Smashing Security

How is private medical data leaking onto the streets of Milton Keynes, what is widening the cybersecurity skills gap, and how is Australia controversially tackling the problem of drivers using their mobile phones?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.Visit https://www.smashingsecurity.com/147 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Joe Carrigan.Sponsored By:Detectify: Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers.Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectifyLastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:50 reasons to love Milton Keynes (what, only 50?) — The Guardian.Logan's Run movie trailer — YouTube.Understanding Milton Keynes — YouTube.A Festival of Creative Urban Living.Tweet by @Costermk about "Utopia Station".Unshredded NHS records were dumped in a town centre to weigh down scaffolding at art festival — The Sun.Outrage as thousands of NHS patients' medical records are dumped in town centre — Daily Mail.The Cybersecurity Skills Gap Won't Be Solved in a Classroom — Forbes.Cybersecurity Skills Shortage Soars, Nearing 3 Million — (ISC)² Blog.What Cyber Skills Shortage? — Dark Reading.Australia Is Using New Technology to Catch Drivers on Phones — Time.com.Texting And Driving Statistics In America — Simply Insurance.Distracted Driving Worsens As Drivers Use Phones In Riskier Ways — Forbes.Restrictions on cell phone use while driving in the United States — Wikipedia.RAC research: dangerous phone use at the wheel rockets among some age groups — RAC.Really Rude Map.Shitterton comes on top of list of Britain's worst place names including Pratts Bottom, Crapstone and Slag Lane... but those who live there insist it's still a lovely place to live — Daily Mail.Heavens-Above.Shower Orange an Enlightenment of the Soul — Reddit.Carole's shower adventures with an orange — @caroletheriault on Twitter.Graham's shower adventures with a banana — @gcluley on Twitter.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

25 Sep 201949min

In the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault, Carole has suffered an injury, we journey back in time to one of our earliest episodes to discuss the perils of passwords, and Rachael Stockton from LastPass drops by for a chat.Visit https://www.smashingsecurity.com/146 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Rachael Stockton and Vanja Švajcer.Sponsored By:Detectify: Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers.Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectifyLastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

18 Sep 201938min

Apple is furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by web security journalist John Leyden.Visit https://www.smashingsecurity.com/145 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: John Leyden.Sponsored By:MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGLastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you."The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.Download it for free at smashingsecurity.com/intelligenceSupport Smashing SecurityLinks:A very deep dive into iOS Exploit chains found in the wild — Google Project Zero.Google finds 'indiscriminate iPhone attack lasting years' — BBC News.A message about iOS security — Apple.Mobile & Tablet Operating System Market Share in China — Statcounter.Apple Disputes Google’s Claims of a Devastating iPhone Hack — Motherboard.What’s next in making Encrypted DNS-over-HTTPS the Default — Mozilla.Firefox DNS-over-HTTPS rollout starts later this month — The Daily Swig.ISP trade association backtracks on Mozilla ‘internet villain’ nomination — The Daily Swig.Apple apologises for allowing workers to listen to Siri recordings — The Guardian.Apple contractors 'regularly hear confidential details' on Siri recordings — The Guardian.Almost a quarter of Britons now own one or more smart home devices — YouGov.The Bright Side of Humans Eavesdropping on Your Alexa Recordings — Gizmodo.Smart Speakers That Listen When They Shouldn't — Consumer Reports.BetterTouchTool for Mac.The SwigCast — A security podcast from The Daily Swig, featuring John Leyden.The Wii — Wikipedia.Just Dance 4: Rock Lobster - The B-52's — YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

11 Sep 201944min

Should Google really be helping the FBI with a bank robbery? What's the story behind the Twitter CEO claiming there's a bomb in their offices? And how much does your car really know about you?And we mourn the loss of Doctor Who legend Terrance Dicks...All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.Visit https://www.smashingsecurity.com/144 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Geoff White.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Detectify: Detectify will run over 1500 security tests against your website, identifying real problems with a list of constantly updated vulnerabilities submitted by a global network of over 150 handpicked ethical hackers.Go hack yourself! Take a 14-day free trial at smashingsecurity.com/detectifySupport Smashing SecurityLinks:Feds ordered Google location dragnet to solve Wisconsin bank robbery — The Verge.Google reverse location search warrant.Manhattan DA Got Innocent People's Google Phone Data Through A 'Reverse Location' Search Warrant — Gothamist.Jorge Molina: Avondale police used Google data to wrongfully arrest me — AZCentral.About the Twitter CEO '@jack hack' — Graham Cluley.Trump says it 'shouldn't be too bad' if someone hacks his Twitter — Business Insider.Chuckle Brothers — Wikipedia.Wipe Data From Your Car Before Selling It — Consumer Reports.Connected Cars, Telematics and Connectivity-as-a-Service ​: What's the Future? — Dataconomy.It looks like tech-savvy drivers will have to lead connected car data purge — The Register.It’s too easy to steal a second‑hand connected car — We Live Security.Doctor Who writer Terrance Dicks dies, aged 84 — Radio Times.Terrance Dicks inspired me to write – and not to feel ashamed of my stammer — New Statesman.Terrance Dicks obituary — The Guardian.On The Outside It Looked Like An Old Fashioned Police Box... — A radio documentary about the Doctor Who novelisations, many of which were written by Terrance Dicks.Cybercrime Investigations podcast — Features some chap called Geoff White.Elisabeth Schwarzkopf's appearance on the BBC's Desert Island Discs, 1958 — Where she chooses seven of her own songs.Intelligence Squared podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

4 Sep 201951min

Was a cybercrime committed on the International Space Station? What on earth were Ukrainian scientists thinking when they plugged a nuclear power station into the internet? And someone has cloned Canadian clinical psychologist Jordan Peterson's voice...All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.Visit https://www.smashingsecurity.com/143 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Mark Stockley.Sponsored By:MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGLastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:NASA Astronaut Anne McClain Accused by Spouse of Crime in Space — The New York Times.Space Station's Data Rate Increase Supports Future Exploration — NASA.Astronaut Anne McClain denies cybercrime allegations — @AstroAnnimal on Twitter.The Moon is Covered With 400,000 Pounds of Human Trash — Interesting Engineering.Lunar Roving Vehicle (LRV) — National Air and Space Museum. (Apparently it's top speed is a paltry 8 miles per hour, not the 17 miles per hour Graham claimed)Ukraine: Crypto Miners Arrested for Compromising Nuclear Plant Security — Coin Telegraph.A Site Faking Jordan Peterson's Voice Shuts Down After Peterson Decries Deepfakes — Motherboard.I Didn't Say That — Jordan Peterson.To fix the problem of deepfakes we must treat the cause, not the symptoms — The Guardian.Dr Jordan Peterson with Kermit the Frog — Twitter.Portsmouth Sinfonia — Wikipedia.Portsmouth Sinfonia perform "Also sprach Zarathustra" — YouTube.Portsmouth Sinfonia Plays the Popular Classics — YouTube.The Eden Project.Lebanese Mountain Bread Recipe — AllRecipes.comSourdough No-Knead Bread Recipe — The New York Times.Japanese Milk Bread Rolls recipe — King Arthur Flour.My Best Sourdough Recipe — The Perfect Loaf.Common Bread Baking Calculators — The Perfect Loaf.Beginner's Sourdough Bread — The Perfect Loaf.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

28 Aug 201943min

Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the security threats impacting smart cities, and a new feature coming to your Facebook app. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.Visit https://www.smashingsecurity.com/142 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Jack Rhysider.Sponsored By:Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Mercedes spies on drivers by secretly installing tracking devices in cars and passing information to bailiffs — The Sun.Three-unique-words 'map' used to rescue mother and child — BBC News.Rolling a Reliant Robin - Top Gear — YouTube.Ransomware Attack Affects Computers In 22 Towns In Texas — NPR.What Is A Smart City? — ComputerWorld.Access the latest smart city tenders — Bee Smart City.Hacking 20% of cars could freeze traffic in NYC, study finds — Smart Cities Dive.Lack of Critical Infrastructure Cybersecurity Investments in Smart Cities will Seed the Future IoT Vulnerabilities — ABI research.Facebook to stop stalking you off-site - but only if asked — BBC News.Now You Can See and Control the Data That Apps and Websites Share With Facebook — Facebook News Room.Off-Facebook Activity: Control your information — Facebook.Smashing Security #075: Quitting Facebook.Amazon.com: Logitech M705 Marathon Wireless Mouse — Amazon.40 brilliant idioms that simply can’t be translated literally — TED Blog.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

21 Aug 201949min

Say cheese to ransomware on your camera! A sponsored speech at Black Hat causes uproar, and should you trust that Lightning cable you're about to plug into your MacBook?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.Visit https://www.smashingsecurity.com/141 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Dave Bittner.Sponsored By:MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGLastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Say Cheese: Ransomware-ing a DSLR Camera — Check Point Research.Ransomware on a DSLR Camera — YouTube.Security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions — Canon.Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference — Motherboard.Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' — PC Magazine.Crown Sterling Presents: TIME AI — YouTube.Crown Sterling Issues Statement Regarding Recent Allegations Made at Black Hat 2019 — Business Wire.These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer — Motherboard.O.MG cable.Remain Seated Please - The Hoot and Chief Story (Epcot Horizons) — YouTube.The true story of the unauthorized, daredevil documentation of the Horizons ride at Disney World — Dangerous Minds.Bathtubs over Broadway — Netflix.Bathtubs over Broadway - Official Trailer — YouTube.The Amelia Project podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

14 Aug 201951min

Is the PIN you use for your bank card secure? How did one woman get duped into giving a romance scammer $200,000? And Cloudflare and other online services take aim at a vile corner of the internet...All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Visit https://www.smashingsecurity.com/140 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Maria Varmazis.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you."The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.Download it for free at smashingsecurity.com/intelligenceSupport Smashing SecurityLinks:Most Common iPhone Passcodes — Daniel Amitay.We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly — Monzo.500,000 Monzo banking customers told to change their PINs — Graham Cluley.Terminating Service for 8Chan — Cloudflare.8chan struggling to stay online after its alleged use by El Paso shooting suspect — CNN.Online dating apps and websites the most common way to meet — 9to5Mac.Woman says a man she met on Tinder swindled her out of $200K: 'He didn't just dump you, he never existed' — ABC News.Cyber Actors Use Online Dating Sites To Conduct Confidence/Romance Fraud And Recruit Money Mules — Internet Crime Complaint Center (IC3).The Boys trailer — YouTube.The Boys — Amazon Prime.Camelcamelcamel.“Conviction,” Reviewed: A Bronx P.I. Pursues Justice, and Glory — The New Yorker.Conviction podcast — Gimlet.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

7 Aug 201954min