Keeping up with security podcasts has become a full time job.

The real problem with FB and twitter content policing things is that the reward system they have does engender this... it is antithetical to remove data from their systems... It is their monetization lifeblood.

Decentralize now, decentralize forever.

The future is in the fediverse.

Anyone know of a script I can use that will cause a user's computer to catch fire upon failure of a phishing test? Would that drive the point home?

Asking for a friend.

Wow, been some time since I've visited the Fediverse. @JohnsNotHere and @TheGibson reminded me of how great this place can be.

When verifying account on keybase, it generally helps to enter in the correct username.

WannaCry's "accidental hero" pleads guilty to malware charges, Samsung and Nokia have fingerprint fumbles, the NCSC publishes a list of 100,000 dreadful passwords, and Apple finds itself at the centre of an identity mix-up.

All this, and much much more, is discussed on the latest edition of the "Smashing Security" podcast.

Find us in your favourite podcast app, or on our website at

Thinking about the case of Marcus Hutchins (@MalwareTech) who just plead guilty to writing banking Trojans. Wanted to do a poll to get people's opinions about that. Personally, I think that even if he did write the malware, it was so long ago and he seems to have made changes in his life that it seems a bit much to have held him in the US this long.

Got a chance to tell a story on with Jack Rhysider.

Ep 36: Jeremy from Marketing

"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."

You can listen to it here:

I saw a survey that said that half of all security professionals would rather walk in a public restroom barefooted than connect to public Wi-Fi. Personally, I don't mind using public Wi-Fi if I can use my VPN. But if I can't use the VPN, then it's barefoot I go. What about you?

I was writing an email to a colleague stating some of my personal weakness and areas for growth in my career. In a tongue-in-cheek fashion I mentioned that I had trouble selling myself as a service to the employer. Got me thinking, what does that look like? Even with all the big breaches, it's hard to sell infosec to mahogany row. Any pointers on how to do this?

I just saw the dumbest attempt at hacking.

#1 Phishing email made an unconvincing and obvious attempt at appearing to be an insider.
#2 Hovering over link showed an entirely different link.
#3 L337 Haxxor copied and pasted Macro code on the Word doc, not into the Macros where it belongs.
#4 Haxxor didn't even copy and paste the whole Macro.

@JohnsNotHere I wish I had heard of your podcast sooner. I was listening to older episodes. Loved the D&D Tabletops. Wish I had heard them last year when I had to put together a TTE after only having a few months on the job.

Check out the latest "Smashing Security" where we discuss Office Depot customers being tricked into thinking they had malware, car alarm hacking, facial recognition... and our special guest even has time for a spelunk down a windy, twisty passageway!

Listen to the full show at or subscribe in your favourite podcast app.

New episode of Purple Squad Security is out now! John The Generalist, where I go solo and ramble about being a generalist within Information Security rather than a dedicated red or blue team practitioner. Listen if you like rambling.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.