Shared Security Podcast

This is the 62nd episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded March 1, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: “CloudBleed” what is it and are you affected? Internet company Cloudflare recently discovered that they were vulnerable to a rather significant memory leak in which “1 in every 3,300,000 HTTP requests through Cloudflare” was potentially exposed.  What this means is that if you were using one of the 3,400 applications that were exposed through the Cloudflare vulnerability, some sensitive information (such as passwords) could have been leaked. On the podcast we discuss that the impact to you is most likely extremely low, however, its a good reminder to periodically change your passwords especially for sites you consider high risk. You can use the search function on this site to see if any applications you use were exposed. This is also a great technical write-up if you’re interested in more details on what happened. Hackers can access your phone via Wi-Fi – even when it’s not connected Notorious hacker (and good guy) Jayson E. Street did a good story for a local news station in Boston about how someone could be trying to get your phone or other device to connect to their malicious wifi access point while you travel through airports and other public places. This is something to be aware of while you travel and probably a good idea to just leave your wifi and bluetooth disabled while you’re not using it. Side note: we need to get Jayson on the podcast! ATM Skimmers in the wild ATM skimmers are getting more sophisticated and harder to detect.  Our advice is to double check ATM’s and other credit card machines before you use them for anything unusual going on. Frank Abagnale, world-famous con man, explains why technology won’t stop breaches Very good read from one of the most famous social engineers in modern history. Frank explains why technology won’t stop breaches and why it really comes down to people and education. Children’s Voice Messages Leaked in CloudPets Database Breach Scott discusses a data breach in the “CloudPets” database that someone was able to access. Unfortunately, these types of attacks are becoming more common and are very concerning considering children’s private information is involved. We made a list! Looks like the podcast made a list of popular information security podcasts.  Pretty cool!  Check out the list of other great podcasts. Please send any show feedback, suggestions for future guests and topics to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 62 – CloudBleed, Wifi Risks, ATM Skimmers appeared first on Shared Security Podcast.

This is the 61st episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded February 15, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Here Is How to Fend Off a Hijacking of Home Devices This article has some very good tips on how to secure your IoT devices and home network.  Here are our suggestions as well: 1. Research the device you’re about to buy. Google search for the “device name” and “security vulnerabilities”. Read their privacy policy! 2. Create a second wireless network for your smart devices (utilize the “guest” network feature). Ensure a strong passcode using WPA2. 3. Change default passwords on all IoT devices (if you can!), especially your wifi router. 4. Register your product with the manufacture to be updated on new firmware and security issues Used government computers bought at auction filled with personal information It’s hard to believe that you can still buy previously owned computer equipment (in this case the local government in Houston Texas) and find a treasure trove of personal data!  This news story is a great reminder to always erase and/or wipe the data from your personally owned devices (laptops, iPad’s, phones, etc.) before selling them to someone else! Facebook’s Creepiest Search Tool Is Back Thanks to This Site This “creepy” new search tool is called “Stalkscan” and it gives you a web front-end that will create creative “Facebook Graph” searches. The application shows a lot of information if you’re not careful with your FB privacy settings. You can also search for others and what information they’ve posted publicly as well.  Note that this site does not bypass any Facebook privacy settings it just shows you what you and others have publicly available.  Want to fix this?  Adjust your Facebook privacy settings for specific posts or for all posts going forward. Hotel ransomed by hackers as guests locked out of rooms What could possibly go wrong when someone hacks a hotel, locks everyone out of their room and demands a ransom paid in Bitcoin? Attacks like these are setting an interesting precedent and a potential new form of “ransomware”. The Confide app is being used by certain paranoid politicians The Confide app tries to allow “secure” message sharing but this is proving more difficult.  See our last episode for our run down of secure messaging apps. Where has all the climate data gone?  To Canada… Canada is now becoming a safe haven for climate data from the US. Scott gives us his take on this interesting development. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 61 – Home Device Hijacking, Used Device Security, Creepy Facebook Search Tool appeared first on Shared Security Podcast.

This is the 60th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded February 1, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: In this episode we focus on secure messaging apps like Signal, Wire, WhatsApp as well as other popular apps like Facebook Messenger.  Tom and Scott delve into the reasons why people are starting to use these apps and the security and privacy features.  We also discuss if using these apps for text messaging and phone calls are really more secure than traditional communication methods. What’s the biggest issue that we found with these apps?  Lack of adoption from friends, family and the general public.  Many people don’t know these apps exist or think they don’t have good reasons to use them. However, as the famous song by Bob Dylan once said “The Times They Are a-Changin”. Tom and Scott’s Recommendations: Our recommended secure messaging app: Signal If you need a secure way to communicate that many of your friends may already be using: WhatsApp Using Facebook Messenger? Enable the “Secret” conversation option when starting a new conversation Honorable mention: Wire Links and articles mentioned in the podcast: Good article on the security and privacy features of Signal and WhatsApp Facebook Messenger and end-to-end encryption Top 10 best secure messaging apps of 2017 Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 60 – The Secure Messaging Episode: Signal, WhatsApp, Facebook Messenger appeared first on Shared Security Podcast.

This is the 59th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded January 11, 2017 (Happy New Year!). Below are the show notes, commentary, links to articles and news mentioned in the podcast: Amazon Is Already Winning the Next Big Arms Race in Tech If you haven’t heard this mentioned in the news (real news, not the fake news) but Amazon’s Echo virtual assistant (Alexa) as been a hot selling device this holiday season. Other recent announcements coming from the CES show in Las Vegas have shown that other manufactures of lots of different products like your “smart” refrigerator to your “Internet enabled” patio lights are all able to be controlled through Amazon’s Echo.  We’ve also heard about some very interesting privacy issues where the device can order things off of Amazon without you really knowing and a host of other privacy related challenges.  Tom recently purchased an Amazon Echo Dot to test…for science of course! In related news, did you know Google is recording your voice when you use it’s voice “search” service?  Time to check this out for yourself and adjust those privacy settings if necessary. Carnival Announces Wearable Medallion, a Device that will Transform Cruising Hmmm…where have we seen this before? Remember Disney “Magic Bands”? The cruise industry is now implementing similar technology on it’s cruise ships.  Is this any different than what Disney has done and what are some of the privacy issues you should know about. Popular Netgear wifi home router has critical flaw – Now patched The media sounded the alarm about a “critical” flaw in the most popular wifi router sold on Amazon (Netgear Nighthawk Series). Unfortunately, many of these stories in the media said to stop using your router immediately.  This was not really good advice and the risk of being exploited by this vulnerability would be very rare.  Scott and Tom discuss the ramifications of “alarmist” announcements over security vulnerabilities as well as what you should do if you have one of these routers in your home. Federal Trade Commission comes down on DLINK for poor security In a rather unprecedented announcement the FTC in the United States recently issued a lawsuit against DLINK who manufactures home wifi routers for poor security practices. Will this become a trend? If it helps improve the security of these devices we’re all for it (within limits). EFF’s Privacy Badger 2.0 browser plugin Shout out to the EFF (Electronic Frontier Foundation) who recently released the next version of their Privacy Badger browser plugin.  This plugin blocks ads and prevents known “trackers” from pulling information about you and your browsing habits. Here is a full description from the EFF website: Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it’s like you suddenly disappeared. We highly recommend installing and using it to protect your privacy while using the Internet.  You should also check out all the great tools and other projects that the EFF does to fight for your privacy on the Internet. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 59 – Amazon Echo, Wifi Router Security, EFF Privacy Badger appeared first on Shared Security Podcast.

This is the 58th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded November 29, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Privacy Panic? Snapchat Spectacles raise eyebrows Anyone remember Google Glass (which was a failed product by the way)? This time Snapchat is releasing their own type of wearable tech called “Spectacles”. What are the privacy ramifications to be concerned about?  Not much, and we’ll see if they take off with the younger generation. Oh, and don’t be a “Snap-Hole”! A new app that lets users’ friends ‘virtually walk them home at night’ is exploding in popularity We think this personal safety app is a great use of GPS and location sharing technology. Hopefully the “Companion” app catches on with college campuses helping to make people feel more safe. A 10-Digit Key Code to Your Private Life: Your Cellphone Number We often think about securing information that we deem “private” like a SSN but what about your mobile number?  This article explores the privacy and security issues of how your mobile number can be used to find out personal details about you and link this information together.  It can be a goldmine for advertisers as well as potential attackers! Meet PoisonTap, the $5 tool that ransacks password-protected computers PoisonTap is a device recently released by a security researcher that can be plugged into a “screen locked” computer to intercept web traffic and install backdoor malware.  The device is cheap to make with a RaspberryPi. We don’t think this is a huge threat but businesses should review their desktop/laptop security procedures to ensure devices like these can’t be inserted (locked or unlocked). What happens when bots start writing code instead of humans Are we at the point where bots are going to be writing code and all of our security problems will just disappear?  Not yet! This is an interesting article that Tom and Scott discuss about how new web and mobile applications are being developed without much “coding” involved.  Essentially with new development frameworks you really don’t need to know anything about computer programming. Of course like anything there are positives and negatives to this approach but education is going to be the key or we’re going to have bots that are programmed by humans to write insecure code (just Tom’s unsupported theory) Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 58 – Snapchat Spectacles, Mobile Number Privacy, PoisonTap appeared first on Shared Security Podcast.

This is the 57th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 5, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Hackers Stole Account Details for Over 60 Million Dropbox Users Have a Dropbox account? Change your password immediately! Yahoo: The Largest Password Breach in History (and what you should do about it if you use Yahoo services) This is another breach that happened years ago but we’re just now finding out about it. This breach in particular is the largest ever, 500 million users! Scott and Tom discuss the ramifications of this breach and what you need to do if you use Yahoo services. Also interesting to note that Yahoo was just purchased by Verizon. It will be interesting to see how this acquisition plays out given the recent breach and negative publicity. Record-breaking DDoS reportedly delivered by >145k hacked cameras The largest DDoS (Distributed Denial of Service) attack has also taken place! (many firsts and record breaking security news this time around). Scott and Tom discuss who was targeted and how thousands of hacked camera’s were used in the attack. Hackers can track your keystrokes through your Wi-Fi signal While this headline may seem scary, Scott and Tom discuss why this new threat may not be such a threat after all (at least not right now). L0phtCrack 7 Shows Windows Passwords Easier to Crack Now Than 20 Years Ago Password cracking programs like L0phtCrack have not evolved much over the last 20 years because unfortunately not much has changed with password security (especially with Windows systems). Those chip and PIN cards aren’t as secure as we thought Chip and PIN is here in the USA! Is it secure? Like anything, everything is hackable. Scott and Tom discuss some new research that was presented at the DEF CON hacking conference that sheds new light on some interesting ways to compromise Chip and PIN. (You can read that as: it’s possible but difficult to pull off). Fun with LinkedIn Endorsements (a lesson on client side security) Want to have fun with your LinkedIn contacts? Here’s a great story about how you can abuse LinkedIn’s “endorsement” feature. (for fun of course!) Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 57 – Dropbox and Yahoo Breach, IoT DDoS, LinkedIn Endorsements appeared first on Shared Security Podcast.

This is the 56th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded August 17, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Bitmoji keyboard for Apple iOS devices wants “Allow Full Access”. How bad is this? A word of caution for applications that either replace or allow access to your keyboard on your mobile device! Over 90 per cent of ICS devices exposed to Internet are vulnerable Some rather interesting statistics released by Kaspersky recently that show ICS (Industrial Control Systems) that happen to be exposed to the Internet are vulnerable.  What does this mean for critical systems such as our power grid? Tesla ‘self-driving’ mode linked to first traffic death in potential setback to autonomous cars It was bound to happen eventually but the first documented traffic death has happened due to the self-driving feature of the Tesla.  Like all new technology that humans have used for transportation (i.e. spacecraft) many have problems early on but over time this technology is safer to use (statistically speaking). Facebook activates Safety Check after Orlando massacre You may have seen a notification from Facebook pop up on your feed if you are geographically located near a disaster or new ways for you to “check in” with loved ones.  This is a great new feature which should help improve communication to others when a disaster occurs. Twitter’s ‘blue tick’ Available To The Masses Twitter’s famous “blue tick” validation process is now available to the public.  However, as co-host Tom Eston found out, you have to be a pretty well known public figure and the process is still very subjective.  I guess Tom isn’t famous enough to be validated by the Twitter gods as human. A happy story about a kid’s smart watch that saved him from being kidnapped We don’t hear a lot about new technology saving lives but here’s one that helped a kid from being kidnapped. Scott and Tom discuss chat bots! What are they and how have they evolved? What risks to they present? Chat bots could have been used in this recent crisis with Delta Airlines. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 56 – Chat Bots, Self-Driving Cars, Bitmoji Keyboards appeared first on Shared Security Podcast.

This is the 55th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded July 6, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: If Mark Zuckerberg Can Be a Hacking Victim, So Can You Getting hacked can happen to anyone. This is an interesting read about how a previous password breach that happened several years ago may come back to haunt you! Cool geographic tweet map tool This is an interesting tool to see tweets on a map via geolocation.  You may be surprised what you find so always be aware that you may be sharing your location with others while using Twitter. Why you shouldn’t share links on Facebook Tom and Scott discuss a privacy flaw with Facebook Messenger that many would consider a vulnerability but its just how Facebook Messenger was designed. Be careful what links you share via Facebook Messenger! Warning! CCTV Cameras Sold on Amazon Come with Pre-Installed Malware There have been more IoT devices found pre-installed with malware on Amazon! Be sure to check the reviews and do your research before buying cheap camera’s like this. More IoT horror stories… this time security cams again Short story about someone who bought and returned a security cam, then got notifications and could view the new owner’s live cam feed.  This is a great example of poor hardware design. Banks are moving to biometrics instead of passwords for authentication Interesting read on how some large banks are starting to get away from passwords and using more of the biometrics built into your mobile phone. So Hey You Should Stop Using Texts for Two-Factor Authentication The way of doing two-factor authentication by SMS text message isn’t as secure as you might think! Comparing how security experts and non-experts stay safe online What type of advice to stay safe online do the non-experts have vs. the security experts?  This is a fascinating read from the Google security team! Conficker worm used in new medical device hacks Conficker is back! This time infecting medical devices. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 55 – IoT Horror Stories, Biometrics, Staying Safe Online appeared first on Shared Security Podcast.

This is the 54th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded June 1, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: How to see all the companies tracking you on Facebook — and block them Have you ever wondered how all those companies can target you and your interests on Facebook? This is some of the best privacy advice for Facebook we’ve seen in a long time. Cluster of “megabreaches” compromises a whopping 642 million passwords There have been many password breaches in the news and these recent ones have happened years ago that we’re just now finding more information about the extent of the breach. One suggestion we have to help combat situations like these is to periodically change your passwords.  If you make this a habit you can prevent the possibility that someone may already have access to one of your accounts due to an undisclosed password breach.  The same good password habits always apply as well: use a password manager and always choose complex and unique passwords for each account. A Whole Lot of Nitwits Will Plug a Random USB Into Their Computer, Study Finds It’s been some time since we’ve talked about how it’s common for people to find random USB drives and plug them into their computers to see whats on them.  This recent academic study talks about some interesting results and as we’ve found out…not much has really changed over the years.  If you’ve been following the podcast for awhile Scott Wright had done similar research during his Honeystick Project that you might find interesting and related to this new study. Hacking into homes: ‘Smart home’ security flaws found in popular system If you have purchased or are using Samsung’s SmartThings IoT platform you should give this article a read. This is another example of  “Internet of Things” products that should not be used for security purposes because of the significant security issues. Here’s What It Looks Like When A ‘Smart Toilet’ Gets Hacked This is a funny video of a hacked “Smart Toilet”. Our professional opinion on this is that hacking toilets isn’t so funny if you’re the victim. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!   The post The Shared Security Podcast Episode 54 – Facebook Ad Privacy, Password Breaches, Random USBs appeared first on Shared Security Podcast.

This is the 53rd episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded May 4, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Scott and Tom talk about VPNs What is a VPN and why would you want to use one?  Also, Scott talks about a few recommendations for a personal VPN based on his experience using a few.  Here is also a decent list of popular VPNs that you might find helpful. EZCast vulnerability Own an EZCast?  Be sure to read about this recent vulnerability affecting these popular devices. Barracuda firewalls aim to protect IoT Firewall technology is now evolving to protect IoT devices.  This one from Barracuda shows the power of this technology as well as the Eero Mesh Router. Microsoft deletes ‘teen girl’ AI after it became a Hitler-loving sex robot within 24 hours In other news…this is what can happen when AI is given to the general public to interact with.  Hopefully this is a lesson for Microsoft and any other company that is developing AI for the future. Google Nest disabling all Revolv devices illustrates the risks from buying “connected” devices that can be turned off at will by the owner of the service.  This story is another great example of IoT risks when it comes to technology no longer supported. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 53 – The VPN Episode, AI Gone Bad, Google Nest appeared first on Shared Security Podcast.