Smashing Security

Is Face ID racist? Has Mr Robot infected your Firefox browser? Has Microsoft pushed a buggy password manager onto your Windows PC?All this and much much more is discussed in the special first birthday edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original co-host Vanja Švajcer.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Vanja Švajcer.Sponsored By:OneLogin: OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don't have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation.Learn more, and download a free guide to identity access management, at www.smashingsecurity.com/oneloginSupport Smashing SecurityLinks:Smashing Security #001: "One cup, two hotel guests" - YouTubeMozilla Slipped a ‘Mr. Robot’-Promo Plugin into Firefox and Users Are PissedThis Looking Glass/Mr Robot sh*t really p*sses me off - RedditUnknown Mozilla dev addon "Looking Glass 1.0.3" on browser... or is it just malware? - Firefox Support ForumUpdate: Looking Glass Add-onBono and Tim Cook - YouTubeHow to remove Bono and U2 from YOUR f*#!ing iPhone - YouTubeFor 8 days Windows bundled a password manager with a critical plugin flaw Disabling Windows 10 Consumer ExperienceHow Windows 10 Pro installs unwanted apps (Candy Crush) and how to stop it Troy Hunt explains why Face ID Stinks - YouTube10-year-old kid succeeds in unlocking his mum’s iPhone X, with just a glance Apple's Face ID tech can't tell two Chinese women apartFirst iPhone X fondlers struggle to admit that Face ID sort of sucks Erase 2017 from your brain. Face ID never happened. The Notch is an illusion How I Learned to Deal with My Bitcoin FOMOBitcoin FOMO CalculatorOh, My Coins! - Database Of Lost Crypto AssetsMissing: hard drive containing Bitcoins worth £4m in Newport landfill siteIs Bulgaria sitting on $3.5 BILLION worth of Bitcoin seized from criminals?WeCroak on the App StoreNose Dance! The Original Nose Twerking Miss Santa Face Paint! - YouTubeChristmas Nose Twerk! Grinch & Max! - YouTubeSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

20 Dec 201742min

How to protect yourself from Bitcoin hackers, why you should think twice before giving Amazon the keys to your house, and how a private investigator tried to hack Donald Trump's tax returns.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mikko Hyppönen from F-Secure.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Mikko Hyppönen.Sponsored By:OneLogin: OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don't have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation.Learn more, and download a free guide to identity access management, at www.smashingsecurity.com/oneloginNetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker.Download a free demo now.Support Smashing SecurityLinks:Mikko Hypponen has his ponytail hair cut. - YouTubeCyber Security Sauna podcastLouisiana man admits misusing Trump's Social Security numberOne of Your Equifax Hack Protections Expires SoonHow to protect yourself in the wake of the Equifax data breachLarry Flynt offers $10 million for info that could get Trump impeachedCryptocurrency Market CapitalizationsPhysical Bitcoins from DenariumTREZOR Bitcoin WalletLedger WalletAmazon drivers forced to deliver 200 parcels a day with no time for toilet breaks while earning less than minimum wageAmazon wants a key to your house. I did it. I regretted itBlack Friday Delivery THIEVES: 1 in 5 UK packages missing as thefts SURGE before ChristmasCode.orgThe Arcade BloggerThe Happiness of the Katakuris'Rare Exports: A Christmas Tale' Trailer - YouTubeSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

13 Dec 201740min

Why you should check your Airbnb for hidden cameras, a hacker attempts a different kind of jailbreak, and British MPs prove that they really are clueless when it comes to cybersecurity.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Ian Whalley.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Ian Whalley.Sponsored By:OneLogin: OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don't have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation.Learn more, and download a free guide to identity access management, at www.smashingsecurity.com/oneloginNetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker.Download a free demo now.Support Smashing SecurityLinks:The lax computer security of British MPs - as detailed in their own tweetsNadine Dorries MP tweets about sharing her passwordHackers attempt to break into UK MPs' email accounts, as Houses of Parliament targeted by cyber attackNow criminals are ringing up British MPs to ask them their passwordsNadine Dorries MP admits she's always shouting out "What's my password?"Will Quince MP admits he leaves his PC unlockedNadine Dorries reveals all MPs have porn on their PCsAnn Arbor Man Pleads Guilty to Computer Intrusion CaseMan Hacks Jail Computer Network to Get Friend Released EarlyPrison hacker who tried to free friend now likely to join him insideCourt documents (PDF)Tweet from Jason ScottSmile, you’re on hidden webcam Airbnb TV!What are Airbnb’s rules about electronic surveillance devices in listings?Colorise Bot (@colorisebot) on TwitterThe science behind @ColorisebotThe LeftoversLittle Alchemy 2Smashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

6 Dec 201741min

Uber covers up a data breach, the noose tightens on net neutrality, and Bulletproof's website spills the data beans.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by umm.. nobody because they didn't arrange a special guest.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Sponsored By:NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker.Download a free demo now.Support Smashing SecurityLinks:Uber paid hackers $100,000 to keep data breach quietBulletproof breach notification letter to customers (PDF)Bulletproof Coffee lacks bulletproof security: Nerd brain juice biz hacked, cards gulpedNet Neutrality: What You Need to Know NowRacist, threatening attacks on FCC Chair Ajit Pai won't save net neutralityAmericans are spending Thanksgiving fighting for net neutralityAn update on the fight for the free and open internetGoogle YouTube Keyboard ShortcutsTom Baker returns to finish shelved Doctor Who episodes penned by Douglas AdamsBitcoin: How Does it Work? (Roger Ver Interview)Smashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

30 Nov 201728min

Yes, you can log into macOS High Sierra's root account with no password.In this special "emergency" edition of the podcast computer security veterans Graham Cluley and Carole Theriault discuss the breaking news of a serious Apple macOS bug that allows anyone to log into your Mac with root admin rights, without having to enter a password.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Support Smashing SecurityLinks:Tweet by Lemi ErginHuge MacOS bug lets anyone login as root without a password: what you need to knowHow to enable the root user on your Mac or change your root password - Apple SupportSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

29 Nov 20178min

The FBI think they've identified the HBO hacker, the US military have been caught with a leaky bucket, and web tracking has just got scarier than ever.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register's Iain Thomson.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Iain Thomson.Support Smashing SecurityLinks:Uber paid hackers $100,000 to keep data breach quiet HBO offered its hackers $250,000 after attack, leaked email claimsGame of Thrones stars’ personal phone numbers leaked, as HBO hackers attempt to extort ransomSmashing Security 037: Boobs, dragons and data breachesIranian ‘Game of Thrones’ Hacker Demanded $6 Million Bitcoin Ransom From HBO, Feds SaySealed IndictmentOver 400 of the World's Most Popular Websites Record Your Every Keystroke, Princeton Researchers FindNo boundaries: Exfiltration of personal data by session-replay scriptsData release: list of websites that have third-party “session replay” scriptsThe dark side of Replay Sessions that record your every move onlineShark Attack 3 - That Famous Line (NSFW!)Father Ted: Dougal the Milkman & the Booby TrapPaddington 2 - the moviePaddington Bear, Singin' in the rainBaby Driver - the movieBaby Driver - 6-Minute Opening ClipMathmos Lava LampsTom Scott's How Lava Lamps Keep the Internet SecureSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

22 Nov 201740min

Is your dildo listening to you? Do you trust Facebook with your most intimate photos? And just how did a vengeful DDoSer come up with that nickname?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: John Hawes.Sponsored By:NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker.Download a free demo now.Support Smashing SecurityLinks:Give Facebook your nude pics to tackle revenge pornThe Facts: Non-Consensual Intimate Image PilotUsing Technology to Protect Intimate Images and Help Build a Safe CommunitySex toy company admits to recording users' remote sex sessions, calls it a 'minor bug'PSA: Lovense remote control vibrator app recording "private" sessions without express permissionHack a BT Low Energy (BLE) butt plugMan Uses DDoS-for-Hire Services to Attack Former Employer, Taunts Firm via EmailGoogle's Inactive Account ManagerLee Valley Tools - Woodworking Tools, Gardening Tools, HardwareSnap CircuitsWhat is Snap Circuits? - YouTubeSmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

15 Nov 201739min

Passwords are under the microscope again, CrunchyRoll leads anime fans to malware, a sexy robot gains Saudi citizenship, and Carole begins her career as an agony aunt.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Maria Varmazis.Sponsored By:NetSparker: NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker.Download a free demo now.Support Smashing SecurityLinks:LastPass reveals the threats posed by passwords in the workplaceOne in five security professionals still uses paper to manage privileged passwordsPasswords - a Smashing Security splinterPSA : Don't enter crunchyroll.com at the moment, it seems they've been hackedBlaze's Security Blog: CrunchyRoll hack delivers malwareCrunchyroll.com updateMeet Sophia: The first robot declared a citizen by Saudi Arabia - YouTubeHot Robot At SXSW Says She Wants To Destroy HumansSaudi Arabia has a new citizen: Sophia the robot. But what does that even mean?Japan Has Just Granted Residency To An AI Bot In A World FirstMythbuster seeks cash for roller skates to wear in virtual realityJamie Hyneman's Electric Shoes - YouTubeSwear Trek (@swear_trek) on TwitterSwear Who (@swear_who) on TwitterStranger Things: The Game on the iOS App StoreStranger Things: The Game on Google PlaySmashing Security on FacebookSmashing Security merchandise (t-shirts, mugs, stickers and stuff)

9 Nov 201741min