Lianne Potter, a cyber anthropologist and host of the Compromising Positions podcast, joins to explore fascinating cybersecurity themes. They discuss ethical hackers revealing alarming vulnerabilities in Burger King's systems, including the ability to manipulate reviews. The conversation also dives into a lawsuit involving AI trade secrets and the challenges of retaining talent in the tech industry. With humor, they address the bizarre metrics monitored in fast food and the ethics surrounding insider threats, highlighting the need for better workplace culture.
44:51
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
question_answer ANECDOTE
Researchers Find Burger King Security Chaos
Two ethical researchers found catastrophic vulnerabilities in Restaurant Brands International (Burger King, Tim Hortons, Popeyes).
They exposed easy access to internal systems and detailed corporate failures during responsible disclosure.
insights INSIGHT
Plain‑Text Passwords And Open Signups
RBI allowed new account signups and emailed plain-text generated passwords to users.
Sending plain-text passwords and allowing open registration created an immediate, trivial attack vector.
insights INSIGHT
Hard‑Coded Credentials Mean Full Control
Researchers discovered hard-coded credentials embedded in HTML that unlocked equipment ordering.
Exposed static passwords let attackers obtain master control over supply and store provisioning.
Get the Snipd Podcast app to discover more snips from this episode
Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon.
Meanwhile, over in Silicon Valley, one AI wunderkind managed to turn a $7 million payday into a career-ending lawsuit by allegedly walking trade secrets straight out the door as he jumped ship for a rival.
All this and much more is discussed in episode 434 of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Lianne Potter. Hear them they chew over catastrophic fast-food security, insider threats with extra fries, and why even the biggest brains in AI can't stop themselves from doing something utterly stupid.
Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.
Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!
Smashing Security