Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn’t the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, with a featured interview with Rachael Stockton from Logmein.
Smashing Security #151: 'Frankly, sometimes paying the ransom is a good idea'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Hosts:
Graham Cluley – @gcluley
Carole Theriault – @caroletheriault
Show notes:
- Support Smashing Security on Patreon — Now also includes free stickers!
- RobbinHood ransomware attack brings down parts of City of Baltimore's computer network — Tripwire.
- Some Baltimore City Services Still Shut Down Due To Ransomware Attack — YouTube.
- Baltimore government could have lost its website last week. And not because of hackers — Baltimore Brew.
- Baltimore transfers $6 million to pay for ransomware attack; city considers insurance against hacks — Baltimore Sun.
- Baltimore IT department uses ‘mind-boggling,' outdated data storage method, audit finds — Baltimore Sun
- Councilman “mind-boggled” by Baltimore City IT department ineptitude — Ars Technica.
- The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up — Techdirt.
- "Backin Up" by The Gregory Brothers — YouTube.
- Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping — Security Research Labs.
- Zoomquilt 2.
- Arkadia Zoomquilt.
- Historia Civilis — YouTube.
- 2019 Global Password Security Report — LastPass.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Code42 provides data loss protection for when employees quit.
60% of employees who quit their jobs admit to taking data. Your organization’s data is more portable than ever and you have employees leaving everyday.
Most organizations rely on prevention but there are simply too many ways for data to leave.
To learn more about how to protect your company’s data from insider threats visit code42.com/smashing
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Immersive Labs provides the world’s first fully interactive, on-demand, and gamified cyber skills platform.
Try it for free at immersivelabs.com/lite/, and drive down your organisation’s cyber risk while reducing training costs.
Follow the show:
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Your suggestion to turn-off or somehow mute these home automation devices (Alexa etc) doesn't work for me.
At last count I have 34 devices throughout my home which are voice activated via Alexa. So Alexa needs to be continually enabled to get any benefit from the voice activation. Trivial example – It's great being able to approach a darkened kitchen with arms full of heavy shopping bags and tell Alexa to switch on the worktop lights. If have to put the bags down first in order to unmute Alexa to instruct her to switch on the lights I may as well have just turned on the lights manually myself. Doh!
Why is it that when new technology is launched, the manufacturers don't security 'harden' their shiny new things BEFORE they hit the market?!! You'll remember the same thing happened when wifi enabled home monitoring devices were launched. Oh – and laptop webcams + microphones before that, and so on.
Is it niaivity, stupidity or just sheer laziness that the security implications are ignored until release 2.0?
We need to introduce the equivalent of a CE or Kitemark standard for digital electrical appliances that confirm they've been adequately ' cyber-security' tested before launch. It's no different to expecting not to be electrocuted when we buy a kettle, toaster or hairdryer. I'm not a big fan of unnecessary regulation but digital technology is like the wild-west at the moment!