Smashing Security

Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and are introduced to... Penelope?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole 'Penelope' Theriault, joined this week by technology broadcaster David McClelland.Visit https://www.smashingsecurity.com/139 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: David McClelland.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGSupport Smashing SecurityLinks:Woman arrested after Capital One hack spills personal info on 106 million — Tripwire.South Seattle woman arrested, charged in massive data breach of Capital One — The Seattle Times.Love Bug suspect speaks — BBC News speaks to the author of the Michael-B Word macro virus.United States vs Paige A Thompson (PDF)Ranji Sinha on Twitter: "Managed to get video of the raid in Seattle that lead to the arrest of Paige Thompson" — Twitter.Capital One Hit With First Class Action Over Security Breach — Bloomberg.Google reveals fistful of flaws in Apple's iMessage app — BBC News.Google researchers disclose vulnerabilities for 'interactionless' iOS attacks — ZDNet.Earn up to $200,000 as Apple *finally* launches a bug bounty — Graham Cluley.Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone — Black Hat USA 2019Your Data Were ‘Anonymized’? These Scientists Can Still Identify You — New York Times.Estimating the success of re-identifications in incomplete datasets using generative models — Nature.Hackers breach FSB contractor, expose Tor deanonymization project and more — ZDNet.The Legend of Zelda: Breath of the Wild — Wikipedia.The Making of The Legend of Zelda: Breath of the Wild – The Beginning — YouTube.Steve Jobs book by Walter Isaacson — Simon & SchusterThe Innovators by Walter Isaacson — Simon & SchusterWhat knowledge might save your life one day? — Reddit.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

31 Jul 201947min

Logic bombs in Excel spreadsheets, how should we protect our brain data from big companies, and how did bizarre messages about Drill rap end up on the Metropolitan Police's Twitter account and website?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BJ Mendelson.Visit https://www.smashingsecurity.com/138 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: B J Mendelson.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Tinley Consulting's website.The meaning and origin of 'Come a cropper'.Siemens contractor pleads guilty to planting logic bomb in company spreadsheets — ZDNet.Brain data regulation — Practical Ethics, University of Oxford.Monkey uses brain to control prothetic arm — YouTube.Neuralink and the Brain's Magical Future — Wait But Why.Kernel is trying to hack the human brain - but neuroscience has a long way to go — The Verge.No, the Met Police wasn't hacked. But its Twitter account and website were hijacked — Graham Cluley.The war against rap: censoring drill may seem radical but it's not new — The Guardian.Katie Hopkins got her Twitter hacked - you had best continue ignoring her — Graham Cluley.Sorry for the Nazi spam from my Twitter account — Graham Cluley.Animated Knots by Grog.Expel your shallow human form and offer it up to new Garfield! — /r/imsorryjon on Reddit.Garfield minus Garfield.French inventor to attempt to cross Channel on jet-powered flyboard — The Guardian.Spider-Man vs Green Goblin — YouTube.'Like a damp towel on a line': the day Boris Johnson got stuck on a zip wire — The Guardian.B.J. Mendelson on Patreon.Smashing Security on Patreon.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

24 Jul 201949min

Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after a researcher finds a simple way to hack into anybody's account. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Visit https://www.smashingsecurity.com/137 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Maria Varmazis.Sponsored By:MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGLastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:CTRL-ALT-LED: Leaking Data from Air-Gapped Computers Via Keyboard LEDs — IEEE.Academics steal data from air-gapped systems via a keyboard's LEDs — ZDNet.How I Could Have Hacked Any Instagram Account — The Zero Hack.How any Instagram account could be hacked in less than 10 minutes — Hot for Security.Takeru Kobayashi - hotdog-eating world record holder — Wikipedia.Smashing Security 092: Hacky sack hack hack.Porn pirating lawyer jailed for five years — BBC News.Stiff penalty: Prenda Law copyright troll gets 14 years of hard time for blue view 'n sue scam — The Register.Prenda Law boss John Steele to miss 2020 Olympics... unless they show it in prison — The Register.InspiroBot.What football will look like in the future — (Maria says don't try to read it on your smartphone)The Life Of A Rock.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

17 Jul 201944min

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.Visit https://www.smashingsecurity.com/136 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Charl van der Walt.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you."The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.Download it for free at smashingsecurity.com/intelligenceSupport Smashing SecurityLinks:Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!Zoom Mac flaw allows webcams to be hijacked - because they wanted to save you a click — Graham Cluley.USCYBERCOM Malware Alert on Twitter.CISA Statement on Iranian Cybersecurity Threats — Department of Homeland Security.Patch for Microsoft Outlook security vulnerability.U.S. Military Warns Outlook Users To Update Immediately Over Hack Linked To Iran — Forbes.U.S. Cyber Command Shares Malware via VirusTotal — SecurityWeek.Steve Buscemi Swapped On Jennifer Lawrence — YouTube.Fake voices 'help cyber-crooks steal cash' — BBC News.New AI deepfake app creates nude images of women in seconds — The Verge.Horrifying DeepNude App Undresses a Photo of Any Woman With a Single Click — Motherboard.Learn how to spot deepfake videos — Slate.507 Mechanical Movements.‘Born a Crime,’ Trevor Noah’s Raw Account of Life Under Apartheid — The New York Times.The global tree restoration potential — Science.How to erase 100 years of carbon emissions? Plant trees—lots of them — National Geographic.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Support us on Patreon! Privacy & Opt-Out: https://redcircle.com/privacy

10 Jul 201949min

We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.Visit https://www.smashingsecurity.com/135 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Oli Skertchly.Sponsored By:MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGLastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:This scary game app is coming for your credentials — Wandera.App vetting: How do you measure the risk level of risky apps? — Wandera.The not so ultra lock — Pen Test Partners.Cat playing the flute — Twitter.Proposing a 'Declaration of Digital Independence' — Wired.Declaration of Digital Independence — Larry Sanger.@gcluley@mastodon.green — Follow Graham on Mastodon.The Fediverse — Wikipedia.Apollo 11 in Real-time.Dark — Netflix.Amazon reviews of the Chillow cooling pillow.The Best Cooling Pillows for Night Sweats — Health.com.Oli Skertchly on Instagram.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

3 Jul 201956min

Scammers steal millions by impersonating a French politician, we offer fashion tips for DDoS attackers, and hear how a small town fought a sextortionist preying on young women.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.Visit https://www.smashingsecurity.com/134 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Jessica Barker.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Edgewise Networks: Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure.Learn more and get a free trial at edgewise.net.Support Smashing SecurityLinks:Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail — ZDNet.18 maanden cel voor hacker die website Crelan en pizzeria plat legde — HLN.The fake French minister in a silicone mask who stole millions — BBC News.He Cyberstalked Teen Girls for Years—Then They Fought Back — Wired.Childline — A counselling service for children and young people in the UK.Cyberbullying information — FTC.Information and resources to curb the growing problem of cyberbullying — National Crime Prevention Council.The Coddling of the American Mind.Depression, anxiety, suicide increase in teens and young adults, study finds — CBS News.Dreyer's English by Benjamin Dreyer — Penguin Random House.Stay Tuned: The Laws of Language (with Ben Dreyer).The Defiant Ones (trailer) — YouTube.The Defiant Ones — HBO.myNoise.netNCSC CyberThreat 2019 (London, GB).Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

26 Jun 201947min

We head to Hong Kong to look at how technology has helped anti-government protesters (and how China has tried to disrupt it), Samsung is skittish over whether to tell TV owners to virus-scan their devices, and you won't believe whose website is not GDPR-compliant.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson.Visit https://www.smashingsecurity.com/133 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language. "Chickens!"Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: James Thomson.Sponsored By:Edgewise Networks: Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure.Learn more and get a free trial at edgewise.net.MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGSupport Smashing SecurityLinks:Information about Cookies — ICO.All About Do Not Track.Apple is removing the Do Not Track toggle from Safari, but for a good reason — Macworld.Google Chrome privacy extension hasn't been updated for years — Graham Cluley.Tweet by Adam Rose — Twitter.Cookie Control plugin — Civic.China social media: WeChat and the Surveillance State — Stephen McDonell, BBC News.DDoS attack that knocked Telegram secure messaging service offline — Tripwire.Inside China's 'thought transformation' camps — BBC News.Scan your TV to prevent malware — Samsung.Samsung Deletes Frightening Tweet Warning That Its Smart TVs Can Get Viruses — Gizmodo.​Samsung: Here's how we're securing your smart TV — ZDNet.Is the CIA's Weeping Angel spying on TV viewers? — Graham Cluley.Samsung's Android Replacement Is a Hacker's Dream — Motherboard.All of the Mueller report’s major findings in less than 30 minutes — PBS NewsHour, YouTube.СтопХам - Урок географии — YouTube.Where Mimes Patrolled the Streets and the Mayor Was Superman — New York Times.Documentaries - watch free online documentaries — IHaveNoTV.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

19 Jun 201956min

United States Customs and Border Protection had sensitive data stolen, but the hackers didn't have to breach its network. Apple has ambitious plans to make iPhone users safer online. And trolls are using Twitter lists to target their victims.All this and much much more is discussed in the latest edition of the MULTI-AWARD-WINNING "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.Visit https://www.smashingsecurity.com/132 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Maria Varmazis.Sponsored By:Edgewise Networks: Edgewise is the industry's first zero-trust segmentation platform. It’s simple to use interface lets you stops data breaches by allowing only verified software to communicate within your cloud or data centre. Edgewise's data-centric approach makes micro-segmentation simpler and more secure.Learn more and get a free trial at edgewise.net.LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:Smashing Security named the Best Security Podcast — Graham Cluley.U.S. Customs and Border Protection says photos of travelers into and out of the country were recently taken in a data breach — Washington Post.Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online — The Register.US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped — The Register.Tweet from Sam Soffes.Apple previews iOS 13 — Apple.Sign In with Apple human user interface guidelines — Apple.How trolls use Twitter lists to target and harass other users — CNBC.Trolls get tricky on Twitter with targeted harassment lists — Kim Komando.10 hours worth of the original Firestorm TV series (Japanese, with English subtitles) — YouTube.Gerry Anderson’s Firestorm Exclusive FULL Minisode — YouTube.Gerry Anderson's Firestorm — A brand new science fiction series from the creator of Thunderbirds (or, more precisely, his son).AITA — Reddit.Ecosia - the search engine that plants trees.Ecosia privacy policy and the data it collects.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

12 Jun 201948min