WannaCry's "accidental hero" pleads guilty to malware charges, Samsung and Nokia have fingerprint fumbles, the NCSC publishes a list of 100,000 dreadful passwords, and Apple finds itself at the centre of an identity mix-up.
All this, and much much more, is discussed on the latest edition of the "Smashing Security" podcast.
Find us in your favourite podcast app, or on our website at https://www.smashingsecurity.com/125
Thinking about the case of Marcus Hutchins (@MalwareTech) who just plead guilty to writing banking Trojans. Wanted to do a poll to get people's opinions about that. Personally, I think that even if he did write the malware, it was so long ago and he seems to have made changes in his life that it seems a bit much to have held him in the US this long.
Got a chance to tell a story on #DarknetDiaries with Jack Rhysider.
Ep 36: Jeremy from Marketing
"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."
You can listen to it here: https://darknetdiaries.com/episode/36/
Defensive Security Podcast Episode 235
I was writing an email to a colleague stating some of my personal weakness and areas for growth in my career. In a tongue-in-cheek fashion I mentioned that I had trouble selling myself as a service to the employer. Got me thinking, what does that look like? Even with all the big breaches, it's hard to sell infosec to mahogany row. Any pointers on how to do this?
I just saw the dumbest attempt at hacking.
#1 Phishing email made an unconvincing and obvious attempt at appearing to be an insider.
#2 Hovering over link showed an entirely different link.
#3 L337 Haxxor copied and pasted Macro code on the Word doc, not into the Macros where it belongs.
#4 Haxxor didn't even copy and paste the whole Macro.
@JohnsNotHere I wish I had heard of your podcast sooner. I was listening to older episodes. Loved the D&D Tabletops. Wish I had heard them last year when I had to put together a TTE after only having a few months on the job.
Check out the latest "Smashing Security" where we discuss Office Depot customers being tricked into thinking they had malware, car alarm hacking, facial recognition... and our special guest even has time for a spelunk down a windy, twisty passageway!
Listen to the full show at https://www.smashingsecurity.com/122 or subscribe in your favourite podcast app.
540 million Facebook users left exposed due to sloppy third-party developer security
New episode of Purple Squad Security is out now! John The Generalist, where I go solo and ramble about being a generalist within Information Security rather than a dedicated red or blue team practitioner. Listen if you like rambling.
I live on earth, I eat food, and I drink copious amounts of coffee.
A Mastodon instance for info/cyber security-minded people.