278: Tim Hortons, avoiding sanctions, and good faith security research

Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.

Visit https://www.smashingsecurity.com/278 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

• Double-double tracking: How Tim Hortons knows where you sleep, work and vacation — Financial Post.
• Report: Tim Hortons collected location data without consent — The Register.
• Joint investigation into location tracking by the Tim Hortons App — Office of the Privacy Commissioner of Canada.
• Mandiant: “No evidence” we were hacked by LockBit ransomware — Bleeping Computer.
• Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act — Dept of Justice.
• DOJ: Congress looked into CFAA updates but effort was stalled by extortion concerns — The Record.
• The (still) unanswered questions around the CFAA and ‘good faith’ security research — SC Magazine.
• Sex Education — Netflix.
• Forest fr1ends — Twitter.
• Inch Calculator.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)