Shared Security

In episode 321, the hosts discuss how connected cars are sharing driving data with insurance companies, potentially leading to increased rates for drivers. They also talk about the anti-TikTok bill passed by the House, which could force ByteDance to sell TikTok or face a ban in app stores. The episode also covers a significant update to Signal, allowing users to use usernames instead of phone numbers, enhancing privacy. Insights into privacy policies, the importance of understanding consent, and the broader implications of data collection and sharing among different entities are also discussed.

In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user's and Meta's part. They explore the possibility of inadequate security measures on these platforms and the implications of Meta potentially profiting from fraudulent ads. The episode also covers a Wired article regarding 41 state attorney generals in the U.S. urging Meta to enhance their security to manage the rising complaints of account theft. Furthermore, the 'Aware Much' segment highlights a new threat involving spoofed Zoom, Google, and Skype meeting requests that spread remote access Trojans (RATs), discussing the sophistication of these phishing attacks and malware's ability to compromise systems. The conversation touches on the effectiveness of two-factor authentication (2FA), the challenge of identifying malicious URLs, and the role of government in pressuring companies like Meta to improve security practices.

In Episode 319, Tom and Kevin discuss the potential data privacy risks associated with having an AI 'girlfriend' or 'boyfriend' and why one should refrain from sharing their personal data with such AIs. They engage in a humorous conversation about the unusual advertisements these AI companions attract, while expressing concerns over their deceptive and sensitive data gathering. The episode also explores the controversial issue of the U.S. government collecting vast amounts of consumer data. Allegedly, the government acquires data from various sources including cell phones, social media, and internet ad exchanges, potentially for surveillance purposes. Tom and Kevin argue that such practice is an abuse of the system, potentially bypassing laws meant to protect the innocent, and opens up a possibility for misuse by government employees.

In episode 318, we discuss the trending 'get to know me' posts on social media platforms like Instagram and the potential risks of sharing personal information publicly, particularly in light of potential misuse for password resetting. We recount a similar trend observed years ago when social media was in its infancy. The second topic covers Ring's decision to discontinue its 'Request for assistance' feature on its Neighbors app which initially allowed police to publicly request doorbell footage without a warrant. We explore various viewpoints on this topic, including the need for warrants, privacy concerns, and the potential misuse of information, while also highlighting different methods of ensuring online security.

In episode 317, the Tom and Kevin discuss a reported deepfake scam that allegedly led to the theft of 25.6 million from a multinational company and Canada's attempt to ban the Flipper Zero device, believing it plays a role in auto thefts. They critique the Canadian government's understanding of the device and its capabilities, questioning whether the move is political posturing rather than a measure to enhance public safety. The hosts also speak about the 'human password' concept, which prompts a broader discussion about the importance of out-of-band confirmation for financial transactions.

In episode 316, we have the pleasure to chat with Jason Haddix, a prominent influencer in the cybersecurity community. With an intriguing career path, from being a 'computer kid', venturing into the nascent dark web, to becoming a respected figure in the Bug Bounty space, his journey is nothing short of inspiration. We dive into the evolution and the current state of Bug Bounty, the emergence of consultancy within the Bug Bounty companies, the unique live hacking events, and the impact of open-source tooling coming from this ecosystem. Towards the end, Jason introduces his new venture, Arcanum Information Security. Tune in and update yourself with exciting insights from a veterans' perspective.

In this episode of the Shared Security Podcast, we discuss the concerning issue of victim-blaming in cybersecurity with special guest, Andra Zaharia, host of the Cyber Empathy and We Think We Know podcasts. Key topics include the societal issues within cybersecurity, the role of empathy in business and cybersecurity, leadership's role in empathy and the recent 23andMe data breach. We discuss how companies can enhance empathy after a data breach while touching on the undeniable influence employees, especially those in security teams, play in promoting empathy within their organizations.

In this episode, host Tom Eston provides a detailed explanation of the 'Stolen Device Protection' for iPhones - a new security feature by Apple. This feature triggers enhanced security factors such as Face ID, Touch ID, and an hour-long security delay for critical actions when the phone is away from familiar locations. Tom also provides guidance on how to enable and disable this feature on iOS 17.3. Lastly, he advises viewers to disable the feature, and erase and reset the iPhone when they decide to sell, give away, or trade their device.

In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting a guide written by Rachel Tobac. Lastly, they share fascinating news about a network connected wrench, the Bosch Rexroth Handheld Nutrunner, could be used in a ransomware attack, hinting how even everyday objects are now internet-connected. Join hosts, Tom and Scott, in this engaging conversation revolving around critical cybersecurity topics!

In episode 312, Tom and Scott discuss the implications of a new law in Ohio that may require parental consent for children under 16 using social media, including the pros and cons of this legislation. They also discuss Meta's new link history feature and the repercussions it might have on ad targeting on Facebook and Instagram. The episode concludes with a discussion on a court case in Ottawa, where a judge ruled that three smartphones from an alleged pedophile must be returned after 175 million unsuccessful passcode guesses. Plus, don’t miss the discussion about some refined AI-generated security awareness manager images shared by a Patron!

In this episode, we discuss the most sophisticated iPhone exploit ever, Google’s agreement to settle a $5 billion lawsuit about tracking users in ‘incognito’ mode, and a new iOS app, Journal. The iPhone exploit, known as Operation Triangulation, has complex chains of events that lead to compromised iPhone security. Meanwhile, the lawsuit against Google claims that the company’s technology was still tracking users’ site visits even in ‘incognito’ mode. The newly added Journal app on iOS has raised questions and discussions on its security and privacy features as it encourages users to put their life updates on the app. ** Links mentioned on the show * iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers https://www.hackread.com/iphone-spyware-exploits-obscure-chip-feature/ https://usa.kaspersky.com/blog/triangulation-attack-on-ios/28444/ Google settles $5 billion privacy lawsuit over tracking people using ‘incognito mode’ https://www.npr.org/2023/12/30/1222268415/google-settles-5-billion-privacy-lawsuit Apple launches Journal, a new app to reflect on everyday moments and life’s special events https://www.apple.com/newsroom/2023/12/apple-launches-journal-app-a-new-app-for-reflecting-on-everyday-moments/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors:

In this episode, host Tom Eston shares the three key lessons he's learned over his 18-year career in cybersecurity: effective communication, continuous learning, and empathy. He talks about the importance of understanding and reaching both technical and non-technical audiences, the necessity of continuous learning despite your role, and the power of empathy in contributing to success.

In our last episode of the year, we replay our predictions for 2023 reviewing what we got right and what we didn't. We cover various topics, such as Twitter's influence, the future of Mastodon, the ban of TikTok in certain states, and the rising issue of ransomware. In addition, we give credit to Scott for accurately predicting multiple cybersecurity events during the year! We also share our expectations for 2024 — predicting increased AI adoption, many more cybersecurity layoffs, more consolidation in InfoSec, and implementation of flawed legislation targeting symptoms instead of causes.

In episode 308, we discuss the often overlooked topic of password management for the elderly. Addressing the commonly held belief that writing down passwords is a bad idea, we discuss the nuances and context of this practice. Elderly individuals who may struggle with technology can benefit from recording passwords, but we discuss the importance of putting suitable controls around this. We also touch on usability issues associated with technology changes and the consequences of not planning for what happens to a person's digital presence after they pass away. Do you have your own tips or stories of your experiences with passwords and the elderly? We would love to hear your comments on our YouTube video, on X, or on the episode post on sharedsecurity.net!

In episode 307, Tom and Scott debunk misinformation circulating about the iOS 17 NameDrop feature by law enforcement and others on social media. Next, they discuss the potential risks of QR code scams, detailing a real-life incident where a woman lost a significant amount of money due to a QR code scam. Finally, the episode concludes with a discussion on a ransomware attack on a large US healthcare provider, examining potential repercussions and stressing the need for increased security for critical infrastructure. Co-host Scott Wright also presents an overview of the Click Armor platform, an innovative gamified security awareness training platform.