Smashing Security

The Samsung Galaxy S8 claims that its iris recognition technology provides "airtight security", but the Chaos Computer Club knows better and shows how it can be easily bypassed. Australian researchers create a wearable gizmo that authenticates you through your walk, but is it ever going to be practical? Mac malware reportedly wastes no time stealing information from a software developer. And the boss of the Bank of England is smart enough not to fall for an email prankster. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul "Duck" Ducklin. Show notes: Chaos Computer Clubs breaks iris recognition system of the Samsung Galaxy S8 - Chaos Computer Club. Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy - Ars Technica. New technology uses the way you walk as a password - CNet. Hofmeister - follow the bear TV advert - YouTube. Monty Python's Flying Circus's Ministry of Silly Walks sketch - YouTube. Source Code for Several Panic Apps Stolen via HandBrake Malware Attack - MacRumors. Bank of England accused of airbrushing Jane Austen on the new £10 note - Liverpool Echo. Bank of England governor falls for email prank but maintains his composure - The Guardian. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Ducklin.Sponsored By:iovation: iovation is offering Smashing Security listeners a free demonstration of its mobile multifactor solution product, LaunchKey, which can be built into your mobile apps, websites and online services to provide a simple, streamlined remote login function.Support Smashing Security

24 Maj 201731min

The WannaCry ransomware has struck! But before we tackle that subject, and who we should blame for one of the highest profile malware attacks for years, we discuss how HP has been unwittingly capturing the keystrokes of its laptop users. Then we briefly discuss what might be the worst cinema date in history, before rounding things off with a discussion of hackers extorting money out of movie studios. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul "Pob" Baccas. Show notes: Hello to Jason Isaacs - Witterpedia. Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package - modzero Security Advisory. Keylogger Found in Audio Driver of HP Laptops - Bleeping Computer. HP responds to laptop keylogger fiasco, promises ‘fix shortly' - Trusted Reviews. Tweet from @ths - Twitter. Backin Up Song - YouTube. The Sobig Worm - Wikipedia. Customer Guidance for WannaCrypt attacks - Microsoft. Microsoft Security Bulletin MS17-010 - Microsoft. Microsoft: WannaCry outbreak reveals why governments shouldn't hoard vulnerabilities - Graham Cluley. ‘THIS IS CRAZY’: Austin man sues date for texting during movie - Statesman. Hackers Seem to Dump Pirates of the Caribbean on Torrent Sites Ahead of Premiere - Softpedia. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Baccas.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

18 Maj 201735min

Gizmodo's attempt to reveal Donald Trump's administration ineptitude when it comes to cybersecurity fails to impress. Mac users are warned that the HandBrake DVD-ripping app has been compromised by malware.  And will the US Army insist IT security professionals spend months ironing their bedsheets..?All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin from Sophos.Show notes: Here's How Easy It Is to Get Trump Officials to Click on a Fake Link in Email - Gizmodo. Opinion: Some thoughts about Gizmodo's Phishing story - CSO Online. Mac video app HandBrake – now with free spyware - Naked Security. OS X malware spread via signed Transmission app... again - Graham Cluley. DOD’s new Internet strategy boosts role in defending “US interests” - Ars Technica. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Ducklin.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

10 Maj 201730min

On May 4th 2000, the Love Bug virus (also known as ILOVEYOU or LoveLetter) rapidly spread around the world, clogging up email systems. Computer security veterans Graham Cluley and Carole Theriault are joined this week by special guest John Hawes for a trip down memory lane.  Show notes: Memories of the Love Bug worm - Naked Security "Subject: I Love You" movie trailer - YouTube   Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: John Hawes.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

3 Maj 201729min

Security firm Webroot drops a clanger when it declared Windows was malicious and borked customers' PCs, millennials are streaming a lot of movies illegally, and blackmailers are targeting members of the Ashley Madison cheating site again.All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Michael Hucks from PC Matic.Show notes: Webroot antivirus goes bananas, starts trashing Windows system files - The Register. Webroot causes massive headaches after falsely flagging Windows files as malicious - Graham Cluley. Tweet by Webroot user Bob Ripley - @M5_Driver. W32.Trojan.Gen false positive - advice for home users - Webroot. W32.Trojan.Gen false positive - advice for business users - Webroot. Most millennials regularly stream pirated content, survey finds - Torrent Freak. Malware, data theft, and scams: researchers expose risks of free livestreaming websites - Ku Leuven. File sharer hit with $675,000 fine - Digital Trends. Ashley Madison blackmail roars back to life - ZDNet. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Michael Hucks.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

27 Apr 201730min

Hotel malware has been stealing guests' payment card details... again, should businesses relay delay rolling out vulnerability patches, and Burger King's Whopper TV ad campaign tries to take advantage of viewers' Google Home devices with predictable results. All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin. Show notes: InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region - IHG. Affected hotel look-up tool - IHG. Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware - Bitdefender. Microsoft patches Word zero-day booby-trap exploit - Naked Security. Microsoft zero-day vulnerability was being exploited for cyber-espionage - Graham Cluley. The Shadow Brokers - Wikipedia. Burger King's 'OK Google' sad ad saga somehow gets worse - The Register. Burger King Connected Whopper ad - YouTube. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Ducklin.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

20 Apr 201730min

Spyware companies are filmed plotting to break global sanctions to ship surveillance and spying equipment to dodgy authoritarian regimes, an unsecured database exposed diabetics’ sensitive data, and a massive data breach leaves hundreds of thousands of current and former Wonga customers at risk. All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Lisa Vaas. Show notes: Spyware firms in breach of global sanctions - Al Jazeera. Al Jazeera Investigations - Spy Merchants - YouTube. Mounties admit to using cellphone-snooping ‘stingrays’ - Sophos Naked Security. A huge trove of patient data leaks, thanks to telemarketers' bad security - ZDNet. Leak of diabetic patients’ data highlights risks of giving info to telemarketers - DataBreaches.net. Unsecured database exposed diabetics’ sensitive data - Sophos Naked Security. Fraudsters Target People With Diabetes - AARP. Wonga.com TV advert - YouTube. Wonga security incident FAQ - Wonga.com. Wonga data breach puts up to 245,000 UK current and former customers at risk - Graham Cluley.   Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Lisa Vaas.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

13 Apr 201727min

Don't let an internet-enabled sex toy make your most private moments oh-so-public. Samsung's wannabe-Android-killer is found lacking.  And did you hear about the firm that is micro-chipping its employees?  All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest John Hawes. Show notes: Vulnerable Wi-Fi dildo camera endoscope. Yes really - Pen Test Partners Samsung's Android Replacement Is a Hacker's Dream - Motherboard Companies start implanting microchips into workers' bodies - LA Times This episode of Smashing Security is made possible by the generous support of Recorded Future — the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats. Sign up for free daily threat intelligence updates at recordedfuture.com/intel Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: John Hawes.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

5 Apr 201726min