We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault.
Then we time-hop to the post-quantum scramble: “harvest-now, decrypt later”, Microsoft’s 2033 quantum-safe pledge, and whether your printer will survive the update apocalypse.
All this, plus a gloriously dodgy URL “shadyfier,” and turning the iconic iMac G4 into a modern media hub.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
Smashing Security #432:
Oops! I auto-filled my password into a cookie banner
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
Thom Langford:
@thomlangford.bsky.social
@
Episode links:
- DOM-based Extension Clickjacking: Your Password Manager Data at Risk – Marek Tóth.
- Major password managers can leak logins in clickjacking attacks – Bleeping Computer.
- Microsoft to Make All Products Quantum Safe by 2033 – Infosecurity Magazine.
- Shady URL.
- DockLite G4 – Juicy Crumb.
- I perfected the iMac G4 – YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
