Treat yourself to the latest "Smashing Security" podcast with me, Carole Theriault and special guest the Mastodon-loving @maria!
It's not your typical cybersecurity podcast.
Apple Podcasts: https://apple.co/2J1YMCu
@maria yes I did, and I had been aware of Mastodon from IRL podcast, now I am a new Tooter, this being my very first toot!
A new "Smashing Security" podcast is out!
An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by @maria
anyway dipshit reply guys notwithstanding, periodic reminder and psa that
1 - fedi is just a bunch of postgres databases with a friendly clown interface on them and anything you post is copied to hundreds of them! this is cool and fine and "federation" but it is not private at ALL! there is zero encryption!
2 - as such yes any DM can be found in said database if an instance admin on one of the instances involved in the DM goes pawing through their database. DMs can also be reported by a participant. this is true of any service, incl twitter, facebook, etc because for those messages to be sent they need to... exist, in a database.
#Privacy? I don't have anything to hide.
> Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.
The latest "Smashing Security" podcast is out, where we discuss Twitter "ethical" hacking, money for quitting Facebook, and big bucks for bugs.
Oh, and a weird diversion about some celebrity encounters.
Full show: https://www.smashingsecurity.com/110
Why was Zoho’s website taken offline by its own domain registrar? How are dash cams making you less secure? And why are robocalls on the rise in the United States?
All this and much more... on the latest “Smashing Security” podcast. https://www.smashingsecurity.com/97
"At my home, as a totally n00b, I was able to clone my finger that bypassed TouchID" https://wojciechregula.blog/clone-you-finger-bypassing-touchid/
I'm very glad to see that @firstname.lastname@example.org and @Gargron were able to agree on the basics for Mastodon verification with #Keybase just hours ago: https://github.com/keybase/keybase-issues/issues/2948#issuecomment-414706480
Verification (yes, on Twitter. sorry.) https://twitter.com/mvarmazis/status/1031584528937246720
Writer & comms pro in infosec. I blog for NakedSecurity & sometimes guest on the SmashingSecurity podcast. Let's work together! email: email@example.com
A Mastodon instance for info/cyber security-minded people.