Treat yourself to the latest "Smashing Security" podcast with me, Carole Theriault and special guest the Mastodon-loving @maria!

It's not your typical cybersecurity podcast.


Apple Podcasts:


@maria yes I did, and I had been aware of Mastodon from IRL podcast, now I am a new Tooter, this being my very first toot!

Wow! Hi, new followers. I'm guessing you heard me on Smashing Security? :)

A new "Smashing Security" podcast is out!

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by @maria

anyway dipshit reply guys notwithstanding, periodic reminder and psa that

1 - fedi is just a bunch of postgres databases with a friendly clown interface on them and anything you post is copied to hundreds of them! this is cool and fine and "federation" but it is not private at ALL! there is zero encryption!

2 - as such yes any DM can be found in said database if an instance admin on one of the instances involved in the DM goes pawing through their database. DMs can also be reported by a participant. this is true of any service, incl twitter, facebook, etc because for those messages to be sent they need to... exist, in a database.

I'm not posting much here but I'm lurking a loooooot. (going back to my roots as a Pro Lurker I guess.)

#Privacy? I don't have anything to hide.

> Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.

-- Glenn Greenwald in Why privacy matters - TED Talk #quotes #infosec

Out of curiosity: Outside of Mastodon, anyone have a favorite decentralized social network? (I hear Diaspora a lot, curious if there are others)

The latest "Smashing Security" podcast is out, where we discuss Twitter "ethical" hacking, money for quitting Facebook, and big bucks for bugs.

Oh, and a weird diversion about some celebrity encounters.

Full show:


Yeah I really should use this account, shouldn't I?

Why was Zoho’s website taken offline by its own domain registrar? How are dash cams making you less secure? And why are robocalls on the rise in the United States?
All this and much more... on the latest “Smashing Security” podcast.

Please stop telling people who don’t know better not to use SMS 2FA. Some other factor is better than no other factor, and not everyone has an adversary that will do SIM cloning or an SS7 attack

🍏 My number one tip for your infosec/cyber career: be kind, don't be angry. You don't know what others are going through. PS. don't confuse kind with soft 🍏

I'm very glad to see that and @Gargron were able to agree on the basics for Mastodon verification with #Keybase just hours ago:

Hey, smart home owners, please remember: „SMART“ is an acronym!

Anything a

You’re welcome. 😎

First things first... time to find Taytay on Mastodon.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.