Smashing Security

Is password manager 1Password treating its customers unfairly? Are autonomous cars driving us around the bend? And what is this Net Neutrality thing anyway? All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks from PC Pitstop.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Michael Hucks.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing SecurityLinks:sweetsweet — Michael's band.Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud — Motherboard report.1Password irks security experts in push toward cloud-based vaults — AppleInsider report.Are local vaults going to exist for the foreseeable future? — AgileBits Support Forum — 1Password's support forum.1Password wants you to sync via the cloud, but won't force youThe new Audi A8 luxury sedan is a high-tech beast that can drive itself — The Verge.Tesla owners are ignoring autopilot safety advice and putting the results on YouTube — The Verge.The biggest threat facing connected autonomous vehicles is cybersecurity — TechCrunch.Join the Battle for Net NeutralityThe coming battle over 'net neutrality' — BBC NewsThe FCC Insists It Can't Stop Impostors From Lying About My Views On Net Neutrality — Karl Bode isn't very happy in this Techdirt article.A Bot Is Flooding The FCC Website With Fake Anti-Net Neutrality Comments... In Alphabetical Order — Arnold Aardvark isn't a fan of net neutrality apparently.Alexa calls cops on man allegedly beating his girlfriend — Horrendous report from the New York Post, but for once Amazon's Alexa sounds like it did some good.Southern Rail on Twitter — Eddie takes over Southern Rail's Twitter account.Work experience boy runs Southern Rail's Twitter account — Sky News.The Red Pill movie — Wikipedia.Rapidfire Chimney Starter — Weber.Griddled spatchcock poussins with shallot vinaigrette recipe — Apparently Carole makes a mean one of these, although we've only got her word for it.

The iPhone 8 is on its way and may use 3D facial recognition rather than a fingerprint sensor to lock out intruders, and the UK's Automobile Association claims it hasn't leaked any credit card data, so why is it getting so upset about security researchers publishing screenshots of leaked data?All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by umm.. nobody.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing SecurityLinks:Yes - despite what it says - AA customer credit card data was exposedApple Readies iPhone Overhaul for Smartphone’s 10th Anniversary - BloombergThe World's Blackest Material - An Inside Look At Vantablack — YouTube video.About Touch ID advanced security technology - Apple SupportHe thought a book would stop a bullet and make him a YouTube star. Now he’s dead. - The Washington PostFirik Sleep Headphones — For those of you who want to look like John McEnroe when you're snoozing in bed.

Another major ransomware outbreak rattles the world - but no-one can decide what it's called, the danger posed to driverless cars by kangaroos, and do you really want an Amazon Echo Show?All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest David Bisson.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: David Bisson.Sponsored By:Rapid7: Identifying, prioritizing and managing vulnerabilities all the way through to remediation is not only possible, it can be simple. Right now.Build a vulnerability management program that works for you with Insight VM, by Rapid7. Get started with your free 30 day trial now.Support Smashing SecurityLinks:Martijn Grooten on Twitter: "Seriously injured man lies next to tree..." — Martijn seems to be suggesting the infosecurity industry might have the wrong priorities.Global ransomware outbreak hits organisations hardCybereason discovers NotPetya kill switch — You might want to create a file called "perfc" in your Windows folder.Info on the PetrWrap/Petya ransomware: Email account in question already blocked since midday — Don't pay the ransom folks...Driverless cars: Kangaroos throwing off animal detection software — Cripes!How Flying Cars Will Boost Intel, Uber and AirbusAmazon’s New Echo Show Is Very Cool And A Little Creepy[PSA] Intercom (drop-in) does require calling to be enabled and needs access to your contact listMalicious Life podcast — Interviewing Graham Cluley, Vesselin Bontchev, and others about the early days of malware.50th anniversary of the ATM opens debate about mobile paymentsWhy Was The World's First Cash Machine In Enfield?"On The Buses" - YouTube — Starring Reg Varney, famous for being one of the first people in the world to use an ATM.The Bright Sessions podcast

In this special "splinter" episode, regular hosts Graham Cluley and Carole Theriault are joined by special guest Kevin Gorsline to discuss the European Union's General Data Protection Regulation (GDPR), and what it means for your business even if you're not based in Europe.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Kevin Gorsline.Support Smashing SecurityLinks:The EU's GDPR legislation — A gentle read before bedtime...EU data protection rules affect everyone, say legal experts — The EU's new data protection rules will impact every entity that holds or uses European personal data both inside and outside of Europe, according to legal experts.Preparing for GDPR - 12 steps to take now (PDF) — Advice from the UK's Information Commissioner's Office.EU GDPR demystified: a straight-forward guide for US firms (Part I) – — Our own Carole Theriault writes about GDPR on the TBG Security blog.EU GDPR demystified: a straightforward reference guide for US firms (Part II) — More from Carole Theriault on the TBG Security blog.

Microsoft gives us a Patch Tuesday shock, malware grows up for the Mac, and your mouse movements might reveal if you're an identity thief. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik of AlienVault.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Javvad Malik.Sponsored By:Foursys: IT security professionals! Register for your free place at SecureTour17, being held at Manchester United's Old Trafford stadium on July 6 2017, and hear security experts (and Graham) talk about threats and the latest technology to fight them.Support Smashing SecurityLinks:June 2017 security update release — Microsoft reveals it is releasing security updates for older versions of Windows that are no longer officially supported.Microsoft security advisory — Guidance related to June 2017 security update release.Microsoft security advisory - guidance for older platformsMacSpy: OS X RAT as a Service — Information from experts at AlienVault on the MacOS malware-as-a-service threat.MacRansom: Offered as Ransomware as a Service — Fortinet's analysis of MacRansom.Identity theft can be thwarted by artificial intelligence analysis of a user's mouse movements — Your mouse movements can indicate whether you're lying.The detection of faked identity using unexpected questions and mouse dynamics — Check out the technical paper by Monaro, Gamberini and Sartori.Rude security video from Javvad Malik — Why spend thousands on complex and innovative security awareness activities, when all you need to do, is train your staff to be rude.Divide and conquer: How Microsoft researchers used AI to master Ms. Pac-Man - Next at Microsoft — Microsoft's researchers have been busy...Video of Microsoft's Ms Pac Man-playing AI.Max Hawkins's website — "For the past two years I’ve been letting randomized computer programs decide what I do."Eager To Burst His Own Bubble, A Techie Made Apps To Randomize His Life — NPR take a look at the odd lifestyle of Max Hawkins.The Dice Man — 1971 novel by Luke Rhinehart.Logitech finally finds a good use for wireless charging: A mouse pad — Would you buy one of these? Seriously?

Evidence of Russia hacking the US election leaks from the NSA and Reality is not a winner, confidential data is accidentally exposed in the cloud by a defence contractor, and Gordon Ramsay has a few choice words for his hacking father-in-law.All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Ian Whalley.Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Ian Whalley.Sponsored By:iovation: iovation is offering Smashing Security listeners a free demonstration of its mobile multifactor solution product, LaunchKey, which can be built into your mobile apps, websites and online services to provide a simple, streamlined remote login function.Support Smashing SecurityLinks:The classic era Smashing Security team... reunited at Infosec — Graham and Carole bumped into someone called Vanja Svajcer at the Infosec show in London, and couldn't resist getting a selfie.Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election — The Intercept report which kicked everything off.Affidavit in support of application for Reality Winner's arrest warrant — Read the PDF for yourself.How The Intercept might have helped unmasked Reality Winner to the NSA — David Bisson writes on grahamcluley.com.How The Intercept Outed Reality Winner — Robert Graham's blog post about the really rather hard-to-see little yellow dots.Defense contractor stored intelligence data in Amazon cloud unprotected — Booz Allen Hamilton engineer posted geospatial intelligence to Amazon S3 bucket.Gordon Ramsay's father-in-law jailed over hacking plot — BBC News Online.Gordon Ramsay the hypocrite: How TV chef defended sharks... but previously caught two rare ones for fun — The controversial Daily Mail article that included pictures stolen from Gordon Ramsay's email account.Malcolm Tucker's best insults (Explicit) — YouTube clips from BBC's "The Thick of It". Not for young ears or the easily offended...Smashing Security: 014: Protecting webmail - a Smashing Security splinter — In this podcast we run through our tips on how to better secure your web-based email accounts. Chances are that you're not doing all of these!Smashing Security: Passwords - a Smashing Security splinter — Password best practices explained in our podcast.Boxcryptor - Encryption software to secure cloud files — Encrypt your files before you shove them in the cloud...How to use Google Maps offline — Ian's tip on how to use your smartphone to navigate, even when you don't have a data connection.Trump in translation: president's mangled language stumps interpreters — Carole's pick of the week from The Guardian.

Hackers are blackmailing cosmetic surgery patients, and threatening to release their naked photos. A British Airways IT snafu causes travel chaos for thousands. And Germany is threatening to throw hefty fines at Facebook if it can't police its content properly. All this and "Covfefe" is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest John Hawes. Show notes: Cosmetic surgery hacked. Nude photos and data exposed on the dark web, as hackers blackmail patients - Bitdefender. Lithuanian cosmetic surgery firm's website - Grožio Chirurgija. British Airways: Chaos continues at Heathrow - BBC News. What went wrong at BA? - BBC News. Delta finally explained how one power outage grounded an entire airline - BGR. Facebook said Germany's plan to tackle fake news would make social media companies delete legal content - Business Insider. Sgt. Pepper's Lonely Hearts Club Band - The Beatles. Spanish art restorer, 82, who turned Jesus into a 'hairy monkey' in clumsy restoration of famous work signs merchandising deal as image gets imprinted on T-shirts - Daily Mail. Clash of Clans - Supercell. This is what Candy Crush does to your brain - The Guardian. Sweet Sweet - Reverb Nation. Help Sweet Sweet - Bonnaroo Bound! - GoFundMe.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)   Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: John Hawes.Sponsored By:iovation: iovation is offering Smashing Security listeners a free demonstration of its mobile multifactor solution product, LaunchKey, which can be built into your mobile apps, websites and online services to provide a simple, streamlined remote login function.Support Smashing Security

The Samsung Galaxy S8 claims that its iris recognition technology provides "airtight security", but the Chaos Computer Club knows better and shows how it can be easily bypassed. Australian researchers create a wearable gizmo that authenticates you through your walk, but is it ever going to be practical? Mac malware reportedly wastes no time stealing information from a software developer. And the boss of the Bank of England is smart enough not to fall for an email prankster. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul "Duck" Ducklin. Show notes: Chaos Computer Clubs breaks iris recognition system of the Samsung Galaxy S8 - Chaos Computer Club. Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy - Ars Technica. New technology uses the way you walk as a password - CNet. Hofmeister - follow the bear TV advert - YouTube. Monty Python's Flying Circus's Ministry of Silly Walks sketch - YouTube. Source Code for Several Panic Apps Stolen via HandBrake Malware Attack - MacRumors. Bank of England accused of airbrushing Jane Austen on the new £10 note - Liverpool Echo. Bank of England governor falls for email prank but maintains his composure - The Guardian. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Ducklin.Sponsored By:iovation: iovation is offering Smashing Security listeners a free demonstration of its mobile multifactor solution product, LaunchKey, which can be built into your mobile apps, websites and online services to provide a simple, streamlined remote login function.Support Smashing Security

The WannaCry ransomware has struck! But before we tackle that subject, and who we should blame for one of the highest profile malware attacks for years, we discuss how HP has been unwittingly capturing the keystrokes of its laptop users. Then we briefly discuss what might be the worst cinema date in history, before rounding things off with a discussion of hackers extorting money out of movie studios. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul "Pob" Baccas. Show notes: Hello to Jason Isaacs - Witterpedia. Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package - modzero Security Advisory. Keylogger Found in Audio Driver of HP Laptops - Bleeping Computer. HP responds to laptop keylogger fiasco, promises ‘fix shortly' - Trusted Reviews. Tweet from @ths - Twitter. Backin Up Song - YouTube. The Sobig Worm - Wikipedia. Customer Guidance for WannaCrypt attacks - Microsoft. Microsoft Security Bulletin MS17-010 - Microsoft. Microsoft: WannaCry outbreak reveals why governments shouldn't hoard vulnerabilities - Graham Cluley. ‘THIS IS CRAZY’: Austin man sues date for texting during movie - Statesman. Hackers Seem to Dump Pirates of the Caribbean on Torrent Sites Ahead of Premiere - Softpedia. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Baccas.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security

Gizmodo's attempt to reveal Donald Trump's administration ineptitude when it comes to cybersecurity fails to impress. Mac users are warned that the HandBrake DVD-ripping app has been compromised by malware.  And will the US Army insist IT security professionals spend months ironing their bedsheets..?All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin from Sophos.Show notes: Here's How Easy It Is to Get Trump Officials to Click on a Fake Link in Email - Gizmodo. Opinion: Some thoughts about Gizmodo's Phishing story - CSO Online. Mac video app HandBrake – now with free spyware - Naked Security. OS X malware spread via signed Transmission app... again - Graham Cluley. DOD’s new Internet strategy boosts role in defending “US interests” - Ars Technica. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!Warning: This podcast may contain nuts, adult themes, and rude language.Special Guest: Paul Ducklin.Sponsored By:Recorded Future: Recorded Future is the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.Sign up for free daily threat intelligence updates at https://recordedfuture.com/intelSupport Smashing Security