHotel — SiliconANGLE.23andMe Licenses Drug Compound to Spanish Drugmaker Almirall — Bloomberg.Big Data and the End of Painful, Invasive Medical Procedures — Wired.How 23andMe Won Back the Right to Foretell Your Diseases — Wired.Privacy policy — 23andMe.Turbo Boost Switcher for macOS.Embarrassed patients can now send photos of genitals to doc for STI checks — The Sun.Messiah trailer — YouTube.Messiah — Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

15 Jan 202042min

We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you're comfortable with, and how teens are flocking to TikTok (and why that might be a problem).All this and much much more is covered in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Visit https://www.smashingsecurity.com/160 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Maria Varmazis.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Senior Manager Of Global Internet Company Pleads Guilty To Wire Fraud — Department of Justice.IT exec sets up fake biz, uses it to bill his bosses $6m for phantom gear, gets caught by Microsoft Word metadata — The Register.We Tested Ring’s Security. It’s Awful — Motherboard.Amazon Ring isn’t even good at pretending to care about your privacy and safety — Fight for the FutureAmazon’s Ring to let customers opt out of receiving police video requests — GeekWire.Letter to Amazon's Jeff Bezos from Senator Ron Wyden and others (PDF).House panel asks Apple, Google if app makers must reveal foreign ties — Engadget.U.S. Military Bans TikTok Over Ties to China — Wall Street Journal.The Growing Popularity of Chinese Social Media Outside China Poses New Risks in the West — PIIE.TikTok Privacy Policy.Statement on TikTok's content moderation and data security practices — TikTok.Revealed: how TikTok censors videos that do not please Beijing — The Guardian.Parents warned to check kids' phones for 15 popular apps used by paedos and bullies to target youngsters — The Sun.Dracula — BBC iPlayer.Dracula — Netflix.Obsessed With... - Dracula - Episode 1: The Rules of the Beast feat. Mark Gatiss and Steven Moffat — BBC Sounds.Dracula TV series — Wikipedia.The Witcher — Netflix.The Witcher Soundtrack - Toss A Coin To Your Witcher Lyrics — YouTube.Ricky Gervais 2020 Golden Globe Monologue — Reddit.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

8 Jan 202053min

A rapping bank worker is accused of stealing from the vault, the devices that can hide your car's true mileage, and why it may be a case of "No No No" rather than "Ho Ho Ho" when it comes to IoT toys this Christmas.And as Carole sups the mulled wine, Graham has problems with his internet connection...All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.Visit https://www.smashingsecurity.com/159 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Dave Bittner.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:‘No Chance:’ John McAfee Halts Crypto Promo as US 2020 Elections Near — Coin Telegraph.FBI Arrests Former Bank Employee Charged With Stealing Cash From Bank Vault — US Department of Justice."Problem" video — Aceey4oez on Instagram.Man posted photos of himself with stacks of cash after stealing from bank: charges — Sydney Morning Herald.The 1980 Cadillac Seville.Naughty CANbus odometer "interface". (Fakes mileage.) — Bigclivedotcom on YouTube.Children’s data and privacy online Growing up in a digital age (PDF) — London School of Economics.Amazon Echo Dot Kids: Privacy violations puts kids at risk, lawsuit alleges — CBS News.Parents should be wary of all connected toys, expert says — IT Pro.Safety alert: see how easy it is for almost anyone to hack your child’s connected toys — Which?Kids’ karaoke machines and smart toys from Mattel and Vtech among those found to have security flaws — Which?FTC fines Google $170 million for violating children's privacy on YouTube — CBS News.The movies that made us — Netflix.Die Hard — Wikipedia.Strong Songs podcast.Truth Be Told Official Trailer — YouTube.Truth Be Told doesn’t know how to make a murderer — The Verge.Truth Be Told — Apple TV+Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

18 Des 201955min

We're joined by special guest Jamie Bartlett, of the chart-topping "The Missing Cryptoqueen" podcast, in this bumper episode where we discuss his investigation into the OneCoin cryptocurrency scam, the Russian cybercriminals behind Evil Corp, and the mysterious leaks about the NHS that have turned oh-so-political...All this and much much more can be found in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.Visit https://www.smashingsecurity.com/158 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Jamie Bartlett.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Russian hacking group "Evil Corp" accused of targeting American businesses — CBS News, YouTube.Evil Corp donuts — YouTube.International law enforcement operation exposes the world’s most harmful cyber crime group — National Crime Agency.Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware — U.S. Department of the Treasury.UK Government Releases Photos of Russian Hackers, Whose Lives Look Awesome — Motherboard.Hackers with high-placed daddies ‘Evil Corp’ member designated by U.S. Treasury is son of former Russian mayor — Meduza.The Missing Cryptoqueen — BBC Sounds.Jeremy Corbyn reveals dossier 'proving NHS up for sale' — The Guardian.Reddit links UK-US trade talk leak to Russian influence campaign — TechCrunch.Corbyn v Johnson: BBC election debate round-up — YouTube.Stammer Time! — Cassetteboy on Twitter.The Inside Story of Labour's 'NHS For Sale' Leak — Motherboard.More proof NHS is up for sale as Amazon exploits NHS for free — TruePublica.Tweet by Rik Ferguson about his fragrant armpits — Twitter.nuud.Accused of Killing a Gambino Mob Boss, He’s Presenting a Novel Defense — The New York Times.Graham and Carole appear on the BeerConOne Stream — Twitch. Graham & Carole show up at about 1 hour 48 minutes into the show.The Beer Farmers raise funds for the Electronic Frontier Foundation and Mental Health Hackersy The Beer Farmers : BeerConOne. — GoFundMe.The Radio Adventures Of Dr. Floyd.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

11 Des 20191h 12min

What is Kaspersky's ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer?Plus we have a bonus feature interview with Rachael Stockton from Logmein, the folks behind LastPass, all about behavioral biometrics!All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Visit https://www.smashingsecurity.com/157 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Maria Varmazis and Rachael Stockton.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:"Eau de Eugene Kaspersky" — Smashing Security, episode 12.Kaspersky Labs - Packin' The K — YouTube.Thousands of taxpayers tell HMRC to delete voiceprint data it stored without consent — Graham Cluley.Hackers Have Stolen Almost Six Million US Government Fingerprints — Tripwire.Fingerprints are not the same as passwords — Graham Cluley.Face/Off trailer — YouTube.Picture of the (rather ugly) Kaspersky ring — Twitter.Kasperky's synthetic fingerprint ring — YouTube.This Ring Uses a Fake Fingerprint to Protect Your Biometric Data — PC Magazine.How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if you’ve never used Disney+ or NordVPN. — Derek Johnson.The Rise of “Bulletproof” Residential Networks — Krebs on Security.SmartPlay by NordVPN: What is it and how does it work? — NordVPN.Resident Evil: Understanding Residential IP Proxy as a Dark Service — XiangHang Mi.Alleged Music Hacker Indicted for Impersonating a Producer to Steal Unreleased Music — Hollywood Reporter.Hacker stole unreleased music and then tried to frame someone else — ZDNet.Manhattan U.S. Attorney Announces Charges Against Austin Man For Computer Hacking And Fraud Scheme To Steal Unreleased Music From Music Industry Professionals — Department of Justice.Why the f**k was I breached?President Nixon Never Actually Gave This Apollo 11 Disaster Speech. MIT Brought It To Life To Illustrate Power Of Deepfakes — WBUR News.Which Classic Toy Came First? — Mental Floss.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

4 Des 20191h 5min

In this clip from a special bonus episode produced for our Patreon supporters, Graham Cluley and Carole Theriault discuss the 2014 hack of Sony Pictures - reportedly carried out by North Korea for the very oddest of reasons...Visit https://www.smashingsecurity.com/156 to check out this episode’s show notes and episode links, and become one of our "bonus content" Patreon supporters to hear the full episode in all its glory, get early access to future episodes, occasional bonus content, and even receive stickers!Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening and Happy Thanksgiving!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Support Smashing SecurityLinks:Hackers leak Hollywood salaries, embarrassing emails - PBS Newshour — YouTube.Did North Korea hack Sony? It seems hard to believe — Graham Cluley.Poor passwords at Sony, WikiLeaks shows with archive of hacked documents — Graham Cluley.The Interview Trailer (2014) — YouTube.U.S. Said to Find North Korea Ordered Cyberattack on Sony — The New York Times.Sony hackers failed to hide their North Korean IP addresses, says FBI — Hot for Security.NSA allegedly hacked North Korea's networks before Sony attacks — Graham Cluley. Privacy & Opt-Out: https://redcircle.com/privacy

27 Nov 201922min