Cheapfakes, deepfakes, and Ashley Madison

If aliens did contact us would it be safe to open the email? Why would MoviePass track film lovers after they leave the cinema? Would you know how to get around Malaysia when your car rental website lets you down? And will Graham please stop talking about text adventure games?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by journalist (and possible spy) James Thomson.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: James Thomson.Sponsored By:MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGSupport Smashing SecurityLinks:Eurozine discusses disinformation and democracyMalware from Space Interstellar communication. IX. Message contamination is impossible (PDF)MoviePass CEO proudly says the app tracks your location before and after moviesCEO Mitch Lowe Says MoviePass Will Reach 5 Million Subs by End of YearMoviePass Privacy PolicyGET LAMP: The text adventure documentaryLeather Goddesses of PhobosGET LAMP: The Text Adventure Documentary - YouTubeInfocom: The Documentary - YouTubeJacaranda Jim - retro text adventure game by GrahamHumbug - retro text adventure game for MS-DOS by GrahamWarrington Cycle CampaignCycle Facility of the Month July 2017#WeThePeople LIVE podcastSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

7 Mars 201844min

Incognito mode on your browser not as private as you think, consumer spyware companies get hacked, Graham is accused of "multitasking" in his hotel room, and Carole champions the students of Parkland, Florida.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who recorded without a special guest this week.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Support Smashing SecurityLinks:How to go 'Incognito' on your web browser, and what it meansYour private browsing isn’t as incognito as you want it to beVeil is private browsing for the ultra-paranoidHacker Strikes ‘Stalkerware’ Companies, Stealing Alleged Texts and GPS Locations of CustomersSpy on Your Valentine Using Spy SoftwareHow stalking has been made easier by the internet and social networksTrailer NiteFlorida student to NRA and Trump: 'We call BS' - YouTubeMarch for our livesEmma González on TwitterFlorida Student Who Gave Emotional Gun Control Speech Now Has More Followers Than NRASmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

1 Mars 201835min

Flight simulators packed with password-grabbing malware, Facebook fighting Russian trolls, and how vulnerability researchers fear being sued.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest The CyberWire's Dave Bittner.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Dave Bittner.Sponsored By:Rapid7: InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster. You can download a 30-day trial by visiting www.rapid7.com/insightidrMetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGSupport Smashing SecurityLinks:FSLabs' A320 installer seems to include a Chrome password extraction toolFlight Simulator Add-On Tried to Catch Pirates By Installing Password-Stealing Malware on Their ComputersA320-X DRM clarification - Flight Sim Labs ForumsFlightSimLabs Alleged Malware Analysis – Luke GormanA320-X DRM - what happened - Flight Sim Labs ForumsLawsuits threaten infosec research - just when we need it mostFacebook plans to use U.S. mail to verify IDs of election ad buyersFacebook’s secret weapon in the fight against foreign meddling? PostcardsFact-Checking a Facebook Executive’s Comments on Russian InterferencePunycode - WikipediaIDN Safe for ChromeIDN Safe for FirefoxIDN Safe for OperaFirefox users - Spot phishing URL's more easily by enabling Show PunycodePrivacy.com — (Dave's recommendation, not ours)How to remove your credit card information from your iPhoneChange or remove your Apple ID payment information - Apple SupportSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

21 Feb 201839min

Cryptomining goes nuclear, YouTube for Kids gets scary, and TV ads have been given the green light to mess with your Amazon Alexa.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Maria Varmazis.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.Rapid7: InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster. You can download a 30-day trial by visiting www.rapid7.com/insightidrSupport Smashing SecurityLinks:Government websites hijacked by cryptomining pluginRussian nuclear scientists arrested for allegedly hijacking supercomputer to mine BitcoinsNow that's taking the p... Sewage plant 'hacked' to craft crypto-coinsSalon website gives you a choice: turn off your ad blocker or let us mine cryptocurrenciesCoinhive review: Embeddable JavaScript Crypto Miner - 3 days inSmashing Security 059: An intro to Bitcoin and BlockchainYouTube Kids app still showing disturbing videosSomething is wrong on the internet – James BridleAmazon Echo Dot ad cleared over cat food orderBroadcast Code - ASASarah Huckabee Sanders warns Twitter about Amazon Echo after 2-year-old orders $80 Batman toyCat Food (Amazon Echo Commercial) - YouTubeDinosaur ChessThe Furby Organ, A Musical Instrument Made From Furbies - YouTubeWintergatan - Marble Machine (music instrument using 2000 marbles) - YouTubePoppy introduces a plant - YouTubePoppy is a disturbing internet meme seen by millions. Can she become a pop sensation?Smashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

15 Feb 201849min

A Namecheap vulnerability allows strangers to make subdomains for your website, Troy Hunt examines password length, and ex-Google and Facebook employees are fighting to protect kids from social media addiction.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest HaveIBeenPwned's Troy Hunt.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Troy Hunt.Sponsored By:MetaCompliance: People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management.Go to smashingsecurity.com/metacompliance Promo Code: SMASHINGRapid7: InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster. You can download a 30-day trial by visiting www.rapid7.com/insightidrSupport Smashing SecurityLinks:Namecheap Name Server Vulnerability Allows Unauthorized Users to Create Sub-DomainsThat’s not how security works, security is not obscurityUpdate on Recent Hosting Breach - Namecheap BlogHave I been pwned? Pwned PasswordsHow Long is Long Enough? Minimum Password Lengths by the World's Top SitesCenter for Humane TechnologyAdam Alter: Why our screens make us less happyEx Facebook, Google Employees Launch Anti-Tech CampaignSocial Networking Sites and Addiction: Ten Lessons Learned'Fiction is outperforming reality': how YouTube's algorithm distorts truthAlphaGo movieIn Two Moves, AlphaGo and Lee Sedol Redefined the FutureUbiquiti NetworksBasic Crepe Batter RecipeGateau de crepesSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

7 Feb 201843min

Fitness trackers breaching your privacy, how anyone can create convincing celebrity porn, and how ransomware authors are getting ripped off by scammers.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Maria Varmazis.Sponsored By:Chess CyberSecurity: Chess CyberSecurity is taking the pulse of the IT nation. Complete their three-minute quiz and you could win amazing prizes - including limited edition t-shirts, wireless headphones, an iPad Pro and a Sony PS4.Support Smashing SecurityLinks:Strava's Global HeatmapNathan Ruser tweets about Strava's global heatmapPrivacy of fitness tracking apps in the spotlight after soldiers' exercise routes shared onlineThar she blows: Strava heat map shows folk on shipwreck packed with 1,500 tonnes of bombsAdvanced Deanonymization through StravaFake celebrity porn is blowing up on Reddit, thanks to artificial intelligenceReddit User Outperforms Disney with AI-Generated Princess LeiaFake News Is About to Get Even Scarier than You Ever DreamedJosh Turner of The Other Favorites - YouTubeThe Levee by The Other Favorites - YouTubeBlood on the Tracks by Bob DylanUnited denies woman's attempt to bring peacock onto flightDexter The Peacock on InstagramReforestation Drones Can Plant 100K Trees In An HourSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

1 Feb 201845min

Your Tinder swipes can be spied upon, Amazon is opening high street stores that don't require any staff, and Russian fuel pumps are being infected with malware in an elaborate scheme to make large amounts of money.With Carole on a top secret special assignment, it's left to security veteran Graham Cluley to discuss all this and much much more with special guests David McClelland and Vanja Švajcer.Follow the "Smashing Security" podcast on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guests: David McClelland and Vanja Švajcer.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.CloudBerry Lab: Backup files, folders and system images to the cloud storage of your choice - with built-in 256 bit encryption ensuring your precious data remains private.Support Smashing SecurityLinks:Tinder's Lack of Encryption Lets Strangers Spy on Your SwipesTinder drift demo - YouTubeUsing public Wi-Fi - a Smashing Security splinterWatchdog Wednesday: WiFi hackers - BBCApple drops requirement for apps to use HTTPS by 2017Amazon Go debuts, and its prying cameras foil our shoplifting attemptsHacker Infects Gas Pumps with Code to Cheat CustomersMaking Blake's Seven 101 - YouTubeJon Alpert Speaks On His Film, "Cuba and the Cameraman" - YouTubeReview: ‘Cuba and the Cameraman’ Lavishes Love on a Country … and CastroCARROT Weather on the iOS App StoreSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

24 Jan 201844min

User interfaces and poor procedures lead to pandemonium in Hawaii, hackers are attempting to trick victims into opening cryptocurrency-related email attachments, and yet more pox-ridden apps are found in Android's Google Play store.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Ducklin.Sponsored By:LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.CloudBerry Lab: Backup files, folders and system images to the cloud storage of your choice - with built-in 256 bit encryption ensuring your precious data remains private.Support Smashing SecurityLinks:Hawaii's ballistic missile false alarm and a user interface failureHawaii missile alert: How one employee ‘pushed the wrong button’ and caused a wave of panicWhat Hawaii Was Like After the False Nuclear AlarmCryptocurrency as the lure, an ISO as the attachment – why not open it?Malware Displaying Porn Ads Discovered in Game Apps on Google PlayGames with pornographic ads sneak into the Play Store, get 3 million downloadsFake WhatsApp app tricked over a million users@ruanyf on Twitter's picture of a visual display for a Chinese lavatoryPolice give out infected USBs as prizes in cybersecurity quizIBM distributes USB malware cocktail at AusCERT security conferenceIBM has been shipping malware-infected USB sticksOlympus Stylus Tough camera carries malware infectionGoogle Arts and Culture app: How to find which famous painting you look like – and why people don't want to Google Arts & CultureSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

17 Jan 201850min