Podcasts about 2fa

This episode is a personal and confronting reflection on how quickly even a cyberaware professional can lose control of a long-standing Gmail account. What began as a seemingly legitimate brand collaboration unfolded into a carefully orchestrated phishing attack that removed all security measures within seconds. The experience highlights how modern cybercrime blends patience, credibility signals, automation and psychological triggers to bypass even cautious users. The phishing grooming process and credibility signals used • The red flags hidden in plain sight • What happened in the 60-second account takeover  • The recovery journey and escalation through professional networks  • Three essential security measures: 2FA, passkeys and backup codes This story is not about fear. It is about awareness, practical action and understanding how sophisticated attacks have become. The lesson is simple: five minutes of security setup can prevent four days of stress. Apps & Tools Mentioned: 1Password, LastPass Authenticator, Coursera, Impact, Google, Gmail, Revolut, Claude, ChatGPT, LinkedIn, Twitter, TeamYouTube Episode resources and links: Alex falcon Huerta's story : https://www.linkedin.com/posts/alexfalconhuerta_fraud-alexfalconhuerta-share-7394786345610682370-s-49/  https://cyberwardens.com.au partners with the Australian Government to deliver free online security courses with verifiable CPD.   If this episode helped you, the best way to support the show is to leave a review somewhere as it helps more people find us. And if you want to continue the conversation, come find me Heather Smith | Accountant and Storyteller on:   LinkedIn: https://www.linkedin.com/in/HeatherSmithAU/ Accounting Apps newsletter: http://accountingapps.io/ Accounting Apps Mastermind: https://www.facebook.com/groups/XeroMasterMind YouTube Channel: https://www.youtube.com/ANISEConsulting X: https://twitter.com/HeatherSmithAU

In der neuen Folge von Breach FM melde ich mich aus Helsinki, wo es derzeit nicht dunkel wird, Max Imbiel darf glücklicherweise wieder im Homeoffice sein. The Record from Recorded Future News berichtet, dass Shyam Sankar, CTO von Palantir und seit über 20 Jahren im Unternehmen, als führender Kandidat für die seit Januar 2025 vakante CISA-Direktorenstelle gilt. Das White House dementierte mit "at this time this is not accurate" – was kein Dementi ist. Relevant wird die Personalie vor allem im zeitlichen Zusammenhang mit der neuen KI-Executive-Order, die die CISA erstmals mit durchsetzungsfähigen Binding Operational Directives ausstattet. Von Cyber-Koordinator zur KI-Governance-Behörde – wir haben da kein gutes Bauchgefühl.Das Kernthema bringt Max: der Nightmare-Eclipse-Eklat bei Microsoft. Der Researcher hat zwischen April und Mitte Mai sechs Windows-Zero-Days veröffentlicht – BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma und MiniPlasma – alle ohne vorherige Koordination. Microsoft reagierte mit juristischen Drohungen, ruderte nach Community-Aufschrei zurück. Drei Exploits wurden aktiv ausgenutzt und ins KEV aufgenommen. Adam Shostack, Mitbegründer von Microsofts eigenem Threat-Modeling-Ansatz, kritisierte den Umgang offen. Der Kernvorwurf: Microsoft hält sich selbst nicht an seinen CVD-Prozess – Researcher spielen Bugs jetzt lieber untereinander weiter. Der Schaden trifft alle Nutzer.Dann der Meta-Instagram-"Hack": Angreifer nutzten den Meta-KI-Support-Chatbot, um einfach eine neue E-Mail-Adresse am Zielkonto zu hinterlegen – der Bot schickte den Reset-Code dorthin, ohne zu verifizieren. Mindestens 20.225 Konten betroffen, darunter der Obama-White-House-Account. Angriffsfenster: sieben Wochen. Moral: Schreibrechte gehören nicht in Chatbots im Authentifizierungsflow – und 2FA aktivieren.Shyam Sankar / CISA-Nominierung (The Record) https://therecord.media/trump-considers-palantir-exec-to-lead-cisaNightmare Eclipse: alle sechs Zero-Days im Überblick https://cipherssecurity.com/nightmare-eclipse-microsoft-windows-zero-day/Microsoft Statement zu CVD und Nightmare Eclipse https://cybersecuritynews.com/microsoft-clarifies-nightmare-eclipse-controversy/Meta Instagram Chatbot-Hack (404 Media) https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/Meta bestätigt 20.225 betroffene Konten https://this.weekinsecurity.com/meta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-its-ai-chatbot/

I'm excited to work with Microsoft once again as the presenting sponsors of the AI Engineer World's Fair! We'll streaming live from MS Build today for a special crossover pod with our friends at No Priors and the one and only Satya Nadella. However we did not hold back with this interview - we asked all the burning questions about uptime and Copilot that we know you have in your minds. Lets go!For almost two decades, GitHub has been the home of software, where both open source and closed flow, through commits, pull requests, reviews, actions, etc.This ecosystem flourished as open-source maintainers and contributors would continue shipping code for the benefit of the community. However as coding agents began to ship mass quantities of code - growing 1400% in 2026, it marked a new era that was both extremely exciting and challenging for GitHub.While these agents help more people ship more projects, they also significantly increase the floor of how much code is shipped, how often it is shipped, how many people commit code, and basically orders of magnitude multiples in every dimension of GitHub infrastructure:Now GitHub inevitably experiences more pressure on their infrastructure which was originally designed around human developers moving at human speed. This has resulted in a very publicly notable uptime story:So it begs the question of whether current systems around code can absorb what AI produces. Can CI/CD keep up when every idea becomes a build? Can open source maintainers survive floods of AI-generated slop contributions? Can GitHub preserve the human social contract of software while becoming the operating layer for agents?Which brings us to the perfect person to answer these questions: GitHub COO Kyle Daigle. In this episode, he joins swyx to unpack what happens when AI doesn't just autocomplete code, but starts changing how companies operate, how open source works, how pull requests get reviewed, and how GitHub itself has to scale. We go deep on GitHub's internal AI workflows: micro-skills, WorkIQ, MCP, Slack, Teams, email, Copilot workflows, the new Copilot desktop app, CLI, cloud agents, and how Kyle uses agents to look backwards across company context before deciding what to do next. Kyle also reflects on GitHub's history building webhooks, APIs, Actions, npm, Dependabot, and Semmle, why the AI era is breaking GitHub in new ways, how Actions became a general-purpose compute layer, and what Copilot becomes after code completion.Full Video PodWe discuss:* Kyle's expanded role across GitHub* How AI got Kyle coding again after years in leadership* Why GitHub rolls out AI through existing workflows instead of forcing new tools* WorkIQ, MCP, Slack, Teams, email, and GitHub as company context* Why massive “mega-skills” are giving way to small, atomic micro-skills* How AI changes summarization, communications, marketing, and analyst work* Why former developers in leadership may have a unique advantage in the AI era* Kyle's “15 agents on Saturday” workflow* How Kyle built an AI-generated executive presentation for CRO/CFO teams* Why AI changes the chief of staff role without removing the human work* GitHub Actions, webhooks, arbitrary code execution, and secure agent compute* The npm acquisition, supply-chain security, 2FA, and token invalidation* Slop forks, vendoring, and whether AI agents change dependency management* What pull requests become when most PRs come from agents* Prompt requests, vouching, AI review, and trust in open source* What counts as a “developer” when AI lowers the barrier to building* GitHub Spark, low-code, and why GitHub refuses to hide the code* 14x commit growth, Actions load, databases, monorepos, and availability* Copilot's evolution from completion to CLI, desktop app, cloud agents, and SDK* Context, memory, rules, and making GitHub “act like Kyle wants it to act”* Ambient AI, OpenClaw, enterprise security, and the new operating system for agents* What swyx should ask Satya Nadella about Microsoft's AI futureKyle Daigle* LinkedIn: https://www.linkedin.com/in/kyledaigle* X: https://x.com/kdaigleTimestamps00:00:00 Introduction00:03:36 Why AI Got Kyle Coding Again00:07:04 Running GitHub with AI: WorkIQ, MCP, Slack, Teams, and Skills00:15:39 The Golden Age for Former Developers in Leadership00:17:31 15 Agents on Saturday and AI-Generated Executive Work00:20:20 How AI Changes the Chief of Staff Role00:21:45 GitHub's History: Actions, npm, Webhooks, and Open Source00:28:45 Slop Forks, Vendoring, and AI Dependency Management00:33:57 Pull Requests, Prompt Requests, and Trust in Agent-Generated Code00:41:21 GitHub Stars, 200M+ Developers, and the New AI Builder Wave00:45:15 GitHub Spark, Low-Code, and Why GitHub Still Shows the Code00:47:38 GitHub's Hardest Era: 14x Growth, Reliability, and Scale00:59:21 Actions as the Compute Layer for CI/CD and Automation01:02:04 The State and Future of GitHub Copilot01:08:24 Ambient AI, Background Agents, and the Future of the SDLC01:13:09 OpenClaw, Enterprise Security, and the New OS for Agents01:18:03 Build Announcements, WorkIQ, FoundryIQ, and Microsoft Context01:21:41 What Should swyx Ask Satya?TranscriptIntroduction: Kyle Daigle's Expanded Role at GitHub and MicrosoftSwyx [00:00:00]: We're here with Kyle Daigle, COO of GitHub. Welcome.Kyle [00:00:07]: Hey, thanks for having me.Swyx [00:00:08]: You're not just CEO of GitHub. People know you as that. You have a new role.Kyle [00:00:11]: So I have an expanded role now. I've been working at GitHub for thirteen years and doing all things developer. Joined as a developer myself. And now, I'm also responsible as the CMO of Developer for Microsoft. And so all the kind of learnings and passion for developers and how we work with them and how we communicate and how we bring our products to market, we're also bringing that expertise to the broader Microsoft ecosystem and helping every developer that uses a Microsoft product or would like to have a sort of similar experience that they've had with GitHub over the years. So it's a different role in some ways, but it's also just building on the experience that I've had at GitHub of just sort of tell the truth, be authentic, show people how to use it and then let the products speak for themselves. Now just doing that with, all of Microsoft.Swyx [00:01:09]: We'll be releasing this in conjunction with Build. You got lots of stuff planned, and we can sort of touch on that whenever it's appropriate. I think one of the interesting things is I rarely meet a COO who's also a CMO. I think you're a very outward facing and you're very confident publicly. That's rare. Do you actually view yourself as COO? What's What is your thing?From GitHub Developer to COO/CMO: Building the Platform and Operating GitHubKyle [00:01:33]: I think for me, it's been funny. The titles have always been, a— have always felt a little strange to me. I joined GitHub as a developer? I wrote so much of theSwyx [00:01:46]: Let's bring that up. You wrote the back ends?Kyle [00:01:48]: I was going through, I was going through, some old photos, when folks were talking about how things were being built or how there was a build GitHub. I built, webhooks and worked with teams building the API, built the platform layer. Anything that integrated with GitHub, up until really twenty eighteen, I built or ran the engineering teams. And that's kind of where my the beginning of my passion always was helping people build things, deliver them to, their customers. And so being a developer, building for developers was always super unique. In a— I think as my role expanded, it became my ability to talk to not just developers, but also enterprise customers or business leaders and have this translation layer. And then through all those years, GitHub has always operated pretty uniquely. Post-pandemic, working remotely was not as novel as it was when GitHub started in two thousand and eight. But all that expertise of running remote teams, doing it well, became this sort of bigger role, ultimately turning into the COO role of how do we operate GitHub in the way that GitHub's always operated after the Microsoft acquisition. And kind of so on from there. So like for me, I think the— I've, I still code. I love coding but the problem has always been, people. It's a much harder problem to both support our own employees, a harder problem to communicate to developers and enterprise buyers what we're building why it matters, ‘cause those are two very different messages. And so getting to work in the mix of COO, CMO, also just being a dev, I think is what's kept me at GitHub for so long.AI Workflows for Leadership: Commits, Retrospectives, and ContextSwyx [00:03:40]: Apparently, you have— your commits have gone up. What's this? What's going on?Kyle [00:03:45]: Rui's called me out pretty aggressively. So I think— as you can imagine, right, you can see my normal era of being a dev In the twenty thirteen, twenty fourteen era, and then moving into management, and then ultimately the COO role. I think what you see there is me, really getting back to coding thanks to AI. I— similar to, attaching problems between how to market and how to operate a business and how to code, I find, building agents and workflows that are connecting very disparate problems to be what's driving this. So that's, some of it's writing software. A lot of it is, connecting a ton of a different data sources to, help me out. But that is completely me really diving in on the AI side in trying out our tools, trying out everyone's tools, But building for me, building for the non-technical leader, though I'm technical and how we're, able to use these tools more than just the simple, call and response that I think a lot of the non-technical, your employers, you have to get— you have to use AI, and so everyone uses, ChatGPT or Copilot or Claude or whatever. To really get into, how is this going to help me out, it— I find that it's not the I need to write a blog post, I need to those simple examples. Helping people find the workflows of, “Okay, I need you to go through all the PRs today. I need you to go through everything that we've posted online. I need you to go through what we did the last three months. Go through all of my Obsidian notes for any mentions of this then go through my transcripts at work.” We use, Teams, so, using WorkIQ, go call that MCP server, grab all the transcripts, go through all the Slack, and then build me out the plan of, what this week's messaging actually was. That's something that was, impossible because for me, I find AI in a what most of this launch here is actually, less building forward. It's actually, a recursive loop backwards. I'm always looking at what had happened first. Go back through the week and tell me what we did, what worked, what didn't work? And then tell me in the next three or four days-What would you tweak based on this sort of like looking backwards and then looking ahead a little bit? I find that to be so much more valuable, especially for like non-technical, because that retrospection is actually LLMs are very good at that. Like finding all the patterns, pulling them out, and then applying that retrospection to just a couple of days or just like a short period of time. Is all a bunch of apps that I've built and launched a bunch of, internal tools. I use the new, GitHub Copilot app, the desktop app with workflows. Every time I crack open my laptop, it's running workflows for me. It's just a ton of different stuff and of course, it all ends up on, it all ends up on GitHub.Swyx [00:06:47]: Of course. That's where, that's where, stuff is hosted. Man, there's so much to ask you. I was going to leave the how do you run a company with AI thing at the end. I have to ask one— double click one thing. You said, you are looking back at the week. You're, you're understanding what happens. When you say we That's three thousand people. How?Rolling Out AI Internally: Skills, CLIs, and Company ContextKyle [00:07:09]: I think when we started rolling out AI internally beyond engineering, right? One of the things that I was really, passionate about is like we have to do this in a way where no one has to change how they work. I don't want to have to teach you a tool. I don't want to have to teach you something new. And so for us, we tried out a few tools. Most of them don't work because I got to get you on board? I got to teach you how to use it. What we've actually ended up doing is we've built like a set of skills internally. We have we each have our set of skills, and we've just been distributing even to the non-technical folks, the CLI. And then effectively, we're just giving it access to like read about everything that we're writing. So that's for us, that's usually GitHub, Teams, Email, and Slack. So Teams for, video chat, generally speaking.Swyx [00:08:03]: Teams and Slack?Kyle [00:08:04]: so we use Teams for video communication, but we don't use it for chat. W-we— GitHub for a long history, right? We're alwaysSwyx [00:08:13]: Also SlackKyle [00:08:14]: Talking about ChatOps and like everything is built into Slack. Like every command, every flow.Swyx [00:08:18]: So even though you have been acquired for I don't know, eight years nowKyle [00:08:22]: we stillSwyx [00:08:23]: You still use Slack?Kyle [00:08:23]: it's a purpose-built tool for us, and I think the reality is that moving off of it would be so bluntly expensive? Simply because all the tooling is, baked in with that paradigm. And they both have their pros and cons but they don't work the same way at all. We still use a bunch of different tools Because it's the purpose-built tools that We need. And thenSwyx [00:08:47]: Well, the same doesn't go for the rest of Microsoft, presumably.Kyle [00:08:50]: like the like various teams like operateSwyx [00:08:53]: They make their own decisionsKyle [00:08:54]: Various ways. I think it just matters what you're trying to what you're trying to do. But we do we do work across kind of every tool that we use, and then by giving everyone access to all of that context and the new WorkIQ MCP server, which is quite cool if you do live in the M365 like world. I can ask it all these backwards-facing questions, and it's incredibly important for our teams that are working remotely. There's a lot of stuff you miss when you're not in an office, and we are spread out all over the world. So most of that is looking back. And then we post, we post either auto-automatically into GitHub issues or discussions, these sorts of like findings or like our industry reports. Like what's happening this morning, today, yesterday. A little automation gets run. We'll use the app. We might use GitHub Actions like with, our agentic workflows just to go do that run, and then we push it into GitHub, and w-we keep having a conversation. So usually for us, it's about that sort of like looking back, looking forward on the non-technical side. And then of course for a lot of those folks, it's also building an app, pushing it to GitHub pages or pushing it somewhere to host it et cetera. But it's just like enabling everyone with that power of it's going to take me a week to figure this out. Instead, we're going “Okay I built a skill. Let's put it into a repo. We'll all share that skill together, and then we'll use the CLI or now the app-” “just to run it.”Micro Skills vs. Mega Skills: How GitHub Uses AI at WorkSwyx [00:10:26]: All right. I think, I think we're going straight into like the team management and productivity thing. I think a lot of people are getting various levels of LLM psychosis. How do you manage the bloat of skills? Like everyone Has their thing, and they're Like trying to promote it to the rest of their peers in their org, right? And obviously, whoever becomes a skill influencer internally becomes like an AI leader, right? Of sorts. I assume you have those.Kyle [00:10:50]: like I think we haveSwyx [00:10:52]: And I assume it's a mess a Yeah.Kyle [00:10:54]: there's like I— like I think the reality is there's two pieces. Like first is I think that we're ending the era of these like massive, beautiful, perfect skills that are just like not any of those things. ‘cause for a while, right every tweet every day is like go download the skills, the perfectly managed thing to do this entire workflow. And I think that like what we've found and what— I was just with my team, this week, and we were talking about the skill side, and we're really talking about these like incredibly micro skills that are just doing one thing for us very well Versus a skill that's going to do I said, that full report. That doesn't really exist on our side anymore. It's usually how do— like a single skill that's going to identify the most important marketing information given any MCP server. Like this is the most important thing. Less about stitch a bunch of tools together and have it produce this mega output because then weeks go by, months go by, things change, and you want to tweakSwyx [00:11:58]: It's brittleKyle [00:11:58]: Your mega skill and you're screwed? You can't do that. And so now we're really just talking about the Legos we're using and just letting the instruction book be something we're all putting together. Whereas I think a lot of AI skills for a while have been that mega instruction book style.Swyx [00:12:15]: I've, thought a lot about Postel's law. I don't know if that's a term that is, means things to folks. It's the idea that you should be liberal in what you accept and strict in what you output, right? And I think that's like a good framing principle for skills. This is my skills, obviously on GitHub. I feel like everyone should have like how like some repos In GitHub are special repos? I feel like we should sort of reify the slash skills and everyone like give it some kind of special presentation. Anyway, so, yeah, this is one of those like download Download anything, transcribe anything, and then you can string together the atomic skills that do one thing well Into like some kind of orchestration skill that calls other skills. I assume, does that match?Kyle [00:12:56]: I like I think so. I think that theSwyx [00:13:00]: Summarize anything.Kyle [00:13:01]: Like I think the- For me, summarizing something for I do communications and PR and analyst relations and marketing and customer activities, and so my summarize everything is very different for each one of those like Contexts. What ‘Cause if I'm summarizing something for an analyst, that's a very different thing than, probably how I'm going to summarize something for like a customer meeting or an engagement. So that's I think like the difference when we're talking about the like the tools I might use on Saturday or the skills I might use on a Saturday when it's just for Kyle. Yeah, those are kind of like they have an atomic actual tool underneath or maybe skill, and then Kyle cares about X. But I think when we're talking about work and enabling the the marketers, communicators there, it's the atomic, this is what good summarization is, and then this is what I care about as for marketing for communications For whatever. And that I think is like the interesting matrix problem when we go from like a developer set of concerns to all kinds of different professions, is that what that word means to me is different than it means to you is different than it means to the analyst or the salesperson, and that's where I think the matrix mess is that we're starting to like still starting to find. It's about these mega skills but they're all just slight permutations, but those permutations are really important. It's the difference between someone reading this and going “Did AI make this?” what Or “This makes total sense, and I would expect this when I'm giving a briefing to Gartner,” or like whatever else.Swyx [00:14:37]: I think the beauty of it maybe is that you don't have to be that careful about what goes in there. It doesn't have to exactly fit as long as it like roughly is contained in there. I used to complain about plugin hell, basically. Like when you have a framework and then you have a hundred things that you need to integrate, everyone does like the GitHub used to be bloated full of these things. And now we don't need them anymore ‘cause now you just use skills.Former Developers in Leadership: AI as a Creation MultiplierKyle [00:15:00]: And like I think the most magical thing is the just that like I can just also crack it open. Like Like yes, I could go like change the how the plugin is coded, or like I could go do that now with AI, but I think there's just something more magical about getting a response back and being “That's not right,” and then you just crack the skill open, you just type English words and it's different. That building block is just, I think very unique. Once I get everyone to kind of understand how to best how to best make those changes to get the most power out of them.Swyx [00:15:36]: Is there a— you have a your peer group that Of people like you. Is there a common framing for Something I'm feeling is, which is true, is that is this a golden age for former developers who are now in leadership? Because you can wield the tools, you would know the right words, you're maybe not too close to the details. Doesn't matter. But like you're more effective than someone who doesn't come from that background.Kyle [00:15:59]: I think that like the secret has always been your ability to identify patterns and solve problems, and I think that for folks that like myself that don't code day to day anymore, that has made me successful as a developer, made me successful as a COO and now CMO. And so now that I have access to get and write code, I'm now applying that sort of like pattern finding and problem solving, and I know enough still about how to then go and say, “Oh, I want to make an app, but I don't want to break into jail or create something that's not going to be able to work or to be deployed scale or whatever.” that ability to apply all that additional business knowledge and still code I think is what makes that so interesting to me. Slightly different than I think some of the other like technical leaders that became business leaders and now are going back to their apps and updating them. Good for them? But I think the more, much more interesting thing is, well, now I have this whole new set of expertise over ten plus years. Why not take that and use that as a developer with these AI tools? So I definitely think that makes me more powerful, but I think that's true for like every dev as well. Most of the dev friends I still have also have some other underlying skill and passion. There's really talented, very kind of linear computer science software devs, absolutely. I just find that the folks that came from a different career, went to school for something else, went off and did this random thing, and then became a software dev, or were a dev, did a random thing, came back. Learning that extra set of information, learning those extra skills, and now having the power of an AI where I can crank up fifteen agents on Saturday while my kids are doing lacrosse, That's like really powerful. And I think it gets me back to that feeling of like creation, and it's very hard to replicate that in most other senses? That first time you build an app and you click it and you show someone that's magical. And so being able to do that not just in code, but across all kinds of different assets that's, that's huge. We were doing we're doing our every year we do our revenue planning. We talk about okay, what is it going to look like for next year? And of course as you imagine, there's, slideshows everywhere talking about what are we going to talk about, what's the narrative, et cetera. And so as you said I'm “Okay, well, I could probably just like build something to build this and then that way I don't have to go build the whole spreadsheet or I have to pass it to my team.” So we went through this process, and I got all the information and used the skills I mentioned. I built like a little app just to make it so I could look at some of the information in a SQLite database, more easily. And I ultimately built this entire presentation without touching any of it and I was “Okay, I'm just going to present this to our CRO, the CFO, their teams,” without mentioning I'd built it with AI. I like built a skill to make it look very much not AI driven. Just not pretty.AI-Generated Presentations, Human Taste, and the Changing Chief of Staff RoleSwyx [00:19:03]: Like a design. Yeah.Kyle [00:19:03]: Not pretty. But just like very clearly not AI. Kind of like don't do anything interesting.Swyx [00:19:08]: That's, yeah, that is valuable.Kyle [00:19:08]: Just go Exactly. We did the whole thing through. It used my notes from Obsidian, it used all the context I mentioned before, the plans, and Never came up once that it was AI generated.Swyx [00:19:20]: It didn't matter.Kyle [00:19:20]: Never once. D It didn't matter. And so now I takeSwyx [00:19:23]: This is a toolKyle [00:19:23]: I can take that tool and go, “Look, I don't want you to go build slideshows.” They're just helping us share information with each other. If this thing can do it With a little bit of crafting from you and then we can look at it together, awesome. There's no value in all that extra work. I think that the ability to, make it look humanly bad and and build a little app to, manipulate the data I think is part of, that upside for devs that are now in leadership roles. Because, the thing that I feel like I said before, this that's all a people, that's all a people problem. I know if you've used a coworker or not to build a slide deck, unless you spent a bunch of time to not do it.Swyx [00:20:07]: I know, but like it was so, I think there's a certain charm to just being blatantly AI. ‘Cause I think that you're well, you're just honest about There may be mistakes here that I cannot vouch for. So how much value is there? But anyway I think, actually the real question I want to ask is, there's a— You were a chief of staff To Thomas. And in the pre-AI world, the that job would've been a chief of staff job of like Can you prep me these slides and all that? And now you do it yourself.Kyle [00:20:35]: I still, I still have a chief of staff. Because, the difference is it's sort of the discussion every time we have some sort of technology evolution is it's not that the jobs the roles don't all go away, they just change? And so yeah, I don't have someone spending all their time building out slides for me and presentations ‘cause I don't need that anymore. But now I need that person that is able to go and find all the different connections between humans in those discussions to help me find out, okay, I should be meeting with this group and this team, and they have an opportunity, and I'm going to be in San Francisco today, I'm going to be in Seattle tomorrow. Those sorts of human connection aspects are still incredibly valuable and has always been a big part of that chief of staff role. But now just like chiefs of staff are not opening up, letters to process, they're doing emails. What It's the same thing. And now they're, they're not building out as many of these presentations because they have the the ability to have a AI take it on for, and share that with me and great. Let's keep moving ‘cause it's allowing us to go faster and make better decisions more quickly.Swyx [00:21:45]: Awesome. Well, so we can dive into more sort of, Productivity insights as you go. I did want to do a little bit of a brief history of colleague and hub. Because, we started here. And then you also involved the NPM acquisition. I did, I do want to touch upon that. And then more recently, I just want to bring up to present day where we're having uptime issues Which transparently we've already Addressed publicly, but we'll, we'll discuss in the pod. Did I miss anything? Like what, any other major highlights? Obviously, it's, it's a lot of years to cover.A Brief History of GitHub: Webhooks, Actions, Acquisitions, and Platform EvolutionKyle [00:22:15]: No the I think one of one highlight was right before the acquisition closed in twenty eighteen, I got to launch the first version of ActionsSwyx [00:22:27]: OhKyle [00:22:27]: At GitHub Universe. So it was OSwyx [00:22:29]: They're that young?Kyle [00:22:30]: It was October of twenty eighteen, I think. Yeah. Yeah.Swyx [00:22:33]: Gee, Jesus.Kyle [00:22:34]: I got to I was the engineering leader on that project and got to launch that. And then, yeah, we did acquisitions of NPM you said, Semmle, Dependabot Pul Panda a whole bunch of things. That was a bigSwyx [00:22:47]: Pul Panda.Kyle [00:22:48]: Abi is doing well.Swyx [00:22:51]: DX. Holy crap.Kyle [00:22:52]: Did well on DX. I and like that was a that was the big shift, after the acquisition. I had to join the sort of business side.Swyx [00:23:00]: So I need to hit you on some of these things ‘cause you were there. Right? And how often do I get to talk to someone who was there? But yeah, Actions. Is that the number one source of security issues on GitHub?Kyle [00:23:11]: Oh, sh I think that the number one source of, security issues is probably like all, the literal code in everyone's like underlying repositories. I would say back further than that is, if you remember I had to show in this graph was this is, I'm, didn't say this before, this is ultimately webhooks.Swyx [00:23:30]: You yeah.Kyle [00:23:31]: Like circa whatever it was.Swyx [00:23:32]: It says Hookshot in there.Kyle [00:23:32]: I forget. Yeah. Yeah, Hookshot's in there. And so like back then, it says GitHub Services. Do you see, it says Hookshot FE for front end, and then it says GitHub Services. GitHub Services back in the old days, right? You we had a repository that was Ruby code, and you could write any Ruby code in there, and then we would execute that On your behalf As a service, and then that way if an if you were trying to integrate with something, it didn't we would run it for you.Swyx [00:23:57]: And of course no containers ‘causeKyle [00:23:58]: No, ‘cause it wasSwyx [00:23:59]: Well, no containersKyle [00:24:00]: Twenty fourteen. And so there was some isolation obviously, but it was mostly the separations on the server level. That's like an example as long as the very old version of Pages, which ran on its own containerization infrastructure, not on Actions.Swyx [00:24:15]: Which like all-time great product.Kyle [00:24:16]: Pages powers the internet at this point to some degree. Those were places where like clearly there were no like issues like to my knowledge. But it was those things where I'm looking at and going “Okay, well we can't be running arbitrary Ruby code,” like on everyone's behalf. Then containerizing all of that up intoUh into actions now where yeah the containerization, is r-really good. The pinning most folks aren't pinning it the like to a particularSwyx [00:24:48]: ImagesKyle [00:24:48]: Sha, et cetera like their workflows, and so that's a big that's a big place Of pain for folks if they're just doing similar to any dependency management, just V1 or newest or latest, I think. But, that journey from that day to “Okay, we're just going to run all this arbitrary code, and, it'll basically be okay,” to now, no, we have, really good containerization. We have a new, underlying, ag-agent, containerization, service. It's like we're using it under the hood. It's through Azure. They recently announced it. The Azure, Dev Compute, but it's, very fast, very fast compute to be able to, spin up your own cloud agents, or whatnot. We're using it under the hood for some parts of the new,Swyx [00:25:36]: Microsoft Dev Box?Kyle [00:25:37]: No. Dev Compute, yeah.Swyx [00:25:41]: Hmm. Not finding it just yet.Kyle [00:25:44]: Oh, it's, it's in there somewhere.Swyx [00:25:46]: All right. Well, we'll cut that out.Kyle [00:25:47]: Sorry. But with, Dev Compute, you can, run, really fast, spin up really, small VMs really quickly, so you're doing a tool callSwyx [00:25:58]: Same conceptKyle [00:25:58]: Just do it containerize exact-exactly. So we're using that so definitely moving that direction to protect us from every every piece of code that we're ultimately running.Swyx [00:26:07]: look, that grows into the full SDLC? Code hosting was just the start and and then it's grown beyond that. Let's talk about NPM may-maybe ‘cause I think that's also, a very major point in the industry. I do think, it was looking for a home. It was, kind of struggling as a business, right? I don't know, I don't know how you would characterize that whole acquisition and how itNPM, Package Security, and Keeping the Internet RunningKyle [00:26:33]: like when we were talking to the team, I think the big thing for the both of us was to find a way to keep NPM, which was basically powering the internet then and way more so now to some degree running. Keep it going keep continuing to scale. It was having scaling problems, if I recall, back at that time. They were doing some rewrites. ItSwyx [00:27:00]: that's cute compared to now.Kyle [00:27:01]: Well, that's the thing is like when I'm talking to folks now, there's there's so many more underlying uses of NPM than there were back when we had them join in with GitHub. But that was ultimately the goal. It was really okay, we used to have pages. We have, the world's code. Let's make sure that we can keep NPM running well for the world. And we put a bunch of time and investment into fixing some of the underlying backend, changes, some of which we talked about some of the manifest work, et cetera. And then now, really trying to bring the the security posture of NPM up to speed. But, it is a unique challenge in that every move that we make to make it more secure will break a lot of people. And security is paramount. And also, we take it very seriously. We're, the any time that we have a problem with GitHub or we make a change that makes us more secure but hurts, there's, a snow day for developers or a really bad fire that they have to go put out. And so we've, have changed the 2FA policies. We've changed the way the tokens work. When we find tokens that have been exposed or potentially, exposed, we invalidate them, andSwyx [00:28:22]: I love that feature in GitHub. Yeah, it's greatKyle [00:28:23]: That creates issues, but, the but that's the thing is we're trying to push the community, forward without necessarily, doing something that is going to break the contract that's been for 15 years or close to it or some amount of years on NPM.Slop Forks, Vendoring, and the Future of Open Source Supply ChainsSwyx [00:28:43]: I think the— So now we're talking about, open source and publishing. And I think there's something here with what people are calling slop forks, which, I think Malta from Vercel is doing. And, part of me thinks, well, the way to get past any vulnerabilities, we just, let's just get rid of the concept of NPM. And we only publish source code. And anytime you want to import it you have your coding agent look at it and then adapt whatever subset you're going to use into your vendor it. But, the AI vendor it. Is that realistic? I don't know. Is it— Will that solve all our security issues? I don't know.Kyle [00:29:24]: I don't think it'll solve I so Mitchell was just talking Mitchell Hashimoto Was just talking about this today, and I think that I-in some ways, it's all all things, old or new again? Yeah, absolutely vendoring everything. Like I do I do remember twenty thirteen, twenty fourteen.Swyx [00:29:42]: This is Yeah. Let's, we must return toKyle [00:29:43]: That's what is We were vendoring everything. We were having actual discussions around, or at least I remember we were “Should we take this full thing?” “Why is this so big? We only need this one file.” And so I do think there's something true there where having either taking only what you need or the dependencies just getting incredibly small over time, I think will help to some degree, but it's not going to solve the fundamental problem, I don't think, because the vulnerabilities in an agent looking at them, there's time and time again, there's a million different ways in which we can convince an agent that this thing is, secure or not and pull it in. Or we can do static code analysis or runtime testing to say whether the code works or not. That is, I think, the step that needs to continue to be, invested in. The question is just on, how much scope. Should it be this enormous project that I'm pulling down, or should it be this piece? Either most companies are running some amount of security checking on the on the packages that they're bringing in or vendoring. That I think won't change. That's like what advanced security does to some degree, Socket does some degree. Like everyone is doing a piece of that. How we each do that like especially when we're talking to enterprise customers, is just like very different. No there's no one wants one single way to do it. And I think that's always been GitHub's, unique position in the world. I talk a lot to maintainers, I talk a lot to folks about this. It's we're— we rarely start like a process and a practice and like push it onto the community. We usually wait for the sort of like RFC process socially or literally, everyone agreeing, and then we'll cement something in. Because otherwise we'reMaintainers, RFCs, Vouching, and the Social Layer of TrustSwyx [00:31:35]: That fits your role in the ecosystem, yeahKyle [00:31:36]: We're GitHub. Yeah, we don't want to shape the whole thing. We want it to be figured out. But like how do you balance that like sort of Role in the industry to keep everything as secure as is possible and make sure that you're you're not going to be compromised as a human, ‘cause that's usually how it all happens. And Not not create a process or lock us into a flow that you're not going to or like Mitchell's not going to or other open source projects aren't going to like. That's always been a tricky balance for us, and I think that's something that we haven't talked about enough is we're not going to be able to fix everything for everyone in a way that everyone is going to like. So tell, help us, tell us what is working. When Mitchell was talking about, the Upvote, the upSwyx [00:32:22]: I was going to bring up his thing. Yeah.Kyle [00:32:23]: I forget what it Yeah. When he's talking to us, I was chatting with him and talking to him about this and I put it on Twitter and we talked to, also over DM, was “We're going to keep working.” but I think the important thing is I do actually want to hear what isn't working for you. And as, be as specific and clear for your project as is possible. And to every piece of credit over the many years that we've known each other through the industry, he's always done that and I appreciate that ‘cause there are places that we need to fix up, and we hear from him, and we'll fix up just like we do all other kinds of maintainers. But that that process between making those types of improvements and being more secure and like creating, I forget what he calls it's not the proof process, not the claims process. Do what I'm talking about? He has that he his projects have a way for you to kind of like,Swyx [00:33:13]: VouchKyle [00:33:13]: Vouch. Thank you. Yeah. He has like the vouch system for saying, “Hey, you should accept my PRs.” That's beenSwyx [00:33:20]: I just built this into GitHub. I don't know.Kyle [00:33:22]: Well, see, but that's the thing is that you say that and like he and his community really likes this and then I'll go talk to other maintainers and other maintainers, globally, and they're “No, this doesn't work for me.” And that is the tension, but also the kind of beauty of GitHub, depending on which way you look at it is we want to help maintainers, so we create all these tools to let you have more control over how much you take in from AI and PRs. But you can also use this. What You can go use this project, and if it takes off and becomes the kind of mostly standard, then yeah, we probably wouldn't enforce it but we would add it in because that's the flow that we tend to do?Swyx [00:34:02]: I hear a lot of people don't know the history of the pull request. And like like that's how, that's something that GitHub standardized basically.Kyle [00:34:08]: Yeah. It was a very messy process Like beforehand, and now the we have the benefit of it being the process? And now we have to go and Figure out the next best process or what adaptations change, or what does a pull request look like when eighty percent of your PRs are just coming from your agents and not From other devs?Swyx [00:34:31]: Do you like the prompt request idea from Peter?Kyle [00:34:34]: like I think that for each like each idea I think has its merits. I'm not, I'm not avoiding saying anything good or bad, but I feel like I've seen a version of we have that we have entire Thomas' store. Take all the assets of what you've built and put that in. I think that's got great ideas. There's all these various permutations of the PR flow, but I think the reason why there's not a single answer is ultimately we're trying to codify trust. We're trying to say “Okay, if Sean reviews this I'm going to trust it because you're Sean or you're the senior dev or you're the whatever.” And right now, when we are working in a flow where an agent writes code and another agent reviews code and then Kyle goes and looks at it the trust is kind of diffuse. And most of the tools that we're talking about are talking more about verification flows. We have more assets to look at, so I can probably say whether this is a good PR or not. But that still doesn't solve, I think, the human problem of I'm looking at a PR and I want to know if I can trust it. And we're still, we still tend to use human signals for that? Mitchell approving it or Kyle approving it or whatever. And so I think that's, I think that's why most of these options haven't really solved it is because, it's a social problem ultimately. It's a it's a human problem to review it and agree. Or you fully trust the tool and you're imbuing that tool with full trust Which I think in some cases that absolutely exists.AI-Generated PRs, Trust, and the Waymo AnalogySwyx [00:36:08]: And so like in the same way that there will be a tipping point in society when we don't allow humans to drive anymore Because machines are measurably better than Than humans. I'm looking for that tipping point, right? Like Mythos is ridiculously expensive. Someday we'll have Mythos on a desktop. I don't know. Will, does that change the equation?Kyle [00:36:30]: I think it's more I took a Waymo here, and I was on my phone and not looking around at all. There are other, self-driving, vehicles that I would not trust while, staring at the road. And I think that trust is something that isSwyx [00:36:48]: Is this a Zoox thing? What is itKyle [00:36:50]: I think that is both. I think that is both. LikeSwyx [00:36:53]: There's Zoox in this robo taxi. That's it. It'sKyle [00:36:56]: Well, depending on what level Of self-driving. But, my point is sort of that I think part of that is I strongly believe that's, a mixture of verifiable proof. Like how many accidents, how much data, and so on, and the human aspect of how I feel when I'm in this car, what it tells me, et cetera. And so that's why I think some of the like Some of these some of our AI tools tend to, imbue me with more of that feeling of trust, even if the data says this is 100% accurate. I feel like it takes more time for us to go, “Should I trust this or not?” And that's in the soft sense of, startups with high agency, weekend projects, and open source. And then there's enterprises and regulated industries and everything else, and that is an even harder problem to go solve because even when it is fully verified, not only do you have to have trust from the humans on the team, you probably have to have trust from multinational,Swyx [00:37:55]: Oh my GodKyle [00:37:55]: Multi governments around the world and regulating agencies. And so that's where I feel like until we tip over to your point on the sort of like human EQ side of it. I feel okay this feels okay I've been proven enough. Then the ball will start to roll a lot faster, where we'll end up getting to the “Okay, we can trust this,” and feel good about it in the Most difficult of cases.Reputation, Sponsors, Stars, and Bot Activity on GitHubSwyx [00:38:18]: If human trust is the thing that matters, I feel like GitHub as the developer social network could maybe do more there. Like vouchers are one system But, we have star counts, and then we have Contributor rights, and that's it. And I feel like there should be more in that space. I don't know if there's any other design decisions there.Kyle [00:38:37]: I think that one of the places that we don't really expose right now in this sort of way is, some degree of like hard trust and support, which would like for me is like sponsors is a good example of that.Swyx [00:38:49]: Ah.Kyle [00:38:49]: It like costs you something. To prove that I believe in your project and I trust you To some degree or I want to support you at the very least.Swyx [00:38:56]: Solve payments for open source. Why not?Kyle [00:38:58]: I think that I think that like as we keep moving forward, right, there's more and more projects where I'm, adding more and more dollars into sponsors personally because I want to like support them, but I also like know of I've probably never met them in person, but, I know of enough of their work that I want to support them. I think the thing that I don't love about stars or commit counts or anything else is ultimately, even with all of the various, abuse and de-spamming and deduplication work that we do or anti-abuse work that we do, these are all, not active social signals. They're passive ones that are ultimately gamifiable. And you may trust me, but another open source maintainer may not. And on what heuristic should you be, trusting me? That I think, is kind of where some of our thinking is right now. What signal from me is most important to you? You— If you can define that potentially, honestly in an agentic workflow that's what we see some of these open source projects do, where you have GitHub actions, and then you have like an agentic workflow that's calling AI, and you're setting these rules. Like if Kyle has submitted and gotten accepted PRs across any given project and has a social handle tied to his account in GitHub, and that social account's older than a certain amount. Really complex measures that matter to you ‘cause most open source projects have that heuristic built into their heads, if not written down in the contributing guidelines. You could take that and then go apply that and then just say, “Oh, we're not going to accept this PR.” Building something that is, I think, malleable to everyone's needs, is a little bit better, rather than going “Hmm, this account's too young.” Because what happens? The attackers just go and go and create a multitude of accounts, and they wait Until it ages up. Needs to have a certain amount of stars. That's how star inflation happens. Need to have a certain amount of reposSwyx [00:40:46]: Oh my God. YeahKyle [00:40:47]: With PRs. They all just create repos and submit PRs to each other, and then they come in and do something nefarious. And so, it's hard. It's hard to find the measure. So I think we're, we're looking more at how can we provide you tools so you can kind of choose what's best for you. And of course, we'll give you some standards. But the trust vector, gets down to I don't know, some version of like human digital ID like everyone's been talking about. Like how do I prove that it's meSwyx [00:41:13]: Give me your eyeballsKyle [00:41:14]: On the internet. Give me your eyeballs. Exactly.Swyx [00:41:18]: The I got to keep moving on Topics, but obviously I can go all day on this stuff because, I've been involved in GitHub and open source My entire professional career. Stars. Very superficial. Everyone knows it. But I think time to one hundred thousand stars is the fastest I've ever seen. Like people just reached that in I don't know, months. And then like at the same time I don't trust it right? Like how many of these are real or bot or like whatever. I don't know how to ask this but like what can we do about it? LikeKyle [00:41:49]: JustSwyx [00:41:49]: Is stars broken? Is stars fine?Kyle [00:41:51]: I think that there's kind of two, there's like two pieces. Obviously we're constantly like trying to find ways in which like your users are producing spam, which would, I would include like be like only doing star gamification. When we find them, we pluck ‘em out and we,Swyx [00:42:08]: But it's like a Whac-A-MoleKyle [00:42:10]: It's a hundred percent like a Whac-A-MoleSwyx [00:42:11]: There's no wayKyle [00:42:11]: Now, powered by AI to be helpful. But I think more so what I'm seeing is, a lot of the like fastest time to X tends to be because we're now inviting so many more people into like software development on GitHub That like the zeitgeist is just swarming? And it'sSwyx [00:42:32]: It's not just developers anymoreKyle [00:42:33]: And it's not you and I. Like like however you want to say like what a developer is it's not just folks who have been coding for a very long time. It's folks that have maybe started coding or only joined in since the AI era. And nowSwyx [00:42:44]: what's the latest Octoverse number? I know eighty million was my lastRem- member that a number of developers on GitHubKyle [00:42:50]: Oh, we're over 200 million now.Swyx [00:42:53]: Okay. Well, so you see?Kyle [00:42:55]: Like over 200 million developers now.Swyx [00:42:56]: But it's not developers, right? It's, it's people with a GitHub account.What Counts as a Developer in the AI Era?Kyle [00:43:00]: So, so this is, this is the biggest debate that I would say, everyone loves to have at GitHub at this point. From my perspective, right, I think that there's, there's clearly a difference between, professional enterprise developer and then developers. But I think that I think that the idea that we should be I don't know, splitting hairs or segmenting developers in the early era of software development is, not worth our not worth the time. SoSwyx [00:43:29]: When you get into gatekeepingKyle [00:43:31]: 100%Swyx [00:43:31]: What is a developer?Kyle [00:43:31]: 100%. ‘Cause I wasn't a developer when I started writing code? I was going toSwyx [00:43:36]: Oh, no. I made— I cloned a thing, seven years before I learned to code. And then I and then I wrote about my learning to code journey, and people Just called me a fraud ‘cause I had a GitHub account. And I'm “Well, no, I just use GitHub, but I don't know-” “I didn't know what I was doing.”Kyle [00:43:49]: I I remember that. I remember those sets of posts, and like that's, that's b******t. So I fight very clearly on the line of, if you create code, if you have an idea and you create it into some way of, I'm, I'm going to run it and use the app right now, you may still use AI in that moment, but that's okay. At some point you're going to do the next thing. You're going to create a big— You're going to have to learn about this database. You're going to fix a bug, whatever. We're all on some same journey, and those people are also hearing about the great new agent skill package or a new CLI tool or a new whatever. And those projects are going up because you want to be a part of this moment, just like I wanted to be a part of the Ruby community when Ruby was popping off when I started becoming a developer, and now I can just click the star button. And so I think that yes, there's clearly some amount of like spamming and game gamification that we're working against, but I really think we're just seeing this whole new cohort of folks that are moving from technology to technology because they're not working on a 20-year-old software application. They're working on a side app that they built on the weekend for their friends or for their new idea or whatever. And that's how you see these enormous charts going up and to the right with With stars.Swyx [00:44:59]: I think something that's remarkable is the persistence or, that GitHub extends to those folks. Usually when I see platforms go into a new audience, they usually have to, have like a second platform with a different name that wraps the main platform. But somehow GitHub has been able to sort of persist and extend, and it's friendly and whatever? So it's, it's nice.Spark, Low-Code, and Always Showing the CodeKyle [00:45:19]: I that's partially why I think as we've tried to move into I don't know, more like low-code-y things. We so we started working on Spark as like a way to, build an app and run it. I think that the reality is that we anytime we try to, kind of put even a veneer on top of it without when we put a veneer on top of something, we still always show you the code. That's kind of like a tenant. We're never going to, hide the code from you ever, because whatSwyx [00:45:52]: Why would you?Kyle [00:45:52]: That's, yeah, that's the whole point? However, I think that what we learned with things like Spark is that really the value of Spark for most devs is, easy runtime. And you may have a runtime or a host that you're going to use for that or you just build something and run it but, the package of making that even more simple isn't really needed for folks that are trying to build software and not just trying to build, an app, which is, slightly different, a slightly different goal. So I want to get you in, I want to get you comfortable. I think the best thing for me as, someone that did not traditionally come into software dev way back, I want anyone to be able to breach that chasm and not be in the I don't know, I feel like we're, we're still in an era of, STEM. I've got a 12-year-old and an eight-year-old, and it's “We got to get ‘em into STEM,”? Over and over. And I like I do, I do the things that good parents do. I was “Oh, you want to do coding?” “Yes, I want to do coding.” Do coding classes. But now they're just not afraid of doing software. And that's, I think, the thing that's honestly kept me at GitHub for so long. Anyone should be able to go and build a thing, just like I can go change a light switch in my house. I'm not going to go into the breaker box ‘cause I'll probably kill myself? But, I can go change that light switch. Everyone should be able to go and say, “This fricking app doesn't do what I want. I want it to work like this.” And that I think, is what's kind of kept us all connected with GitHub through the years and some and during the easiest of times or in the hard times because of that opportunity of, we're the home for all developers, and we want everyone to be able to have that feeling that we've had of, had an idea, I created it and holy s**t here it is.Swyx [00:47:37]: Here it is. All right, I'm going to try to do more spicy questions.GitHub's Hardest Scaling Moment: Growth, Agents, and UptimeKyle [00:47:42]: Great.Swyx [00:47:42]: Is it an easy time now or a hard time?Kyle [00:47:45]: Oh at GitHub? It's a hard time. Like, it's a hard time and also, I was just with my team and I said, “This is also, the best and most exciting time that I think I can remember at GitHub.” BecauseSwyx [00:47:57]: Best of times, worst of times. It's never oneKyle [00:47:59]: ‘cause we've we were talking about Octoverse reports and, usually we do an Octoverse report once a year, and we look at the numbers, and we say, “Oh my goodness.” I was at Universe in October saying, “This was the fastest year of growth that we've ever had,” right? And now we're doing more in a month than we did in a year last year.Swyx [00:48:20]: You're talking about PRs.Kyle [00:48:21]: Commits.Swyx [00:48:21]: Commits, yeah.Kyle [00:48:22]: PRs. Kind of like you name it by roughly every measure that we're looking at, there's some amount of sort of growth that is much bigger, and that is breaking our system in new ways, not old ways. Like webhooks were always notoriously, unreliable over the years?Swyx [00:48:38]: Whose fault is that?Kyle [00:48:39]: not anymore mine, but for a period of time, I'm sure you could pull up a tweet that was “It was me. I'm sorry.” but, now, that got rewritten at a scale level that is still working and is not having problems today. Now what we're finding isn't just the isn't the-The simple stuff that folks are on the sometimes on Twitter or on the internet are “Hey, why is this like this?” Sure. There's absolutely silly problems that we shouldn't exist. But now we're talking about, unique, novel permission problems that happen only at a scale across all different objects or whatever, that now we have to go rewrite this underlying system. And so it's, there are problems that yeah, caught us off guard, which I think I said. Like the growth is astronomical, but also we're making such material progress in that I'm excited once we're once we've kind of like reimagined the underlying foundation layer, or pieces of it at least, what's going to be possible when it's not just all of us and all the new people that are being developers and all of their agents and all the tools like working together. Because that'll still happen in that in that GitHub tool, that GitHub community. But it's a it's a hard day anytime we can't give you what you're looking for. We have the same problem internally. We operate through github. Com. Of course, we have backups when things go down and whatnot for our own operations but we feel it too. If it's not working it's not working for us, and that's kind of like the promise of dogfooding for GitHub. It's always been true. We're using the same tool you're using. We're not using a super secret version. We and so we also need it to be great for us for our customers of course for open source. And now an exponential growth of agents, Doing it too.Swyx [00:50:32]: I wanted to load for audio listeners who maybe haven't seen your tweets, whatever. So one billion commits in twenty-five. Now it's two hundred and seventy-five million per week on pace for fourteen billion this year, if growth remains linear. Is that still the pace? I don't know. It's been aKyle [00:50:48]: it's, it's speedingSwyx [00:50:50]: Roughly.Kyle [00:50:50]: It's still speeding up.Swyx [00:50:51]: It's, it's April, so yeah.Kyle [00:50:51]: Exactly. This was in April.Swyx [00:50:53]: All right. So basically you have fourteen x growth, right? Year on year on year. And I think that's a scaling issue. I think, I'm going to like try to really steel man this thing. People have experienced fourteen x growth. They haven't had your downtime. And that's like— C-can we go dig into that? Why? Like what's the— what broke? What are we doing to fix it? Like just anything for the community to reassure them.Why GitHub Reliability Is Breaking in New WaysKyle [00:51:18]: so there's a Like I was saying, there's a couple different places that we've seen the growth issues. Some of the growth issues, which is why we're t— I was talking about pushing hard on more CPUs is in actions in particular. More tools, more agents, more PRs mean more builds, more builds mean more CPUs. And so we are expanding through not just our data center, but obviously we were talking about moving to Azure and moving to, adding an additional cloud compute because we simply need more CPUs. Not as much GPUs. We definitely need GPUs too, but now CPUs are becoming a factor.Swyx [00:51:53]: It's very CPU heavy.Kyle [00:51:54]: Underneath the hood when it comes to some of the underlying services, we've been breaking up over the years our database infrastructure, so that way we have, more cognitive separation between our the various services. The place that we continue to have pain is in, permissioning. And so right now m-many of our permissioning layers sit into a database that we like internally call MySQL One, and old Hubbers will know what I'm talking about. And so we've been pulling things out of MySQL One for many years, because like and we use we use Vitess and we use other technologies to shard and we do it as one bigSwyx [00:52:31]: Famous thing, PlanetScale was born from this andKyle [00:52:32]: A hundred percent. Sam Old Hubber and friend. And so finding these opportunities to like break this out and then do that globally. The other thing that I think is interesting and both a unique opportunity and tricky is we also run everything I just talked about in a black box container with GitHub Enterprise Server for people that work on-prem. So we take everything I just said, and we also do it on-prem, and we also do all of that and we do it in a data residence setup for customers that need to have their data in a single location. Each of these has the unique characteristic around how we're sort of storing that data in MySQL or in a permissioning setup. That's where some of these outages have oc-occurred, where you're seeing it more like across the board rather than just like the one pieceSwyx [00:53:17]: Filling the databaseKyle [00:53:17]: Isn't quite working. Exactly. And so part of it is that. I think there's been some other places where agents are much more or more projects appear to be moving towards monorepo versus we were going the other direction for many years in the industry. Repos were smaller, but there were more of them, and now we're seeing the opposite. Repos are bigger, and there's, not fewer of them per se ‘cause there's new growth, but, we're just seeing many more big repos. Big repos, big monorepos have always had, a unique performance problem. Because each one, is slightly different if, particularly if the underlying blobs are incredibly big Inside the repos. And so we've done a ton of work that you pro— like most people haven't probably experienced, unless you're in this case of the monorepo. But that Git, infrastructure layer improvement does help the overall, system because, many of the improvements that make monorepos work better make all repo infrastructure work better. And so, I could kind of keep going down the line where it's another thing where we're moving out of, We're changing how we do j I'll just say job queuing for lack of a better, explanation changing the underlying technologies there.Swyx [00:54:32]: I spent two years being a job queuing guy, so.Kyle [00:54:34]: And so it's kind of a little bit of a little bit of piece by piece, and it's mostly because as we were— as it was built, we built everything in a way that assumed, I guess in some ways that the size of the pipe of work was going to remain the same. There's just going to be more people coming through each of those pipes. But instead now in places whereA git push was, generally a certain size for example, is now, no longer true.Swyx [00:55:03]: Oh, yeah.Kyle [00:55:03]: OrSwyx [00:55:05]: I push a thousandKyle [00:55:06]: On the average. 100%Swyx [00:55:06]: A thousand line commits like dailyKyle [00:55:07]: Same thing with PRs. Like PRs same thing. And like we've talked about optimizing that and making changes where, and there were technology choices that did not work there? And it got slow, and it didn't It was not fast. It did not do what the users wanted. And so we've been reeling that all out and going “Okay, that's just not right. Let's stop putting good money after bad and do it the do it the right way or the right way now.” So there's It's a it's a lot of things, not quite when I've experienced scale at GitHub historically, it's almost always two options that we've used. We go vertical scaling, particularly with databases, right? And we go horizontal scaling. Oh, we just have more people using this service. Great. We're going to add more servers, and we rack them in our data center, or we use it in a cloud. And now we're sort of in a like diagonal, where like vertical doesn't really work anymore. Horizontal isn't work either because we're all We all have some CPU or GPU constraints in the world now, and now we have to go in and like crack open services that have been running for 10 or 15 years and go, “Okay, the rules of this service have legitimately changed, and now we have to rewrite them.” None of this is an excuse. This is like we're We have to do the work. We have to make it better.Swyx [00:56:22]: actually as an infra guy, I'm “This is like one of the most fascinating scaling challenges I've ever seen.”Kyle [00:56:26]: That's that's, that's the thing that's the thing that it's hard for Like when we weren't talking about it publicly, and I was like I came out, and I was “Hey, I just want to explain what's going on.” Part of it comes from a very old GitHub ethos, which is it's our it's our uptime. It's down. W What I know you're a developer, so you're, you're inclined to want to understand more what's going on. But at the same time us going “Hey, this service didn't, perform the way we expected, and now we have to go change it,” we weren't We're not trying to hide anything from you i

In today's Five Question Friday (FQF) episode, we cover these questions: 1. Four golden rules for avoiding financial scams2. Finding and canceling forgotten subscriptions3. Sharing passwords and 2FA with your spouse4. Finding trustworthy help managing finances in old age5. Are debt consolidation services legitimate?Resources From VideoFTC Avoiding and Reporting Scams: https://consumer.ftc.gov/scamsReportFraud.ftc.gov — If you encounter a scam, report it here to help law enforcement stop scammers.IdentityTheft.gov — If you think a scammer has your personal information, this site walks you through recovery steps.Rocket Money: https://go.robberger.com/rocket-money...Monarch Money: https://go.robberger.com/monarch-rob5... (Use code ROB50 for 50% off the first year's subscription)1Password Families: https://go.robberger.com/1password/yt-AADMM Find a DMM Directory: https://secure.aadmm.com/Nolo's Guide to Daily Money Managers: https://www.nolo.com/legal-encycloped...NFCC Agency Finder: https://www.nfcc.org/agency-finderConsumer Financial Protection Bureau - Credit Counseling Guide: https://www.consumerfinance.gov/ask-c...Join the Newsletter. It's Free:https://robberger.com/newsletter/?utm...

The Co-Inventor of Tor on Why Your NHI Strategy Is Already BehindMost organizations have spent the last 20 years getting really good at human identity. 2FA. Biometrics. Face ID. Ephemeral tokens. They did the work. And the whole time, they were quietly pushing every ounce of that compressed risk onto the non-human side of the house.Service accounts with username and password. API keys that never rotate. Credentials hardcoded in pipelines. Long-lived tokens that were supposed to be temporary.Eventually is here.In this episode, David Lee sits down with David Goldschlag, CEO and co-founder of Aembit and one of the original inventors of onion routing — the technology that became Tor. With 20+ years building security companies, David G brings a perspective on non-human identity and AI agent security that very few people in this industry can match.They get into why NHI is not a new problem but a neglected one, what it actually means to build a zero trust framework for AI agents, the concept of blended identity and why your existing IAM stack is only part of the answer, why workforce agents and customer agents are fundamentally different and why treating them the same is a mistake, and why data is still the new oil and why that matters more now than ever.If your org is spinning up agents and hasn't had a real strategic conversation about what those agents can access, who they're acting on behalf of, and what happens when something goes wrong, this episode is exactly where you need to start.Topics CoveredThe origins of Tor and why onion routing still matters 30 years laterHow Aembit went from "Okta for workloads" to purpose-built AI agent identityThe three types of agents: autonomous, workforce, and customer-facingBlended identity and blended policy in practiceWhy ephemeral credentials are non-negotiable for agent accessZero trust for AI: the three pillars (identity, prompt security, data security)Non-repudiation in the age of agentic AIWhy vibe coders are making the NHI problem exponentially harderData security as the ultimate endpoint for every breach scenarioStay ConnectedSubscribe to the Identity Jedi newsletter at theidentityjedi.comFollow on LinkedIn, YouTube, and SpotifyRate, review, and share if this episode hit different

What a week! On the back of Colin's PSN account being temporarily hijacked by nefarious forces, we have an enormous amount to get through for our ever-eager audience. We dissect what happened, why it happened, how we've been communicating with Sony to try and convince them to fix the major issues plaguing their online service, and what we feel you should do to protect yourself. But understand this, and understand it well: PSN's security is a complete joke. All an outsider needs to get access to your account is an email address and mundane information like the date you made a random purchase, and they'll give your account to basically anyone. Your password doesn't matter, your 2FA doesn't matter, and your passkey doesn't matter. To repeat: Your password doesn't matter, your 2FA doesn't matter, and your passkey doesn't matter. And if you want more proof, someone in our audience reset two of his own accounts back-to-back with PlayStation's hilariously-deficient (and potentially-compromised) third world customer service call centers, just to make the point. Sony must make serious changes and reunite people with their stolen PSN accounts, and we intend on pressing until they do. We are your loyal and dedicated customers. Remember? Other news this week includes the announcement of a fresh State of Play in early June, confirmation that PlayStation will no longer release its single-player games on PC, the official end of Destiny 2, the renaming of Fairgames, rumors of a return of Infamous, an increase in PS+ pricing, and more. Then: Listener inquiries! Could Shuhei Yoshida ever return to PlayStation? Why have mergers and acquisitions dramatically slowed down in the games industry? Will Sony pull PS5s from shelves shortly after PS6 launches due to pricing tensions? Which members of Cobra would Chris and Dustin be? Visit https://prizepicks.onelink.me/LME0/SACRED and use code SACRED and get $50 in lineups when you play your first $5 lineup! Go to PrizePicks.com/DoItLiveSweepstakes or check out PrizePicks social pages for more info. Timestamps:Please keep in mind that our timestamps are approximate, and will often be slightly off due to dynamic ad placement. 0:00:00 - Intro0:22:05 - To Grace and Leo0:26:05 - Reverse Jesus0:28:25 - Children of wealth0:38:55 - Chris and Dustin in Cobra0:42:18 - Candle compromise0:43:09 - The Great Hack2:30:04 - State of Play incoming2:41:09 - Sony single player games are no longer coming to PC2:55:10 - Destiny 2 is ending3:15:58 - Fairgames renamed?3:27:38 - PS Plus price increase3:34:26 - Is Infamous coming back?3:43:00 - Warhorse Studios is working on two games3:52:07 - Embracer reorganizes4:00:14 - Circana data for April4:05:33 - What We're Playing (Mouse: PI For Hire, Pragmata, Saros, Marathon)4:14:40 - Shuhei spotted4:16:47 - PSN keys4:29:46 - What happened to consolidation?4:33:45 - Player analytics4:39:01 - PS5 after PS64:46:48 - Difficulty tuning Learn more about your ad choices. Visit podcastchoices.com/adchoices

Listen and subscribe to Money Making Conversations on iHeartRadio, Apple Podcasts, Spotify, www.moneymakingconversations.com/subscribe/ or wherever you listen to podcasts. New Money Making Conversations episodes drop daily. I want to alert you, so you don’t miss out on expert analysis and insider perspectives from my guests who provide tips that can help you uplift the community, improve your financial planning, motivation, or advice on how to be a successful entrepreneur. Keep winning! Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Gregory Richardson. A cybersecurity expert and AI consultant. The conversation explores cybersecurity best practices, the rise of AI, and how Gregory is helping churches and nonprofits leverage technology to spread the gospel.

Heute zeige ich dir meine ersten sieben Schritte direkt nach einer WordPress Installation. Viele starten direkt mit Design und Plugins – aber ohne ein paar grundlegende Schritte riskierst du unsichere Websites, unnötigen Ballast und späteren Stress. In dieser Episode zeige ich dir 7 Schritte, die ich direkt nach jeder WordPress-Erstinstallation durchführe, damit deine Website sicher, sauber und startklar ist. Hier ein Überblick: 1) WordPress aktualisieren – immer die neueste Version nutzen, Sicherheit geht vor. 2) Unnötige Plugins löschen – alles raus, was du nicht wirklich brauchst. 3) Unnötige Themes löschen – alte Themes sind ein Sicherheitsrisiko. 4) 2FA aktivieren – Zwei-Faktor-Authentifizierung schützt deine Admins. 5) Einstellungen prüfen – Permalinks, Sichtbarkeit, Kommentare & Datenschutz. 6) Seiten anlegen – Impressum, Datenschutz, Kontakt – Grundgerüst erstellen. 7) Content vorbereiten – erste Blogposts, Bilder und Texte sauber anlegen. Wenn du diese Schritte direkt nach der Installation machst, sparst du später viel Zeit und Ärger – und deine WordPress Website läuft sicherer und stabiler. Und wenn du irgendwo hängst, nicht weiterkommst oder die Website kaputt ist, helfe ich dir gerne weiter: https://johannesmairhofer.de/blog/wordpress-problem-loesen-zum-festpreis/ Musik verbindet - Hier gehts zur nerdcafe Playlist: https://play.nerdcafe.online Und Austausch verbindet auch - Hier gehts zur nerdcafe Gruppe bei Signal: https://sofa.nerdcafe.online Was ist das nerdcafe? Im nerdcafe Podcast dreht sich alles um WordPress, Hosting, Content-Management-Systeme und Web-Themen. Du lernst zum Beispiel: - wie du deine WordPress Website besser verwaltest - welches Hosting zu deinem Projekt passt - warum Backups und Updates wichtig sind - welche Tools dir bei deiner Website helfen können - wie du dein eigenes Webprojekt mit WordPress umsetzen kannst. Kurz gesagt: Alles, was dich interessiert, wenn du mit deiner eigenen Website, WordPress oder einem Online-Projekt starten möchtest. ☕ Mach's dir gemütlich und komm gern dazu im nerdcafe. Viel Spaß beim Zuhören.

Zach Herbert is the CEO of Foundation, a company which specializes in building hardware wallets that offer extra security features. The latest model, the Passport Prime, aims to also replace YubiKey for Two Factor Authentication and other more expensive encrypted storage devices. But now thanks to AI and the open source app store, new possibilities have opened up. Buy your Passport Prime using promo code ”BTCTKVR” and get a free bumper case, worth $19! Time stamps: 00:01:07 Introducing Zach Herbert, CEO of Foundation 00:03:11 Live Unboxing of Passport Prime 00:04:14 Foundation's Sci-Fi Inspiration 00:05:32 Passport Prime First Impressions 00:08:40 Factory Reset and Resale 00:09:49 Quantum Link and Bluetooth Setup 00:15:24 Firmware Update Process 00:17:43 Haptic Feedback and User Experience 00:20:05 Magic Backup with NFC Key Cards 00:25:50 Restoring from a Magic Backup 00:26:45 User Interface and Upcoming Changes 00:29:02 KeyOS: The Custom Operating System 00:32:36 Active Tamper-Proofing 00:35:49 Two-Factor Authentication (2FA) Feature 00:37:13 The Vault App 00:43:39 Live Device Wipe and Restore 00:48:57 Troubleshooting the Restore Process 00:50:18 Market Position and Competition 00:52:29 How Magic Backup Works 00:56:21 Foundation's Open-Source App Store 01:01:46 Solving Digital Life Security 01:18:07 Giveaway Winner Announcement 01:31:01 Manufacturing Passport Prime in the USA 01:46:06 Thoughts on Duress Mode 01:56:26 AI Integration and Vibe Coding 02:07:29 Business Model and Subscription Service 02:30:39 The Future is Not Air-Gapped

In this episode of the Meaningful Money Podcast Q&A, Pete Matthew and Roger Weeks answer six real listener questions on UK personal finance - from inheriting a SIPP (and the under-75 vs over-75 rules), to how inheritance tax could hit a property-heavy estate. They also discuss what to do with a large Employee Stock Purchase Plan (ESPP) holding, whether a longer 35-year mortgage can be a safer option, and the realities of financial planning for UK expats. Finally, they tackle a growing concern for many UK investors - how to protect wealth from increasingly sophisticated scams and impersonation fraud. Shownotes: https://meaningfulmoney.tv/QA49  02:04  Question 1 Hello Pete & Rog. Thanks for the wonderful podcast I will keep it as brief as possible as it means hopefully you can squeeze more content for your listeners. I am a 35 yr old renting in London with a salary of approximately 35k and would consider buying my own place if I could build up enough of a deposit. My mum died a long time ago but my dad has just been informed that he has a medical condition which will probably end his life in the next 5 years or so. He is currently 73. I don't have any siblings and my dad has shared with me the details of his assets which primarily comprise of a SIPP of around 200k (he has taken and spent his 25% tax free amount). My question may sound a bit morbid but it reflects the reality of life unfortunately. It's about the rules of inheriting this SIPP. I'm not sure I fully understand the 'rules' about if my dad passes away before 75 or after he is 75. My understanding is that if less than 75 I can just 'cash in' the 200k tax-free and for example use it as a deposit for a house. That seems straightforward. But hopefully he will get well past his 75th, so if that's the case I understand the 200k would be taxed as income, so I would be crazy to take it all out in that way. So what would be my options in that case? - Is there any way to take it out of the pension wrapper without having to pay tax to give a bit more flexibility? - could I just inherit it as a pension and if so, would I still be able to take 25% tax free? - can I draw down from before I reach pension age e.g. to pay the mortgage or rent (mindful not to go up into the next tax bracket)? Have I got the rules right and are there any other options I could consider? Regards, Steve   07:08  Question 2 Hi Pete & Roger Love the content and just discovered your YouTube podcast! I'm concerned about my wife parents (Mid 70s) inheritance tax liability and was wondering if you had any advice on how to structure the portfolio to reduce it or if it was worth considering a gifting strategy. Primarily I'm concerned as the recent inclusion of pensions into IHT from 2027 and I'm pretty sure their estate is over 2m and therefore a reduced residence nil rate. Rough figures are below: Current house - 1.1m (according to Rightmove - jointly owned) Own another house 800k (according to Rightmove - jointly owned) Own a holiday letting business (retirement business) which has three properties circa 1.1m (according to Rightmove - jointly owned) With this in mind I put their IHT liability at 2m+ without factoring their pensions Questions What do you consider the ball park IHT bill to be? How do you suggest my wife (mid 30s) approach this issue? Or should she just deal with the cards as they lie in the future? Tony   14:05  Question 3 Hi Pete & Roger, I wanted to start with a thank you for your podcast - specially for acting as the friendly, inclusive and relatable voices of finance. The podcast is a welcome change to the scarier world of finance which many of us sometimes run and hide from! My question for you is regarding my ESPP. I was employed by a US-based company around 10 years ago. During my time there I was able to sacrifice a percentage of my salary which was put towards the purchase of company shares at a discounted rate. It's a very effective scheme, and although my salary there was modest, I've been able to leave the shares alone which are now worth around £230k. The predicament I now have is what to do with these shares. I've been happy to let the shares sit and grow, which they have been doing extremely well, though the value of them now has me wondering what my future strategy should be. For reference, the 10 year growth on these shares is around 850%. As far as I'm aware, I'll need to pay tax on these shares when it comes to selling them as there's no way to transfer them into my stocks & shares ISA or similar. So it's either leave them where they are, or sell some/all of them now and transfer the cash (after tax) into my stocks & shares ISA, SIPP or elsewhere. I'm 40 and looking to purchase a house next year with my partner - though we don't need these funds for that purchase. I have a stocks & shares ISA, a cash ISA and a SIPP, as well as a modest amount in a LISA and cash savings. Whilst I don't feel like I have all of my eggs in one basket, I do feel increasingly nervous about the value of the shares which are entirely dependant on the success of one company. That said, the returns to date have been incredible and I wouldn't want to miss out on future growth. I'd love to know if you have any guidance on this, and if there's any factors that I haven't considered yet. Thanks again, Ian   20:36 Question 4 Hi Guys, Love your podcasts. You've helped me a lot with understanding my finances and I'd love to ask a question. My wife and I are 36 and have been back in the UK for 3 years. We are hoping to buy our first property in 2026. Due to our age, is it okay and safer to do a 35 year mortgage and pay more off monthly to pay the mortgage off quicker? We aren't high earners but hoping to put any extra onto the mortgage principle. Hope to hear from you. Kind Regards, Dhiren   23:49 Question 5 Dear Pete and Roger Thanks a lot for all the education and sensible insights you are providing to all I am an avid listener of your podcasts and  watch your videos regularly.  Now I can see Roger as well.  Both very handsome and knowledgeable. Your discussions are lively and interesting. I am also a member of the academy from the beginning. Also on Facebook community. Currently working my way through retirement guide. I am working abroad for nearly 8 years. I was told by a financial planner that he can't advise non UK tax payers as per regulations. Since then you have been my main source of information and guidance. I am an Ex NHS consultant and now receiving pension. I have a very small SIPP and substantial Investment ISA which I can not contribute to. So my main investment is through GIA. All via Vanguard. Apart from this I have stocks and shares account with a couple of providers which helps me to keep thinking about investment opportunities. I am not a big risk taker and currently doing well with my stocks. I read and listen to a variety of educational materials to help with this I have 2 questions. Is it possible to get financial planner help for UK citizens while working abroad? What should I do with my investments before coming back to UK to live, for tax planning and reduce risk of huge tax for selling investments after coming back? Currently I am in Middle East with zero percent income tax. My pension is also at zero percent under DTAA arrangements. Sorry for long question. Thanks a lot again for your suuuuuuuuuper work. Continue great job Kind regards, Sudhakar Link: Perceptive Planning https://www.perceptiveplanning.co.uk/world-citizens  28:37  Question 6 Hi Roger and Pete, Love the podcast. Thank you for everything. This is about to be a long question, for which I'm not at all sorry. I've seen articles and videos about the increased sophistication of hacks and scams. Things like stealthily getting access to accounts and for years collecting information that can then be used to impersonate you to socially engineer access to bank accounts. AI plays a part in letting people change how they sound to make impersonating on calls easier than ever. Going forward, I'm worried that one of the biggest threats to my wealth is not a market crash, but someone getting access to my investments through fraudulently calling support lines and impersonating me, or alternatively getting access to my money through 'traditional' password leaks and viruses. To this end, I've been overpaying my mortgage as a way of having money locked away in an asset that cannot be liquidated without a solicitor (and hopefully more stringent checks of identity), but I'm going to be mortgage-free in less than 5 years at this rate.  My question is: Am I overblowing the risk here, and what are my options if I want to reduce the my risk from this perspective? I have considered: - Having multiple S&S ISAs with different providers should mean that only a fragment of my portfolio can be lost through any one hack. - Buying 'real' estate as an investment seems appealing from a security standpoint, regardless of expected returns, and although recent changes have made BtL less attractive, the old Rothschild saying of "Buy when there's blood in the streets" could mean that now might be a good time to buy. Is there an advantage in having overseas property as a wealth storage mechanism? - Putting money in my DC pension pot will lock the money away until retirement, but suddenly becomes fair game to foul play once I do. - Buying an annuity is not as fiscally efficient as drawdown, but is an attractive way of mitigating risk of losing it all to a scam caller. Especially if I'm old and doddery and more likely to fall for a scam. - Buying physical gold (and a safe or a Swiss safety deposit box) doesn't appeal to me, but I have considered it. Please assume that I'm being sensible with passwords and 2FA. My question isn't about basic IT security practices, but which of these decisions you think might be a good/bad decision and whether there's anything I haven't considered. Thank you, Alex Link: Cal Newport - https://calnewport.com/    

Listen and subscribe to Money Making Conversations on iHeartRadio, Apple Podcasts, Spotify, www.moneymakingconversations.com/subscribe/ or wherever you listen to podcasts. New Money Making Conversations episodes drop daily. I want to alert you, so you don’t miss out on expert analysis and insider perspectives from my guests who provide tips that can help you uplift the community, improve your financial planning, motivation, or advice on how to be a successful entrepreneur. Keep winning! Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Gregory Richardson. A cybersecurity expert and AI consultant. The conversation explores cybersecurity best practices, the rise of AI, and how Gregory is helping churches and nonprofits leverage technology to spread the gospel.

In our World Password Day Special, we're digging into credentials, identity, and authentication  — and where security is  heading next.

00:00 Introducción 00:15 OpenAI entra al negocio de la consultoría en IA en empresas La apuesta busca convertir a la firma en un actor clave del negocio corporativo de automatización y transformación digital. 01:28 Google advierte que la IA ya hackea el doble factor de autenticación Por primera vez, Google detecta el uso de IA para identificar y atacar brechas desconocidas de seguridad y sus expertos alertan que esta tecnología ya elude el 2FA. 02:35 La batalla de los chips ya no es sólo de Nvidia Las empresas enfocadas en la nube cada vez quieren depender menos de la empresa de Jensen Huang, a nivel de infraestructura.

Send us Fan MailIn this episode of the Prepping Academy Podcast, Forrest Garvin breaks down one of the most important—and overlooked—steps you can take to protect your digital life: Two-Factor Authentication (2FA).Most people rely solely on passwords, but they get stolen every day through data breaches, phishing, and simple attacks. This episode explains how 2FA works, why it's so effective, and how it can stop the vast majority of account takeovers.You'll learn the different types of 2FA, which ones are secure, and which ones to avoid. From authenticator apps to hardware keys, Forrest walks through what you should be using right now to protect your email, banking, crypto, and more.Topics covered:What 2FA is and how it worksWhy passwords alone are no longer enoughThe difference between SMS, apps, and hardware keysCommon attacks like phishing and SIM swappingHow to properly secure your accountsFrom a preparedness standpoint, this is about access control—protecting your digital life the same way you protect your home and resources.  Most people get hacked because they're easy targets. Don't be one of them.Garvin AcademyFree Webinars:  https://prepperfinds.com/free-webinars Join PrepperNet.Net - https://www.preppernet.netPrepperNet is an organization of like-minded individuals who believe in personal responsibility, individual freedoms and preparing for disasters of all origins.PrepperNet Support the showPlease give us 5 Stars! www.preppingacademy.com Daily deals for preppers, survivalists, off-gridders, homesteaders  https://prepperfinds.com www.preppernet.com

Check out our Patreon for a daily Lawrence Select™ Meme: https://www.patreon.com/insidegamesYTJoin the Inside Games notification Discord server for alerts when we publish new videos: http://discord.gg/ArvphbMPFJHosted by:Lawrence: http://twitch.tv/sirlarr | Bruce: http://twitch.tv/brucegreene Edited by: Shooklyn: https://linktr.ee/ShooklynSources --https://www.youtube.com/watch?v=kWSIFh8ICaAhttps://www.youtube.com/watch?v=YIPuXAd6KCAhttps://x.com/manfightdragon/status/2047928888907669530https://x.com/DoesItPlay1/status/2048023064193966588?s=20https://x.com/desgamesyt/status/2048050660336341198?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2048050660336341198%7Ctwgr%5E25eebaa2d44522472da92692cadc00797201c872%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fkotaku.com%2Fa-surprise-drm-issue-for-digital-playstation-games-has-fans-worried-2000690624

On this episode of The Secure Family Podcast, host Andy Murphy sits down with former FBI undercover operative and cybersecurity expert Eric O'Neill for a fascinating conversation about how modern scams really work. Eric explains why today's cybercriminals don't think like hackers—they think like spies, using deception, pressure, impersonation, and psychology to target everyday people.   Andy and Eric break down the fake DMV and toll road text scams that hit millions of phones, how criminals gather personal data to make attacks feel believable, and why AI deepfakes are making scams more dangerous than ever. They also share practical ways families can protect themselves, spot red flags before it's too late, and respond quickly if an account or identity is compromised.   If you want to understand the new world of cybercrime in plain English—and learn how to stay one step ahead—this is an episode you don't want to miss.    For more for Eric O'Neill visit: https://ericoneill.net Take control of your data with DeleteMe. Because they sponsor the podcast you can get 20% off a privacy plan from DeleteMe with promo code: DAD.  Connect

Want a quick estimate of how much your business is worth? With our free valuation calculator, answer a few questions about your business, and you'll get an immediate estimate of the value of your business. You might be surprised by how much you can get for it: https://flippa.com/exit -- Are your digital assets a ticking time bomb for your business valuation? In this tactical episode of The Exit, host Steve McGarry sits down with Paige Wiese, founder and CEO of Tree Ring Digital, to unpack the often-overlooked world of digital asset management in M&A. Paige shares her journey from architecture to becoming a digital asset expert, revealing how "poor hygiene" around domain names, license keys, and social media logins can derail a deal or provide buyers with unwanted leverage during negotiations. Whether you are a referral-based business or a personal brand, this episode provides a roadmap for documenting your digital footprint to ensure a smooth, high-value transition. What You'll LearnBeyond Crypto: Beyond Crypto: Why digital assets actually refer to the 300+ data points, from hosting and domain names to email addresses and plugin license keys, that keep your company operating online. The Valuation Killer: How inaccessible accounts and missing documentation can lead to reduced valuations and "deal friction" during due diligence. The "Vendor Trap": Why you must read your contracts to ensure you, not your agency, actually own your website, content, and SEO rank. Decoupling the Founder: The 3-year strategy for shifting authority from a personal brand to a company brand to increase business transferability. Ownership Mapping: Why password managers aren't enough, especially when 2FA is tied to a former employee's phone, and how to effectively prepare your assets for a hand-off. -- Paige Wiese is the founder and CEO of Tree Ring Digital, a top-ranked Denver-based marketing agency that develops high performance websites and digital marketing strategies for businesses nationwide. With 16 years of industry experience, Paige has seen companies and CEOs struggle to manage and maintain their assets through growth or transition. She has recently developed a proprietary digital asset management service to track and protect companies' over 200 data points. Paige is a dedicated speaker and mentor on the topics of brand protection and business growth. LinkedIn - https://www.linkedin.com/in/paigewiese/ Website - https://www.treeringdigital.com/theexit -- The Exit—Presented By Flippa: A 30-minute podcast featuring expert entrepreneurs who have been there and done it. The Exit talks to operators who have bought and sold a business. You'll learn how they did it, why they did it, and get exposure to the world of exits, a world occupied by a small few, but accessible to many. To listen to the podcast or get daily listing updates, click on flippa.com/the-exit-podcast/

Andy sits down with Joe Scalone of Yubico to break down why passwords are no longer enough to keep your family safe online and what's replacing them. Joe explains how passkeys and physical security keys are changing the future of cybersecurity, why hackers are moving faster than ever (thanks to AI), and what that means for everyday families.  The conversation also dives into parenting in a digital world from managing kids' online identities to building trust, communication, and smart guardrails at home. They also tackle the controversial rise of age verification, digital IDs, and whether giving your face or ID to tech companies is a risk parents should be concerned about. For more on Yubico check out: https://www.yubico.com/  Take control of your data with DeleteMe. Because they sponsor the podcast you can get 20% off a privacy plan from DeleteMe with promo code: DAD.  Connect

“The simple believe everything, but the prudent give thought to their steps.” — Proverbs 14:15 In a world where scams are increasingly sophisticated, Scripture reminds us that precaution is not paranoia—it's stewardship. Protecting the resources God has entrusted to us isn't just practical; it's spiritual. Today's threats may come through phone calls, emails, text messages, or even impersonations of people we trust. But as followers of Christ, we are not called to live in fear—we are called to walk in wisdom. So what does wise, faithful stewardship look like in a digital age? 1. Slow Down and Verify Scammers thrive on urgency. They want you to act before you think. If someone pressures you—claiming to be your bank, a government agency, or even a loved one—pause. Hang up. Verify the source using official contact information. Remember: Pressure is a red flag. Wisdom takes a breath. 2. Be Wise About How You Send Money One of the clearest warning signs of fraud is how payment is requested. Never send money via wire transfer, gift cards, or peer-to-peer apps (like Zelle or Venmo) to someone you don't personally know. Legitimate organizations will not demand payment this way. If something feels off, trust that instinct and walk away. 3. Use Tools That Protect You Not all payment methods are created equal. Use credit cards when shopping online—they typically offer stronger fraud protection than debit cards. Enable two-factor authentication (2FA) on financial accounts—it's like adding a deadbolt to your digital front door. Use an authenticator app when possible instead of text-based codes. These simple steps dramatically reduce your vulnerability. 4. Strengthen Your Passwords Weak or reused passwords are one of the easiest entry points for thieves. Use a password manager like Bitwarden or NordPass to create and store strong, unique passwords. Avoid reusing the same password across multiple accounts. Think of your passwords as keys—each door should have its own. 5. Monitor and Lock Down Your Accounts Staying alert can help you catch problems early. Set up bank alerts for large transactions or unusual activity. Freeze your credit with all three major bureaus—it's free and highly effective against identity theft. This is like installing an alarm system for your finances. 6. Be Cautious Online and in Public Convenience can sometimes come at a cost. Avoid accessing financial accounts on public Wi-Fi unless you're using a VPN. Only log into accounts on your personal devices. Limit what you share on social media—details like birthdays, family names, or locations can be used against you. Not everything needs to be public. 7. Protect Your Physical Information Digital security matters—but so does what's on paper. Shred documents containing sensitive information like bank statements, tax forms, or medical records. Be cautious of phishing emails or messages—even if they appear to come from someone you know. When in doubt, verify before you click. 8. Make It a Family Conversation Scammers often target the most vulnerable—especially older adults and teenagers. Take time to: Talk with your family about common scams Share what you're learning Stay informed together Stewardship is not just personal—it's communal. 9. Use Caution After Data Breaches If a company offers identity theft protection after a breach: Take advantage of it—but verify first Contact the company directly through their official website or number Don't trust links or instructions in unsolicited messages. Faithful Stewardship Without Fear There's no question that in today's world, financial faithfulness includes digital awareness. Guarding your data, protecting your family, and staying alert to fraud are essential parts of stewardship. But this isn't about fear—it's about faith expressed through wisdom. With a few intentional steps, you can protect what God has entrusted to you and live with peace—not panic. If you're looking for a simple way to manage your money and grow in faithful stewardship, the FaithFi app can help. It's designed to help you handle God's resources with clarity and purpose. You can download it today at FaithFi.com/App. On Today's Program, Rob Answers Listener Questions: I've been helping a friend financially while he's unemployed, but it's starting to strain me. He has no credit and doesn't know where to start. How can he build a financial foundation—and how can I help without hurting myself? I need to update my will and mainly want to pass my home to my children. I've heard a trust might be better. Can I set that up without an attorney? I'm working to rebuild my credit after medical debt, but I want to avoid taking on new debt. What are my options—and would borrowing against my paid-off home help or hurt? I was told I could pay off my $125,000 mortgage faster by moving it to a HELOC and running my income through it. Is that strategy legitimate? Resources Mentioned: Faithful Steward: FaithFi's Quarterly Magazine (Become a FaithFi Partner) Bankrate | NerdWallet Experian Boost Our Ultimate Treasure: A 21-Day Journey to Faithful Stewardship by Rob West Wisdom Over Wealth: 12 Lessons from Ecclesiastes on Money Look At The Sparrows: A 21-Day Devotional on Financial Fear and Anxiety Rich Toward God: A Study on the Parable of the Rich Fool Find a Certified Kingdom Advisor (CKA) FaithFi App Remember, you can call in to ask your questions every workday at (800) 525-7000. Faith & Finance is also available on Moody Radio Network and American Family Radio. You can also visit FaithFi.com to connect with our online community and partner with us as we help more people live as faithful stewards of God's resources. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Visit ⁠https://www.incognia.com/fraudboxer⁠ to request a free vulnerability test   In this special episode filmed live at MRC 2026 in Las Vegas, Jordan sits down with Andre Ferraz, CEO of Incognia, and Steven Coates, Ticketmaster's Director of Global Fraud Prevention, to dissect the evolving landscape of Account Takeover (ATO) attacks. The discussion centers on how modern ATOs have shifted from simple credential theft to sophisticated schemes where the account itself holds more value than a stolen credit card. You will learn why traditional security measures like SMS-based 2FA are increasingly vulnerable to SIM swapping and phishing, and how grounding digital identity in physical location behavior can provide a 99.9% accurate, frictionless authentication experience. By leveraging "smart friction" and indoor location intelligence, platforms can effectively distinguish between a legitimate user setting up a new device and a professional fraudster, ultimately reducing ATO rates to zero.   Ready to see where your own mobile application might be vulnerable to these sophisticated attacks? Visit https://www.incognia.com/fraudboxer to request a free vulnerability test and discover the hidden gaps in your current security stack. Whether you are battling organized device farms or looking to reduce user friction, this expert assessment will help you stay one step ahead of the fraudsters.   Steven Coats: https://www.linkedin.com/in/steven-coats-32b19b57/ André Ferraz: https://www.linkedin.com/in/andreferraz/

Can Georgia's schools be saved? Dr. Nelva Lee shares her plan to fix K-12 and protect your private data from AI-powered hacks.

Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why traditional SMS MFA is no longer bulletproof. We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password. Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively increases your attack surface, leaving your organization just one brute-force attack away from ransomware. Finally, we explore the mechanics of ThreatLocker's Zero Trust Network Access and Cloud Access, detailing how denying by default and routing through secure proxies can lock down Microsoft 365 and make your internal network effectively invisible to hackers. // Rob Allen's SOCIAL // LinkedIn: / threatlockerrob X: https://x.com/threatlockerrob // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:57 - What is 2FA/MFA and why is it important? 02:54 - Reusing passwords 04:38 - Malicious Chrome extensions 05:39 - Average person vs cybersecurity 12:18 - SMS 2FA 13:37 - Authenticator apps 16:26 - Yubikeys 17:58 - No one is "unhackable" 21:52 - "Cookie stealing" explained 22:53 - ThrearLocker's new tool/solution 28:22 - How ThreatLocker protects Office365 29:06 - ThreatLocker protecting organizations 33:11 - Should I trust ThreatLocker? 35:54 - How safe is ThreatLocker? 38:00 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cybersecurity #hacker #hack

What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit

What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit

What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit

What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit

What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit

In this episode of Fraudology, host Karisse Hendrick is joined by Frank McKenna, Chief Fraud Strategist at PointPredictive and the mind behind Frank on Fraud. Frank shares his latest deep dive into Starkiller, a sophisticated new phishing-as-a-service (PaaS) platform that emerged following the takedown of Tycoon 2FA.The conversation explores the terrifying mechanics of Attacker-in-the-Middle (AITM) attacks, where fraudsters use "headless browsers" to mirror legitimate login sessions in real-time. Frank provides an inside look at how this tool allows criminals to capture not just credentials, but also two-factor authentication (2FA) codes and session cookies, enabling them to maintain access even after a user logs out.We also explore the "hot topics" dominating the fraud landscape today:ATO Without a Login Event: How marketplaces are seeing "good" users perform legitimate actions, only to have their payout information changed moments later within the same session.The Democratization of Fraud: The professionalization of phishing kits on Telegram, which offer Netflix-style subscriptions and user-friendly dashboards for as little as $300 to $500 a month.Detection Challenges: Why traditional device intelligence and cybersecurity tools struggle to flag these attacks because the victim is interacting with the real merchant website, not a clone.

In today's digital age, safeguarding your personal and financial information is more crucial than ever. With cyber threats growing more sophisticated and online platforms collecting more data than we often realize, the risk of identity theft, fraud, and privacy breaches continues to rise. Understanding how to protect yourself isn't just a best practice anymore; it's an essential skill for navigating modern life with confidence and security.  Links: Learn more about Triangle's Better Checking account with ID Protect Check out TCU University for financial education tips and resources! Follow us on Facebook, Instagram and Twitter! Learn more about Triangle Credit Union Transcript: Welcome to Money Tip Tuesday from the Making Money Personal podcast.  In today's digital age, safeguarding your personal and financial information is more crucial than ever. As your trusted financial institution, Triangle Credit Union is committed to providing you with the tools and knowledge needed to help protect your accounts. One of the most effective ways to enhance the security of your accounts - financial and non-financial - is to follow and maintain healthy password habits. Here are a few tips that can help you secure your accounts and help protect your personal information.  Create Strong and Unique Passwords A strong password is your first line of defense against cyber threats. Follow these guidelines in creating a robust password:  Length Matters: Aim for at least 12 characters. Longer passwords can be harder to crack.  Mix It Up: Use a combination of upper-case and lower-case letters, numbers, and special characters.  Avoid Common Words: Steer clear of easily guessable words and phrases like "password," "123456," “Aa123456”, "qwerty" or any combination of these. Other common passwords include “admin”, “P@ssw0rd” and all ones or all zeros.  Unique to Each Account: Use different passwords for different accounts. This way, if one password is compromised, your other accounts remain secure.  Use a Password Manager Remembering multiple complex passwords can be challenging. A password manager can help you store and manage your passwords securely. These tools can generate strong passwords for you and automatically populate them when needed so that you don't have to remember each one. Remember to do your homework before you trust a third-party password manager application.  Enable Multi-Factor Authentication (MFA) Multi-Factor Authentication, sometimes referred to as Two-Factor Authentication or 2FA, adds an extra layer of security by requiring two or more verification methods to access your account. This could be something you know (password), in combination with something you have (a smartphone or security token), or something you are (fingerprint or facial recognition). Enabling MFA can significantly reduce the risk of unauthorized access to your account by validating your identity through more than one authentication method when you log in.  Regularly Update Your Passwords Changing your passwords periodically is a good security practice. Aim to update your passwords every three to six months. Regular updates can help protect your accounts from the impact of data breaches, if your username and password are ever compromised. If you receive a notification that your information could have been compromised, that's also a good reminder to update your passwords.  Be Wary of Phishing Scams Phishing scams are fraudulent attempts to obtain your personal information by pretending to be a trustworthy entity. Be cautious of emails, messages, or websites that ask for your password or other sensitive information. Always verify the source before providing any details. By staying aware, you can avoid unwittingly providing your password (and access to your accounts) to scammers or identity thieves.    At TCU your security is our top priority. By following these tips and creating healthy password habits, you can significantly reduce the risk of unauthorized access to your accounts. While cybersecurity threats are constantly evolving, remember that a strong password is your first line of defense. Stay vigilant and proactive in protecting your personal and financial information.  Regularly checking your account activity can help you spot any unusual transactions or unauthorized access early. If you notice anything suspicious, contact us. If you have a Better Checking account you have access to a professional, certified Identity Theft Recovery Advocate who can work with you one-on-one to identify and resolve identity theft or fraud and return your identity and your accounts to pre-event status.  And always remember never share your passwords with anyone! When fraudsters, claiming to be from your financial institution's fraud department, hang up the phone and call your credit union or bank to check on your accounts and report the fraud attempt. While we do call members occassionally to verify account activity, we will never ask for passwords to your accounts.  For more information and resources on online security, please visit our website or contact our customer service team. We're here to help you stay safe and secure.  If there are any other tips or topics you would like us to cover, let us know at tcupodcast@trianglecu.org. Like and follow our Making Money Personal FB and IG page and look for our sponsor, Triangle Credit Union on social media to share your thoughts.   Thanks for listening to today's Money Tip Tuesday and check out our other tips and episodes on the Making Money Personal podcast.   Have a great day! 

In this episode of the Fraudology podcast, Karisse Hendrick is joined by Matt Vega, Chief Fraud Strategist at Sardine, to explore how artificial intelligence has fundamentally altered the threat landscape for financial institutions and online retailers.First, Matt reveals the alarming ease with which AI can now be used to orchestrate phishing campaigns. Using advanced tools like Vercel's v0, Matt demonstrates how he can clone a legitimate website—complete with branding, functional images, and login flows—in less than five minutes. He explains how attackers use these replicas to execute sophisticated "man-in-the-middle" attacks, tricking victims into handing over two-factor authentication (2FA) codes to gain fully authenticated access to accounts.Later in the episode, Matt and Karisse dive into the rise of "polymorphic" AI attacks. These autonomous agents are capable of adapting their behavior in real-time to bypass bot detection and security thresholds as soon as they are implemented. Matt also discusses "dust trailing," a tactic where fraudsters spread large volumes of small transactions across hundreds of platforms to make traditional human investigation cost-prohibitive.In this episode, we discuss:The 5-Minute Phish: How AI models use simple screenshots and prompts to create pixel-perfect clones of banks and government agencies.Polymorphic Attacks: The emergence of autonomous AI agents that instantly adapt to security controls, making traditional bot mitigation obsolete.The Power of Basics: Why "low-tech" solutions like card-to-name matching and behavioral biometrics remain the most effective tools against high-tech fraud.Threat Intelligence: Best practices for proactive defense, including beacon technology, "hidden watermarks," and strategic domain acquisition.Upcoming Events: Details on meeting Matt and the Sardine team at the upcoming MRC conference in Las Vegas.

Crypto's newest threat isn't a smart contract exploit, it's a knock at your door. In this episode, Ryan sits down with Jameson Lopp (Casa) and Beau (former CIA, now safety at Pudgy Penguins) to map the real security landscape for crypto holders in 2026: the phishing traps you'll see daily, the physical “wrench attacks” that terrify the community, and the practical systems that can make both dramatically less effective. If going bankless is about freedom, this is the playbook for keeping that freedom without turning into your own security team. ---

This show has been flagged as Explicit by the host. Hackerpublic Radio New Years Eve Show 2026 Episode 1 Facebook https://www.facebook.com/ LinkedIn linkedin.com/ Matrix https://matrix.org/ Twitter / X https://x.com/home Telegram https://telegram.org/ Mastadon https://joinmastodon.org/ India https://www.incredibleindia.gov.in/en Poland https://www.poland.travel/en/ Hacker Public Radio https://hackerpublicradio.org/ Mumble https://www.mumble.info/ Linux Lugcast https://linuxlugcast.com/ Jitsi https://jitsi.org/ Ton Roosendaal (former Blender CEO) https://en.wikipedia.org/wiki/Ton_Roosendaal https://www.blender.org/press/blender-foundation-announces-new-board-and-executive-director/ Linus Torvalds https://github.com/torvalds Hack A Day https://hackaday.com/ Terry Pratchett https://terrypratchett.com/ UTC https://www.timeanddate.com/time/aboututc.html DMCA https://www.eff.org/issues/dmca Spotify https://open.spotify.com/ Youtube https://www.youtube.com/ Peertube https://joinpeertube.org/ Day Trading https://www.investopedia.com/articles/trading/05/011705.asp https://www.nerdwallet.com/investing/best/online-brokers-platforms-for-day-trading Ogg Camp https://www.oggcamp.org/ FosDem https://fosdem.org/2026/ Brussels https://www.visit.brussels/en/visitors Ohio Linux Fest https://olfconference.org/ Jacksonville, Florida https://www.visitjacksonville.com/ Ebike https://www.bikeradar.com/advice/buyers-guides/what-is-an-electric-bike Electric Scooter https://engineerfix.com/what-is-an-electric-scooter-and-how-does-it-work/ Elliptical https://ellipticalking.com/what-is-an-elliptical/ Panera Bread https://www.panerabread.com/ Tech and Coffee https://techandcoffee.info/ HTC Phones https://www.htc.com/us/smartphones-learn/ Apple https://www.apple.com/ Windows https://www.microsoft.com/en-us/windows LG https://www.lg.com/us/ 2FA (2 Factor Authentication) https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp Symantec VIP https://vip.symantec.com/ Android https://www.android.com/ Discord https://discord.com/ NewPipe https://newpipe.net/ iCloud https://www.icloud.com/ Bloomberg Terminal https://www.bloomberg.com/professional/terminal-introduction/ Linux Mint https://linuxmint.com/ Suse https://www.suse.com/ EndeavourOS https://endeavouros.com/ Pop OS https://system76.com/pop/ Debian https://www.debian.org/ Red Hat https://www.redhat.com/en EB / Electronics Boutique / EB Games) https://en.wikipedia.org/wiki/EB_Games RockBox https://www.rockbox.org/ Hi Fi Walker https://hifiwalker.com/ MPEG https://www.mpeg.org/ MP3 https://www.magix.com/us/music-editing/audio-formats/mp3/ MicroSD Card https://www.businessinsider.com/reference/what-is-a-micro-sd-card RSS Feed https://en.wikipedia.org/wiki/RSS https://www.reddit.com/r/explainlikeimfive/comments/15kfcsm/eli5_what_is_rss_feed_and_how_is_it_useful/ YouTube DL https://ytdl-org.github.io/youtube-dl/index.html Jupiter Extras Podcast https://www.jupiterbroadcasting.com/show/jupiter-extras/ Late Night Linux Podcast https://latenightlinux.com/ Sound Show Podcast https://grokipedia.com/page/the_sound_show Linux Lugcast https://linuxlugcast.com/ Tux Jam https://tuxjam.otherside.network/ Hacker Public Radio https://hackerpublicradio.org/ 3D Printing https://3dprinting.com/what-is-3d-printing/ Raspberry Pi https://www.raspberrypi.com/ Nextcloud https://nextcloud.com/ Jellyfin https://jellyfin.org/ DVD Ripping https://www.tomshardware.com/software/how-to-rip-your-dvds-with-handbrake-preserve-your-dvd-library-before-bit-rot-claims-another-victim Port Forwarding https://www.noip.com/support/knowledgebase/general-port-forwarding-guide NginX https://nginx.org/ LiquidSoap https://www.liquidsoap.info/doc-dev/ IceCast https://icecast.org/ DYN DNS https://account.dyn.com/ Etherpad https://etherpad.org/ Audio Bookshelf https://www.audiobookshelf.org/ Funk Whale https://www.funkwhale.audio/ Pixel Art https://www.sandromaglione.com/articles/getting-started-with-pixel-art Aseprite https://www.aseprite.org/ Krita https://krita.org/en/ RPG Maker https://www.rpgmakerweb.com/ Stable Diffusion https://stablediffusionweb.com/ GIMP https://www.gimp.org/ Balatro https://www.playbalatro.com/ Magic The Gathering Balatro MOD https://balatromods.miraheze.org/wiki/Magic:_the_Jokering Yoshi https://www.mariowiki.com/Yoshi Gungeon (Enter the Gungeon) https://enterthegungeon.fandom.com/wiki/Enter_the_Gungeon_Wiki Clover Pit https://store.steampowered.com/app/3314790/CloverPit/ Trackball https://www.techtarget.com/whatis/definition/trackball Humble Bundle https://www.humblebundle.com/ Dungeons / Dungeons II / Dungeons III http://www.realmforgestudios.com/ Deltarune https://deltarune.com/ Undertale https://undertale.com/ DNS https://www.cloudflare.com/learning/dns/what-is-dns/ Universal Studios https://www.universalorlando.com/web/en/us/theme-parks/universal-studios-florida Electric Blanket https://www.silentnight.co.uk/blog/guides/tips-for-using-your-electric-blanket Electric Vests https://www.fieldandstream.com/outdoor-gear/hunting/hunting-apparel-and-accessories/best-heated-vests LG Neckband Headphones https://www.lg.com/us/neckbands/view-all Lotus Notes https://en.wikipedia.org/wiki/HCL_Notes John Deer https://www.deere.com/en/ Dairy Queen https://www.dairyqueen.com/en-us/ Alco (retail store) https://en.wikipedia.org/wiki/ALCO_Stores AMI Pro https://www.computinghistory.org.uk/det/18775/Ami-Pro-for-Windows/ Disgraphia https://my.clevelandclinic.org/health/diseases/23294-dysgraphia Cursive https://brainspring.com/orton-gillingham-weekly/what-is-cursive-why-is-it-used/ SUNLU Wood PLA https://store.sunlu.com/collections/wood/products/optimized-wood-pla-3d-printer-filament-1kg-optimized-and-upgraded-wood-texture Hobby Lobby https://www.hobbylobby.com/ Hobby Lobby Branded PLA https://www.hobbylobby.com/crafts-hobbies/kids-crafts-activities/arts-crafts-supplies/white---3d-printing-filament/p/81250151 Hot End https://e3d-online.com/blogs/news/anatomy-of-a-hotend 2.5 GB Network Switch https://www.servethehome.com/the-ultimate-cheap-2-5gbe-switch-mega-round-up-buyers-guide-qnap-netgear-hasivo-mokerlink-trendnet-zyxel-tp-link/ fsck https://linux.die.net/man/8/fsck ProxMox https://www.proxmox.com/en/ Open Media Vault https://www.openmediavault.org/ Readarr https://github.com/Readarr/Readarr RSYNC https://linux.die.net/man/1/rsync Mario Kart T Shirt https://www.nintendo.com/us/store/products/mario-kart-jersey-t-shirt-119900-1/ Super Nintendo World https://www.universalorlando.com/web/en/us/epic-universe/worlds/super-nintendo-world Mario Kart Ride (Universal Studios - Super Nintendo World) https://www.universalorlando.com/web/en/us/things-to-do/rides-attractions/mario-kart-bowsers-challenge Donkey Kong Country (Universal Studios - Super Nintendo World) https://www.zeldadungeon.net/forum/threads/donkey-kong-themed-area-to-open-at-usj-dec-11-2024.77660/ Donkey Kong Country (video game) https://donkeykong.fandom.com/wiki/Donkey_Kong_Country Mario Games https://nintendo.fandom.com/wiki/List_of_Mario_games Mario World 2 https://www.mariowiki.com/Super_Mario_World_2:_Yoshi%27s_Island Harry Potter Ride https://www.universalorlando.com/web/en/us/things-to-do/rides-attractions/harry-potter-and-the-forbidden-journey Hagrid's Magical Creatures Motorbike Adventure https://www.universalorlando.com/web/en/us/things-to-do/rides-attractions/hagrids-magical-creatures-motorbike-adventure Harry Potter Wands https://www.universalorlando.com/web/en/us/things-to-do/shopping/potter-wands Harry Potter Wand Holder (3D printable) https://makerworld.com/en/models/917744-wand-stand-harry-potter#profileId-879432 Bronze PLA https://www.hatchbox3d.com/products/3d-pla-1kg1-75-brnz Linux Mint https://linuxmint.com/ Clem (Linux Mint) https://blog.linuxmint.com/?author=1 New Harry Potter TV Show https://www.teenvogue.com/story/harry-potter-tv-reboot-hbo-everything-you-need-to-know JK Rowling https://www.jkrowling.com/ HBO https://www.hbomax.com/ Iraq https://www.state.gov/countries-areas/iraq Arcane Casebook (Author - Dan Willis) https://www.goodreads.com/series/259903-arcane-casebook Altered Carbon (Book) https://elitistbookreviews.com/2018/04/05/altered-carbon/ Arcanum Unbounded (Author - Brandon Sanderson) https://www.brandonsanderson.com/blogs/blog/introducing-arcanum-unbounded Amazon Music https://music.amazon.com/?referrer=https%3A%2F%2Fwww.google.com%2F Richard Pryor https://www.richardpryor.com/ John Pinette https://www.dead-frog.com/comedians/comic/john-pinette Stormlight Archive https://www.brandonsanderson.com/pages/the-stormlight-archive-series Mistborn Saga https://www.brandonsanderson.com/pages/the-mistborn-saga-the-original-trilogy The Last Airbender https://avatar.fandom.com/wiki/Avatar:_The_Last_Airbender Wax and Wayne https://www.brandonsanderson.com/pages/the-mistborn-saga-the-wax-wayne-series Tress And The Emerald Sea https://www.brandonsanderson.com/pages/standalones-cosmere Isles of the Amber Dark Legion https://www.brandonsanderson.com/pages/collections-non-cosmere Wheel of Time (Sanderson books) https://www.brandonsanderson.com/pages/the-wheel-of-time-series Sunreach https://www.brandonsanderson.com/pages/skyward-flight Benedict Jacka https://benedictjacka.co.uk/ Project Hail Mary (Andy Weir) https://andyweirauthor.com/#project-hail-mary The Martian (Andy Weir) https://andyweirauthor.com/#the-martian Artemis (Andy Weir) https://andyweirauthor.com/#artemis Libby https://libbyapp.com/interview/welcome#doYouHaveACard Analog Hole https://en.wikipedia.org/wiki/Analog_hole Provide feedback on this episode.

Supercharge Points & Miles with Gift Card Reselling - QCGC Hurdy Gurdy Travel Podcast | Justin Vacula Justin Vacula hosts Taylor from QCGC (qcgc.io) to show how gift card reselling can help you earn more credit card points, miles, and cashback beyond everyday spending. By buying gift cards during promotions and reselling them through QCGC, keep the rewards while scaling your credit card spending. Recorded February 6, 2026, this episode covers QCGC's newly launched portal (live since December 2025) that replaces the old spreadsheet system. Taylor walks through the platform's deals section (profit, end dates, sources, remaining capacity, payout rates, and timeframes), the rates page that consolidates brands and denominations (including anywhere sources), and customizable deal alerts (with SMS planned). They also discuss entering payment details for ACH payouts and enabling optional two-factor authentication. Chapters / Timestamps: 00:00 Intro: Travel with Points & Miles 00:32 Meet Taylor & QCGC 01:57 Gift Card Reselling 101 04:31 Inside the New QCGC Portal: Deals Page, Alerts 06:14 Rates Page, Popular Brands & Converting Multi-Brand Gift Cards 08:37 Payout Timing, ACH Deposits & Bank Account Bonuses 09:30 De-Risking & Bank Scrutiny: Amex and Safer Buying Habits 13:15 More Portal Features: SMS Alerts, Payment Info, 2FA & Feature Requests 15:09 How to Join QCGC + Community: Onboarding, Support 17:02 Break + Announcements: Socials, Meetups, FTU, and CardPointers 21:20 Deal Math in Action: Lowe's Promo, Gas Points, Staples & Profit Thresholds 26:06 Best Cards to Us 27:44 Real-World Friction: Store Limits, Cashiers Making Up Rules 29:39 Listener Q&A: Trust, Reputation, Starting Small 32:55 Step-by-Step Submissions: Reserving Capacity, Uploading Cards 34:52 Avoiding Mistakes 37:04 Wrap-Up —

Suffield Police warning, Email mess, Anthropic promises to not impact your electric bill, AI Steam platform pulls game in error, Discord Age Verification lets you access the kid level of Discord, 2FA for text messages and phishing, No more emails from my ipad should I re-sync?

In Episode 159 of the Award Travel 101 podcast, Angie Sparks and Mike Zaccheo cover listener tips, loyalty news, and Angie's recent “actual vacation.” The highlight post addresses how to handle two-factor authentication (2FA) when traveling internationally, especially when using a local eSIM. Community suggestions include switching to authenticator apps instead of SMS and keeping your primary line active for texts and calls while using an eSIM for data. In the news, they discuss a new United Business card offer (100,000 miles plus 2,000 PQP), Air Canada adding ITA Airways as a distance-based redemption partner, a targeted Marriott Bonvoy points purchase bonus, and several loyalty promotions set to expire. They also share updates on their current credit card strategies and upcoming trips.The main topic centers on Angie's first true vacation in years. After initially considering a resort stay in Anguilla, she and her husband opted for a seven-night Norwegian Cruise Line sailing out of San Juan with a port stop each day. They intentionally limited excursions, choosing instead to relax—reading, enjoying the sun, and unplugging. Angie strategically used a mix of cash, points, and credit card perks to offset costs, including Ultimate Rewards points to book the cruise through Chase Travel, free night certificates at the Caribe Hilton for a pre-cruise stay, and various statement credits for rides, dining, and lounge access. She also highlights how her Southwest Priority card delivered outsized value under the airline's new seat assignment policy, saving nearly $500 on seat selection and baggage fees. While the trip delivered the relaxation they wanted, Angie notes some declines in NCL's onboard experience and wouldn't necessarily recommend that specific ship in the future.Episode LinksUnited Business card offerAir Canada/ ITA partnershipMarriott buy points promoWhere to Find Us The Award Travel 101 Facebook Community. To book time with our team, check out Award Travel 1-on-1. You can also email us at 101@award.travel Buy your Award Travel 101 Merch here Reserve tickets to our Spring 2026 Meetup in Phoenix now. award.travel/phx2026 Our partner CardPointers helps us get the most from our cards. Signup today at https://cardpointers.com/at101 for a 30% discount on annual and lifetime subscriptions! Lastly, we appreciate your support of the AT101 Podcast/Community when you signup for your next card! Technical note: Some user experience difficulty streaming the podcast while connected to a VPN. If you have difficulty, disconnect from your VPN.

In this WP Builds episode, Nathan Wrigley talks with Thomas Raef about WordPress website security. Thomas shares his journey founding We Watch Your Website, discusses the prevalence of attacks on US WordPress sites, and explores how hackers increasingly use stolen credentials and AI-powered methods. The episode gets into AI tools for both attackers and defenders, highlighting strategies like behavioural analysis and other mathematical things I don't understand! It wraps up with advice on implementing security measures like 2FA and device trust, and the ongoing AI "arms race" in cybersecurity. Go listen...

Caitlin Sarian (aka "Cybersecurity Girl") is one of the most recognized cybersecurity educators online (1.2M+ followers). She previously led TikTok's Global Cybersecurity Advocacy & Culture work, and spent ~10 years in cybersecurity and privacy across consulting and leadership rolesWe talk about the simple security habits that actually matter (passwords, passkeys, and the right kind of 2FA), how people get tricked by phishing and “perfect copy” fake login pages, what data brokers are really doing with your information, how tracking and permissions quietly follow you around, and how AI is changing the game for both privacy and scams. The goal is simple: help you protect yourself, think clearer, and make smarter decisions online without needing to be “technical.”Chapters: 0:00 Intro3:30 Caitlin's story: from engineering to cybersecurity9:24 The interview that pulled her into cybersecurity11:12 Why she started teaching cyber online15:04 Password mistakes & common scam setups19:28 Cookies, tracking & “I accept” traps27:18 Voice scams & impersonation tricks37:57 The 3 things your apps are collecting39:03 Data brokers — how your info gets sold42:55 Protecting your identity 51:02 Cyber warfare between countiesLearn Unreal Engine in 14 Days - $300 OFF https://join.baddecisions.studio/c/podcast?discounts=PODCASTIf this podcast is helping you, please take 2 minutes to rate our podcast on Spotify or Apple Podcasts, It will help the Podcast reach and help more people!Spotify - https://open.spotify.com/show/12jUe4lIJgxE4yst7rrfmW?si=ab98994cf57541cfApple Podcasts (Scroll down to review)- https://podcasts.apple.com/us/podcast/bad-decisions-podcast/id1677462934Find out more about Cybersecurity girl:- Instagram: https://www.instagram.com/cybersecuritygirl/- LinkedIn: https://www.linkedin.com/in/caitlin-sarian- Youtube: youtube.com/cybersecuritygirlJoin our discord server where we connect and share assets: https://discord.gg/zwycgqezfDIf you wanna see us to do cool things follow us here too:Instagram:https://www.instagram.com/badxstudio/Twitter: https://twitter.com/badxstudioTikTok: https://www.tiktok.com/@badxstudioLinkedIn: https://www.linkedin.com/company/badxstudioOur personal handles: (if you wanna stalk us)https://www.instagram.com/farhad_baddecisions/https://www.instagram.com/faraz_baddecisions/https://www.linkedin.com/in/farhadshababi/https://www.linkedin.com/in/farazshababi/

North Korean hackers with the Lazarus Group have stolen over $300 million with this Telegram phishing scam. Subscribe to the Blockspace newsletter! Welcome back to The Blockspace Podcast! Today, Taylor Monahan, a security lead at MetaMask, joins us to talk about a highly sophisticated $300M phishing attack linked to North Korea's Lazarus Group. Taylor shares how the Lazarus Group hijacks Telegram accounts to lure victims into fake Zoom meetings and download a Trojan horse malware program. We break down the hackers' strategy, how the malware works, which wallet types are most vulnerable to theft, and what users can do to protect themselves if they have fallen prey to the scam or not. Tune in to learn how to identify these red flags and implement better digital hygiene for your crypto assets. Check out this article for a deep dive into how the malware works; plus, follow Taylor for updates on X and keep track of Laars Group's history of hacks via her Github.  Subscribe to the newsletter! https://newsletter.blockspacemedia.com Notes: * Lazarus Group stole over $300M in the last year. * Attackers hijack Telegram accounts. * Scammers use fake Zoom links to deploy malware. * Malware often bypasses paid antivirus software. * Sandbox architecture on iOS offers more safety. * Software wallets and browser wallets are most vulnerable. * 2FA remains critical for sensitive account access. Timestamps: 00:00 Start 03:51 Telegram attack 11:30 2 Factor Authenticators 13:48 Losses 16:38 Calculating losses 19:08 North Korea 21:52 Malware 24:17 Malware detection 25:16 EDR 27:12 Wallets 34:21 Is verifying addresses enough? 39:28 Wallet malware design 44:11 What do they want? 54:16 Taylor stealing payloads 1:01:49 Steps to protect

Cybersecurity isn't just a technology issue, it's a family and financial issue. In this episode, Julina is joined by cybersecurity expert Sam Disraelly, Founder of Your Tech Department, to discuss the real online risks individuals and families face every day, from phishing scams to identity theft and account takeovers. You'll learn simple, practical steps to better protect your personal and financial information and build confidence navigating today's digital world. Timestamps:04:50 – The two types of cyber attacks people face07:00 – How COVID, Colonial Pipeline, and now AI changed the threat landscape10:45 – Why you should NOT click links in emails 12:30 – The Google search trap & the fake USAA site story 15:15 – The most common mistake families make17:00 – Passwords: “Long, Strong, Unique” 19:00 – Why built-in browser password managers (Google/Chrome/Apple) are risky22:15 – How to move your passwords into a real password manager 24:30 – The hidden dangers of free email accounts27:30 – The Optimum.net warning30:20 – What your email MUST be able to do (2FA, login visibility, session control)31:30 – Verizon outage example: why SMS 2FA can fail32:40 – Kids & teens online: AI, images, and why this is getting scarier34:00 – DNS filters: the most powerful tool parents don't know about38:00 – Pi-Hole and network-level protection at home39:10 – The easiest habits to start TODAY41:00 – Use a trusted partner before you click 48:00 – Three email strategy50:00 – “Plus addressing” with Gmail to control spam52:30 – Cyber insurance in homeowners & umbrella policies 56:30 – Sam's takeaway: 95–98% of attacks are stopped by 3 thingsConnect with Julina Ogilvie:WebsiteYouTubeLinkedInEmail- jogilvie@principlewealthpartners.comConnect with Sam Disraelly:https://yourcyber.team/https://yourcyber.news/https://www.linkedin.com/in/aridisraelly/The information provided is for educational and informational purposes only and does not constitute investment advice and it should not be relied on as such. The statements and opinions expressed in this podcast are those of the author. PWP cannot guarantee the accuracy or completeness of any statements or data. For current PWP information, please visit the Investment Adviser Public Disclosure website at www.adviserinfo.sec.gov by searching with PWP's CRD #290180

DOGE staff face scrutiny over possible Hatch Act violations. GitLab fixes a serious 2FA bypass. North Korean hackers target macOS developers through Visual Studio Code. Researchers say the VoidLink malware may be largely AI-built. MITRE rolls out a new embedded systems threat matrix. Oracle drops a massive patch update. Minnesota DHS reports a breach affecting 300,000 people. Germany looks to Israel for cyber defense lessons. A major illicit marketplace goes dark. Our guest is Ashley Jess, Senior Intelligence Analyst from Intel 471, with a “crash course” on underground cyber markets. And auditors emerge as an unlikely line of cyber defense. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ashley Jess, Senior Intelligence Analyst from Intel 471, sharing a “crash course” on how underground cyber markets and emerging trends. Selected Reading Trump administration concedes DOGE team may have misused Social Security data (POLITICO) GitLab warns of high-severity 2FA bypass, denial-of-service flaws (Bleeping Computer) North Korean Hackers Target macOS Developers via Malicious VS Code Projects (SecurityWeek) Voidlink Linux Malware Was Built Using an AI Agent, Researchers Reveal (Infosecurity Magazine) MITRE Launches New Security Framework for Embedded Systems (SecurityWeek) Oracle's First 2026 CPU Delivers 337 New Security Patches (SecurityWeek) Minnesota Agency Notifies 304,000 of Vendor Breach (GovInfo Security) Germany and Israel Pledge Cybersecurity Alliance (BankInfo Security) $12B Scam Market Tudou Guarantee Shuts Down (GovInfo Security) Research reveals a surprising line of defence against cyber attacks: accountants (The Conversation) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Send us a textWe trade office chaos for focused remote work, then chart the journey from a 1999 idea to one of security's most-used tools. The talk widens to cyber warfare, scams, and practical privacy steps anyone can take without going off-grid.• year-end boundaries and remote work focus• origin of WhatIsMyIPAddress and staying humble• don't invite hackers, real-world conference fallout• elite cyber training, Ukraine drones, satellite comms• podcast guest vetting, authenticity, and value• preventing scams, empathy for victims, proof problems• privacy without becoming a hermit, actionable steps• 2FA on email, credit freezes, password strategy• data collection at retail, saying no with confidence• ads as social engineering, better defaults online“I will give anyone who wants the book can come to my website and get the book… If you don't want to give me your email address or your name, I'll give you the book without the email address and your name.”Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Send us a textWe look back at 2025's privacy and security reality: useful AI where data was ready, repeating breach patterns, and infrastructure limits that slowed the hype. We call out backdoors, weak 2FA, and the shift toward passkeys, decentralization, and owning more of our stack.• AI succeeds when data, process and governance are mature• Power, chips and cost constraints limit AI growth• SALT Typhoon shows backdoor risk and patching failures• SMS 2FA remains weak while passkeys gain ground• Data hoarding expands breach blast radius• Streaming consolidation drives algorithm control and piracy's return• Decentralization and self‑hosting rebuild trust with users• 2026 outlook: AI contraction, ML pragmatism, fewer but stronger toolsCheck out our website: the problemlounge.comIf you have episode guest ideas or topics you want us to talk about, please send them our wayGo check out YouTube channel, Privacy Please PodcastIn 2026, would you like to see us do live streams?  Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifySupport the show

While our team is out on winter break, please enjoy this episode of Research Saturday. Today we are joined by ⁠⁠Selena Larson⁠⁠, co-host of ⁠⁠Only Malware in the Building⁠⁠ and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at ⁠⁠Proofpoint⁠⁠, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft's upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks. The research can be found here: ⁠⁠⁠⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Research Saturday. Today we are joined by ⁠⁠Selena Larson⁠⁠, co-host of ⁠⁠Only Malware in the Building⁠⁠ and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at ⁠⁠Proofpoint⁠⁠, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft's upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks. The research can be found here: ⁠⁠⁠⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing Learn more about your ad choices. Visit megaphone.fm/adchoices

Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com Security remains work in progress for crypto — and that may be putting it mildly. This year Bybit was hacked for $1.5 billion, the largest exploit ever, crypto or otherwise.  In this Unchained episode, Security Alliance members explain how crypto exploits have evolved, why smart contracts are no longer the primary vulnerability and why a security plan alone may not be enough. They take us inside how North Koreans are getting jobs at crypto and tech companies and how they operate.  Plus, best practices for individuals that intend to hold their assets for the long-term. Test transactions and 2FA based on authenticator apps may not be ideal. Thank you to our sponsors, ⁠Uniswap⁠ and ⁠Mantle⁠! Guests: Pablo Sabbatella, Member of SEAL (Security Alliance) and Founder of Opsek Isaac Patka, Wargames Initiative Lead at SEAL, and Founder of Shield3 Links: Unchained: How the $1.5 Billion Bybit Hack Could Have Been Prevented The Chopping Block: Code, Chaos & Consequences — What the Balancer Hack and Rollback Debates Mean for Crypto's Future How AI Agents Hacked Smart Contracts for $1 Apiece – DEX in the City DEX in the City: How Privacy in Crypto Makes Everyone's Finances More Secure Chainalysis crypto crime report SEAL 911 bot SEAL website with profiles of confirmed DPRK IT workers Timestamps:

The Tech talk to have with family over the holidays. We dive into why tracking passwords and setting up two-step authentication safely is a must—especially for seniors and elderly users. Plus we have hunting news of a rare pheasant. Join radio hosts Rebecca Wanner aka ‘BEC' and Jeff ‘Tigger' Erhardt (Tigger & BEC) with the latest in Outdoors & Western Lifestyle News! Rare White Pheasant Harvested in North Dakota According to KFYR TV, a Minot, North Dakota hunter harvested a rare white Pheasant south of the city on December 7, 2025. 37-year-old Eric Henke of Minot first saw the bird a few years ago on his family farm. A couple weeks ago, he and six others, plus four dogs, went out for a pheasant hunt. The group flushed the bird, and it flew into some brush. It was flushed again about 10 yards from Henke. With a pull of the trigger from his Benelli Super Black Eagle II 12 gauge, the bird dropped and ran, thankful to have one of the dogs retrieve it for him. Henke is now having the bird mounted by Dakota Taxidermy in Bismarck, North Dakota. In addition to being a rare white pheasant, it also had magnificent tail feathers that measured to about 22.5 inches long. Congrats Eric Henke! The Importance of Tracking Passwords and Two-Step Authentication for Seniors and Families Why Password Management Is More Important Than Ever In today's digital world, almost every essential service requires a password—banking, medical portals, email, social security accounts, utilities, and even prescription refills. For elderly and older adults, managing multiple passwords can quickly become overwhelming. Forgotten passwords, locked accounts, and inaccessible phones can lead to stress, financial risk, and complete loss of access to critical services. Common Problems Seniors Face: Forgotten passwords or PINs Locked accounts due to failed login attempts Smartphones breaking, updating, or resetting Two-step authentication codes sent to unavailable devices Difficulty remembering complex security rules Without a proper system in place, a simple phone update can become a major crisis. What Is Two-Step Authentication (2FA) — and Why It Can Be Risky Without Backup Two-step authentication (also called 2FA or multi-factor authentication) adds an extra layer of security by requiring: Something you know (password) Something you have (phone, text message, authentication app) While 2FA improves security, it can lock users out permanently if: The phone is lost or broken The phone number changes The device updates or resets The authentication app is deleted This is especially dangerous for seniors who rely on one single smartphone. How to Set Up Two-Step Authentication the Right Way (Senior-Friendly) To avoid lockouts, seniors and families should always set up backup access options. Best Practices: Save backup recovery codes on paper and digitally Add a trusted family member's email or phone number Use authentication apps that allow device recovery Avoid using only SMS codes when possible Tip: Print recovery codes and store them in a safe, labeled folder at home. Final Checklist for Seniors and Caregivers Track all passwords in one secure place Set up 2FA with backup recovery options Share access with trusted family members Store printed recovery information safely Review passwords yearly or after major updates Final Thought - A broken phone or forgotten password should never mean losing access to your life. OUTDOORS FIELD REPORTS & COMMENTS We want to hear from you! If you have any questions, comments, or stories to share about bighorn sheep, outdoor adventures, or wildlife conservation, don't hesitate to reach out. Call or text us at 305-900-BEND (305-900-2363), or send an email to BendRadioShow@gmail.com. Stay connected by following us on social media at Facebook/Instagram @thebendshow or by subscribing to The Bend Show on YouTube. Visit our website at TheBendShow.com for more exciting content and updates! https://thebendshow.com/ https://www.facebook.com/thebendshow WESTERN LIFESTYLE & THE OUTDOORS Jeff ‘Tigger' Erhardt & Rebecca ‘BEC' Wanner are passionate news broadcasters who represent the working ranch world, rodeo, and the Western way of life. They are also staunch advocates for the outdoors and wildlife conservation. As outdoorsmen themselves, Tigger and BEC provide valuable insight and education to hunters, adventurers, ranchers, and anyone interested in agriculture and conservation. With a shared love for the outdoors, Tigger & BEC are committed to bringing high-quality beef and wild game from the field to your table. They understand the importance of sharing meals with family, cooking the fruits of your labor, and making memories in the great outdoors. Through their work, they aim to educate and inspire those who appreciate God's Country and life on the land. United by a common mission, Tigger & BEC offer a glimpse into the life beyond the beaten path and down dirt roads. They're here to share knowledge, answer your questions, and join you in your own success story. Adventure awaits around the bend. With The Outdoors, the Western Heritage, Rural America, and Wildlife Conservation at the forefront, Tigger and BEC live this lifestyle every day. To learn more about Tigger & BEC's journey and their passion for the outdoors, visit TiggerandBEC.com. https://tiggerandbec.com/

Everyone in crypto has a horror story. In this episode, Joel and Travis turn the mic on themselves and the community for a raw, honest look at loss, regret, and the painful side of the crypto journey. Travis recounts how he lost 55 Bitcoin he mined back in 2010 after a hardware failure and no backup of his keys. Joel shares how he was seconds away from reading a 2FA code to a fake “Google security” caller that could have compromised everything tied to his account. Add in a 10 ETH honeypot scam, drained wallets, and NFT phishing, and you start to see a pattern: nobody is immune. Along the way, they read anonymous posts from the CoinFessions account on X – real stories of people who:– Turned life-changing gains into dust by trying to time “one more pump”– Lost six figures to scams and bad decisions– Sat through entire bull runs and never took profits– Finally got it right after years of pain and one big, smart exit This episode covers:– Why even experienced users still get wrecked– The psychology behind never taking profits on the way up– How grief, stress, and desperation make you vulnerable to scams– Why experiences and relationships matter more than your portfolio balance– A brief look ahead at what macro conditions and liquidity might mean for the next phase of the market If you have ever:– Round-tripped your portfolio– Lost coins to a scam, bad link, or bad judgment– Felt alone or ashamed about your mistakes …this is group therapy. You are not the only one. The Bad Crypto Podcast has been here since 2017, and the guys are still in the arena with you. Pull up a chair, listen in, and maybe walk away feeling a little less wrecked and a little more human.Support the show: https://badcryptopodcast.comSee omnystudio.com/listener for privacy information.

The Cybersecurity Landscape in Austin In this episode, Alison Dixon shares insights into the fast-evolving cybersecurity environment in Austin, Texas. She discusses the rising importance of protecting both personal and corporate data amid growing cyber threats, emphasizing the dual challenge of convenience versus protection. Alison and Michael explore how AI complicates the landscape—accelerating innovation but also introducing new vulnerabilities. They underscore the urgent need for smarter, password-free security solutions and thoughtful tech adoption that prioritizes user safety. AI Integration with Intention Michael and Alison explore the importance of deliberate, strategic integration of AI into business operations. They agree that AI should serve genuine business value, not simply act as a marketing add-on. Clear processes and structured systems must precede AI adoption to avoid inefficiencies. Michael points out that transparency in AI systems, such as chatbots identifying themselves and providing human contact options, can significantly enhance customer trust. Both emphasize the need for balance, restraint, and purpose when embracing new technologies. Balancing AI Budgets and Cybersecurity Priorities The conversation turns to the tension between investing in AI and maintaining strong cybersecurity foundations. Alison warns that over-investing in AI while cutting cybersecurity budgets increases the risk of attacks like phishing and ransomware. Michael shares a real-life story about a senior manager's phone hack that illustrates the importance of vigilance and response protocols. Alison reinforces the need for proactive defenses and risk-reduction strategies rather than reactive training. AI Voice Scams and Public Awareness Michael recounts a growing trend of AI-driven voice scams, where criminals mimic loved ones' voices to exploit victims. He shares a case involving an elderly Toronto couple who lost nearly $100,000 to a voice fraud scheme, stressing the importance of using family “safe words” to verify identity. The discussion underscores how easily anyone—public figure or private citizen—can become a target, highlighting the growing sophistication of AI misuse. Human Factors and Preventive Strategies Alison and Michael discuss why human behavior remains the weakest link in cybersecurity. They argue that education alone is insufficient and that organizations should focus on eliminating risk exposure through stronger systems and policies. Practical steps such as multi-factor authentication, unique passwords, and an “assume it's fake” mindset can dramatically reduce vulnerability. Alison notes that leadership accountability and proactive system design are the true foundations of digital safety. The Role of Two-Factor Authentication and Holiday Vigilance In closing, Michael and Alison revisit the vital role of two-factor authentication (2FA). While it adds a few extra seconds to login, they agree it is a small price for peace of mind. They also caution that the holiday season often brings a spike in cyberattacks, as people let their guard down. Their message is clear: cybersecurity is not just about technology—it's about disciplined habits, awareness, and making security a leadership priority. Alison Dixon, the Chief Customer Experience Officer at Portnox, a leading zero trust network access control platform. Alison is at the forefront of shaping how technical, high-stakes industries like cybersecurity can deliver world-class customer experiences. With a background that spans HR, Sales Enablement, and IT, she brings a uniquely holistic view to customer success—balancing strategy, empathy, and execution. At Portnox, she's led the charge in transforming onboarding into a competitive advantage, expanding CX beyond support, and building programs that reduce churn and drive long-term value. LinkedIn:  https://www.linkedin.com/in/alison-dixon-msod/    

On Hands-On Tech, Mikah Sargent lists some of his favorite two-factor authenticator apps for listener Stuart and some of the pros and cons using 2FA applications. Send in your questions for Hands-On Tech to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: L3Harris Trenchant boss accused of selling exploits to Russia once worked at the Australian Signals Directorate Microsoft WSUS bug being exploited in the wild Dan Kaminsky DNS cache poisoning comes back because of a bad PRNG SpaceX finally starts disabling Starlink terminals used by scammers Garbage HP update deletes certificates that authed Windows systems to Entra This week's episode is sponsored by automation company Tines. Field CISO Matt Muller joins to discuss how Tines has embraced LLMs and the agentic-AI future into their workflow automation. This episode is also available on Youtube. Show notes US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer | TechCrunch Attackers bypass patch in deprecated Windows Server update tool | CyberScoop CVE-2025-59287 WSUS Unauthenticated RCE | HawkTrace CVE-2025-59287 WSUS Remote Code Execution | HawkTrace Catching Credential Guard Off Guard - SpecterOps Cache poisoning vulnerabilities found in 2 DNS resolving apps - Ars Technica Uncovering Qilin attack methods exposed through multiple cases Safety on X: "By November 10, we're asking all accounts that use a security key as their two factor authentication (2FA) method to re-enroll their key to continue accessing X. You can re-enroll your existing security key, or enroll a new one. A reminder: if you enroll a new security key, any" / X SpaceX disables more than 2,000 Starlink devices used in Myanmar scam compounds | The Record from Recorded Future News SpaceX: Update Your Inactive Starlink Dishes Now or They'll Be Bricked How we linked ForumTroll APT to Dante spyware by Memento Labs | Securelist Former Polish official indicted over spyware purchase | The Record from Recorded Future News HP OneAgent Update Broke Entra Trust on HP AI Devices Windows' Built-in OpenSSH for Offensive Security How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA | WIRED