Shared Security

In this episode, we discuss Australia's new legislation banning social media for users under 16 and its potential impact. Our hosts also explore the issue of vishing (voicemail phishing), why it's escalating, particularly during the holiday season, and how to protect yourself against these scams. Plus, we celebrate a milestone on our YouTube channel and share some fun community feedback! Show notes: https://sharedsecurity.net/2024/12/02/australia-bans-social-media-for-kids-holiday-vishing-scams/

In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue Sky, and Mastodon, discussing user experiences and migrations. The episode wraps up with a humorous and radical suggestion for dealing with data brokers. Tune in for an engaging discussion on security, privacy, and the impact of emerging fraud technologies. Show notes: https://sharedsecurity.net/2024/11/25/deepfake-fraud-data-brokers-tracking-military-personnel/

In episode 355, Tom discusses his decision to deactivate his Twitter accounts due to privacy concerns with Twitter's new AI policy and changes in the blocking features. He outlines the steps for leaving Twitter, including how to archive and delete tweets, and evaluates alternative platforms such as Bluesky, Mastodon, and Threads for cybersecurity professionals seeking new social media spaces. Show notes: https://sharedsecurity.net/2024/11/18/why-its-time-to-leave-twitter/

In episode 354, we discuss the emergence of the term 'Advanced Persistent Teenagers' (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without the correct password and its implications. Tune in for an engaging conversation on the evolving landscape of cyber threats. Show notes: https://sharedsecurity.net/2024/11/11/advanced-persistent-teenagers-okta-bug-allowed-logins-without-a-correct-password/

In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution. In the 'Aware Much' segment, Scott explains how mortgage wire fraud works and provides essential tips for real estate transactions to avoid such scams. Plus, a quick recap on our popular AI-powered toilet cameras episode. Show notes: https://sharedsecurity.net/2024/11/04/fallout-from-the-change-healthcare-breach-mortgage-wire-fraud-what-you-need-to-know/

In this episode, we discuss the significant data breach at the Internet Archive, affecting 33 million users. We also examine the introduction of an AI-integrated toilet camera by Throne, designed for health monitoring by analyzing bodily waste, and the ensuing privacy concerns. We explore these technological advancements alongside other unusual tech innovations, touching upon security issues with home cameras, personal data in health apps, and broader implications for privacy and technology. Show notes: https://sharedsecurity.net/2024/10/28/internet-archive-hacked-introducing-the-ai-toilet-camera/

In episode 351 of the Shared Security Podcast, hosts Tom and Scott explore an unusual incident where robot vacuums were hacked to shout obscenities, exposing significant IoT security issues. The discussion includes the mechanics of the Bluetooth hack and its broader cybersecurity implications. Additionally, the 'Aware Much?' segment reveals the world of hidden printer tracking dots, used for tracing document origins and their historical use by governments for tracking. This episode also highlights the technology's role in preventing currency counterfeiting and capturing high-profile leaks, underscoring the intersection of privacy and security in modern times. Show notes: https://sharedsecurity.net/2024/10/21/hacked-robot-vacuums-secret-printer-tracking-dots/

In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast's evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies. The 'Aware Much' segment focuses on the lack of change in user behavior towards cybersecurity, highlighting persistent issues like inadequate password manager usage and infrequent software updates. The episode covers historical insights into social media's evolution, including privacy guides and LinkedIn's fake profile problem, emphasizing the importance of a well-rounded approach to cybersecurity awareness and education. Show notes: https://sharedsecurity.net/2024/10/14/emergency-satellite-messaging-stagnation-in-user-cybersecurity-habits/

In this episode, the hosts discuss a significant vulnerability found in Kia's web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST's updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community's perspectives on these evolving issues. Show notes: https://sharedsecurity.net/2024/10/07/kia-security-flaw-exposed-nists-new-password-guidelines/

In episode 348 of the Shared Security Podcast, Tom and Scott discuss Discord's new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. They also address LinkedIn's controversial move to automatically opt users into using their data to train AI models without initial consent, suggestions for opting out, and the broader implications for user privacy. Show notes: https://sharedsecurity.net/2024/09/30/discords-new-end-to-end-encryption-for-audio-video-linkedin-using-your-data-for-ai-training/