After a brief discussion of the Log4Shell vulnerability panic, we chat about how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your sleeping girlfriend's facial recognition.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined by Mark Stockley for our last episode of the year!
Visit https://www.smashingsecurity.com/256 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- 1Password: The first annual 1Password “State of Access” benchmark study illuminates the grave dangers unwittingly posed by checked-out, apathetic employees — including security professionals.
- Burned-out employees are 3 times more likely to say security rules and policies “aren’t worth the hassle,” and nearly half of burned-out security professionals say it’s unrealistic for companies to be aware of and manage all apps and devices that employees use.
- Read the report and find out what you can do at 1password.com/resources.
- Uptycs: Uptycs is a cloud-native security analytics platform built to protect the modern attack surface.
- Uptycs zeros in on the blind spots that are preventing you from rapidly identifying and responding to existing threats and vulnerabilities in your ecosystem.
- Uptycs normalizes telemetry from across macOS, Linux, Windows, and containers; records system activity for historical investigation even when no alert has fired; and enables you to build complex custom detections in addition to its industry-leading MITRE ATT&CK mapping.
- Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform.
- Find out more and try it for free at uptycs.com
Links:
- Log4Shell: The race is on to fix millions of systems and internet-connected devices — Graham Cluley.
- Virgin Media Limited monetary penalty notice (PDF) — Information Commissioner's Office.
- Virgin Media fined £50k for spamming opted-out customers — The Register.
- Bored Ape NFT accidentally sells for $3,000 instead of $300,000 — BBC News.
- Man steals $23K using ex's phone through facial recognition: report — NY Post.
- Man sentenced to 3.5 years in prison after transferring $23,500 on ex-girlfriend's phone by pulling up her eyelid — Global Times.
- What Every Heart Emoji Really Means — Emojipedia.
- Graham or Carole? NFT for sale — OpenSea.
- Mare of Easttown: Official Trailer — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy