Maria Varmazis @maria@infosec.exchange

Treat yourself to the latest "Smashing Security" podcast with me, Carole Theriault and special guest the Mastodon-loving @maria!

It's not your typical cybersecurity podcast.

Web: https://www.smashingsecurity.com/129

Apple Podcasts: https://apple.co/2J1YMCu

Spotify: https://open.spotify.com/show/3J7pBxEu43nCnRTSXaan8S

@maria yes I did, and I had been aware of Mastodon from IRL podcast, now I am a new Tooter, this being my very first toot!

A new "Smashing Security" podcast is out!

https://www.smashingsecurity.com/121

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by @maria

anyway dipshit reply guys notwithstanding, periodic reminder and psa that

1 - fedi is just a bunch of postgres databases with a friendly clown interface on them and anything you post is copied to hundreds of them! this is cool and fine and "federation" but it is not private at ALL! there is zero encryption!

2 - as such yes any DM can be found in said database if an instance admin on one of the instances involved in the DM goes pawing through their database. DMs can also be reported by a participant. this is true of any service, incl twitter, facebook, etc because for those messages to be sent they need to... exist, in a database.

#Privacy? I don't have anything to hide.

> Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.

-- Glenn Greenwald in Why privacy matters - TED Talk #quotes #infosec

The latest "Smashing Security" podcast is out, where we discuss Twitter "ethical" hacking, money for quitting Facebook, and big bucks for bugs.

Oh, and a weird diversion about some celebrity encounters.

Full show: https://www.smashingsecurity.com/110

iTunes: https://itunes.apple.com/gb/podcast/smashing-security/id1195001633?ls=1

Why was Zoho’s website taken offline by its own domain registrar? How are dash cams making you less secure? And why are robocalls on the rise in the United States?
All this and much more... on the latest “Smashing Security” podcast. https://www.smashingsecurity.com/97

Please stop telling people who don’t know better not to use SMS 2FA. Some other factor is better than no other factor, and not everyone has an adversary that will do SIM cloning or an SS7 attack

🍏 My number one tip for your infosec/cyber career: be kind, don't be angry. You don't know what others are going through. PS. don't confuse kind with soft 🍏

"At my home, as a totally n00b, I was able to clone my finger that bypassed TouchID" https://wojciechregula.blog/clone-you-finger-bypassing-touchid/

I'm very glad to see that @malgorithms@twitter.com and @Gargron were able to agree on the basics for Mastodon verification with #Keybase just hours ago: https://github.com/keybase/keybase-issues/issues/2948#issuecomment-414706480

Hey, smart home owners, please remember: „SMART“ is an acronym!

Software
Makes
Anything a
Ransomware
Target

You’re welcome. 😎