Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist’s Geoff White.
Smashing Security #278: 'Tim Hortons, avoiding sanctions, and good faith security research'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Hosts:
Graham Cluley – @gcluley
Carole Theriault – @caroletheriault
Guest:
Geoff White – @geoffwhite247
Show notes:
- Double-double tracking: How Tim Hortons knows where you sleep, work and vacation — Financial Post.
- Report: Tim Hortons collected location data without consent — The Register.
- Joint investigation into location tracking by the Tim Hortons App — Office of the Privacy Commissioner of Canada.
- Mandiant: “No evidence” we were hacked by LockBit ransomware — Bleeping Computer.
- Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act — Dept of Justice.
- DOJ: Congress looked into CFAA updates but effort was stalled by extortion concerns — The Record.
- The (still) unanswered questions around the CFAA and ‘good faith’ security research — SC Magazine.
- Sex Education — Netflix.
- Forest fr1ends — Twitter.
- Inch Calculator.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
Try Kolide Free for 14 Days; no credit card required.
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.
Get started right now, with a free forever account, at snyk.co/smashing
Follow the show:
Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.