006: A romantic ransomware hotel break

A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker.Plus don't miss our featured interview with Rumble's Chris Kirsch.Visit https://www.smashingsecurity.com/275 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guests: Chris Kirsch and Jessica Barker.Sponsored By:Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems. It can even tell you which machines are missing endpoint protection, from your local network to the cloud. Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.runSupport Smashing SecurityLinks:Angry IT admin wipes employer’s databases, gets 7 years in prison — Bleeping Computer.A closer look at Eternity Malware — Cyble.Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram — The Hacker News.Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains — BlackBerry.Top Mental Health and Prayer Apps Fail Spectacularly at Privacy, Security — Mozilla Foundation.Talkspace privacy & security guide — Mozilla Foundation.BetterHelp privacy & security guide — Mozilla Foundation.Dramatic growth in mental-health apps has created a risky industry — The Economist.Meltdown Three Mile Island — Netflix.The China Syndrome trailer — YouTube.Slow Horses — Apple TV+.Therapist Uncensored podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

18 Maj 20221h 5min

Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole?All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.And don't miss our featured interview with Artur Kane of GoodAccess.Visit https://www.smashingsecurity.com/274 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Artur Kane.Sponsored By:GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems. It can even tell you which machines are missing endpoint protection, from your local network to the cloud. Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.runKolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.Try Kolide Free for 14 Days; no credit card required.Support Smashing SecurityLinks:Carl Sagan - Cosmos - Space Travel — YouTube.Wormhole.com'Tired' Carl Sagan Fan Sells Wormhole.com to Crypto Giant Jump for $50K After Lawsuit — Decrypt.ACLU vs Clearview AI — American Civil Liberties Union.Clearview AI Offered Free Trials To Police Around The World — Buzzfeed News.US State Privacy Legislation Tracker — IAPP.The Secretive Company That Might End Privacy as We Know It — The New York Times.In Big Win, Settlement Ensures Clearview AI Complies With Groundbreaking Illinois Biometric Privacy Law — American Civil Liberties UnionOwlKitty — YouTube.Review: The Balldo Made Me Rethink Sex in the Most Absurd Way Possible — Wired.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

11 Maj 202249min

We find out why calls to Dublin airport's noise complaints line have soared, and Carole quizzes Graham to celebrate World Password Day.All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.And don't miss our special featured interview with Clint Dovholuk of NetFoundry.Visit https://www.smashingsecurity.com/273 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Clint Dovholuk.Sponsored By:Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. NetFoundry: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.Learn more and try it for yourself at netfoundry.io/smashingsecurity/Support Smashing SecurityLinks:Houston Zoo asks FBI to investigate text-message attack — Houston Chronicle.Trunk calls for Rory Lion flood telephone lines — Irish Independent.Airport Noise & Noise Reports — Dublin Airport.Dublin Airport got 12,272 noise complaints last year from just one person — Irish Independent.Compromised Passwords Responsible for Hacking Breaches — Securelink.Verizon 2021 DBIR Results & Analysis — Verizon.Three random words — NCSC.What’s wrong with What3Words? — YouTube.Why What3Words is not suitable for safety critical applications — Cybergibbons.What3Words – The Algorithm — Cybergibbons.Why bother with What Three Words? — Terence Eden.River (TV series) — Wikipedia.Wearing shoes inside the house is gross – and there’s science to back that up — The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

4 Maj 202250min

Members of The Bored Ape Yacht Club get that sinking feeling, a face unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the BBC's cyber correspondent Joe Tidy.Visit https://www.smashingsecurity.com/272 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Joe Tidy.Sponsored By:Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.Try Kolide Free for 14 Days; no credit card required.NetFoundry: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.Learn more and try it for yourself at netfoundry.io/smashingsecurity/Support Smashing SecurityLinks:Jimmy Fallon and Paris Hilton show off their Bored Ape Yacht Club NFTs. — Twitter.NFTs Stolen After Bored Ape Yacht Club Instagram, Discord Hacked — CoinDesk.Image of scam posted on Bored Ape Yacht Club's Instagram account — Twitter.Bored Ape Yacht Club confirms it had two-factor authentication enabled — Twitter.Kardashians deny faking Roblox sex tape scene — BBC News.How an Army colonel became the face of romance scams around the world — Task and Purpose.Army Col. Daniel Blackmon: The accidental face of military romance scams — Task and Purpose.Daily Dorries — Twitter (parental discretion advised)Hacking the House: do MPs care about cyber-security? — BBC News.Rob Brydon's Directors Commentary — YouTube."This Is How Michael Caine Speaks" from The Trip — YouTube.American Vigilante — Crowd Network.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

27 Apr 202250min

A man loses $650,000 from his cryptocurrency wallet after his Apple iCloud account is hacked, video conferencing apps may not be muting your mic quite the way you imagined, and Google has unblurred military bases in Russia... or has it? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.Visit https://www.smashingsecurity.com/271 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Dave Bittner.Sponsored By:NetFoundry: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.Learn more and try it for yourself at netfoundry.io/smashingsecurity/Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app. Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.Try Kolide Free for 14 Days; no credit card required.Support Smashing SecurityLinks:Domenic Iacovone on Twitter.Learn A Geordie Accent - Newcastle Accent Tutorial — YouTube.Serpent explains the scam on Twitter.How an Apple iCloud Exploit Lost a Crypto Trader Over $650K — CNET.MetaMask advises its users to check their iCloud backup settings — Twitter.Scam message received by Graham from his niece's Instagram account.19 Places On The Planet Google Earth Is Hiding From You — Travel Triangle.Google denies Ukrainian reports it unblurred satellite Maps imagery in Russia — The Verge.Buran shuttle — Google Maps.'Mute' button in conferencing apps may not actually mute your mic — Bleeping Computer.You’re muted — or are you? Videoconferencing apps may listen even when mic is off — University of Wisconsin-Madison.Gerry Anderson: A Life Uncharted — BritBox.Gerry Anderson: A Life Uncharted trailer — YouTube.Bloodline — Netflix.Succession — HBO.Succession review – brilliant dissection of a dysfunctional dynasty — The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

20 Apr 202250min

Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook - but why? Scammers have found a new way to gain access to your most sensitive information - but how? And armchair detectives are helping investigating cold cases involving DNA - but should they?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Visit https://www.smashingsecurity.com/270 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Maria Varmazis.Sponsored By:Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. Keeper Security: Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization.Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashingSupport Smashing SecurityLinks:How Barbie's body size would look in real life — Daily Mail.Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials — Cybereason.Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” — Brian Krebs.What we know about the increase in U.S. murders in 2020 — Pew Research Center.The History of DNA: From Crime Scenes to Consumer Goods — University of West Florida.How an Unlikely Family History Website Transformed Cold Case Investigations — The New York Times.DNA Databases Are Boon to Police But Menace to Privacy, Critics Say — PEW.Philanthropists Push Police Searches of DNA Databases — The New York Times.Help solve crimes with your DNA — DNASolves.Hackers Attacked Two Leading Genetic Genealogy Websites — BuzzFeed.How to Pronounce Moët & Chandon? And WHY?! — YouTube.How to Pronounce Wednesday? (CORRECTLY) — YouTube.Julien Miquel on YouTube.Support Maria Varmazis as she raises money for Cancer Research — Pan-Mass Challenge.The House (2022 film) — Wikipedia.The House — Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

13 Apr 202251min

There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.Visit https://www.smashingsecurity.com/269 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Zoë Rose.Sponsored By:Keeper Security: Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization.Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashingKolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. Support Smashing SecurityLinks:Trezor wallets hacked? Don’t be duped by phishing attack email — Graham Cluley.Tweet by Trezor.Ongoing phishing attacks on Trezor users — Trezor.Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said — The Record.Stalker used woman's own CCTV cameras to watch her at home — Liverpool Echo.Operation: SafeEscape.Work Trend Index: Microsoft’s latest research on the ways we work — Microsoft.Research: A Little Recognition Can Provide a Big Morale Boost — HBR.50% of companies want workers back in office 5 days a week — CNBC.New Amazon Worker Chat App Would Ban Words Like “Union” — The Intercept.Trust No One — Netflix.Smashing Security episode 114: Darknet Diaries, death, and beauty apps — Where we discussed the mysterious case of Gerry Cotten and QuadrigaCX.Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty — Graham Cluley.Hamilton One Essential S1 Magicfold Premium Buggy — Kruidvat NL.Infantino 4-in-1 Flip Advanced Draagzak BK-05204 — Bol.Cosco Scenera Next Convertible Car Seat, Boulder — Canadian Tire.Literature Clock.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

6 Apr 202250min

Strange goings-on on LinkedIn, Ukraine publishes a list of alleged Russian FSB agents, and police in Pittsburgh investigate an odd report of an active shooter.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.Visit https://www.smashingsecurity.com/268 to check out this episode’s show notes and episode links.Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Special Guest: Geoff White.Sponsored By:Keeper Security: Keeper Security’s enterprise password management platform locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization.Sign up for a Keeper free trial for your organization today, and get a free 3-year personal plan, at keepersecurity.com/smashingKolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days. Support Smashing SecurityLinks:North Korea tests its ‘largest intercontinental ballistic missile’ — YouTube.LinkedIn Professional Community Policies — LinkedIn.Community Report — LinkedIn.The latest marketing tactic on LinkedIn: AI-generated faces — NPR.List of FSB agents — Ukraine Ministry of Defence.How the Dutch foiled Russian 'cyber-attack' on OPCW — BBC News.Boris Nemtsov: Murdered Putin rival 'tailed' by agent linked to FSB hit squad — BBC News.Police: Autocorrected text triggered large police presence on Pittsburgh’s North Side — WPXI.Pickle me up: Hilarious autocorrect fails, from Krispy Koreans to wet, sloppy kids — Daily Mail.After Life — Netflix.After Life trailer — YouTube."Time on Rock - A Climber's Route into the Mountains" by Anna Fleming — Canongate Books.Severance — Apple TV.Severance trailer — YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Privacy & Opt-Out: https://redcircle.com/privacy

30 Mars 202248min