Smashing Security – Details, episodes & analysis

Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app!

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault, joined this week by cybersecurity journalist and the author of “Dark Wire”, Joseph Cox.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• How a single IT update caused global havoc - BBC News.
• Anti-Virus Software Sees Self as Malware, Deletes Itself - NBC News report about Sophos snafu in 2012.
• Tweet about CrowdStrike outage by Kaspersky - Twitter.
• “Dark Wire” by Joseph Cox.
• Inside the Biggest FBI Sting Operation in History - WIRED.
• Trump shooter's online activity shows searches of rally site, use of encrypted platforms, officials say - CBS News.
• Mass Surveillance - Privacy International.
• 338 sites internet frauduleux de revente de billets recensés à quelques semaines du début de la compétition - France Info.
• From wiretapping to geolocation data collection: AI mass surveillance for the Paris Olympics draws privacy concerns - Fast Company.
• Heading to the Paris Olympics? Don't Fall for These Scams - PC Mag.
• AI mass surveillance at Paris Olympics – a legal scholar on the security boon and privacy nightmare - Scientific American.
• AI mass surveillance at Paris Olympics – a legal scholar on the security boon and privacy nightmare - The Conversation.
• Paris 2024: Medal table predictions, facts, opening day schedule and records that could be broken - Euronews.
• Paris Olympics 2024: Your ultimate guide - The Telegraph.

iPhone photos come back from the dead! Scarlett Johansson sounds upset about GPT-4o, and there's a cockup involving celebrity fakes.

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Anna Brading of Malwarebytes.

Plus! Don't miss our featured interview with Sandy Bird of Sonrai Security.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• When NASA Lost a Spacecraft Due to a Metric Math Mistake - Simscale.
• The worst sales promotion in history - The Hustle.
• Nonconsensual AI Porn Maker Accidentally Leaks His Customers' Emails - 404 Media.
• UK's Ministry of Defence fined after Bcc email blinder that put the lives of Afghan citizens at risk - Hot for Security.
• £200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder - Graham Cluley.
• Apple's Photo Bug Exposes the Myth of 'Deleted' - Wired.
• OpenAI Voice Scandal: Sky's Fall From Grace - YouTube. 
• How the voices for ChatGPT were chosen - OpenAI.
• As AI becomes more human-like, experts warn users must think more critically about its responses - CBC News.
• What We Lose When ChatGPT Sounds Like Scarlett Johansson - The New York Times.
• Scarlett Johansson’s Statement About Her Interactions With Sam Altman - The New York Times.
• Kin TV series - Wikipedia.
• Portal connecting Dublin and New York 'reawakens' under new restrictions after 'inappropriate behaviour' - Sky News.
• How to cook the perfect chicken rendang – recipe - The Guardian.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Plus don't miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

• Official Disneyland Instagram Account Hacked This Morning! — The Disney blog.
• Disneyland social media accounts hacked, offensive messages posted — Hot for Security.
• We Got the Phone the FBI Secretly Sold to Criminals — Vice.
• Parents Sue TikTok, Saying Children Died After Viewing ‘Blackout Challenge’ — The New York Times.
• Lawmakers Want Social Media Companies to Stop Getting Kids Hooked — Wired.
• How Social Media Tricks Us Into Thinking We Are Paying Attention — Forbes.
• Facebook could be sued for addicting children under California bill — Ars Technica.
• Kids Are Using Social Media More Than Ever, Study Finds — New York Times.
• 2021 Facebook leak — Wikipedia.
• California Parents Could Soon Sue for Social Media Addiction — Gizmodo.
• Absurd Trolley Problems.
• Weird or Confusing.
• Google Quick, Draw!
• Unfinished London — Jay Foreman on YouTube.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

• Dutch university paid $220,000 ransom to hackers after Christmas attack — Graham Cluley.
• Remarkable development in investigation into Maastricht University cyberattack — Maastricht University.
• Dutch University profits from returned ransomware payment — The Register.
• Favorable exchange rate on a fake cryptoexchange — Kaspersky.
• Tweet from @cz_binance about mega-leak.
• Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack — Wall Street Journal.
• How mercenary hackers sway litigation battles — Reuters.
• Countering hack-for-hire groups — Google.
• The business of hackers-for-hire threat actors — TechRepublic.
• Fransdita Muafidin on Instagram.
• Giant Cats Disturbing Civilization — Geeks are sexy.
• Watch Good Luck to You, Leo Grande — Hulu.
• Good luck to you Leo Grande (Trailer) — YouTube.
• This is Love podcast.
• Cain's Jawbone — Wikipedia.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast.

Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

• LockBit 3.0 introduces the first ransomware bug bounty program — Bleeping Computer.
• Fake copyright infringement emails install LockBit ransomware — Bleeping Computer.
• Why US women are deleting their period tracking apps — The Guardian.
• Privacy not included — Mozilla Foundation.
• The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant — Vice.
• Microsoft is removing emotion recognition features from its facial recognition tech — NBC News.
• Top 10 Emotional AI Examples in 2022 & Reasons for Success — AI Multiple.
• Analysis of Speech Features for Emotion Detection: A Review — IEEE Xplore.
• Microsoft's framework for building AI systems responsibly — Microsoft.
• The Swedish chemist shop sketch — As performed by Mel Smith and Rowan Atkinson on Not the Nine O'Clock News.
• Alley Cat — Wikipedia.
• Play Alley Cat — Internet Archive.
• Alley Cat Remeow Edition — Game Jolt.
• reMarkable.
• SOLAR podcast.

Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Episode links:

• Hot Tub Time Machine trailer — YouTube.
• Hacking into the worldwide Jacuzzi SmartTub network — Eaton Works.
• SmartTub — Apple iOS App Store.
• SmartTub — Google Play store.
• Hot tub hack reveals washed-up security protection — BBC News.
• Google engineer Blake Lemoine thinks its LaMDA AI has come to life — The Washington Post.
• Google engineer put on leave after saying AI chatbot has become sentient — The Guardian.
• AI's most convincing conversations are not what they seem — The Register.
• Blake Lemoine's blog.
• Van Gogh Bristol Exhibition: The Immersive Experience.
• Van Gogh: The Immersive Experience — YouTube.
• The Inquiry — BBC World Service.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Kolide - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
• Bitwarden - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
• Drata - Put Security and Compliance on Autopilot. Build trust with your customers and scale securely with Drata, the smartest way to achieve continuous SOC 2, ISO 27001 & HIPAA compliance.

Support...

How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/279 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Sponsored By:

• Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
• 
  
• Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
• 
  
• You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
• Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
• 
  
• Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
• Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only...

Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.

Visit https://www.smashingsecurity.com/278 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

• Snyk: Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
• 
  
• Get started right now, with a free forever account, at snyk.co/smashing
• Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
• 
  
• Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
• 
  
• You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
• Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source

Ransom acts of kindness are top of our mind, as we also explore how bad bots are hogging more and more of the internet's activity, and look at how deepfakes could be a good thing after all.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].

Visit https://www.smashingsecurity.com/277 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Ray [REDACTED].

Sponsored By:

• Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
• 
  
• Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
• Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
• 
  
• Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
• 
  
• You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.

Support Smashing Security

Links:

• Popcorn Time ransomware invites you to get ‘nasty’ to recover your files — Graham Cluley.

A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one...) hacked into his female classmates' online accounts, hunting for nude photos and videos.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Visit https://www.smashingsecurity.com/276 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Mark Stockley.

Sponsored By:

• GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.
• 
  
• Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.
• Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
• 
  
• Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
• 
  
• Try Kolide Free for 14 Days; no credit card required.
• Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems.
• 
  
• It can even tell you which machines are missing endpoint protection, from your local network to the cloud.
• 
  
• Sign up