Podcasts about naked security

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:T-Mobile customer reports privacy breach - Twitter.T-Mobile US exposes some customer data – but don't call it a breach - The Register.T-Mobile denies new data breach rumors, points to authorized retailer - Bleeping Computer.Connectivity Source - Despite appearances, don't confuse it with T-Mobile.ThemeBleed exploit is another reason to patch Windows quickly - MalwareBytes.If I Embarrass My Baby on TikTok, Will He Stay My Baby Forever? - New York Times.They Gossiped At Brunch. Now There's a Mob After Them - Rolling Stone.The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech - 404 Media.Egg crack challenge,the last baby is so cute - YouTube.Trailer for “The Deepest Breath” - YouTube.“The Deepest Breath” - Netflix.Nitpick: Meaningless communications.Naked Security.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Device Trust for Okta. Watch the demo today!Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees...

The Five Eyes, alongside a couple of allies, issue a LockBit advisory. AI aids in proofreading phishing attacks. Anonymous Sudan mounts nuisance-level DDoS attacks against US companies. France alleges a disinformation campaign conducted by Russian actors. KillNet says it's partnered with the less-well-known Devil Sec. The private cybersecurity industry's effect on the war in Ukraine. Carole Theriault ponders oversharing on social media. Our guest is Duncan Jones from Quantinuum on the threats of Harvest Now, Decrypt Later tactics. And a note on this month's Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/114 Selected reading. Understanding Ransomware Threat Actors: LockBit (Joint Cybersecurity Advisory) U.S. Measures in Response to the Crisis in Sudan (US Department of State) Generative AI Enables Threat Actors to Create More (and More Sophisticated) Email Attacks (Abnormal Security) France Accuses Russia of Online Disinformation Campaign (Bloomberg) The Private Sector's Evolving Role in Conflict—From Cyber Assistance to Intelligence (R Street) Microsoft Patches Critical Windows Vulns, Warns of Code Execution Risks (SecurityWeek) Patch Tuesday: Critical Flaws in Adobe Commerce Software (SecurityWeek) Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes (Naked Security)

Two unsavoury websites suffer from a worrying leak, scientists are going animal crackers over AI, and the BBC is intercepting scammers' live phone calls with victims.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Hackers steal emails, private messages from hookup websites - TechCrunch.Scam Interceptors - BBC.‘They're coming up with devious ways to take your money': the TV hackers taking on the scammers - The Guardian.Did BBC break the law by using a botnet to send spam? - Naked Security.How a horse whisperer can help engineers build better robots - Science Daily.How Scientists Are Using AI to Talk to Animals - Scientific American.“I don't know”, sung by 76-year-old Paul McCartney - YouTube.“I don't know”, sung by AI Paul McCartney - YouTube.AI makes Paul McCartney's voice youthful - The Daily Beatle.“New”, sung by the AI Beatles - YouTube.AI Freddie Mercury sings “Yesterday” - YouTube.The Evaporated - Campside Media.Tetris - Apple TV+.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Zero Trust for Okta. Watch a demo today!Outpost24 - Understand your shadow IT risk with a free attack surface analysis.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on

Naked Security meets Sophos X-Ops! Duck and Chet dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it "Modern Auth", though it's more than a decade old, and is finally forcing Exchange Online customers to switch to it. Original music by Edith Mudge

Data's stolen from a US "Defense Industrial Base organization." Major sideloading cryptojacking campaign is in progress. Nord Stream and threats to critical infrastructure. US Cyber Command describes "hunt forward" missions in Ukraine. Andrew Hammond from SpyCast speaks with hacker Eric Escobar about the overlap of traditional intelligence and cybersecurity. Our guest is AJ Nash from ZeroFox with an update on the current threat landscape. Fraud meets romance. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/192 Selected reading. Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization (CISA) CISA: Multiple government hacking groups had ‘long-term' access to defense company (The Record by Recorded Future) US Govt: Hackers stole data from US defense org using new malware (BleepingComputer)  Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild (Bitdefender Labs) Drone-loaded seabed ship is latest weapon in Royal Navy's arsenal to counter Russian threat (The Telegraph) Opinion Undersea pipeline sabotage demands the West prepare for more attacks (Washington Post) Ukraine Hasn't Won the Cyber War Against Russia Yet (World Politics Review)  USCYBERCOM Executive Director David Frederick Outlines Cyber Threats & Highlights Importance of Industry Partnerships (GovCon Wire)  Romance scammer and BEC fraudster sent to prison for 25 years (Naked Security)

We're back from our summer break as we ask how did a cryptomining campaign stay unspotted for years, quiz special guest and infosec rockstar Mikko Hyppönen about his book, and ponder what spiders teach us about misinformation. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault). Warning: This podcast may contain nuts, adult themes, and rude language. Episode links: https://matadornetwork.com/life/20-funniest-finnish-expressions-use/ (The 20 Funniest Finnish Expressions (and How To Use Them)) - Matador Network. https://www.theregister.com/2009/05/18/sophos_does_klingon/ (Sophos punts anti-virus for Klingon) - The Register. https://nakedsecurity.sophos.com/2009/05/21/helsinki-named-klingonspeaking-capital-world/ (Helsinki named Klingon-speaking capital of the world) – Naked Security. https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ (Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications) - Check Point Research. https://www.ifitssmartitsvulnerable.com/ (If It's Smart It's Vulnerable) - Book by Mikko Hyppönen. https://www.science.org/doi/10.1126/sciadv.abo6254 (Psychological inoculation improves resilience against misinformation on social media) -Science Advances. https://www.who.int/news-room/spotlight/let-s-flatten-the-infodemic-curve (Let's flatten the infodemic curve) - WHO. https://www.cell.com/current-biology/fulltext/S0960-9822(22)01127-7 (The global spread of misinformation on spiders) - Current Biology. https://www.nytimes.com/2022/08/26/us/politics/misinformation-social-media.html (A Journey Into Misinformation on Social Media) - The New York Times. https://www.nytimes.com/2022/08/24/technology/google-search-misinformation.html (Google Looks to Vaccination to Combat Misinformation In Searches) - The New York Times. https://www.nytimes.com/2022/08/25/science/spiders-misinformation-rumors.html (Spiders Are Caught in a Global Web of Misinformation) - The New York Times. https://archive.org/details/DEFCON20Documentary (DEF CON: The Documentary.) https://carole.wtf/smashing-security-painting-giveaway/ (Smashing Security Painting competition) – http://Carole.wtf (Carole.wtf). https://oxfordartsociety.co.uk/open-exhibition-catalogue-2022/ (Open Exhibition, Summer 2022) - Oxford Art Society. https://www.smashingsecurity.com/store/ (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.gigamon.com/smashing (Gigamon) - Gigamon's latest report into the state of ransomware. https://l.kolide.co/3uSdmVj (Kolide) – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed!  Follow us: Follow the show on Twitter at https://twitter.com/smashinsecurity (@SmashinSecurity), or on the https://www.reddit.com/r/smashingsecurity (Smashing Security subreddit), or https://www.smashingsecurity.com/ (visit our website) for more episodes. Thanks: Theme tune: "Vinyl...

Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial intelligence. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Naked Security's Paul Ducklin. Plus don't miss our featured interview with Ian Farquhar of Gigamon. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.justice.gov/usao-ndca/pr/uber-enters-non-prosecution-agreement (Uber Enters Non-Prosecution Agreement Related to 2016 Data Breach ) — US Department of Justice. https://www.bloomberg.com/news/articles/2022-06-28/uber-former-security-chief-must-face-fraud-charges-judge-rules (Former Uber Security Chief Joe Sullivan Must Face Driver Fraud Charges ) — Bloomberg. https://techcrunch.com/2018/09/26/uber-to-pay-148-million-in-data-breach-settlement/ (Uber to pay $148 million in data breach settlement ) — TechCrunch. https://grahamcluley.com/uber-hackers-paid-data-breach/ (Uber paid hackers $100,000 to keep data breach quiet) — Graham Cluley. https://www.csoonline.com/article/3660560/uber-cisos-trial-underscores-the-importance-of-truth-transparency-and-trust.html (Uber CISO's trial underscores the importance of truth, transparency, and trust ) — CSO Online. https://nakedsecurity.sophos.com/2022/07/15/7-cybersecurity-tips-for-your-summer-vacation/ (7 cybersecurity tips for your summer vacation!) — Naked Security. https://www.sanas.ai/demo (Sanas demo.) https://www.prnewswire.com/news-releases/sanas-raises-32m-for-breakthrough-ai-technology-for-real-time-accent-translation-301572710.html (Sanas Raises $32M for Breakthrough AI Technology for Real-Time Accent Translation) — Sanas press release. https://spectrum.ieee.org/ai-accent-translator (This 6-Million-Dollar AI Changes Accents as You Speak) — IEEE Spectrum. https://www.newscientist.com/article/2288976-call-centre-workers-can-use-ai-to-mimic-your-accent-on-the-phone/ (Call centre workers can use AI to mimic your accent on the phone) — New Scientist. https://www.computerworld.com/article/2548265/a-little-less-accent--a-little-more-customer-service.html (A little less accent, a little more customer service ) — ComputerWorld. https://accentadvisor.com/what-is-accent-reduction/ (What Is Accent Reduction? ) — Accent Advisor. https://colinmorris.github.io/blog/compound-curse-words (Compound pejoratives on Reddit – from 'buttface' to 'wankpuffin') — Colin Morris. https://en.wikipedia.org/wiki/Melissa_(computer_virus) (Melissa computer virus) — Wikipedia. https://www.dedhamhall.co.uk/ (Dedham Hall.) https://poly.cam/capture/42434A6D-7BAB-4CAC-9059-73E914D703CA (3D capture of Carole Theriault) — Polycam. https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://bitwarden.com/smashing/ (Bitwarden)– Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.smashingsecurity.com/solcyber (SolCyber) – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren't being discriminating about who they're attacking, how can you settle for anything less? https://www.gigamon.com/smashing (Gigamon) - Gigamon's latest report into the state of ransomware. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on...

Pygmy hippopotamus bugs, DEF CON's data slip-up, and phishing fraudsters have their collars felt. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Paul Ducklin. Visit https://www.smashingsecurity.com/238 to check out this episode's show notes and episode links. We're going to be taking a holiday for a couple of weeks, but will be back with a regular show later in August. Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Paul Ducklin.

Simplified Security - E6 - Covid 19 Vaccine Info Leaks, Siemens releases multiple vulnerabilities, Ubiquiti tells its users to secure their account and more!Headlines:Leaked information surfaces from the December attack on European Medicines Agency on COVID-19 Vaccine.EMA Original Post:https://www.ema.europa.eu/en/news/cyberattack-european-medicines-agencyBleeping Computer's Posthttps://www.bleepingcomputer.com/news/security/hackers-leak-stolen-pfizer-covid-19-vaccine-data-online/ Siemens releases multiple Vulnerabilities in Web Server for Scalance X Products and Solid Edge.Siemens Scalance X Advisory:https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf Siemens Solid Edge Advisory:https://cert-portal.siemens.com/productcert/txt/ssa-979834.txt SEPA, Scottish Environment Protection Agency attacked on Christmas Eve.https://www.sepa.org.uk/about-us/cyber-attack/ Ubiquiti News,  https://community.ui.com/questions/Account-Notification/96467115-49b5-4dd6-9517-f8cdbf6906f3 Naked Security article for Homeschooling and how to stay secure. https://nakedsecurity.sophos.com/2021/01/13/home-schooling-how-to-stay-secure/ Symantec, Threat Intelligence Blog article on Solar Winds Attack.https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence ---Connect with me:Simply follow me on LinkedIn or Twitter.Subscribe to my Podcast Simplified Security:Google Podcasthttps://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5zb3VuZGVyLmZtLzk3NTgvcnNzLnhtbA Apple Podcasthttps://podcasts.apple.com/us/podcast/security-bits/id1542309317 For all other platforms such as Spotify, TuneIn, Amazon,Go to  https://icsbits.com/simplified/ Do not forget to Subscribe to my YouTube Channel and Enable Notifications:https://www.youtube.com/channel/UC9gRPRXg3s3ZPZZafouzOWA?sub_confirmation=1

Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security." Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack. https://news.sophos.com/20-years-of-cyberthreats Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security." Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack. https://news.sophos.com/20-years-of-cyberthreats Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

On Wednesday, the FBI, CISA and HHS released an unprecedented warning against "an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers." In this quick mini-sode, Chester Wisniewski (Principal Research Scientist at Sophos) discusses what the threat is, what this advisory means, and why this warning is a warning for everyone. With Kimberly Truong and special guest, Chester Wisniewski @chetwisniewski RESOURCES: Read the article from Naked Security https://nakedsecurity.sophos.com/2020/10/29/fbi-ransomware-warning-for-healthcare-is-a-warning-for-everyone/ Get tools and guidance to protect your organization https://www.sophos.com/en-us/content/healthcare-targeted-ransomware.aspx *** Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

On Wednesday, the FBI, CISA and HHS released an unprecedented warning against "an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers." In this quick mini-sode, Chester Wisniewski (Principal Research Scientist at Sophos) discusses what the threat is, what this advisory means, and why this warning is a warning for everyone. With Kimberly Truong and special guest, Chester Wisniewski, Principal Research Scientist at Sophos @chetwisniewski RESOURCES: Read the article from Naked Security https://nakedsecurity.sophos.com/2020/10/29/fbi-ransomware-warning-for-healthcare-is-a-warning-for-everyone/ Get tools and guidance to protect your organization https://www.sophos.com/en-us/content/healthcare-targeted-ransomware.aspx *** Original music by Edith Mudge www.edithmudge.com Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity twitter.com/nakedsecurity Instagram: NakedSecurity instagram.com/nakedsecurity

In this episode Duck discusses the iPhone "word of death", Peter shares a shocking ransomware story and Alice talks about a chatbot that shows empathy. Or so it says. Host Anna Brading is joined by Naked Security regular Paul Ducklin, Threat Response expert Peter Mackenzie and Producer Alice Duckett. Related articles: https://nakedsecurity.sophos.com/godaddy-unauthorized-individual-had-access-to-login-info https://nakedsecurity.sophos.com/adult-live-streaming-site-cam4-leaks-millions-of-emails-private-chats https://nakedsecurity.sophos.com/coronavirus-pandemic-coincides-with-spike-in-online-puppy-scams https://nakedsecurity.sophos.com/iphone-word-of-death-could-crash-your-phone-what-you-need-to-know

This week on the Naked Security podcast host Anna Brading is joined by Mark Stockley, Paul Ducklin and Matt Boddy. They discuss iPhone zero days, android botnets and how the founder and CEO of Twitter had his account hijacked. Do you have a question? Let us know and we’ll answer them next week. Related Naked Security articles: iPhone hacking: https://nakedsecurity.sophos.com/2019/08/30/sophisticated-iphone-hacking-went-unnoticed-for-over-two-years/ Twitter takeover: https://nakedsecurity.sophos.com/2019/08/30/jacks-twitter-attacked-phone-number-hacked/ Iphone Botnet targets set-top boxes: https://nakedsecurity.sophos.com/2019/08/30/botnet-targets-set-top-boxes-using-android-os/ Read our rdp research: https://sophos.com/rdp

This week on the Naked Security podcast host Anna Brading is joined by Mark Stockley and Paul Ducklin. They discuss sophisticated Instagram phishing attacks, jailbreaking iPhones and the latest social media hoax. Do you have a question? Let us know and we’ll answer them next week. Related Naked Security articles: Jailbreaking: https://nakedsecurity.sophos.com/apple-ios-update-ends-in-jailbroken-iphones https://nakedsecurity.sophos.com/emergency-ios-patch-fixes-jailbreaking-flaw Social media hoaxes: https://nakedsecurity.sophos.com/privacy-policy-change-hoax-infects-instagram https://nakedsecurity.sophos.com/hoax-alert-facebook-deadline https://nakedsecurity.sophos.com/please-dont-spread-the-facebook-giraffe-picture-hoax https://nakedsecurity.sophos.com/the-momo-challenge-urban-legend https://nakedsecurity.sophos.com/the-talking-angela-witch-hunt Phishing: https://nakedsecurity.sophos.com/instagram-phishing-uses-2fa-as-a-lure https://www.sophos.com/en-us/products/phish-threat.aspx

This week on the Naked Security podcast we discuss whether big tech companies are spying on you and the latest phishing scams. Do you have a question? Let us know and we’ll answer them next week. With Anna Brading, Ben Jones and Matt Boddy. Humans are listening to your voice recordings – Our articles are below: Microsoft: https://nakedsecurity.sophos.com/2019/08/09/your-skype-translator-calls-may-be-heard-by-humans/ And then updating its policy: https://nakedsecurity.sophos.com/2019/08/16/microsoft-wont-shift-on-ai-recordings-policy/ Facebook: https://nakedsecurity.sophos.com/2019/08/15/facebook-got-humans-to-listen-in-on-some-messenger-voice-chats/ Google and Apple: https://nakedsecurity.sophos.com/2019/08/05/google-and-apple-suspend-contractor-access-to-voice-recordings/ Apple saying no to backdoor the San Bernadino terrorist’s iPhone: https://nakedsecurity.sophos.com/2016/02/17/apple-says-no-to-iphone-backdoor-in-terror-case/ Sophos says No Backdoors: https://sophos.com/nobackdoors/ Phishing article Matt mentions: https://nakedsecurity.sophos.com/2019/08/20/serious-security-phishing-in-the-cloud-the-freemium-way/ Matt, Ben and Mark did some RDP research: https://sophos.com/rdp

The Naked Security podcast tells you how to keep crooks out of your home network, discusses whether the government should be able to read our private messages or not, and digs into the crooks behind the Baldr malware. With Anna Brading, Paul Ducklin, Mark Stockley and Ben Jones. This week's links: https://nakedsecurity.sophos.com/nas-vendors-hit-by-brute-force https://nakedsecurity.sophos.com/ep-025-business-email-compromise https://sophos.com/rdp https://nakedsecurity.sophos.com/five-eyes-nations-demand-access

The Naked Security podcast - now in Series 2! This week we investigate whether FaceApp is as dangerous as they say, how to keep logic bombs out of your software, and how to help youngsters stay safe online. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy. What we talked about this week: https://nakedsecurity.sophos.com/faceapp-panic-sets-internet-alight https://nakedsecurity.sophos.com/the-momo-challenge-urban-legend-what-on-earth-is-going-on/ https://nakedsecurity.sophos.com/how-my-instagram-account-got-hacked/ https://nakedsecurity.sophos.com/programmer-from-hell-plants-logic-bombs-to-guarantee-future-work/ https://www.youtube.com/watch?v=QEkoetCHVRY https://twitter.com/NakedSecurity/status/1153627392965042176 https://twitter.com/NakedSecurity/status/1152171399001366528

The Naked Security podcast is back - in our brand new studio! We present our latest research into RDP security and just how quickly crooks can find you online. Anna Brading talks to Matt Boddy, Ben Jones and Mark Stockley. https://sophos.com/rdp

The Naked Security podcast tells you how to make your web signup forms safer, explains how Android phones can be used as security tokens, and looks into a Facebook "hidden message" that escaped into the wild.. With Anna Brading. Paul Ducklin and Matthew Boddy. This week's links: https://nakedsecurity.sophos.com/serious-security-how-web-forms-can-steal https://nakedsecurity.sophos.com/android-phones-transformed-into-anti-phishing https://nakedsecurity.sophos.com/facebook-admits-supply-chain-data-leak Music by: https://purple-planet.com/

The Naked Security podcast reveals how long you can expect to go unnoticed online, explains why we still have applications where every bit matters, and comes up with a new vocabulary for "data loss" on the scale of MySpace's music file implosion. With Anna Brading, Paul Ducklin, Matthew Boddy and Benedict Jones. This week's links: https://nakedsecurity.sophos.com/knock-and-dont-run https://nakedsecurity.sophos.com/ep-025 https://nakedsecurity.sophos.com/serious-security-gps-week-rollover https://nakedsecurity.sophos.com/myspace-songs-come-back Music by: https://purple-planet.com/

The Naked Security podcast looks into the annoying problem of bloatware on Android phones, explains a zero-day bug in a TP-Link router and how it turned into bad PR, and gives you advice on how to keep crooks out of your web server. With Anna Brading, Paul Ducklin, Matthew Boddy and Benedict Jones. This week's links: https://nakedsecurity.sophos.com/preinstalled-android-software https://nakedsecurity.sophos.com/tp-link-router-zero-day https://nakedsecurity.sophos.com/supermarket-patches-its-web Music by: https://purple-planet.com/

The Naked Security podcast explains how to avoid losing money to the cybercrime known as BEC, or Business Email Compromise, and gives you tips on what to look out for when you plug new devices into your network. With Paul Ducklin, Matthew Boddy and Benedict Jones. This week's links: https://nakedsecurity.sophos.com/fbi-arrests-74-in-global-business-email-compromise-takedown https://nakedsecurity.sophos.com/why-you-should-be-cautious-of-emails-from-friends-or-colleagues https://nakedsecurity.sophos.com/7-tips-for-securing-the-internet-of-things https://nakedsecurity.sophos.com/what-if-your-security-camera-were-an-insecurity-camera https://nakedsecurity.sophos.com/upnp-flaws-turn-millions-of-firewalls-into-doorstops To get Sophos XG Firewall Home Edition (100% free): https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx Music by: https://purple-planet.com/

In this Naked Security podcast, we explain how to handle sextortion, look at techniques for getting rid of malvertising, and discuss the things that make randomness hard. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/final-warning-email https://nakedsecurity.sophos.com/cia-bribery-scam https://nakedsecurity.sophos.com/sextortion-whats-new https://nakedsecurity.sophos.com/chrome-will-soon-block-drive-by https://nakedsecurity.sophos.com/serious-security-when-randomness-isnt How to report cybercrime online: https://nakedsecurity.sophos.com/beware-sextortionists/#comment-5621990 Music by: https://purple-planet.com/

The Naked Security podcast explains why storing plaintext passwords is an unnecessary evil, investigates a cryptocurrency spat between a software maker and a disgruntled user, and tells you some earnest but unpopular truths about how to keep your children safe online. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/millions-of-utilities-customers-passwords-stored-in-plain-text https://nakedsecurity.sophos.com/disgruntled-dev-blames-crypto-wallet-for-losing-cryptocoins https://nakedsecurity.sophos.com/the-momo-challenge-urban-legend https://nakedsecurity.sophos.com/the-momo-challenge-why-its-time-to-stop-the-hype Related links: https://nakedsecurity.sophos.com/serious-security-how-to-store-your-users-passwords-safely https://nakedsecurity.sophos.com/the-passwordless-web-explained Music by: https://purple-planet.com/

Browsers are being Attacked.  Just this week we are hearing about another attack against the browsers we use daily listen in for more details. We have all seen reviews online. But can they be trusted?  Turns out --- maybe not.... New research is being done on Swine diseases in China. These diseases are rampant and now the Chinese are running full force to technology for answers. Android is trying to up their Security.  Listen in to find out what they are doing. The FTC has just issued a ruling on TokTok.  I'll be talking about that today too. Health records are now a big business. I'll tell you why so many of the big tech players are trying to get into the game. We will also talk about the MOMO challenge.   There's lots to talk about tech this week.  So grab a seat and join me.  For more tech tips, news, and updates visit - CraigPeterson.com --- Transcript: Below is a rush transcript of this segment, it might contain errors. Airing date: 03/02/2019 Researchers Our Smart Home Be Big Brother - Health Records On Smart Phones - New Browser Attacks - Momo Challenge Craig Peterson: 0:00 Hey. Hi everybody. Craig Peterson here, it's time for our weekly radio show. A lot to cover as always, it has been a very fun week. For me. I have really been enjoying this as we've been doing more and more content for our Insider's site, and the people who signed up for this master course. And welcome aboard. Thanks, everybody, for being with us. You are, I'm sure going to continue to love it. We've had great feedback, more and more people giving us just, you know, a little bit of encouragement, which I always, always appreciate. Let me tell you, it is difficult to put some of this stuff together and to do it. Yeah, you know, so I appreciate the appreciate should including here on the radio show. So welcome to everybody. I had a couple of conversations last week about some of the browser hacks that are going on so we're going to cover that again there's a new browser attack a whole new type the to really just kind of an old browser hack that is back again. Some very troubling news coming out of Hawaii and some scientists over there we're going to talk about and no, it's not about the volcano or global warming. It's about Alexa and what they're proposing trusting online reviews. This is a biggie, biggie, biggie, can you really trust them? And you know you go to a site like Amazon or eBay. And what do you see on there? You see people saying, Oh, this is the greatest thing ever. I love it. It's too big. And sometimes, oh, no, it's too small. It's never worked for me. How legitimate are those we rely on and those don't we know. We're going to talk a little bit about that China, they are doing some interesting things with pigs over there. you know, about the tracking that the law enforcement doing here to try and catch bad guys. And that makes sense, right? We want the bad guys caught on and off the street in London, the most surveilled city in the world, at least, it used to be, it's probably Shanghai nowadays. But in London, you can't go anywhere and not be caught on one of these closed-circuit cameras. Well they're doing the same thing now and trying and with pigs. And we'll talk about why Android it kind of, you know, kudos to them. They've had all kinds of security issues they now have part of what's called Fido available on their devices is a fast identity thing, we'll talk about that and its use. We're just not gonna have enough time today, the Federal Trade Commission is ruling is find here a $5.7 million to a company that has an app called TikTok. And this is under the law that was passe, man it's been a few years now, I can't remember. I'm kind of looking through the article to see if it says when it came up at the COPA regulations, and it went beyond the statutory limits as to say that story. And storing health records now is a big business and Apple's trying to get into the game as, as Google and of course, many others, because there's so much money in it. But how about the privacy side of it is Apple going to continue to keep your data private. and in this case your medical data private. We've got a note to this week, from one of the listeners to the podcast, he texted me and he was asking about this Momo challenge, then. So I want to bring that up as well. So a very busy day. Today, I'm going to try and keep these things short. But you know me I'll just have to explain them in a little bit to detail. So here we go. Now, you've been online, I'm sure you've been to YouTube. This even made it onto most of the news sites is 24/7 news cycle that we have nowadays. But that bucket challenge writes the Ice Bucket Challenge. It was phenomenal. From a fundraising standpoint, it really helped to raise some funds for a very good cause. And the whole idea was, Hey, I'm going to get a bucket of water, I'm going to fill it with ice. And I'm going to dump it over my head. And it's part of a fundraising campaign where people would donate, you know, and if you do it I'll give you 10 bucks, or I'll donate 10 bucks to it. And so they did it, which is really kind of cool. I'm glad they did all of that. Well, there's an internet home that's been around for a while now it is a hoax. But there is a problem with this as well. And it's called the Momo challenge. It's been spread by users on Facebook has been talked about in the media and different channels. And the whole idea behind this reporting is that children and teens are getting enticed by this username Momo, to ultimately commit suicide. And the whole concept is you start out small, you do some  you know, almost innocuous things, and then it gets keeps getting more and more violent. There's attacks and then eventually suicide. And it really reached worldwide proportions last summer, in July 2018, and the number of actual complaints was actually quite small. And there's no police force that is out there right now that I could find that reported that anybody was ever harmed as a result of this phenomena. no direct result, right? There could be other things and there's a great by the way page about this up on Wikipedia that you might want to check out. But reports about this and the awareness of the digital challenge rose again this month after police in Northern Ireland posted a public warning on Facebook. And that's a problem it keeps popping up. As you know, we're actually concerned parents concerned police departments are trying to say hey, listen, everybody, keep an eye on what your kids are doing online because it could be very dangerous, which is very, very true. It could be. Let's see Momo WhatsApp messages apparently are being used to try and convince people to contact them and their cell phone there are some other ones out there known as blue whale where players quote unquote players are instructed to perform a succession of tasks and refusing to do so gets met with threats. So, the messages are often accompanied by frightening or gory pictures. It really does appear to be a hoax. I've got a country by country breakdown where they have looked at this and the problems Quebec the police forces of the Longueuil, Sherbrooke, and Gatineau have indicated that people in their jurisdiction have been approached to participate in the Momo challenge. But there are no reports of any victims. They're asking people not to use a phone number provided in the WhatsApp messages to send screen captures and images of the of the phone to police authorities. Bottom line the phone numbers that have been used in these hoaxes just don't work. It goes through Columbia, Europe, Brazil, France, Germany, Luxembourg, India, Mexico, so pretty extensive run down and you'll find that online as well. Just look up Momo challenge over on Wikipedia. And thanks to the listener that sent in that question. It's a good question and good concerns. And it's hit the news cycle again, because of these police in Northern Ireland. So next up here, let's talk about this new browser attack that has been hitting people. Now one of the most interesting parts of this to me is it's not really a new attack. This particular type of attack was first documented in a research paper back in 2007, this new attack is called MarioNet. And what it does is it is opening the door for creating huge bought net and button that's are used to do a lot of things. They're used to attack businesses, somebody they don't like for their political opinion might be attacked with a botnet and the botnet then ends up sending just malicious data, basically, to whoever the intended victim is. So their website goes down, and they can no longer really conduct business at all. That's what a botnet that is there. They're also used for other types of attacks. And now the real big thing for botnets is called cryptojacking. And what cryptojacking does is it allows the bad guys to use your browser your machine in order to earn Bitcoin for themselves. And just oversimplifying it dramatically. Now, previous versions of this allowed you when you shut off your web browser, or close the window, get what it's no longer running. So the bad guys, we're not using your computer any longer. However, there is a new feature that has been added to the modern web browsers, it's using an API called service workers. And this allows the website to isolate the operation of the service worker from a web page. And the idea is that the web page UI isn't going to freeze up when it's processing a lot of data. So you could go and this is there are legitimate purposes for this, you go to a website, and you wanted to have a look at something that a history of 23andMe type of site, for instance, I might do real-time live analysis, which 23andMe does not do, by the way, I don't want you to think poorly about them for that. But the service workers really are an update to an older API. But now this MarioNet, which is actually supposed to be pronounced to marionette, but it's spelled MarioNet, it's taken advantage of these things. It's a very silent attack, it doesn't require any user interaction at all the browsers on going to alert you about it, they're not going to ask for permission before registering your service worker. everything's happening under the browser's hood as the user waits for the website to load. And about, the only thing you're going to notice is that if it's used for cryptomining is that your machine is going to slow down, slow down a lot. But let some place malicious code on your high traffic websites gain a huge user base, it's it's a very scary thing. And there's not a whole lot that you can do about it, unfortunately. So the research is going on, it's been discovered. So, expect patches from all of the major vendors out there. And they will be hoping, hoping to have them fix this. Some vendors are course better at patching than others. And you already know who I think are some of the better ones. If you want privacy then the Epic browsers. Fantastic. The Google Chrome browser is the industry standard browser, frankly, very good browser. And Safari is very good. Dead last one you should never use is Microsoft Internet Explorer. They have their new Edge browser, which is nowhere near as bad as Internet Explorer. But Microsoft has come to realize that all other browsers are terrible. So Microsoft is switching over to Google Chrome. So in the future, the little IE button is going to launch the new Edge browser, which is not really IE Internet Explorer, nor is it edge it is actually Google Chrome. So how's that for a good time for all but at least Microsoft is finally realizing that they have no idea how to make a good web browser, right. So let's talk a little bit here about your health record, Great article that NPR has up, on their website about storing health records. I saw a lot of mentions of this all over the internet. So I had to have a look at it myself. And he, Well, he would back up a little bit. The author of this is Laura Sidell, and it's talking about Sam Cavalier, he's a San Diego tech worker. And he is using Apple's Health app. And a lot of us are, particularly people who have the Apple Watch, who might have some concerns about their cardiac rhythms. All of that stuff can be tracked now on your Apple device. So he's using the Apple Health app in order to keep track of his weight to his exercise routines, how many steps he takes a day find that really too when I'm going out and I'm walking, how far have I walked, where did I go, and I'll do the walk around the mall in the walk around the blocks. And it's really kind of nice to be able to see that and have that all tracked. Well since March last year. So about a year now, Apple's had a feature that allows people to store their medical records as part of the Health app information. Then the University of California, San Diego health where this guy, the same guy goes to get his medical checkups, etc. But UC San Diego is one or more than 200 healthcare providers in the US who are using this new health records feature. He travels a lot for work, he likes to keep track, that was blood pressure. And he has a special confidence link to his health app. And he likes the convenience of having that app and really having all those records there with them. If you travel a lot, it's can be phenomenal to have all of your health records with you in case something were to happen, right? Doesn't that make sense? And then the doctor can also look at it and see what the trends are, and analyze where they're not, there might be some sort of a real problem with the guy's health that they may be want to have a look at. Well, the global health industry is expected to reach $10 trillion by 2022, which is absolutely phenomenal. Just health alone is bigger than any economy of any country other than the US and China. And I mentioned earlier, we've got Apple who's in the foray, Google is in it. And so is Amazon and Microsoft, trying to get a piece of the medical pie in retail pharmacies, artificial intelligence for disease detection, and healthy living apps. And we've seen some of these apps, we've seen already that some of these computer programs are better at spotting skin cancer than even a cancer doctor is, that's actually pretty cool when you get right down to it. And they let you take a picture of moles, and they track the moles over time. And they look at the edges of the moles to see if they are real little rough, they look like there might be precancerous, etc. So the AI part of it, at least machine learning is really going to go a long way. And Apple has invested a lot in machine learning. If you have one of the newer iPhone models, it has a machine learning chip dedicated to machine learning built right into it kind of makes me wonder if maybe that's part of Apple's goal. That's why they put it in there. And part of the reason I should mention too is Apple tries not to send any data up to the cloud that it doesn't absolutely have to send up to the cloud. Which also means makes a ton of sense to me anyways. It's not like Google or Amazon that basically send everything up to the cloud for processing. Apple tries to process it locally, which is really good from a security standpoint. So where are things going? I read a really great article about Apple and their direction just yesterday because a lot of people are saying, Hey, listen, iPhone sales are slowing down. Is this the end of apple? What should we be worrying about it? What should we be doing? And it turned out that no, no, no, none of those things were true. Apple is looking to get into the service areas. And one of them, of course, is health care. Now, having privacy as a key like Apple does, and has done for quite a while is a big, big, big win for our friends over at Apple, because people are now used to expecting maybe that's even a better way to put it. People are expecting Apple to keep their data safe. And frankly, I think they will. Their CEO, Tim Cook's been very vocal about privacy rights. He also is really ticked off at Google and Facebook for making money off of user data, which is I know, I go back and forth on that. But they certainly do keep it private. So how about you? What do you want to do? Do you want to give your medical data to any of these big companies, Facebook, or Amazon, Google, Microsoft or Apple, there are pros and cons to all of it. And the whole HIPAA regulations, that whole thing was supposed to make it so that our information would be digitized. And we could take it with us as we moved around the country or change doctors. But somehow that really hasn't come into fruition. Frankly, I don't know that it will, hey, I want to talk about this other thing right out of the universities. This is the University of Bergen. And we're going to talk about this conference over in Hawaii, and how this could have a huge, huge impact on our privacy. There was a conference in Hawaii here recently. And they were talking about our fish, artificial listening devices. And we have those all over the place, we just found out that if you have a certain smart thermostat that's been on the market for a while that built into it was a microphone people had no idea it was there. And I personally don't like that idea, right. So it had a built-in microphone that was kind of hidden. Frankly, there's no mention of it in the marketing materials in the owner's manual, nothing. And then the company decided just about two weeks ago, hey, we're going to turn on that microphone so that you can ask questions and get things done. And it's a piece of hardware that Amazon had picked up through one of its acquisitions. So we have these we have the Amazon Alexa is we have our series, we have our Google Homes, and there will be many others, of course, coming over the years, I'm sure, but one of those three is probably going to be the winner. So we have these in our homes. We've already talked on the show about police departments who have since subpoenas to get the audio from these devices. And frankly, those subpoenas don't really go very far. Because they don't really have the audio from the devices, all they'll have is the audio for about 30 seconds after you give it the wake word whatever your wake word is. So in other words, you might wake it up by calling a computer or whatever might be, and it responds, it listens for up to 30 seconds, sends out audio up to the cloud words process tries to figure out what you're talking about. And then and then goes ahead and processes. And I should mention too, that on that exact same front, a lot of people are upset with Apple, and how Siri just doesn't perform as well as Alexa does, for instance, or as Google Home does. And I want to remind everyone, again, it's a trade-off on privacy in the apple space. It's trying to do as much of the processing locally as it can. And so it doesn't have all the benefits of all of the cloud data that has been collected and stored and analyzed by the other competitors out there. So Apple, Apple is in a bit of a disadvantage because of their privacy stuff. Anyhow, the devices are listening. So these scientists over at the University of Bergen decided, hey, let's do a little bit of study on these devices. Can we turn these into monitors for the home? And what they are suggesting is that these smart devices should have built into them in the future what they're calling a moral artificial intelligence so they're sitting there listening to what's going on they should be able to say wait a minute and it sounds like somebody's getting a beating, somebody's a whooping. Okay. And whooping weapon me not a great idea, right? But is frankly, the device really shouldn't be responsible to try and decide whether or not it should call the police on your behalf. I get it if you tell it if you wake it up and say you know, call the police it should right but if it's just listening does not sound like 1984 is in that very Orwellian where it's listening and it tries to make decisions based on all of this, right? It's, it's an interesting problem. If you ask me. The University of Cambridge has stepped in and made their little comment saying humans and human situations are far messier than what the scientists over there from Norway, University of Bergen has been really saying and contemplating. Because you think about family and family dynamics, and there can be some pretty heated arguments, but that doesn't mean that there's a crime committed or someone was particularly harmed and when we see some agencies being very, very ready to just grab children and run away and then investigate later is is it something that's legitimate, something we should be doing? We had in the UK in April 2018, the House of Lords artificial intelligence committee said that ethics need to be put at the center of the development of AI so there you go. And Britain they're poised to become a world leader in the controversial technology field of you guessed it moral artificial intelligence. And remember, I said the Londoners are some of the most surveilled people in the world. It's very, very interesting. Also, in the UK, they are European actually parliament, they are looking at creating a legal status for robots. And it goes on and on. We have a lot of things we've got it assigned on over the next few years when it comes to artificial intelligence tracking us. And this whole concept of moral artificial intelligence, which frankly, really kind of scares me. Well, I don't want this article to just go away. We have a couple of minutes left here. And today's show. So let's talk about this. This is called Fido, it's been around a little while. If you use your key or some of these other hardware tokens, many of them tie into Fido. And the idea behind Fido is to have a mechanism that gets rid of a password. That's the bottom line here, password list web. And that's the goal. So if you go on to the Internet, and you go to a particular website, the idea is that you can use this Fido certification to figure out if it's really the person that says it is right. So automated Google Play Services update is going to push that to your device. If you have that turned on. You can this is for Android, obviously they can log in with other forms of authentication compatible with final to spec like the yubi keys are or Google Titan. Titan was an internal project at Google, they use it for life getting into all of their devices. And now they are marketing that it's available for purchase. So have a look at that as well. We're helping a lot of businesses move over to start using hardware keys, particularly in the medical and legal realms, where access to information is severely limited on the legal side, right. So let's see final two supports can allow Android to accept secure web logins using these devices including Bluetooth by the way so you can use your smartphone as part of your identifier Google's anticipating fingerprint nothing authentication will be the easiest way just like to become the users preferred method and in this case it doesn't send your fingerprint to the website the fingerprint is analyzed locally and then there is a cryptographically secure handshake that occurs between the website and your final compatible device anyways, there's a lot there. Naked Security blog had a very good article on this if you're interested. It's up on my website as well. http://CraigPeterson.com. But that's it for now. I had a couple of really great webinars this week. I want to mention one for the FBI Infragard. This is their National Cyber camp program and it's really really kind of cool so I did a whole webinar on that for the leaders in all of the 80 Plus Local in for guard chapters. But as you're thinking about summer and summer programs and camps, have a look at that if you are an InfraGard member and if you're not, check it out Infragard.org. You'll find out more there, about what they're doing with this whole FBI related program. So, that's it for this week. Have a great week. And we'll be chatting again soon. You've been listening to Craig Peterson and all of this can be found at http://CraigPeterson.com. Bye-bye. ---  Related articles: New Browser Attack Lets Hackers Run Bad Code Even After Users Leave A Web Page Alexa, Call The Police! Smart Assistants Should Come With A ‘Moral Ai’ To Decide Whether To Report Their Owners For Breaking The Law, Experts Say Can You Trust Online Reviews? Here’s How To Find The Fakes China’s Tech Firms Are Mapping Pig Faces FTC Ruling Sees Musical.Ly (Tiktok) Fined $5.7m For Violating Children’s Privacy Law, App Updated With Age Gate Storing Health Records On Your Phone: Can Apple Live Up To Its Privacy Values? Android Nudges Passwords Closer To The Cliff Edge With Fido2 Support --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

The Naked Security podcast investigates a massive medical data blunder, tells you how NOT to do vulnerability disclosure, and asked whether password managers do more harm than good. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy. This week's stories: https://nakedsecurity.sophos.com/milions-of-private-medical-calls-exposed https://nakedsecurity.sophos.com/virus-attack-hackers-unleash https://nakedsecurity.sophos.com/password-managers-leaking-data Music by: https://purple-planet.com/

The Naked Security podcast explains the recent security hole in Linux products such as Docker and Kubernetes, ponders whether Apple's insistence on 2FA for developers will bring rogue apps under control, and tells you whether to worry about booby-trapped USB cables. With Anna Brading, Paul Ducklin and Greg Iddon. This week's stories: https://nakedsecurity.sophos.com/linux-container-bug-could-eat-your-server https://nakedsecurity.sophos.com//apple-fighting-pirate-app-developers https://nakedsecurity.sophos.com/evil-usb-o-mg-cable Music by: https://purple-planet.com/

The Naked Security podcast pokes a stick into the latest critical security bugs in Android, investigates the dubious art of iOS screenshots you didn't take yourself, and marvels at the USB drive that survived a seal's digestive tract. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/android-vulnerabilities-open-pie https://nakedsecurity.sophos.com/iphone-apps-record-your-screen https://nakedsecurity.sophos.com/anyone-want-to-lay-claim-to-the-usb Music by: https://purple-planet.com/

The Naked Security podcast looks at who was at fault in a network home invasion, investigates how both Google and Facebook fell foul of Apple's developer rules, and answers the vital question, "Which is better, Android or iPhone?" With Anna Brading, Paul Ducklin and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/hacker-talks-to-baby https://nakedsecurity.sophos.com/apple-kicks-facebook https://nakedsecurity.sophos.com/google-says-sorry https://twitter.com/NakedSecurity/status/1090960185441562624 Music by: https://purple-planet.com/

stdout.fm 15번째 로그에서는Seocho.rb 첫 번째 모임, AWS 람다를 사용한 이미지 변환, 안전한 패스워드 관리, 1Password 등에 대해서 이야기를 나눴습니다. 참가자: @seapy, @raccoonyy, @nacyo_t Patreon: stdout.fm 정기 후원 Seocho.rb 첫 번째 모임: 서버리스 루비 | Festa! 대안언어축제 - anpshare 캐시노트 - 가장 쉬운 매출관리 캐시슬라이드 - 모바일 혜택의 시작 프로그래머스 기계인간 on Twitter: “판교에서 본 프로그래머스 구인 광고. @codingwarrior_… “ 룩핀 AWS Lambda@Edge에서 실시간 이미지 리사이즈 & WebP 형식으로 변환 – 당근마켓 팀블로그 Lambda@Edge - AWS Lambda 왜 굳이 도커(컨테이너)를 써야 하나요? - 컨테이너를 사용해야 하는 이유 | 44bits.io AWS Lambda를 이용한 이미지 썸네일 생성 개발 후기 – 당근마켓 팀블로그 서버 비용을 70%나 줄인 온디맨드 리사이징 이야기 - VCNC Engineering Blog WebP - Wikipedia Home | Google Summer of Code ZZERJAE – Devlog Planet Hackathon 2018 by GDG x 9XD - Goree HackerX Accept HTTP 요청 헤더 | MDN AWS Summit 2019 커뮤니티 트랙 발표 신청 The Worst Passwords of 2018 100-50 | SplashData xkcd: Password Strength 가장 안전한 비밀번호 관리 솔루션 | 1Password NIST’s new password rules – what you need to know – Naked Security Password strength - Wikipedia 가장 안전한 팀용 비밀번호 관리 솔루션 | 1Password Exclusive: Apple to deploy 1Password to all 123,000 employees, acquisition talks underway – BGR (일본어) Apple은 패스워드 관리 애플리케이션 1Password를 전 사원에게 배포했나 | gori.me Hands-on with 1Password and iOS 12’s Password AutoFill feature - 9to5Mac Publisher Sign Up | CJ Affiliate by Conversant (Formerly Commission Junction) LessPass 1Password Watchtower 범죄 악용 ‘알패스’ 결국 서비스 종료…이스트소프트 “보안이슈 때문 아냐” You should change your Twitter password right now | TechCrunch Mac에서 Touch ID 사용하기 - Apple 지원 Mac에서 FileVault를 사용하여 시동 디스크 암호화하기 - Apple 지원

The Naked Security podcast looks at high-value email crime, Google's latest attempt to clean up the Play Store, how you can buy a billion email addresses for just $45, and the conspiracy theories that say the "10 year challenge" is a dangerous trap! With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. https://nakedsecurity.sophos.com/email-crooks-swindle-woman https://nakedsecurity.sophos.com/google-locks-down-access https://nakedsecurity.sophos.com/vast-data-berg-washes-up https://nakedsecurity.sophos.com/is-the-ten-year-challenge Music by: https://purple-planet.com/

Naked Security looks at whether the latest USB hardware proposals will be used for security or for anti-piracy, investigates an open-source toolkit for bypassing 2FA, and explains how the US government shutdown is affecting online security. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. https://nakedsecurity.sophos.com/usb-c-authentication-sounds-great https://nakedsecurity.sophos.com/2fa-codes-can-be-phished https://nakedsecurity.sophos.com/shutdown-hits-government-web Music by: https://purple-planet.com/

In this Naked Security podcast, Anna Brading, Paul Ducklin and Mark Stockley confront the latest cybersecurity threats affecting WordPress, Android and Flash. https://nakedsecurity.sophos.com/massive-botnet-chews-through https://nakedsecurity.sophos.com/android-click-fraud-apps https://nakedsecurity.sophos.com/flash-zero-day-exploit-spotted Music by https://purple-planet.com/

On the Naked Security podcast this week: Marriott's huge and scary data breach, a bug in software management software could be a data thief's goldmine, and a self-righteous "hacker" prints out an advert on 50,000 internet printers. With Anna Brading, Mark Stockley, Matthew Boddy and Paul Ducklin. (Music: purple-planet.com)

Naked Security editor-in-chief Anna Brading is back in the presenter's seat, talking to Mark Stockley, Matthew Boddy and Paul Ducklin about the lessons we can learn from the latest cybersecurity news.

This week, Naked Security editor-in-chief Anna Brading talks to Sophos experts Paul Ducklin, Mark Stockley and Matthew Boddy about: a security flaw in the WhatsApp app, a shopping site compromise using rogue JavaScript, and the in-your-face cybercrime known as sextortion. (Music: purple-planet.com)

Naked Security experts Paul Ducklin, Matt Boddy and Mark Stockley teach you what to do about the recent Facebook breach, and discuss how to make mobile security more than just "some annoying thing on my phone that gets in the way." (Music: purple-planet.com)

This month the team discusses Alexa telling its owner : All I see is people dying Other topics include The whole of WordPress compiled to .NET Core and a NuGet Package with PeachPie Amazon WorkSpaces PHP: Use associative arrays basically never — Steemit Less than 75 days until WavePHP https://www.wavephp.com/ Linux distro hacked on GitHub, “all code considered compromised” – Naked Security

Chester and Ben talk about the week's security news including the latest Flash and Internet Explorer zero-day vulnerabilities, insecure toys being yanked from major retailers, Naked Security's award winning performance at InfoSec Europe 2018, the debate of a public postmortem at the City of Atlanta and the conviction of Yahoo! hacker Karim Baratov.

Charlotte Williams from Naked Security talks to Sophos experts Matt Boddy and Paul Ducklin about the EFAIL in email, a gift-horse bug in Red Hat Linux, and what happens when sniffer dogs join your cybersecurity team. (Music: purple-planet.com and codices.bandcamp.com)

Charlotte Williams from the award-winning computer security website Naked Security talks to Sophos experts Matt Boddy and Paul Ducklin about old-school malware, how to judge Patch Tuesday, and what to do about Facebook. (Music: purple-planet.com and codices.bandcamp.com)

Paul Ducklin from the award-winning computer security website Naked Security talks to Sophos experts Matt Boddy and Fraser Howard about password cracking and HTTPS. (Music: purple-planet.com and thespacelords1.bandcamp.com)

Paul Ducklin from the award-winning computer security website Naked Security talks to SophosLabs researcher Fraser Howard about a growing trend in cybercrime: cryptojacking, where the crooks mine cryptocurrency and keep the loot, but you pay for the electricity. (Music: purple-planet.com)

Gizmodo's attempt to reveal Donald Trump's administration ineptitude when it comes to cybersecurity fails to impress. Mac users are warned that the HandBrake DVD-ripping app has been compromised by malware.  And will the US Army insist IT security professionals spend months ironing their bedsheets..? All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin from Sophos. Show notes: Here's How Easy It Is to Get Trump Officials to Click on a Fake Link in Email - Gizmodo. Opinion: Some thoughts about Gizmodo's Phishing story - CSO Online. Mac video app HandBrake – now with free spyware - Naked Security. OS X malware spread via signed Transmission app... again - Graham Cluley. DOD’s new Internet strategy boosts role in defending “US interests” - Ars Technica. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Special Guest: Paul Ducklin.

On May 4th 2000, the Love Bug virus (also known as ILOVEYOU or LoveLetter) rapidly spread around the world, clogging up email systems. Computer security veterans Graham Cluley and Carole Theriault are joined this week by special guest John Hawes for a trip down memory lane.  Show notes: Memories of the Love Bug worm - Naked Security "Subject: I Love You" movie trailer - YouTube   Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Special Guest: John Hawes.

Hotel malware has been stealing guests' payment card details... again, should businesses relay delay rolling out vulnerability patches, and Burger King's Whopper TV ad campaign tries to take advantage of viewers' Google Home devices with predictable results. All this and more is discussed by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin. Show notes: InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region - IHG. Affected hotel look-up tool - IHG. Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware - Bitdefender. Microsoft patches Word zero-day booby-trap exploit - Naked Security. Microsoft zero-day vulnerability was being exploited for cyber-espionage - Graham Cluley. The Shadow Brokers - Wikipedia. Burger King's 'OK Google' sad ad saga somehow gets worse - The Register. Burger King Connected Whopper ad - YouTube. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Special Guest: Paul Ducklin.

How does online tracking and advertising work? Popping the publishing bubble: A great overview about what the iOS 9 ad blockers mean for online advertising (Stratechery) Data collection by loyalty programs (Choice) How supermarkets get your data & what they do with it (The Guardian) Online tracking systems, how do they work (NewFangled) Tracking the trackers: What are cookies? An introduction to web tracking (The Guardian) Online tracking: If they are watching, should you watch too? (NewFangled) A large tracking investigation (The Wall Street Journal) Don't track us (Duck Duck Go) I'm being followed: How Google, & 104 other companies, are tracking me on the web (The Atlantic) Facebook isn't free - it has made you its product (Computerworld) The decline of newspapers (Wikipedia) The Age The Herald Sun Newspaper Death Watch The future of print: Newspapers struggle to survive in the age of technology (Harvard Political Review) Newspapers' ongoing search for subscription revenue: From paywalls to micropayments (The Conversation) The data are in: Newspapers aren't going to get enough digital subscribers (Mumbrella) Apple Pay PayPal Elon Musk & PayPal (Wikipedia) Are micropayments a viable way to support the news business? (The Conversation) LaterPay, a German payment infrastructure company, offers micropayments with a twist (NiemanLab) Is downloading really stealing? The ethics of digital piracy (The Conversation) Stranger Things (NetFlix) Here's how much Apple Music is going to pay artists (Business Insider, Australia) Real-time bidding: What the bots run around doing behind the scenes before an ad appears on your screen (Wikipedia) Behavioural networks: A quick summary of what happens from cookie collection to the ads you see (Mike On Ads) An explanation of cookie matching & real-time bidding (Mike on Ads) "An ad exchange is a technology platform that facilitates the buying & selling of media advertising inventory from multiple ad networks" (Wikipedia) What is an ad exchange (Marketing Land) A discussion about typical cuts made during bidding in online ad exchanges (Quora) The DoubleClick ad exchange (Google) The Like button (Wikipedia) Likejacking: A form of 'clickjacking' where someone hijacks your Likes (Wikipedia) Court rules against the use of Facebook's Like button: Shopping site accused of violating German privacy laws (DailyMail, Australia) How to stop Facebook from tracking you (Business Insider, Australia) Is every browser unique? Results fom the Panopticlick experiment (Electronic Frontier Foundation) Panopticlick: Test your browser's ability to protect you from online tracking...Lucy failed badly (Electronic Frontier Foundation) Wall Street (Wikipedia) Pauline Hanson (Wikipedia) Safari's ad blocker: "Blocks all annoying ads & supports websites by not blocking unobtrusive ads by default" (Apple) A discussion about why we keep seeing targeted ads after we've bought the thing (Quora) Targeted ads after I buy something are really annoying (Brad Ideas) Loyalty cards help build a profile on you: The store nerds who know everything about you (news.com.au) The Woolworths 'rewards' loyalty card (Woolworths) Hmm...interesting: The Commonwealth Bank now has a 'loyalty app' where you can conveniently store all your loyalty cards in the one place...close to your bank account details (CommBank) How Target figured out a teen girl was pregnant before her father did (Forbes) What is big data? (Forbes) 20 facts about big data (Forbes) How big data can be useful for businesses (Business.com) Why big data is a big deal (Harvard Magazine) An example of an Australian data company (Quantium) An example of an American data company (Ghostery) Kim Dot Com Proximity marketing: "The localised wireless distribution of advertising content associated with a particular place"...very 'Minority Report' (Wikipedia) Is your smartphone broadcasting your movements when you shop? (Naked Security) Convenience or security: You can't have both when it comes to Wi-Fi (TechRepublic) At Starbucks, data pours in. But what to do with it? (Advertising Age) Is Wi-Fi at Starbucks safe? (Forbes) The search engine that doesn't track you (Duck Duck Go) Google Maps has been tracking your every move: Google works better because it tracks you...creepy but handy (Junkee) Tom Hanks (Wikipedia) The most expensive Google AdWords keywords in the US are 'San Antonio car wreck attorney', for USD$670.44 (Quartz) The most expensive Google AdWords keywords in Australia include 'Life insurance co.', for AUD$150.30 (The Website Marketing Group) The 100 most expensive keywords on Google: Infographic (webpagefx) Google has its own ad exchange: Google DoubleClick AdX (Google) Google AdWords charges on a pay-per-click basis (Word Stream) We use Blubrry to vaguely track our listenership, but it tells us very little (Blubrry) Gold 104.3 FM: Play Africa by Toto goddammit! (Gold 104.3) Minority Report (Wikipedia) Philip K. Dick (Wikipedia) Where are you from? Send us a postcard! Strange Attractor, c/ PO Box 9, Fitzroy, VIC 3065, Australia Corrections Not really sure if highly targeted ads cost more per click...this post from Facebook suggests the more 'relevant' you make your ad to your target audience, the cheaper it will be (Facebook Business) Further to above: How much do I have to pay on Facebook? (Qwaya) Further further to above: 6 factors that drive up the cost of your Facebook ad conversions (AdEspresso) Cheeky review? (If we may be so bold) It'd be amazing if you gave us a short review...it'll make us easier to find in iTunes: Click here for instructions. You're the best! We owe you a free hug and/or a glass of wine from our cellar

Join Sophos experts Chester Wisniewski and John Shier for the latest episode in our weekly security podcast. This week: daily December tips on Naked Security, a big breach at VTech, insecurity-by design in the IoT, Geekweek, a cybercrime bust...and Sophos Home as a present for the festive season!

Paul Ducklin hooks up "live at RSA" with Naked Security writers Chester Wisniewski and John Shier for a Conference Special podcast. This half-length Chet Chat packs in one-quarter humour, five-eighths news and two-thirds insight - find out what was good, weird, interesting, or all of the above, at this year's RSA 2014 event!

Chet and Duck say goodbye to San Francisco, thank their fellow bloggers for Naked Security winning the Best Corporate Security Blog, discuss their favorite stand and talk a bit about how "big data" plays with security.

Chet Wisniewski and Michael Argast of Sophos Canada go over the week's big security news, including the Boonana Trojan, and give a shout-out to the new Sophos security blog, Naked Security: http://nakedsecurity.sophos.com/

Chester Wisniewski and Paul Ducklin, Head of Technology, Asia Pacific discuss the open letter Naked Security published to Facebook and all the latest from Infosec Europe 2011.