POPULARITY
Spyware companies are filmed plotting to break global sanctions to ship surveillance and spying equipment to dodgy authoritarian regimes, an unsecured database exposed diabetics’ sensitive data, and a massive data breach leaves hundreds of thousands of current and former Wonga customers at risk. All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Lisa Vaas. Show notes: Spyware firms in breach of global sanctions - Al Jazeera. Al Jazeera Investigations - Spy Merchants - YouTube. Mounties admit to using cellphone-snooping ‘stingrays’ - Sophos Naked Security. A huge trove of patient data leaks, thanks to telemarketers' bad security - ZDNet. Leak of diabetic patients’ data highlights risks of giving info to telemarketers - DataBreaches.net. Unsecured database exposed diabetics’ sensitive data - Sophos Naked Security. Fraudsters Target People With Diabetes - AARP. Wonga.com TV advert - YouTube. Wonga security incident FAQ - Wonga.com. Wonga data breach puts up to 245,000 UK current and former customers at risk - Graham Cluley. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Special Guest: Lisa Vaas.
Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles For Nearly Two Decades the Nuclear Launch Code at All Minuteman Silos in the United States was 00000000 by Karl Smallwood (Today I Found Out), ‘Secret’ Nuclear Missile Launch Code During Cold War Was ‘00000000’ by Ryan Grenoble (The Huffington Post), Zero protection from nuclear code by Oliver Burkeman (The Guardian), Keeping Presidents in the Nuclear Dark by Bruce Blair (Bruce Blair’s Nuclear Column), For nearly 20 years, the launch code for US nuclear missiles was 00000000 by Lisa Vaas (nakedsecurity blog), Permissive Action Links by Steven M. Bellovin Further improving digital certificate security by Adam Langley (Google Online Security Blog), Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France by Paul Ducklin (nakedsecurity blog), Google catches French finance ministry pretending to be Google by David Meyer (GigaOM)
Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Our Commitment to Protecting Your Information by Marissa Mayer (Yahoo!), After N.S.A. Disclosures, Yahoo Moves to Encrypt Internal Traffic by Nicole Perlroth (NY Times Bits Blog), Yahoo Will Follow Google In Encrypting Data Center Traffic, Customer Data Flow By Q1 ’14 by Matthew Panzarino (TechCrunch), Google encrypts data amid backlash against NSA spying by Craig Timberg (The Washington Post) Expert to warn Congress of HealthCare.gov security bugs by Reuters, Hackers throw 16 attacks at HealthCare.gov plus a DoS for good measure by Lisa Vaas (nakedsecurity blog), Healthcare.gov ‘may already have been compromised,’ security expert says by FoxNews.com
Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Nintendo cracks after month-long, 15.5 million-strong hacker bombardment by Lisa Vaas (nakedsecurity blog), Nintendo’s fan site hit by illicit logins, 24,000 accounts accessed by Jay Alabaster (Network World) IOActive Security Advisory: DASDEC Vulnerabilities by IOActive and Mike Davis, Monroe Electronics DASDEC Compromised Root SSH Key by ICS-CERT, Did brainless flaw in US Emergency Alert System lead to epic zombie attack warning? by Lisa Vaas (nakedsecurity blog), Root SSH Key Compromised in Emergency Alerting Systems by Steve Ragan (Security Week)
Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Important Message from Facebook’s White Hat Program by Facebook Security (Facebook), Facebook issues data breach notification - may have leaked your email and phone number by Paul Ducklin (nakedsecurity blog), Facebook squashes bug that exposed e-mail addresses for 6 million users by Dan Goodin (Ars Technica) New Bounty Program Details by swiat (Microsoft Security Research & Defense blog), Microsoft Launches $100K Bug Bounty Program by Kim Zetter (Wired), Microsoft ready to cough up (potentially big!) bounty bucks for bugs by Lisa Vaas (nakedsecurity blog)
Youtube video Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Articles Yahoo’s going to boot us off our deadbeat accounts, but who is going to grab them? by Lisa Vaas (nakedsecurity blog), Yahoo tries to breathe life into dead pool of email accounts by offering IDs to newcomers by The Associated Press (Yahoo! News) US FDA calls on medical device makers to focus on cybersecurity by Grant Gross (Network World), FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks by the Food and Drug Administration, Probing Insulin Pumps For Vulnerabilities by Soulskill (Slashdot), Content of Premarket Submissions for Management of Cybersecurity in Medical Devices - Draft Guidance for Industry and Food and Drug Administration Staff by the Food and Drug Administration