How to hack a prison, and the hidden threat of online checkouts

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.

Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio.

All this and more is discussed in episode 440 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.

EPISODE LINKS:

• What caused the AWS outage - and why did it make the internet fall apart? - BBC News.
• China blames US for cyber break-in, claims America is world's biggest bit burglar - The Register.
• Nintendo allegedly hacked by Crimson Collective hacking group - screenshot shows leaked folders, production assets, developer files, and backups - Tom’s Hardware.
• Romanian inmate hacks into prison IT system, modifies sentences for others - Romania Insider.
• New Version of PCI DSS Designed to Tackle Emerging Payment Threats - Infosecurity Magazine.
• What is Magecart? How this hacker group steals payment card data - CSO.
• Keyboard Maestro.
• Screen Studio.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

• ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
• Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".