Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault on the “Smashing Security” podcast, as we have another casual chat about the world of online privacy and computer security.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Smashing Security, Episode 007: ASCII Art Attack with Carole Theriault, Vanja Švajcer, and Graham Cluley.
Hello and welcome to another episode of Smashing Security, Episode 7, where we are going to talk to you about the latest computer security news and share some of our views as to what's been going on.
I am joined as always by my good chums Carole Theriault and Vanja Švajcer. Hi guys, how you doing?
Hello and welcome to another episode of Smashing Security, Episode 7, where we are going to talk to you about the latest computer security news and share some of our views as to what's been going on.
I am joined as always by my good chums Carole Theriault and Vanja Švajcer. Hi guys, how you doing?
Hello.
Good afternoon.
I'm going to try and say hello in a different way every single time.
Fantastic. That's what we want. Well, without further ado, what has been piquing our curiosity? I think we've all got a topic this week.
I've got one, which is about a hacker who managed to hijack a huge number of printers.
Now, I don't know about you guys, how much during your experience of IT, how much luck have you had printing things out?
I've got one, which is about a hacker who managed to hijack a huge number of printers.
Now, I don't know about you guys, how much during your experience of IT, how much luck have you had printing things out?
Not much. Usually when you send something to printer, that appears on a third floor or maybe basically not on the floor where you sit.
They've become much, especially in offices, they're pretty complicated computers now, aren't they? Like, and they do everything but make coffee.
It's crazy, isn't it? You try and print something. I mean, I only obviously work in my home office. It's just me and, you know, a cable and a printer. And sometimes— And still.
And still. I'm not surprised if the printout ends up in another country, quite frankly.
The number of times when the problem has come, that the thing which has gone wrong with IT has basically been the printer. It's like the printer is like Stonehenge.
It's the technology which hasn't really moved on. Sometimes they've got bells and whistles and faxes and scanners and doing all kinds of other things, but they so often go wrong.
And still. I'm not surprised if the printout ends up in another country, quite frankly.
The number of times when the problem has come, that the thing which has gone wrong with IT has basically been the printer. It's like the printer is like Stonehenge.
It's the technology which hasn't really moved on. Sometimes they've got bells and whistles and faxes and scanners and doing all kinds of other things, but they so often go wrong.
They are though Stonehenge. I mean, you know, have you not gone paperless?
You know what? I do actually try and scan as much as I can and have searchable PDFs of my important documents.
But sometimes people demand something printed out, and so I have to spend a fortune on printing in order to print something.
Well, people who will be complaining right now about the cost of ink cartridges will be the owners of those 160,000 printers who found that their printers had been hijacked by a hacker who was then churning out ASCII art.
But sometimes people demand something printed out, and so I have to spend a fortune on printing in order to print something.
Well, people who will be complaining right now about the cost of ink cartridges will be the owners of those 160,000 printers who found that their printers had been hijacked by a hacker who was then churning out ASCII art.
Oh, I love ASCII art though. I know, I love ASCII art as well. I'm a big fan of ASCII art.
It's pretty cool. The stuff that was printing out by the printers. I mean, it looks cool, but I bet it's bloody annoying for people who are handling those printers. Can you imagine?
I know, I know. I'm just saying, I'm just saying for anyone out there who doesn't know what ASCII art is, I suggest go Google it and go marvel. Go marvel. Anyway, back to your story.
Sorry. There is a guy who calls himself Stack Overflowing.
And he says, what he's been doing is he'd been taking control over poorly protected printers, which are publicly accessible over the internet.
And not just printers, by the way, even machines churning out sales receipts.
And he's been printing out ASCII art, and he's actually been including a message, and he's been posting on these printouts messages like, "Hacked!
Stack Overflowing, the almighty hacker god, has returned to his throne as the greatest meme god.
Your printer is part of a flaming botnet." 'Your printer has been pwned.' God, this is old school.
And he says, what he's been doing is he'd been taking control over poorly protected printers, which are publicly accessible over the internet.
And not just printers, by the way, even machines churning out sales receipts.
And he's been printing out ASCII art, and he's actually been including a message, and he's been posting on these printouts messages like, "Hacked!
Stack Overflowing, the almighty hacker god, has returned to his throne as the greatest meme god.
Your printer is part of a flaming botnet." 'Your printer has been pwned.' God, this is old school.
This is so old school.
So he's not doing this for money.
I bet he's 40. That's not—
He's sat in his underpants. Yeah. In his back bedroom.
His mum's downstairs saying, 'Will you please come downstairs and get yourself a girlfriend?' But he's taken— I have to be careful. He might be taking over my printer right now.
I shouldn't be slagging him off, should I? But what he's done is he's taken over these office printers, these sales terminals.
He's churning out these ASCII art, but he's not doing it to make money. He's not demanding a ransom. He's not turning them into a botnet to launch DDoS attacks.
He's even included in some of his messages his email address at ProtonMail, although that's since been shut down.
His mum's downstairs saying, 'Will you please come downstairs and get yourself a girlfriend?' But he's taken— I have to be careful. He might be taking over my printer right now.
I shouldn't be slagging him off, should I? But what he's done is he's taken over these office printers, these sales terminals.
He's churning out these ASCII art, but he's not doing it to make money. He's not demanding a ransom. He's not turning them into a botnet to launch DDoS attacks.
He's even included in some of his messages his email address at ProtonMail, although that's since been shut down.
It's kind of in the good old times where people were spreading malware or something to show that you have a vulnerability.
They would exploit you and they would tell you, ah, you know, you've been hacked because you have a security issue.
They would exploit you and they would tell you, ah, you know, you've been hacked because you have a security issue.
I know, but you know what's interesting? We would jump up and down when this happened, right? And do everything we could to block these things.
And now it's kind of, oh, well, at least he's not stealing from us. You know, he's hacked LastPass.
And now it's kind of, oh, well, at least he's not stealing from us. You know, he's hacked LastPass.
Well, the thing is, this is not necessarily a vulnerability. He's not exploiting a security problem. He's exploiting a problem in configuration of firewalls.
The fact that people have exposed all these printers to the internet. So it's a problem of configuration rather than the actual code that's running in the printer.
The fact that people have exposed all these printers to the internet. So it's a problem of configuration rather than the actual code that's running in the printer.
And the ASCII art, of course, is drawing attention to the problem that's caught people's imagination.
If you go on Twitter, you can see plenty of people who are actually exchanging screenshots of what their printer has been churning out.
If you go on Twitter, you can see plenty of people who are actually exchanging screenshots of what their printer has been churning out.
The press are going to love it because they can actually—
Yeah, they seem quite amused. And he's including messages. He's saying, for instance, for the love of God, please close this port, you know, so he is raising awareness of this thing.
So even though technically what he's doing is illegal, I imagine, it does seem to be a problem and it's so easy to find potentially vulnerable devices on the web using search engines like Shodan.
So even though technically what he's doing is illegal, I imagine, it does seem to be a problem and it's so easy to find potentially vulnerable devices on the web using search engines like Shodan.
Well, I guess it would be very difficult to notify 160,000 users that their printers— there's something wrong with their configuration of the printer.
So this might be just as good as anything to do.
So this might be just as good as anything to do.
Do you know what? That's actually, you make such a good point there.
The number of times I've heard of web administrators not responding to emails from reputable security professionals saying, hey, we found this hole.
You know, they just don't respond at all. And so you're left in the situation where they're not doing anything about it and you need, you want it fixed.
The number of times I've heard of web administrators not responding to emails from reputable security professionals saying, hey, we found this hole.
You know, they just don't respond at all. And so you're left in the situation where they're not doing anything about it and you need, you want it fixed.
Because there is a serious problem that this hacker has highlighted. You know, sending printouts is one thing, but what if someone had been able to send a malicious firmware update?
What if they'd been compromising the printer and turning them into something like the Mirai botnet, which of course launched devastating DDoS attacks and brought down major websites as a consequence?
You know, in some ways I'm kind of impressed by the guy. I mean, I find it hard enough to print anything out, let alone remotely on 160,000 printers.
He's done a pretty good job, hasn't he?
What if they'd been compromising the printer and turning them into something like the Mirai botnet, which of course launched devastating DDoS attacks and brought down major websites as a consequence?
You know, in some ways I'm kind of impressed by the guy. I mean, I find it hard enough to print anything out, let alone remotely on 160,000 printers.
He's done a pretty good job, hasn't he?
Yeah.
Okay, so how about we call him a gray hacker? You know, he's not a white hat, he's not a black hat, but gray hat. Do we agree with that?
A vigilante.
Yeah, vigilante seems a good word to me. Yeah.
Okay.
Vanja, topic 2, what have you got up your sleeve today?
Well, today we have a topic related to Twitter. A researcher managed to, well, let's say hack tweets of top celebrities.
So what he did is he was actually motivated or inspired by work of a Belgian researcher who used a similar technique to hijack one of the Donald Trump tweets and redirect one of the old tweets to a YouTube video.
So instead of the actual tweet where Donald Trump would explain that he was going to participate in a conference, you know how in Twitter you have videos that, or when you share a link, the actual video is embedded in the tweet.
So what he did is he was actually motivated or inspired by work of a Belgian researcher who used a similar technique to hijack one of the Donald Trump tweets and redirect one of the old tweets to a YouTube video.
So instead of the actual tweet where Donald Trump would explain that he was going to participate in a conference, you know how in Twitter you have videos that, or when you share a link, the actual video is embedded in the tweet.
Yeah.
You can actually hijack that tweet in a way. And the way to hijack that is to look whether the domain that was used in a URL has actually expired and nobody owns them.
So you actually take over the domain and next time some other user looks at the same tweet, Twitter actually takes the new content rather than the old content.
So it appears as if Donald Trump was tweeting some video from YouTube where he's having fun with Playboy's Playmates.
So you actually take over the domain and next time some other user looks at the same tweet, Twitter actually takes the new content rather than the old content.
So it appears as if Donald Trump was tweeting some video from YouTube where he's having fun with Playboy's Playmates.
It was quite, it was quite an amusing video, to be honest.
But so the problem here really is that there are, of course, websites which are created temporarily, you know, a website for a conference, for instance, in a particular year, they may simply let the domain expire because they no longer have any use for it.
But if somebody links to it in a tweet and someone else then grabs that domain name and redirects it to a video, for instance, or posts something else on that content, there's a lot of mischief and shenanigans which can occur here, can't there?
Because in the case of Donald Trump in particular, a lot of people are trawling through his old messages and potentially could say, look at this, which he linked to.
You know, it could be something really salacious, couldn't it?
But so the problem here really is that there are, of course, websites which are created temporarily, you know, a website for a conference, for instance, in a particular year, they may simply let the domain expire because they no longer have any use for it.
But if somebody links to it in a tweet and someone else then grabs that domain name and redirects it to a video, for instance, or posts something else on that content, there's a lot of mischief and shenanigans which can occur here, can't there?
Because in the case of Donald Trump in particular, a lot of people are trawling through his old messages and potentially could say, look at this, which he linked to.
You know, it could be something really salacious, couldn't it?
Take Putin's Twitter account as well and have something different and have them having a conversation between the two.
Here's a picture of me and Vladimir Putin, you know, relaxing in the hot tub together.
So presumably this is targeting people with lots of followers, right? Because presumably you want to—
Yeah, you have the highest chance. Yeah.
If you say set up malicious content on this new hijacked URL or domain, then obviously you want to target the most popular Twitter accounts, your Katy Perrys of the world, who obviously, you know, people would look at what they were saying and they would follow them.
In fact, the guy went through the top 1,000 celebrities and looked for the domains which were not registered.
If you say set up malicious content on this new hijacked URL or domain, then obviously you want to target the most popular Twitter accounts, your Katy Perrys of the world, who obviously, you know, people would look at what they were saying and they would follow them.
In fact, the guy went through the top 1,000 celebrities and looked for the domains which were not registered.
Right. Well, Graham, Graham, how do you feel about this? Because you like to think of yourself as a bit of a celebrity. Are you worried?
Anyone who follows me on Twitter knows that I only ever link to myself.
Surprise, surprise. And that's a good security practice, Graham. Providing that GrahamCluley.com doesn't expire soon.
Yeah, let's hope not.
But I mean, okay, look, do you think that Twitter should— Vanja, do you think Twitter should be doing more to preserve a proper history of what tweets are really linking to?
I mean, should they be doing something about this?
But I mean, okay, look, do you think that Twitter should— Vanja, do you think Twitter should be doing more to preserve a proper history of what tweets are really linking to?
I mean, should they be doing something about this?
Well, that's a good question. I think the fact that Twitter was retaking the new content is not necessarily good on their side.
I would say that it would be better from the security point of view that they actually preserved the original image or the original content of what was embedded in the original tweet.
So this, if they did that, you know, nobody would be able to do something like that at this point.
I would say that it would be better from the security point of view that they actually preserved the original image or the original content of what was embedded in the original tweet.
So this, if they did that, you know, nobody would be able to do something like that at this point.
I guess another solution would be to delete old tweets if you were really worried about this. But then of course, people then begin to, I mean, it's a bit of an edge case, isn't it?
People then begin to think, well, is there something you're trying to hide?
People then begin to think, well, is there something you're trying to hide?
Hey, he deleted this tweet. Yeah, exactly. And there are so many other places where they archive the whole Twitter feed where you can actually go and search for the old tweets.
Yeah, maybe you have to tell people then also to be really careful about what link they put in. Do you think this is a legitimate link?
You know, is the link to a location, you know, if you're going to the BBC website, for instance, as opposed to ABCD.com?
You know, is the link to a location, you know, if you're going to the BBC website, for instance, as opposed to ABCD.com?
Yeah, should you think about, you know, the possibility of this domain being hijacked or expiring and someone else taking over.
Oh, come on, we can't do that. It's crazy. You know, if you're linking to something, you just, you find something interesting, you're going to share it with your buddies.
You can't think in 3 years' time, is someone going to be a bit sloppy and not bother to renew their domain? It's too much to take on your shoulders. No, no, I know.
You can't think in 3 years' time, is someone going to be a bit sloppy and not bother to renew their domain? It's too much to take on your shoulders. No, no, I know.
I agree. I agree. So we go back to Twitter. They should actually take care of it.
Well, no, but I don't know because the whole fake news story as well that's going on at the moment has to do with also, you know, how long has the site been up and how, you know, how reputable is that?
Absolutely.
That's interesting. I mean, maybe one thing— it's an interesting point you raise there, Carole.
Maybe one thing that Twitter could offer would be an option if you're going to click on a link.
Maybe there should be some button or some little highlight you can get which would do a quick sort of—
Maybe one thing that Twitter could offer would be an option if you're going to click on a link.
Maybe there should be some button or some little highlight you can get which would do a quick sort of—
Who is?
Yeah, like a who is, how old is this domain, when was it last changed?
That'd be good. You could hover over it and it would say who is in existence since, you know, 1993. And you might feel a lot better about it than if it was—
Of course, that doesn't mean this URL would be completely safe because that can be hacked as well.
Nothing can be completely safe, Vanja. Nothing.
Carole, tell us about something else which isn't completely safe. What have you got for us today?
Well, I want to talk about the benefits of the dumb TV.
So Vizio has agreed to pay— their TV manufacturers has agreed to pay $2.2 million for illegally collecting user viewing information without user consent.
Worse, they've been apparently selling this to third parties. Now, who the heck these people are, I don't know.
So Vizio has agreed to pay— their TV manufacturers has agreed to pay $2.2 million for illegally collecting user viewing information without user consent.
Worse, they've been apparently selling this to third parties. Now, who the heck these people are, I don't know.
So I just wanted to ask who the heck are Vizio?
Right?
I guess there's some popular brand in the US.
Well, they're quite popular. They manage apparently 11 million televisions were affected by this, and the data has been collected from these since February 2014.
So this is— we're not talking— so according to the FTC, this is second-by-second data about what you're watching and to share it with advertisers.
So the whole point is obviously to make a, you know, to share that information with advertisers to help them target their users better.
So this is— we're not talking— so according to the FTC, this is second-by-second data about what you're watching and to share it with advertisers.
So the whole point is obviously to make a, you know, to share that information with advertisers to help them target their users better.
Basically, they try to do Google and Facebook except people come after them.
Yeah, without telling them. And this is all for the privilege of buying the wonderful television, right?
Anyway, so they collect things like sex, your gender rather, age, income, marital status, etc. So all this information can be shared on.
So they've been asked to pay the fine of $2.2 million, and some might say, wow, that's a lot of money. But if you think about it, you're about to say it's pretty cheap.
Yeah, it's about 20 cents per television or per impacted television. Okay, 20 cents.
And you know, someone on Reddit called Light Fusion said, you know, what the heck, where's my cut? And that's a really good point. It's his information that's been taken, right?
So I don't know. Another point, someone else on Reddit said this, and I thought this was quite interesting. He says, you know, this is from Flat5.
He says, the most disturbing part of all this is how we're so beaten down on privacy, tracking, and snooping that most will just shrug at this and assume that's what's going on anyway.
And I think that's a really good point.
Anyway, so they collect things like sex, your gender rather, age, income, marital status, etc. So all this information can be shared on.
So they've been asked to pay the fine of $2.2 million, and some might say, wow, that's a lot of money. But if you think about it, you're about to say it's pretty cheap.
Yeah, it's about 20 cents per television or per impacted television. Okay, 20 cents.
And you know, someone on Reddit called Light Fusion said, you know, what the heck, where's my cut? And that's a really good point. It's his information that's been taken, right?
So I don't know. Another point, someone else on Reddit said this, and I thought this was quite interesting. He says, you know, this is from Flat5.
He says, the most disturbing part of all this is how we're so beaten down on privacy, tracking, and snooping that most will just shrug at this and assume that's what's going on anyway.
And I think that's a really good point.
Well, it is going on.
I mean, not with the TV sets, of course, but it's kind of interesting how they try to include this algorithm which would actually measure what kind of things you're watching and sell this information.
It's pretty valuable.
I mean, not with the TV sets, of course, but it's kind of interesting how they try to include this algorithm which would actually measure what kind of things you're watching and sell this information.
It's pretty valuable.
So Carole, I'm going to make a wild stab in the dark here, right? I'm going to make a prediction.
I haven't read up about this story, but I'm going to predict that they didn't ask people's permission beforehand.
I haven't read up about this story, but I'm going to predict that they didn't ask people's permission beforehand.
Yeah. Were you falling asleep when I started talking? So yeah, I did say, I said very clearly, without user consent. When you re-listen, I think you'll be embarrassed. Yes.
So no user consent.
So no user consent.
So weren't there some other, like, even bigger manufacturers that people are accusing of doing something.
Yeah, yeah. So this isn't the first time.
This is not—
Yeah, yeah, this is not the first time. So back, I mean, this started 2013. So a blogger called Dr.
Beat found that LG was sending information on what, you know, they watched, but also was sending information on media files.
So, right, he would— you could create media files and that you were streaming, and you could give them new names.
So to test, and apparently also you could turn off the settings, right, to say I don't want to share this information with you.
Beat found that LG was sending information on what, you know, they watched, but also was sending information on media files.
So, right, he would— you could create media files and that you were streaming, and you could give them new names.
So to test, and apparently also you could turn off the settings, right, to say I don't want to share this information with you.
So if you're watching all the pirated videos on your—
Right.
Yeah, interesting.
So, yeah, Dr.
Beat then decided to try it out and he changed one of the media files to midget_porn_2013.avi just to illustrate the type of show, you know, it's to show that this is not the kind of thing you want to be shared around necessarily.
So it's all about user consent, right? And of course—
Beat then decided to try it out and he changed one of the media files to midget_porn_2013.avi just to illustrate the type of show, you know, it's to show that this is not the kind of thing you want to be shared around necessarily.
So it's all about user consent, right? And of course—
But you know, you know, I remember Dr. Beat, because he's a UK blogger and he got in touch with me.
And one of the interesting things he discovered was it would share that information to LG even if you went into the settings and you told it not to take the information, which is just horrendous.
And one of the interesting things he discovered was it would share that information to LG even if you went into the settings and you told it not to take the information, which is just horrendous.
That's pretty serious.
Yeah, exactly.
And that's something that's really important in the advice that we're going to give in a second, because I did a bit of digging around of how do you deal with this, right?
So let's go to that right now. So one of the things is maybe just buy a dumb TV. That's my biggest good advice.
So you want to think about things like microphones and cameras that are on televisions. Maybe buy one that doesn't have those things.
I mean, we talked about this before earlier in different episodes.
But the idea of, do you really want to have your entire house being a big microphone and video camera that's recording everything you do?
The other concept is maybe don't connect your TV to the internet at all. And if it's already connected, you can consider disconnecting it.
But also make sure that it doesn't remember the password to get in. Set it back to factory settings.
And that's something that's really important in the advice that we're going to give in a second, because I did a bit of digging around of how do you deal with this, right?
So let's go to that right now. So one of the things is maybe just buy a dumb TV. That's my biggest good advice.
So you want to think about things like microphones and cameras that are on televisions. Maybe buy one that doesn't have those things.
I mean, we talked about this before earlier in different episodes.
But the idea of, do you really want to have your entire house being a big microphone and video camera that's recording everything you do?
The other concept is maybe don't connect your TV to the internet at all. And if it's already connected, you can consider disconnecting it.
But also make sure that it doesn't remember the password to get in. Set it back to factory settings.
But so many great apps on your TV when you have a smart TV.
I know.
Which of course I don't have, but I've seen people having it. They love it.
I have a smart TV. I have to say, I can't imagine not having my TV connected to the internet anymore. It's the main way in which we watch television now.
No, but is your TV connected to the internet or are you using an Apple TV box or one of these viewing boxes?
I have an Apple TV box, but I also have a TV which is connected to the internet. Yeah.
Oh, really? Yeah.
Yeah, it has all the apps you need, your Netflixes and stuff. They're all—
Yeah. No, no, and I get that. We all understand that, right? This has always been the thing with security is it's what do you want in terms of convenience?
What are you looking for versus the security implications of that? And I think everyone has to answer that for themselves.
What are you looking for versus the security implications of that? And I think everyone has to answer that for themselves.
I'll tell you what I want. What I want is a TV manufacturer who's happy with the X hundred pounds or whatever I've given them for the television, and they say, "That's a fair cop.
Thank you very much, Mr. Cluley.
We'll take your money and we'll go make a profit out of that." What I don't want are TV manufacturers trying to get additional money out of me by selling private information to advertisers.
That's outrageous. Or at the very least, it should be something that you have to consciously opt into, not something that's turned on by default.
Thank you very much, Mr. Cluley.
We'll take your money and we'll go make a profit out of that." What I don't want are TV manufacturers trying to get additional money out of me by selling private information to advertisers.
That's outrageous. Or at the very least, it should be something that you have to consciously opt into, not something that's turned on by default.
I can already see smart Samsung Smart TV edition, special edition GC.
This is a bit when you go to a shop to go get anything, even get a pair of shoes or something, and they say postcode to you as though it's a requirement in order to make that purchase.
And really all you're doing is giving them information for them to understand it's something they should purchase from you. So I think you should just charge for it.
And really all you're doing is giving them information for them to understand it's something they should purchase from you. So I think you should just charge for it.
They try to ask you so many things. Postcode is just one of the things. Email is another thing. It's just you really don't need my email.
Exactly. It's outrageous. Anyway, I don't mind if they just ask, but if they kind of dictate it as part of the transaction, if they request it so firmly. I find it a bit—
Sure, that's probably true. Yeah, they probably don't need that.
I think just turn off your television and listen to a decent podcast instead. If only we knew some decent podcasts people could listen to. Never mind.
So I think we've moved in, moving on now to feedback. We're heading towards the close of the show.
Before we do that, we've got some feedback from listeners, people who've listened to the last few shows and sent in their comments via Twitter or email.
Richard Threecats, great name, on Twitter says, oh, this is because, I'll tell you what he's commenting on.
As you know, we changed the theme tune because somebody in the team wanted to change the theme tune. So the theme tune got changed and we asked people, what did you think of it?
And Richard Threecats says, this is subjective. Well, of course, I love new music, but the old one sounded like the end credit music on an anime.
So I think we've moved in, moving on now to feedback. We're heading towards the close of the show.
Before we do that, we've got some feedback from listeners, people who've listened to the last few shows and sent in their comments via Twitter or email.
Richard Threecats, great name, on Twitter says, oh, this is because, I'll tell you what he's commenting on.
As you know, we changed the theme tune because somebody in the team wanted to change the theme tune. So the theme tune got changed and we asked people, what did you think of it?
And Richard Threecats says, this is subjective. Well, of course, I love new music, but the old one sounded like the end credit music on an anime.
Actually, you could say I really like anime and I can see that. Yeah, I can see exactly what you mean.
I quite liked the old music.
Yeah. Lee Dalton on Twitter says, is somewhat critical of the new theme tune, or maybe he likes the '80s.
He said, love the podcast, but a #1980s called asking for the theme tune back.
He said, love the podcast, but a #1980s called asking for the theme tune back.
Hey, I think retro '80s is a while ago now. It's 30 years. It's retro. It's back, baby.
Okay. Gambler left the review on iTunes. We always appreciate our iTunes reviews. Ka-ching, thank you very much.
He said, "Engaging hosts and a myriad of subjects covered." He must be listening to Risky Business or one of those other security podcasts.
"Somewhat lightheartedly, but comprehensively each week. This is a great start for the new podcasting team.
I'd be happier with over half an hour, but that's just me and my overlong commute." Aw, poor old Gambler. "Really enjoying your work, great job." Well, thank you, Gambler.
We really appreciate all the positive feedback that we've been getting.
He said, "Engaging hosts and a myriad of subjects covered." He must be listening to Risky Business or one of those other security podcasts.
"Somewhat lightheartedly, but comprehensively each week. This is a great start for the new podcasting team.
I'd be happier with over half an hour, but that's just me and my overlong commute." Aw, poor old Gambler. "Really enjoying your work, great job." Well, thank you, Gambler.
We really appreciate all the positive feedback that we've been getting.
Ah, and we got one last one from our splinter episode on passwords from Dan Raywood saying, "A nice 13-minute explanation on how to do better password security without technical jargon.
Smashing Security is fast becoming a great podcast." Thank you, Dan.
Smashing Security is fast becoming a great podcast." Thank you, Dan.
That's very kind. Yay, very nice.
Ah, isn't that great? Well, if you like the podcast, please consider subscribing. You can go onto iTunes and subscribe up there or leave a review.
Not just on iTunes, we're also on Google Play Music, Stitcher, TuneIn, Overcast, And one of my buddies the other day found out that you can actually listen to us via the Amazon Echo.
One of our listeners, Richard Starnes, got in contact with me and asked me to add us as a skill.
Not just on iTunes, we're also on Google Play Music, Stitcher, TuneIn, Overcast, And one of my buddies the other day found out that you can actually listen to us via the Amazon Echo.
One of our listeners, Richard Starnes, got in contact with me and asked me to add us as a skill.
Is that where Alexa is?
Yes.
So you could say, Alexa, play Smashing Security.
Oh, that's it. Alexa, subscribe. Yes. Add us to the flash briefing if you want to. So do listen to Smashing Security via any of those methods. We really appreciate it.
And leaving a review does make a big difference. That just about wraps it up. Thank you, Carole Theriault. Thank you, Vanja Švajcer. Thank you at home for listening in.
If you like the show, tell your friends. Follow us on Twitter. We're @SmashingSecurity on Twitter or at smashingsecurity.com. But until next time, cheerio.
And leaving a review does make a big difference. That just about wraps it up. Thank you, Carole Theriault. Thank you, Vanja Švajcer. Thank you at home for listening in.
If you like the show, tell your friends. Follow us on Twitter. We're @SmashingSecurity on Twitter or at smashingsecurity.com. But until next time, cheerio.
Bye.
Blurb:
Printers start churning out ASCII art after a vigilante hacker hijacks 160,000 devices, a researcher reveals how you can get Donald Trump to tweet an embarrassing spoof video of himself, and has your smart TV been snooping on you?
Show notes
- Hacker: I made 160,000 printers spew out ASCII art around the world
- ASCII art collection
- How I hijacked top celebrities tweets including Katy Perry, Shakira…
- Donald Trump’s hijacked tweet
- VIZIO Settlement: Smart TVs should not track your shows without your O.K.
- Vizio settles FTC lawsuit and agrees to get viewer consent before tracking TV habits
- LG Smart TVs logging USB filenames and viewing info to LG servers
Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team on Bluesky.
To be honest I've long since stopped using my home scanner. A colleague got me onto Scanner Pro some time back (for iOS) and within just under 1 second I've got a nicely scanned document which has all the creases, dark lines etc. removed and the file is automatically converted to PDF (or JPEG) prior to being uploaded, in the background, to my cloud service. I can then access it anywhere – my computer, mobile, tablet, the internet etc. Obviously the cloud upload is optional. It also has OCR built in.
It's quicker than a conventional flatbed scanner, you can scan massive documents (e.g. A2 paper) and multiple pages are converted and compressed into one single PDF.
Pro Version (£3.99)
https://itunes.apple.com/gb/app/scanner-pro-pdf-document-scanner/id333710667?mt=8
Free Version
https://itunes.apple.com/gb/app/scanner-app-free-pdf-scanner/id581365763?mt=8
Other software is available although this is the best in my experience.
Grey[scale]-Hat Hacker