Not one of Google’s 85,000 employees has had their accounts compromised by phishing in a year. How have they done it? Find out in this podcast.
Also, we discuss with special guest Scott Helme how websites still using HTTP are now marked as “not secure” by Google Chrome (and a way in which you can make it even more obvious), and if you’re buying drugs via PayPal’s Venmo app you should say goodbye to privacy.
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by cybersecurity veterans Graham Cluley and Carole Theriault.
Smashing Security #088: 'PayPal’s Venmo app even makes your drug purchases public'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Hosts:
Graham Cluley – @gcluley
Carole Theriault – @caroletheriault
Guest:
Scott Helme – @Scott_Helme
Show notes:
- Vote for Smashing Security in the podcast awards!
- Smashing Security 039: Woah – are we talking to a cyborg?
- Google: Security Keys Neutralized Employee Phishing
- Yubico
- Less than 10% of Gmail users have enabled two-factor authentication
- Google's Advanced Protection Program
- What is Google’s Advanced Protection Program? – YouTube
- Two-factor authentication versus two-step verification
- One small step for a browser, one giant leap for web security!
- Chrome browser flags Daily Mail and other sites as 'not secure'
- How to change Chrome's settings to be more in-your-face when you visit an unencrypted HTTP site
- Public by Default – Venmo Stories of 2017
- Why I Blasted Your “Drug” Deals on Twitter
- PayPal's Venmo App Exposes Most Transactions via Its API
- Reporting Trump's First Year: The Fourth Estate – BBC
- Why No HTTPS? The World's Largest Websites Not Redirecting Insecure Requests to HTTPS
- Scott Helme tweets about NewsNow’s support for both HTTP and HTTPS
- NewsNow.co.uk
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses
Follow the show:
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
You might be all excited by this HTTPS thing but for ordinary people who did their own websites with limited knowledge, it's really annoying. They must rely on free limited service like Cloudflare or pay extra cash, yearly to have this service. For example, with Global Sign, it would cost me £70 per year. There is no easy option for "ordinary people"…
Someone's ripping you off Stephane if you're having to pay £70 for HTTPS. Maybe it's worth you looking at an option like Cloudflare, or (if you're a bit more geeky) Lets Encrypt.
Yes, I actually decided to use Cloudflare as I'm not geeky at all but now I always fear that if there is a problem with Cloudflare's servers that my website won't be accessible…
I wouldn't worry too much. If Cloudflare has a problem then tens of millions of other websites will suffer the same glitch as you.