014: Protecting webmail - a Smashing Security splinter

Anti-porn "shameware" apps take a privacy pounding, is your image already being used by AI, and deepfake danger continues to deepen.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps - WIRED.Covenant Eyes.Sick and tired of trying to quit porn? You’re not alone - Covenant Eyes promotional video.Fortify.AI Is Probably Using Your Images and It's Not Easy to Opt Out - Vice.ISIS Executions and Non-Consensual Porn Are Powering AI Art - Vice.Have I been trained?The Deepfake Danger: When It Wasn’t You On That Zoom Call - CSO Online.Deepfake Audio Has A Tell – Researchers Use Fluid Dynamics To Spot Artificial Imposter Voices - The Conversation. Deephy: On Deepfake Phylogeny - Cornell University.On The Horizon: Interactive And Compositional Deepfakes - Microsoft. Detect DeepFakes: How to counteract misinformation created by AI - MIT University. New Deepfake Threats Loom, Says Microsoft’s Chief Science Officer - Venture Beat.The Joy of Sets - BBC Archive.Steam Deck.Am I Being Unreasonable? - BBC iPlayer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.The Cyber Security Inside podcast – Relevant cybersecurity topics in clear, easy-to-understand language. With every episode, you’ll walk away smarter about cybersecurity, and have fun while you’re at it!Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

28 Sep 202256min

Researchers reveal how your eyeglasses could be leaking secrets when you're on video conferencing calls, we take a look at the recent data breaches involving Uber and Grand Theft Auto 6, and we cast an eye at what threats may be around the corner...All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.Plus - don't miss our featured interview with Sal Aurigemma, the faculty director of the Master of Science in Cyber Security program at the University of Tulsa.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:“Iain Exotic”, Iain Thomson’s dress-up homage to Joe Exotic, the Tiger King - Twitter.“Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing” - Research paper by Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, and Kevin Fu.“We saved you a seat in chat” - Rather large text on the Twitch website.Stalker zoomed in on Japanese idol’s eyes to find out where she lived - Graham Cluley.Uber is looking for more security staff - Twitter.Uber explains how it was pwned this month, points finger at Lapsus$ gang - The Register.Uber’s hacker *irritated* his way into its network, stole internal documents - Graham Cluley.Security update - Uber.Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist - The Register.Cybersecurity Awareness Month - CISA. The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats - ZDNet.U.S. Government Spending Billions on Cybersecurity - Hacker News.The Mitchells vs The Machines trailer - YouTube.The Mitchells vs The Machines - Netflix.NASA is ready to knock an asteroid off course with its DART spacecraft - New Scientist.DART’s Small Satellite Companion Takes Flight Ahead of Impact - NASA.Search and find UK Defibrillator Locations near you now - HeartSafe.Apply for a part funded Public Access Defibrillator - British Heart Foundation.Defibrillator guide for first time buyers - St John’s Ambulance. Every school will have a life-saving defibrillator by 22/23 - Gov.UK.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Pentera - Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way. Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

21 Sep 20221h 4min

How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rory Cellan-Jones.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Dynamic Cartridge Security - disable please - Angry customers complain on HP support forum.Update now! Many HP printers affected by three critical security vulnerabilities - MalwareBytes.HP will pay customers for blocking non-HP ink cartridges in EU - Bleeping Computer.HP and Euroconsumers settle on Dynamic Security - Euroconsumers.Ink cartridges are a scam - YouTube.Why printer ink is so expensive - Insider.Trying to print something - YouTube.UK Biobank - why won't GPs share data? - Rory’s Always On Newsletter.Another data sharing fiasco - Rory's Always On Newsletter.Tweet by Kate Bingham - Twitter.The Twitter Whistleblower Needs You to Trust Him - Time.Twitter denies whistleblower payout violates Musk’s takeover deal - MSN.Elon Musk earns a split decision in Delaware court - The New York Times.Twitter’s whistleblower has pitched up at a very inconvenient moment - The Guardian.Damning claims about Twitter’s bots and security lapses are ‘a false narrative,’ says CEO - The Verge. The Spectator’s Guide to the Elon Musk–Twitter Fight - Slate. Don't F*** with Paste - Firefox browser addonDon't F*** with Paste - Chrome browser extension.Stasi Museum, Berlin.How to with John Wilson - BBC.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.The Cyber Security Inside podcast - Relevant cybersecurity topics in clear, easy-to-understand language. With every episode, you’ll walk away smarter about cybersecurity, and have fun while you’re at it!Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

14 Sep 202256min

Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:‘The least safe day’: rollout of gun-detecting AI scanners in schools has been a ‘cluster,’ emails show - Motherboard.Gun detection AI the latest tech to make schools less safe - TechDirt.The unproven, invasive surveillance technology schools are using to monitor students - ProPublica. NYC Mayor considering a subway security system that can’t differentiate between a laptop and a handgun - Motherboard.Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire - Brian Krebs.USA vs Patrick McGovern-Allen (PDF) - Court Listener.Reports of romance scams hit record highs in 2021 - FTC.Meeting you was a fake: Investigating the increase in romance fraud during COVID-19 - Academic Research.This dating app fought scammers with bots… hilarity ensued - TechCrunch.She was 69. He Was Young, Hunky,,, and a Fraud - The Daily Beast.Gladbeck: The Hostage Crisis trailer – YouTube.Watch Gladbeck: The Hostage Crisis - Netflix.The Ocean Cleanup.We flooded our dating app with bots… to scam scammers - Medium.Craiyon.Carole’s attempt to ask Craiyon to draw Liz Truss eating a giant cupcake of Europe.Is this Graham eating a banana? Craiyon seems to think so.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

7 Sep 202250min

We're back from our summer break as we ask how did a cryptomining campaign stay unspotted for years, quiz special guest and infosec rockstar Mikko Hyppönen about his book, and ponder what spiders teach us about misinformation.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:The 20 Funniest Finnish Expressions (and How To Use Them) - Matador Network.Sophos punts anti-virus for Klingon - The Register.Helsinki named Klingon-speaking capital of the world – Naked Security.Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications - Check Point Research.If It's Smart It's Vulnerable - Book by Mikko Hyppönen.Psychological inoculation improves resilience against misinformation on social media -Science Advances.Let’s flatten the infodemic curve - WHO.The global spread of misinformation on spiders - Current Biology.A Journey Into Misinformation on Social Media - The New York Times.Google Looks to Vaccination to Combat Misinformation In Searches - The New York Times.Spiders Are Caught in a Global Web of Misinformation - The New York Times.The rock-paper-scissors/tortilla wrap game.DEF CON: The Documentary.Smashing Security Painting competition – Carole.wtf.Open Exhibition, Summer 2022 - Oxford Art Society.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.Thanks:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

31 Aug 202253min

Pornhub has a problem, the UK's Co-op supermarket is accused of big brother tactics, and we take a look at a security researcher's attempt to reveal the true identify of hackers.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Episode links:On security researcher's newsletter, exposing cybercriminals behind ransomware — CyberScoop.‘Imma Make U Dig Ur Own Grave’: He Doxes Ransomware Hackers and Gets Death Threats in Return — Vice.Intrusion Truth - Five Years of Naming and Shaming China’s Spies — Kim Zetter.Who Is 'Intrusion Truth,' Group Exposing Alleged Chinese Hackers? — Daily Dot.The Leopards Eating People's Faces Party meme — Know Your Meme.Tweet by Bill Ackman.Judge Refuses Visa’s Request to Escape Pornhub-Related Lawsuit — The New York Times.How to Prevent and Handle Robberies and Theft in Retail — Vend Retail Blog.Abuse of shopworkers is on the rise – coronavirus brought it to our attention and now we need to act — The Conversation.‘Tackling violence and abuse in retail must be one of the industry’s highest priorities’ — Retail Week.Convenience store spy cameras face legal challenge — BBC News.Looking back at the career of Bernard Cribbins — YouTube.Tribute to David Warner — YouTube.Webb Compare — John Christensen.Support Maria Varmazis on the Pan-Mass Challenge.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Privacy & Opt-Out: https://redcircle.com/privacy

3 Aug 202253min

Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial intelligence.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Paul Ducklin.Plus don't miss our featured interview with Ian Farquhar of Gigamon.Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Episode links:Uber Enters Non-Prosecution Agreement Related to 2016 Data Breach — US Department of Justice.Former Uber Security Chief Joe Sullivan Must Face Driver Fraud Charges — Bloomberg.Uber to pay $148 million in data breach settlement — TechCrunch.Uber paid hackers $100,000 to keep data breach quiet — Graham Cluley.Uber CISO's trial underscores the importance of truth, transparency, and trust — CSO Online.7 cybersecurity tips for your summer vacation! — Naked Security.Sanas demo.Sanas Raises $32M for Breakthrough AI Technology for Real-Time Accent Translation — Sanas press release.This 6-Million-Dollar AI Changes Accents as You Speak — IEEE Spectrum.Call centre workers can use AI to mimic your accent on the phone — New Scientist.A little less accent, a little more customer service — ComputerWorld.What Is Accent Reduction? — Accent Advisor.Compound pejoratives on Reddit – from 'buttface' to 'wankpuffin' — Colin Morris.Melissa computer virus — Wikipedia.Dedham Hall.3D capture of Carole Theriault — Polycam.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden– Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?Gigamon - Gigamon is the leading deep observability company. Download their latest report into the state of ransomware to learn why deep observability is the new frontier for tackling the ransomware crisis.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Privacy & Opt-Out: https://redcircle.com/privacy

27 Juli 20221h 8min

In this special edition of the "Smashing Security" podcast, computer security veterans Graham Cluley and Carole Theriault welcome back author and journalist Jamie Bartlett - host of "The Missing CryptoQueen" podcast.Jamie tells us about his new book, which shares more details about the disappearance of cryptocurrency scammer Dr Ruja Ignatova, and the subsequent hunt by law enforcement.Warning: This podcast may contain nuts, adult themes, and rude language.Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Episode links:The Missing CryptoQueen podcast — BBC.The Missing CryptoQueen book — Penguin.Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted — BBC News.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Drata – Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.Cyber Security Inside podcast -bringing you the most important and timely security topics as well as other industry experts for insightful conversations.Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.Become a Patreon supporter for ad-free episodes and our early-release feed!Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Privacy & Opt-Out: https://redcircle.com/privacy

20 Juli 202242min