Shared Security Podcast

Guarding AI Agents: Boundaries and Safeguards

Tom Eston — Mon, 15 Jun 2026 00:00:20 -0400

AI agents are useful, but they become risky when they can take action in real systems. In this episode, Tom Eston discusses recent reporting about attackers tricking Meta’s AI support chatbot into helping hijack Instagram accounts, and why that story matters far beyond social media. Tom explains practical guardrails for AI agents: read-only access first, human approval for consequential actions, separated accounts and contexts, prompt-injection awareness, least privilege, logging, monitoring, and adversarial testing for support and account recovery workflows.

Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

** Links mentioned on the show **

Podcast: Hackers Asked Meta AI To Let Them In. It Worked
https://www.404media.co/podcast-hackers-asked-meta-ai-to-let-them-in-it-worked/

The Verge summary of the Meta/Instagram AI support chatbot exploit
https://www.theverge.com/tech/941179/meta-instagram-ai-support-chatbot-exploit-hacked

** Watch this episode on YouTube **
https://youtu.be/TL3MGnI4hUU

** Become a Shared Security Supporter **

Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Guarding AI Agents: Boundaries and Safeguards appeared first on Shared Security Podcast.

Mobile Application Security: What Every Organization Needs to Know

Tom Eston, Joel DeStefano — Wed, 10 Jun 2026 00:00:10 -0400

Mobile apps are now deeply connected platforms for identities, payments, sessions, APIs, healthcare, retail, gaming, and cloud services. In this special episode, Tom Eston talks with Joel Destefano, Senior Product Manager at Guardsquare, about the modern mobile app threat landscape and why organizations can’t treat mobile security as an afterthought.

Topics include runtime manipulation, API abuse, account takeover, fake apps, overlays, malware-assisted fraud, reverse engineering, iOS vs Android risk, AI-assisted attacks, and why backend-only security is not enough.

** Links mentioned on the show **

Find out more about Guardsquare
https://www.guardsquare.com/

Guardsquare’s Blog and Research Center
https://www.guardsquare.com/blog
https://www.guardsquare.com/mobile-app-security-research-center/welcome

OWASP Mobile Application Security
https://owasp.org/www-project-mobile-app-security/

OWASP MASVS
https://mas.owasp.org/MASVS/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Mobile Application Security: What Every Organization Needs to Know appeared first on Shared Security Podcast.

Microsoft Threatens Legal Action Over Exploit Disclosure

Tom Eston, Scott Wright — Mon, 08 Jun 2026 00:00:03 -0400

Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare Eclipse controversy, the history of full disclosure, bug bounty incentives, and why legal threats against researchers may ultimately hurt customers. They also explain why researchers still need to follow responsible processes — and why vendors need to avoid punishing the people who help make their products safer.

** Links mentioned on the show **

The Verge: Microsoft is threatening legal action for disclosing exploits
https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability

Microsoft MSRC Blog: A shared responsibility: Protecting customers through coordinated vulnerability disclosure
https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure

Kevin Beaumont / DoublePulsar: Microsoft’s stance on zero day exploits is a dumpster fire of their own making
https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Microsoft Threatens Legal Action Over Exploit Disclosure appeared first on Shared Security Podcast.

Apple Finally Fixes One of Texting’s Biggest Security Problems

Tom Eston, Kevin Tackett — Mon, 01 Jun 2026 00:00:10 -0400

Apple and Google are finally bringing end-to-end encrypted RCS messaging to iPhone and Android chats. In this episode, Tom Eston and Kevin Tackett explain why that matters, why insecure SMS is not going away anytime soon, and why Signal is still the better choice for truly sensitive conversations. They also revisit the green bubble versus blue bubble debate, platform trust issues, and what everyday users should understand before assuming every text message is private.

** Links mentioned on the show **

Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats
https://www.eff.org/deeplinks/2026/05/victory-end-end-encrypted-rcs-comes-apple-and-android-chats

‘Blue Bubbles’—Apple Says iPhone Messaging Is Still ‘Best’
https://www.forbes.com/sites/zakdoffman/2026/05/26/blue-bubbles-apple-says-iphone-messaging-is-still-best/

End-to-end encrypted RCS messaging begins rolling out today in beta
https://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Apple Finally Fixes One of Texting’s Biggest Security Problems appeared first on Shared Security Podcast.

Should AI Have Access to Your Financial Life?

Tom Eston, Scott Wright, Kevin Tackett — Mon, 25 May 2026 00:00:22 -0400

OpenAI is now allowing some ChatGPT users to connect their bank accounts and financial data directly to the platform. In this episode, we discuss the technology behind the feature, the convenience it promises, and the serious privacy and security questions it raises.

From AI-generated budgeting advice to the risks of centralized financial profiling, we examine what happens when conversational AI gains visibility into your spending habits, debts, subscriptions, and financial goals.

** Links mentioned on the show **

ChatGPT Can Now Connect to Your Bank Account and See All Your Transactions
https://gizmodo.com/chatgpt-can-now-connect-to-your-bank-account-and-see-all-your-transactions-2000759306

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Should AI Have Access to Your Financial Life? appeared first on Shared Security Podcast.

Cybersecurity Lessons from the Canvas Data Breach

Tom Eston, Kevin Tackett — Mon, 18 May 2026 00:00:58 -0400

In this episode we discuss the recent cyber attack targeting Instructure’s widely used learning platform, Canvas, and the major late-breaking development that Instructure reached an “agreement” with the ShinyHunters cybercriminal group after threats to leak large amounts of stolen student and faculty data. Instructure says the stolen data was returned and that attackers provided digital confirmation that the information was destroyed, but the company did not deny making a payment—language that many in cybersecurity interpret as a ransom settlement.

** Links mentioned on the show **

Cyberattack on Canvas system causes chaos for students at thousands of schools
https://apnews.com/article/cyberattack-schools-canvas-instructure-shinyhunters-a0d7719689263e6b5f90d0e633391b5b

Instructure strikes agreement with hackers after Canvas breach hits Duke, thousands of other schools
https://www.dukechronicle.com/article/duke-university-instructure-reaches-agreement-with-canvas-hackers-shinyhunters-cyberattack-leak-down-stolen-data-ransom-20260512

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Cybersecurity Lessons from the Canvas Data Breach appeared first on Shared Security Podcast.

Passwords Are Still Failing Us (World Password Day 2026)

Tom Eston, Scott Wright, Kevin Tackett — Mon, 11 May 2026 00:00:25 -0400

World Password Day was on May 7th—but are we actually getting better at password security?

In this episode, we discuss why compromised credentials are still behind the majority of breaches in 2026. From password reuse and phishing to infostealer malware and MFA bypass techniques, attackers are finding it easier than ever to log in instead of hack in. We also talk about whether passkeys can finally shift the landscape—and what organizations should be doing right now to reduce risk.

** Links mentioned on the show **

Password Statistics 2026 – Trends, Facts & Data Insights
https://www.privateproxyguide.com/password-statistics/

World Password Day 2026: Attackers simply log in
https://www.organisator.ch/en/operational-excellence/2026-04-30/world-password-day-2026-angreifer-loggen-sich-einfach-ein/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Passwords Are Still Failing Us (World Password Day 2026) appeared first on Shared Security Podcast.

Fake Party Invites and the Rise of Social Phishing Attacks

Tom Eston, Kevin Tackett — Mon, 04 May 2026 00:00:54 -0400

Attackers are now impersonating invitation services to trick people into clicking malicious links and sharing sensitive information. These phishing attempts look like legitimate event invites, making them especially effective. In this episode, we discuss how these scams work and what steps you can take to stay protected.

** Links mentioned on the show **

New Phishing Scam: Fake Invitations
https://www.nytimes.com/2026/04/23/style/invitation-phishing-scam.html

The ‘fake invite’ scam that tricks you through people you trust
https://www.consumeraffairs.com/news/the-fake-invite-scam-that-tricks-you-through-people-you-trust-042326.html

BSides Jacksonville
https://www.bsidesjax.org/

HackSpaceCon
https://www.hackspacecon.com/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Fake Party Invites and the Rise of Social Phishing Attacks appeared first on Shared Security Podcast.

New York’s 3D Printing Crackdown: Security or Surveillance?

Tom Eston, Kevin Tackett — Mon, 27 Apr 2026 00:00:28 -0400

New York’s latest budget proposal could fundamentally change how 3D printers work—requiring built-in software that scans and blocks certain designs. Supporters say it’s about stopping ghost guns. Critics say it opens the door to surveillance and limits innovation.

In this episode, we discuss what’s actually in the proposal, why it’s raising alarms across the tech community, and what it could mean for the future of user-controlled technology.

** Links mentioned on the show **

Stop New York’s Attack on 3D Printing!
https://www.eff.org/deeplinks/2026/04/stop-new-yorks-attack-3d-printing

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post New York’s 3D Printing Crackdown: Security or Surveillance? appeared first on Shared Security Podcast.

Project Glasswing: When AI Becomes the Ultimate Hacker—and Defender

Tom Eston, Scott Wright, Kevin Tackett — Mon, 20 Apr 2026 00:00:51 -0400

Anthropic has introduced Project Glasswing, a cybersecurity initiative powered by an unreleased AI model called Claude Mythos. This system can identify zero-day vulnerabilities, generate exploits, and even help fix them—often without human input.

But there’s a catch: it’s considered too powerful for public release.

In this episode, we discuss what Project Glasswing is, why it matters, and what it means for the future of cybersecurity, red teaming, and AI-driven threats.

Is this the beginning of AI defending us—or the start of something much harder to control?

** Links mentioned on the show **

Claude Mythos and Project Glasswing: why an AI superhacker has the tech world on alert
https://theconversation.com/claude-mythos-and-project-glasswing-why-an-ai-superhacker-has-the-tech-world-on-alert-280374

Anthropic Project Glasswing
https://www.anthropic.com/project/glasswing

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Project Glasswing: When AI Becomes the Ultimate Hacker—and Defender appeared first on Shared Security Podcast.

The Dark Web Explained with John Hammond

Tom Eston, John Hammond — Mon, 13 Apr 2026 00:00:14 -0400

The dark web is often misunderstood, but it plays an important role in both privacy technology and cybercrime activity.

In this episode, Tom Eston speaks with cybersecurity researcher and educator John Hammond about what the dark web actually is and how it has evolved in recent years. The discussion covers underground marketplaces, ransomware leak sites, threat intelligence collection, and the operational risks involved in dark web investigations.

John also shares details about his new training course Dark Web 2, which focuses on using a hacker mindset to gather cyber threat intelligence from dark web sources.

** Links mentioned on the show **

John’s “Just Hacking Training”
https://www.justhacking.com/

John Hammond’s 2-Course Dark Web Training Path (25% Off!)
https://learn.justhacking.com/bundles/abfd8930-c45c-4f10-afd8-bc7ebb677d6d

John’s Dark Web 2 – CTI Researcher Course
https://www.justhacking.com/course/dark-web-2-cti-researcher/

Dark Web & Cybercrime Investigations (Dark Web 1)
https://www.justhacking.com/course/dark-web-cybercrime-investigations/

Connect with John Hammond
https://johnhammond.org/links

** Watch this episode on YouTube **

https://youtu.be/tem5ZHDb5-s

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post The Dark Web Explained with John Hammond appeared first on Shared Security Podcast.

Meta & YouTube Found Negligent: A Turning Point for Big Tech?

Tom Eston, Scott Wright — Mon, 06 Apr 2026 00:00:29 -0400

A landmark jury verdict has found Meta and YouTube negligent in a social media addiction case, raising major questions about platform accountability and legal protections under Section 230.

This episode covers the details of the case, why the ruling is significant, and what it could mean for the future of social media, privacy, and cybersecurity. Could this trigger a wave of lawsuits against tech companies? And are platforms finally being held accountable?

** Links mentioned on the show **

Jury rules against Meta, YouTube in bellwether teen addiction case
https://www.businessinsider.com/social-media-addiction-trial-jury-verdict-meta-youtube-negligent-2026-3

Meta, YouTube verdict could trigger cascade of social media lawsuits: expert
https://www.ktvu.com/news/expert-says-meta-youtube-verdict-could-trigger-cascade-social-media-lawsuits

The Social Dilemma Documentary
https://thesocialdilemma.com/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Meta & YouTube Found Negligent: A Turning Point for Big Tech? appeared first on Shared Security Podcast.

The Hidden Tracking Risk Inside Your Tires

Tom Eston, Scott Wright — Mon, 30 Mar 2026 00:00:57 -0400

In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because the sensors broadcast unencrypted, uniquely identifying wireless signals that could be used to track vehicles. They reference a 10-week study by researchers at IMDEA in Madrid that collected about 6 million signals from over 20,000 cars at roughly 50 meters range, noting the signals can reveal details like tire pressure, car type, weight, and possible driving patterns, and can be captured with about $100 of equipment. The hosts explain TPMS is a safety feature required on 2008+ cars, consider realistic threat models and potential mitigations like rotating identifiers or encryption.

** Links mentioned on the show **

Your Tire Sensors Could Be Used to Hack Your Car. What to Look Out For
https://www.cnet.com/roadshow/news/hacker-threat-hiding-in-car-tire-pressure-system/

Your car’s tire sensors could be used to track you
https://networks.imdea.org/your-cars-tire-sensors-could-be-used-to-track-you/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post The Hidden Tracking Risk Inside Your Tires appeared first on Shared Security Podcast.

The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson

Tom Eston, Andrew Wilson — Mon, 23 Mar 2026 00:00:42 -0400

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico’s growing cybersecurity and AI ecosystem, driven by talent, community events, and government-university partnerships, and how offensive security has shifted from “one-person army” generalists to more specialized roles. Wilson explains his PhD work modeling expert pen testers’ cognitive approaches to shape AI agents, argues AI lowers barriers but requires validation due to hallucinations, and predicts routine, methodology-driven testing will be automated while expert human work persists. He forecasts compliance and audit frameworks will eventually accept more objective, scalable AI-based control validation, reshaping the pen testing market.

If you work in cybersecurity, involved in penetration testing and offensive security, or are just trying to figure out what the AI hype actually means for attackers and defenders, this episode is for you!

** Links mentioned on the show **

Follow and connect with Andrew Wilson
https://www.linkedin.com/in/awilsonaz/
https://x.com/kuzushi/

Find out more about CactusCon!
https://www.cactuscon.com/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Shared Security Podcast.

The Privacy Problem With Meta’s Ray-Ban Smart Glasses

Tom Eston, Kevin Tackett — Mon, 16 Mar 2026 00:00:38 -0400

This episode discusses Meta Ray-Ban Smart Glasses, which blend a camera, microphone, AI features, and social media integration into sunglasses that look like normal fashion eyewear, raising major privacy concerns. It highlights reports that footage captured by the glasses may be reviewed by human contractors to help train Meta’s AI systems, and notes critics’ concerns about how easily people can be recorded in public without their knowledge. Although the glasses include a small LED indicator when recording, many people reportedly don’t notice it.

** Links mentioned on the show **

People Are Calling Meta Ray-Bans “Pervert Glasses”
https://futurism.com/future-society/meta-ray-ban-smart-pervert-glasses

Meta Employees Are Seeing R-Rated Footage From Its Users’ AI Glasses
https://www.inc.com/ava-levinson/meta-employees-are-seeing-r-rated-footage-footage-from-its-users-ai-glasses/91311763

Think Twice Before Buying or Using Meta’s Ray-Bans
https://www.eff.org/deeplinks/2026/03/think-twice-buying-or-using-metas-ray-bans

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post The Privacy Problem With Meta’s Ray-Ban Smart Glasses appeared first on Shared Security Podcast.

TikTok Says No to End-to-End Encryption: Here’s Why That’s a Big Deal

Tom Eston, Scott Wright — Mon, 09 Mar 2026 00:00:55 -0400

In a move that bucks the entire industry trend, TikTok has confirmed it will not implement end-to-end encryption (E2EE) for direct messages on its platform — arguing that E2EE would make users less safe. We break down what’s really going on: the child safety argument, the privacy counterargument, the geopolitical questions surrounding ByteDance, and what it all means for TikTok’s 1 billion+ users. If you use TikTok, this episode is essential listening.

** Links mentioned on the show **

TikTok won’t protect DMs with controversial privacy tech, saying it would put users at risk
https://www.bbc.com/news/articles/cly2m5e5ke4o

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post TikTok Says No to End-to-End Encryption: Here’s Why That’s a Big Deal appeared first on Shared Security Podcast.

Claude Code Security: The AI Shockwave Hitting Cybersecurity

Tom Eston, Scott Wright — Mon, 02 Mar 2026 00:00:19 -0500

Anthropic’s Claude Code Security research preview promises AI-powered code analysis and vulnerability detection at scale. The announcement triggered strong reactions across the cybersecurity community and sent several vendor stocks lower. In this episode, we break down what the tool actually does, where it fits in modern AppSec, and whether AI automation threatens traditional security products or simply makes teams more efficient. Expect a practical, no-hype conversation about what changes and what doesn’t.

** Links mentioned on the show **

Anthropic’s New Claude AI Security Tool Wipes Out Over $15 Billion From Cybersecurity Stocks
https://www.linkedin.com/pulse/anthropics-new-claude-ai-security-tool-wipes-out-17jje/

Making frontier cybersecurity capabilities available to defenders
https://www.anthropic.com/news/claude-code-security

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Claude Code Security: The AI Shockwave Hitting Cybersecurity appeared first on Shared Security Podcast.

TikTok’s New U.S. Deal and Privacy Policy: What Users Don’t Understand

Tom Eston, Kevin Tackett — Mon, 23 Feb 2026 00:00:39 -0500

TikTok has shifted to a majority-American entity, TikTok USDS Joint Venture, LLC, to comply with U.S. national security requirements and avoid a ban. This week we discuss why a recent privacy policy update went viral—especially language about sensitive data like immigration status and precise location—and argue much of it reflects longstanding practices and required California privacy disclosures. We emphasize reading policies, understanding your threat model, and making your own decision about using TikTok or other social platforms. The episode also briefly mentions Ring ending its partnership with Flock and a rumored internal email about expanding Ring’s “search party” feature.

** Links mentioned on the show **

TikTok users freak out over app’s ‘immigration status’ collection — here’s what it means
https://tech.yahoo.com/social-media/articles/tiktok-users-freak-over-app-043402475.html

Here’s what you should know about the US TikTok deal
https://techcrunch.com/2026/01/23/heres-whats-you-should-know-about-the-us-tiktok-deal/

TikTok’s Privacy Policy
https://www.tiktok.com/legal/page/us/privacy-policy/en

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post TikTok’s New U.S. Deal and Privacy Policy: What Users Don’t Understand appeared first on Shared Security Podcast.

Ring’s Search Party ‘Dystopia’ Debate & Claude Zero-Click RCE Vulnerability

Tom Eston, Scott Wright, Kevin Tackett — Mon, 16 Feb 2026 00:00:05 -0500

In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about a zero-click remote code execution flaw in the Claude Desktop, highlighting the potential risks of AI. The hosts also reflect on their most popular YouTube episode on why Gen Z is ditching smartphones.

** Links mentioned on the show **

How to disable Search Party on your Ring Camera
Open the Ring app, tap the hamburger menu, then choose “Control Center.” Here, choose “Search Party,” then choose the “blue Pet icon” next to each of your cameras for “Search for Lost Pets.”

Ring’s ‘Search Party’ Feature Is Creepy, but You Can Disable It
https://lifehacker.com/tech/how-to-disable-rings-search-party-feature

‘Dystopian’ Super Bowl Ad for Ring Camera Gets Bipartisan Blowback: ‘Propaganda for Mass Surveillance’
https://www.yahoo.com/news/articles/dystopian-super-bowl-ad-ring-170548614.html

Claude Desktop Extensions Zero-Click RCE Flaw Exposes Over 10,000 Users to Silent Attacks
https://cyberpress.org/claude-desktop-extensions-zero-click-rce-flaw/

** Watch this episode on YouTube **

https://youtu.be/QBhYDtbPkeE

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Ring’s Search Party ‘Dystopia’ Debate & Claude Zero-Click RCE Vulnerability appeared first on Shared Security Podcast.

OpenClaw & Moltbook: AI Agents and Cybersecurity Risks

Tom Eston, Kevin Tackett — Mon, 09 Feb 2026 00:00:31 -0500

Autonomous AI assistants are hitting the mainstream — but at what cost? This week, we discuss the recent OpenClaw phenomenon (formerly Clawdbot/Moltbot), the security fiasco surrounding Moltbook’s exposed database, and the quirky yet concerning AI agent dating platform MoltMatch. We explore the privacy and cybersecurity implications of entrusting AI agents with sensitive access and how defenders should think about emerging agentic risks.

** Links mentioned on the show **

OpenClaw (a.k.a. Moltbot) is everywhere all at once, and a disaster waiting to happen
https://garymarcus.substack.com/p/openclaw-aka-moltbot-is-everywhere

Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
https://www.404media.co/exposed-moltbook-database-let-anyone-take-control-of-any-ai-agent-on-the-site/
https://www.moltbook.com/

MoltMatch is a dating platform for AI agents. No, we are not kidding
https://moltmatch.com/
https://www.msn.com/en-ca/money/news/moltmatch-is-a-dating-platform-for-ai-agents-no-we-are-not-kidding/ar-AA1Vutk7

** Watch this episode on YouTube **

https://youtu.be/GPVbWqLf7fw

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post OpenClaw & Moltbook: AI Agents and Cybersecurity Risks appeared first on Shared Security Podcast.

Why Gen Z is Ditching Smartphones for Dumbphones

Tom Eston, Scott Wright — Mon, 02 Feb 2026 00:00:08 -0500

Younger generations are increasingly ditching smartphones in favor of “dumbphones”—simpler devices with fewer apps, fewer distractions, and less tracking. But what happens when you step away from a device that now functions as your wallet, your memory, and your security key?

In this episode, Tom and Scott explore the dumbphone movement through a privacy and cybersecurity lens. Drawing from a recent Wired article, the conversation digs into digital burnout, surveillance capitalism, multi-factor authentication dependencies, and whether opting out of smartphones is an act of digital self-defense—or a step toward digital disadvantage.

** Links mentioned on the show **

Dumbphone Owners Have Lost Their Minds
https://www.wired.com/story/dumbphone-owners-have-literally-lost-their-minds/

Previous Shared Security episode from 2022 about the rise of dumbphones
https://sharedsecurity.net/2022/04/18/dumbphone-sales-are-soaring-john-oliver-blackmails-congress-cicada-chinese-apt-group/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Why Gen Z is Ditching Smartphones for Dumbphones appeared first on Shared Security Podcast.

AirDrop Security in iOS 26.2: Time Limits, Codes & Privacy Best Practices

Tom Eston — Mon, 26 Jan 2026 00:00:53 -0500

In this episode, we explore the latest changes to AirDrop in iOS 26.2 and how they enhance privacy and security. Learn about the new 10-minute limitation on the ‘Everyone’ setting and the introduction of AirDrop codes for safer file sharing with non-contacts. We also discuss best practices for configuring your AirDrop settings to safeguard your privacy, including tips for high-risk individuals and general recommendations for everyday use. Stay informed and keep your device secure by updating to the latest iOS version and regularly reviewing your AirDrop settings.

** Links mentioned on the show **

iOS 26.2 adds an AirDrop security tool that you shouldn’t ignore on your iPhone
https://www.digitaltrends.com/phones/ios-26-2-adds-an-airdrop-security-tool-that-you-shouldnt-ignore-on-your-iphone/

** Watch this episode on YouTube **

https://youtu.be/roBhU2AvuTs

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post AirDrop Security in iOS 26.2: Time Limits, Codes & Privacy Best Practices appeared first on Shared Security Podcast.

Ring’s Facial Recognition Feature: Convenience or Privacy Nightmare?

Tom Eston, Scott Wright — Mon, 19 Jan 2026 00:00:52 -0500

In this episode, we explore Amazon Ring’s newly introduced Familiar Faces feature that utilizes AI for facial recognition. We discuss the convenience of identifying familiar people at your doorstep, the privacy concerns it raises, and the legal implications surrounding biometric data. Learn about how this feature works, potential inaccuracies, and privacy laws in certain U.S. states. We also discuss broader concerns about AI and surveillance, and provide practical advice on using this technology responsibly.

** Links mentioned on the show **

Ring Doorbells Can Now Identify Faces—But Experts Say It’s a Major Privacy Invasion. Here’s Everything You Need to Know
https://www.rd.com/article/ring-doorbells-facial-identification/

** Watch this episode on YouTube **

https://youtu.be/W5Ishw7rkRk

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Ring’s Facial Recognition Feature: Convenience or Privacy Nightmare? appeared first on Shared Security Podcast.

Your Google Searches Aren’t Private? PA Court’s Surprising Ruling

Tom Eston, Kevin Tackett — Mon, 12 Jan 2026 00:00:40 -0500

In this episode of Shared Security, we discuss a significant Pennsylvania Supreme Court ruling that permits police to access unprotected Google search histories without a traditional warrant. The discussion centers around the implications of the Commonwealth vs. Kurtz case and the concept of reverse keyword searches. Kevin Tackett joins the conversation, providing insights and posing critical questions about the balance between law enforcement needs and privacy rights. The episode explores concerns over digital privacy, third-party data, and potential broader impacts on users.

** Links mentioned on the show **

Pennsylvania court rules Google searches are not private
https://www.windowscentral.com/software-apps/pennsylvania-supreme-court-google-searches-are-not-private

** Watch this episode on YouTube **

https://youtu.be/OYpbVIrBz_o

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Your Google Searches Aren’t Private? PA Court’s Surprising Ruling appeared first on Shared Security Podcast.

AI and the End of the Traditional Entry-Level Tech Job

Tom Eston — Mon, 05 Jan 2026 00:00:39 -0500

Welcome to the first episode of the Shared Security Podcast in 2026! As AI becomes increasingly integrated into technical fields such as software development and cybersecurity, traditional entry-level roles are evolving or disappearing. This episode discusses the implications of AI on entry-level knowledge worker jobs, emphasizing the need for students, recent graduates, and those entering the job market to adapt their strategies. Discover the new skills and approaches needed to stay relevant, explore potential career pivots, and learn why degrees and certifications alone are no longer sufficient. Tune in for practical advice on thriving in an AI-driven job market.

** Links mentioned on the show **

AI and the future of entry-level jobs
https://www.yahoo.com/news/articles/ai-future-entry-level-jobs-224013821.html

Investors predict AI is coming for labor in 2026
https://techcrunch.com/2025/12/31/investors-predict-ai-is-coming-for-labor-in-2026/

** Watch this episode on YouTube **

https://youtu.be/MGlzDTgEXI8

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post AI and the End of the Traditional Entry-Level Tech Job appeared first on Shared Security Podcast.

2025 Predictions: Hits, Misses & What We Learned

Tom Eston, Scott Wright, Kevin Tackett — Mon, 29 Dec 2025 00:00:48 -0500

Join us this week as we rewind the tape on our 2025 predictions. In this episode, we revisit last year’s forecasts in cybersecurity, geopolitics, and AI, discussing which ones came true, which ones fizzled out, and which ones were a mixed bag. Additionally, we share insights from past guests, celebrate milestones, and make bold new predictions for 2026. Find out what we got right, what surprised us, and what we think is on the horizon for the coming year!

** Links mentioned on the show **

Scott’s 2025 Predictions
https://youtu.be/Fgc4UlraU-o?si=hgTp0trKZ6vlwqB_&t=710

Kevin’s 2025 Predictions
https://youtu.be/Fgc4UlraU-o?si=2b1X7Ou9i2C0kU3q&t=880

Tom’s 2025 Predictions
https://youtu.be/Fgc4UlraU-o?si=IVnIEnnOhF7rgXpm&t=1201

** Watch this episode on YouTube **

https://youtu.be/Xiw5LwQi-2c

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post 2025 Predictions: Hits, Misses & What We Learned appeared first on Shared Security Podcast.

Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting

Tom Eston — Mon, 22 Dec 2025 00:00:31 -0500

In this episode, Tom Eston discusses the unique challenges in the current cybersecurity job market, emphasizing the importance of networking. Tom provides practical tips on how to enhance networking skills, such as attending conferences, volunteering for open source projects, creating a blog, and seeking mentors. He also addresses misconceptions about the job shortage in cybersecurity and encourages listeners to start building their professional networks early. Tune in for valuable insights to help you advance your cybersecurity career.

** Links mentioned on the show **

Connect with Tom on LinkedIn
https://www.linkedin.com/in/tomeston/

** Watch this episode on YouTube **

https://youtu.be/tC_LqtdW4V0

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting appeared first on Shared Security Podcast.

The Hidden Threat in Your Holiday Emails: Tracking Pixels and Privacy Concerns

Tom Eston, Scott Wright — Mon, 15 Dec 2025 00:00:06 -0500

Join us in the midst of the holiday shopping season as we discuss a growing privacy problem: tracking pixels embedded in marketing emails. According to Proton’s latest Spam Watch 2025 report, nearly 80% of promotional emails now contain trackers that report back your email activity. We discuss how these trackers work, why they become more aggressive during the holidays, the data being collected by marketers, and how you can protect yourself. We are joined by Scott Wright to explore Proton’s comprehensive study, identify the worst offenders in email tracking, and share tips on maintaining your online privacy. Tune in and stay informed about the invisible surveillance in your emails this holiday season!

** Links mentioned on the show **

Spam Watch 2025: The hidden trackers and inbox overload behind holiday marketing
https://proton.me/blog/spam-watch-2025

Inbox full of promo emails? 80% are tracking you, new report warns
https://www.zdnet.com/article/inbox-promo-emails-tracking-you-proton-mail-warns/

AnnonAddy
https://addy.io/

SimpleLogin
https://simplelogin.io/

Apple Hide My Email (required iCloud+ subscription)
https://support.apple.com/guide/iphone/create-and-manage-hide-my-email-addresses-iphcb02e76f7/ios

** Watch this episode on YouTube **

https://youtu.be/sSFvCkiTmNc

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post The Hidden Threat in Your Holiday Emails: Tracking Pixels and Privacy Concerns appeared first on Shared Security Podcast.

Seeing Is Not Believing: How to Spot AI-Generated Video

Tom Eston, Scott Wright — Mon, 08 Dec 2025 00:00:52 -0500

In this episode we discuss the rising challenge of AI-generated videos, including deepfakes and synthetic clips that can deceive even a skeptical viewer. Once the gold standard of proof, video content is now increasingly manipulated through advanced AI tools like Sora 2 and Google’s Nano Banana, making it harder to separate reality from fiction. Tom and Scott discuss the differences between malicious deepfakes and poorly-made AI-generated content, identify key indicators that reveal a video might be AI-generated, and explain how these videos are used in social engineering attacks. Practical advice is offered on how to protect yourself and your organization from this emerging threat.

** Links mentioned on the show **

Is that an AI video? 6 telltale signs it’s a fake
https://www.zdnet.com/article/is-that-video-ai-6-tell-tale-signs-its-a-deepfake/

** Watch this episode on YouTube **

https://youtu.be/7Zq4Jxli3vQ

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Seeing Is Not Believing: How to Spot AI-Generated Video appeared first on Shared Security Podcast.

So You Want to Be a CISO? With vCISO and Security Justice Alum Chris Clymer

Tom Eston, Chris Clymer — Mon, 01 Dec 2025 00:00:25 -0500

In this special episode of the Shared Security Podcast, host Tom Eston reunites with former co-host and experienced fractional CISO, Chris Clymer. They reminisce about their early podcasting days and discuss the evolving role of a Chief Information Security Officer (CISO). The conversation covers the responsibilities, challenges, and skills required to be a successful CISO, including technical and soft skills, business acumen, and people management. Chris shares his journey, the concept of a fractional CISO, and offers valuable advice for those aspiring to enter the CISO role. Tune in for a mix of nostalgia, real-world advice, and mentorship on navigating the complex landscape of information security leadership.

** Links mentioned on the show **

Connect with Chris Clymer on LinkedIn
https://www.linkedin.com/in/chrisclymer/

Listen to episodes of the Security Justice Podcast (2008-2011) where Tom and Chris were both cohosts!
https://archive.org/details/securityjustice

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post So You Want to Be a CISO? With vCISO and Security Justice Alum Chris Clymer appeared first on Shared Security Podcast.

AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage

Tom Eston, Kevin Johnson — Mon, 24 Nov 2025 00:00:11 -0500

In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as we examine the details, Anthropic’s response, and the broader impact on AI in cybersecurity.

** Links mentioned on the show **

Disrupting the first reported AI-orchestrated cyber espionage campaign
https://www.anthropic.com/news/disrupting-AI-espionage

Jen Easterly’s LinkedIn post about the Anthropic disclosure
https://www.linkedin.com/feed/update/urn:li:activity:7395115984224690176/

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work
https://cyberscoop.com/anthropic-ai-orchestrated-attack-required-many-human-hands/

** Watch this episode on YouTube **

https://youtu.be/mj41KXXZP4s

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage appeared first on Shared Security Podcast.

OWASP Top 10 for 2025: What’s New and Why It Matters

Tom Eston, Scott Wright, Kevin Johnson — Mon, 17 Nov 2025 00:00:06 -0500

In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conversation touches on the history of the OWASP Top 10, its release cycle, the evolution from specific vulnerabilities to broader categories, and the impact on vulnerability assessment and compliance.

Meet NEO 1X: The Robot That Does Chores and Spies on You?

Tom Eston, Scott Wright — Mon, 10 Nov 2025 00:00:09 -0500

The future of home robotics is here — and it’s a little awkward. Meet the NEO 1X humanoid robot, designed to help with chores but raising huge cybersecurity and privacy questions. We discuss what it can actually do, the risks of having an always-connected humanoid in your home, and why it’s definitely not the “Robot Rosie” we were promised.

OpenAI’s ChatGPT Atlas: What It Means for Cybersecurity and Privacy

Tom Eston, Scott Wright — Mon, 03 Nov 2025 00:00:49 -0500

In this episode, we explore OpenAI's groundbreaking release GPT Atlas, the AI-powered browser that remembers your activities and acts on your behalf. Discover its features, implications for enterprise security, and the risks it poses to privacy. Join hosts Tom Eston and Scott Wright as they discuss everything from the browser's memory function to vulnerabilities like indirect prompt injection. Stay informed on how AI browsers could reshape web browsing and cybersecurity.

It’s Always DNS: Lessons from the AWS Outage

Tom Eston, Scott Wright, Kevin Johnson — Mon, 27 Oct 2025 00:00:49 -0400

In this episode 404 (no pun intended!), we discuss the recurring issue of DNS outages, the recent Amazon AWS disruption, and what this reveals about our dependency on cloud services. The conversation touches on the need for tested business continuity plans, the implications of DNS failures, and the misconceptions around cloud infrastructure's automatic failover capabilities.

Is Sora 2 the Future of Video? AI, Copyright, and Privacy Issues

Tom Eston, Kevin Johnson — Mon, 20 Oct 2025 00:00:58 -0400

OpenAI’s Sora 2 is here — and it’s not just another AI toy. This episode explores how Sora 2 works, how users can insert real people into generated content, and why that’s raising alarms about privacy, identity, and copyright. We walk you through the initial opt-out copyright controversy, the backlash from studios and creators, and how OpenAI is scrambling to offer more control. Tune in to understand what rights you might lose — or want to protect — in this new media era.

Age Verification Laws: A Privacy Disaster in the Making

Tom Eston, Kevin Johnson — Mon, 13 Oct 2025 00:00:48 -0400

In this episode, we discuss the surge of age verification laws spreading across the US, including the recent implementation in Ohio. These laws intend to shield children but come at a significant cost to privacy and cybersecurity. We'll explore how third-party ID verification companies operate, the risks associated with these systems, and the broader definition of adult content beyond pornography. We also question the effectiveness and security of these measures as we share insights into the ease of bypassing verification systems. Are we protecting kids, or building a privacy nightmare?

Are Phishing Simulations Still Worth It?

Tom Eston, Scott Wright — Mon, 06 Oct 2025 00:00:26 -0400

Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how phishing programs might evolve — or even be replaced — in the future.

Milestone Episode 400: Reflecting on 16 Years of Shared Security

Tom Eston, Scott Wright, Kevin Johnson — Mon, 29 Sep 2025 00:00:16 -0400

Episode 400! In this special milestone edition of the Shared Security Podcast, we look back at 16 years of conversations on security, privacy, and technology. From our very first episodes in 2009 to today’s AI-driven threats, we cover the topics that defined each era, the surprises along the way, and the lessons that still matter. Plus, we share listener favorites, memorable moments, and predictions for the future of security and privacy. Thank you for being part of our journey!

Situational Awareness & Family Safety: Staying Alert in Today’s World with Andy Murphy

Tom Eston, Andy Murphy — Mon, 22 Sep 2025 00:00:58 -0400

Join the Shared Security Podcast for a critical discussion about situational awareness with special guest, Andy Murphy, host of the Secure Family Podcast. In a world where mass shootings and violence in public places are alarming realities, staying alert to your surroundings has never been more important. Andy shares his expertise on personal and family safety, providing practical tips for recognizing unusual behavior, planning for emergencies, and teaching kids safety skills. The conversation also touches upon digital security and how situational awareness applies online. Learn how to own your safety and protect your loved ones in this essential episode.

Best of Shared Security (2020) History Repeats Itself: Cybersecurity Challenges that Still Haunt Us

Tom Eston — Mon, 15 Sep 2025 00:00:24 -0400

In this “best of” episode of the Shared Security Podcast, we revisit a discussion from September 2020 that’s just as relevant today as it was then. First, we cover how ransomware attacks forced several school districts—including Hartford, CT and Toledo, OH—to delay or shut down classes on the very first day of school. Then we dive into Google Chrome’s new (at the time) update designed to block resource-heavy ads, making browsing faster and safer. Finally, we look at Microsoft’s warning about foreign interference attempts targeting the 2020 U.S. election. What makes this episode especially powerful to revisit is how little has changed since we first talked about these threats. Schools and universities continue to be prime targets for ransomware attacks, with districts across the U.S. still struggling to protect their students and staff from disruptions. Browser security remains a critical piece of the puzzle as online ads continue to be exploited for tracking, scams, and malware delivery. And concerns about foreign interference in democratic elections are just as pressing in 2025 as they were in 2020. Cybersecurity may evolve, but the challenges we face remain strikingly familiar.

Salesforce Under Fire: The Salesloft Drift Supply-Chain Breach

Tom Eston, Scott Wright, Kevin Johnson — Mon, 08 Sep 2025 00:00:25 -0400

In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. We’ll discuss how the breach happened, its implications, and what organizations can do to protect themselves from similar threats. Lastly, we provide insights into Salesforce's security posture, the role of third-party integrations, and the importance of data retention policies in mitigating risks.

Convenience vs. Privacy: Can We Have Both?

Tom Eston — Mon, 01 Sep 2025 00:00:58 -0400

In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused tools and making informed choices. Join the conversation in the comments or on Bluesky (@sharedsecurity).

Public Wi-Fi Myths: Why You’re Probably Safer Than You Think

Tom Eston, Kevin Johnson — Mon, 25 Aug 2025 00:00:20 -0400

Public Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN.

The Tea App Hack: How a “Safe” Space Leaked 13,000 ID Photos & 1.1M Messages

Tom Eston, Kevin Johnson — Mon, 18 Aug 2025 00:00:10 -0400

In this episode we're discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We'll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app's source code, the ensuing legal and privacy repercussions, and the broader implications for app security.

Random Smishing Text Scams: Why “Do I Know You?” Texts Are Dangerous

Tom Eston — Mon, 11 Aug 2025 00:00:30 -0400

In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they're effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device.

Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis

Tom Eston, Kevin Johnson — Mon, 04 Aug 2025 00:00:33 -0400

This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what’s happening at Black Hat and DEF CON in Vegas.

Doorbells, Dystopia, and Digital Rights: The Ring Surveillance Debate

Tom Eston, Scott Wright, Kevin Johnson — Mon, 28 Jul 2025 00:00:34 -0400

In this episode, we examine Amazon's Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation's recent report criticizes Ring's AI-first approach and the rollback of prior privacy reforms, describing it as 'techno authoritarianism.' We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms.

Passwords and the Elderly: Why Writing Them Down Might Be OK

Tom Eston, Scott Wright, Kevin Johnson — Mon, 21 Jul 2025 00:00:25 -0400

In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group.

The Google Workspace Security Gap: Why Traditional Tools Fall Short

Tom Eston, Rajan Kapoor — Mon, 14 Jul 2025 00:00:20 -0400

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google's APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization's security. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with [Material Security](https://material.security/)—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit [material.security](https://material.security/) to learn more!

Autonomous Hacking? This Startup May Have Just Changed Penetration Testing Forever

Tom Eston, Kevin Johnson — Mon, 07 Jul 2025 00:00:43 -0400

In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW’s recent breakthrough. XBOW claims to have topped HackerOne's leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for pen testers, bug bounty hunters, and security teams, and whether this represents a genuine advancement or just more AI hype.

Cybersecurity Talent Shortage: Myth, Mismatch, or Reality?

Tom Eston, Katie Soper — Mon, 30 Jun 2025 00:00:20 -0400

Is there really a cybersecurity talent shortage, or are we just looking in all the wrong places? This week on the Shared Security Podcast, we tackle the buzz around the so-called cybersecurity skills gap. Host Tom Eston welcomes Katie Soper, Senior Consultant at Avetix Cyber and co-founder of the CyberVault Podcast, to discuss the challenges and misconceptions in the industry. They explore whether the shortage is a myth, a mismatch, or something else entirely and what companies and professionals can do about it. With insights into hiring practices, skill shortages, and the importance of networking, this episode is a must-listen for anyone in or entering the field of cybersecurity. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with [Material Security](https://material.security/)—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit [material.security](https://material.security/) to learn more!

Kids Online Safety Act (KOSA): Protecting Kids or Censorship?

Tom Eston, Scott Wright — Mon, 23 Jun 2025 00:00:11 -0400

In this episode, we explore the Kids Online Safety Act (KOSA), a controversial bill aimed at protecting children online. Joined by co-host Scott Wright, we discuss the potential implications of KOSA, including concerns about censorship, mass surveillance, and the impact on free expression and online privacy. We also touch on the broad support for the bill from both political parties and the involvement of social media giants like X. Additionally, we examine the balance between government regulation and parental responsibility in ensuring online safety for children.

Cities of the Future or Hacker’s Paradise? The Cybersecurity Risks of Smart Cities

Tom Eston, Scott Wright — Mon, 16 Jun 2025 00:00:16 -0400

Join us as we explore the concept of smart cities—municipalities enhanced by connected technology like sensors, cameras, and automated systems to improve services and infrastructure. We discuss the inherent vulnerabilities that come with these advancements, including cybersecurity threats and real-life incidents such as hacked crosswalk signals featuring voices of tech moguls. Our discussion covers how easily these systems can be compromised, the inadequate security measures currently in place, and the broader implications for critical infrastructure. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more!

Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths

Tom Eston, Scott Wright, Kevin Johnson — Mon, 09 Jun 2025 00:00:16 -0400

Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA's plans. We also discuss the broader implications for identity surveillance and who truly benefits from these security upgrades. We also discuss the problems faced by individuals with name changes and the challenges they face with REAL IDs. Plus, we explore the political and social ramifications of such security measures and why this might all just be 'security theater.'

Invasion of Privacy: The Hidden Camera Dilemma

Tom Eston, Scott Wright, Kevin Johnson — Mon, 02 Jun 2025 00:00:24 -0400

Ever worried about hidden cameras in Airbnb rentals? You're not alone! In this episode, we explore the unsettling rise of hidden cameras in personal spaces, the inadequacy of current laws, and practical tips to detect surveillance devices. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they share insights and discuss the implications of voyeurism technology, law enforcement challenges, and personal safety strategies.

When AI Fights Back: Threats, Ethics, and Safety Concerns

Tom Eston, Kevin Johnson — Mon, 26 May 2025 00:00:09 -0400

In this episode, we explore an incident where Anthropic’s AI, Claude, didn't just resist shutdown but allegedly blackmailed its engineers. Is this a glitch or the beginning of an AI uprising? Along with co-host Kevin Johnson, we reminisce about past episodes, discuss AI safety and ethics, and examine the implications of AI mimicking human behaviors like blackmail. Join us for an in-depth conversation on the future of AI and its potential risks.

Mark Zuckerberg’s Vision: AI Companions and the Loneliness Epidemic

Tom Eston, Scott Wright — Mon, 19 May 2025 00:00:54 -0400

In this episode, we explore Mark Zuckerberg's bold claim that AI friends will replace human friendships, and discuss the potential implications of a world where technology mediates our connections. We also update listeners on the recent developments in the 23andMe bankruptcy case and what it means for former customers. Joining the conversation is co-host Scott Wright, who shares his insights on AI, social media, privacy, and a thought-provoking book on the potential for a future US civil war. We touch on the eerie predictions of AI companionship and what this might entail for societal norms. Tune in for a stimulating discussion on technology, privacy, and the shifting landscape of human interaction.

Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009

Tom Eston, Scott Wright, Kevin Johnson — Mon, 12 May 2025 00:00:46 -0400

Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. Gain insights into social media security from the past and see how much has (or hasn't) changed. Don't miss out on this informative episode on web application security, user privacy, and the efforts to keep social media safe.

What Vibe Coding, MCP, and Slopsquatting Reveal About the Future of AI Development

Tom Eston, Scott Wright, Kevin Johnson — Mon, 05 May 2025 00:00:38 -0400

Join us as we explore the transformative changes in software development and cybersecurity due to AI. We discuss new terminology like 'vibe coding' — a novel, behavior-focused development approach, and 'MCP' (Model Context Protocol) — an open standard for AI interfaces. We also address the concept of 'slopsquatting,' a new type of threat involving AI-generated package names. Our co-hosts Scott Wright and Kevin Johnson discuss these topics, share personal insights, and ponder the future of coding in the AI era. Additionally, we draw some intriguing parallels between AI advancements and past practices, highlighting the need for oversight and security in this evolving landscape.

The Impact of Politics on Cybersecurity: CVE’s and the Chris Krebs Executive Order

Tom Eston, Kevin Johnson — Mon, 28 Apr 2025 00:00:39 -0400

What would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration's executive order that revoked the security clearance of former CISA Director Chris Krebs, following his declaration that the 2020 election was the most secure in history. Join us as we unpack the impact of these events on the cybersecurity landscape and what it means for the future.

Centralizing Data and Enhancing Workflows: Inside PlexTrac’s New Capabilities

Tom Eston, Dan DeCloss, Sara Foley — Mon, 21 Apr 2025 00:00:50 -0400

Welcome to part three of our series with PlexTrac where we address data overload in vulnerability remediation. Join us as we preview the latest PlexTrac capabilities, including new ways to centralize asset and findings data, smarter workflow automation, and enhanced analytics. Guest speakers Dan DeCloss, CTO and founder of PlexTrac, and Sarah Foley, VP of Product at PlexTrac, share insights and demonstrate upcoming features. Learn about PlexTrac's Continuous Threat Exposure Management (CTEM) framework and their exciting plans for RSA. To find out more information about PlexTrac and to get a demo visit: https://PlexTrac.com/SharedSecurity

US Border Searches and Protesting in the Surveillance Age

Tom Eston, Scott Wright — Mon, 14 Apr 2025 00:00:43 -0400

Planning to travel to the United States? This episode covers recent travel advisories regarding US border agents searching electronic devices, regardless of your citizenship status. Learn essential tips on smartphone security and how to protect your personal information, especially when attending protests. Scott Wright joins the discussion to provide valuable insights on safeguarding your data. Also covered are newer communication technologies like Meshtastic and advice on physical security measures to consider.

The 23andMe Collapse, Signal Gate Fallout

Tom Eston, Kevin Johnson — Mon, 07 Apr 2025 00:00:58 -0400

In this episode, we discuss the urgent need to delete your DNA data from 23andMe amid concerns about the company's potential collapse and lack of federal protections for your personal information. Kevin joins the show to give his thoughts on the Signal Gate scandal involving top government officials, emphasizing the potential risks and lack of accountability. We also touch on the importance of proper communication and document retention in government operations. Stay tuned for insights and steps you can take to protect your data.

Understanding Privacy Changes: eBay’s AI Policy and The Future of Data Privacy

Tom Eston — Mon, 31 Mar 2025 00:00:03 -0400

In this episode, host Tom Eston discusses recent privacy changes on eBay related to AI training and the implications for user data. He highlights the hidden opt-out feature for AI data usage and questions the transparency of such policies, especially in regions without strict privacy laws like the United States. The host also explores how AI is transforming our understanding of privacy and the potential increase in AI-driven surveillance. Tune in for insights on navigating these evolving challenges and the future of data privacy.

From Spreadsheets to Solutions: How PlexTrac Enhances Security Workflows

Tom Eston, Dan DeCloss — Mon, 24 Mar 2025 00:00:37 -0400

In this special episode of the Shared Security Podcast, join Tom Eston and Dan DeCloss, CTO and founder of PlexTrac, as they discuss the challenges of data overload in vulnerability remediation. Discover how PlexTrac addresses these issues by integrating various data sources, providing customized risk scoring, and enhancing remediation workflows. The episode offers an insightful look into PlexTrac’s powerful features, real-world success stories, and how these tools help teams prioritize and act on critical findings efficiently. Don’t miss out on learning how to turn overwhelming data into actionable insights and maintain better data security. PlexTrac provides practitioners with an automated alternative for the most time-consuming parts of vulnerability management, including consolidating data, surfacing insights, prioritizing findings, and managing hand-offs to and from remediation teams. Find out more by visiting https://plextrac.com/sharedsecurity

Tackling Data Overload: Strategies for Effective Vulnerability Remediation

Tom Eston, Dan DeCloss, Dahvid Schloss — Mon, 17 Mar 2025 00:00:49 -0400

In part one of our three part series with PlexTrac, we address the challenges of data overload in vulnerability remediation. Tom hosts Dahvid Schloss, co-founder and course creator at Emulated Criminals, and Dan DeCloss, CTO and founder of PlexTrac. They share their expertise on the key data and workflow hurdles that security teams face today. From managing influxes of scanner data and asset management tools to prioritizing meaningful security actions, this episode offers valuable insights. Learn about the importance of context, the integration of threat intelligence, the future role of automation, and AI, and how these can transform the cybersecurity landscape. Tune in to stay ahead in your security strategies and practices. PlexTrac provides practitioners with an automated alternative for the most time-consuming parts of vulnerability management, including consolidating data, surfacing insights, prioritizing findings, and managing hand-offs to and from remediation teams. Find out more by visiting plextrac.com/sharedsecurity

Trump Administration and the Russian Cyber Threat, Firefox Privacy Changes

Tom Eston, Scott Wright, Kevin Johnson — Mon, 10 Mar 2025 00:00:12 -0400

In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox's privacy policy and what it means for user data.

Cybersecurity Impact of DOGE, Apple’s Stand Against Encryption Backdoors

Tom Eston, Kevin Johnson — Mon, 03 Mar 2025 00:00:58 -0500

In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple's decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the implications for both government and corporate security.

Cybersecurity Insights with John Hammond: YouTube Legend and Security Researcher

Tom Eston, John Hammond — Mon, 24 Feb 2025 00:00:55 -0500

In this episode, we welcome cybersecurity researcher and YouTube legend John Hammond. John shares insights from his career at Huntress and his popular YouTube channel, where he creates educational content on cybersecurity. He introduces his new platform, Just Hacking Training, aimed at providing affordable, high-quality training. John also discusses current trends in cybercrime, the role of AI in attacks, and provides tips on avoiding social engineering. The episode highlights an upcoming Capture the Flag event hosted by Snyk, and how Just Hacking Training offers access to archived CTF challenges for continuous learning. Tune in for an engaging conversation on the state of cybersecurity and practical advice for staying secure.

UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking

Tom Eston, Scott Wright — Mon, 17 Feb 2025 00:00:28 -0500

In this episode, we discuss the UK government's demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy. We also discuss the first known case where AI chatbots were used in a stalking indictment, highlighting the dangers of technology misuse and the challenges it poses for legal systems. Join hosts Tom and Scott as they explore these pressing issues and introduce a new subsegment 'AI Spy' to focus on AI risks. Stay safe, stay secure, and stay informed!

Careers in Cybersecurity: Myths and Realities with Kathleen Smith

Tom Eston, Kathleen Smith — Mon, 10 Feb 2025 00:00:21 -0500

In this episode we welcome Kathleen Smith, CMO of ClearedJobs.net, to discuss the current state of the cybersecurity job market. Kathleen shares her extensive experience in the field, recounting her tenure in various cybersecurity events and her contributions to job market research and recruiting. She discusses challenges such as distinguishing between genuine workforce shortages and hype, the importance of precise job descriptions, and the impacts of using AI in resume generation. Kathleen emphasizes that thorough job searches and well-crafted resumes are crucial for job seekers. Additionally, she highlights the need for clarity in cybersecurity job titles and roles to help bridge the gap between job seekers and employers. The episode ends with practical advice for job seekers on how to make their resumes stand out.

Privacy Concerns with Digital Driver’s Licenses, The Rise of DeepSeek AI

Tom Eston, Scott Wright, Kevin Johnson — Mon, 03 Feb 2025 00:00:48 -0500

In this episode, we explore the rollout of digital driver's licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese AI model, DeepSeek, which is affecting U.S. tech companies' stock prices. Join us as we provide insights on these emerging trends and their implications.

Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed

Tom Eston, Kevin Johnson — Mon, 27 Jan 2025 00:00:00 -0500

In this episode, we discuss the latest issues with data brokers, focusing on a breach at Gravy Analytics that leaked 30 million location data points online. We also explore a vulnerability in Subaru's Starlink system that allows unrestricted access to vehicle controls and customer data using just a last name and license plate number. Co-host Kevin Johnson joins the discussion to share insights and emphasize the need for stronger privacy regulations.

Meta Ditches Fact-Checking for Community Notes, RedNote and the TikTok Ban

Tom Eston, Scott Wright — Mon, 20 Jan 2025 00:00:01 -0500

In this episode, we explore Meta's recent decision to replace traditional fact-checking with community notes and its potential impact on misinformation. We also discuss the implications of a TikTok ban in the U.S., with users migrating to similar apps like RedNote. The conversation covers the challenges of maintaining reliable information in social media and the shifting landscape of news consumption. Additionally, we delve into issues regarding AI-generated content, privacy concerns with Chinese-owned apps, and the importance of personal responsibility in fact-checking.

AI Privacy Policies: Unveiling the Secrets Behind ChatGPT, Gemini, and Claude

Tom Eston, Scott Wright — Mon, 13 Jan 2025 00:00:57 -0500

Do you ever read the privacy policy of your favorite AI tools like ChatGPT, Gemini, or Claude? In this episode, Scott Wright and Tom discuss the critical aspects of these policies, comparing how each AI engine handles your personal data. They explore the implications of data usage, security, and privacy in AI, with insights from industry giants like Anthropic's CEO, Dario Amodai. Are these AI tools safe to use? Find out as we break down the complexities and share our thoughts on the future of AI – and its impact on your data privacy.

Reflecting on Y2K: Lessons for the Next Tech Crisis and AI Safety

Tom Eston, Scott Wright — Mon, 06 Jan 2025 00:00:40 -0500

Join us as we reminisce about Y2K, the panic, the preparations, and the lessons learned 25 years later. We also discuss the implications for future technology like AI and potential cybersecurity crises. Plus, in our 'Aware Much' segment, Scott shares tips on protecting your data if your phone is stolen. Happy New Year and welcome to our first episode of 2025!

2024 Year in Review: What We Got Right and Looking to 2025

Tom Eston, Scott Wright, Kevin Johnson — Mon, 30 Dec 2024 00:00:03 -0500

In the final episode of the Shared Security Podcast for 2024, join us as we recap our predictions for the year, discuss what we got right and wrong, and highlight our top episodes on YouTube. We also extend a heartfelt thank you to our Patreon supporters and special guests. Plus, stay tuned for our predictions for 2025 and some fun discussions on AI's impact, phishing attacks, and more. Happy New Year and thank you for your support!

Digital License Plate Vulnerabilities, How to Avoid New Text Message Scams

Tom Eston, Scott Wright, Kevin Johnson — Mon, 23 Dec 2024 00:00:37 -0500

In this episode Tom, Scott, and Kevin discuss the vulnerabilities of digital license plates and the potential for hackers to exploit them. They explain what digital license plates are and how they work. The 'Aware Much?' segment covers the topic of suspicious text messages and why you should avoid responding to unknown senders. The team also shares personal project frustrations and emphasizes the importance of cybersecurity measures in IoT devices. Stay tuned for insightful discussions and practical advice on staying secure.

Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption

Tom Eston, Scott Wright, Kevin Johnson — Mon, 16 Dec 2024 00:00:04 -0500

In Episode 359 of the Shared Security Podcast, the team examines a shocking hack-for-hire operation alleged to target over 500 climate activists and journalists, potentially involving corporate sponsorship by ExxonMobil. They explore the intricate layers of this multifaceted campaign and the broader implications on security risk assessments. Additionally, Scott discusses the massive Salt Typhoon hacking campaign attributed to China, which has compromised major U.S. telecommunications companies, and the surprising shift in U.S. government stance on end-to-end encryption. Join Tom, Kevin, and Scott for their in-depth analysis and a touch of humor throughout this episode.

Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book

Tom Eston, Scott Wright, Tanya Janca — Mon, 09 Dec 2024 00:00:56 -0500

Join us for an insightful episode of the Shared Security Podcast as Tanya Janca returns for her fifth appearance. Discover the latest on her new book about secure coding, exciting updates in Application Security, and the use of AI in security. Learn how her new book goes deeper into secure coding practices, backed by her practical experiences and detailed research, aimed at empowering developers with actionable advice. Don't miss Tanya's take on privacy, better security practices, and much more!

Australia Bans Social Media for Kids, Holiday Vishing Scams

Tom Eston, Kevin Johnson — Mon, 02 Dec 2024 00:00:43 -0500

In this episode, we discuss Australia's new legislation banning social media for users under 16 and its potential impact. Our hosts also explore the issue of vishing (voicemail phishing), why it's escalating, particularly during the holiday season, and how to protect yourself against these scams. Plus, we celebrate a milestone on our YouTube channel and share some fun community feedback!

Deepfake Fraud, Data Brokers Tracking Military Personnel

Tom Eston, Kevin Johnson — Mon, 25 Nov 2024 00:00:33 -0500

In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue Sky, and Mastodon, discussing user experiences and migrations. The episode wraps up with a humorous and radical suggestion for dealing with data brokers. Tune in for an engaging discussion on security, privacy, and the impact of emerging fraud technologies.

Why It’s Time to Leave Twitter

Tom Eston — Mon, 18 Nov 2024 00:00:30 -0500

In episode 355, Tom discusses his decision to deactivate his Twitter accounts due to privacy concerns with Twitter's new AI policy and changes in the blocking features. He outlines the steps for leaving Twitter, including how to archive and delete tweets, and evaluates alternative platforms such as Bluesky, Mastodon, and Threads for cybersecurity professionals seeking new social media spaces.

Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password

Tom Eston, Kevin Johnson — Mon, 11 Nov 2024 00:00:35 -0500

In episode 354, we discuss the emergence of the term 'Advanced Persistent Teenagers' (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without the correct password and its implications. Tune in for an engaging conversation on the evolving landscape of cyber threats.

Fallout from the Change Healthcare Breach, Mortgage Wire Fraud What You Need To Know

Tom Eston, Scott Wright, Kevin Johnson — Mon, 04 Nov 2024 07:30:17 -0500

In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution. In the 'Aware Much' segment, Scott explains how mortgage wire fraud works and provides essential tips for real estate transactions to avoid such scams. Plus, a quick recap on our popular AI-powered toilet cameras episode.

Internet Archive Hacked, Introducing The AI Toilet Camera

Tom Eston, Kevin Johnson — Mon, 28 Oct 2024 00:00:58 -0400

In this episode, we discuss the significant data breach at the Internet Archive, affecting 33 million users. We also examine the introduction of an AI-integrated toilet camera by Throne, designed for health monitoring by analyzing bodily waste, and the ensuing privacy concerns. We explore these technological advancements alongside other unusual tech innovations, touching upon security issues with home cameras, personal data in health apps, and broader implications for privacy and technology.

Hacked Robot Vacuums, Secret Printer Tracking Dots

Tom Eston, Scott Wright — Mon, 21 Oct 2024 00:00:18 -0400

In episode 351, hosts Tom and Scott explore an unusual incident where robot vacuums were hacked to shout obscenities, exposing significant IoT security issues. The discussion includes the mechanics of the Bluetooth hack and its broader cybersecurity implications. Additionally, the 'Aware Much?' segment reveals the world of hidden printer tracking dots, used for tracing document origins and their historical use by governments for tracking. This episode also highlights the technology's role in preventing currency counterfeiting and capturing high-profile leaks, underscoring the intersection of privacy and security in modern times.

Emergency Satellite Messaging, Stagnation in User Cybersecurity Habits

Tom Eston, Scott Wright — Mon, 14 Oct 2024 00:00:18 -0400

In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast's evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies. The 'Aware Much' segment focuses on the lack of change in user behavior towards cybersecurity, highlighting persistent issues like inadequate password manager usage and infrequent software updates. The episode covers historical insights into social media's evolution, including privacy guides and LinkedIn's fake profile problem, emphasizing the importance of a well-rounded approach to cybersecurity awareness and education.

Kia Security Flaw Exposed, NIST’s New Password Guidelines

Tom Eston, Kevin Johnson — Mon, 07 Oct 2024 00:00:05 -0400

In this episode, the hosts discuss a significant vulnerability found in Kia's web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST's updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community's perspectives on these evolving issues.

Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training

Tom Eston, Scott Wright — Mon, 30 Sep 2024 00:00:41 -0400

In episode 348 of the Shared Security Podcast, Tom and Scott discuss Discord's new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. They also address LinkedIn's controversial move to automatically opt users into using their data to train AI models without initial consent, suggestions for opting out, and the broader implications for user privacy.

Supply Chain Sabotage: The Exploding Pager Incident, Instagram’s New Teen Privacy Measures

Tom Eston, Kevin Johnson — Mon, 23 Sep 2024 00:00:45 -0400

In Episode 347, we discuss the recent alarming incidents involving exploding pagers targeting Hezbollah operatives in Lebanon, which resulted in multiple casualties. We clarify why this is not a cyber attack and should not cause widespread panic about personal device safety. Additionally, we cover Instagram's new policies to default teen accounts to private and the implications for parental control and teen safety on social media.

The Rise of AI Voicemail Scams, Political Donation Privacy Concerns

Tom Eston — Mon, 16 Sep 2024 00:00:31 -0400

In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. We also explore recent research on the privacy concerns surrounding donations to political parties through their websites. Additionally, we celebrate the 15th anniversary of the podcast and share some reflections and fun facts about the journey. Join us for this insightful and informative episode!

Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors

Tom Eston, Kevin Johnson — Mon, 09 Sep 2024 00:00:48 -0400

This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of Bitcoin ATM scams exploiting older adults, providing essential tips to protect your loved ones from these devious schemes. Tune in for unique insights and vital cybersecurity advice!

Telegram is NOT an Encrypted Messaging App, Must-See Documentaries

Tom Eston, Kevin Johnson — Mon, 02 Sep 2024 00:00:06 -0400

In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app's encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including 'LulaRich' about the LuLaRoe leggings company and 'Class Action Park' about a dangerous theme park in New Jersey. Tune in to hear our thoughts on these topics and more!

Google’s Monopoly: The Debate Heats Up, Amazon Alexa Privacy Tips

Tom Eston, Scott Wright, Kevin Johnson — Mon, 26 Aug 2024 00:00:11 -0400

This week, we discuss Google's recent accusation by the U.S. Justice Department for being a monopoly and its implications for privacy and cybersecurity. We also cover essential privacy settings for Alexa smart speakers and their importance. Join the hosts, Tom, Kevin, and Scott, for an engaging conversation on these topics, along with a segment from ClickArmor on cybersecurity training. Plus, a recap of the Black Hat and B Sides Las Vegas conferences.

The Inefficiency of People-Search Removal Tools, Massive Data Breach Impacting U.S. Citizens

Tom Eston, Scott Wright — Mon, 19 Aug 2024 00:00:15 -0400

In episode 342, we discuss the effectiveness of people-search removal tools like DeleteMe and Reputation Defender, based on a study by Consumer Reports. We also cover how almost every American's social security number has potentially been stolen by hackers and shared on the dark web. Scott and Tom talk about the importance of protecting your personal information and methods to do so, including manually removing data and placing credit freezes. Plus, we touch on Canada's privacy laws and wrap up with our Aware Much segment. Stay safe, stay secure, and stay private!

Exploring Cybersecurity Trends at Black Hat 2024 with Shourya Pratap Singh from SquareX

Tom Eston, Shourya Pratap Singh — Mon, 12 Aug 2024 00:00:03 -0400

Join us for this special live edition of the Shared Security Podcast, recorded in scorching Las Vegas at Black Hat 2024. Host Tom Eston is joined by Shourya Pratap Singh, Principal Software Engineer at SquareX. They discuss highlights from Black Hat 2024, emerging themes in cybersecurity such as AI-based threats, compliance, and cloud security. The conversation also covers the DEF CON talk given by Vivek and Shourya on Last Mile Reassembly Attacks, which exposes a critical flaw in Secure Web Gateways (SWGs) and introduces an open-source toolkit for Red Teams.

The Great CrowdStrike Crash, AI’s Role in Employee Smiles

Tom Eston, Scott Wright, Kevin Johnson — Mon, 05 Aug 2024 00:00:24 -0400

In episode 341, we cover the unprecedented global IT outage caused by a CrowdStrike update crash, affecting 8.5 million Windows machines. We discuss whether it's the largest outage in history and delve into the intricacies of internet accessibility and responses from key stakeholders like Microsoft. Also, in our Aware Much segment, we explore Japan's AI system, Mr. Smile, designed to standardize employee smiles, and its implications on employee monitoring. Plus, we welcome back Kevin and give a special shout-out to our latest Patreon supporter.

How SquareX is Redefining Web Security: An In-Depth Discussion with Chief Architect Jeswin Mathai

Tom Eston, Jeswin Mathai — Thu, 01 Aug 2024 00:00:54 -0400

In this episode, Tom Eston hosts Jeswin Mathai, Chief Architect at SquareX. This episode is part two of a series featuring SquareX, and Jeswin takes a deeper look into their cybersecurity solutions. Jeswin shares his extensive experience in the field and details how SquareX offers innovative protections at the browser level to guard against phishing attacks and other online threats. Learn about their unique approach by monitoring user activity in a privacy-safe manner and leveraging the power of modern browsers and device capabilities. Jeswin also discusses the limitations of traditional antivirus and secure web gateway solutions compared to SquareX's comprehensive visibility and action capabilities. Don't miss the live demonstration and insights on handling ransomware scenarios and deployment strategies for businesses of all sizes. The episode concludes with a sneak peek of what Jeswin and Vivek will be presenting at the upcoming DEF CON hacking conference. Thank you to SquareX for sponsoring this episode! Find out more about SquareX at https://sqrx.com/

Deepfakes, AI, and the Future of Cybersecurity: Insights from Dan DeCloss of PlexTrac

Tom Eston, Dan DeCloss — Mon, 29 Jul 2024 00:00:54 -0400

In this episode, host Tom Eston welcomes Dan DeCloss, founder and CTO of PlexTrac. They exchange insights about their history at Veracode and explore Dan's journey in cybersecurity. Dan shares his experience in penetration testing, the origins of PlexTrac, and the need to streamline reporting processes. The conversation also covers the state of the cybersecurity industry, the impact of generative AI, and future challenges such as deepfake technology. Dan touches upon the evolution of attackers and the role of both AI and human elements. The episode wraps up with thoughts on the younger generation's approach to discerning information in a tech-driven world.

Massive AT&T Data Breach Impact, Meta’s Privacy Policy Updates

Tom Eston, Scott Wright — Mon, 22 Jul 2024 00:00:25 -0400

In episode 339, hosts Tom Eston and Scott Wright discuss the massive AT&T data breach affecting 110 million customers, which is larger than a previous breach from March affecting 73 million customers. They also talk about the importance of reading privacy policies on sites like Facebook and Instagram, as these platforms may use user data to train AI models. Additionally, they explore the implications of third-party cloud platform breaches, specifically mentioning the Snowflake incident. The 'Aware Much?' segment highlights evolving privacy policies, with Meta's revised policy allowing user data for AI development being under scrutiny. The episode concludes with a mention of the importance of GDPR and other data protection regulations and a nod to their Patreon supporters.

Authy Breach: What It Means for You, RockYou 2024 Password Leak

Tom Eston, Scott Wright — Mon, 15 Jul 2024 00:00:04 -0400

In episode 338, we discuss the recent breach of the two-factor authentication provider Authy and its implications for users. We also explore a massive password list leak titled 'Rock You 2024' that has surfaced online. Find out why this file may not be as significant as it seems and the importance of avoiding password reuse. Stay tuned for our 'Aware Much?' segment with Scott Wright, featuring insights on credential stuffing and practical password management tips.

Critical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old Devices

Tom Eston, Kevin Johnson, Scott Wright — Mon, 08 Jul 2024 00:00:20 -0400

In episode 337, we cover “broken” news about the new SSH vulnerability 'regreSSHion' highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police Department's new guidelines on facial recognition technology following a lawsuit over a wrongful arrest due to misidentification, shedding light on the broader issues with such technologies, especially their impact on minorities. Lastly, in the 'Aware Much' segment, Scott shares essential tips on securely wiping personal data from old PCs, laptops, smartphones, and other electronic devices before selling or disposing of them. Join us as we welcome back co-hosts Kevin Johnson from Portugal and Scott recording from his car!

The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks

Tom Eston, Scott Wright — Mon, 01 Jul 2024 00:00:29 -0400

In episode 336 of the Shared Security Podcast, we discuss the Biden administration's recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We also highlight the importance of keeping all software updated, using recent examples of supply chain attacks that have compromised several popular WordPress plugins. Join hosts Tom Eston and Scott Wright as they examine these key cybersecurity issues and emphasize proactive security measures. Plus, find out why co-host Kevin Johnson is missing this week and get the latest updates from Aware Much, sponsored by ClickArmor.

Exploring Cutting-Edge Browser Security with Vivek Ramachandran – Founder of SquareX

Tom Eston, Vivek Ramachandran — Thu, 27 Jun 2024 00:00:34 -0400

In this special episode of the Shared Security Podcast, host Tom Eston interviews Vivek Ramachandran, the founder of SquareX. Vivek shares his journey in WiFi security, recounting his introduction of the Cafe Latte man-in-the-middle attack and founding of Pentest Academy. He discusses his latest venture, SquareX, a company focused on browser security to protect employees from client-side attacks. Vivek explains SquareX's workings, industry challenges, and insights into Secure Web Gateways (SWGs). He also previews his upcoming DEF CON talk on bypassing SWGs and shares thoughts on AI in cyber-attacks. Learn about the future of browser-based security solutions and how enterprises can better protect themselves against sophisticated attacks. Thank you to SquareX for sponsoring this episode! Find out more about SquareX at https://sqrx.com/

Social Media Warning Labels, Should You Store Passwords in Your Web Browser?

Tom Eston, Kevin Johnson, Scott Wright — Mon, 24 Jun 2024 00:00:36 -0400

In this episode of the Shared Security Podcast, the team debates the Surgeon General's recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft's delayed release of CoPilot Plus PCs due to security concerns and reflect on the underlying privacy issues. Join Tom, Scott, and Kevin for these engaging discussions and more!

Citizen Lab vs. NSO Group, Apple AI and Privacy

Tom Eston, Kevin Johnson, Scott Wright — Mon, 17 Jun 2024 00:00:06 -0400

In episode 334, hosts Tom Eston, Scott Wright, and Kevin Johnson discuss two major topics. First, they explore the ongoing legal battle between Citizen Lab and the Israeli spyware company NSO Group. The courts have consistently blocked NSO's attempts to access Citizen Lab's documents to protect victim privacy. Second, they discuss Apple's new AI features announced at their developer conference, prioritizing user privacy through opt-in by default, and its implications. Kevin shares strong opinions on NSO Group, while the hosts also review Citizen Lab's investigative work and Apple’s approach to AI and privacy.

Ticketmaster Data Breach and Rising Work from Home Scams

Tom Eston, Scott Wright — Mon, 10 Jun 2024 00:00:37 -0400

In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the rise of work-from-home job scams is analyzed, highlighting FBI warnings and tips to avoid falling victim to such schemes. The success of a past episode on Microsoft’s new recall feature is also mentioned, emphasizing privacy concerns and spirited audience discussions.

** Links mentioned on the show **

Check out our episode on Microsoft’s Recall feature and why we and others in the cybersecurity industry say this is a bad idea (at least how Microsoft is planning on rolling this out)

On Recall, I had a question about me (and Satya, lol) using the phrase "screenshot" where all of the documentation says snapshot, and MSFT people say it's just snapshots.

They're screenshots. They're just JPEG files, a constant stream of. On a 1tb PC it allocates enough space… pic.twitter.com/XM72eowRe0

— Kevin Beaumont (@GossiTheDog) June 6, 2024

Ticketmaster Confirms Cloud Breach, Amid Murky Details
https://www.darkreading.com/cyberattacks-data-breaches/ticketmaster-confirms-cloud-breach-murky-details
https://www.darkreading.com/cloud-security/ticketmaster-breach-showcases-saas-data-security-risks

FBI Warns of Rise in Work-From-Home Scams
https://www.infosecurity-magazine.com/news/fbi-warns-rise-wfh-scams/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity

Get our new Shared Security Podcast glitter stickers!
https://sharedsecurity.net/stickers

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Watch and Subscribe on Odysee (YouTube alternative)
https://odysee.com/@SharedSecurity:c

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Shared Security Podcast.

Sober in Cyber: Creating Alcohol-Free Networking in Cybersecurity with Jen VanAntwerp

Tom Eston, Jen VanAntwerp — Mon, 03 Jun 2024 00:00:53 -0400

In this episode host Tom Eston welcomes Jen VanAntwerp, founder of Sober in Cyber. Jen shares her journey in cybersecurity and marketing, and discusses the motivation behind creating alcohol-free networking events. Sober in Cyber provides much-needed alternatives to typical alcohol-centered industry events, fostering inclusive environments for both sober professionals and those simply seeking a different experience. Tune in to learn about their successful sober events, the growing support for such initiatives, and how they foster authentic professional connections without the influence of alcohol. For more details, visit SoberInCyber.org and join their supportive community on Discord.

** Links mentioned on the show **

Find out more about Sober in Cyber
https://www.soberincyber.org/

Join the Sober in Cyber Discord
https://discord.gg/cyqmY9CJ

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

Get our new Shared Security Podcast glitter stickers!
https://sharedsecurity.net/stickers

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Watch and Subscribe on Odysee (YouTube alternative)
https://odysee.com/@SharedSecurity:c

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Sober in Cyber: Creating Alcohol-Free Networking in Cybersecurity with Jen VanAntwerp appeared first on Shared Security Podcast.

Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy

Tom Eston, Kevin Johnson — Mon, 27 May 2024 00:00:11 -0400

Episode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsoft’s Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by default. Tom and Kevin express significant concerns over the implications for privacy, data security, and the potential for misuse of these features. Discussions cover the technical workings, potential vulnerabilities, and broader impacts of these technologies on privacy and security. The episode also mentions anecdotes that illustrate the practical downsides of such technologies and hints at the broader trend of companies training AI models with user data without adequate transparency or consent.

** Links mentioned on the show **

Get our new Shared Security Podcast glitter stickers!
https://sharedsecurity.net/stickers

** Watch this episode on YouTube **

Elon Musk Criticizes Microsoft Feature That Gives PCs ‘Photographic Memory’
https://www.pcmag.com/news/elon-musk-criticizes-microsoft-recall-gives-pc-photographic-memory

Satya Nadella says Windows PCs will have a photographic memory feature called Recall that will remember and understand everything you do on your computer by taking constant screenshots pic.twitter.com/Gubi4DGHcs

— Tsarathustra (@tsarnick) May 20, 2024

Slack Trains Some of Its AI-Powered Features on User Messages, Files
https://www.pcmag.com/news/slack-trains-ai-powered-features-on-user-messages-files

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Watch and Subscribe on Odysee (YouTube alternative)
https://odysee.com/@SharedSecurity:c

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy appeared first on Shared Security Podcast.

New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report

Tom Eston, Kevin Johnson, Scott Wright — Mon, 20 May 2024 00:00:46 -0400

In episode 330 Tom, Scott, and Kevin discuss the new features for iPhones and Android phones designed to warn users about secret trackers, possibly aiding in identifying stalkers. The hosts discuss Apple and Google’s collaboration on a technology called DOLT (Detecting Unwanted Location Trackers), aiming to improve user privacy by detecting Bluetooth trackers like Tiles and AirTags. They also highlight the findings from the 2024 Verizon Data Breach Investigations Report (DBIR), discussing key statistics on company breaches, the average time to remediate vulnerabilities, the rise in ransomware and extortion cases, third-party risks, and the negligible impact of AI on current threats. Additionally, the segment touches on human-related incidents’ significant role in breaches. The episode concludes with the announcement of new Shared Security Podcast stickers.

** Links mentioned on the show **

iPhones And Androids Can Now Warn You of ‘Secret Trackers’
https://www.msn.com/en-gb/money/other/iphones-and-androids-can-now-warn-you-of-secret-trackers/ar-BB1mqmjg

Verizon releases their 2024 Data Breach Investigations Report (DBIR)
https://www.verizon.com/business/en-nl/resources/reports/dbir/2024/summary-of-findings/
https://www.scmagazine.com/news/verizons-2024-data-breach-investigations-report-5-key-takeaways

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Watch and Subscribe on Odysee (YouTube alternative)
https://odysee.com/@SharedSecurity:c

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report appeared first on Shared Security Podcast.

Live at RSA: AI Hype, Enhanced Security, and the Future of Cybersecurity Tools

Tom Eston, Kevin Johnson, Matt Johansen — Mon, 13 May 2024 00:00:37 -0400

In this first-ever in-person recording of Shared Security, Tom and Kevin, along with special guest Matt Johansen from Reddit, discuss their experience at the RSA conference in San Francisco, including their walk-through of 'enhanced security' and the humorous misunderstanding that ensued. The conversation moves to the ubiquity of AI and machine learning buzzwords at the conference, questioning the genuine impact versus hype, and the saturation of AI claims among vendors. They explore the real-world applications of AI, how it's currently being utilized in cybersecurity, and its potential to assist smaller security teams and raise the 'cybersecurity poverty line.' The discussion also touches on the false positives in AI-driven security tools and the nuanced benefits of AI in improving English proficiency globally, which could indirectly assist cybercriminals.

FCC Fines Wireless Carriers $200 million, Google’s Fight Against Malicious Apps

Tom Eston, Kevin Johnson — Mon, 06 May 2024 00:00:45 -0400

In episode 328, Tom and Kevin discuss two major cybersecurity and privacy news stories. The first topic covers the FCC issuing fines to major US wireless carriers for sharing users' real-time location data, totaling nearly $200 million. They express surprise and skepticism over the carriers' actions and deliberate on whether the fines would be impactful or merely seen as the cost of doing business. The second topic revolves around Google's announcement that it prevented 2.28 million malicious apps from reaching the Play Store in 2023, marking a significant effort towards enhancing platform security. The discussion includes insights on the effectiveness of Google's policies, the potential need for more transparency, and the broader implications of policy enforcement in the tech industry.

Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up?

Tom Eston, Kevin Johnson, Scott Wright — Mon, 29 Apr 2024 00:00:51 -0400

In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant's M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing's decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and the potential reasons behind the shift in cyberattack tactics. The episode also explores the challenges of maintaining online privacy within relationships, especially when one partner prioritizes privacy more than the other. Tips on fostering understanding and cooperation on privacy and security practices within a relationship are also covered.

Navigating Security Awareness in the Tech Industry with Erin Gallagher

Tom Eston, Erin Gallagher, Scott Wright — Mon, 22 Apr 2024 00:00:54 -0400

In this episode Erin Gallagher, cybersecurity awareness lead at Fastly, discusses her journey into the field of security awareness and her unique approach to enhancing cybersecurity within tech companies. Erin shares her unconventional path from a communication major to leading security awareness programs at IBM and a large insurance company, before joining Fastly. She highlights the challenges and strategies of tailoring security training to diverse roles within tech companies, emphasizing the importance of role-based training over traditional methods like phishing simulations. Erin also tackles the critical role of communication skills in security awareness, the need for empathetic engagement with employees, and the importance of demonstrating the value of security awareness programs, especially in uncertain economic times. The episode also touches on Erin's success in engaging with all levels of staff, including executives, and her thoughts on the future of security awareness in the tech industry.

Linux Backdoor Infection Scare, Massive Social Security Number Heist

Tom Eston, Kevin Johnson — Mon, 15 Apr 2024 00:00:46 -0400

In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained commit access and inserted a backdoor. The episode further delves into a cybersecurity incident where hackers stole 340,000 social security numbers from a government consulting firm, emphasizing the implications and broader concerns related to data security in government contractors and the inefficacy of response mechanisms. Additionally, the hosts explore the negative influences of marketing in the cybersecurity industry, particularly following significant security breaches.

Massive AT&T Data Leak, The Danger of Thread Hijacking

Tom Eston, Scott Wright — Mon, 08 Apr 2024 00:00:14 -0400

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by TechCrunch. The episode also details the thread jacking phishing attack, emphasizing the importance of recognizing unexpected email threads and the potential dangers of malicious attachments. The episode concludes with a brief discussion on the upcoming solar eclipse, stressing the importance of using ISO-certified glasses for viewing.

New Hotel Lock Vulnerabilities, Glassdoor Anonymity Issues

Tom Eston, Kevin Johnson, Scott Wright — Mon, 01 Apr 2024 00:00:17 -0400

In episode 323, the hosts discuss two prominent topics. The first segment discusses a significant vulnerability discovered in hotel locks, branded as 'Unsaflok,' affecting 3 million doors across 131 countries. The vulnerability allows attackers to create master keys from a regular key, granted access to all doors in a hotel. The co-hosts also discuss the vulnerability's relation to legacy systems and the implications for hotel security. The second segment shifts focus to Glassdoor, revealing that the popular company review site can no longer guarantee anonymity due to changes following its acquisition of Fishbowl, raising concerns about privacy and the potential misuse of personal data. Additionally, the hosts cover the importance of maintaining security in physical and information security systems and the challenges businesses face when upgrading these systems.

Alyssa Miller: Charting the Course Through InfoSec and Aviation

Tom Eston, Kevin Johnson, Scott Wright, Alyssa Miller — Mon, 25 Mar 2024 00:00:24 -0400

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa's journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect of on-prem data centers. Alyssa also shares a personal story about encountering workplace discrimination, offering advice based on her experiences. Additionally, the discussion touches on upcoming conference talks Alyssa is giving, which link her passion for aviation with lessons for the cybersecurity field. The episode touches on critical InfoSec challenges for 2024, humorously dismissing the hype around generative AI and quantum computing as the main issues.

The TikTok Ban Bill, Your Car is Spying on You, Signal’s Username Update

Tom Eston, Kevin Johnson, Scott Wright — Mon, 18 Mar 2024 00:00:08 -0400

In episode 321, the hosts discuss how connected cars are sharing driving data with insurance companies, potentially leading to increased rates for drivers. They also talk about the anti-TikTok bill passed by the House, which could force ByteDance to sell TikTok or face a ban in app stores. The episode also covers a significant update to Signal, allowing users to use usernames instead of phone numbers, enhancing privacy. Insights into privacy policies, the importance of understanding consent, and the broader implications of data collection and sharing among different entities are also discussed.

Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware

Tom Eston, Scott Wright — Mon, 11 Mar 2024 00:00:22 -0400

In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user's and Meta's part. They explore the possibility of inadequate security measures on these platforms and the implications of Meta potentially profiting from fraudulent ads. The episode also covers a Wired article regarding 41 state attorney generals in the U.S. urging Meta to enhance their security to manage the rising complaints of account theft. Furthermore, the 'Aware Much' segment highlights a new threat involving spoofed Zoom, Google, and Skype meeting requests that spread remote access Trojans (RATs), discussing the sophistication of these phishing attacks and malware's ability to compromise systems. The conversation touches on the effectiveness of two-factor authentication (2FA), the challenge of identifying malicious URLs, and the role of government in pressuring companies like Meta to improve security practices.

Don’t Trust Your AI Girlfriend or Boyfriend, Exposing US Government Data Collection

Tom Eston, Kevin Johnson — Mon, 04 Mar 2024 00:00:19 -0500

In Episode 319, Tom and Kevin discuss the potential data privacy risks associated with having an AI 'girlfriend' or 'boyfriend' and why one should refrain from sharing their personal data with such AIs. They engage in a humorous conversation about the unusual advertisements these AI companions attract, while expressing concerns over their deceptive and sensitive data gathering. The episode also explores the controversial issue of the U.S. government collecting vast amounts of consumer data. Allegedly, the government acquires data from various sources including cell phones, social media, and internet ad exchanges, potentially for surveillance purposes. Tom and Kevin argue that such practice is an abuse of the system, potentially bypassing laws meant to protect the innocent, and opens up a possibility for misuse by government employees.

‘Get to Know Me’ Privacy Risks, Pros and Cons of Publicly Sharing Ring Doorbell Footage

Tom Eston, Kevin Johnson — Mon, 26 Feb 2024 00:00:08 -0500

In episode 318, we discuss the trending 'get to know me' posts on social media platforms like Instagram and the potential risks of sharing personal information publicly, particularly in light of potential misuse for password resetting. We recount a similar trend observed years ago when social media was in its infancy. The second topic covers Ring's decision to discontinue its 'Request for assistance' feature on its Neighbors app which initially allowed police to publicly request doorbell footage without a warrant. We explore various viewpoints on this topic, including the need for warrants, privacy concerns, and the potential misuse of information, while also highlighting different methods of ensuring online security.

25.6 Million Dollar Deepfake Scam, Exploring Canada’s Flipper Zero Ban

Tom Eston, Kevin Johnson — Mon, 19 Feb 2024 00:00:57 -0500

In episode 317, the Tom and Kevin discuss a reported deepfake scam that allegedly led to the theft of 25.6 million from a multinational company and Canada's attempt to ban the Flipper Zero device, believing it plays a role in auto thefts. They critique the Canadian government's understanding of the device and its capabilities, questioning whether the move is political posturing rather than a measure to enhance public safety. The hosts also speak about the 'human password' concept, which prompts a broader discussion about the importance of out-of-band confirmation for financial transactions.

Jason Haddix on Bug Bounties and Cybersecurity Career Growth

Tom Eston, Kevin Johnson, Scott Wright, Jason Haddix — Mon, 12 Feb 2024 00:00:48 -0500

In episode 316, we have the pleasure to chat with Jason Haddix, a prominent influencer in the cybersecurity community. With an intriguing career path, from being a 'computer kid', venturing into the nascent dark web, to becoming a respected figure in the Bug Bounty space, his journey is nothing short of inspiration. We dive into the evolution and the current state of Bug Bounty, the emergence of consultancy within the Bug Bounty companies, the unique live hacking events, and the impact of open-source tooling coming from this ecosystem. Towards the end, Jason introduces his new venture, Arcanum Information Security. Tune in and update yourself with exciting insights from a veterans' perspective.

The Problem of Victim Blaming in Cybersecurity: Empathy, Responsibility & Ethical Practices

Tom Eston, Kevin Johnson, Andra Zaharia — Mon, 05 Feb 2024 00:00:08 -0500

In this episode of the Shared Security Podcast, we discuss the concerning issue of victim-blaming in cybersecurity with special guest, Andra Zaharia, host of the Cyber Empathy and We Think We Know podcasts. Key topics include the societal issues within cybersecurity, the role of empathy in business and cybersecurity, leadership's role in empathy and the recent 23andMe data breach. We discuss how companies can enhance empathy after a data breach while touching on the undeniable influence employees, especially those in security teams, play in promoting empathy within their organizations.

Secure Your iPhone: Exploring Stolen Device Protection

Tom Eston — Mon, 29 Jan 2024 00:00:26 -0500

In this episode, host Tom Eston provides a detailed explanation of the 'Stolen Device Protection' for iPhones - a new security feature by Apple. This feature triggers enhanced security factors such as Face ID, Touch ID, and an hour-long security delay for critical actions when the phone is away from familiar locations. Tom also provides guidance on how to enable and disable this feature on iOS 17.3. Lastly, he advises viewers to disable the feature, and erase and reset the iPhone when they decide to sell, give away, or trade their device.

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Tom Eston, Scott Wright — Mon, 22 Jan 2024 00:00:03 -0500

In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting a guide written by Rachel Tobac. Lastly, they share fascinating news about a network connected wrench, the Bosch Rexroth Handheld Nutrunner, could be used in a ransomware attack, hinting how even everyday objects are now internet-connected. Join hosts, Tom and Scott, in this engaging conversation revolving around critical cybersecurity topics!

Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses

Tom Eston, Scott Wright — Mon, 15 Jan 2024 00:00:29 -0500

In episode 312, Tom and Scott discuss the implications of a new law in Ohio that may require parental consent for children under 16 using social media, including the pros and cons of this legislation. They also discuss Meta's new link history feature and the repercussions it might have on ad targeting on Facebook and Instagram. The episode concludes with a discussion on a court case in Ottawa, where a judge ruled that three smartphones from an alleged pedophile must be returned after 175 million unsuccessful passcode guesses. Plus, don’t miss the discussion about some refined AI-generated security awareness manager images shared by a Patron!

Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App

Tom Eston — Mon, 08 Jan 2024 00:00:35 -0500

In this episode, we discuss the most sophisticated iPhone exploit ever, Google’s agreement to settle a $5 billion lawsuit about tracking users in ‘incognito’ mode, and a new iOS app, Journal. The iPhone exploit, known as Operation Triangulation, has complex chains of events that lead to compromised iPhone security. Meanwhile, the lawsuit against Google claims that the company’s technology was still tracking users’ site visits even in ‘incognito’ mode. The newly added Journal app on iOS has raised questions and discussions on its security and privacy features as it encourages users to put their life updates on the app.

** Links mentioned on the show *

iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers
https://www.hackread.com/iphone-spyware-exploits-obscure-chip-feature/
https://usa.kaspersky.com/blog/triangulation-attack-on-ios/28444/

Google settles $5 billion privacy lawsuit over tracking people using ‘incognito mode’
https://www.npr.org/2023/12/30/1222268415/google-settles-5-billion-privacy-lawsuit

Apple launches Journal, a new app to reflect on everyday moments and life’s special events
https://www.apple.com/newsroom/2023/12/apple-launches-journal-app-a-new-app-for-reflecting-on-everyday-moments/

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

** Thank you to our sponsors! **

SLNT

Click Armor

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Watch and Subscribe on Odysee (YouTube alternative)
https://odysee.com/@SharedSecurity:c

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

The post Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App appeared first on Shared Security Podcast.

The Three Keys to Success in Cybersecurity

Tom Eston — Mon, 01 Jan 2024 00:00:43 -0500

In this episode, host Tom Eston shares the three key lessons he's learned over his 18-year career in cybersecurity: effective communication, continuous learning, and empathy. He talks about the importance of understanding and reaching both technical and non-technical audiences, the necessity of continuous learning despite your role, and the power of empathy in contributing to success.

The Year in Review and 2024 Predictions

Tom Eston, Kevin Johnson, Scott Wright — Mon, 25 Dec 2023 00:00:10 -0500

In our last episode of the year, we replay our predictions for 2023 reviewing what we got right and what we didn't. We cover various topics, such as Twitter's influence, the future of Mastodon, the ban of TikTok in certain states, and the rising issue of ransomware. In addition, we give credit to Scott for accurately predicting multiple cybersecurity events during the year! We also share our expectations for 2024 — predicting increased AI adoption, many more cybersecurity layoffs, more consolidation in InfoSec, and implementation of flawed legislation targeting symptoms instead of causes.

Password Security for the Elderly: Tips and Best Practices

Tom Eston, Kevin Johnson, Scott Wright — Mon, 18 Dec 2023 00:00:06 -0500

In episode 308, we discuss the often overlooked topic of password management for the elderly. Addressing the commonly held belief that writing down passwords is a bad idea, we discuss the nuances and context of this practice. Elderly individuals who may struggle with technology can benefit from recording passwords, but we discuss the importance of putting suitable controls around this. We also touch on usability issues associated with technology changes and the consequences of not planning for what happens to a person's digital presence after they pass away. Do you have your own tips or stories of your experiences with passwords and the elderly? We would love to hear your comments on our YouTube video, on X, or on the episode post on sharedsecurity.net!

iOS 17 NameDrop Debunking, Real World QR Code Attacks, Impact of Ransomware on Hospitals

Tom Eston, Scott Wright — Mon, 11 Dec 2023 00:00:46 -0500

In episode 307, Tom and Scott debunk misinformation circulating about the iOS 17 NameDrop feature by law enforcement and others on social media. Next, they discuss the potential risks of QR code scams, detailing a real-life incident where a woman lost a significant amount of money due to a QR code scam. Finally, the episode concludes with a discussion on a ransomware attack on a large US healthcare provider, examining potential repercussions and stressing the need for increased security for critical infrastructure. Co-host Scott Wright also presents an overview of the Click Armor platform, an innovative gamified security awareness training platform.

Application Security Trends & Challenges with Tanya Janca

Tom Eston, Tanya Janca, Scott Wright — Mon, 04 Dec 2023 00:00:35 -0500

In episode 306, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of AppSec. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner with Semgrep, a company that aligns with her vision of providing free resources in the AppSec community. Despite facing a failed acquisition process the previous year, WeHackPurple received multiple acquisition offers, leading to a bidding war. In addition, Tanya shares her optimism about the maturity of AppSec programs, presents her concerns about consolidation in the industry, and highlights the importance of role-based, tailored training. She also reveals her ongoing work on the sequel to her book titled 'Alice and Bob Learn Secure Coding' and hints at the launch of the Semgrep Academy. For our Patreon supporters, don't miss our bonus episode where Tanya shares her biggest career accomplishment and failure, offering invaluable lessons for all!

Apple Finally Adopts RCS, AI Powered Scams Targeting the Elderly

Tom Eston, Kevin Johnson — Mon, 27 Nov 2023 00:00:06 -0500

In this episode, Tom shows off AI generated images of a "Lonely and Sad Security Awareness Manager in a Dog Pound" and the humorous outcomes. The conversation shifts to Apple's upcoming support for Rich Communication Services (RCS) and the potential security implications. Lastly, Tom and Kevin reflect on reports of AI-powered voice cloning scams targeting elderly Americans, and argue that the true issue lies with social engineering rather than the involvement of AI.

Paying Big Tech for Privacy, New Privacy Policy Study, Biden’s Executive Order on AI

Tom Eston, Kevin Johnson, Scott Wright — Mon, 20 Nov 2023 00:00:17 -0500

In this week's episode of the Shared Security Podcast, hosts Tom Eston, Scott Wright and Kevin Johnson tackle a number of topics related to AI, privacy and security. They begin with an amusing discussion about their respective roles on the podcast, before shifting to big tech's use of user data and whether subscribers should pay to not have their data used. The focus then turns to a recent move by Meta to charge European users who wish to use Instagram and Facebook without ads. Next, they touch on new research from NordVPN about the burdensome length and complexity of privacy policies on popular websites, and offer alternatives for consumers to navigate them. Lastly, the hosts discuss a new executive order by the Biden administration directed towards AI companies, calling for a watermark system to alert consumers when they interact with an AI-enabled product. They express concerns about businesses benefiting from the new AI rules while potentially stifling competition and highlight the need for stronger, enforceable laws to truly protect users' data and privacy.

SEC vs. SolarWinds CISO, Classiscam Scam-as-a-Service

Tom Eston, Kevin Johnson, Scott Wright — Mon, 13 Nov 2023 00:00:41 -0500

In this episode we discuss the SEC's charges against SolarWinds' CISO for misleading investors about a major cyberattack. Plus don't miss our discussion about the shady world of "Classiscam Scam-as-a-Service," a very popular cyber criminal service that creates fake user accounts, posts fraudulent reviews, and boosts the reputation of dishonest sellers while defrauding e-commerce platforms.

Okta Hacked Again, Quishing Is The New Phishing, Google Play Protect Real-Time Scanning

Tom Eston, Scott Wright — Mon, 06 Nov 2023 00:00:27 -0500

In this episode, we explore the recent Okta breach where hackers obtained sensitive customer data via unauthorized access to the Okta support system. Next, we discuss the emerging threat of "quishing," a combination of voice calls and phishing that preys on unsuspecting victims. Finally, we discuss Google Play Protect's new feature, "Real-time App Analysis," which enhances Android device security by helping prevent malware from being installed.

How to Opt Out of CPNI Data Sharing

Tom Eston — Mon, 30 Oct 2023 00:00:57 -0400

Did you know that your mobile phone provider can give data like phone numbers you've called and received, the time and date of those calls, and even your location data to their parent companies, affiliates, and agents? In this episode we show you how to opt out so you can stop your data from being being shared!

Special Guest Jayson E. Street, Phantom Hacker Scams, 23andMe User Data For Sale

Tom Eston, Kevin Johnson, Scott Wright, Jayson E. Street — Mon, 23 Oct 2023 00:00:52 -0400

In milestone episode 300, Jayson E. Street (a renowned hacker, helper, and human who has successfully robbed banks, hotels, government facilities, and Biochemical companies on five continents) joins us to share what he's been up to recently and to talk about his new role at Secure Yeti. Next, we explore the alarming rise of 'phantom hacker' scams targeting the elderly. The FBI issues a stern warning about these evolving tech support scams that are draining the savings of unsuspecting seniors. We uncover the extent of the issue, with staggering victim losses and disturbing trends. Finally, we unravel the unsettling revelation that private user data from 23andMe has been scraped and is up for sale, raising concerns about credential stuffing attacks, user privacy, and data security. For our Patreon supporters, check out this week's bonus episode where Jayson shares his recent gaming adventures in Starfield and No Man's Sky! If you're not a supporter yet, head to https://patreon.com/sharedsecurity to discover how you can access this exclusive content.

Educating the Next Cybersecurity Generation with Tib3rius

Tom Eston, Tib3rius — Mon, 16 Oct 2023 00:00:58 -0400

In this episode, we explore the remarkable journey of Tib3rius, a web application hacking expert and content creator. In this engaging conversation, we discuss: - Tib3rius' passion for community education and content creation. What fuels his desire to empower the next generation of cybersecurity professionals? - His expertise and enthusiasm for web application hacking, and we explore the transformative shifts in Application Security over recent years. - If you're new to the industry and aspire to be a web application pentester, don't miss the valuable insights Tib3rius has to offer. - Get the inside scoop on Tib3rius' latest move to TCM Security and his courses, with a spotlight on his upcoming web application security pentesting course! For our Patreon supporters, an extraordinary bonus episode awaits, where Tib3rius unveils two of his most astonishing hacks! This is a discussion you won't want to miss. If you're not a supporter yet, head to patreon.com/sharedsecurity to discover how you can access this exclusive content.

Your Car is a Privacy Nightmare, Password Creation Best Practices, Sony Hacked Again

Tom Eston, Kevin Johnson, Scott Wright — Mon, 09 Oct 2023 00:00:48 -0400

In this episode, we discuss the Mozilla Foundation's alarming report that reveals why cars are the top privacy concern. Modern vehicles, equipped with data-collecting tech, pose significant risks to consumers' privacy, with data sharing even extending to law enforcement. Listen in to our discussion as we explore the urgent need for transparency and *gasp* regulations in the automotive industry. Next, we explore the best practices around password creation and why password requirements are so different between organizations and applications you use every day. Lastly, Sony has suffered two security breaches in the past four months. In their latest breach, we discuss how a zero-day vulnerability led to unauthorized access and the Clop ransomware gang's involvement, affecting thousands of individuals.

Is My Boss Spying on Me, Instagram Painting Scam, Kia and Hyundai TikTok Challenge

Tom Eston, Scott Wright — Mon, 02 Oct 2023 00:00:11 -0400

In this episode, we explore the growing trend of AI surveillance in corporations, where cutting-edge technology is used to monitor employees, optimize productivity, and raise ethical concerns. Next, we uncover a disturbing Instagram scam that lures unsuspecting victims into a trap, highlighting the deceptive tactics employed by cyber criminals on social media. Finally, discover the startling vulnerabilities in Kia and Hyundai vehicles that make them easy targets for car thieves. We discuss the security flaws, the scale of affected vehicles, and practical steps owners can take to protect their cars. Find out how manufacturers are addressing this issue and what it means for your vehicle's security.

Content Creation, Mental Health in Cyber, The MGM Ransomware Attack

Tom Eston, Matt Johansen — Mon, 25 Sep 2023 00:00:26 -0400

In this episode Matt Johansen, Security Architect at Reddit and Vulnerable U newsletter and YouTube content creator, joins host Tom Eston to discuss Matt's background as one of the original "Security Twits", his career journey, his passion for mental health advocacy, the significance of the recent MGM ransomware attack, and a discussion on the pros and cons of paying ransoms.

The Changing Role of the CISO with Ryan Davis, Chief Information Security Officer at NS1

Tom Eston, Ryan Davis — Mon, 18 Sep 2023 00:00:02 -0400

In this episode Ryan Davis, Chief Information Security Officer at NS1, speaks with host Tom Eston about the changing role of the CISO, acquisitions, what the biggest challenges are, and Ryan's advice for those considering a career as a CISO. This is one episode you don't want to miss if you're curious what a CISO does, thinking about becoming one, or currently a CISO yourself.

The FBI’s Qakbot Takedown, QR Code Phishing Attacks, Dox Anyone in America for $15

Tom Eston, Kevin Johnson, Scott Wright — Mon, 11 Sep 2023 00:00:24 -0400

In this episode we discuss the FBI's remarkable takedown of the Qakbot botnet, a saga involving ransomware, cryptocurrency, and the FBI pushing an uninstaller to thousands of victim PCs. Next, we explore how a major U.S. energy organization fell victim to a QR code phishing attack, highlighting the ever-evolving tactics used by attackers. Finally, we discuss the alarming world of personal data exploitation through credit header information and a TransUnion subsidiary, where attackers can dox anyone in America for only $15.

SaaS Attacks: Compromising an Organization without Touching the Network

Tom Eston, Kevin Johnson, Luke Jennings — Mon, 04 Sep 2023 00:00:23 -0400

In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community.

Back to School Cybersecurity, Phishing Pitfalls and Strategies, X’s (Twitter) Blocking Overhaul

Tom Eston, Kevin Johnson, Scott Wright — Mon, 28 Aug 2023 00:00:01 -0400

In this episode, we discuss essential cybersecurity tips for students and educational institutions as they gear up for the school season. From software updates to strong passwords and cybersecurity education, we explore how students and schools can fortify their digital defenses. Next, we navigate the treacherous waters of phishing and related scams, unveiling strategies to outwit malicious links. Hovering over links, cautious email scrutiny, and verification tactics all play a role. Finally, we discuss the surprising policy change by X (formerly Twitter), where blocking faces a major overhaul. Tune in as we discuss the privacy and safety ramifications of this change.

Business Email Compromise Scams Revisited

Tom Eston, Kevin Johnson, Scott Wright — Mon, 21 Aug 2023 00:00:43 -0400

In this best of episode from December 2021, we revisit Business Email Compromise (BEC) scams. What are they, how to identify them, and why BEC scams have resulted in well over $3 billion in losses since 2016, more than any other type of fraud in the U.S. We also share our tips on how to protect yourself and your business from these scams.

The Current and Future State of Email Security with Andy Yen, CEO of Proton

Tom Eston, Andy Yen — Mon, 14 Aug 2023 00:00:24 -0400

In this episode, host Tom Eston speaks with Andy Yen, founder and CEO of Proton, to discuss the current and future state of email security. We also discuss Andy's unique background as a scientist, the importance of using email aliases, an overview of Proton's new password manager (Proton Pass), how AI may impact email security in the future, and how to find out more about how Proton takes a different approach to email security.

Common Sense Advice for Hacker Summer Camp, AI Chatbot Attacks, What’s a Flipper Zero?

Tom Eston, Kevin Johnson — Mon, 07 Aug 2023 00:00:01 -0400

In this episode, we discuss our common sense tips to stay safe and secure while attending "Hacker Summer Camp": BSides, Black Hat, and DEF CON hacking conferences in Las Vegas. Next, we discuss the vulnerabilities and potential adversarial attacks on large language models like ChatGPT and other AI chat bots. Finally, we discuss the Flipper Zero, a versatile hacking device. We discuss its features, the potential use to cause havoc with TVs, garage doors, other wireless devices, and its role in penetration testing.

Your Digital Immortality is Coming, Apple and Google Are Data Gatekeepers, Satellite Security Risks Revealed

Tom Eston, Kevin Johnson, Scott Wright — Mon, 31 Jul 2023 00:00:49 -0400

In this episode, we explore the implications and ethical dilemmas of immortality in the digital world. Listen to our discussion about this cutting-edge technology and its potential impact on our privacy. Next, we discuss the growing trend of Apple and Google becoming custodians of our digital lives. Have these tech companies gone too far? Join the conversation as we discuss the trends and challenges of digital sovereignty. Lastly, satellites form the backbone of our interconnected world, but they might be more vulnerable than we realize. We discuss recent research that uncovers basic security flaws that pose potential risks to our communication systems.

Microsoft Lost Its Keys, Voice Cloning Scams, The Biden-Harris Cybersecurity Labeling Program

Tom Eston, Kevin Johnson, Scott Wright — Mon, 24 Jul 2023 00:00:34 -0400

In this episode, we discuss the recent Microsoft security breach where China-backed hackers gained access to numerous email inboxes, including those of several federal government agencies, using a stolen Microsoft signing key to forge authentication tokens. A TikTok influencer used a voice cloning app to expose a cheating boyfriend. But wait, there's more to this story than meets the eye! We discuss the serious implications of voice cloning and how its being used for new types of phone scams. Lastly, we discuss the recent announcement by the Biden-Harris administration about their new cybersecurity labeling program for smart devices. Will this program help or hinder the security of smart devices?

First Ban on Selling Location Data, Prohibiting Password Managers, Real-Time Crime Center Concerns

Tom Eston, Kevin Johnson, Scott Wright — Mon, 17 Jul 2023 00:00:49 -0400

In this episode we discuss how Massachusetts lawmakers are pushing a groundbreaking bill to ban the buying and selling of location data from mobile devices. This legislation raises vital questions about consumer privacy, digital stalking, and national security threats. Next, we discuss the pros and cons of prohibiting external password managers within organizations. Join the conversation as we weigh the benefits, downsides, and best practices surrounding this hotly debated topic. Finally, we discuss the rise of Real-Time Crime Centers (RTCCs) and the concerns they raise regarding mass surveillance, privacy rights, and data misuse.

Meta’s Threads and Your Privacy, Airline Reservation Scams, IDOR Srikes Back

Tom Eston, Kevin Johnson, Scott Wright — Mon, 10 Jul 2023 00:00:11 -0400

In this episode, we explore the rise of Threads, a new social media app developed by Meta, which has already attracted 10 million users in just seven hours. However, there's a catch – the app collects extensive personal data, sparking concerns about privacy. Next, we dive into the world of airline reservation scams, exposing how fraudsters exploit a loophole to deceive unsuspecting travelers. Learn how to protect yourself and avoid being swindled by these ticket scams. Finally, we discuss the security vulnerability discovered in Eaton's smart security alarm systems, highlighting the significant risks of IDOR (Insecure Direct Object Reference) vulnerabilities and the potential for unauthorized access.

MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches

Tom Eston, Kevin Johnson, Scott Wright — Mon, 03 Jul 2023 00:00:53 -0400

Several major organizations, including British Airways and the BBC, fell victim to the recent MOVEit cyberattack. We discuss the alarming trend of hackers targeting trusted suppliers to gain access to customer data, potentially holding companies and individuals for ransom. Is it better to change passwords regularly or focus on creating complex ones? We discuss the pitfalls of frequent password changes, such as predictable patterns and delayed responses to security breaches. The Department of the Army's Criminal Investigation Division issues a military-wide alert about a program offering free smartwatches to US service members. We discuss the concerns surrounding these devices, from malicious actors targeting personal data to engaging in "brushing" activities.

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Tom Eston, Kevin Johnson, Scott Wright, Paul Asadoorian — Mon, 26 Jun 2023 00:00:42 -0400

Paul Asadoorian, OG security podcaster and host of the popular Paul's Security Weekly podcast, joins us in this episode to talk about his career as one of the original security podcasters. Paul's been podcasting for more then 17 years! Paul also shares with us some of his greatest hacking stories and don't miss our lively discussion about the state of firmware security.

The FTC’s Complaint Against Ring, Detecting Malware Infected Apps, America’s Most Cybersecure Companies

Tom Eston, Kevin Johnson, Scott Wright — Mon, 19 Jun 2023 00:00:03 -0400

The FTC charged Ring, the Amazon-owned home security camera company, for compromising customer privacy and having inadequate security measures. Employees accessed private videos, while hackers exploited vulnerabilities and now Ring needs to reimburse customers $5.8 million dollars. The FTC complaint emphasizes that Ring's actions disregarded privacy and security, putting consumers at risk. Google has removed the iRecorder - Screen Recorder app from the Play Store after it was discovered that it was infected with malware capable of stealing personal information. We discuss several ways to spot malicious apps on your smartphone helping you protect and safeguard your personal information. Finally, we discuss Forbes' collaboration with SecurityScorecard to identify America's Most Cybersecure Companies, and the ethical dilemma that this presents to companies that may not have given their permission to be listed. We also discuss why these lists may make companies a target by hackers (anyone remember the "Hacker Safe" badges?).

How to Break Into a Cybersecurity Career – Phillip Wylie

Tom Eston, Phillip Wylie — Mon, 12 Jun 2023 00:00:32 -0400

In this exciting episode of our podcast we have the pleasure of speaking with Phillip Wylie, a remarkable professional with a captivating career in cybersecurity. Join us as we discuss Phillip's unique journey and uncover valuable insights on breaking into the cybersecurity field. From his origins as a professional wrestler who once bravely faced off against a bear, to his evolution into a respected penetration tester, author, trainer, mentor, and public speaker, Phillip's experiences are nothing short of extraordinary. Join us as Phillip shares his inspiring origin story and sheds light on the following topics: Unveiling the Transformation: From Pro Wrestler to Penetration Tester Bridging the Gap: Phillip's Evolution from Pentester to Author and Trainer Navigating the Cybersecurity Landscape: Phillip's Advice for Aspiring Professionals Are Cybersecurity Certifications Still Valuable? How to Engage and Connect with Phillip Join us for this episode as we discuss the remarkable career journey of Phillip Wylie!

Netflix Cracks Down on Password Sharing, AI Legal Research Gone Wrong, Fake Identities and Surveillance Firms

Tom Eston, Kevin Johnson, Scott Wright — Mon, 05 Jun 2023 00:00:37 -0400

Netflix plans to crack down on the widespread practice of password sharing among households. We discuss their new verification feature and its impact on user experience and security. A lawyer finds himself in hot water after relying on ChatGPT for legal research. We investigate the consequences of referencing non-existent legal cases, the lawyer's claim of unawareness about the AI's potential for false information, and the broader concerns surrounding the risks of AI, including misinformation and bias. Threat intelligence firms are using fake online personas to gather data on Discord, Reddit, WhatsApp, and other apps. Watchdog groups have raised concerns about the potential violation of civil liberties and lack of oversight of this activity.

Meta’s $1.3 Billion Fine, AI Hoax Hysteria, Montana’s TikTok Ban

Tom Eston, Kevin Johnson, Scott Wright — Mon, 29 May 2023 00:00:13 -0400

In this episode, we discuss Meta's record-breaking $1.3 billion fine by the EU for unlawfully transferring user data, shedding light on the increasing risks faced by tech companies in violating privacy rules. Highly realistic images of a Pentagon explosion went viral on Twitter, causing a stock market dip. We discuss the risks associated with Twitter's verification system and the issue of AI and deepfaked images. Montana makes headlines as the first US state to ban TikTok. We discuss the ban's motives, the challenges of implementation, and the broader concerns about personal data protection and online freedom.

Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma

Tom Eston, Kevin Johnson, Scott Wright — Mon, 22 May 2023 00:00:07 -0400

In this episode, we explore the arrival of passwordless Google accounts that use "passkeys," which offer enhanced usability and security. We discuss the benefits of passkeys over traditional passwords, but also why passkeys are not quite ready for prime time use. Next, we discuss Google Domains' introduction of new top-level domains (TLDs) like .zip and .mov, raising concerns about the potential use for malicious activities. We separate fact from fiction, and discuss the real risks involved. Lastly, we examine Twitter's long-awaited encrypted direct messaging feature. We explore the limitations and criticisms surrounding its implementation, highlighting the importance of true end-to-end encryption solutions like Signal.

Private Tweets Exposed, Unauthorized Tracking Collaboration, AI Risks and Regulation

Tom Eston, Kevin Johnson — Mon, 15 May 2023 00:00:19 -0400

In this episode we discuss a recent Twitter security incident that caused private tweets sent to Twitter Circles to become visible to unintended recipients. Next, we discuss the collaboration between Apple and Google to develop a specification for detecting and alerting users of unauthorized tracking using devices like AirTags. Finally, we explore the US government's engagement with major technology companies and AI experts to address the risks associated with generative artificial intelligence (AI). We analyze the White House initiatives and the call for increased regulatory measures in the AI field.

Juice Jacking Debunked, Photographer vs. AI Dataset, Google Authenticator Risks

Tom Eston, Kevin Johnson — Mon, 08 May 2023 00:00:02 -0400

In this episode we debunk the fearmongering surrounding "juice jacking," a cyber attack where attackers steal data from devices that are charging via USB ports. Next, we dive into a case where a photographer tried to get his photos removed from an AI dataset, only to receive an invoice instead of having his photos taken down. Finally, we examine the security risks of using Google Authenticator's cloud sync feature for two-factor authentication. We explain why this feature may not provide adequate protection and offer recommendations for more secure alternatives.

Building a Healthy Security Culture: Insights from Kai Roer

Tom Eston, Scott Wright, Kai Roer — Mon, 01 May 2023 00:00:41 -0400

In this episode we speak with Kai Roer, a renowned author, security culture coach, and CEO of Praxis Security Labs. Kai shares his career journey in cybersecurity and emphasizes the importance of building a strong security culture within organizations. He identifies the biggest impediments to a good security culture and offers actionable steps that organizations can take to improve their culture. Kai also discusses some of the biggest surprises he's encountered in his work and provides insights for security awareness professionals and executives to learn about the most critical aspects of security culture. Finally, Kai shares his vision for the future of cybersecurity and his current projects.

Arkansas Social Media Consent Law, Android Malware Invasion, New Method of Keyless Car Theft

Tom Eston, Scott Wright, Kevin Johnson — Mon, 24 Apr 2023 00:00:36 -0400

Is Arkansas taking the right step to protect children online? A new law passed in the state makes it illegal for minors to use social media without their parent or guardian's consent. Over 60 Android apps on the Google Play Store with more than 100 million downloads have been infiltrated by the new "Tekya" malware. The malware can commit ad fraud and steal Facebook credentials. Criminals are stealing keyless cars in under two minutes with a previously unknown method involving intercepting the signal between the car key and the car.

Genesis Market Crackdown, Life360 App Misuse, Tesla Customer Privacy Concerns

Tom Eston, Scott Wright, Kevin Johnson — Mon, 17 Apr 2023 00:00:03 -0400

Law enforcement agencies across 17 countries have cracked down on Genesis Market, one of the largest criminal marketplaces, resulting in the arrests of 120 people globally. Popular family safety app, Life360, has been used by sex traffickers to monitor and control their victims, highlighting the increasing use of GPS technology by criminals. A recent news report reveals that groups of Tesla employees shared highly invasive videos and images recorded by customers’ car cameras, including embarrassing and vulnerable situations. The leaked footage was shared via an internal messaging system, potentially compromising customer privacy.

Clearview AI Facial Recognition Fallout, Hacked and Helpless, Is AI Armageddon Upon Us?

Tom Eston, Scott Wright, Kevin Johnson — Mon, 10 Apr 2023 00:00:12 -0400

Clearview AI provided police with 30 billion scraped images from Facebook, raising concerns over privacy and the potential misuse of facial recognition technology. A victim of a phone hack shares their story of how their credit card was stolen, highlighting the vulnerability of personal information and the chain of events that happen when someone's identity is stolen. Our discussion about an open letter calling for the regulation of AI development due to potential dangers and misuse has become a source of controversy within the tech community. We also discuss an extreme proposal of using the threat of nuclear war to prevent the rise of artificial intelligence.

The TikTok CEO Testimony, ChatGPT’s Privacy Risks, Inaudible Ultrasound Attacks

Tom Eston, Kevin Johnson — Mon, 03 Apr 2023 00:00:31 -0400

The CEO of TikTok was criticized by Congress for his "worthless" assurances regarding the app's privacy and security. But what is the real motivation for Congress attempting to ban TikTok? Should we be concerned that AI language models like ChatGPT are a privacy nightmare? Not just for businesses but for anyone using it? Researchers have found a way to use inaudible ultrasonic waves to attack smartphones, smart speakers, and other devices by taking control of their voice assistants, opening browser windows, and performing other malicious actions. Is this the next generation of attacks we need to be worried about?

Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist

Tom Eston, Scott Wright — Mon, 27 Mar 2023 00:00:57 -0400

In this episode we discuss Google's discovery of 18 zero-day vulnerabilities in Samsung's Exynos chipsets. We examine an AI-assisted social engineering campaign that combines emerging technologies with classic techniques. Finally, we look at a new method of ATM fraud where thieves use glue to disable card readers and trick customers into using the tap function on their debit cards.

Exploring the Role of Empathy in Cybersecurity with Andra Zaharia

Tom Eston, Andra Zaharia — Mon, 20 Mar 2023 00:00:55 -0400

On this episode, Tom Eston discusses empathy in cybersecurity with Andra Zaharia, host of the Cyber Empathy Podcast. We talk about finding her passion for contributing to the industry and the importance of empathy in cybersecurity. We cover how empathy relates to cybersecurity in the industry, the importance of being empathetic in our roles as cybersecurity professionals, and why the phrase "users are the weakest link in security" is nothing more than victim blaming. We also discuss the long term implications of new technology and how we can help educate people on how to build and use technology with kindness and how even impacting one person can make a difference.

Biden’s National Cybersecurity Strategy, BetterHelp’s FTC Fine, Chick-fil-A Data Breach

Tom Eston — Mon, 13 Mar 2023 00:00:47 -0400

What you need to know about Biden's new National Cybersecurity Strategy, which aims to provide a framework of what the current administration wants the US federal government, critical infrastructure organizations, and private companies to do to work together to improve national cybersecurity. BetterHelp, a direct-to-consumer mental health app, has been asked to pay $7.8m by the Federal Trade Commission (FTC) for allegedly passing on users' mental health information to Facebook, Snapchat and others. Fast food chain Chick-fil-A has confirmed a credential stuffing attack that allowed cybercriminals (who apparently really love chicken sandwiches) to access 71,473 customer accounts and sell access to them online.

The LastPass Attack Gets Worse, What is Gamification, Signal’s Encryption Standoff

Tom Eston, Scott Wright, Kevin Johnson — Mon, 06 Mar 2023 00:00:19 -0500

Popular password manager LastPass suffered a second attack that lasted for over two months. Now new and disturbing information is being released about the attack. Scott discusses the benefits and challenges of using gamification in security awareness training, emphasizing the importance of individual learning before employing it at the business process level. Signal, a very popular encrypted messaging app, warns it may leave the UK if new online safety legislation weakens its end-to-end encryption, sparking controversy and debate over privacy concerns.

Twitter’s Paywall 2FA, Mental Health Data for Sale, Meta’s Verified Program

Tom Eston, Scott Wright, Kevin Johnson — Mon, 27 Feb 2023 00:00:09 -0500

Twitter is phasing out its free text message two-factor authentication (2FA) and putting the feature behind a paywall, prompting security experts to advise Twitter users to switch to other authentication methods. How data brokers are selling sensitive mental health data for a few hundred dollars with little attempt to hide identifying information such as names and addresses. A new report highlights how some firms are offering the data for as low as $275 for information on 5,000 people, and Congress has yet to pass significant legislation on data brokers. Meta (formerly Facebook) has launched a new program called Meta Verified which aims to unify verification across all of the company's platforms. Users can pay a monthly fee to verify their presence on Facebook and Instagram by submitting their government ID.

Reddit Hacked, Preventing Accidental Location Sharing, Developer Hacks His Own Company

Tom Eston, Scott Wright — Mon, 20 Feb 2023 00:00:42 -0500

Reddit announced that it was the victim of a phishing attack aimed at its employees, resulting in unauthorized access to internal documents, code, and some unspecified business systems. Advice on managing device location-tracking settings to ensure you're not sharing your location inadvertently. The case of former Ubiquiti employee, Nickolas Sharp, who pled guilty to multiple felony charges after orchestrating a security breach, stealing data, and extorting almost $2m worth of cryptocurrency from his company. Plus, our thoughts about UFO's and Chinese spy balloons!

Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers

Tom Eston, Kathleen Smith — Mon, 13 Feb 2023 00:00:56 -0500

In this episode host Tom Eston sits down with Kathleen Smith, Chief Outreach Officer at ClearedJobs.net, to discuss the current state of the job market in the cybersecurity industry. With a recent surge in layoffs, Kathleen provides advice for those who were recently let go and discusses how the economic situation has affected recruiters. She also shares her predictions for changes in the recruitment process and offers advice for job seekers. Finally, Kathleen shares more about her role at Cleared Jobs and how listeners can get in touch.

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Tom Eston, Scott Wright, Kevin Johnson — Mon, 06 Feb 2023 00:00:13 -0500

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors. Not only that, a new vulnerability in the popular open-source password management software KeePass has also been reported. Three health tracking apps available on Google Play (Lucky Step, WalkingJoy, Lucky Habit: health tracker) have been downloaded on over 20 million devices, but a recent report shows that the rewards for using the apps are impossible or only partially available after watching tons of ads. A bug in Meta's Accounts Center feature allowed hackers to bypass two-factor authentication (2FA) by brute force guessing a six-digit authentication code.

U.S. ‘No Fly List’ Leaks, AI-Powered Phishing, Wi-Fi Used to See Humans Through Walls

Tom Eston, Scott Wright, Kevin Johnson — Mon, 30 Jan 2023 00:00:26 -0500

A hacker discovered a copy of the US No Fly List, which contains the names of people banned from traveling in or out of the US on commercial flights, on an unsecured Jenkins server connected to a commercial airline. Will AI-powered phishing become a threat for organizations? Scientists from Carnegie Mellon University have developed a way to sense humans through walls using a deep neural network called DensePose that maps Wi-Fi signals to UV coordinates.

Social Zombies Revisited: Your Friends Want to Eat Your Brains

Tom Eston, Kevin Johnson — Mon, 23 Jan 2023 00:00:34 -0500

On this week's episode, We're excited to bring you a classic conference talk that Tom Eston gave with co-host Kevin Johnson back in 2009 at DEF CON 17 in Las Vegas. The talk is called "Social Zombies: Your Friends Want to Eat Your Brains" and it explores the various risks and concerns related to malware delivery through social networking sites. We discuss how social networks make money and the privacy and security issues that arise due to the trust built on these platforms. We also delve into typical botnets and bot programs, and examine the delivery of malware through social networks and the use of these networks as command and control channels. Interestingly, not a lot has changed in terms of the privacy and security of social networks since we gave this presentation, so it's still highly relevant today. We hope you enjoy revisiting this classic talk with us this week on the Shared Security Show!

Meta’s EU Ad Practices Ruled Illegal, Twitter API Data Breach, Vulnerabilities in Major Car Brands

Tom Eston, Scott Wright, Kevin Johnson — Mon, 16 Jan 2023 00:00:27 -0500

Facebook has been ordered to pay a fine of $414m by EU regulators who ruled that the company had broken EU law by forcing users to accept personalized ads. The ruling could have a major impact on Facebook's advertising business in the EU, which is one of the company's largest markets, if it is required to make changes to its advertising practices. A hacker has claimed to have the personal data of 400 million Twitter users for sale on the dark web. Attackers have also released the account details and email addresses of 235 million users for free. The information was exposed due to a Twitter API vulnerability shipped in June 2021 and later patched. Security researchers have identified security vulnerabilities in the connected vehicle APIs of 16 major car manufacturers, including Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota.

LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft

Tom Eston, Scott Wright, Kevin Johnson — Mon, 09 Jan 2023 00:00:41 -0500

Things get worse for LastPass as a security breach in November resulted in the theft of customer data, including encrypted password vaults and unencrypted web addresses. Pig butchering scams, a variation of business email compromise and romance scams, are on the rise. How do they work and what do you need to know to protect yourself? Okta, a major identity and authentication company, has suffered another security breach following the "suspicious access" to its code repositories on Github.

How to Stop Online Tracking: 3 New Ways

Tom Eston — Mon, 02 Jan 2023 00:00:03 -0500

In this episode, Tom Eston discusses one of the biggest privacy concerns people have today, online tracking by companies and advertisers. Tom will cover the following topics, tips, and new techniques to help you stop being tracked: Why should we be concerned about online tracking? How to enable and configure the privacy settings in your web browser How your smartphone has privacy settings to block online tracking Using a privacy focused search engine

The Year in Review and 2023 Predictions

Tom Eston, Scott Wright, Kevin Johnson — Mon, 26 Dec 2022 00:00:18 -0500

In our last episode of the year, we discuss the year that was 2022. What did we get right? What did we get wrong? And what are our cybersecurity and privacy predictions for 2023? Thank you to all of our listeners for a great year! We're looking forward to bringing you more content, news, tips, and advice in 2023! Happy New Year!

Apple to Allow Third-Party App Stores, Lensa AI App Privacy Risks, Real-Life Invisibility Cloak

Tom Eston, Scott Wright, Kevin Johnson — Mon, 19 Dec 2022 00:00:04 -0500

Apple is considering giving third-party app stores access to its iPhones and iPads in the European Union (EU) to comply with new competition law. Will the "sideloading" of apps change Apple's walled garden of security? Lensa the AI app that creates artistic profile pictures has gone viral. What are the privacy risks and what does their privacy policy and terms of service really say? A group of four graduate students from Wuhan University in China have developed a coat that they claim is invisible to AI-powered security cameras. How does the coat work and will this technology be used by the Chinese government to improve mass surveillance? Thanks to NordLayer for sponsoring this episode! As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity

ChatGPT Goes Viral, More Trouble for LastPass, Apple’s New Data Protections

Tom Eston, Scott Wright, Kevin Johnson — Mon, 12 Dec 2022 00:00:40 -0500

A chatbot developed by OpenAI, called ChatGPT, has gone viral and is able to mimic human language and speech styles and can interact with users in a conversational way. It can be used for a range of purposes, including writing code, talking like a "Valley girl", and even podcast introduction scripts. Attackers broke into a cloud storage service used by password manager LastPass to gain access to "certain elements" of customers' information. Details on Apple's three new advanced security features to protect user data in iCloud. Thanks to NordLayer for sponsoring this episode! As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity

SASE: Is it Just Another Cybersecurity Buzzword?

Tom Eston — Mon, 05 Dec 2022 12:00:45 -0500

In this sponsored episode co-host Tom Eston discusses SASE (Secure Access Service Edge) and if its more than just the latest cybersecurity buzzword with Carlos Salas from NordLayer. Topics include: - What is SASE (Secure Access Service Edge)? - What's the difference between SASE and SSE (Security Service Edge)? - What challenges/problems do companies encounter while trying to secure cloud networks? - Why would companies need a SASE solution? - Some crucial features of SASE and SSE (Zero Trust Network Access, Cloud Access Security Broker, Secure Web gateway, Firewalls-as-a-Service, Data Loss Protection (DLP), SD-WAN) - What has been and will be the intersection between remote or hybrid work and an organization's cybersecurity needs? Thanks to NordLayer for sponsoring this episode! As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity.

Is Social Media at a Tipping Point, The TikTok Invisible Challenge, San Francisco Police Can Use Killer Robots

Tom Eston, Scott Wright, Kevin Johnson — Mon, 05 Dec 2022 00:00:48 -0500

A recent data breach of 5.4 million Twitter users and Meta being fined $265 million dollars from a 2021 data leak, and people are fleeing Twitter because of Elon Musk. Are we finally seeing a tipping point in social media? What is the TikTok “Invisible Challenge” and how links to fake "unfilter" software is being used to spread malware. Police in San Francisco will be allowed to deploy killer, remote-controlled robots in emergency situations. What could possibly go wrong?

How to Break Into a Cybersecurity Career – Rob Fuller (Mubix)

Tom Eston, Kevin Johnson, Rob Fuller — Mon, 28 Nov 2022 00:00:24 -0500

This week we continue our series on how to break into a cybersecurity career with long time industry veteran, Rob Fuller (Mubix). Rob speaks with us about how he started his career in the Marine Corps, his time on Hak5, and more recently earning his Masters degree. Rob also talks about how these experiences has shaped his career, his best career advice to someone just starting out, and the importance of getting yourself out there and doing the things you enjoy!

The Rise of Mastodon, Twitter in Trouble, Largest Privacy Settlement in US History

Tom Eston, Scott Wright — Mon, 21 Nov 2022 00:00:13 -0500

Twitter users are migrating en masse to Mastodon! So what is Mastodon and what do you need to know about it from a security and privacy perspective? Twitter was flooded by a wave of imposter accounts after the $8 "verification" label fiasco, and details about the largest multi-state privacy settlement in the US where Google has agreed to pay $391 million to resolve an investigation into how the company tracked users’ locations. Plus, you don't want to miss Tom's Canadian dad jokes!

How to Break Into a Cybersecurity Career – Digital Forensics and Incident Response (DFIR)

Tom Eston, Scott Wright, Kevin Johnson, Matt Scheurer — Mon, 14 Nov 2022 00:00:14 -0500

Matt Scheurer, host of the ThreatReel Podcast and Assistant Vice President of Computer Security and Incident Response in a large enterprise environment, joins us to discuss starting a career in digital forensics and incident response (DFIR). Matt discusses how he got started, his advice to anyone that wants to pursue a career in DFIR, and what the future may hold for the DFIR industry. Thanks to NordLayer for sponsoring this episode! Secure your business network with NordLayer. As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity.

Cybersecurity’s Role in Combating Midterm Election Disinformation

Tom Eston, Scott Wright, Kevin Johnson, Katie Teitler — Mon, 07 Nov 2022 00:00:43 -0500

Katie Teitler, Senior Cybersecurity Strategist at Axonius and co-host on the popular Enterprise Security Weekly podcast, joins us to discuss the role of cybersecurity in combating midterm election disinformation. We discuss the difference is between misinformation and disinformation, how we can combat disinformation and what are some things about disinformation, private platforms, and free speech, we all need to think about during the midterm election. Plus, you don't want to miss the story about how co-host Kevin Johnson was knocked out unconscious on an airplane!

CISO Liability Risk and Jail Time, (ISC)2 Bylaw Vote and the Value of Cybersecurity Certifications

Tom Eston, Kevin Johnson, Rafal Los — Mon, 31 Oct 2022 00:00:56 -0400

Rafal Los, host of the popular Down the Security Rabbithole Podcast, joins us to discuss CISO liability risk and the ongoing discussion in the cybersecurity community about CISOs going to jail. Plus, details on the recent (ISC)2 bylaw vote (why you should vote no) and a discussion about the value of cybersecurity certifications.

Attack of the Wi-Fi Spy Drones, How to Destroy Your Old Electronics, Signal Removes SMS Support

Tom Eston, Scott Wright — Mon, 24 Oct 2022 00:00:33 -0400

Two modified wi-fi enabled drones were found on the top of a financial firm's building and used to intercept a employee's credentials, a fun discussion about the best way to physically destroy data on electronics that no longer work, and details about Signal removing SMS support for Android users.

Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn

Tom Eston, Scott Wright — Mon, 17 Oct 2022 00:00:39 -0400

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for LinkedIn.

Hackers Need 5 Hours or Less to Break In, SMS Phishing Tactics, Strange Ways Employees Expose Data

Tom Eston, Scott Wright, Kevin Johnson — Mon, 10 Oct 2022 00:00:40 -0400

A recent survey of ethical hackers by Bishop Fox and SANS shows that once a vulnerability or weakness is found about 58% of ethical hackers can break into an environment in less than five hours, SMS phishing and text message scams appear to be changing tactics taking a more "urgent" tone, and a discussion about strange ways employees can accidentally expose data.

What are Passkeys, PowerPoint Mouseover Attack, 2K Games Support Hacked

Tom Eston, Scott Wright, Kevin Johnson — Mon, 03 Oct 2022 00:00:09 -0400

Passkeys are coming soon to Apple iOS 16 so what are passkeys and why are they an eventual replacement for passwords? Researchers have discovered a new attack that uses mouse movement in Microsoft PowerPoint to deploy malware, and details on how the 2K Games help desk support platform was compromised to push malware through fake support tickets.

Uber Hacked by 18 Year Old, Morgan Stanley Hard Drives Got Auctioned, Deleting Your Data is Hard

Tom Eston, Scott Wright — Mon, 26 Sep 2022 00:00:50 -0400

Uber got hacked by an 18 year old using social engineering and a multi-factor authentication fatigue attack, Morgan Stanley has been auctioning off hard drives holding sensitive client data since 2015, and why is it so hard for social networks to remove personal data when deleting your user account.

Facebook Doesn’t Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out

Tom Eston, Scott Wright — Mon, 19 Sep 2022 00:00:28 -0400

In recent court testimony two Facebook engineers were asked what information, precisely, does Facebook store about us, and where is it? Surprisingly they said, they don't know. Details on how brand new employees of companies are being "spearmished" (hat tip to @ErinInfosec and @RachelTobac via Twitter), and how thousands of Colorado residents found themselves locked out of their smart thermostats to help prevent the power grid from failing.

TikTok Denies Data Breach, Los Angeles School District Ransomware Attack, Fingerprint Scanners in School Bathrooms

Tom Eston, Kevin Johnson — Mon, 12 Sep 2022 00:00:03 -0400

TikTok has denied reports that it was breached by a hacking group, after it claimed they have gained access to over 2 billion user records, the Los Angeles school district, the second-largest in the US, suffered a ransomware attack, and details on how one high school in Sydney Australia installed fingerprint scanners at the entrance to bathrooms to track student movements and prevent vandalism.

LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint

Tom Eston, Scott Wright, Kevin Johnson — Mon, 05 Sep 2022 00:00:36 -0400

Popular password manager LastPass announced that some of their source code was stolen, but that no customer passwords were compromised in a recent data breach disclosure, an Israeli researcher has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards, and details about the Twitter whistleblower Peiter “Mudge” Zatko and his claims about how Twitter had poor security practices, misled federal regulators about safety, and failed to properly estimate the number of bots on Twitter.

Janet Jackson Can Crash Laptops, Credential Phishing Attacks Skyrocket, A Phone Carrier That Doesn’t Track You

Tom Eston, Scott Wright — Mon, 29 Aug 2022 00:00:28 -0400

Janet Jackson’s “Rhythm Nation” has been recognized as an exploit for a vulnerability after Microsoft reported it can crash the hard drives of certain old laptop computers, phishing attacks that compromise credentials using brand impersonation are on the rise, and details about a new privacy focused phone carrier that doesn't track your location or web browsing activity.

Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser

Tom Eston, Kevin Johnson — Mon, 22 Aug 2022 00:00:31 -0400

A Cisco employee was compromised by a ransomware gang using a technique called multi-factor authentication fatigue, an attack on the Signal messenger app's SMS service Twilio potentially disclosed the phone numbers of 1,900 users, and details on how Facebook and Instagram track what you click on including your web browsing history by using their in-app browser.

The Importance of Faraday Technology with Aaron Zar from SLNT

Tom Eston, Aaron Zar — Mon, 15 Aug 2022 00:00:45 -0400

Aaron Zar, SLNT founder and director of disconnection joins co-host Tom Eston to discuss the importance of Faraday technology, what's changed with privacy over the last several years, some of the really cool SLNT Faraday products now available, and how Aaron tested product durability by running over a SLNT Faraday Backpack (containing a MacBook Pro) with a truck! Don't forget, listeners of the podcast get 10% off at slnt.com using discount code "sharedsecurity" during checkout!

Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode

Tom Eston, Scott Wright, Kevin Johnson — Mon, 08 Aug 2022 00:00:43 -0400

Why your phone number is becoming a popular way to identify you, our advise on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung's new repair mode which will protect your private data on your smartphone when you take it in for repairs.

Twitter Data Breach, 15 Minutes to Exploit Zero-Day Vulnerabilities, Resilient Deepfake Traits

Tom Eston, Scott Wright, Kevin Johnson — Mon, 01 Aug 2022 00:00:31 -0400

Twitter suffers a data breach of phone numbers and email addresses belonging to 5.4 million accounts, new research shows that attackers are finding and exploiting zero-day vulnerabilities in 15 minutes, and details on how a resilient trait in videos and images could aid in deepfake detection.

Robert Kerbeck Author of RUSE: Lying the American Dream from Hollywood to Wall Street

Tom Eston, Scott Wright, Kevin Johnson, Robert Kerbeck — Mon, 25 Jul 2022 00:00:19 -0400

In this episode learn all about the world of corporate spying from someone who was a corporate spy and actually wrote a book on it! Robert Kerbeck author of "RUSE: Lying the American Dream from Hollywood to Wall Street" joins us to discuss his fascinating career as a corporate spy, life as a struggling actor, his many celebrity encounters (including his performance in the infamous OJ Simpson exercise video), and how the corporate spying game is still big business. This is one interview you don't want to miss!

Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses

Tom Eston, Kevin Johnson — Mon, 18 Jul 2022 00:00:26 -0400

Apple previews Lockdown Mode which is designed for high risk individuals such as human rights workers, lawyers, politicians and journalists, hotel chain Marriott confirms another data breach, and new details on the development of smart contact lenses and what these could mean for your privacy.

Could TikTok Be Removed From App Stores, HackerOne Employee Caught Stealing Vulnerability Reports, California Gun Owner Data Breach

Tom Eston, Scott Wright, Kevin Johnson — Mon, 11 Jul 2022 00:00:55 -0400

The commissioner of the FCC (Federal Communications Commission), asked the CEOs of Apple and Google to remove TikTok from their app stores, bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports and submitted them for personal gain, and new details on the California gun owner data breach which had exposed the personal information of hundreds of thousands of gun owners.

Period Tracking Apps and Your Privacy, Vendor Impersonation Attacks, LockBit Ransomware Bug Bounty Program

Tom Eston, Scott Wright — Mon, 04 Jul 2022 00:00:27 -0400

Period tracker apps are causing privacy concerns because they could potentially be used against women in states that ban abortion, new research shows that vendors are being impersonated more than employees in Business Email Compromise (BEC) attacks, and details on the first ever bug bounty program from the creators of the LockBit ransomware operation.

Tim Hortons Privacy Investigation, Social Engineering Kill-Chain, Hospitals Sending Facebook Your Data

Tom Eston, Scott Wright, Kevin Johnson — Mon, 27 Jun 2022 00:00:58 -0400

The Tim Hortons mobile app created a “a mass invasion of Canadians’ privacy" by conducting continuous location tracking without user consent even when the app was closed, what is a social engineering kill-chain and how can this help understand and prevent attacks, and new research shows 33 out of the top 100 hospitals in America are sending sensitive heath information to Facebook via the Meta Pixel ad tracking tool.

Bipartisan Digital-Privacy Bill, Delete Your Data Before Selling Your Car, Firefox Total Cookie Protection

Tom Eston, Scott Wright, Kevin Johnson — Mon, 20 Jun 2022 00:00:12 -0400

A new bipartisan privacy bill, the American Data Privacy and Protection Act, "could" be the first privacy legislation in the US not doomed to fail, a story about why you should delete your location and private data in your car's navigation system before selling it, and details on Firefox's new privacy feature called "Total Cookie Protection".

Hacking Ham Radio: Why It’s Still Relevant and How to Get Started

Mon, 13 Jun 2022 00:00:28 -0400

This week we discuss hacking ham radio with special guests Caitlin Johanson, Rick Osgood, and Larry Pesce. In this episode you'll learn what ham radio is, why its still relevant, why would attackers want to hack ham radio, all about packet radio and APRS (Automatic Packet Reporting System), and what equipment and licensing you need to get started in ham radio.

DuckDuckGo Browser Allows Microsoft Trackers, Stolen Verizon Employee Database, Attacking Powered Off iPhones

Tom Eston, Scott Wright, Kevin Johnson — Mon, 06 Jun 2022 00:00:23 -0400

The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the attacker remote access to their corporate computer, and details about new research that shows that even when an iPhone running iOS 15 is turned off, its really not off and certain wireless features allow the phone to be located and possibly attacked.

The State of Application Security with Tanya Janca

Tom Eston, Scott Wright, Kevin Johnson, Tanya Janca — Mon, 30 May 2022 00:00:29 -0400

Tanya Janca, founder of the We Hack Purple Academy, Director of Developer Relations and Community at Bright, and author of "Alice & Bob Learn Application Security" joins us to discuss the current state and future of Application Security. In this episode we discuss what Tanya's been up to, what's changed in AppSec over the last several years, have organizations actually moved to DevSecOps, and what the next big thing in AppSec might be.

Apple Mail Privacy Protection, Government Agencies Reveal Top Attack Vectors, Is Big Brother Watching You at Work?

Tom Eston, Scott Wright, Kevin Johnson — Mon, 23 May 2022 00:00:25 -0400

What is Apple Mail Privacy Protection and how does it hide your IP address, so senders can’t link it to your online activity or determine your location, government authorities such as the FBI and NSA have released a list of top attack vectors used to gain initial access by attackers, and how more companies are deploying privacy invasive surveillance software to monitor their employees at work.

FBI Warrantless Searches, Passwordless Sign-Ins, Keylogging Web Forms

Tom Eston, Scott Wright, Kevin Johnson — Mon, 16 May 2022 00:00:54 -0400

The FBI searched emails, texts and other electronic communications of 3.4 million U.S. residents without a warrant, Apple, Google, and Microsoft have announced they will support a new passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, and details about how some websites are keylogging your data as you type it into a web form, before you hit submit.

Cybersecurity for Startups with Josh Feinblum from Stavvy

Tom Eston, Josh Feinblum — Mon, 09 May 2022 00:00:24 -0400

Josh Feinblum is the co-founder of Stavvy, a Boston-based fully integrated digital mortgage platform, where he leads product, engineering, people, and finance. He also serves as a venture partner at F-Prime Capital, where he evaluates and advises startups of all stages across multiple verticals. Josh talks to us about his journey through cybersecurity including his experience as a CISO at Rapid7 and DigitalOcean, and then leaving cybersecurity to start a totally new business. We discuss how his cybersecurity and privacy experience helped build a successful startup and what he's learned along the way. If you're interested in either joining a startup or building your own startup this is one episode you don't want to miss!

Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition

Tom Eston, Scott Wright, Kevin Johnson — Mon, 02 May 2022 00:00:17 -0400

Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform? More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is a great reminder about making sure you update the BIOS on your computer. Plus, details about researchers who have created a t-shirt that renders the wearer undetectable to facial recognition technology.

Rehumanizing Cybersecurity with Lianne Potter

Tom Eston — Mon, 25 Apr 2022 00:00:33 -0400

Award-winning security transformation manager and digital anthropologist Lianne Potter joins us to discuss the fascinating topic of digital anthropology and how we can rehumanize cybersecurity. In this episode Lianne discusses how she became a digital anthropologist, how this field applies to cybersecurity, and the one thing organizations need to do to bring the human back into their cybersecurity programs.

Dumbphone Sales are Soaring, John Oliver Blackmails Congress, Cicada Chinese APT Group

Tom Eston, Scott Wright, Kevin Johnson — Mon, 18 Apr 2022 00:00:14 -0400

More young people seem to be choosing dumbphones over smartphones, but is it because of privacy concerns or because its trendy? John Oliver, host of the ‘Last Week Tonight’ show, used data brokers to obtain lawmakers’ digital footprints and promised to not release the data as long as Congress passes privacy legislation. Plus details about the Cicada state sponsored Chinese hacking group which hid inside their victims' networks for nine months.

Truths and Myths of Privacy, Fake Shopping Apps, Borat RAT Malware

Tom Eston, Scott Wright, Kevin Johnson — Mon, 11 Apr 2022 00:00:33 -0400

Scott and Tom explain why privacy is not dead, why everyone should care about their privacy, and how you should respond to someone that says "I don't care about privacy, I have nothing to hide!". Plus, details on a new attack using fake shopping apps and how a new malware toolkit called "Borat RAT" is no laughing matter.

Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity?

Tom Eston, Scott Wright, Kevin Johnson — Mon, 04 Apr 2022 00:00:03 -0400

This week we battle it out between the two mobile tech giants, Google Android vs Apple iOS, and discuss which one is better for your privacy and cybersecurity. Topics include: app stores and OS updates, ad tracking, and native text messaging. All this plus how Apple and Facebook fell for a massive email scam.

LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems

Tom Eston — Mon, 28 Mar 2022 00:00:06 -0400

The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1 million weekly downloads released a new tampered version to condemn Russia's invasion of Ukraine by wiping arbitrary file contents.

Top 3 Location Tracking Apps: Do They Sell Your Data?

Tom Eston — Mon, 21 Mar 2022 00:00:55 -0400

This week we discuss the top 3 location tracking apps in the Apple App Store and Google Play and which ones sell your data. Plus, details about recent fake Chick-fil-A and Olive Garden vouchers on Facebook.

Amazon Echos Hack Themselves, Fraud Is Flourishing on Zelle, Samsung Galaxy Source Code Stolen

Tom Eston — Mon, 14 Mar 2022 00:00:45 -0400

A new attack uses Alexa's functionality to force Amazon Echo devices to make self-issued commands, payment app Zelle has become popular with fraudsters and banks don't seem to care, and details about hackers who have stolen source code for Samsung Galaxy devices.

Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers

Tom Eston — Mon, 07 Mar 2022 00:00:31 -0500

This week we discuss some of the more interesting hacks of Russian assets, technology, and more. Scott discusses recent credential stuffing attacks on Microsoft 365 accounts, and a fascinating story about ice cream machine "hackers" that are suing McDonald's for $900 million dollars in damages.

TikTok Circumvents Privacy Protections, Russian Sanction Attacks, Apple AirTag Anti-Stalking Measures

Tom Eston — Mon, 28 Feb 2022 00:00:06 -0500

How TikTok can circumvent privacy protections and performs device tracking that gives TikTok full access to user data, the US government warns about ransomware attacks after Biden's new sanctions against Russia, and details about the latest beta for iOS 15.4 which includes new features designed to prevent Apple AirTags from being used to stalk people.

MoviePass Tracking Your Eyeballs, Shipment Delivery Scams, SIM Swappers Arrested

Tom Eston — Mon, 21 Feb 2022 00:00:17 -0500

MoviePass will use facial recognition and eye tracking to make sure you're watching ads, new types of shipment-delivery scams are being used to spread malware, and details on the arrests of a SIM swapping gang and how you can protect yourself against a SIM swapping attack.

EARN IT Act is Back, Romance Scams, Like and Subscribe Ransomware

Tom Eston — Mon, 14 Feb 2022 00:00:59 -0500

The EARN IT Act is back for a second time which would pave the way for a new massive government surveillance system in the US, romance scams are on the rise so don't fall for love in all the wrong places, and details about a new ransomware attack that wants you to like and subscribe, or else!

Graphics Card Web Tracking, Fake Job Ad Scams, Hacker Takes Down North Korea’s Internet

Tom Eston — Mon, 07 Feb 2022 00:00:35 -0500

Researchers have discovered a new web tracking technique using your graphics card, scammers are exploiting security weaknesses on job recruitment websites to post fraudulent job postings, and how a hacker single-handedly took down North Korea's Internet.

Ukraine Invasion Hacktivists, Insta360 ONE X2 Vulnerabilities, Google Location Tracking Lawsuits

Tom Eston — Mon, 31 Jan 2022 00:00:45 -0500

Hacktivists have hacked a Belarus rail system in an attempt to stop Russian military buildup, someone disclosed a slew of vulnerabilities in the popular Insta360 ONE X2 camera, and Google gets accused of "deceptive" location tracking in multiple lawsuits.

Pandemic Surveillance in Canada, Malware-Filled USB Sticks are Back, Kill Switches in New Cars

Tom Eston — Mon, 24 Jan 2022 00:00:48 -0500

Canada’s federal government admitted to surveilling its population’s movements during the COVID-19 lock-down by tracking 33 million phones, the FBI warned that a hacker group has been sending malware-laden USB sticks to companies, and details on a new law in the United States which will install kill switches in new cars.

Digital Wellbeing with Kelly Finnerty from Startpage

Tom Eston — Wed, 19 Jan 2022 00:00:48 -0500

Kelly Finnerty, Director of Brand at Startpage, joins co-host Tom Eston to discuss the very important topic of digital wellbeing. In this episode you'll learn about the mental, financial, and societal impacts of constant tracking. Plus, what are some holistic approaches and tactics that we can use to help our own digital wellbeing. Kelly also shares details about Startpage's new web browser extension "Startpage Privacy Protection".

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Tom Eston — Mon, 17 Jan 2022 00:00:25 -0500

Norton 360, a popular antivirus product, has installed a cryptocurrency mining program on its customers’ computers, some cities in Texas have been hit with a phishing scam designed to get users to pay through fraudulent QR code stickers on public parking meters, and how Facebook is still collecting data about you even if you deactivate your Facebook account. All this plus the launch of the Shared Security Community on Reddit! (https://www.reddit.com/r/SharedSecurityShow/)

Phone Scam Targets Psychologists, All My Apes Gone, Supply Chain Skimmer Attack

Tom Eston — Mon, 10 Jan 2022 00:00:10 -0500

A phone scam targeting psychologists reveals that even professionals can become victims, stolen multi-million-dollar NFT's results in a "all my apes gone" plea for help, and details on a skimmer supply chain attack on more than 100 real estate websites.

LastPass Master Passwords, New Cars and Your Privacy, Amazon Alexa Lethal Challenge

Tom Eston — Mon, 03 Jan 2022 00:00:02 -0500

LastPass users received emails about their master passwords being compromised, details about the privacy policies of new cars, and a story about an Amazon Echo that proposed a lethal challenge to a ten-year-old girl.

Web3 and the Decentralized Internet

Tom Eston — Fri, 31 Dec 2021 15:00:06 -0500

In our last monthly show of the year we discuss Web3. What is it and what will it mean to have a decentralized Internet. If you've wanted to know what Web3, DeFI, NFTs, and cryptocurrency means for cybersecurity and privacy this is one episode you don't want to miss!

The Year in Review and 2022 Predictions

Tom Eston — Mon, 27 Dec 2021 00:00:28 -0500

In our last weekly episode of the year, we discuss the top cybersecurity and privacy news from 2021, a recap of our previous "predictions", and what we think we'll see next year. Happy New Year!

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

Tom Eston — Mon, 20 Dec 2021 00:00:59 -0500

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps.

Life360 Selling Location Data, NSO Group Spyware Hacks Government Employees, Homecoming Queen Contest Hacked

Tom Eston — Mon, 13 Dec 2021 00:00:44 -0500

Life360, a popular family safety app used by 33 million people worldwide, is selling location data to a dozen data brokers, phones of 11 U.S. State Department employees were hacked with spyware from the infamous NSO Group, and details on a bizarre story about a mother and daughter that face 16 years in prison for hacking into a school computer system to rig a homecoming queen election.

Business Email Compromise Scams

Tom Eston — Thu, 09 Dec 2021 00:00:21 -0500

This month we discuss Business Email Compromise (BEC) scams. What are they, how to identify them, and why BEC scams have created over $1.8 billion worth of losses to businesses last year alone.

Is TikTok Listening to You, Apple Warns Activists, UK Government Website Shows Porn

Tom Eston — Mon, 06 Dec 2021 00:00:32 -0500

Is the TikTok app listening to you and playing videos based on your conversations? Apple takes the unique step of warning certain activists that their phones may be targeted by attackers, and details on how a UK government website was serving porn to its visitors.

How to Break Into a Cybersecurity Career – Part 3 with Scott Wright

Tom Eston — Mon, 29 Nov 2021 00:00:18 -0500

Co-host Scott Wright joins Tom Eston for part three in our series on how to break into a cybersecurity career. Scott shares his career journey and gives us some insight into his career path going from consulting into starting his own company. If you’re a college student or thinking about getting into cybersecurity, this is one episode you don’t want to miss!

FBI Email System Compromised, Ransomware Negotiation, Privacy Crushing Gifts

Tom Eston — Mon, 22 Nov 2021 00:00:29 -0500

In milestone episode 200: The Federal Bureau of Investigation’s external email system was compromised sending spam emails with a fake warning of a cyberattack, new research released about ransomware negotiation and some helpful negotiation tips, and details on Mozilla's naughty list of privacy-crushing gifts.

Robinhood Data Breach, 600 Hours of Dallas Police Helicopter Footage Leaked

Tom Eston — Mon, 15 Nov 2021 00:00:14 -0500

Details on the Robinhood data breach (apparently caused by a social engineering attack) affecting approximately 7 million customers, and a discussion about surveillance and privacy concerns from a 600-hour leak of Dallas Police Department helicopter footage.

Facebook Dumps Face Recognition, Social Engineering Bots, US Sanctions NSO Group

Tom Eston — Mon, 08 Nov 2021 00:00:11 -0500

Facebook shuts down their face recognition system and deletes more than a billion facial recognition templates, how phone bots are being used to trick victims into giving up their multi-factor authentication codes, and the US blacklists the NSO Group and 3 other companies for malicious cyber activities.

Interview with Dana Mantilia and the Role of the CISO

Tom Eston — Fri, 05 Nov 2021 10:37:29 -0400

Dana Mantilia joins us this month to talk about cybersecurity awareness, her incredible YouTube channel, and the ever changing role of the CISO (Chief Information Security Officer).

Federal Data Agency for Social Media, Squirrelwaffle Malspam, Ransomware Hits U.S. Candymaker

Tom Eston — Mon, 01 Nov 2021 00:00:50 -0400

Do we really need a federal data agency to regulate social media companies? Watch out for Squirrelwaffle and Qakbot malspam attacks, and ransomware hits a major candymaker ahead of Halloween (is nothing sacred anymore?!)

Missouri Governor and F12 Hacking, Global Ransomware Meeting, Fake Government Websites

Tom Eston — Mon, 25 Oct 2021 00:00:13 -0400

Details on the F12 "hacking" incident of the Missouri state education website and the foolish response from the Missouri governor, Over 30 countries (except China and Russia) meet to fight ransomware globally, and the FBI's warning about fake unemployment benefit websites.

Killware Clickbait, 1Password Password Sharing Feature, Android Phone Snooping

Tom Eston — Mon, 18 Oct 2021 00:00:16 -0400

Clickbait news about the rise of "killware", Details on 1Password’s new feature to securely share passwords with others, and a new study by university researchers in the UK shows how Android phones snoop on their users.

Security Champions Framework, The Great Facebook Outage, Twitch Data Breach

Tom Eston — Mon, 11 Oct 2021 00:00:11 -0400

Co-host Scott Wright presents a new framework to help people become "security champions" in their organization, a discussion about the great Facebook outage of 2021, and details on the Twitch data breach exposing source code and creator payouts.

Apple AirTag Good Samaritan Attack, iCloud+, Amazon Astro Dog and Ring Camera Drone

Tom Eston — Mon, 04 Oct 2021 00:00:37 -0400

Will Apple AirTag's replace malicious payload USB drops? Details on Private Relay and Hide My Email features included with iCloud+, and a fun discussion about Amazon's Astro robot and the Ring camera drone!

Multi-Factor Authentication and Authenticator Apps

Tom Eston — Sat, 02 Oct 2021 16:00:12 -0400

October is Cybersecurity Awareness Month so in this episode we discuss multi-factor authentication and the use of authenticator apps. Multi-factor authentication is one of the most important things that you can enable to secure your online accounts but its unfortunately overlooked by most people. Listen to this episode to learn what multi-factor authentication is, all about authenticator apps, and how we can get more people to start using multi-factor authentication.

No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard

Tom Eston — Mon, 27 Sep 2021 00:00:44 -0400

Microsoft will now allow you to login to your accounts without a password, Facebook releases its Ray-Ban Stories smart glasses, and a conversation about the security.txt "Internet standard" and if this will help or hinder a organization's vulnerability disclosure process.

iMessage Zero-Click Exploit, Leaked Guntrader Firearms Data, 60 Million Fitness Tracking Records Exposed

Tom Eston — Mon, 20 Sep 2021 00:00:44 -0400

The latest on the iMessage Zero-Click exploit that affects Apple iOS, MacOS and WatchOS devices (update your Apple devices now!), the names and home addresses of 111,000 British firearm owners have been dumped online, and details on over 60 million fitness tracking records exposed via an unsecured database.

ProtonMail IP Address Logging Controversy, Fake Bot Disinformation, Correctional Facility Robot Overlords

Tom Eston — Mon, 13 Sep 2021 00:00:39 -0400

Details on the controversy over encrypted email service ProtonMail handing over a user's IP address to the Swiss police, how a fake bot disinformation campaign went viral on Twitter, and are we ready to welcome our correctional facility robot overlords?

Election Security and the Packet Capture Controversy with Special Guest Rafal Los

Tom Eston — Mon, 06 Sep 2021 00:00:30 -0400

This week Rafal Los, host of the Down the Security Rabbithole Podcast, joins us to talk about election fraud claims vs facts, the recent packet capture controversy, tribalism, and the challenges with election security. Note: this is not a political discussion but we believe that election security is important to discuss, no matter what your political views are.

What Happens to Your Social Media Accounts After You Die?

Tom Eston — Tue, 31 Aug 2021 00:00:02 -0400

In our August monthly show co-hosts Kevin Johnson and Scott Wright join Tom Eston to discuss what happens to your social media accounts...after you die! This is a topic we don't hear a lot of discussion about but is very important to understand for your legacy as well as how your friends and family members want to be remembered.

T-Mobile Hacker Identified, China’s New Privacy Law, Tesla Bot Announcement

Tom Eston — Mon, 30 Aug 2021 00:00:37 -0400

A 21-year-old Virginia native living in Turkey is allegedly behind the massive T-Mobile hack, China adopts a new national privacy law, and is Elon Musk's Tesla Bot just creepy or is it the beginning of "useful AI" that people love and is "unequivocally good".

T-Mobile Data Breach, Tinder Identity Verification, Magnetic Stripe Phase Out

Tom Eston — Mon, 23 Aug 2021 00:00:32 -0400

T-Mobile suffers another data breach this time impacting 8 million customers, Tinder will start letting users verify their identity to help prevent "catfishing", and Mastercard is finally phasing out magnetic stripes on their cards starting in 2024.

Largest Cryptocurrency Hack in History, $10k For Stolen Network Access, Your Identity and the Metaverse

Tom Eston and Scott Wright — Mon, 16 Aug 2021 00:00:28 -0400

Over $600 million stolen in the largest DeFi cryptocurrency hack in history, attackers are getting around $10k for stolen network access credentials, and why your identity is trapped inside a social network and what this means for the next potential evolution of the Internet...the metaverse!

CISA JCDC Announcement, Apple’s Child Abuse Image Scanning, Amazon Pays You for Your Biometric Data

Tom Eston — Mon, 09 Aug 2021 00:00:32 -0400

CISA announces the new Joint Cyber Defense Collaborative (JCDC), the controversy over Apple scanning devices for child sexual abuse material, and Amazon offers you a $10 credit if you enroll your biometric data in their palm print recognition system.

Reboot Your Smartphone, FBI’s Top Targeted Vulnerabilities, Flirty Account Dupes Defense Contractors

Tom Eston — Mon, 02 Aug 2021 00:00:59 -0400

Why rebooting your smartphone is good security hygiene, the FBI reveals top targeted vulnerabilities in the last two years, and details on how a nation state used a "flirty" aerobics instructor to steal data from defense contractors.

How to Protect Yourself from Gift Card Scams

Tom Eston and Scott Wright — Fri, 30 Jul 2021 00:00:40 -0400

In our July monthly show we discuss gift card scams! What are the different gift card scams that are out there, how do they work, and details on how to protect yourself from becoming a victim.

Pegasus Spyware is Back, Twitter Hacker Arrested, 16-Year-Old Printer Bug

Tom Eston — Mon, 26 Jul 2021 00:00:02 -0400

Pegasus spyware and NSO Group are back in the news because of a data leak of 50,000 phone numbers, another "hacker" was arrested for the grest Twitter hack of 2020, and how a 16 year old printer vulnerability is affecting millions of HP, Samsung, and Xerox printers.

Popular Myths about VPNs

Tom Eston — Wed, 21 Jul 2021 00:00:46 -0400

In this sponsored episode from our friends at ClearVPN, Artem Risukhin Content Marketing Manager at ClearVPN, joins co-host Tom Eston to discuss the most popular myths about VPNs. Be sure to watch the YouTube edition for a demo of ClearVPN and don't forget to use discount code "SHAREDSECURITY" to take 40% off your purchase of a ClearVPN subscription!

Targeted Dream Incubation, TikTok Data Sharing, Chrome and Firefox Updates

Tom Eston — Mon, 19 Jul 2021 00:00:27 -0400

Is dream hacking the next big privacy concern or just a new marketing gimmick? Some people may be surprised that TikTok shares data with China, and details on Google Chrome adding HTTPS-first mode and Firefox and easing its blocking of Facebook login buttons.

Kaseya Ransomware Attack, PrintNightmare Zero-day, Kaspersky Password Manager Vulnerability

Tom Eston — Mon, 12 Jul 2021 00:00:24 -0400

Details on the Kaseya supply-chain and REvil ransomware attack, a new zero-day exploit called "PrintNightmare" affects all Windows versions before June, and how randomly generated passwords in a popular password manager were not so random.

LinkedIn Data Leak, Western Digital NAS Attacks, STIR/SHAKEN Deadline

Tom Eston — Mon, 05 Jul 2021 00:00:11 -0400

Was there another LinkedIn "data leak" or is this just the same data anyone with a LinkedIn account can access? Western Digital Network-Attached Storage (NAS) devices under attack, and details on the STIR/SHAKEN deadline which is supposed to help stop robocalls.

Asset Discovery with Chris Kirsch Co-Founder at Rumble

Tom Eston — Fri, 02 Jul 2021 16:00:35 -0400

Chris Kirsch co-founder and chief revenue officer at Rumble joins us in our June monthly show to talk about how Rumble is solving the problem of asset discovery. You also get to see a demo of Rumble in action and learn about the many talents that Chris has like pickpocketing! This is one episode you don't want to miss!

Off Limits Critical Infrastructure, Ransomware on Repeat, Cyber Safe Drinking Water

Tom Eston — Mon, 28 Jun 2021 00:00:25 -0400

What does it really mean when Biden tells Putin critical US infrastructure is "off limits", details on a recent survey which shows ransomware payments create repeat attacks, and how cyber safe is your drinking water?

TikTok Collecting Biometric Data, Peloton Bike+ Vulnerability, Nextdoor App Concerns

Tom Eston — Mon, 21 Jun 2021 00:00:58 -0400

TikTok can now collect biometric data from user content, researchers find a vulnerability in Peloton bikes, and why some people think that Nextdoor might be the next big social network.

ANOM FBI Global Crime Sting, Colonial Pipeline Updates, Password Leak Research

Tom Eston — Mon, 14 Jun 2021 00:00:35 -0400

Details about the "ANOM" global crime sting where the FBI created a fake encrypted mobile phone for criminals that promised secure communications, new details about how the Colonial Pipeline ransomware attack started, and some really bad security research about stolen user credentials.

Amazon Sidewalk, NFTs and Cybersecurity, Norton 360 Cryptocurrency Mining

Tom Eston — Mon, 07 Jun 2021 00:00:28 -0400

Is Amazon Sidewalk the latest threat to our privacy? Also, what's the big deal about NFTs, and why mining cryptocurrency through your anti-virus software is a horrible idea.

Biden’s Cybersecurity Executive Order, Apple’s AirTag, Cyber Insurance

Tom Eston — Mon, 31 May 2021 00:00:52 -0400

Details about Biden's cybersecurity executive order, privacy and stalking concerns with Apple's new AirTag technology, and why some cyber insurance companies may not pay out for ransomware in the future.

How Gamification is Changing Cybersecurity

Tom Eston and Scott Wright — Sat, 29 May 2021 00:00:40 -0400

Gamification is changing cybersecurity and the way we learn! Scott Wright, Co-host and CEO of Click Armor, joins us this month to discuss why gamification is a "game" changer in our industry.

Colonial Pipeline Updates, DarkSide Goes Dark, Cybersecurity Best Practices

Tom Eston — Mon, 24 May 2021 00:00:02 -0400

More news and updates about the Colonial Pipeline ransomware attack, the DarkSide ransomware as a service (RaaS) goes dark on the dark web, and why we still need cybersecurity best practices (regardless of an opinion piece that says otherwise).

The Colonial Pipeline Ransomware Attack

Tom Eston — Mon, 17 May 2021 00:00:16 -0400

This week Tom and Kevin discuss the Colonial Pipeline ransomware attack, RaaS (Ransomware as a Service), and why ransomware attacks are not going away anytime soon.

World Password Day, Tesla Hacking via Drone, Ipsos Screenwise Panel

Tom Eston — Mon, 10 May 2021 00:00:35 -0400

Do we still need World Password Day? Hacking a Tesla via a drone, and a privacy warning about the Ipsos Screenwise panel.

Remembering Dan Kaminsky, Apple AirDrop Vulnerability

Tom Eston — Mon, 03 May 2021 00:00:28 -0400

Remembering Dan Kaminsky who was one of the greatest security researchers of our time plus details on a new Apple Airdrop vulnerability.

3 Ways to Keep Your Cryptocurrency Safe

Tom Eston — Sat, 01 May 2021 00:00:46 -0400

Are you investing in cryptocurrency or thinking about it? Be sure to listen or watch our April monthly show for our top 3 ways to keep your cryptocurrency safe!

Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords

Tom Eston — Mon, 26 Apr 2021 00:00:20 -0400

Instagram is rolling out new features to help block spam and abusive messages, Apple releases iOS 14.5 to restrict tracking by advertisers, and a discussion about why people continue to choose terrible passwords.

Data Breaches vs. Data Leaks, FBI Exchange Server Controversy

Tom Eston — Mon, 19 Apr 2021 00:00:04 -0400

This week we're back with an all new episode with Kevin Johnson! Data breaches vs. recent data leaks, and the controversy over the FBI operation conducted to remove web shells from compromised Microsoft Exchange servers.

Best of Episode: Interview with Jayson E. Street

Tom Eston and Scott Wright — Mon, 12 Apr 2021 00:00:59 -0400

This week is another best of episode with the man, the myth, the legend, Jayson E. Street! In this episode Jayson shares with us several of his greatest hacking and social engineering adventures. This is one classic episode you don't want to miss!

Best of Episode: Interview with Rachel Tobac

Tom Eston — Mon, 05 Apr 2021 00:00:08 -0400

This week is a best of episode with special guest Rachel Tobac, CEO of SocialProof Security. In this episode we discuss social engineering, how to get more women in cybersecurity, and of course Rachel's favorite David Lynch movies. This is one previous episode you don't want to miss!

SMS Two-Factor Authentication, New Internet Hygiene Model

Tom Eston and Scott Wright — Wed, 31 Mar 2021 11:00:29 -0400

Is it time to finally move away from SMS text based two-factor authentication? Plus a discussion about a new model that can help consumers with improving their Internet hygiene.

Top 3 Privacy Tips for Travel

Tom Eston — Mon, 29 Mar 2021 00:00:39 -0400

This week, co-host Tom Eston shares his top 3 tips to stay more private when you travel this year on vacation.

Facebook and Apple Privacy Debate, Employee Phishing Test Gone Wrong

Tom Eston — Mon, 22 Mar 2021 00:00:58 -0400

Scott and Kevin finally get together to debate Facebook and Apple privacy, and why you shouldn't conduct a phishing test to trick employees into thinking they will get free Covid-19 vaccines.

Encryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data Breach

Tom Eston — Mon, 15 Mar 2021 00:00:24 -0400

Why is federal law enforcement (still) asking Congress for encryption backdoors? Attacks on Microsoft Exchange servers seem to have gotten worse, details on an airline supplier data breach, and the real reason Kevin hasn't replaced his Chewbacca mannequin with Darth Vader!

The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments

Tom Eston and Scott Wright — Mon, 08 Mar 2021 00:00:30 -0500

Microsoft Exchange zero-days in the wild, and why is it that IT security investment on cybersecurity is at an all time high, yet we continue to see more data breaches?

Card Skimmers Powered by Chip Cards, Silver Sparrow Mac Malware, Accellion Zero-Days

Tom Eston — Mon, 01 Mar 2021 00:00:10 -0500

This week co-host Kevin Johnson joins Tom Eston to discuss new card skimmers found in the wild, the Accellion zero-days, and a new type of Mac malware called "Silver Sparrow".

Clubhouse App and Your Privacy

Tom Eston and Scott Wright — Sat, 27 Feb 2021 17:30:05 -0500

This month Scott and Tom discuss the Clubhouse app and the related privacy concerns.

Apple’s Safe Browsing Request Proxy, BEC Attacks, LastPass Updates

Tom Eston — Mon, 22 Feb 2021 00:00:57 -0500

In episode 161: Apple will start to proxy Safe Browsing requests to hide IP addresses from Google, Business Email Compromise attacks are on the rise, and what's changing with the free version of LastPass.

Florida Water Supply Hack, Android App Hijack, US Capitol Riot Phone Tracking

Tom Eston — Mon, 15 Feb 2021 00:00:52 -0500

In episode 160: An attacker tried to poison a Florida city's water supply, a popular Android app was hacked to display malicious ads, and how smartphone location data was used to track the US Capitol rioters.

Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons?

Tom Eston — Mon, 08 Feb 2021 00:00:55 -0500

In episode 159: Will algorithms be the death of social media and why the US government thinks it has a moral imperative to build AI powered weapons.

Cybersecurity Researchers Targeted, Three iOS Zero-Days, Google FLoC

Tom Eston — Mon, 01 Feb 2021 00:00:49 -0500

In episode 158: Cybersecurity researchers targeted by North Korean hackers, Apple patches three iOS zero-day exploits, and details on Google's Federated Learning of Cohorts (FLoC) which may one day replace third-party cookie tracking.

Tanya Janca CEO and Founder We Hack Purple

Tom Eston and Scott Wright — Thu, 28 Jan 2021 12:00:34 -0500

Tanya Janca, CEO and founder of the We Hack Purple Academy & Community, joins us to discuss her new book "Alice & Bob Learn Application Security", what inspired her to write the book, the current and future state of Application Security and much more! If you're a fan of Tanya's work, this is one episode you don't want to miss!

Parler, Pelosi’s Stolen Laptop, Vaccination Passport Apps

Tom Eston — Mon, 25 Jan 2021 00:00:13 -0500

Is the world really ready for COVID-19 vaccination passport apps? Also, the return of Parler, details on Nancy Pelosi's stolen laptop, the Ubiquiti data breach, Ring end-to-end encryption for video, and other important cybersecurity and privacy news from the week.

The Capital Riot: First Amendment and Deplatforming, Cybersecurity Lessons Learned

Tom Eston — Mon, 18 Jan 2021 00:00:00 -0500

This week co-host Kevin Johnson joins me to discuss the cybersecurity lessons learned from the US Capital riot, why deplatforming is not violating first amendment rights, and much more.

How to Break Into a Cybersecurity Career – Part 2 with Rafal Los

Tom Eston — Mon, 11 Jan 2021 00:00:33 -0500

Rafal Los, industry veteran and host of the Down the Security Rabbithole Podcast, joins Tom Eston for part two in our series on how to break into a cybersecurity career. If you're a college student or thinking about getting into cybersecurity, this is one episode you don't want to miss!

How to Break Into a Cybersecurity Career – Part 1

Tom Eston — Mon, 04 Jan 2021 00:00:11 -0500

In episode 154 for January 4th 2021: Are you a college student, or someone that has an interest in a cybersecurity career? Check out the first episode in our series on how to break into a cybersecurity career with co-host Kevin Johnson.

Top 3 Cybersecurity Tips

Tom Eston — Mon, 28 Dec 2020 00:00:56 -0500

In episode 153 for December 28th 2020: In our last episode of the year co-host Tom Eston discusses his top 3 tips to keep you cybersecure in 2021. Thank you for listening, watching us on YouTube, and supporting our show and sponsors this year. We wish you and your family a new year that's safe and secure!

The Year in Review and 2021 Predictions

Tom Eston and Scott Wright — Wed, 23 Dec 2020 00:00:51 -0500

Our last episode of the year is our always entertaining year in review and 2021 predictions with co-hosts Scott Wright and Kevin Johnson. Thank you for listening and supporting the show in 2020!

SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security

Tom Eston — Mon, 21 Dec 2020 00:00:03 -0500

In episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson.

FireEye Hacked, Foxconn Ransomware Attack, Apple’s New Privacy Features

Tom Eston — Mon, 14 Dec 2020 00:00:02 -0500

In episode 151 for December 14th 2020: What you need to know about the stolen FireEye "Red Team" tools and the FUD going on in the media about the attack, Foxconn gets hit with a ransomware attack plus details on how ransomware attacks are evolving, and how Apple is stopping advertisers from tracking you across different applications.

iPhone Zero-Click Exploit, BEC Email Auto-Forward Scams, COVID-19 Vaccine Cold Chain Attacks

Tom Eston — Mon, 07 Dec 2020 00:00:48 -0500

In episode 150 for December 7th 2020: Details about a now patched iPhone zero-click Wi-Fi exploit, the FBI warns of business email compromise scammers using email auto-forwarding in attacks, and how nation-state attackers are targeting the COVID-19 vaccine supply 'cold chain'.

Holiday Shopping Scams and Tips to Stay Safe

Tom Eston and Scott Wright — Mon, 30 Nov 2020 23:00:42 -0500

In our November monthly episode we discuss the scams that you may encounter this holiday shopping season due to the pandemic and our top tips on how to stay safe and more secure when doing your shopping this year.

Amazon Sidewalk, Federal IoT Security Law, Facebook Messenger Bug

Tom Eston — Mon, 30 Nov 2020 00:00:48 -0500

In episode 149 for November 30th 2020: Police begin to pilot a program to live-stream Amazon Ring cameras, new details about Amazon Sidewalk, Congress unanimously passes a federal Internet of Things security law, and a Facebook Messenger bug that lets an attacker listen to you before you pick up a call.

CISA Director Chris Krebs Fired, Common Sense and Section 230

Tom Eston — Mon, 23 Nov 2020 00:00:06 -0500

In episode 148 for November 23rd 2020: This week Kevin Johnson joins me to discuss the Twitter firing of Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, and our thoughts about a common sense approach to social media and Section 230 of the Communications Decency Act.

Stolen Source Code, Apple Zero-Days, Biden’s Privacy and Cybersecurity Policies

Tom Eston — Mon, 16 Nov 2020 00:00:48 -0500

In episode 147 for November 16th 2020: The latest about source code stolen from US government agencies and private companies, three actively exploited iOS zero-days in the wild and new App Store privacy labels, and what a Biden administration could mean for privacy and cybersecurity.

Privacy Mindset: Europe vs. United States

Tom Eston — Mon, 09 Nov 2020 00:00:19 -0500

In episode 146 for November 9th 2020: My conversation with Kelly Finnerty, Director of Brand and Content for Startpage.com on the differences in privacy mindset between Europe and the United States.

Government Rumor Control, US Hospital Ransomware Threat, Russian Hackers Charged

Tom Eston — Mon, 02 Nov 2020 00:00:32 -0500

In episode 145 for November 2nd 2020: Kevin Johnson joins me to discuss the US government's attempt to prevent disinformation and rumors about the election, a new ransomware threat targeting US hospitals, and details about six Russian hackers that were charged for some of the biggest cyber-attacks in the last decade.

Targeted Attacks Part 3 – The Exploit

Tom Eston — Tue, 27 Oct 2020 00:00:13 -0400

In our October monthly episode we finish our three part series on targeted attacks. In this episode we discuss the exploit and malware analysis with special guest Tyler Hudak, Incident Response Practice Lead at TrustedSec. Be sure to watch the YouTube edition of this episode to see a demo of several tools and techniques used in professional malware analysis.

Voter Privacy and the US Election

Tom Eston — Mon, 26 Oct 2020 00:00:40 -0400

In episode 144 for October 26th 2020: Voter privacy and what you need to know about protecting your private information during the upcoming US election.

TrickBot Takedown, VPN Flaws, Zoom End-to-End Encryption

Tom Eston — Mon, 19 Oct 2020 00:00:39 -0400

In episode 143 for October 19th 2020: Microsoft gets creative to help take down the TrickBot botnet, details on how attackers have been using VPN flaws to attack election support systems, and Zoom's rollout of end-to-end encryption.

The Social Dilemma

Tom Eston — Mon, 12 Oct 2020 00:00:25 -0400

In episode 142 for October 12th 2020: My conversation about the pros and cons of the Netflix documentary "The Social Dilemma" with frequent guest, Kevin Johnson. The Social Dilemma is a popular documentary (dramamentary?) on Netflix about how social media is causing unintended harm to people and society. Several engineers and leaders that worked at Facebook, Instagram, Twitter, Google, and others are interviewed and give their take on the dangers and current state of social media in modern civilization. It's an interesting and also controversial film that is worth watching so you can form your own opinion. Even if you disagree about the approach this film takes, there are several good things I got out of it including turning of social app notifications on your phone to help limit your usage of social media.

More Hospital Ransomware Attacks, FBI’s Disinformation Warning, Android 11 Privacy Features

Tom Eston — Mon, 05 Oct 2020 00:00:15 -0400

In episode 141 for October 5th 2020: Universal Health Services is the latest victim of a massive hospital ransomware attack, the FBI issues new warnings about false claims of hacked voter information, and the top Android 11 privacy and security features.

Targeted Attacks Part 2 – Pretexting and Attack Development

Tom Eston and Scott Wright — Tue, 29 Sep 2020 00:00:32 -0400

In our September monthly episode we continue our three part series on targeted attacks. In this episode we discuss the pretext and how attackers develop and launch their attacks with special guests Nathan Sweaney, Senior Security Consultant at Secure Ideas and Kevin Johnson, CEO of Secure Ideas.

Death by Ransomware, Strava Flyby, iOS 14 Privacy Improvements

Tom Eston — Mon, 28 Sep 2020 00:00:03 -0400

In episode 140 for September 28th 2020: Details on the first human death related to a ransomware attack, popular fitness app Strava is caught giving away your location data to strangers, and the top privacy improvements in Apple iOS 14.

StartPage.com – The World’s Most Private Search Engine

Tom Eston — Mon, 21 Sep 2020 00:00:03 -0400

In episode 139 for September 21st 2020: This week we take a break from the news to bring you our interview with Alex Kubiak, Senior Product Manager at StartPage.com. StartPage is a privacy focused search engine which uses Google's search results but removes all trackers and logs. This makes StartPage very different than other privacy focused search engines like DuckDuckGo. In this interview we talk about these differences, how Startpage.com makes money, privacy features and benefits of using StartPage, and the one thing you should do to better protect your online privacy.

Schools Under Cyberattack, Chrome Ad Blocking Update, US Election Interference

Tom Eston — Mon, 14 Sep 2020 00:00:13 -0400

In episode 138 for September 14th 2020: School districts under cyber-attack, Google Chrome's new ad blocking feature, and Microsoft's latest alert about foreign interference in the 2020 US election.

NSA Data Collection Ruling, Browsing History Identification, Ambulance Chasing

Tom Eston — Mon, 07 Sep 2020 00:00:10 -0400

In episode 137 for September 7th 2020: A federal appeals court finds the NSA's bulk collection of phone data was unlawful, new research shows that browsing histories are unique enough to reliably identify users, and my personal story about a car accident and the privacy of your public records.

Targeted Attacks Part 1 – OSINT and Reconnaissance

Tom Eston and Scott Wright — Mon, 31 Aug 2020 23:00:25 -0400

In our August monthly episode we start our three part series on targeted attacks. In this episode we focus on OSINT (Open Source Intelligence) and reconnaissance techniques used by attackers in phishing and BEC (Business Email Compromise) attacks. Kyle Lovett, Principal Penetration Tester at Veracode, joins us to demonstrate some of the tools and techniques used by attackers and professional penetration testers when conducting these targeted attacks.

Uber CISO Charged, Facebook Data Portability, Malicious iOS SDK

Tom Eston — Mon, 31 Aug 2020 00:00:44 -0400

In episode 136 for August 31st 2020: Uber's former security chief is charged over covering up a 2016 data breach, Facebook pushes for data portability legislation, and how a malicious iOS SDK breached the privacy of millions of mobile users.

Audio Recordings Used to Copy Keys, Carnival Ransomware Attack, Social Media Profile Data Exposed

Tom Eston — Mon, 24 Aug 2020 00:00:30 -0400

In episode 135 for August 24th 2020: Details on how researchers can use audio recordings of keys being used in locks to create copies, Carnival cruise lines becomes the victim of a ransomware attack, and a data broker exposes nearly 235 million profiles scraped from social media sites.

Amazon Echo Exploit, Privacy Shield, Capital One Data Breach Update

Tom Eston — Mon, 17 Aug 2020 00:00:08 -0400

In episode 134 for August 17th 2020: Details on new critical vulnerabilities found in Amazon Echo devices, what the end of the Privacy Shield framework means EU citizens personal data, and new data breach fines issued to Capital One and Twitter by the OCC and FTC.

Twitter Hack Lessons Learned, TikTok Ban, Rite Aid Facial Recognition Cameras

Tom Eston — Mon, 10 Aug 2020 00:00:14 -0400

In episode 133 for August 10th 2020: What we can learn from the big Twitter hack, why everyone is trying to ban TikTok, and pharmacy chain Rite Aid's use of facial recognition cameras.

How Big Tech Collects Your Private Data and How to Delete It

Tom Eston — Mon, 03 Aug 2020 00:00:16 -0400

In episode 132 for August 3rd 2020: How the big tech companies like Google, Apple, Facebook, and Twitter collect your private data and how you can delete it with Kira Rakova from Undatafy.

Chinese Hacking Campaign Exposed, BadPower Fast Charger Attack, Instacart Data Leak

Tom Eston — Mon, 27 Jul 2020 00:00:51 -0400

In episode 131 for July 27th 2020: The FBI charges two Chinese hackers for one of the largest Chinese directed hacking campaigns ever discovered, how the BadPower fast charger attack could melt or set your devices on fire, and details on a massive leak of Instacart customer information.

Privacy Settings for Amazon Echo and Google Home

Tom Eston and Scott Wright — Fri, 24 Jul 2020 12:00:32 -0400

In episode 102 of our July monthly show Scott and Tom walk-through the recommended privacy settings for Amazon Echo and Google Home smart speakers.

The Big Twitter Hack, Critical Windows DNS Server Update, Email Impersonation Attacks

Tom Eston — Mon, 20 Jul 2020 00:00:18 -0400

In episode 130 for July 20th 2020: Details on the big Twitter hack which took over high-profile accounts, a major wormable critical vulnerability in Microsoft Windows DNS Server, and how email impersonation attacks take advantage of everyone working from home.

F5 BIG-IP Exploit, WiFi Router Security Updates, Password Reuse

Tom Eston — Mon, 13 Jul 2020 00:00:11 -0400

In episode 129 for July 13th 2020: Impact of the F5-BIG-IP critical vulnerability, security updates and your WiFi router, and details about new research that shows how billions of compromised credentials are available in the cyber underground.

TikTok Privacy Concerns, macOS Ransomware, Bad Passwords

Tom Eston and Scott Wright — Mon, 06 Jul 2020 00:00:45 -0400

In episode 128 for July 6th 2020: New TikTok privacy concerns, the rise of macOS ransomware, and details on new research about bad password choices.

EARN IT Act, Facial Recognition Fail, Can I Be Phished?

Tom Eston and Scott Wright — Tue, 30 Jun 2020 23:00:49 -0400

In episode 101 of our June monthly show Scott and Tom discuss the privacy concerns with the EARN IT Act, more stories of facial recognition fail, and Scott talks about his new podcast, Can I Be Phished?

Family Safety and Security with Andy Murphy from The Secure Dad Podcast

Tom Eston — Mon, 29 Jun 2020 00:00:25 -0400

In episode 127 for June 29th 2020: Family safety and security with special guest Andy Murphy host of The Secure Dad podcast.

Largest DDoS Attack Ever, New Dropbox Features, North Korean Cyber-Attacks

Tom Eston — Mon, 22 Jun 2020 00:00:00 -0400

In episode 126 for June 22nd 2020: Details on the largest Distributed Denial of Service attack ever recorded, new security features in Dropbox, and the latest on new North Korean targeted cyber-attacks.

5 Tips to Stay Private and Secure During a Protest

Tom Eston — Mon, 15 Jun 2020 00:00:27 -0400

In episode 125 for June 15th 2020: Our top 5 tips for staying private and secure during a protest.

Minneapolis Police Website Hacked, Zoom Encryption, eBay Port Scanning

Tom Eston — Mon, 08 Jun 2020 00:00:57 -0400

In episode 124 for June 8th 2020: Details on how the Minneapolis Police website may have been hacked, Zoom's plan to implement end-to-end encryption, and why eBay and other sites may be port scanning your computer.

First Amendment Rights and Twitter, Encryption Backdoors

Tom Eston — Mon, 01 Jun 2020 00:00:44 -0400

In episode 123 for June 1st 2020: The controversy over fact checking and first amendment rights, and why government mandated encryption backdoors are bad for everyone's security.

Episode 100 with Rachel Tobac and Kathleen Smith

Tom Eston and Scott Wright — Fri, 29 May 2020 00:00:34 -0400

In episode 100 of our May monthly show we discuss the history of the podcast, some of the most interesting cybersecurity and privacy news and events over the years, and speak with former guest Rachel Tobac, CEO and Co-Founder of SocialProof Security, about what she's been up to and of course the David Lynch daily weather report! We also catch up with Kathleen Smith, CMO of ClearedJobs.net and CyberSecJobs.com to talk about the current cybersecurity job market, recruiting, and the one thing you need to stop doing with your resume. Thank you to all of our sponsors, guests, and listeners over the years helping us achieve this milestone episode!

Apple’s Law Enforcement Backdoor Dispute, Signal PINs, EasyJet Data Breach

Tom Eston — Mon, 25 May 2020 00:00:00 -0400

In episode 122 for May 25th 2020: Apple and the US Government dispute over law enforcement backdoors in Apple products, secure messaging app Signal starts to move away from using phone numbers as user IDs, and details on the EasyJet data breach affecting 9 million customers.

Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote

Tom Eston — Mon, 18 May 2020 00:00:47 -0400

In episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan to require a warrant to obtain Americans' web browsing history.

GoDaddy Security Incident, Fake Downloaders, Firefox Lockwise

Tom Eston — Mon, 11 May 2020 00:00:51 -0400

In episode 120 for May 11th 2020: The latest on the GoDaddy security incident affecting 28,000 customers, fake Microsoft Teams notification emails and Zoom downloaders, and details on new features to the Firefox built in password manager.

Workplace Surveillance, Apple and Google Contact Tracing Tech, Virtual Cybersecurity Conferences

Tom Eston — Mon, 04 May 2020 00:00:42 -0400

In episode 119 for May 4th 2020: The use of thermal based cameras and other technology to monitor the workplace for COVID-19, more details about the Apple and Google contact tracing framework, and are virtual security conferences the new normal?

The End of Passwords as We Know It

Tom Eston — Mon, 27 Apr 2020 00:00:03 -0400

In episode 118 for April 27th 2020: A discussion about the end of passwords and what the future may hold with special guest Andrew Shikiar executive director of the FIDO Alliance.

Contact Tracing Controversy, Fighting COVID-19 Criminal Activity

Tom Eston and Scott Wright — Fri, 24 Apr 2020 00:00:37 -0400

In episode 99 of our April monthly show: Apple and Google's controversial efforts to create contact tracing technology, fighting COVID-19 criminal activity, and what the new normal means for startup companies.

Zoom Hacked Accounts, North Korean Hackers, Facebook Senior Pictures

Tom Eston — Mon, 20 Apr 2020 00:00:47 -0400

In episode 117 for April 20th 2020: More problems for Zoom with tens of thousands of compromised credentials and zero-day exploits, the $5 million dollar reward for information on North Korean hackers, and why it might not be the best idea to post your senior year pictures on Facebook.

Contact Tracing Apps, Business Email Compromise Scams, SPAM Phone Calls

Tom Eston — Mon, 13 Apr 2020 00:00:53 -0400

In episode 116 for April 13th 2020: Privacy concerns with COVID-19 contact tracing apps, the FBI's new warnings about business email compromise scams, and how to prevent unwanted and SPAM phone calls.

Another Marriott Data Breach, Zoom-Bombing, Economic Stimulus Scams

Tom Eston — Mon, 06 Apr 2020 00:00:50 -0400

In episode 115 for April 6th 2020: The latest on yet another Marriott data breach, what you need to know about Zoom-Bombing and other Zoom privacy concerns, and new warnings about US economic stimulus payment scams.

Staying Secure When Working From Home

Tom Eston — Mon, 30 Mar 2020 00:00:23 -0400

In episode 114 for March 30th 2020: Co-host Tom Eston is joined with frequent guest Kevin Johnson to discuss how to stay more secure when working from home. If you find yourself working from home because of COVID-19 this is one episode you don't want to miss!

Click Armor Demo, Podcast Survey Results, Google Geofence Warrants

Tom Eston and Scott Wright — Wed, 25 Mar 2020 00:00:11 -0400

In episode 98 of our monthly show co-host Scott Wright shows us a demo of Click Armor which is a gamified cybersecurity awareness platform, Tom presents the results of our listener survey, and a discussion about the privacy concerns with geofence warrants.

COVID-19 Mass Surveillance, New Coronavirus Cyber-Attacks, Encryption Backdoors

Tom Eston — Mon, 23 Mar 2020 00:00:54 -0400

In episode 113 for March 23rd 2020: Israel passes an emergency law to use mobile data to track people infected with COVID-19, the latest coronavirus cyber-attacks to be aware of, and how governments world-wide could be putting backdoors into secure messaging apps. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

COVID-19 Cybersecurity Impact, Hacking the Hackers, Whisper App Data Leak

Tom Eston — Mon, 16 Mar 2020 00:00:47 -0400

In episode 112 for March 16th 2020: The cybersecurity impact of COVID-19, who's hacking the hackers, and details on a data leak of the secret sharing app Whisper.

IoT Device Attacks, FCC Fines Mobile Carriers, Let’s Encrypt Certificate Bug

Tom Eston — Mon, 09 Mar 2020 00:00:04 -0400

In episode 111 for March 9th 2020: A new report shows that attacks on Internet of Things devices are on the rise, the FCC fines major mobile carriers for selling users' location data, and details on what happens when 3 million HTTPS certificates need to be revoked because of coding error.

You’ve Been Hacked! Now What?

Tom Eston — Mon, 02 Mar 2020 00:00:29 -0500

In episode 110: Tyler Hudak, Incident Response Practice Lead at TrustedSec joins us to talk about what you should (and more importantly what you shouldn't do) if you find out you've been hacked! The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Ring Mandates Two-Factor Authentication, License Plate Reader Data Sharing, RSA Conference Coronavirus Fears

Tom Eston — Mon, 24 Feb 2020 00:00:43 -0500

In episode 109 for February 24th 2020: Kevin Johnson joins us to discuss how Ring made 2-factor authentication mandatory following recent hacking incidents, California police have been caught illegally sharing license plate reader data, and details on IBM and other companies pulling out of the RSA conference due to coronavirus fears.

Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online

Tom Eston and Scott Wright — Fri, 21 Feb 2020 00:00:57 -0500

In episode 97 of our monthly show we discuss how Chinese hackers caused the Equifax data breach, new coronavirus phishing attacks to be aware of, and how to stay (almost) anonymous online.

Equifax Hacked by China, Israeli Voter Registry Exposed, How the CIA Owned Encryption

Tom Eston — Mon, 17 Feb 2020 00:00:06 -0500

In episode 108: The US charges four Chinese military hackers in the Equifax data breach, how Israel's entire voter registry was exposed, and details on the encryption provider that was secretly owned by the CIA for the last fifty years. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Preventing Tax Identity Theft, FTC and Robocallers, Google Photos Incident

Tom Eston — Mon, 10 Feb 2020 00:00:10 -0500

In episode 107: Preventing tax identity theft and other tax scams, the FTC taking a stand against companies that support robocallers, and details on the incident where videos from Google Photos were being sent to strangers. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Off-Facebook Activity Tool, Ring App Third-Party Trackers, Wawa Credit Card Breach

Tom Eston — Mon, 03 Feb 2020 00:00:03 -0500

In episode 106: What you need to know about Facebook's new off-Facebook activity tool, details about the Ring Android app sending user data to third party trackers, and new developments in the Wawa credit card breach.

Voting by Smartphone, Jeff Bezos Hacked, Microsoft Security Breach

Tom Eston and Scott Wright — Fri, 31 Jan 2020 00:00:08 -0500

In episode 96 of our monthly we discuss the controversy of voting by smartphone in our elections, the Jeff Bezos hacking incident, and the recent Microsoft support security breach.

Dark Web Fraud and Cybercrime with Emily Wilson

Tom Eston — Mon, 27 Jan 2020 00:00:54 -0500

In episode 105: What are the new forms of fraud and cybercrime being found on the Dark Web? We discuss this fascinating topic with Emily Wilson, VP of Research at Terbium Labs in this week's episode! The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Critical Windows Vulnerability, Dating App Security Risk, Apple iOS Privacy Features

Tom Eston — Mon, 20 Jan 2020 00:00:40 -0500

In episode 104: Details on the new critical Microsoft Windows vulnerability, why dating apps could pose a national security risk, and how new Apple privacy features are changing the way your data is sold.

Iranian Cyber-Attacks, Ring Class-Action Lawsuit, Preventing Calendar SPAM

Tom Eston — Mon, 13 Jan 2020 00:00:23 -0500

In episode 103: The US Department of Homeland Security warns of Iranian cyber-attacks, Ring gets hit with a $5 million dollar class action lawsuit, and some quick tips on how to prevent calendar SPAM. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

New California Data Privacy Law, Wyze Data Leak, ToTok Spy App

Tom Eston — Mon, 06 Jan 2020 00:00:03 -0500

In episode 102: Details on the new California data privacy law, the Wyze data leak, and what is the ToTok app and could it be spying on you? The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Top 10 Cybersecurity and Privacy Resolutions

Tom Eston — Mon, 30 Dec 2019 00:00:45 -0500

In episode 101: Start the new year off right by following our top 10 cybersecurity and privacy resolutions!

Rebecca Herold “The Privacy Professor”

Tom Eston and Scott Wright — Fri, 27 Dec 2019 17:00:55 -0500

In episode 95 of our monthly show we're joined by special guest Rebecca Herold, the "Privacy Professor". Rebecca is a well known expert in the privacy and cybersecurity community and gives us an update on what she's been working on, what her thoughts are on the current state of privacy regulations (CCPA, GLBA, etc), and what we may see in 2020 from a privacy perspective. We also talk about Rebecca's favorite books and her encounter with famed author Cliff Stoll who wrote the "The Cuckoo's Egg". Thanks to Rebecca for joining us again on the show!

The Year in Review and 2020 Predictions with Kevin Johnson

Tom Eston — Mon, 23 Dec 2019 00:00:59 -0500

In episode 100: Kevin Johnson, CEO of SecureIdeas joins us in this very special milestone episode to discuss the year that was 2019 and what Kevin's "predictions" are for cybersecurity and privacy 2020. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Password Reuse Problem, US Government IoT Recommendations, Smart Lock Security Disaster

Tom Eston — Mon, 16 Dec 2019 00:00:16 -0500

In episode 99: Password reuse is still a very large problem, US government recommendations for securing Internet of Things devices, and yet another smart lock device security disaster. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

How You’re Tracked Online, New Mass Surveillance Concerns, Malicious Android App Hijack

Tom Eston — Mon, 09 Dec 2019 00:00:17 -0500

In episode 98: A new report from the EFF details how we are tracked online by third-party corporations, more mass surveillance concerns in China and Australia, and yet another Android malicious app hijack exploit to be aware of. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Top 25 Most Dangerous Vulnerabilities, Smart City Privacy, DuckDuckGo vs. Google

Tom Eston and Scott Wright — Fri, 06 Dec 2019 15:00:26 -0500

In episode 94 of our monthly show for November we discuss the 25 most dangerous vulnerabilities, the privacy of new "smart cities", and which search engine keeps your searches more private? It's DuckDuckGo vs. Google!

Phone and Voice Fraud, Twitter Account Purge, Adobe Magento Marketplace Data Breach

Tom Eston — Mon, 02 Dec 2019 00:00:04 -0500

In episode 97: How to prevent phone and voice fraud, Twitter's inactive account purge, and the Adobe Magento Marketplace data breach. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Disney+ Hacked Accounts, Black Friday Scams, Android Camera Exploits

Tom Eston — Mon, 25 Nov 2019 00:00:04 -0500

In episode 96: Thousands of Disney+ accounts have been hacked, Black Friday and Cyber Monday scams to watch out for, and the latest on new Android camera exploits. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Google’s Health Record Storage Controversy, US Border Search Ruling, Zelle Scams

Tom Eston — Mon, 18 Nov 2019 00:00:30 -0500

In episode 95: Google's access to the medical records of millions of Americans, a new ruling on suspicionless searches at the US border, and details on a new scam using the popular money sharing app Zelle. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Facebook Data Leaks, Smart Speaker Laser Attack, BlueKeep in the Wild

Tom Eston — Mon, 11 Nov 2019 00:00:18 -0500

In episode 94: Facebook's Group API data leak and 7,000 pages of leaked Facebook documents, lasers that can control your smart speakers, and details about the BlueKeep vulnerability now being exploited in the wild. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

WhatsApp’s NSO Group Lawsuit, This Week in Data Breaches, Office 365 Voicemail Phishing

Tom Eston — Mon, 04 Nov 2019 00:00:55 -0500

In episode 93: The WhatsApp NSO group lawsuit plus details on Facebook's preventive health tool, this week's data breach news, and how attackers are using a voicemail to phish Microsoft Office 365 users. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Firewalla Review, 15 Most Dangerous Apps for Kids, Rise of the Deepfake

Tom Eston and Scott Wright — Fri, 01 Nov 2019 15:15:30 -0400

In episode 93 of our monthly show we review the Firewalla home network device, talk about the 15 most dangerous (or scary) apps for kids that parents need to be aware of, and the rise of the "deepfake"!

Nord VPN Security Incident, Smart Speaker Phishing, Apple iOS 13 Privacy Features

Tom Eston — Mon, 28 Oct 2019 00:00:07 -0400

In episode 92: Details on the Nord VPN security incident, using Amazon Echo and Google Home smart speakers for phishing attacks, and new privacy features in Apple iOS 13 you should know about. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Pitney Bowes Ransomware Attack, Samsung Galaxy S10 Fingerprint Bypass, Top Technology Fears

Tom Eston — Mon, 21 Oct 2019 00:00:35 -0400

In episode 91: Pitney Bowes becomes the latest ransomware victim, what are the top technology fears, and the latest on the vulnerability that allows a Samsung Galaxy S10 to be unlocked with anyone's fingerprint. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Hong Kong Protests, Instagram’s Anti-Phishing Tool, Smart Device Fail

Tom Eston — Mon, 14 Oct 2019 00:00:15 -0400

In episode 90: How protesters in Hong Kong are avoiding facial recognition, Instagram's new anti-phishing tool, and my recent epic smart device failure incident. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Microsoft OneDrive Personal Vault, Google’s New Privacy and Security Controls, REAL ID Deadline

Tom Eston — Mon, 07 Oct 2019 00:00:00 -0400

In episode 89: Microsoft's new OneDrive personal vault, updated privacy and security controls announced by Google, and the TSA's warning about the REAL ID deadline next year. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Amazon Smart Glasses, Webkey Social Engineering, Erase Your Old Hard Drives!

Tom Eston and Scott Wright — Mon, 30 Sep 2019 23:00:14 -0400

In episode 92 of our monthly show: Amazon releases smart glasses that work with Alexa, what are webkey's and how could they be used for social engineering, and why you should always erase old hard drives and other data storage devices.

DoorDash Data Breach, Voice Assistant Privacy Changes, Limiting Ad Tracking

Tom Eston — Mon, 30 Sep 2019 00:00:20 -0400

In episode 88: DoorDash announces a data breach affecting 4.9 million people, recent voice assistant privacy changes, and how you can limit ad tracking on your mobile device. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Aaron Zar, Co-Founder and CEO of Silent Pocket

Tom Eston — Fri, 27 Sep 2019 00:00:49 -0400

On this special edition of the podcast we speak with Aaron Zar, co-founder and CEO of Silent Pocket. Silent Pocket has been a long time sponsor of the show and it was great to catch up with Aaron to get his thoughts on the current state of digital privacy. Don't forget, because you listen to this podcast, you receive 15% off your order using discount code "sharedsecurity" during checkout at silentpocket.com.

Apple iOS 13, Venmo Scams, Simjacking Attacks

Tom Eston — Mon, 23 Sep 2019 00:00:39 -0400

In episode 87: Everything you need to know about Apple iOS 13, Venmo scams you need to be aware of, and new details about "Simjacking" attacks. The Weekly Blaze podcast is your update on the most important cybersecurity and privacy news from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

End-to-End Encryption with Max Krohn from Keybase.io

Tom Eston — Mon, 16 Sep 2019 00:00:50 -0400

In episode 86: All about the state of encryption and why end-to-end encryption is so important with Max Krohn from Keybase.io. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

New Firefox Privacy Protections, Apple iOS Zero-Days, Facebook User Phone Numbers Exposed

Tom Eston — Mon, 09 Sep 2019 00:00:25 -0400

In episode 85: Firefox will now block all third-party tracking cookies and more by default, serious vulnerabilities found in Apple iOS, and the latest on the huge database of Facebook users' phone numbers found online. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Android “Ghost Click” Apps, New Apple Siri Privacy Protections, Credit Card Spying

Tom Eston — Mon, 02 Sep 2019 00:00:59 -0400

In episode 84: "Ghost click" Android apps found on the Google Play Store, new privacy protections for Apple's Siri voice assistant, and did you know that your credit card may spying on you? The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

10 Year Anniversary Episode with Kevin Johnson and Jayson E. Street

Tom Eston and Scott Wright — Thu, 29 Aug 2019 00:00:18 -0400

In Episode 91 of this very special episode of our monthly show, Tom and Scott are joined by special guests Kevin Johnson and Jayson E. Street back to celebrate the 10 year anniversary of this podcast! We talk about the history of the show, what's improved (or not improved) in the last 10 years from a cybersecurity and privacy perspective, Kevin's Star Wars addiction, Jayson's #HackerAdventures, and we have a very important debate about the future of security awareness and what can be done to provide better education on phishing which continues to be one of the top attack vectors we've seen in the last 10 years. Be sure to stay tuned to the end of the episode for some fun outtakes from this episode and some highlights from our very first episode which we recorded way back in August of 2009. You can also watch the full live stream of this episode on our YouTube channel.

New Facebook Privacy Controls, Apple iOS Patching Mistake, MoviePass Data Breach

Tom Eston — Mon, 26 Aug 2019 00:00:38 -0400

In episode 83: Facebook announces new off-Facebook activity privacy controls, how Apple made everyone's iOS device vulnerable, and details on the massive MoviePass data breach. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Biometric Security Data Breach, Critical Windows Vulnerabilities, FBI Data Harvesting

Tom Eston — Mon, 19 Aug 2019 00:00:28 -0400

In episode 82: The BioStar2 biometric security data breach, wormable vulnerabilities in Microsoft Windows, and the FBI trying to harvest your social media data. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

BSides Las Vegas, iMessage Exploit, 5G and Stingray Surveillance

Tom Eston — Mon, 12 Aug 2019 00:00:59 -0400

In episode 81: My summary of last week's BSides Las Vegas security conference, how a single text message to your iPhone could get you hacked, and how Stingray surveillance devices can still be used on new 5G networks. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Capital One Data Breach, Equifax Settlement Payouts, Nextdoor App Scams

Tom Eston — Mon, 05 Aug 2019 00:00:27 -0400

In episode 80: Everything you need to know about the Capital One data breach, changes in the payouts from the Equifax settlement, and Nextdoor app scams. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Medical Device Security with Special Guest John Nye

Tom Eston — Tue, 30 Jul 2019 00:00:42 -0400

In episode 90 of our monthly show we discuss medical device security with John Nye, Senior Director of Cybersecurity Research and Communication at CynergisTek. John speaks with us about the recent concern over insulin pump, pacemaker and other medical device hacking and what government regulators and the healthcare industry needs to do so they can better secure this technology.

Equifax Settlement, Android Video File Exploit, Encryption Backdoors

Tom Eston — Mon, 29 Jul 2019 00:00:19 -0400

In episode 79: Details on the Equifax breach settlement, why your Android phone could be exploited by simply watching a video file, and encryption backdoors being requested by worldwide governments. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

FaceApp Privacy Panic, Facebook’s 5 Billion Dollar Fine, Amazon Brushing Scams

Tom Eston — Mon, 22 Jul 2019 00:00:14 -0400

In episode 78: The FaceApp privacy panic, Facebook’s 5 billion dollar fine from the FTC, and what you need to know about two new types of Amazon scams. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Zoom Zero-Day, GDPR Fines, Google Assistant Recordings

Tom Eston — Mon, 15 Jul 2019 00:00:37 -0400

In episode 77: Zoom video conferencing zero-day, massive fines being issued for violating GDPR, and who might be listening when you talk to your Google Assistant. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use". Show Notes: https://sharedsecurity.net/2019/07/15/zoom-zero-day-gdpr-fines-google-assistant-recordings/

Amazon Alexa Recordings, Facebook Malware Campaign, Top 3 Tips to Stay Private on Vacation

Tom Eston — Mon, 08 Jul 2019 00:00:31 -0400

In episode 76: Amazon confirms that Alexa recordings are kept forever, details about one of the largest Facebook malware campaigns, and our top three tips for staying private on vacation. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns

Tom Eston — Mon, 01 Jul 2019 00:00:53 -0400

In episode 75: The US cyber-attack on Iran, the sad state of cybersecurity in the US government, and what you need to know about malvertising campaigns. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Home Security Episode – Locks, Doors, Cameras, and More!

Tom Eston and Scott Wright — Thu, 27 Jun 2019 00:00:02 -0400

In episode 89 of our monthly show Scott and Tom discuss everything you need to know about home security with physical security expert, Patrick McNeil! We delve into the world of locks, lock bumping, doors, windows, surveillance cameras, alarms, and much more. If you've always wanted to know how best to protect your home or residence this is one episode not to miss! Check out the YouTube edition of this episode for Patrick's presentation on lock bumping and the contest we had during the live stream of this episode.

Facebook’s New Cryptocurrency, Firefox Zero Day, Smart TV Malware

Tom Eston — Mon, 24 Jun 2019 00:00:20 -0400

In episode 74: Facebook announces a new cryptocurrency called Libra, two new zero-day vulnerabilities affecting Firefox, and should you be scanning your smart TV for malware? The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

US Customs and Border Protection Data Breach, Sign in with Apple, Leaked Facebook Emails

Tom Eston — Mon, 17 Jun 2019 00:00:03 -0400

In episode 73: US Customs and Border Protection agency data breach, the new "Sign in with Apple" button, and more leaked Facebook emails. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Quest Diagnostics Data Breach, Google’s Network Outage, US Visa Applicants and Social Media Names

Tom Eston — Mon, 10 Jun 2019 00:00:07 -0400

In episode 72: Quest Diagnostics and LabCorp data breach, what happens to your smart devices when the Internet goes down, and US visa applicants now required to share their social media names. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Ransomware Rampage, Mobile Phishing Attacks, iPhone App Ad Trackers

Tom Eston — Mon, 03 Jun 2019 00:00:54 -0400

In episode 71: US cities are being rampaged with ransomware, mobile phishing attacks on the rise, and do you know what your iPhone is doing while you sleep? The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Equifax Downgraded, Huawei Ban, Google is Tracking Your Purchases

Tom Eston — Mon, 27 May 2019 00:00:03 -0400

In episode 70: Investment firm Moody's downgrades Equifax, Huawei's US technology ban, and how Google is tracking all your purchases. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Remotely Killing Car Engines, Password Expiration Policies, Facial Recognition at Airports, InfoSec vs. Cybersecurity

Tom Eston and Scott Wright — Fri, 24 May 2019 00:00:20 -0400

In episode 88 of our monthly show Scott and Tom discuss how someone figured out how to remotely kill car engines through GPS tracking apps, Microsoft says password expiration policies are pointless, facial recognition being used at US airports, and the InfoSec vs. Cybersecurity debate.

Critical WhatsApp Vulnerability, Facial Recognition Ban, Wormable Flaw in Windows

Tom Eston — Mon, 20 May 2019 00:00:22 -0400

In episode 69: A serious spyware vulnerability in WhatsApp, San Francisco bans facial recognition, and a wormable vulnerability in older Microsoft systems. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Israel Cyber-Attack Bombing, New Google Privacy Settings, Traditional Mail Blackmail Scam

Tom Eston — Mon, 13 May 2019 00:00:46 -0400

In episode 68: Israel bombs a building in retaliation for a cyber-attack, Google adds more privacy settings, and a new blackmail scam that uses traditional mail. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The End of Password Expiration Policies, Seat-Back Camera’s on Airplanes, Unknown Data Breach

Tom Eston — Mon, 06 May 2019 00:00:54 -0400

In episode 67: Is this the end of password expiration policies? Are seat-back camera's recording you on an airplane, and the unknown data breach exposing 80 million records. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

All about VPN’s with Gaya Polat from vpnMentor

Tom Eston — Mon, 29 Apr 2019 00:00:16 -0400

In episode 66: Everything you wanted to know about VPN's, the advantages and disadvantages, what to look for in a VPN provider, and much more with Gaya Polat from vpnMentor. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The State of Cybersecurity Training and Certifications with Kevin Johnson

Tom Eston — Thu, 25 Apr 2019 00:00:55 -0400

In episode 87 of our monthly show we speak with frequent guest Kevin Johnson, CEO of Secure Ideas about the current state of cybersecurity training and certifications. This is one episode you don't want to miss!

Microsoft Email Hacked, Instagram Nasty List Phishing Scam, Facebook Third-Party Data Deals

Tom Eston — Mon, 22 Apr 2019 00:00:31 -0400

In episode 65: Microsoft email services hacked, the Instagram "Nasty List" phishing scam, and Facebook's attempted deals to sell your data. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Amazon Echo Recording Controversy, New Mobile Phone Scam, Hotels Leaking Data

Tom Eston — Mon, 15 Apr 2019 00:00:20 -0400

In episode 64: Amazon Echo's recording controversy, a new mobile phone scam, and hotels leaking your private information. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Facebook’s Bad Week, Stalkerware, Tax Season Scams

Tom Eston — Mon, 08 Apr 2019 00:00:08 -0400

In episode 63: Facebook's very bad week, Stalkerware on the rise, and tax season scams. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Apple Card, ASUS Live Update Backdoor, Statistics on Malware Attacks

Tom Eston — Mon, 01 Apr 2019 00:00:18 -0400

In episode 62: Apple's new privacy focused credit card, the ASUS live update software backdoor, and recent statistics on Malware attacks. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Facebook Passwords Exposed, Android Q Privacy, Microsoft Office Targeted

Tom Eston — Mon, 25 Mar 2019 00:01:19 -0400

In episode 61: Facebook passwords exposed in plain text, Android Q's new privacy features, and why Microsoft Office is the most popular target for cybercriminals. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, World’s Most Dangerous Malware

Tom Eston and Scott Wright — Mon, 25 Mar 2019 00:00:55 -0400

In episode 86 of our monthly show we discuss Tom's new garbage service (yep, that's right) and why taking credit cards by filling out a form and mailing it is never a good idea, the Verifications.io data breach, how a cyberattack can capsize a ship, and the world's most dangerous malware.

Equifax and Marriott Data Breach Updates, Facial Recognition at the Airport, Citrix Password Spraying Attack

Tom Eston — Mon, 18 Mar 2019 00:00:48 -0400

In episode 60: Equifax and Marriott data breach updates, facial recognition coming to 20 US airports, and the latest updates on the Citrix password spraying attack. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Google Chrome Zero-Day, Facebook Phone Number Privacy, NSA Phone Data Collection Program

Tom Eston — Mon, 11 Mar 2019 00:00:50 -0400

In episode 59: A new Google Chrome Zero-Day, how Facebook uses your phone number, and the shutdown of the NSA's phone data collection program. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Multi-Factor Authentication, New Attacks on 4G and 5G Mobile Networks

Tom Eston — Mon, 04 Mar 2019 00:00:33 -0500

In episode 58: Using multi-factor authentication to protect your credentials and privacy with special guest Ian Paterson from Plurilock, and new attacks on 4G and 5G mobile networks. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Google Nest’s Secret Microphone, Facebook Login Phishing, Password Manager Vulnerabilities

Tom Eston — Mon, 25 Feb 2019 00:00:34 -0500

In this week's episode: Google Nest's secret microphone, a new Facebook login phishing campaign, and vulnerabilities in popular password managers. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Preventing Illegal Robocalls, Webcam Spying, Dating App Account Hacking

Tom Eston — Mon, 18 Feb 2019 00:00:51 -0500

In this week's episode: Preventing illegal robocalls, should you be scared of your laptop's webcam, and recent hacks of popular dating apps. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Artificial Intelligence in Cybersecurity, Apple FaceTime Bug, Nest Camera Passwords

Tom Eston — Wed, 13 Feb 2019 00:00:55 -0500

In episode 85 of our monthly show we discuss artificial intelligence in cybersecurity, the recent Apple FaceTime bug, and the controversy over compromised Nest camera's. This was also the first show we streamed live over YouTube!

DNA Testing and the FBI, $198 Million Dollar Cryptocurrency Password, Password Checkup Chrome Extension

Tom Eston — Mon, 11 Feb 2019 00:00:12 -0500

In this week's episode: DNA testing and the FBI, the $198 million dollar cryptocurrency password, and a new Chrome extension to protect your accounts from data breaches. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Massive Apple FaceTime Privacy Bug, Selling Your Privacy for Money, Insecure Smart Light Bulbs

Tom Eston — Mon, 04 Feb 2019 00:00:55 -0500

In this week's episode: The massive Apple FaceTime privacy bug, selling your privacy for money, and insecure smart light bulbs. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Lack of US Privacy Regulations, Nest Camera’s Hijacked

Tom Eston — Mon, 28 Jan 2019 00:00:54 -0500

In this week's episode: The lack of US federal privacy regulations and details on Nest camera's being hijacked in credential stuffing attacks. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Ring Doorbell Privacy Concerns, Recent Password Breach News, Biometrics and Fifth Amendment Rights

Tom Eston — Mon, 21 Jan 2019 00:00:54 -0500

In this week's episode: Ring doorbell privacy concerns, news on a recent password breach, and a new ruling on biometrics and Fifth Amendment rights. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

US Government Shutdown, Privacy at CES 2019, Mobile Location Data Controversy

Tom Eston — Mon, 14 Jan 2019 00:00:39 -0500

In this week's episode: the US government shutdown and cybersecurity, privacy takes center stage at CES 2019, and a mobile location data controversy. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Cybersecurity Careers, Recruiting, and Volunteering with Kathleen Smith

https://sharedsecurity.net/wp-content/uploads/2019/01/EP84-1400x1400-1.jpg — Wed, 09 Jan 2019 00:00:11 -0500

New year, new Cybersecurity job? If you're looking for a new job or just starting out in Cybersecurity you'll want to listen to this episode of our monthly show where we're joined by special guest Kathleen Smith, CMO of ClearedJobs.net and CyberSecJobs.com. We discuss Kathleen's recent survey on people who advance their career by volunteering in the Cybersecurity community, the Hire Ground career track at the BSides Las Vegas cybersecurity conference, how to work with recruiters and job boards, why you should plan (rather than react) when you look for a new job, and much more!

Newspaper Ransomware Attack, How Facebook Tracks You on Android, USB-Type-C Authentication

Tom Eston — Mon, 07 Jan 2019 00:00:00 -0500

In this week's episode: Newspaper ransomware attack, how Facebook tracks you on Android, and USB-Type-C authentication. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Phishing Attack Targeting Two-Factor Authentication, Amazon Echo Eavesdropping, Netflix Email Scam – WB49

Tom Eston — Mon, 31 Dec 2018 00:00:46 -0500

In this week's episode: a new phishing attack targeting two-factor authentication, Amazon Echo eavesdropping, and a new Netflix email scam. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Year in Review and 2019 Predictions with Special Guest Kevin Johnson

Tom Eston — Wed, 26 Dec 2018 00:00:57 -0500

In this year end episode of the podcast, we're joined by frequent guest Kevin Johnson to recap the big cybersecurity and privacy news of this past year, talk about a little movie called Star Wars, and have some fun discussing our "predictions" for what's to come in 2019.

Healthcare Databases Exposed, Facebook’s Photo API Bug, Signal Speaks Out – WB48

Tom Eston — Mon, 24 Dec 2018 00:00:44 -0500

In this week's episode: Healthcare databases exposed, Facebook's Photo API bug, and Signal speaks out about anti-encryption laws. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Equifax Data Breach Details Released, More Google+ API Bugs, Supermicro Strikes Back – WB47

Tom Eston — Mon, 17 Dec 2018 00:00:55 -0500

In this week's episode: In this week's episode: Equifax data breach details released, more Google+ API bugs and Supermicro strikes back. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Quora Data Breach, Facebook’s Private Emails, Google Location Tracking – WB46

Tom Eston — Mon, 10 Dec 2018 00:00:42 -0500

In this week's episode: the Quora data breach, Facebook's private emails, and Google location tracking. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Massive Marriott Data Breach, Secure Holiday Shopping Tips, Phishing Sites Using HTTPS – WB45

Tom Eston — Mon, 03 Dec 2018 00:00:39 -0500

In this week's episode: the massive Marriott data breach, secure holiday shopping tips, and phishing sites using HTTPS. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Special Guest Tanya Janca, DevOps and AppSec, Women in Cybersecurity – #82

Tom Eston and Scott Wright — Fri, 30 Nov 2018 12:00:18 -0500

In this episode Tom and Scott are joined by special guest Tanya Janca who is a Senior Cloud Developer Advocate for Microsoft. We speak with Tanya about her journey into the world of AppSec, women and minorities in Cybersecurity, her advice for getting started in AppSec, her OWASP project (DevSlop), the current state of DevOps and privacy, and much more!

Vehicle Infotainment Privacy, Instagram’s Accidental Password Exposure, Firefox Monitor – WB44

Tom Eston — Mon, 26 Nov 2018 00:00:31 -0500

In this week's episode: Vehicle infotainment privacy, Instagram's accidental password exposure, and the Firefox monitor data breach notification service. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Harry Sverdlove, Edgewise Founder and CTO – Special Edition

Tom Eston and Scott Wright — Fri, 23 Nov 2018 00:00:49 -0500

In this special edition of the podcast we speak to Harry Sverdlove, who is the Founder and Chief Technology Officer of Edgewise. Harry talks with us about the concept of "zero trust" and their innovative technology that can help stop data breaches.

USPS Informed Delivery Vulnerabilities, Holiday Credit Card Fraud, Huge SMS Database Leak – WB43

Tom Eston — Mon, 19 Nov 2018 00:00:02 -0500

In this week's episode: USPS Informed Delivery vulnerabilities, how to avoid becoming a victim of holiday credit card fraud, and a huge database leak affecting 26 million SMS users. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Midterm Election Security, Gait Recognition Surveillance Technology, Caller ID Authentication – WB42

Tom Eston — Mon, 12 Nov 2018 00:00:36 -0500

In this week's episode: Midterm election security, gait recognition surveillance technology, and caller ID authentication. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Microsoft and Apple Security Updates, Signal’s Sealed Sender, Girl Scouts Data Breach – WB41

Tom Eston — Mon, 05 Nov 2018 00:00:35 -0500

In this week's episode: Microsoft and Apple security updates, Signal's sealed sender, and the Girl Scouts data breach. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Fortnite Scams, Google Search Privacy, Bloomberg SuperMicro Controversy – #81

Tom Eston and Scott Wright — Wed, 31 Oct 2018 00:00:52 -0400

In this episode Tom and Scott cover the recent rise in Fortnite scams, new privacy controls in Google search and the controversy over the Bloomberg article and SuperMicro.

Spy Apps and Stalkerware with Special Guest Jeff Tang – WB40

Tom Eston — Mon, 29 Oct 2018 00:00:47 -0400

In this week's episode: Spy apps and Stalkerware with special guest Jeff Tang, Senior Manager of Applied Research at Cylance. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Hotel Room Security and Privacy with Special Guest Patrick McNeil – WB39

Tom Eston — Mon, 22 Oct 2018 00:00:25 -0400

In this week's episode: Hotel room security and privacy with special guest Patrick McNeil. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Google+ Shutdown, Weapons Systems Vulnerabilities, Voice Phishing Scams – WB38

Tom Eston — Mon, 15 Oct 2018 00:00:01 -0400

In this week's episode: Google+ shutdown, weapons systems vulnerabilities, and new statistics on voice phishing scams. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Chinese Spying, Facebook Shadow Contact Information, iPhone X FaceID Privacy – WB37

Tom Eston — Mon, 08 Oct 2018 00:00:41 -0400

In this week's episode: Chinese spying, Facebook shadow contact information, and iPhone X FaceID privacy. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Facebook’s Fake Account Crackdown, Privacy Upgrade to HTTPS, New Security Features in Apple iOS 12 – WB36

Tom Eston — Mon, 01 Oct 2018 00:00:06 -0400

In this week's episode: Facebook's fake account crackdown, privacy upgrade to HTTPS, and new security features in Apple iOS 12. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Mobile Phone Call Scams, Pegasus Mobile Spyware, Newegg Data Breach – WB35

Tom Eston — Mon, 24 Sep 2018 00:00:59 -0400

In this week's episode: Mobile phone call scams, Pegasus mobile spyware, and the Newegg data breach. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Malware-Less Email Attacks, Equifax Breach Updates, Vizio Class Action Lawsuit

Tom Eston — Mon, 17 Sep 2018 00:00:31 -0400

In this week's episode: Malware-less email attacks, Equifax breach updates and the Vizio class action lawsuit. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Episode 80 – Special Guest Chris Hadnagy and Social Engineering The Science of Human Hacking

Tom Eston — Thu, 13 Sep 2018 12:00:10 -0400

In this very special episode we're joined by Chris Hadnagy who is the author of the book "Social Engineering: The Science of Human Hacking". We talk with Chris about his new book, how Social Engineering has changed over the years and what he's been up to with the Innocent Lives foundation, Social-Engineer.com and the recent DEF CON SECTF (Social Engineering CTF).

Five Eyes Security Alliance, Google and Your Offline Purchases, Privacy by Default in Firefox

Tom Eston — Mon, 10 Sep 2018 00:00:16 -0400

In this week's episode: The five eyes security alliance, Google and your offline purchases, and privacy by default in Firefox. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

US Federal Privacy Law, WhatsApp Google Drive Warning, Improved Security for Instagram

Tom Eston — Mon, 03 Sep 2018 00:00:08 -0400

In this week's episode: US federal privacy law, WhatsApp Google Drive warning and improved security for Instagram. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

Election Hacking and Vulnerable Voting Machines

Tom Eston and Scott Wright — Fri, 31 Aug 2018 12:00:36 -0400

In this episode Tom and Scott discuss election hacking in the US and the rest of the world, vulnerable voting machines and what all this means to you.

New TSA Body Scanners, Back to School Cybersecurity, Instagram Hacking

Tom Eston — Mon, 27 Aug 2018 00:00:35 -0400

In this week's episode: New TSA body scanners, back to school cybersecurity and Instagram hacking. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – ATM Cashout Attacks, Mobile Phone Voicemail Security, Google Location Tracking

Tom Eston — Mon, 20 Aug 2018 00:00:22 -0400

In this week's episode: ATM cashout attacks, mobile phone voicemail security and Google location tracking. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Facebook and your Financial Transactions, Smart Home Security, Critical HP Printer Vulnerabilities

Tom Eston — Mon, 13 Aug 2018 00:00:26 -0400

In this week's episode: Facebook and your financial transactions, Smart Home security and critical HP printer vulnerabilities. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Quiet Skies TSA Surveillance Program, SIM Hijacking and the Reddit Data Breach, Sextortion Scams

Tom Eston — Mon, 06 Aug 2018 00:00:59 -0400

In this week's episode: The Quiet Skies TSA surveillance program, SIM hijacking and the Reddit data breach and Sextortion scams. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Bluetooth Vulnerabilities, Malicious Apps Removed from Twitter, Gmail Confidential Mode

Tom Eston — Mon, 30 Jul 2018 00:00:13 -0400

In this week's episode: Bluetooth vulnerabilities, malicious apps removed from Twitter and Gmail confidential mode. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Podcast Episode 78 – Summer Camp Facial Recognition, Dark Web Dangers

Tom Eston and Scott Wright — Thu, 26 Jul 2018 00:00:29 -0400

In this episode we discuss the recent trend in using facial recognition technology at kids summer camps. We also discuss the risks of using the "dark web", what the dark web is, how do you access the dark web, what are the associated risks, and why you may not want to browse and use dark web (.onion) sites if you don't know what you're doing.

The Shared Security Weekly Blaze – Lost and Stolen Devices, Instagram and SIM Hijacking, LabCorp Security Breach

Tom Eston — Mon, 23 Jul 2018 00:00:14 -0400

In this week's episode: Lost and stolen devices, Instagram and SIM hijacking and the LabCorp security breach. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Polar Fitness App Location Data Exposed, Blocking Scam Phone Calls, Samba TV Privacy Controversy

Tom Eston — Mon, 16 Jul 2018 00:00:58 -0400

In this week's episode: Polar fitness app location data exposed, blocking scam phone calls and the Samba TV privacy controversy. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Mobile App Data Leaks, The California Privacy Act, Third-party Gmail Access

Tom Eston — Mon, 09 Jul 2018 00:00:04 -0400

In this week's episode: Mobile app data leaks, the California privacy act and third-party Gmail access. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – New WPA3 Wireless Standard, Malicious Smartphone Batteries, Exactis Data Leak

Tom Eston, Scott Wright, Kevin Tackett — Mon, 02 Jul 2018 00:00:57 -0400

In this week's episode: New WPA3 wireless standard, malicious smartphone batteries and the Exactis data leak. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Podcast Episode 77 – Personal Risk Assessments, Stingray Surveillance Devices

Tom Eston and Scott Wright — Fri, 29 Jun 2018 00:00:34 -0400

In this episode we discuss the concept of privacy related threat modeling and how to create a personal risk assessment. We also discuss Stingray devices which are being used by law-enforcement and nation states for cell phone surveillance.

The Shared Security Weekly Blaze – MyLobot Malware, Updates on Third-Party Location Data Sharing, Fortnite Scam Websites

Tom Eston — Mon, 25 Jun 2018 00:00:43 -0400

In this week's episode: MyLobot malware, updates on third-party location data sharing, Fortnite scam websites. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Ultrasonic Hard Drive Attacks, Dangerous USB Devices, Email Fraudsters Arrested

Tom Eston — Mon, 18 Jun 2018 00:00:29 -0400

In this week's episode: Ultrasonic hard drive attacks, dangerous USB devices and email fraudsters arrested. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – MyHeritage Data Breach, Facebook’s Data Sharing Partnership, Apple iOS 12 and macOS Updates

Tom Eston — Mon, 11 Jun 2018 00:00:51 -0400

In this week's episode: MyHeritage data breach, Facebook's data sharing partnership and Apple iOS 12 and macOS updates. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Telegram Messenger in Russia, Amazon’s Facial Recognition Technology, Digital License Plates

Tom Eston — Mon, 04 Jun 2018 00:00:42 -0400

In this week's episode: Telegram Messenger in Russia, Amazon's facial recognition technology and digital license plates. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Real-time Location Tracking, VPNFilter Router Malware, Apple’s GDPR Updates

Tom Eston — Mon, 28 May 2018 00:00:56 -0400

In this week's episode: Real-time location tracking, VPNFilter router malware and Apple's GDPR updates. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Efail Vulnerabilities and PGP Encryption, Facebook’s App Investigation, Nest Password Notifications

Tom Eston — Mon, 21 May 2018 00:00:59 -0400

In this week's episode: Efail vulnerabilities and PGP encryption, Facebook's app investigation and Nest password notifications. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Recent Windows Vulnerabilities, Exposed Passwords, Credit Freeze Controversy

Tom Eston — Mon, 14 May 2018 00:00:47 -0400

In this week's episode: Recent windows vulnerabilities, exposed Twitter and GitHub passwords and the latest credit freeze controversy. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Podcast Episode 76 – Special Guest Kevin Johnson (@secureideas), Router Hacking, GDPR, NSA Metadata

Tom Eston and Scott Wright — Thu, 10 May 2018 00:00:37 -0400

In this episode we're joined by Kevin Johnson, CEO of SecureIdeas and proud member of the Star Wars 501st Legion. We discuss a broad range of hot topics with Kevin including how big of a Star Wars fan he is, Russian router hacking, home router security, security awareness of the typical consumer, GDPR, NSA metadata, Facebook and much more! Kevin is always a fun, uncensored and very entertaining guest. We hope you enjoy this interview as much as we did!

The Shared Security Weekly Blaze – DNA Privacy, This Week’s Social Media Privacy News Roundup, Remote Car Hacking

Tom Eston — Mon, 07 May 2018 00:00:07 -0400

In this week's episode: DNA privacy, this week's social media privacy news roundup and remote car hacking. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Child Identity Fraud, Tech Support Scams, Amazon Key In-Car Delivery

Tom Eston — Mon, 30 Apr 2018 00:00:23 -0400

In this week's episode: Child identity fraud, tech support scams and Amazon Key in-car delivery. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Android’s Toxic Hellstew of Vulnerabilities, Facebook’s New Privacy Controls, Russian Router Hacking

Tom Eston — Mon, 23 Apr 2018 00:00:56 -0400

In this week's episode: Android's 'toxic hellstew' of vulnerabilities, Facebook's new privacy controls and Russian router hacking. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Podcast Episode 75 – Cybersecurity Education with Gotham Sharma (@g0thamsharma) and Dr. Brian Krupp (@briankrupp)

Tom Eston and Scott Wright — Thu, 19 Apr 2018 00:00:57 -0400

In this episode we're joined by two cybersecurity educators, Gotham Sharma Managing Director of the Exeltek Consulting Group and Dr. Brian Krupp , Assistant Professor in the Computer Science department at Baldwin Wallace University for their perspective on the current state of education in the cybersecurity industry. This is a really important topic given the current cybersecurity skills shortage where its becoming more difficult to find qualified and skilled individuals to fill cybersecurity jobs.

The Shared Security Weekly Blaze – Facebook goes to Congress, More Data Breach Announcements, New Hope for Replacing Passwords

Tom Eston — Mon, 16 Apr 2018 00:00:38 -0400

In this week's episode: Facebook goes to Congress, more data breach announcements and a new hope for replacing passwords. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – The #DeleteFacebook Movement, Cloudflare’s New Privacy Focused DNS Service, Saks Fifth Avenue and Panera Data Breaches

Tom Eston — Mon, 09 Apr 2018 00:00:11 -0400

In this weeks episode: The #DeleteFacebook movement, Cloudflare's new privacy focused DNS service and the Saks Fifth Avenue and Panera data breaches. The Weekly Blaze podcast is your update on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Facebook’s Privacy Firestorm, MyFitnessPal Data Breach, Ramifications of CLOUD and FOSTA

Tom Eston — Mon, 02 Apr 2018 00:00:14 -0400

In this weeks episode: Facebook's privacy firestorm, the MyFitnessPal data breach, and ramifications of the CLOUD and FOSTA bills. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Podcast Episode 74 – Special Guest Rachel Tobac (@RachelTobac)

Tom Eston and Scott Wright — Thu, 29 Mar 2018 12:00:26 -0400

In this episode we're joined by Rachel Tobac, CEO of SocialProof Security and board member for the nonprofit Women in Security and Privacy (WISP). Rachel shared with us her experience participating in the Social Engineering Capture the Flag contest at DEF CON as well as her thoughts on how young women can get into technology and cybersecurity careers. We also learn about Rachel's favorite (and least favorite) David Lynch movies as well as her book recommendations.

The Shared Security Weekly Blaze – Facebook and the Cambridge Analytica Controversy, Vulnerable VPNs, Siri Lock Screen Privacy

Tom Eston — Mon, 26 Mar 2018 00:00:30 -0400

In this weeks episode: Facebook and the Cambridge Analytica Controversy, Vulnerable VPNs and Siri Lock Screen Privacy. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – The Insecure Internet of Things, Spectre Patch Updates, Android Malware

Tom Eston — Mon, 19 Mar 2018 00:00:50 -0400

In this weeks episode: The Insecure Internet of Things, Spectre patch updates and new Android malware. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Malicious Healthcare Workers, New Attacks on Mobile Networks, Facebook Messenger for Kids

Tom Eston — Mon, 12 Mar 2018 00:00:48 -0400

In this weeks episode: Malicious Healthcare Workers, New Attacks on Mobile Networks, Facebook Messenger for Kids. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Facebook Face Recognition, Private Web Browsing, Credit Card Fraud

Tom Eston — Mon, 05 Mar 2018 00:00:41 -0500

In this weeks episode: Facebook Face Recognition, Private Web Browsing and Credit Card Fraud. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – AI Enabled Privacy Policies, New Android Updates, Hotel Room Inspections

Tom Eston — Mon, 26 Feb 2018 00:00:57 -0500

In this weeks episode: AI Enabled Privacy Policies, New Android Updates and Hotel Room Inspections. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – Instagram Social Stalking, Cryptojacking, Equifax Breach Updates

Tom Eston — Mon, 19 Feb 2018 00:00:58 -0500

In this weeks episode: Instagram Social Stalking, Cryptojacking and Equifax Breach Updates. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Podcast Episode 73 – Silent Pocket Faraday Laptop Sleeve Review, Password Managers, Smart Glasses

Tom Eston and Scott Wright — Thu, 15 Feb 2018 20:56:17 -0500

In this episode we discuss password managers, the Intel vaunt smart glasses, Google's HTTPS requirements, a German court ruling regarding the use of fake names on Facebook as well as our review of the Silent Pocket Faraday Laptop Sleeve.

The Shared Security Weekly Blaze – Tax Season Scams, SIM Hijacking, Smart TV Privacy

Tom Eston — Mon, 12 Feb 2018 01:00:33 -0500

In this weeks episode: Tax Season Scams, SIM Hijacking and Smart TV Privacy. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Weekly Blaze – License Plate Tracking, Jackpotting ATMs, Strava Global Heatmap Controversy

Tom Eston — Mon, 05 Feb 2018 04:00:29 -0500

In this weeks episode: ICE license plate tracking database, the first Jackpotting attacks on US ATMs and the Strava global heatmap controversy. The Weekly Blaze podcast is where we update you on the top 3 security and privacy news stories from the past week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news that you can use".

The Shared Security Podcast Episode 72 – Mobile Phone Emergency SOS, Overview of Meltdown and Spectre

Tom Eston and Scott Wright — Wed, 31 Jan 2018 09:00:14 -0500

In this episode we talk about the emergency SOS feature on your mobile device and how to use it in case of an emergency. We also discuss the recent Meltdown and Spectre vulnerabilities and what it means to you.

The Shared Security Weekly Blaze – Dark Caracal, Meltdown and Spectre Debacle, Amazon Go

Tom Eston — Mon, 29 Jan 2018 00:00:16 -0500

This is the first episode of the Shared Security Weekly Blaze podcast where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you "news you can use". In this week's episode we're going to talk about a new form of mobile malware called Dark Care a Cal, recent news about patching for the Meltdown and Spectre vulnerabilities and the launch of Amazon Go in downtown Seattle.

The Shared Security Podcast Episode 71 – Special Guest Rebecca Herold “The Privacy Professor” (@PrivacyProf)

Tom Eston and Scott Wright — Thu, 04 Jan 2018 11:57:21 -0500

In this episode we're joined by special guest and privacy expert, Rebecca Herold. Rebecca has over 25 years of IT, info sec, privacy & security experience; is CEO & Founder (2004) of Rebecca Herold & Associates, LLC, aka The Privacy Professor(R); and President & Co-Founder (2014) of SIMBUS360. Rebecca discusses her career as well as her take on the evolution of privacy polices (aka: privacy notices).

The Shared Security Podcast Episode 70 – Insider Threat Psychology with Special Guest Dr Helen Ofosu

Tom Eston and Scott Wright — Thu, 14 Dec 2017 17:00:18 -0500

In this episode we interview special guest Dr Helen Ofosu who is an expert in industrial and organizational Psychology. We get her perspective on how to address insider threats in the workplace as well as what the most common “psychological factors” are that manifest as insider security threats to organizations. We also discuss some recent news stories about insider threats and what they mean to you and your organization.

The Shared Security Podcast Episode 69 – Amazon Key, KRACK and DUHK Attacks, New Devices to Steal a Car

Tom Eston and Scott Wright — Tue, 07 Nov 2017 15:13:32 -0500

In this episode we talk about Amazon Key which allows package couriers access to your home, our thoughts on the two latest attacks (KRACK and DUHK) which affect WPA2 WiFi encryption and certain VPNs and how easy it is to steal a car with just a pair of $11 radio devices.

The Shared Security Podcast Episode 68 – Special Guest Chris Hadnagy, Innocent Lives Foundation, Social Engineering

Tom Eston and Scott Wright — Mon, 09 Oct 2017 14:53:59 -0400

This is the 68th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk to professional social engineer Chris Hadnagy about his new organization, the Innocent Lives Foundation. Chris also discusses with us the topic of social engineering and the recent social engineering CTF contest at the recent DEF CON hacking conference.

The Shared Security Podcast Episode 67 – SpamBot Exposed, Mobile App Tracking, Smart Lock Fail

Tom Eston and Scott Wright — Mon, 11 Sep 2017 10:14:46 -0400

This is the 67th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about a huge list of email addresses and credentials found being used to send SPAM and malware, mobile app privacy issues, a Smartlock update fail and much more!

The Shared Security Podcast Episode 66 – Ring Doorbell Camera Review, Traffic Apps, Amazon Echo

Tom Eston and Scott Wright — Tue, 01 Aug 2017 19:13:02 -0400

This is the 66th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about the Ring doorbell camera, issues with traffic apps, a large Verizon data breach, privacy concerns to be aware of with the Amazon Echo and much more!

The Shared Security Podcast Episode 65 – Smart TV Hacks, New Privacy Concerns, Phishing for Selfies

Shared Security — Fri, 07 Jul 2017 17:31:23 -0400

This is the 65th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about a new Smart TV hack, privacy concerns with web forms, stolen Facebook profile photo prevention and a new phishing scam asking for your selfies. Yes, that's right. Your selfie.

The Shared Security Podcast Episode 64 – Ultrasonic Ads, Home Security Vulnerabilities, Printer Tracking Dots

Tom Eston and Scott Wright — Thu, 08 Jun 2017 21:44:33 -0400

This is the 64th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about ultrasonic ads and the Android apps that are listening for them, security vulnerabilities in popular home security systems, printer tracking dots recently in the news and much more!

The Shared Security Podcast Episode 63 – Special Guest Jayson E. Street, Misconceptions About VPNs

Tom Eston and Scott Wright — Tue, 02 May 2017 15:56:44 -0400

This is the 63rd episode of the Shared Security Podcast hosted by Tom Eston, Scott Wright and special guest Jayson E. Street (InfoSec Ranger at Pwnie Express, Senior Partner at Krypton Security, CEO of Stratagem 1 Solutions and author of several books). In this episode we talk with Jayson about his perspective on the current state of privacy and security in the world, his thoughts on VPNs and hearing stories about his most interesting adventures including breaking into banks and other organizations (with permission of course). We also find out how he became Time Magazine's "Person of the Year" in 2006 (true story).

The Shared Security Podcast Episode 62 – CloudBleed, Wifi Risks, ATM Skimmers

Tom Eston and Scott Wright — Wed, 08 Mar 2017 19:26:02 -0500

This is the 62nd episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we discuss the "CloudBleed" vulnerability, attackers that can access your information via wifi and bluetooth, why technology won't stop security breaches, ATM skimmers in the wild and much more!

The Shared Security Podcast Episode 61 – Home Device Hijacking, Used Device Security, Creepy Facebook Search Tool

Tom Eston and Scott Wright — Tue, 21 Feb 2017 15:23:08 -0500

This is the 61st episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we discuss how to defend your "Internet of Things" home devices as well as some good tips on how to secure your home wifi network. We also discuss how data from used computers is not being erased, a new "creepy" Facebook search tool, a hotel ransomed by hackers and much more!

The Shared Security Podcast Episode 60 – The Secure Messaging Episode: Signal, WhatsApp, Facebook Messenger

Tom Eston and Scott Wright — Thu, 02 Feb 2017 16:58:13 -0500

This is the 60th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we focus on secure messaging apps like Signal, Wire, WhatsApp as well as other popular apps like Facebook Messenger. Tom and Scott delve into the reasons why people are starting to use these apps and the security and privacy features. We also discuss if using these apps for text messaging and phone calls are really more secure than traditional communication methods we're all used to.

The Shared Security Podcast Episode 59 – Amazon Echo, Wifi Router Security, EFF Privacy Badger

Shared Security — Fri, 13 Jan 2017 17:36:47 -0500

This is the 59th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about Amazon's hot Echo device and some recent privacy concerns with this new technology, new technology that the cruise industry is using, vulnerabilities in popular home wifi routers, and EFF's updated Privacy Badger browser plugin.

The Shared Security Podcast Episode 58 – Snapchat Spectacles, Mobile Number Privacy, PoisonTap

Shared Security — Wed, 30 Nov 2016 10:34:05 -0500

This is the 58th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about Snapchat's new wearable technology called Spectacles, a personal safety app called Companion, the privacy of your mobile number, a new computer attack vector called PoisonTap and much more!

The Shared Security Podcast Episode 57 – Dropbox and Yahoo Breach, IoT DDoS, LinkedIn Endorsements

Shared Security — Wed, 19 Oct 2016 11:11:57 -0400

This is the 57th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about the largest password breach and DDoS attack in history, tracking keystrokes through wifi signals, password cracking, abusing LinkedIn endorsements and much more!

The Shared Security Podcast Episode 56 – Chat Bots, Self-Driving Cars, Bitmoji Keyboards

Shared Security — Tue, 30 Aug 2016 13:09:29 -0400

This is the 56th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about what chat bots are, how they are used and what the risks are with using and interacting with them. We also discuss recent issues with self-driving cars, Twitter's account verification process, issues with bitmoji keyboards and more!

The Shared Security Podcast Episode 55 – IoT Horror Stories, Biometrics, Staying Safe Online

Shared Security — Sat, 16 Jul 2016 15:44:07 -0400

This is the 55th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about how even the head of Facebook can get hacked, a really cool geographic tweet map tool, why you should think twice about sharing links on Facebook messenger, banks starting to use more biometrics and more IoT devices installed with malware.

The Shared Security Podcast Episode 54 – Facebook Ad Privacy, Password Breaches, Random USBs

Shared Security — Fri, 03 Jun 2016 12:47:33 -0400

This is the 54th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about Facebook ads and how to change the information Facebook's apps have about you, recent large password breaches, password security, issues with random USB drives and the effects of hacking your toilet.

The Shared Security Podcast Episode 53 – The VPN Episode, AI Gone Bad, Google Nest

Shared Security — Mon, 16 May 2016 08:47:06 -0400

This is the 53rd episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about VPNs, a vulnerability in the popular EZCast devices, AI gone bad and what happens when new IoT technology is no longer supported.

The Shared Security Podcast Episode 52 – Creepy New Social Network, Phishing Dangers, Ransomware

Shared Security — Fri, 18 Mar 2016 09:01:12 -0400

This is the 52nd episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about a new social network in which a real person will follow you around, unexpected implications of the Internet of Things, new phishing attacks targeting payroll information and the evolution of Ransomware.

The Shared Security Podcast Episode 51 – Online Behavioral Advertising in Canada, Toy Security, Dangerous Apps for Teens

Shared Security — Thu, 18 Feb 2016 21:15:16 -0500

This is the 51st episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk with Andrew Patrick from the Office of the Privacy Commissioner (OPC) of Canada about Online Behavioral Advertising (OBA), security and privacy of "smart" toys, and what parents need to know about potentially dangerous mobile apps your teens might be using.

The Shared Security Podcast Episode 50 – Facebook Quizzes, Pre-Crime, Wireless Home Security Systems

Shared Security — Sat, 23 Jan 2016 10:33:45 -0500

This is the 50th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk with special guest Alex Hamerstone from TrustedSec about the privacy risks with Facebook quizzes and surveys, how social engineering is used to compromise banking accounts like Paypal, pre-crime and facial recognition and vulnerabilities in wireless home security systems.

The Shared Security Podcast Episode 49 – Google Search Privacy, Smart TV Attacks, Internet Router Risks

Shared Security — Thu, 17 Dec 2015 12:08:01 -0500

This is the 49th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about your Google searches that may be used against you, new attacks on Vizio Smart TVs and the associated privacy risks, how TVs will be implementing ultrasound technology, how your Internet router can be a security risk, the future of Healthcare IoT and much more!

The Shared Security Podcast Episode 48 – Password Manager Compromise, Fingerprint Insecurity, Quitting Social Media

Shared Security — Tue, 24 Nov 2015 11:56:34 -0500

This is the 48th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about a recent tool that can compromise the security of a popular password manager application, how fingerprints might not be the best way to replace passwords, predicting the future of technology and why it's really hard to totally quit social media.

The Shared Security Podcast Episode 47 – Celebrity Impersonations, Social Media and Kids, EU Safe Harbor

Shared Security — Fri, 30 Oct 2015 12:01:50 -0400

This is the 47th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about celebrity impersonators, how to address social media usage by your kids, EU Safe Harbor ramifications, why consumers feel that the security of the Internet of Things are easy and some recent hacks that everyone should be aware about.

The Shared Security Podcast Episode 46 – Peeple App, Medical Devices Exposed, Instagram for Doctors

Shared Security — Thu, 08 Oct 2015 09:53:46 -0400

This is the 46th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about the scary Peeple app where you can rate people, The excellent Power of Privacy video series from The Guardian, research from ZeroFox on social cyber attacks, how there are thousands of unsecured medical devices on the Internet, the social network for doctors to swap pics of you and much more!

The Shared Security Podcast Episode 45 – Implantable Wearables, Spotify Privacy, Hacking Self-Driving Cars

Shared Security — Fri, 25 Sep 2015 10:19:21 -0400

This is the 45th episode of the Shared Security Podcast hosted by Tom Eston and Scott Wright. In this episode we talk about how the Internet of Things (IoT) could revolutionize our lives, smartwatch hacks, the top 10 implantable wearables soon to be in your body, what's up with Spotify's new privacy policy and how self-driving cars can be hacked.

The Shared Security Podcast Episode 44 – Facebook Data, Apple Watch, Android, Amazon Dash Buttons

Shared Security — Thu, 03 Sep 2015 08:48:35 -0400

Facebook urged to tighten privacy settings after harvest of user data Make an Apple Watch Door Unlocker Severe weaknesses in Android handsets could leak user fingerprints Big Android makers will now push monthly security updates How I Hacked the Amazon WiFi Button to track Baby Data Oracle security chief to customers: Stop checking our code for vulnerabilities

The Shared Security Podcast Episode 43 – Car Hacking, IoT Risks, Facebook Scams, SmartTV Privacy

Tom Eston, Scott Wright, Kevin Tackett — Fri, 14 Aug 2015 14:12:59 -0400

Car hack reveals peril on the road to Internet of Things (IoT) Smart watches and activity monitors usually connect to the cloud, sometimes without good security Really great article from Venture Beat about IoT risks Good research and whitepaper from Veracode about several popular IoT devices being sold and the security risks Scott talks about a recent Facebook scam that he received which was really hard to tell if it was legit or not Tom talks about Vizio SmartTV's and how they know everything that you watch! Make sure you read those privacy policies!

The Shared Security Podcast 42 – Car Theft, Risky Apps, Facebook Security Checkup

Tom Eston, Scott Wright, Kevin Tackett — Tue, 14 Jul 2015 14:23:14 -0400

Podcast Update: The new website for the Shared Security Podcast will hopefully be live for the next episode! We hope you enjoy the new topics and format!

This is the 42nd episode of the Shared Security Podcast sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded June 3, 2015. Below are the show notes, links to articles and news mentioned in the podcast:

Marauder’s Map plugin for Chrome allows geolocation of messenger communications for friends or people in a message thread
Facebook check-up feature being tested which is a new tool that might help users understand and select privacy settings that make sense to them
How social networks make it easy for adopted children to find their birth parents, not always with desirable or expected results. The focus is on a young girl who grew up believing her birth mother was like a Disney princess, and understandably wanted to connect with her. This story shows it isn’t always a good decision, and highlights the need for honesty with young adopted children regarding their past.
Risky mobile apps that parents need to know about.
How new smart key fobs are making it easy for thieves to break into cars with a $17 gadget you can buy online. Some people are starting to put their key fobs in the freezer to shield them from the radio signals used by thieves.

Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Thanks for listening!

The post The Shared Security Podcast 42 – Car Theft, Risky Apps, Facebook Security Checkup appeared first on Shared Security Podcast.

Social Media Security Podcast 41 – Podcast Updates, Internet of Things, TV Privacy

Tom Eston, Scott Wright, Kevin Tackett — Fri, 15 May 2015 17:20:46 -0400

This is the 41st episode of the Social Media Security Podcast sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded April 29, 2015. Below are the show notes, links to articles and news mentioned in the podcast:

Important Podcast Update!
While we haven’t finalized the details we’re hoping to rename the podcast as “Shared Security”. We have been discussing the fact that the privacy and security topics we’ve been covering are really spreading to more than just social media. Now, we see the important stories as being ones that relate to who and what we trust as connected individuals and businesses. So, we’ve decided that it might be time to rename the podcast to be more inclusive of important security stories beyond just social media, and we’ve decided on a new name for the program…

“Shared Security”

We think Shared Security brings to mind not only social media, but mobile technology, cloud technology, and as I’m sure you’ve heard by now, The Internet of Things (IoT). So our new podcast, Shared Security, will try to bring you timely stories, news and tips for living securely in a connected world. The name also brings to mind the fact that we will increasingly need to share our thoughts on what the risks are and how to deal with them. You can expect the same level of insight and practical guidance, just on a broader scope. We haven’t yet figured out how we will officially change the program name people see on iTunes or the feed for RSS. So for the moment, the feed and official title will be the same…Social Media Security. However, with this episode we’re going to try to cover a broader range of stories, when appropriate. Stay tuned for additional rebranding changes as we roll them out.

As always, we’d like to hear your thoughts!

Scott and Tom

Recent Facebook and Instagram vulnerabilities
Security for the Internet of Things will get really, really bad before it gets good
Samsung TV’s are listening to you
Trend Micro and Ponemon released a study on personal information, privacy and the connected world.
In this report, they mention that Gartner predicts 25 billion connected devices by 2020 – I think that’s a low estimate- The report breaks down the value of certain types of personal information to attackers, like your health condition (for an American it’s $82.90 per record)
Discussion about The 2015 Verizon Data Breach Incident Report
Commentary on the risks from Internet of Things

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening!

The post Social Media Security Podcast 41 – Podcast Updates, Internet of Things, TV Privacy appeared first on Shared Security Podcast.

Social Media Security Podcast 40 – ThreatExchange, Echosec, Facebook Scams

Tom Eston, Scott Wright, Kevin Tackett — Mon, 16 Mar 2015 19:26:59 -0400

This is the 40th episode of the Social Media Security Podcast sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded February 25, 2015. Below are the show notes, links to articles and news mentioned in the podcast:

Facebook’s new ThreatExchange
Fitbit data used in a court case
Echosec is a web application that lets you search a geographical locale for posts on Twitter, Instagram and Flickr
Some new Facebook security tips and tricks
A very special interview with somebody who experienced a scam attempt on Facebook. Great advice on how to defend against these types of scams!

The post Social Media Security Podcast 40 – ThreatExchange, Echosec, Facebook Scams appeared first on Shared Security Podcast.

Social Media Security Podcast 39 – Snapcash, Yik Yak, LinkedIn Security and Privacy Tips

Tom Eston, Scott Wright, Kevin Tackett — Fri, 12 Dec 2014 13:13:22 -0500

This is the 39th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston, Scott Wright recorded December 12, 2014. Below are the show notes, links to articles and news mentioned in the podcast:

“Snapcash” has been announced by the creators of Snapchat. Can Snapchat gain enough consumer confidence to break into the payments field?
Yik Yak is a social app for browsing anonymous chats in your locale and it’s gaining popularity with teens and causing some problems for schools.
Yik Yak is also not as private or anonymous as you think as a new security vulnerability was just disclosed!
How to opt out of Twitter’s new app tracking feature
Facebook’s updated Privacy Policy? Not much new, but policies have been reworded to be somewhat less onerous to read
Facebook At Work – Will it work?
Scott and Tom share our opinions on the big Sony Pictures security breach
Scott shares some best practices on how to secure your LinkedIn account. Tom shares some good tips to make your LinkedIn account more private. Here are a few of the tips we discussed:
1) Turn on HTTPS for all sessions:

– Check the “Secure Connections” box in the security settings page

2) Turn on Two-Step Verification

– The security settings page will tell you whether or not two-step verification is already set up

– You can turn it on, and provide a mobile phone where SMS messages will be sent

Both are accessible by doing the following while logged in to your LinkedIn account on the Web:

a) Hover the mouse cursor over your profile picture

b) Click on the Account tab in the bottom left of the page

c) Click on “Manage Security Settings”

The post Social Media Security Podcast 39 – Snapcash, Yik Yak, LinkedIn Security and Privacy Tips appeared first on Shared Security Podcast.

Social Media Security Podcast 38 – Corporate Policy, Whisper Privacy Flaws, Snapchat Hack

Tom Eston, Scott Wright, Kevin Tackett — Wed, 05 Nov 2014 10:25:07 -0500

This is the 38th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston, Scott Wright recorded October 21, 2014. Below are the show notes, links to articles and news mentioned in the podcast:

An enterprise level story about how hard it is to block specific sites, and what can be done about it
Twitter’s former security head condemns Whisper’s privacy flaws
Twitter sues the US Government over national security data
Twitter quickly withholds tweets for Turkey’s ‘national security’
Twitter ‘news’ spreads faster than Ebola
Snapchat third party service hacked
Facebook Fake Likes Exposed

The post Social Media Security Podcast 38 – Corporate Policy, Whisper Privacy Flaws, Snapchat Hack appeared first on Shared Security Podcast.

Social Media Security Podcast 37 – Special Guest Kevin Johnson (@Secureideas), Managing Your Digital Footprint

Tom Eston, Scott Wright, Kevin Tackett — Thu, 02 Oct 2014 13:05:36 -0400

This is the 37th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston, Scott Wright and special guest Kevin Johnson recorded September 19th 2014. Below are the show notes, links to articles and news mentioned in the podcast:

Special Topic! Managing Your Digital Footprint (thanks to Chris John Riley for the idea!)

Personal objectives for using social media
Types of footprints you might have (likes, comments, photos, tags, etc.)
Ways you can be exposed, and how to find them (Google search, Facebook search, Linkedin Search, etc.)
Ways to manage exposure going forward
This site has a good, short set of tips to review: http://krishnade.com/digital-footprint/

LinkedIn address book guessing…
http://omnifeed.com/article/www.komonews.com/news/local/LinkedIn-flaw-helps-hackers-discover-email-addresses-275537041.html

The LinkedIn LION – Are You Exposing Yourself to the Hyenas?
https://www.linkedin.com/today/post/article/20140812143638-171396975-the-linkedin-lion-are-you-exposing-yourself-to-the-hyenas

The post Social Media Security Podcast 37 – Special Guest Kevin Johnson (@Secureideas), Managing Your Digital Footprint appeared first on Shared Security Podcast.

Social Media Security Podcast 36 – Your Cats Metadata, Facebook Messenger, User Risk Awareness

Tom Eston, Scott Wright, Kevin Tackett — Tue, 26 Aug 2014 15:30:18 -0400

This is the 36th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded August 20th 2014. Below are the show notes, links to articles and news mentioned in the podcast:

HTML5 Canvas Fingerprint — Widely Used Unstoppable Web Tracking Technology
What the Internet Can See From Your Cat Pictures. Everyone also knows where your cat lives…
Discussion about Facebook Messenger Privacy. Is it really that big of a deal?
Misplaced fear about Facebook Messenger for Android
Ars Technica interviews Facebook CSO Joe Sullivan about improving corporate security
Another interview with Joe Sullivan by Washington Post about the post-Snowden effect on Internet companies
Kaspersky study of Facebook user risk awareness
Kaspersky app called Friend or Foe, and their top 5 security mistakes Facebook users make

The post Social Media Security Podcast 36 – Your Cats Metadata, Facebook Messenger, User Risk Awareness appeared first on Shared Security Podcast.

Social Media Security Podcast 35 – Facebook News Feed Psychology, Complex Passwords, Dumb Criminals

Tom Eston, Scott Wright, Kevin Tackett — Thu, 24 Jul 2014 11:26:56 -0400

This is the 35th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded July 17th 2014. Below are the show notes, links to articles and news mentioned in the podcast:

Facebook altered 689,000 users’ News Feeds for a psychology experiment
How to Stop Facebook From Using Your Browsing History
Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User
How to Teach Humans to Remember Really Complex Passwords
Why I quit Facebook and we are sharing much more than you think
Burglar logs in to Facebook in victim’s house, forgets to sign off (really?)
Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening!

The post Social Media Security Podcast 35 – Facebook News Feed Psychology, Complex Passwords, Dumb Criminals appeared first on Shared Security Podcast.

Social Media Security Podcast 34 – Facebook Privacy, LinkedIn Scammers, Naughty Employees

Tom Eston, Scott Wright, Kevin Tackett — Tue, 01 Jul 2014 15:56:34 -0400

This is the 34th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded June 18th 2014. Below are the show notes, links to articles and news mentioned in the podcast:

Facebook Switches Default Setting to Private to Prevent Oversharing
Facebook Fights Malware With Free Security Software
Facebook Microphone Update To Store Data: Social Media Giant Confirms New Feature Will Aggregate Information
Facebook responds to this privacy issue
How to “Hack” Someone’s “Private” Friends List on Facebook to See All of Their Friends
6 tips on how to avoid Linkedin Scammers
Some HP Employees Were Busted For This Hilariously Awful Attack Against Competitor, Splunk
Bruce Schneier posted a link to this article about how ISIS in Iraq is using their free mobile app to mass tweet on behalf of individual users, without triggering spam blocks.
Tom talked about SecureState’s free phishing awareness tool called “King Phisher”. This tool can be used to conduct your own phishing awareness campaigns. Check out the webinar and download the tool.

The post Social Media Security Podcast 34 – Facebook Privacy, LinkedIn Scammers, Naughty Employees appeared first on Shared Security Podcast.

Social Media Security Podcast 33 – Heartbleed, Hashtag Fail, Social Impersonation

Tom Eston, Scott Wright, Kevin Tackett — Thu, 22 May 2014 13:26:48 -0400

Guess what? We’re back! This is the 33rd episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright recorded May 15, 2014. Below are the show notes, links to articles and news mentioned in the podcast:

Social Media sites affected by Heartbleed
NYPD Twitter hashtag campain FAIL
Facebook Fail pages for brands like ADT alarm service
New Snowden Docs Highlight “Weaknesses” In Facebook Data Security
Snapchat security failure
Facebook class action lawsuit status
Canada’s Privacy Commissioner rules on Facebook remedies in case of harrassment by child imposter
Interesting view on Android permissions requested by FB apps (and proposed solution)
People snubbed on Facebook feel less “meaningful existence,” study finds
Tom’s presentation on Enterprise Open Source Intelligence Gathering (OSINT)

The post Social Media Security Podcast 33 – Heartbleed, Hashtag Fail, Social Impersonation appeared first on Shared Security Podcast.

Social Media Security Podcast 32 – The Privacy Paradox, Twitter Hacks, Facebook Home

Tom Eston, Scott Wright, Kevin Tackett — Thu, 02 May 2013 10:52:20 -0400

This is the 32nd episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright recorded April 25, 2013. Below are the show notes, links to articles and news mentioned in the podcast:

A Little Privacy, Please! Your Rights and Social Media Policies. Tom and Scott discuss why you should be reading the privacy polices of the social networks you use.
AP Twitter account hacked; report of White House bombs false
Beware Twitter “password check” sites – there are fakes, and there are fake fakes!
Is your Twitter password secure?
What is “Facebook Home” and what are the potential privacy ramifications of using it on your Android device?
Are you over-sharing? A discussion of the privacy paradox we all face
Check out SecureState’s latest whitepaper on the new concerns with privacy!

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening!

The post Social Media Security Podcast 32 – The Privacy Paradox, Twitter Hacks, Facebook Home appeared first on Shared Security Podcast.

Social Media Security Podcast 31 – New Facebook Graph Search, Fake Internet Girlfriends, Social Media and Your Business

Tom Eston, Scott Wright, Kevin Tackett — Wed, 30 Jan 2013 11:15:34 -0500

This is the 31st episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright recorded January 18th, 2013. Below are the show notes, links to articles and news mentioned in the podcast:

Facebook privacy controls have been updated. Check out this article on all the changes. You can no longer have your profile hidden. All Facebook users are publicly searchable.
Facebook Graph Search has been released. Tom and Scott talk about what you need to know.
What’s up with all these fake Internet girlfriends?? (Manti Teo)
Tom and Scott talk about the current state of Social Media and your business. Download SecureState’s free Social Media Guidelines for businesses. This is a great Social Media Policy template for your business.

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening!

The post Social Media Security Podcast 31 – New Facebook Graph Search, Fake Internet Girlfriends, Social Media and Your Business appeared first on Shared Security Podcast.

Social Media Security Podcast 30 – The Password Episode

Tom Eston, Scott Wright, Kevin Tackett — Tue, 25 Sep 2012 13:40:57 -0400

This is the 30th episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright. In this episode we talk about the password problem and why we continue to choose easy to guess passwords. Tom and Scott also talk about ways to select more secure passwords and how technology can help. Below are the show notes, links to articles and news mentioned in the podcast:

The password Episode! It’s episode 30!

Study shows hackers more focused on passwords than those who create them

Major password breaches in the last few months:

Formspring (420,000)
LinkedIn (6 million)
eHarmony (1.5 million)
Last.fm (2.5 million)
Blizzard Battle.net

Brute force attacks on passwords is the #1 way we break into companies during pentests! Want to see the poor passwords people choose? SkullSecurity has very good lists from previous breaches. Looking for more information? Tom wrote a white paper on how easy it is to profile user passwords on social networks.

The password problem. Users continue to make poor password choices. Why?

Too many to remember?
- It’s easier to use the same password for each site
- Also the same user id and email
Failures in user awareness?
Users are not provided the technology to help
Social networks and other sites make it easy to choose weak passwords, little adoption of two factor authentication because users will complain
Mobile apps are not designed to constantly enter passwords. This is why you “stay logged in”.

Worse case scenario?

Mat Honan’s “Epic” Hacking

What is the solution?

It’s tough but we need to stop blaming the companies that hold our data…take personal responsibility and educate yourself!
It’s also complex to figure out a solution.
Technology can help: KeePass, 1Password, LastPass, Google Two-Step Verification (application specific passwords), Facebook Two Factor

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 30 – The Password Episode appeared first on Shared Security Podcast.

Social Media Security Podcast 29 – Fake Bieber, Facebook Social Engineering Tool, MySpace Who?

Tom Eston, Scott Wright, Kevin Tackett — Tue, 21 Aug 2012 11:09:54 -0400

This is the 29th episode of the Social Media Security Podcast. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

MySpace charged for violating user privacy, vows to do better
How a fake Justin Bieber “sextorted” hundreds of girls through Facebook
FBPwn: A cross-platform Facebook social engineering tool
Tom and Scott’s take on the Facebook IPO
LinkedIn CSRF (Cross-site Request Forgery) controls attacked
Scott gives us an update on his mobile honeystick project

We are still planning on getting back to regular podcasts! Stay tuned. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 29 – Fake Bieber, Facebook Social Engineering Tool, MySpace Who? appeared first on Shared Security Podcast.

Social Media Security Podcast 28 – Facebook Timeline, US Privacy Questions, Twitter Acquisitions

Tom Eston, Scott Wright, Kevin Tackett — Thu, 19 Apr 2012 10:57:42 -0400

This is the 28th episode of the Social Media Security Podcast recorded back a few months ago. Content is still relevant! This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Facebook starts rolling out Timeline to everyone (what you need to know about the timeline privacy)
Twitter Acquires Web Security Firm Dasient
Trojan steals e-cash vouchers from Facebook users
Facebook ducks U.S. privacy question
LinkedIn Friend Finder…what you need to know!

Don’t worry! We are still planning on getting back to regular podcasts. Stay tuned. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 28 – Facebook Timeline, US Privacy Questions, Twitter Acquisitions appeared first on Shared Security Podcast.

Social Media Security Podcast 27 – Facebook Friend Unlock, The Anti-Facebook, Facebook Games

Tom Eston, Scott Wright, Kevin Tackett — Thu, 24 Nov 2011 12:58:19 -0500

This is the 27th episode of the Social Media Security Podcast recorded November 11, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Locked Out Of Facebook? Your Friends Will Soon Be Able To Help You Get Back In
Anti-Facebook Social Network “Unthink” Launches To Public
Most social networks users don’t keep up with privacy settings changes
Facebook video games are stupid, anyway

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 27 – Facebook Friend Unlock, The Anti-Facebook, Facebook Games appeared first on Shared Security Podcast.

Social Media Security Podcast 26 – Google +, New Facebook Privacy Controls, FBPwn Tool

Tom Eston, Scott Wright, Kevin Tackett — Tue, 20 Sep 2011 09:37:02 -0400

This is the 26th episode of the Social Media Security Podcast recorded September 8, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Google + Security and Privacy
New Facebook Privacy Controls, what’s changed?
New Tool: FBPwn– A cross-platform Java based Facebook profile dumper

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 26 – Google +, New Facebook Privacy Controls, FBPwn Tool appeared first on Shared Security Podcast.

Social Media Security Podcast 25 – Facebook Security Updates, FaceNiff, Social Media Background Checks

Tom Eston, Scott Wright, Kevin Tackett — Tue, 12 Jul 2011 10:14:51 -0400

This is the 25th episode of the Social Media Security Podcast recorded July 1, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

LinkedIn SSL Leaves Accounts Vulnerable to Hijacking
Facebook adds two-factor authentication, other new security features
Facebook facial recognition. How it looks, fact and myth, and how we would fix the problems.
Firesheep for Android Phones (FaceNiff)
LinkedIn, Foursquare and Netflix on Android Store Your Passwords in Unencryped Text Files
Social Media Background Checks

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 25 – Facebook Security Updates, FaceNiff, Social Media Background Checks appeared first on Shared Security Podcast.

Social Media Security Podcast 24 – Personal Social Media Accounts, Cree.py, ProfileSpy, App Privacy

Tom Eston, Scott Wright, Kevin Tackett — Fri, 15 Apr 2011 14:19:43 -0400

This is the 24th episode of the Social Media Security Podcast recorded April 6, 2011. This episode was hosted by Tom Eston and Scott Wright with special guest James Ruffer. Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 24 – Personal Social Media Accounts, Cree.py, ProfileSpy, App Privacy appeared first on Shared Security Podcast.

Social Media Security Podcast 23 – Recent Changes to Facebook, Enterprise Social Media Tools, Spokeo

Tom Eston, Scott Wright, Kevin Tackett — Wed, 02 Mar 2011 10:04:14 -0500

This is the 23rd episode of the Social Media Security Podcast recorded February 25th, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

New changes to Facebook and security implications
Facebook now supports full SSL browsing (optional), social authentication improvements
Facebook rolls out new messaging system
Facebook now allows iframes within tab applications. Possible security issue with applications!
API bug responsible for Zuckerberg page hack
Facebook ‘tag spam’ targets indiscriminate friend collectors
Dispelling the Myths of Facebook Privacy and Security
Government Calls for Privacy Protections for Device Location
Scott’s little initiative to identify and discuss “internal” or “private” social networking tools for enterprises
Question from a listener: What’s the business model around people search engines like Spokeo.com? How about digital insurance?
Check out Scott’s new Canadian security podcast: Security, Eh?

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 23 – Recent Changes to Facebook, Enterprise Social Media Tools, Spokeo appeared first on Shared Security Podcast.

Social Media Security Podcast 22 – Skype Email, Taxonomy of Socnet Data, Facebook Graph API

Tom Eston, Scott Wright, Kevin Tackett — Thu, 27 Jan 2011 14:33:38 -0500

This is the 22nd episode of the Social Media Security Podcast recorded January 21, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Skype credit email as an apology – a new trend we can expect in 2011 from good guys and bad guys. Screen shot mentioned in the podcast.
Scott’s note: I searched for posts about this email before clicking on it, and it was actually legitimate. However, this would be a very compelling phishing attack for any organization that recently suffered a PR setback. Any time you get an unexpected email, even if it looks like the circumstances make sense, you need to check on its authenticity. And any organization issuing such an Email should also post an announcement of the campaign on their home page, and issue a press release to make it easy for people to verify the legitimacy of the email.
Bruce Schneier’s taxonomy of social network personal data
Facebook now tells you about people you know who have found friends using their Friend Finder
Scott’s note: I always tell people never to enter their email address and password on sites that aren’t their email service. You don’t know what they will do with your password, or if it might be captured. It also exposes your friends to potentially unwanted email messages – e.g. spam.
Facebook Lets Developers Ask a User for Their Address, Phone Number in the Graph API
Twitter Worm Pushing Rogue Antivirus Scam

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 22 – Skype Email, Taxonomy of Socnet Data, Facebook Graph API appeared first on Shared Security Podcast.

Social Media Security Podcast 21 – Facebook Trolls, Cookie Monster, Gawker Breach

Tom Eston, Scott Wright, Kevin Tackett — Mon, 27 Dec 2010 09:05:04 -0500

This is the 20th episode of the Social Media Security Podcast recorded December 17th 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Trolls who deface Facebook RIP pages of teens who have died
Canadian Mounties LIKE Cookie Monster Audition for SNL
Facebook becomes divorce lawyers’ new best friend
Vulnerabilities in Facebook Apps (nothing new but still a problem)
Gawker breach and implications. Ryan Naraine had a good set of tips at Threatpost.com.
Facebook Profile Changes: What You Should Know
Zuckerburg man of the year?

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 21 – Facebook Trolls, Cookie Monster, Gawker Breach appeared first on Shared Security Podcast.

Social Media Security Podcast 20 – FireSheep, Privacy in the US, What NOT To Post On Facebook

Tom Eston, Scott Wright, Kevin Tackett — Mon, 08 Nov 2010 17:40:42 -0500

This is the 20th episode of the Social Media Security Podcast recorded November 5th 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

FireSheep – “Firefox plugin to pull active cookies from popular websites while using open wifi”.
Facebook Responds to FireSheep
Idiocy tool sends tweets on your behalf as a “Warning”. Get the tool here.
How to defend against FireSheep? Manually use HTTPS for social media sites or use a VPN while connected to open wifi..don’t forget about mobile apps! Try the HTTPS Everywhere Plugin from the EFF or Force-TLS Plugin.
Learn more about securing your Wifi at home.
FireShepherd Aims to Protect Users. BlackSheep is another one…
White House Forms Privacy and Internet Policy Subcommittee
Ottawa man busted through Facebook after stealing rare Wayne Gretzky jersey
What NOT To Post On Facebook: 13 Things You Shouldn’t Tell Your Facebook Friends

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 20 – FireSheep, Privacy in the US, What NOT To Post On Facebook appeared first on Shared Security Podcast.

Social Media Security Podcast 19 – New Changes to Facebook, Social Media Risk Survey, LinkedIn Scams

Tom Eston, Scott Wright, Kevin Tackett — Mon, 01 Nov 2010 09:44:35 -0400

This is the 19th episode of the Social Media Security Podcast recorded October 8, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Social Media Security Awareness Month – at SecureState! Two new white paper’s released: Security Gaps in Social Media Websites for Children Open Door to Attackers Aiming To Prey On Children by Scott White. Profiling User Passwords on Social Networks by Tom Eston
SocialScan service and social media consulting available.
Panda Security Publishes Findings from First Annual Social Media Risk Index for SMBs
Survey: Fear of data loss, security risks via social media sites on the upswing
Facebook Competitor Diaspora Hit With Security Criticisms
New changes to Facebook. What you need to know:
New groups (tag people just like places). Ability to download all of your data to a zip file. Dashboard for more granular control of applications. New one time password feature and session controls
Facebook Groups: Privacy Blunder or Twitter Replacement?
Don’t Get Duped by LinkedIn Spam Scam

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 19 – New Changes to Facebook, Social Media Risk Survey, LinkedIn Scams appeared first on Shared Security Podcast.

Social Media Security Podcast 18 – RFID and Facebook, Hacking Facebook Places, MySpace Privacy

Tom Eston, Scott Wright, Kevin Tackett — Thu, 09 Sep 2010 23:37:29 -0400

This is the 18th episode of the Social Media Security Podcast recorded September 3, 2010. This episode was hosted by Tom Eston and Scott Wright and is our 1 year anniversary episode! Thanks to everyone that has supported the podcast over the last year…we really appreciate it! Below are the show notes, links to articles and news mentioned in the podcast:

Scary new way to use Facebook with RFID. Is the physical world starting to merge with social media?
MySpace updates its privacy settings
Hacking your location with Facebook Places
Privacy Settings for Facebook Places
How to get hacked on Facebook (Koobface chat messages)
Facebook spam infinitely more effective than email spam
Facebook’s remote log-out security feature: Should you care?

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 18 – RFID and Facebook, Hacking Facebook Places, MySpace Privacy appeared first on Shared Security Podcast.

Social Media Security Podcast 17 – ICanStalkU, QR Codes, Facebook directory via Torrent, LinkedIn CAPTCHA’s

Tom Eston, Scott Wright, Kevin Tackett — Sat, 14 Aug 2010 21:21:46 -0400

This is the 17th episode of the Social Media Security Podcast recorded August 13th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Researchers Show How Twitter, Twitpic Make Stalking Simple. Check out ICanStalkU.com!
Robin Sage revealed at BlackHat USA.
Why QR Codes Are Poised to Hit the Mainstream. Check out our QR Code. This one is safe!
Download 171 million Facebook names via Torrent. Here is an update from Ron.
Acunetix releases video and technical article about an exploitable XSS on facebook.com
Facebook name extraction

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!

The post Social Media Security Podcast 17 – ICanStalkU, QR Codes, Facebook directory via Torrent, LinkedIn CAPTCHA’s appeared first on Shared Security Podcast.

Social Media Security Podcast 16 – Diaspora News, FTC and Twitter, Twitter XSS, Facebook App Permissions

Tom Eston, Scott Wright, Kevin Tackett — Mon, 05 Jul 2010 12:44:11 -0400

This is the 16th episode of the Social Media Security Podcast recorded July 2, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Quick update on Diaspora (pronounced Di-as-para). Here is a video update as well.
FTC nails Twitter for deceiving users about privacy and security
HTTPS Everywhere Firefox extension from the EFF
Persistent XSS on Twitter.com
Interesting New Twitter Phish Can Lead to Bad Places
Facebook Rolls Out Simplified Application Permissions System
Facebook Phonebook Is Not A Security Threat
NTIA (National Telecommunications and Information Administration) has received the report of the Online Safety and Technology Working Group (OSTWG) “Youth Safety on a Living Internet” (2.42 MB PDF file)

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening!

The post Social Media Security Podcast 16 – Diaspora News, FTC and Twitter, Twitter XSS, Facebook App Permissions appeared first on Shared Security Podcast.

Social Media Security Podcast 15 – Current Facebook Security Issues, New Privacy Tools, Likejacking, Formspring, Social Media at Work

Tom Eston, Scott Wright, Kevin Tackett — Sat, 19 Jun 2010 13:30:17 -0400

This is the 15th episode of the Social Media Security Podcast recorded June 11th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Our Facebook Privacy & Security Guide has been updated to v2.2. We are working on the LinkedIn Privacy & Security Guide!
How to permanently delete your Facebook account
Quit Facebook Day – May 31st was it successful?
Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers
Facebook Fixing Embarrassing Privacy Bug (CSRF). Video here.
Facebook “likejacking” targets World Cup, BP, Shrek, UFC, …
ReclaimPrivacy.org – Facebook Privacy Scanner
Facebook firehose comes to Bing
Formspring.me XSS flaw
MySpace Announces New Privacy Controls
Social media pose the latest challenge in separating work from personal spaces

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening!

The post Social Media Security Podcast 15 – Current Facebook Security Issues, New Privacy Tools, Likejacking, Formspring, Social Media at Work appeared first on Shared Security Podcast.

Social Media Security Podcast 14 – Recent Facebook Hacks and Controversy, Diaspora, Swipely

Tom Eston, Scott Wright, Kevin Tackett — Thu, 20 May 2010 22:23:01 -0400

This is the 14th episode of the Social Media Security Podcast recorded May 14th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With Instant Personalization (two XSS holes in a few days discovered)
Want to know what Cross-Site Scripting (XSS) is and how it works at a basic level? Check out Episode 2 of our podcast.
Facebook Leaks IP Addresses via Email
Facebook is dying, social is not. Is Facebook overplaying your hand?
Diaspora “The Open Source Anti-Facebook” raised $133,182 (close to 4,000 supporters!)
Dispite all this…Facebook Rolls out New Security Features
What does Facebook publish about you and your friends? Searching the OpenGraph.
I Can Stalk U – Raising awareness about inadvertent information sharing
Swipely aims to take over where Blippy left off

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening!

The post Social Media Security Podcast 14 – Recent Facebook Hacks and Controversy, Diaspora, Swipely appeared first on Shared Security Podcast.

Social Media Security Podcast 13 – Details on the recent changes to Facebook, Blippy CC issue, Bye bye Basic Auth

Tom Eston, Scott Wright, Kevin Tackett — Mon, 03 May 2010 22:50:45 -0400

This is the 13th episode of the Social Media Security Podcast recorded April 30, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

New Facebook Changes – Social Graph, Social Plugins and Instant Personalization. Here are two articles to read on the new changes. Want to know more about the new Graph API? Read Facebook’s documentation.
Tom updated his Facebook Privacy & Security Guide to version 2.1. This update includes all the latest changes to Facebook. Download and share with friends and family!
Opps. Blippy Users’ Credit Card Numbers Exposed in Google Search Results. Does it really matter? They just got more funding!
1.5 million stolen Facebook IDs up for sale
Twitter to remove Basic Authentication for Apps. Only OAuth allowed now. That’s a good thing!

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening!

The post Social Media Security Podcast 13 – Details on the recent changes to Facebook, Blippy CC issue, Bye bye Basic Auth appeared first on Shared Security Podcast.

Social Media Security Podcast 12 – New Facebook Privacy Changes, Social Gaming Threats, Social Media in the Workplace

Tom Eston, Scott Wright, Kevin Tackett — Wed, 31 Mar 2010 21:47:45 -0400

This is the 12th episode of the Social Media Security Podcast recorded March 28, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Facebook is about to implement a new Facebook Privacy Policy and Statement of Rights and Responsibilities. We put together a blog post of some must read articles on the topic.
Rumor is that Facebook is going to use QR Codes as part of their Geolocation strategy (mentioned by Tom).
Joan Goodchild from CSO Online interviewed Tom and Scott for an article titled: 10 Security Reasons to Quit Facebook (and one reason to stay on).
Fake Zynga Toolbars Will Steal Your Facebook Password. Watch out for those “autoplayer” scripts as well, some could be laced with evil code…
The Majority of US, European users (still) click on Spam.
Scott’s blog post: Security pros use layered techniques, but so do attackers. How do you address employees using social media sites at work? Blocking access isn’t always the best solution.

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening!

The post Social Media Security Podcast 12 – New Facebook Privacy Changes, Social Gaming Threats, Social Media in the Workplace appeared first on Shared Security Podcast.

Social Media Security Podcast 11 – Google Buzz, Geostalking, Twitter’s Phishing Filter

Tom Eston, Scott Wright, Kevin Tackett — Sat, 20 Mar 2010 11:00:21 -0400

This is the 11th episode of the Social Media Security Podcast recorded March 15, 2010. Sorry for the delay on releasing this! We should be back on our biweekly schedule soon. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Buzz Opens Privacy Pandora’s Box for Google
How to turn off Google Buzz, or just close some of its privacy loopholes
Twitter to block malicious links. We think this is a good thing! Hoping Twitter rolls this out to the entire service soon.
The dark side of geo: PleaseRobMe.com. Gowalla adds a new twist to location based social networking.
Tom and Scott discuss some of the privacy and security issues with Geolocation services.
Geostalking shows the privacy issues with location based social networks. You might be setting yourself up for a prank call.

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening!

The post Social Media Security Podcast 11 – Google Buzz, Geostalking, Twitter’s Phishing Filter appeared first on Shared Security Podcast.

Social Media Security Podcast 10 – Shmoocon, Geo-Location, Social Media Policies, CyberStalking

Tom Eston, Scott Wright, Kevin Tackett — Fri, 12 Feb 2010 21:09:07 -0500

This is the 10th episode of the Social Media Security Podcast recorded February 8, 2010.

Social Media Security Podcast 9 – Defensio, Blippy.com, Relationships and Social Media

Tom Eston, Scott Wright, Kevin Tackett — Sat, 30 Jan 2010 14:55:53 -0500

This is the 9th episode of the Social Media Security Podcast recorded January 26, 2010.

Social Media Security Podcast 8 – Would You Commit Social Media Suicide?

Tom Eston, Scott Wright, Kevin Tackett — Mon, 11 Jan 2010 20:31:09 -0500

This is the 8th episode of the Social Media Security Podcast recorded January 8, 2010.

Social Media Security Podcast 7 – New Facebook Privacy Settings, Twitter Lists, FTC and Bloggers

Tom Eston, Scott Wright, Kevin Tackett — Wed, 23 Dec 2009 11:30:33 -0500

This is the 7th episode of the Social Media Security Podcast recorded December 21, 2009.

Social Media Security Podcast 6 – Privacy, Photo Tagging, Facebook Police, What is Clickjacking

Tom Eston, Scott Wright, Kevin Tackett — Tue, 08 Dec 2009 23:27:37 -0500

This is the 6th episode of the Social Media Security Podcast recorded December 3, 2009.

Social Media Security Podcast 5 – Google Reader, Privacy, Wave, ChromeOS and Foursquare

Tom Eston and Scott Wright — Tue, 24 Nov 2009 10:44:07 -0500

This is the 5th episode of the Social Media Security Podcast recorded November 20, 2009.

Social Media Security Podcast 4 – Death by Twitter, Open Source Intelligence, Policies, Google Wave

Tom Eston, Scott Wright, Kevin Tackett — Sat, 07 Nov 2009 18:39:30 -0500

This is the 4th episode of the Social Media Security Podcast recorded November 6, 2009.

Social Media Security Podcast 3 – Phishing and Koobface, What is CSRF, Protected Tweets

Tom Eston, Scott Wright, Kevin Tackett — Sat, 24 Oct 2009 20:41:59 -0400

This is the third episode of the Social Media Security Podcast recorded October 23, 2009.

Social Media Security Podcast – Month of Facebook Bugs, What is XSS, Canadian Privacy Ruling

Tom Eston and Scott Wright — Sun, 27 Sep 2009 15:11:14 -0400

This is the second episode of the Social Media Security Podcast recorded September 25, 2009. This episode was hosted by Scott Wright, Tom Eston and our new co-host Kevin Johnson.

Social Media Security Podcast – Zombies, Bad Facebook Apps, Twitter SPAM

Tom Eston and Scott Wright — Tue, 25 Aug 2009 11:14:44 -0400

This is the first episode of the Social Media Security Podcast. This episode was hosted by Scott Wright and Tom Eston.