Look for any podcast host, guest or anyone
Showing episodes and shows of

Kevin Tackett

Shows

Shared Security Podcast
Shared Security PodcastYour Google Searches Aren’t Private? PA Court’s Surprising RulingIn this episode of Shared Security, we discuss a significant Pennsylvania Supreme Court ruling that permits police to access unprotected Google search histories without a traditional warrant. The discussion centers around the implications of the Commonwealth vs. Kurtz case and the concept of reverse keyword searches. Kevin Tackett joins the conversation, providing insights and posing critical questions about the balance between law enforcement needs and privacy rights. The episode explores concerns over digital privacy, third-party data, and potential broader impacts on users. ** Links mentioned on the show ** Pennsylvania court rules Google searches are not private
2026-01-1216 minShared Security Podcast
Shared Security Podcast2025 Predictions: Hits, Misses & What We LearnedJoin us this week as we rewind the tape on our 2025 predictions. In this episode, we revisit last year’s forecasts in cybersecurity, geopolitics, and AI, discussing which ones came true, which ones fizzled out, and which ones were a mixed bag. Additionally, we share insights from past guests, celebrate milestones, and make bold new predictions for 2026. Find out what we got right, what surprised us, and what we think is on the horizon for the coming year! ** Links mentioned on the show ** Scott’s 2025 Predictions https://youtu.be/Fgc4UlraU-o?si=hgTp0trKZ6vlwq...
2025-12-2936 minShared Security Podcast
Shared Security PodcastOWASP Top 10 for 2025: What’s New and Why It MattersIn this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conversation touches on the history of the OWASP Top 10, its release cycle, the evolution from specific vulnerabilities to broader categories, and the impact on vulnerability assessment and compliance. ** Links mentioned on the show ** OWASP Top 10:2025 RC1 https://owasp.org/Top10/2025/0x00_2025...
2025-11-1718 minShared Security Podcast
Shared Security PodcastPublic Wi-Fi Myths: Why You’re Probably Safer Than You ThinkPublic Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN. ** Links mentioned on the show ** No links mentioned in this episode. ** W...
2025-08-2517 minShared Security Podcast
Shared Security PodcastLeaked, Patched, and Still Hacked: The SharePoint Zero-Day CrisisThis week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what’s happening at Black Hat and DEF CON in Ve...
2025-08-0415 minShared Security Podcast
Shared Security PodcastDoorbells, Dystopia, and Digital Rights: The Ring Surveillance DebateIn this episode, we examine Amazon’s Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation’s recent report criticizes Ring’s AI-first approach and the rollback of prior privacy reforms, describing it as ‘techno authoritarianism.’ We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms. ** Links...
2025-07-2818 minShared Security Podcast
Shared Security PodcastPasswords and the Elderly: Why Writing Them Down Might Be OKIn this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group. ** Links mentioned on the show ** Passkeys, Passwords, and Seniors: What’s...
2025-07-2119 minShared Security Podcast
Shared Security PodcastInvasion of Privacy: The Hidden Camera DilemmaEver worried about hidden cameras in Airbnb rentals? You’re not alone! In this episode, we explore the unsettling rise of hidden cameras in personal spaces, the inadequacy of current laws, and practical tips to detect surveillance devices. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they share insights and discuss the implications of voyeurism technology, law enforcement challenges, and personal safety strategies. ** Links mentioned on the show ** Every time I took a shower I thought: is he watching me?’ – the terrifying rise of secret cameras https://www.theguardian.com/uk-news/2025/may/27/secret...
2025-06-0220 minShared Security Podcast
Shared Security PodcastWhen AI Fights Back: Threats, Ethics, and Safety ConcernsIn this episode, we explore an incident where Anthropic’s AI, Claude, didn’t just resist shutdown but allegedly blackmailed its engineers. Is this a glitch or the beginning of an AI uprising? Along with co-host Kevin Johnson, we reminisce about past episodes, discuss AI safety and ethics, and examine the implications of AI mimicking human behaviors like blackmail. Join us for an in-depth conversation on the future of AI and its potential risks. ** Links mentioned on the show ** Anthropic’s new AI model turns to blackmail when engineers try to take it offline https...
2025-05-2617 minShared Security Podcast
Shared Security PodcastFacebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. Gain insights into social media security from the past and see how much has (or hasn’t) changed. Don’t miss out on this informative episode on web application security, user privacy, and the efforts to keep social media safe. ** Links mentioned on the show ** Original show notes from episode 2 of the “Social...
2025-05-1257 minShared Security Podcast
Shared Security PodcastWhat Vibe Coding, MCP, and Slopsquatting Reveal About the Future of AI DevelopmentJoin us as we explore the transformative changes in software development and cybersecurity due to AI. We discuss new terminology like ‘vibe coding’ — a novel, behavior-focused development approach, and ‘MCP’ (Model Context Protocol) — an open standard for AI interfaces. We also address the concept of ‘slopsquatting,’ a new type of threat involving AI-generated package names. Our co-hosts Scott Wright and Kevin Johnson discuss these topics, share personal insights, and ponder the future of coding in the AI era. Additionally, we draw some intriguing parallels between AI advancements and past practices, highlighting the need for oversight and security in this evolving landsca...
2025-05-0524 minShared Security Podcast
Shared Security PodcastThe 23andMe Collapse, Signal Gate FalloutIn this episode, we discuss the urgent need to delete your DNA data from 23andMe amid concerns about the company’s potential collapse and lack of federal protections for your personal information. Kevin joins the show to give his thoughts on the Signal Gate scandal involving top government officials, emphasizing the potential risks and lack of accountability. We also touch on the importance of proper communication and document retention in government operations. Stay tuned for insights and steps you can take to protect your data. ** Links mentioned on the show ** What happens to your data if...
2025-04-0721 minShared Security Podcast
Shared Security PodcastCybersecurity Impact of DOGE, Apple’s Stand Against Encryption BackdoorsIn this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple’s decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the implications for both government and corporate security. ** Links mentioned on the show ** Trump 2.0 Brings Cuts to Cyber, Consumer Protections https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/ “We will never build a backdoor” – Apple kills its iCloud’s end-to-end...
2025-03-0323 minShared Security Podcast
Shared Security PodcastGravy Analytics Breach, Subaru Starlink Vulnerability ExposedIn this episode, we discuss the latest issues with data brokers, focusing on a breach at Gravy Analytics that leaked 30 million location data points online. We also explore a vulnerability in Subaru’s Starlink system that allows unrestricted access to vehicle controls and customer data using just a last name and license plate number. Co-host Kevin Johnson joins the discussion to share insights and emphasize the need for stronger privacy regulations. ** Links mentioned on the show ** Data broker Gravy Analytics confirms a data breach after a hacker leaked millions of location records https://techcrunch.co...
2025-01-2718 minShared Security Podcast
Shared Security PodcastDigital License Plate Vulnerabilities, How to Avoid New Text Message ScamsIn this episode Tom, Scott, and Kevin discuss the vulnerabilities of digital license plates and the potential for hackers to exploit them. They explain what digital license plates are and how they work. The ‘Aware Much?’ segment covers the topic of suspicious text messages and why you should avoid responding to unknown senders. The team also shares personal project frustrations and emphasizes the importance of cybersecurity measures in IoT devices. Stay tuned for insightful discussions and practical advice on staying secure. ** Links mentioned on the show ** Hackers Can Jailbreak Digital License Plates to Make Others Pay...
2024-12-2318 minShared Security Podcast
Shared Security PodcastHack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on EncryptionIn Episode 359 of the Shared Security Podcast, the team examines a shocking hack-for-hire operation alleged to target over 500 climate activists and journalists, potentially involving corporate sponsorship by ExxonMobil. They explore the intricate layers of this multifaceted campaign and the broader implications on security risk assessments. Additionally, Scott discusses the massive Salt Typhoon hacking campaign attributed to China, which has compromised major U.S. telecommunications companies, and the surprising shift in U.S. government stance on end-to-end encryption. Join Tom, Kevin, and Scott for their in-depth analysis and a touch of humor throughout this episode. ** Links mentioned on...
2024-12-1621 minShared Security Podcast
Shared Security PodcastDeepfake Fraud, Data Brokers Tracking Military PersonnelIn Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue Sky, and Mastodon, discussing user experiences and migrations. The episode wraps up with a humorous and radical suggestion for dealing with data brokers. Tune in for an engaging discussion on security, privacy, and the impact of emerging fraud technologies. ** Links mentioned on the show **
2024-11-2517 minShared Security Podcast
Shared Security PodcastFallout from the Change Healthcare Breach, Mortgage Wire Fraud What You Need To KnowIn episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution. In the ‘Aware Much’ segment, Scott explains how mortgage wire fraud works and provides essential tips for real estate transactions to avoid such scams. Plus, a quick recap on our popular AI-powered toilet cameras episode. ** Links mentioned on the show ** Change Healthcare Breach Hits 100M Am...
2024-11-0417 minShared Security Podcast
Shared Security PodcastKia Security Flaw Exposed, NIST’s New Password GuidelinesIn this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community’s perspectives on these evolving issues. ** Links mentioned on the show ** Millions of Vehicles Could Be Hac...
2024-10-0722 minShared Security Podcast
Shared Security PodcastTelegram is NOT an Encrypted Messaging App, Must-See DocumentariesIn this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app’s encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including ‘LulaRich’ about the LuLaRoe leggings company and ‘Class Action Park’ about a dangerous theme park in New Jersey. Tune in to hear our thoughts on these topics and more! ** Links mentioned on the show ** The Arrest of Pavel Durov Is a Reminder That Telegram Is Not Encrypted http...
2024-09-0222 minShared Security Podcast
Shared Security PodcastGoogle’s Monopoly: The Debate Heats Up, Amazon Alexa Privacy TipsThis week, we discuss Google’s recent accusation by the U.S. Justice Department for being a monopoly and its implications for privacy and cybersecurity. We also cover essential privacy settings for Alexa smart speakers and their importance. Join the hosts, Tom, Kevin, and Scott, for an engaging conversation on these topics, along with a segment from ClickArmor on cybersecurity training. Plus, a recap of the Black Hat and BSides Las Vegas conferences. ** Links mentioned on the show ** Google illegally maintains monopoly over internet search, judge rules https://apnews.com/article/google-antitrust-search-engine-verdict-apple-319a61f20fb...
2024-08-2624 minShared Security Podcast
Shared Security PodcastThe Great CrowdStrike Crash, AI’s Role in Employee SmilesIn episode 341, we cover the unprecedented global IT outage caused by a CrowdStrike update crash, affecting 8.5 million Windows machines. We discuss whether it’s the largest outage in history and discuss the intricacies of internet accessibility and responses from key stakeholders like Microsoft. Also, in our Aware Much segment, we explore Japan’s AI system, Mr. Smile, designed to standardize employee smiles, and its implications on employee monitoring. Plus, we welcome back Kevin and give a special shout-out to our latest Patreon supporter. ** Links mentioned on the show ** CrowdStrike update crashes Windows systems, causes outages worl...
2024-08-0523 minShared Security Podcast
Shared Security PodcastCritical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old DevicesIn episode 337, we cover “broken” news about the new SSH vulnerability ‘regreSSHion‘ highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police Department’s new guidelines on facial recognition technology following a lawsuit over a wrongful arrest due to misidentification, shedding light on the broader issues with such technologies, especially their impact on minorities. Lastly, in the ‘Aware Much’ segment, Scott shares essential tips on securely wiping personal data from old PCs, laptops, smartphones, and other electronic devices before selling or disposing of them. Join us as we welcome back co-hosts Kevin...
2024-07-0829 minShared Security Podcast
Shared Security PodcastThe U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain AttacksIn episode 336 of the Shared Security Podcast, we discuss the Biden administration’s recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We also highlight the importance of keeping all software updated, using recent examples of supply chain attacks that have compromised several popular WordPress plugins. Join hosts Tom Eston and Scott Wright as they examine these key cybersecurity issues and emphasize proactive security measures. Plus, find out why co-host Kevin Johnson is missing this week and get the latest updates from Aware Much, sponsored by ClickArmor. ...
2024-07-0115 minShared Security Podcast
Shared Security PodcastSocial Media Warning Labels, Should You Store Passwords in Your Web Browser?In this episode of the Shared Security Podcast, the team debates the Surgeon General’s recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft’s delayed release of CoPilot Plus PCs due to security concerns and reflect on the underlying privacy issues. Join Tom, Scott, and Kevin for these engaging discussions and more! ** Links mentioned on the show ** Recall recalled (delayed) https://www.bleepingcomputer.com/news/microsoft/microsoft-delays-windows-recall-amid-privacy-and-security-concerns/
2024-06-2422 minShared Security Podcast
Shared Security PodcastCitizen Lab vs. NSO Group, Apple AI and PrivacyIn episode 334, hosts Tom Eston, Scott Wright, and Kevin Johnson discuss two major topics. First, they explore the ongoing legal battle between Citizen Lab and the Israeli spyware company NSO Group. The courts have consistently blocked NSO’s attempts to access Citizen Lab’s documents to protect victim privacy. Second, they discuss Apple’s new AI features announced at their developer conference, prioritizing user privacy through opt-in by default, and its implications. Kevin shares strong opinions on NSO Group, while the hosts also review Citizen Lab’s investigative work and Apple’s approach to AI and privacy. ** Links ment...
2024-06-1717 minShared Security Podcast
Shared Security PodcastTicketmaster Data Breach and Rising Work from Home ScamsIn episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the rise of work-from-home job scams is analyzed, highlighting FBI warnings and tips to avoid falling victim to such schemes. The success of a past episode on Microsoft’s new recall feature is also mentioned, emphasizing privacy concerns and spirited audience discussions. ** Links mentioned on the s...
2024-06-1000 minShared Security Podcast
Shared Security PodcastMicrosoft’s Copilot+ Recall Feature, Slack’s AI Training ControversyEpisode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsoft’s Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by default. Tom and Kevin express significant concerns over the implications for privacy, data security, and the potential for misuse of these features. Discussions cover the technical workings, potential vulnerabilities, and broader impacts of these technologies on privacy and security. The episode also mentions a...
2024-05-2700 minShared Security Podcast
Shared Security PodcastNew Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations ReportIn episode 330 Tom, Scott, and Kevin discuss the new features for iPhones and Android phones designed to warn users about secret trackers, possibly aiding in identifying stalkers. The hosts discuss Apple and Google’s collaboration on a technology called DOLT (Detecting Unwanted Location Trackers), aiming to improve user privacy by detecting Bluetooth trackers like Tiles and AirTags. They also highlight the findings from the 2024 Verizon Data Breach Investigations Report (DBIR), discussing key statistics on company breaches, the average time to remediate vulnerabilities, the rise in ransomware and extortion cases, third-party risks, and the negligible impact of AI on current th...
2024-05-2000 minShared Security Podcast
Shared Security PodcastLive at RSA: AI Hype, Enhanced Security, and the Future of Cybersecurity ToolsIn this first-ever in-person recording of Shared Security, Tom and Kevin, along with special guest Matt Johansen from Reddit, discuss their experience at the RSA conference in San Francisco, including their walk-through of ‘enhanced security’ and the humorous misunderstanding that ensued. The conversation moves to the ubiquity of AI and machine learning buzzwords at the conference, questioning the genuine impact versus hype, and the saturation of AI claims among vendors. They explore the real-world applications of AI, how it’s currently being utilized in cybersecurity, and its potential to assist smaller security teams and raise the ‘cybersecurity poverty line.’ The discus...
2024-05-1329 minShared Security Podcast
Shared Security PodcastFCC Fines Wireless Carriers $200 million, Google’s Fight Against Malicious AppsIn episode 328, Tom and Kevin discuss two major cybersecurity and privacy news stories. The first topic covers the FCC issuing fines to major US wireless carriers for sharing users’ real-time location data, totaling nearly $200 million. They express surprise and skepticism over the carriers’ actions and deliberate on whether the fines would be impactful or merely seen as the cost of doing business. The second topic revolves around Google’s announcement that it prevented 2.28 million malicious apps from reaching the Play Store in 2023, marking a significant effort towards enhancing platform security. The discussion includes insights on the effectiveness of Google’s polici...
2024-05-0620 minShared Security Podcast
Shared Security PodcastPrivacy Challenges in Relationships, Phishing Down but Vulnerabilities Up?In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and the potential reasons behind the shift in cyberattack tactics. The episode also explores the challenges of maintaining online privacy within relationships, especially when one partner prioritizes privacy more than the other. Tips on fostering understanding and cooperation on privacy and security practices within a rela...
2024-04-2924 minShared Security Podcast
Shared Security PodcastLinux Backdoor Infection Scare, Massive Social Security Number HeistIn episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained commit access and inserted a backdoor. The episode further delves into a cybersecurity incident where hackers stole 340,000 social security numbers from a government consulting firm, emphasizing the implications and broader concerns related to data security in government contractors and the inefficacy of response mechanisms. Additionally, the hosts explore the negative influences of marketing in the cybersecurity industry, particularly following significant security breaches. ** Links mentioned on the...
2024-04-1517 minShared Security Podcast
Shared Security PodcastAlyssa Miller: Charting the Course Through InfoSec and AviationIn this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa’s journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect of on-prem data centers. Alyssa also shares a personal story about encountering workplace discrimination, offering advice based on her experiences. Additionally, the discussion touches on upcoming conference talks Alyssa is giving, which link her passion for aviation with lessons for the cybersecurity field. Th...
2024-03-2540 minShared Security Podcast
Shared Security PodcastDon’t Trust Your AI Girlfriend or Boyfriend, Exposing US Government Data CollectionIn Episode 319, Tom and Kevin discuss the potential data privacy risks associated with having an AI ‘girlfriend’ or ‘boyfriend’ and why one should refrain from sharing their personal data with such AIs. They engage in a humorous conversation about the unusual advertisements these AI companions attract, while expressing concerns over their deceptive and sensitive data gathering. The episode also explores the controversial issue of the U.S. government collecting vast amounts of consumer data. Allegedly, the government acquires data from various sources including cell phones, social media, and internet ad exchanges, potentially for surveillance purposes. Tom and Kevin argue that suc...
2024-03-0425 minShared Security Podcast
Shared Security Podcast25.6 Million Dollar Deepfake Scam, Exploring Canada’s Flipper Zero BanIn episode 317, Tom and Kevin discuss a reported deepfake scam that allegedly led to the theft of 25.6 million from a multinational company and Canada’s attempt to ban the Flipper Zero device, believing it plays a role in auto thefts. They critique the Canadian government’s understanding of the device and its capabilities, questioning whether the move is political posturing rather than a measure to enhance public safety. The hosts also speak about the ‘human password’ concept, which prompts a broader discussion about the importance of out-of-band confirmation for financial transactions. ** Links mentioned on the show * Scamme...
2024-02-1929 minShared Security Podcast
Shared Security PodcastApple Finally Adopts RCS, AI Powered Scams Targeting the ElderlyIn this episode, Tom shows off AI generated images of a “Lonely and Sad Security Awareness Manager in a Dog Pound” and the humorous outcomes. The conversation shifts to Apple’s upcoming support for Rich Communication Services (RCS) and the potential security implications. Lastly, Tom and Kevin reflect on reports of AI-powered voice cloning scams targeting elderly Americans, and argue that the true issue lies with social engineering rather than the involvement of AI. ** Links mentioned on the show * Apple to Adopt RCS Messaging Standard for Better Interoperability With Android Devices (yet, the green “bubble”...
2023-11-2726 minShared Security Podcast
Shared Security PodcastPaying Big Tech for Privacy, New Privacy Policy Study, Biden’s Executive Order on AIIn this week’s episode of the Shared Security Podcast, hosts Tom Eston, Scott Wright and Kevin Johnson tackle a number of topics related to AI, privacy and security. They begin with an amusing discussion about their respective roles on the podcast, before shifting to big tech’s use of user data and whether subscribers should pay to not have their data used. The focus then turns to a recent move by Meta to charge European users who wish to use Instagram and Facebook without ads. Next, they touch on new research from NordVPN about the burdensome leng...
2023-11-2024 minShared Security Podcast
Shared Security PodcastBack to School Cybersecurity, Phishing Pitfalls and Strategies, X’s (Twitter) Blocking OverhaulIn this episode, we discuss essential cybersecurity tips for students and educational institutions as they gear up for the school season. From software updates to strong passwords and cybersecurity education, we explore how students and schools can fortify their digital defenses. Next, we navigate the treacherous waters of phishing and related scams, unveiling strategies to outwit malicious links. Hovering over links, cautious email scrutiny, and verification tactics all play a role. Finally, we discuss the surprising policy change by X (formerly Twitter), where blocking faces a major overhaul. Tune in as we discuss the privacy...
2023-08-2825 minShared Security Podcast
Shared Security PodcastFirst Ban on Selling Location Data, Prohibiting Password Managers, Real-Time Crime Center ConcernsIn this episode we discuss how Massachusetts lawmakers are pushing a groundbreaking bill to ban the buying and selling of location data from mobile devices. This legislation raises vital questions about consumer privacy, digital stalking, and national security threats. Next, we discuss the pros and cons of prohibiting external password managers within organizations. Join the conversation as we weigh the benefits, downsides, and best practices surrounding this hotly debated topic. Finally, we discuss the rise of Real-Time Crime Centers (RTCCs) and the concerns they raise regarding mass surveillance, privacy rights, and data misuse. ...
2023-07-1732 minShared Security Podcast
Shared Security PodcastGoogle Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption DilemmaIn this episode, we explore the arrival of passwordless Google accounts that use “passkeys,” which offer enhanced usability and security. We discuss the benefits of passkeys over traditional passwords, but also why passkeys are not quite ready for prime time use. Next, we discuss Google Domains’ introduction of new top-level domains (TLDs) like .zip and .mov, raising concerns about the potential use for malicious activities. We separate fact from fiction, and discuss the real risks involved. Lastly, we examine Twitter’s long-awaited encrypted direct messaging feature. We explore the limitations and criticisms surrounding its implementation, highligh...
2023-05-2225 minShared Security Podcast
Shared Security PodcastSocial Zombies Revisited: Your Friends Want to Eat Your BrainsOn this week’s episode, We’re excited to bring you a classic conference talk that Tom Eston gave with co-host Kevin Johnson back in 2009 at DEF CON 17 in Las Vegas. The talk is called “Social Zombies: Your Friends Want to Eat Your Brains” and it explores the various risks and concerns related to malware delivery through social networking sites. We discuss how social networks make money and the privacy and security issues that arise due to the trust built on these platforms. We also delve into typical botnets and bot programs, and examine the delivery of malware...
2023-01-2326 minShared Security Podcast
Shared Security PodcastThe Year in Review and 2023 PredictionsIn our last episode of the year, we discuss the year that was 2022. What did we get right? What did we get wrong? And what are our cybersecurity and privacy predictions for 2023? Thank you to all of our listeners for a great year! We’re looking forward to bringing you more content, news, tips, and advice in 2023! Happy New Year! ** Links mentioned on the show * Our previous year in review episodes (have fun with these!) https://sharedsecurity.net/2021/12/27/the-year-in-review-and-2022-predictions/ https://sharedsecurity.net/2020/12/23/the-year-in-review-and-2021-predictions/ https://sharedsecurity.net/2019/12/23/th...
2022-12-2626 minShared Security Podcast
Shared Security PodcastCybersecurity’s Role in Combating Midterm Election DisinformationKatie Teitler, Senior Cybersecurity Strategist at Axonius and co-host on the popular Enterprise Security Weekly podcast, joins us to discuss the role of cybersecurity in combating midterm election disinformation. We discuss the difference is between misinformation and disinformation, how we can combat disinformation and what are some things about disinformation, private platforms, and free speech we all need to think about during the midterm election. Plus, you don’t want to miss the story about how co-host Kevin Johnson was knocked out unconscious on an airplane! ** Links mentioned on the show ** Cybersecurity’s Role in C...
2022-11-0730 minShared Security Podcast
Shared Security PodcastMulti-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App BrowserA Cisco employee was compromised by a ransomware gang using a technique called multi-factor authentication fatigue, an attack on the Signal messenger app’s SMS service Twilio potentially disclosed the phone numbers of 1,900 users, and details on how Facebook and Instagram track what you click on including your web browsing history by using their in-app browser. ** Links mentioned on the show ** Kevin’s interview on the Bishop Fox Livestream from DEF CON 30 Cisco Hacked by Ransomware Gang, Data Stolen https://www.securityweek.com/cybercriminals-breached-cisco-systems-and-stole-data Nearly 1,900 Signal Messenger Accounts Pote...
2022-08-2223 minShared Security Podcast
Shared Security PodcastKillware Clickbait, 1Password Password Sharing Feature, Android Phone SnoopingClickbait news about the rise of “killware”, Details on 1Password’s new feature to securely share passwords with others, and a new study by university researchers in the UK shows how Android phones snoop on their users. ** Links mentioned on the show ** The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds. https://news.yahoo.com/next-big-cyberthreat-isnt-ransomware-090022232.html 1Password’s new feature lets you safely share passwords using just a link https://techcrunch.com/2021/10/12/1passwords-new-feature-lets-you-safely-share-passwords-using-just-a-link Study reveals Android phones constantly snoop on their...
2021-10-1829 minShared Security Podcast
Shared Security PodcastWhat Happens to Your Social Media Accounts After You Die?In our August monthly show co-hosts Kevin Johnson and Scott Wright join Tom Eston to discuss what happens to your social media accounts…after you die! This is a topic we don’t hear a lot of discussion about but is very important to understand for your legacy as well as how your friends and family members want to be remembered. ** Links mentioned on the show ** Social Media Algorithms Are Controlling How I Grieve https://www.wired.com/story/social-media-algorithms-are-controlling-how-i-grieve/ What to Do with Social Media Accounts after Someone Dies https://www...
2021-08-3133 minShared Security Podcast
Shared Security PodcastThe Colonial Pipeline Ransomware AttackThis week Tom and Kevin discuss the Colonial Pipeline ransomware attack, RaaS (Ransomware as a Service), and why ransomware attacks are not going away anytime soon. ** Links mentioned on the show ** Colonial Pipeline Hackers, DarkSide, Apologize, Say Goal ‘Is to Make Money’ https://www.msn.com/en-us/news/world/colonial-pipeline-hackers-darkside-apologize-say-goal-is-to-make-money/ar-BB1gBzhB Colonial Pipeline attack: Everything you need to know https://www.zdnet.com/article/everything-you-need-to-know-about-the-colonial-pipeline-ransomware-attack/ Ransomware Infection on Colonial Pipeline Shows Potential for Worse Gas Disruption https://zetter.substack.com/p/ransomware-infection-on-colonial What is Ransomware as a...
2021-05-1719 minThe Quick Lube Expert Podcast
The Quick Lube Expert PodcastSimple Steps to Minimize Your Digital Risk ft. QLE Team Member Aaron TackettThis week, M. Kevin Davis sits down with Aaron Tackett, IT Systems Administrator of Fast Change Lube & Oil and QLE team member, to discuss very basic steps that you can take to protect you and your business in this increasingly connected world. They discuss simple steps including: keeping strong and secure passwords, watching out for phishing attacks, creating multiple backups, and keeping your devices up-to-date. ----- To learn more about how Quick Lube Expert can help you, visit: www.quicklubeexpert.com To learn more about what M. Kevin Davis has to offer, visit...
2021-05-1326 minShared Security Podcast
Shared Security PodcastData Breaches vs. Data Leaks, FBI Exchange Server ControversyThis week Tom and Kevin are back with an all new episode! Data breaches vs. recent data leaks, and the controversy over the FBI operation conducted to remove web shells from compromised Microsoft Exchange servers. ** Links mentioned on the show ** Facebook Data Breach: Here’s What To Do Now https://www.forbes.com/sites/kateoflahertyuk/2021/04/06/facebook-data-breach-heres-what-to-do-now/?sh=32c7c9235708 LinkedIn says some user data scraped and posted for sale https://www.reuters.com/article/us-linkedin-dataprotection-idUSKBN2BW1D3 Scraped personal data of 1.3 million Clubhouse users has reportedly leaked online ht...
2021-04-1923 minShared Security Podcast
Shared Security PodcastFacebook and Apple Privacy Debate, Employee Phishing Test Gone WrongScott and Kevin finally get together to debate Facebook and Apple privacy, and why you shouldn’t conduct a phishing test to trick employees into thinking they will get free Covid-19 vaccines. ** Links mentioned on the show ** Apple CEO sounds warning of algorithms pushing society towards catastrophe https://www.zdnet.com/article/apple-ceo-sounds-warning-of-algorithms-pushing-society-towards-catastrophe/ https://clickarmor.ca/2021/02/is-this-the-beginning-of-the-end-for-facebook/ Internal Memo: ICF Next Used Promise of Employee Vaccinations as Phishing Test https://www.adweek.com/agencyspy/internal-memo-icf-next-used-promise-of-employee-vaccinations-as-phishing-test/171253/ ** Watch this episode on YouTube ** https://youtu.be/Lqwtp9W_CNU...
2021-03-2223 minShared Security Podcast
Shared Security PodcastEncryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data BreachWhy is federal law enforcement (still) asking Congress for encryption backdoors? Attacks on Microsoft Exchange servers seem to have gotten worse, details on an airline supplier data breach, and the real reason Kevin hasn’t replaced his Chewbacca mannequin with Darth Vader! ** Links mentioned on the show ** The FBI Should Stop Attacking Encryption and Tell Congress About All the Encrypted Phones It’s Already Hacking Into https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones Warning the World of a Ticking Time Bomb https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/ https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ https://secu...
2021-03-1520 minShared Security Podcast
Shared Security PodcastCard Skimmers Powered by Chip Cards, Silver Sparrow Mac Malware, Accellion Zero-DaysThis week co-host Kevin Johnson joins Tom Eston to discuss new card skimmers found in the wild, the Accellion zero-days, and a new type of Mac malware called “Silver Sparrow”. ** Links mentioned on the show ** Checkout Skimmers Powered by Chip Cards https://krebsonsecurity.com/2021/02/checkout-skimmers-powered-by-chip-cards/ Apple says it has already beaten new M1 Mac malware https://www.techradar.com/au/news/apple-says-it-has-already-beaten-new-m1-mac-malware Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html https://thehackernews.com/2021/02/data-breach-exposes-16-million-jobless.html https://www...
2021-03-0119 minShared Security Podcast
Shared Security PodcastDangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons?In episode 159: Will algorithms be the death of social media and why the US government thinks it has a moral imperative to build AI powered weapons. ** Links mentioned on the show ** US has ‘moral imperative’ to develop AI weapons, says panel https://www.theguardian.com/science/2021/jan/26/us-has-moral-imperative-to-develop-ai-weapons-says-panel Apple CEO sounds warning of algorithms pushing society towards catastrophe https://www.zdnet.com/article/apple-ceo-sounds-warning-of-algorithms-pushing-society-towards-catastrophe/ Is this the beginning of the end for Facebook? https://clickarmor.ca/2021/02/is-this-the-beginning-of-the-end-for-facebook/ Kevin’s “Pay what you can” CISSP Mentor Program http...
2021-02-0823 minShared Security Podcast
Shared Security PodcastThe Capital Riot: First Amendment and Deplatforming, Cybersecurity Lessons LearnedThis week co-host Kevin Johnson joins me to discuss the cybersecurity lessons learned from the US Capital riot, why deplatforming is not violating first amendment rights, and much more. ** Links mentioned on the show ** Check out our series on how to break into a cybersecurity career https://sharedsecurity.net/2021/01/04/how-to-break-into-to-a-cybersecurity-career-part-1/ https://sharedsecurity.net/2021/01/11/how-to-break-into-a-cybersecurity-career-part-2-with-rafal-los/ What the First Amendment actually says https://www.law.cornell.edu/constitution/first_amendment First Amendment and free speech: When it applies and when it doesn’t https://www.msn.com/en...
2021-01-1824 minShared Security Podcast
Shared Security PodcastHow to Break Into a Cybersecurity Career – Part 1In episode 154 for January 4th 2021: Are you a college student, or someone that has an interest in a cybersecurity career? Check out the first episode in our series on how to break into a cybersecurity career with co-host Kevin Johnson. ** Links mentioned on the show ** So, you want to work in security? https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23 Entering the InfoSec Biz https://defensivesecurity.org/entering-information-security-industry/ How to Build a Cybersecurity Career https://danielmiessler.com/blog/build-successful-infosec-career/ Start in Infosec (Really great list of career...
2021-01-0430 minShared Security Podcast
Shared Security PodcastThe Year in Review and 2021 PredictionsOur last episode of the year is our always entertaining year in review and 2021 predictions with co-hosts Scott Wright and Kevin Johnson. Thank you for listening and supporting the show in 2020! ** Links mentioned on the show ** Check out our year in review and 2020 predictions recorded around the same time last year! https://sharedsecurity.net/2019/12/23/the-year-in-review-and-2020-predictions-with-kevin-johnson/ ** Watch this episode on YouTube ** https://youtu.be/gKiymWnnfzM ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Fa...
2020-12-2335 minShared Security Podcast
Shared Security PodcastSolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain SecurityIn episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson. ** Links mentioned on the show ** US govt, FireEye breached after SolarWinds supply-chain attack https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/ https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/ https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/ What We Know (And Don’t) About The SolarWinds Orion Hack So Far https://labs.bishopfox.com/industry-blog/what-we-know-and-dont-about-the-solarwinds-orion-hack SolarWinds attack explained: And why it was so hard to detect ht...
2020-12-2128 minShared Security Podcast
Shared Security PodcastCISA Director Chris Krebs Fired, Common Sense and Section 230In episode 148 for November 23rd 2020: This week Kevin Johnson joins me to discuss the Twitter firing of Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, and our thoughts about a common sense approach to social media and Section 230 of the Communications Decency Act. ** Links mentioned on the show ** Trump fires top cybersecurity official Christopher Krebs https://www.cbsnews.com/news/trump-fires-cybersecurity-chief-christopher-krebs/ Don’t Blame Section 230 for Big Tech’s Failures. Blame Big Tech. https://www.eff.org/deeplinks/2020/11/dont-blame-section-230-big-techs-failures-blame-big-tech Computer Security Experts Urge White House to Keep...
2020-11-2326 minShared Security Podcast
Shared Security PodcastGovernment Rumor Control, US Hospital Ransomware Threat, Russian Hackers ChargedIn episode 145 for November 2nd 2020: Kevin Johnson joins me to discuss the US government’s attempt to prevent disinformation and rumors about the election, a new ransomware threat targeting US hospitals, and details about six Russian hackers that were charged for some of the biggest cyber-attacks in the last decade. ** Links mentioned on the show ** #Protect2020 Rumor vs. Reality https://www.cisa.gov/rumorcontrol The Security Justice Podcast (2008-2011) https://archive.org/details/securityjustice FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals https://kr...
2020-11-0230 minShared Security Podcast
Shared Security PodcastThe Social DilemmaIn episode 142 for October 12th 2020: My conversation about the pros and cons of the Netflix documentary “The Social Dilemma” with frequent guest, Kevin Johnson. The Social Dilemma is a popular documentary (dramamentary?) on Netflix about how social media is causing unintended harm to people and society. Several engineers and leaders that worked at Facebook, Instagram, Twitter, Google, and others are interviewed and give their take on the dangers and current state of social media in modern civilization. It’s an interesting and also controversial film that is worth watching so you can form your own opinion. Even...
2020-10-1235 minShared Security Podcast
Shared Security PodcastTargeted Attacks Part 2 – Pretexting and Attack DevelopmentIn our September monthly episode we continue our three part series on targeted attacks. In this episode we discuss the pretext and how attackers develop and launch their attacks with special guests Nathan Sweaney, Senior Security Consultant at Secure Ideas and Kevin Johnson, CEO of Secure Ideas. ** Links mentioned on the show ** GoPhish – Open Source Phishing Framework https://getgophish.com/ Follow Nathan on Twitter https://twitter.com/sweaney Follow and connect with Secure Ideas https://secureideas.com/ ** Watch this episode on YouTube ** https://yo...
2020-09-2949 minShared Security Podcast
Shared Security PodcastAudio Recordings Used to Copy Keys, Carnival Ransomware Attack, Social Media Profile Data ExposedIn episode 135 for August 24th 2020: Details on how researchers can use audio recordings of keys being used in locks to create copies, Carnival cruise lines becomes the victim of a ransomware attack, and a data broker exposes nearly 235 million profiles scraped from social media sites. ** Links mentioned on the show ** Picking Locks with Audio Technology https://cacm.acm.org/news/246744-picking-locks-with-audio-technology/fulltext World’s largest cruise line operator discloses ransomware attack https://www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ https://www.sec.gov/ix?doc=/Archives/edgar/data/815097/000095014220002039/eh2001078_8k.htm ...
2020-08-2410 minShared Security Podcast
Shared Security PodcastAmazon Echo Exploit, Privacy Shield, Capital One Data Breach UpdateIn episode 134 for August 17th 2020: Details on new critical vulnerabilities found in Amazon Echo devices, what the end of the Privacy Shield framework means EU citizens personal data, and new data breach fines issued to Capital One and Twitter by the OCC and FTC. ** Links mentioned on the show ** Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon’s Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ Privacy Shield Is Dead, And Data Marketplaces Are Just Getting Going https://www.forbes.com/sites/forbestechcouncil/2020/08/10/privacy-shield-is-dead-and-data-marketplaces-are-just-getting-going/ https://iapp.org/news/a...
2020-08-1709 minShared Security Podcast
Shared Security PodcastTwitter Hack Lessons Learned, TikTok Ban, Rite Aid Facial Recognition CamerasIn episode 133 for August 10th 2020: What we can learn from the big Twitter hack, why everyone is trying to ban TikTok, and pharmacy chain Rite Aid’s use of facial recognition cameras. ** Links mentioned on the show ** How the FBI tracked down the Twitter hackers https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/ Call for TikTok security check before HQ decision https://www.bbc.com/news/technology-53640909 Rite Aid deployed facial recognition systems in hundreds of U.S. stores ht...
2020-08-1018 minShared Security Podcast
Shared Security PodcastHow Big Tech Collects Your Private Data and How to Delete ItIn episode 132 for August 3rd 2020: How the big tech companies like Google, Apple, Facebook, and Twitter collect your private data and how you can delete it with Kira Rakova from Undatify. ** Links mentioned on the show ** Find out more about Undatify https://undatify.me/ https://www.instagram.com/undatifyme/ The Step-by-Step Guide to Erasing Your Entire Google History https://pixelprivacy.com/resources/erasing-google-history How to Download And Delete Your Data From Facebook https://www.online-tech-tips.com/computer-tips/how-to-download-and-delete-your-data-from-facebook/ How to Delete Your Private Data from...
2020-08-0317 minShared Security Podcast
Shared Security PodcastChinese Hacking Campaign Exposed, BadPower Fast Charger Attack, Instacart Data LeakIn episode 131 for July 27th 2020: The FBI charges two Chinese hackers for one of the largest Chinese directed hacking campaigns ever discovered, how the BadPower fast charger attack could melt or set your devices on fire, and details on a massive leak of Instacart customer information. ** Links mentioned on the show ** DOJ says Chinese hackers targeted coronavirus vaccine research https://www.politico.com/news/2020/07/21/doj-chinese-hackers-coronavirus-research-375855 BadPower attack corrupts fast chargers to melt or set your device on fire https://www.zdnet.com/article/badpower-attack-corrupts-fast-chargers-to-melt-or-set-your-device-on-fire Instacart user data is reportedly...
2020-07-2709 minShared Security Podcast
Shared Security PodcastPrivacy Settings for Amazon Echo and Google HomeIn episode 102 of our July monthly show Scott and Tom walk-through the recommended privacy settings for Amazon Echo and Google Home smart speakers. ** Links mentioned on the show ** 8 ways to protect your Amazon Echo privacy while working from home https://www.cnet.com/how-to/8-ways-to-protect-your-amazon-echo-privacy-while-working-from-home/ How To Make Your Amazon Echo and Google Home as Private as Possible https://www.wired.com/story/alexa-google-assistant-echo-smart-speaker-privacy-controls/ Is your Google Home or Nest secure? How to find and delete your private data https://www.cnet.com/how-to/is-your-google-home-or-nest-secure-how-to-find-and-delete-your-private-data/
2020-07-2442 minShared Security Podcast
Shared Security PodcastThe Big Twitter Hack, Critical Windows DNS Server Update, Email Impersonation AttacksIn episode 130 for July 20th 2020: Details on the big Twitter hack which took over high-profile accounts, a major wormable critical vulnerability in Microsoft Windows DNS Server, and how email impersonation attacks take advantage of everyone working from home. ** Links mentioned on the show ** Twitter blames ‘coordinated’ attack on its systems for hack of Joe Biden, Barack Obama, Bill Gates and others https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html https://twitter.com/TwitterSupport/status/1283591846464233474 Hackers Convinced Twitter Employee to Help Them Hijack Accounts https://www.vice.com/en_us/article/jgxd...
2020-07-2009 minShared Security Podcast
Shared Security PodcastF5 BIG-IP Exploit, WiFi Router Security Updates, Password ReuseIn episode 129 for July 13th 2020: Impact of the F5-BIG-IP critical vulnerability, security updates and your WiFi router, and details about new research that shows how billions of compromised credentials are available in the cyber underground. ** Links mentioned on the show ** Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found https://www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-ip-rce-flaw-not-enough-bypass-found/ Home router warning: They’re riddled with known flaws and run ancient, unpatched Linux https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/ Billions of passwords now available on underground forums, say security re...
2020-07-1320 minShared Security Podcast
Shared Security PodcastTikTok Privacy Concerns, macOS Ransomware, Bad PasswordsIn episode 128 for July 6th 2020: New TikTok privacy concerns, the rise of macOS ransomware, and details on new research about bad password choices. ** Links mentioned on the show ** Family Safety and Security with Andy Murphy from The Secure Dad Podcast https://sharedsecurity.net/2020/06/29/family-safety-and-security-with-andy-murphy-from-the-secure-dad-podcast EARN IT Act, Facial Recognition Fail, Can I Be Phished? https://sharedsecurity.net/2020/06/30/earn-it-act-facial-recognition-fail-can-i-be-phished TikTok Reverse Engineered: What Was Discovered Will Make You Delete It ASAP https://www.reddit.com/r/privacy/comments/hgkqee/tiktok_reverse_engineered_what_was_discovered TikTok Reverse...
2020-07-0609 minShared Security Podcast
Shared Security PodcastEARN IT Act, Facial Recognition Fail, Can I Be Phished?In episode 101 of our June monthly show: Scott and Tom discuss the privacy concerns with the EARN IT Act, more stories of facial recognition fail, and Scott talks about his new podcast, Can I Be Phished? ** Links mentioned on the show ** PETITION: Nearly 500,000 say Congress shouldn’t ‘kill encryption’ with the EARN IT Act https://www.dailydot.com/debug/earn-it-act-petition/ The EARN IT Bill Is the Government’s Plan to Scan Every Message Online https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online False facial recognition match leads to a wrongful...
2020-07-0129 minShared Security Podcast
Shared Security PodcastFamily Safety and Security with Andy Murphy from The Secure Dad PodcastIn episode 127 for June 29th 2020: Family safety and security with special guest Andy Murphy host of The Secure Dad podcast. I really enjoyed this interview with Andy! If you’re looking for a podcast about home and family security, self-defense, and more you should definitely subscribe to his show! ** Links mentioned on the show ** The Secure Dad 5 Day Challenge https://www.thesecuredad.com/5daychallenge Our Episode on 5 Tips to Stay Secure and Private During a Protest https://sharedsecurity.net/2020/06/15/5-tips-to-stay-private-and-secure-during-a-protest/ Andy’s Episode on “The Crime We Create...
2020-06-2922 minShared Security Podcast
Shared Security PodcastLargest DDoS Attack Ever, New Dropbox Features, North Korean Cyber-AttacksIn episode 126 for June 22nd 2020: Details on the largest Distributed Denial of Service attack ever recorded, new security features in Dropbox, and the latest on new North Korean targeted cyber-attacks. ** Show notes and links mentioned on the show ** Zoom will provide end-to-end encryption to all users https://www.bleepingcomputer.com/news/security/zoom-will-provide-end-to-end-encryption-to-all-users/ AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever https://www.zdnet.com/article/aws-said-it-mitigated-a-2-3-tbps-ddos-attack-the-largest-ever/ DDoS explained: How distributed denial of service attacks are evolving https://www.csoonline.com/article/3222095/ddos-explained-how-denial-of-service-attacks-are-evolving...
2020-06-2210 minShared Security Podcast
Shared Security Podcast5 Tips to Stay Private and Secure During a ProtestIn episode 125 for June 15th 2020: Our top 5 tips for staying private and secure during a protest. ** Show notes and links mentioned on the show ** Privacy And Security While Protesting https://silent-pocket.com/blogs/news/privacy-and-security-while-protesting You Have a First Amendment Right to Record the Police https://www.eff.org/deeplinks/2020/06/you-have-first-amendment-right-record-police Protecting Your Privacy if Your Phone is Taken Away https://www.eff.org/deeplinks/2020/06/protecting-your-privacy-if-your-phone-taken-away How to Protest Safely in the Age of Surveillance https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/ ** Thank you...
2020-06-1509 minShared Security Podcast
Shared Security PodcastMinneapolis Police Website Hacked, Zoom Encryption, eBay Port ScanningIn episode 124 for June 8th 2020: Details on how the Minneapolis Police website may have been hacked, Zoom’s plan to implement end-to-end encryption, and why eBay and other sites may be port scanning your computer. ** Show notes and links mentioned on the show ** After Anonymous Promises Retribution for George Floyd’s Death, Minneapolis Police Website Shows Signs It Was Hacked https://time.com/5845880/anonymous-minneapolis-police-hack/ Anonymous Hacker Gets Six Years In Prison For DDoS Attacks https://yro.slashdot.org/story/19/11/22/2211205/anonymous-hacker-gets-six-years-in-prison-for-ddos-attacks Zoom to offer end-to-end encryption only to paying customers
2020-06-0809 minVerbal Tap MMA Comedy Podcast
Verbal Tap MMA Comedy PodcastVerbal Tap (Ep. 410) w/ Craig Jones & William Tackett UFC 250You have to listen to our Craig Jones interview about Submission Underground, and you know you love William Tackett. Listen in as we play some games, talk events, and play Over/Under Kevin UFC 250. Thank you.
2020-06-041h 16Shared Security Podcast
Shared Security PodcastFirst Amendment Rights and Twitter, Encryption BackdoorsIn episode 123 for June 1st 2020: The controversy continues over fact checking and First Amendment rights on Twitter, and why government mandated encryption backdoors are bad for everyone’s security. ** Show notes and links mentioned on the show ** Trump to sign executive order aimed at cracking down on Facebook and Twitter https://www.cnbc.com/2020/05/28/trump-to-sign-executive-order-aimed-at-cracking-down-on-facebook-twitter.html The law enforcement backdoor debate continues https://www.helpnetsecurity.com/2020/05/26/backdoor-encryption/ OWASP Top 10 2020 Data Analysis Plan https://owasp.org/www-project-top-ten/ ** Thank you to our sponsors! ** Silent Po...
2020-06-0120 minShared Security Podcast
Shared Security PodcastEpisode 100 with Rachel Tobac and Kathleen SmithIn episode 100 of our May monthly show we discuss the history of the podcast, some of the most interesting cybersecurity and privacy news and events over the years, and speak with former guest Rachel Tobac, CEO and Co-Founder of SocialProof Security, about what she’s been up to and of course the David Lynch daily weather report! We also catch up with Kathleen Smith, CMO of ClearedJobs.net and CyberSecJobs.com to talk about the current cybersecurity job market, recruiting, and the one thing you need to stop doing with your resume. Interviews start at [38:00]. Be sure to...
2020-05-291h 14Shared Security Podcast
Shared Security PodcastApple’s Law Enforcement Backdoor Dispute, Signal PINs, EasyJet Data BreachIn episode 122 for May 25th 2020: Apple and the US Government dispute over law enforcement backdoors in Apple products, secure messaging app Signal starts to move away from using phone numbers as user IDs, and details on the EasyJet data breach affecting 9 million customers. ** Show notes and links mentioned on the show ** Apple Calls FBI Comments on Lack of Help Unlocking Florida Shooter’s iPhone an ‘Excuse to Weaken Encryption’ https://www.macrumors.com/2020/05/18/apple-fbi-dispute-weaken-encryption/ Signal to move away from using phone numbers as user IDs https://signal.org/blog/signal-pins/ Brit...
2020-05-2510 minShared Security Podcast
Shared Security PodcastThunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act VoteIn episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan to require a warrant to obtain Americans’ web browsing history. ** Show notes and links mentioned on the show ** Thunderbolt flaw lets hackers steal your data in ‘five minutes’ https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/ Thunderbolt 3 The USB-C that does it all https://thunderbolttechnology.net/consumer/ Thunderspy tool to test if your PC is vul...
2020-05-1811 minShared Security Podcast
Shared Security PodcastGoDaddy Security Incident, Fake Downloaders, Firefox LockwiseIn episode 120 for May 11th 2020: The latest on the GoDaddy security incident affecting 28,000 customers, fake Microsoft Teams notification emails and Zoom downloaders, and details on new features to the Firefox built in password manager. ** Show notes and links mentioned on the show ** GoDaddy notifies users of breached hosting accounts https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/ GoDaddy email to affected customers https://oag.ca.gov/system/files/Customer%20Notification.pdf How to combine SSH key authentication and two-factor authentication on Linux https://www.techrepublic.com/article/how-to-combine-ssh-key-authentication-and-two-factor-authentication-on-linux/
2020-05-1110 minShared Security Podcast
Shared Security PodcastStaying Secure When Working From HomeIn episode 114 for March 30th 2020: Co-host Tom Eston is joined with frequent guest Kevin Johnson to discuss how to stay more secure when working from home. If you find yourself working from home because of COVID-19 this is one episode you don’t want to miss! ** Show notes and links mentioned on the show ** Social isolation is a risk factor for scam loss https://www.helpnetsecurity.com/2020/03/24/risk-scams/ The State of Cybersecurity Training and Certifications with Kevin Johnson https://sharedsecurity.net/2019/04/25/the-state-of-cybersecurity-training-and-certifications-with-kevin-johnson/ How I Became a Security Co...
2020-03-3019 minShared Security Podcast
Shared Security PodcastRing Mandates Two-Factor Authentication, License Plate Reader Data Sharing, RSA Conference Coronavirus FearsIn episode 109 for February 24th 2020: Kevin Johnson joins us to discuss how Ring made two-factor authentication mandatory following recent hacking incidents, California police have been caught illegally sharing license plate reader data, and details on IBM and other companies pulling out of the RSA conference due to coronavirus fears. ** Show notes and links mentioned on the show ** Take our podcast listener survey and be entered to win a $25 Amazon gift card! https://sharedsecurity.net/survey Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks https://thehackernews.com/2020/02/ring-cameras-cybersecurity.html ...
2020-02-2422 minShared Security Podcast
Shared Security PodcastThe Year in Review and 2020 Predictions with Kevin Johnson In episode 100: Kevin Johnson, CEO of SecureIdeas joins us in this very special milestone episode to discuss the year that was 2019 and what Kevin’s “predictions” are for cybersecurity and privacy 2020. Thank you to Kevin for being our special guest! ** Show notes and links mentioned on the show ** The Nerf Dart “head-shot” that will live in infamy (yes, Kevin..it’s in the show notes) Professionally Evil CISSP Mentorship Class – Starting in January https://training.secureideas.com/course/cissp-mentor/ ** Thank you to our sponsors! ** Silent Pocke...
2019-12-2316 minShared Security Podcast
Shared Security Podcast10 Year Anniversary Episode with Kevin Johnson and Jayson E. StreetIn Episode 91 of this very special episode of our monthly show, Tom and Scott are joined by special guests Kevin Johnson and Jayson E. Street back to celebrate the 10 year anniversary of this podcast! We talk about the history of the show, what’s improved (or not improved) in the last 10 years from a cybersecurity and privacy perspective, Kevin’s Star Wars addiction, Jayson’s #HackerAdventures, and we have a very important debate about the future of security awareness and what can be done to provide better education on phishing which continues to be one of the top attack vector...
2019-08-291h 04Shared Security Podcast
Shared Security PodcastThe State of Cybersecurity Training and Certifications with Kevin JohnsonIn episode 87 of our monthly show, frequent guest Kevin Johnson joins us to discuss the current state of cybersecurity training and certifications. If you’re currently in the industry or pursuing a career in cybersecurity this is one episode not to miss! Tom and Kevin cover the following topics: What’s the state of training and certifications in our industry? Why is some training so expensive? How did we get here? What’s the biggest challenge we face? What should we look for in a training provider and are certifications really worth it? What certifications are valuable? We als...
2019-04-2546 minShared Security Podcast
Shared Security PodcastThe Year in Review and 2019 Predictions with Special Guest Kevin JohnsonWatch this episode on our YouTube channel! In this year end episode of the podcast, we’re joined by frequent guest Kevin Johnson to recap the big cybersecurity and privacy news of this past year, talk about a little movie called Star Wars, and have some fun discussing our “predictions” for what’s to come in 2019. The Shared Security Podcast sponsored by Silent Pocket and Edgewise Networks. Thank you to our listeners and sponsors for an amazing year! We really appreciate your support of the show! Be sure to follow the Shared S...
2018-12-2653 minShared Security Podcast
Shared Security PodcastThe Shared Security Podcast Episode 76 – Special Guest Kevin Johnson (@secureideas), Router Hacking, GDPR, NSA MetadataThis is the 76th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston and Scott Wright with special guest Kevin Johnson recorded May 7, 2018. Listen to this episode direct via this link or through the media player embedded in this post! Interview with special guest Kevin Johnson Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been...
2018-05-1041 minShared Security Podcast
Shared Security PodcastThe Shared Security Podcast Episode 63 – Special Guest Jayson E. Street, Misconceptions About VPNsThis is the 63rd episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston, Scott Wright and special guest Jayson E. Street recorded April 12, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Interview with Special Guest Jayson E. Street In this episode we were joined by “notorious” hacker Jayson E. Street who is the InfoSec Ranger at Pwnie Express, Senior Partner at Krypton Security, CEO of Stratagem 1 Solutions and author of several boo...
2017-05-0249 minEducate For Life with Kevin Conover
Educate For Life with Kevin Conover082 Is Genesis History – Dr. Del Tackett and Dr. Andrew SnellingToday on the show Kevin has two amazing experts, Dr. Del Tackett and Dr. Andrew Snelling, to talk about an exciting new movie called “Is Genesis History”. Is Genesis History? is a comprehensive documentary featuring scientists and scholars looking at the world and explaining how it intersects with the history recorded in Genesis. From rock layers to fossils to lions to stars, this fascinating film will challenge and change the way you see the world. Showing in theaters as a one-night event on Thursday, February 23 only (tickets at http://www.fathomevents.com/event/is-genesis-history), Is Genesis History? shines new ligh...
2017-02-2058 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 37 – Special Guest Kevin Johnson (@Secureideas), Managing Your Digital FootprintThis is the 37th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston, Scott Wright and special guest Kevin Johnson recorded September 19th 2014.  Below are the show notes, links to articles and news mentioned in the podcast: Special Topic! Managing Your Digital Footprint (thanks to Chris John Riley for the idea!) Personal objectives for using social media Types of footprints you might have (likes, comments, photos, tags, etc.) Ways you can be exposed, and how to find them (Google search, Facebook search, L...
2014-10-0259 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 9 – Defensio, Blippy.com, Relationships and Social MediaThis is the 9th episode of the Social Media Security Podcast recorded January 26, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Kevin will be speaking with Robin Wood at Shmoocon Saturday, February 6th at 11am.  “Social Zombies II: Your Friends Need More Brains”. Facebook Partners With McAfee for Anti-Virus.  Does this change anything? Websense Defensio 2.0. Websense offers a Facebook application to protect users from malicious content in their profiles. How does it work and does it help? Blippy.com – How far will i...
2010-01-3042 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 8 – Would You Commit Social Media Suicide?This is the 8th episode of the Social Media Security Podcast recorded January 8, 2010.  This episode was hosted by Tom Eston, Kevin Johnson and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Backupify.com – A solution for backing up all your social media site content.  Check out theharmonyguy’s manual method for Facebook. Commit virtual social media suicide!  This service will remove your social network profiles, change your profile picture and password so you can never use the account again.  Facebook is currently blocking the service as they say it’s a violation...
2010-01-1242 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 6 – Privacy, Photo Tagging, Facebook Police, What is ClickjackingThis is the 6th episode of the Social Media Security Podcast recorded December 3, 2009.  This episode was hosted by Tom Eston and Kevin Johnson.  Scott Wright joins in as “god” during post-edit.  Below are the show notes, links to articles and news mentioned in the podcast: New privacy settings in Facebook are rolling out, regional networks are being removed.  Be sure to check out the comments under Mark Zuckerberg’s blog post…all spam! Is Facebook photo tagging still a big fail? Scott clarifies this for us.  The solution to this is to adjust your privacy settings to allow only yo...
2009-12-0937 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 5 – Google Reader, Privacy, Wave, ChromeOS and FoursquareThis is the 5th episode of the Social Media Security Podcast recorded November 20, 2009.  This episode was hosted by Scott Wright and Tom Eston. Kevin Johnson will be joining us for the next podcast.  Below are the show notes, links to articles and news mentioned in the podcast: Tom gives an overview of the OWASP AppSec DC conference. Koobface now using Google Reader for links.  Very good paper on how Koobface works. Google Launches Privacy Dashboard. Google Wave Gadget to Make Your Friends Logout. Google’s ChromeOS.  What is it and how does this relate to social media use? Foursq...
2009-11-2440 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 4 – Death by Twitter, Open Source Intelligence, Policies, Google WaveThis is the 4th episode of the Social Media Security Podcast recorded November 6, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: More scams on Twitter including the recent IQ quiz attack.  Disinformation on social networks…someone died example..are you sure they are really dead? Tom talks about his Open Source Intelligence Gathering talk that he recently gave.  How do you find information posted about your company on social networks and why should you look?  Now is probably a good time fo...
2009-11-0853 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 3 – Phishing and Koobface, What is CSRF, Protected TweetsThis is the third episode of the Social Media Security Podcast recorded October 23, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Scott talk about phishing on social networks. How can you tell the difference between a fake friend request and a real one? Here is a screen shot of a fake friend request and a real friend request.  Just by looking at the email…it’s really hard to tell the difference isn’t it?  The only way you can te...
2009-10-2555 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 2 – Month of Facebook Bugs, What is XSS, Canadian Privacy RulingThis is the second episode of the Social Media Security Podcast recorded September 25, 2009.  This episode was hosted by Scott Wright, Tom Eston and our new co-host Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: Introducing our new co-host, Kevin Johnson.  Kevin is a Senior Security Analyst for InGuardians and is also an instructor for the SANS Institute, teaching both SEC504: Hacker Techniques, Exploits, and Incident Handling and SEC542: Web App Penetration Testing and Ethical Hacking courses. Tom talks about the Month of Facebook Bugs (created by a security researcher called “theha...
2009-09-2757 minShared Security Podcast
Shared Security PodcastSocial Media Security Podcast 1 – Zombies, Bad Facebook Apps, Twitter SPAMThis is the first episode of the Social Media Security Podcast.  This episode was hosted by Scott Wright and Tom Eston.  Below are the show notes, links to articles and news mentioned in the podcast: How did socialmediasecurity.com get started?  Want to help out?  Join our mailing list! Weaponizing the Web: More Attacks on User Generated Content (good article on Nathan and Shawn’s talk) Aviv Raff’s Month of Twitter bugs, research on Facebook applications by theharmonyguy What are the Black Hat and DEFCON conferences? History of DEFCON, Black Hat and the security underground (ThreatPost interview with fou...
2009-08-2535 min