How to protect yourself from Bitcoin hackers, why you should think twice before giving Amazon the keys to your house, and how a private investigator tried to hack Donald Trump’s tax returns.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mikko Hyppönen from F-Secure.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
At an exchange, anything else is much more secure, whether it's a piece of paper with the private keys printed on it or a hardware wallet.
It's almost like a multifactor. I guess what, you wear it around your neck, Graham, your little USB?
No, Carole, I don't.
So Graham, where do you have it then, Graham?
I won't tell you where I'm dangling it from. But—
Disgusting.
Smashing Security, Episode 57. Mikko, live from the sauna, talks bitcoin security with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 57.
My name is Graham Cluley.
My name is Graham Cluley.
And I'm Carole Theriault.
And Carole, we are joined by a very special guest today.
We are.
He's come all the way from— hopefully he's actually broadcasting from his sauna right now. It is the one and only Mikko Hypponen. Hi, Mikko.
Well, hello.
Hi there. Thank you for having me on Smashing Security.
Mikko, is he saying your name correctly?
No.
Say it for us, please.
Well, actually, it's pretty good, but I have a very long K and a very long P. So my name is Mikko Hypponen. There we go.
Mikko Hypponen.
Actually, if you go to my Wikipedia page, I've had a Wikipedia editor approach me in the Netherlands a year ago, and she wanted to record how I'm saying my own name.
And the purpose was that she wanted to put it on my Wikipedia page. So my Wikipedia page has me telling you how to say my name.
And the purpose was that she wanted to put it on my Wikipedia page. So my Wikipedia page has me telling you how to say my name.
Carole, could you try and say Mikko's name again?
Yeah. Mikko Hypponen.
Sounds a little bit like someone's given you the Heimlich maneuver, I have to say.
I think it's quite fun. I think I'd be a happier person if everyone's name had a little hit inside it.
Anyway, look, I'm sure that everybody who listens to Smashing Security knows who Mikko is, but he's a celebrity of the security industry. He's a keynote speaker. He has the ponytail.
He's a Legolas lookalike and he's Chief Research Officer of F-Secure. And the closest thing to a rock star we have in this business, isn't he?
He's a Legolas lookalike and he's Chief Research Officer of F-Secure. And the closest thing to a rock star we have in this business, isn't he?
Never trust a man with a ponytail.
He looks like one of the goons from Die Hard, quite frankly.
How long have you had your ponytail?
I've had long hair and ponytail since my teenage years. I had to cut it away during the military service, which is mandatory in Finland, when I was 19.
And then I had to, well, it was cut away violently against my will at the Hack in the Box conference in Malaysia 5 years ago.
And then I had to, well, it was cut away violently against my will at the Hack in the Box conference in Malaysia 5 years ago.
That's what I remember. Yes.
We'll link to a video in the show notes.
Oh yes, please do. It wasn't voluntary.
I mean, they had this charity auction at the end of the conference where they were auctioning off t-shirts and stuff for some goddamn children's cancer hospital or something like that.
I mean, they had this charity auction at the end of the conference where they were auctioning off t-shirts and stuff for some goddamn children's cancer hospital or something like that.
Damn those cancer kids.
At the end of it, they asked me to come to the stage, and me, like an idiot, I come to the stage and I had no idea.
And they just told me, yeah, now we're gonna auction off your ponytail. What do you do? You're gonna be a jerk and walk off, or you just submit.
And I submitted and they cut it off and they got, I think, $2,000.
And they just told me, yeah, now we're gonna auction off your ponytail. What do you do? You're gonna be a jerk and walk off, or you just submit.
And I submitted and they cut it off and they got, I think, $2,000.
Hang on, so someone actually ended up with your ponytail?
I'm sure it's been made into a beautiful wig. I'm worried about—
I have no idea where it is today.
Imagine what DNA personal data could be taken. You could be being cloned right now, Mikko.
Hopefully I am. I wish— I'd love to speak with my clone. By the way, Graham, as you know, we two go back years and years. So I actually went and searched my email for Graham Cluley.
First hit I have in my email is from 1st of April, 1997.
First hit I have in my email is from 1st of April, 1997.
Yeah.
Email address sans PM at comperlink.co.uk.
Oh yes. That was when I was at Dr. Solomon's. That was my internet address because we didn't have real email addresses inside the company at the time.
So I had to use an external provider.
So I had to use an external provider.
And then in 1998, you had grahamcluley.uk at uk.drsolomon.co.uk. Oh yeah.
Oh, look at that.
Yeah. I didn't know you, Graham.
Yes, that's— I did exist before you, Carole. And I was— I had been on— I'd been on Comp Virus or Virus L for many years. In fact, previous to even joining Dr.
Solomon's, I was on VirusL, which you may well have been on as well. I think we both joined the industry about the same time.
I joined in January '92, and I think maybe you've got a couple of months on me.
Solomon's, I was on VirusL, which you may well have been on as well. I think we both joined the industry about the same time.
I joined in January '92, and I think maybe you've got a couple of months on me.
Yeah, I joined in June 1991. So yeah, roughly. Well, in the beginning, I wasn't really—
You guys are so cool.
Well, I spent some time with security, but not all of my time in security.
I was hired in this very company in June 1991, but originally I was just a coder doing database stuff, and then I migrated into malware a little bit.
I was hired in this very company in June 1991, but originally I was just a coder doing database stuff, and then I migrated into malware a little bit.
Well, there's one thing that we're ahead of.
This is our episode 57 of our podcast, Mikko, and I heard just last week that you guys at F-Secure have launched your own podcast, haven't you?
This is our episode 57 of our podcast, Mikko, and I heard just last week that you guys at F-Secure have launched your own podcast, haven't you?
With a great name.
It's called Cybersecurity Sauna.
Are you in a sauna right now?
I can't comment on that.
And also whether I'm naked or not, I'm not going to comment on that either. Okay, we'll be right back after this break.
This episode of Smashing Security is supported in part by NetSparker.
NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross-site scripting, SQL injection, and other vulnerabilities and coding errors that can leave you and your business exposed, then you need NetSparker.
Try it out now by downloading a demo from www.netsparker.com/smashing.
This episode of Smashing Security is supported in part by NetSparker.
NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross-site scripting, SQL injection, and other vulnerabilities and coding errors that can leave you and your business exposed, then you need NetSparker.
Try it out now by downloading a demo from www.netsparker.com/smashing.
Today's podcast is also sponsored— This episode is sponsored in part by OneLogin. OneLogin provides single sign-on.
This allows IT to say which users have access to which applications at which time and also enforces two-factor authentication.
So even if credentials are compromised, hackers can't get access to those corporate services.
Find out more about OneLogin and download a free guide to identity access management at smashingsecurity.com/onelogin. On with the show.
This allows IT to say which users have access to which applications at which time and also enforces two-factor authentication.
So even if credentials are compromised, hackers can't get access to those corporate services.
Find out more about OneLogin and download a free guide to identity access management at smashingsecurity.com/onelogin. On with the show.
Right, and welcome back.
Well, every week we look at stories which have piqued our interest from the world of security. And I saw an interesting story about a chap, a 32-year-old chap called Jordan Hamlet.
I don't know if he's any relation to the Prince of Denmark.
And he is facing up to 5 years in prison and a quarter of a million dollar fine because he tried to get into someone's tax account in order to view their tax records.
I don't know if he's any relation to the Prince of Denmark.
And he is facing up to 5 years in prison and a quarter of a million dollar fine because he tried to get into someone's tax account in order to view their tax records.
Okay.
Now, you're probably wondering, whose tax returns would be of interest to a private investigator based in—
I have an idea whose it might be.
Do you have any thoughts on who that might be?
Is he a blonde bombshell of a leader?
Not a blonde, well, maybe a strawberry blonde. I mean, it's absolutely—
Orange-skinned.
That's the one. Dude. So Donald John Trump was the subject of this particular chap. He managed to get hold of Donald Trump's Social Security number, which probably isn't—
So hold on, hold on. Probably isn't Hamlet tried hacking Trump, is that what you say?
Well, yes, exactly. Outrageous, isn't it, for him to attack the king like this? But yes, it appears that's what was happening.
So he managed to get hold of Trump's Social Security number and other personal information to open an online application for federal student aid.
I don't know if that was for Trump University or not. And he did this before the US election in September 2016. And once he'd done that, once he'd created—
So he managed to get hold of Trump's Social Security number and other personal information to open an online application for federal student aid.
I don't know if that was for Trump University or not. And he did this before the US election in September 2016. And once he'd done that, once he'd created—
So we don't know how he got the Social Security number.
Well, to be honest, I doubt it's very difficult to get hold of the Social Security number of Donald Trump.
I mean, it's not very difficult to get hold of the Social Security number of anybody these days, is it? There have been so many data breaches and so forth.
I mean, it's not very difficult to get hold of the Social Security number of anybody these days, is it? There have been so many data breaches and so forth.
Yeah, I'm actually Googling for it right now.
But what he did was he, having created an account, he then tried to obtain a username and password.
He did that, and he tried to use an IRS service to obtain Trump's tax information.
Now, you may well remember that the hacking magazine 2600 offered $10,000 for the first person to access Donald Trump's tax returns.
He did that, and he tried to use an IRS service to obtain Trump's tax information.
Now, you may well remember that the hacking magazine 2600 offered $10,000 for the first person to access Donald Trump's tax returns.
Yeah.
And they were actually encouraging people, look, you know, Donald Trump's keep on saying, you know, Russians, if you've got hold of any of Hillary's emails, let me know.
Well, they sort of turned the tables and said, wasn't there a porn baron?
Well, they sort of turned the tables and said, wasn't there a porn baron?
Was it, was it a penthouse guy who offered something like a million quid for any information that would help bring Trump off the throne?
I don't know what magazines you've been reading, Carole, but I missed that particular story.
Very reputable stories from reputable press agencies.
Oh, I see.
By the way, I found the Social Security number. This is how long it took.
Really?
Wow.
I'm not going to say it out loud, but I have it right here. Please don't come after me, Secret Service. It also has date of birth, which says 14th of June, 1946.
I wonder if that's correct.
I wonder if that's correct.
That feels about right. Yeah, I think he's sort of early 70s, isn't he? Yeah. So it feels quite plausible. If you don't know his date of birth, it's going to be on Wikipedia.
It made me wonder, how difficult is it to get hold of anybody's Social Security number rather than just if you're a special person like Donald Trump?
Well, it's not difficult at all, is it? Because we saw that huge hack of Equifax. I don't know, Equifax is a consumer credit reporting giant.
They're the kind of company who can stop you from getting a loan or being accepted for a mortgage.
It made me wonder, how difficult is it to get hold of anybody's Social Security number rather than just if you're a special person like Donald Trump?
Well, it's not difficult at all, is it? Because we saw that huge hack of Equifax. I don't know, Equifax is a consumer credit reporting giant.
They're the kind of company who can stop you from getting a loan or being accepted for a mortgage.
I think everyone knows Equifax by now.
Well, they should know because Equifax, of course, got hacked earlier this year and that left 143 million Americans exposed.
Problem is that you don't have to personally, as an individual, be a customer of these services.
It's that you are dealing with businesses like mobile phone companies or credit card companies who are checking out your creditworthiness.
So Equifax have details of hundreds of millions of people and a lot of information on every single one. A lot of personal, highly personal information that got exposed to hackers.
And it's not like I can't do business with Equifax because they've already got my details whether I like it or not.
Problem is that you don't have to personally, as an individual, be a customer of these services.
It's that you are dealing with businesses like mobile phone companies or credit card companies who are checking out your creditworthiness.
So Equifax have details of hundreds of millions of people and a lot of information on every single one. A lot of personal, highly personal information that got exposed to hackers.
And it's not like I can't do business with Equifax because they've already got my details whether I like it or not.
And this is actually very common in these large data leaks that users could not have done anything. It wasn't their fault. There's nothing they could have done to prevent this.
So this thing which keeps on repeating in newspapers about blaming the users, how users clicked on the wrong link or opened up the wrong attachment.
Many of these cases of data leaks actually have nothing to do with two-factor authentication.
So this thing which keeps on repeating in newspapers about blaming the users, how users clicked on the wrong link or opened up the wrong attachment.
Many of these cases of data leaks actually have nothing to do with two-factor authentication.
Hear, hear.
Yeah, absolutely. It's wrong to always blame the user. Once identity thieves have got this personal information, they can exploit it potentially for months, if not years later.
Which means that when Equifax offers you a 90-day credit fraud alert, that's not necessarily going to be long enough, is it? Because that information could be exploited in future.
So right now it's about 90 days since Equifax first alerted people to the hack. So anyone who decided, "Yes, I am gonna turn on that fraud alert," you probably want to renew it.
To make sure that any credit company, you know, which wants to verify your identity before letting you open an account or let an imposter open the account, lets you know that that's happening and then you can give it permission.
But there's one other way in which you can protect yourself and that is by placing a security freeze on your credit file.
Which means that when Equifax offers you a 90-day credit fraud alert, that's not necessarily going to be long enough, is it? Because that information could be exploited in future.
So right now it's about 90 days since Equifax first alerted people to the hack. So anyone who decided, "Yes, I am gonna turn on that fraud alert," you probably want to renew it.
To make sure that any credit company, you know, which wants to verify your identity before letting you open an account or let an imposter open the account, lets you know that that's happening and then you can give it permission.
But there's one other way in which you can protect yourself and that is by placing a security freeze on your credit file.
Oh!
When you freeze your credit file, you or anyone masquerading as you will be required to unfreeze your account or thaw it, if you like, by providing the PIN that they gave you when you froze your credit.
And that's a good piece of advice. And don't just freeze your credit file at Equifax, do it also at Experian, TransUnion, the other big credit companies.
And like I said, if you need to unfreeze it temporarily to apply for some new line of credit in future, then do it. It does cost a few dollars.
And that's a good piece of advice. And don't just freeze your credit file at Equifax, do it also at Experian, TransUnion, the other big credit companies.
And like I said, if you need to unfreeze it temporarily to apply for some new line of credit in future, then do it. It does cost a few dollars.
Don't forget your PIN.
Right, don't forget your PIN. Put that in your password manager, put it somewhere securely. Don't just put it on a text file on your desktop.
Don't make it 1111.
But do something like that and you can better protect yourself from these kind of attacks.
And while we are speaking about credit cards, I still do recommend credit cards as a payment mechanism online, as long as you read your credit card bills, because this is the guaranteed way of recovering from fraud.
If you get fraud while you're doing payments online and it was done with your credit card, you can always call your bank and get it changed and get a new credit card.
But the key part is read your credit card bills.
If you get fraud while you're doing payments online and it was done with your credit card, you can always call your bank and get it changed and get a new credit card.
But the key part is read your credit card bills.
Yeah. And one other piece of advice you may want to consider is why not have a separate credit card specifically for internet purchases?
And you can set a limit on that, which might be different from your household credit card as well.
And maybe then you've got a little bit more control as to how it could potentially be exploited.
Because even if you can claim the money back, that can take a while and you might be left in the lurch without some pennies in the meantime anyway.
And you can set a limit on that, which might be different from your household credit card as well.
And maybe then you've got a little bit more control as to how it could potentially be exploited.
Because even if you can claim the money back, that can take a while and you might be left in the lurch without some pennies in the meantime anyway.
Hold on, hold on. I have to un-sully my name here.
I was talking earlier about Larry Flynt's, not a million-dollar, but $10 million offer for information leading to Trump's impeachment.
I was talking earlier about Larry Flynt's, not a million-dollar, but $10 million offer for information leading to Trump's impeachment.
Oh, he has said in the past that he would be very willing to supply his tax records. It's just that they're being audited, although the IRS say, well, that's not a problem.
It's a long audit.
You know, it's also not any restriction. You know, it's like, you can still go ahead, mate.
Maybe he has some bitcoin in there, so it takes such a long time to audit.
What a segue. What a segue.
He's a professional, Mikko, isn't he? Because Mikko, what are you going to talk to us about this week?
Well, this week I think a pretty self-evident topic is cryptocurrencies, because cryptocurrencies are going crazy. It's just insane when you look at this valuation.
If you're offline for a week and you come back and you look at what's happening, it's crazy. Bitcoin is at $17,000.
If you're offline for a week and you come back and you look at what's happening, it's crazy. Bitcoin is at $17,000.
In two weeks or something. It's crazy.
I know it's crazy. Ethereum is at $550. Litecoin is at $270. Actually, when I was writing this down 10 minutes ago, I wrote $250. It's actually $270 now in 15 minutes.
It's just - fact is that bitcoin has been exploding this year, but both Ethereum and Litecoin has been growing faster than bitcoin. So take that.
And of course, in our field of cybersecurity, we do run into cryptocurrencies all the time because real-world criminals love cash and online criminals love cryptocurrencies.
But of course, it doesn't mean that they are evil. They're just a tool. I mean, we all use real-world cash as well. Real-world cash isn't bad or good. It's just a tool.
Exactly in the same way, cryptocurrencies or virtual currencies can be used for good and bad. The more valuable they are, the more interesting they are as a target to hackers.
So it's an easy forecast to make that we will be seeing more hacks against, or attempted hacks against cryptocurrency exchanges, against individuals who are known to hold large amounts of cryptocurrencies.
It's just - fact is that bitcoin has been exploding this year, but both Ethereum and Litecoin has been growing faster than bitcoin. So take that.
And of course, in our field of cybersecurity, we do run into cryptocurrencies all the time because real-world criminals love cash and online criminals love cryptocurrencies.
But of course, it doesn't mean that they are evil. They're just a tool. I mean, we all use real-world cash as well. Real-world cash isn't bad or good. It's just a tool.
Exactly in the same way, cryptocurrencies or virtual currencies can be used for good and bad. The more valuable they are, the more interesting they are as a target to hackers.
So it's an easy forecast to make that we will be seeing more hacks against, or attempted hacks against cryptocurrency exchanges, against individuals who are known to hold large amounts of cryptocurrencies.
And this is the danger.
But the other danger is, of course, that we've got lots of people now who are being attracted to invest in cryptocurrencies because they've seen all the headlines about bitcoin, for instance.
And so I think come Christmas, it's going to be a discussion around the dinner table amongst many people thinking, oh, what's all this bitcoin thing?
You know, how can we get on board that bandwagon and they might not know how best to protect themselves.
At the very simplest level, there's the risk of phishing attacks, and I've seen some of those happening claiming to come from bitcoin exchanges, as well as the bitcoin exchanges themselves being hacked and exploiting vulnerabilities.
So what are the best ways for people to protect their investments in these?
But the other danger is, of course, that we've got lots of people now who are being attracted to invest in cryptocurrencies because they've seen all the headlines about bitcoin, for instance.
And so I think come Christmas, it's going to be a discussion around the dinner table amongst many people thinking, oh, what's all this bitcoin thing?
You know, how can we get on board that bandwagon and they might not know how best to protect themselves.
At the very simplest level, there's the risk of phishing attacks, and I've seen some of those happening claiming to come from bitcoin exchanges, as well as the bitcoin exchanges themselves being hacked and exploiting vulnerabilities.
So what are the best ways for people to protect their investments in these?
It's a very good point to be wary of phishing, especially phishing against people who are known to have bitcoins or other currencies, because if somebody fishes your credit card number or your bank account number, they won't be able to steal huge amounts of money, or if they are, we can try to track them by following the money.
But if someone steals your bitcoins, that could be potentially millions, and there's no way to get the money back. These transactions are irreversible.
That's one of the key features of bitcoin. We will not be able to track the money. We will not be able to get the money back. You really should be taking this very, very seriously.
And phishing attacks will only work if someone is able to get your credentials to a service where they can take coins away from.
And that's why I recommend storing your coins in physical wallets or physical hardware wallets, things like the Trezor or Ledger.
There's a couple of other brands which are actually making USB devices built for exactly this purpose.
But if someone steals your bitcoins, that could be potentially millions, and there's no way to get the money back. These transactions are irreversible.
That's one of the key features of bitcoin. We will not be able to track the money. We will not be able to get the money back. You really should be taking this very, very seriously.
And phishing attacks will only work if someone is able to get your credentials to a service where they can take coins away from.
And that's why I recommend storing your coins in physical wallets or physical hardware wallets, things like the Trezor or Ledger.
There's a couple of other brands which are actually making USB devices built for exactly this purpose.
Cool.
So these are little gadgets which you plug into your USB port, which store your private keys rather than you keep them on your computer or, indeed the private keys being stored in the cloud by your exchange instead.
And they've hopefully been built with strong encryption in mind. I must admit I've got a Trezor. I don't have very much investment in bitcoin, but I have a few.
And they've hopefully been built with strong encryption in mind. I must admit I've got a Trezor. I don't have very much investment in bitcoin, but I have a few.
What a great name, the Trezor.
I have, and it's a nice device. I have a Trezor myself. And the other one I mentioned is called Ledger.
There's a couple of others, but these two seem to be the biggest names in the business and they've been tested many, many times.
Of course, nothing's 100% secure, but the fact is that as long as it's not on your computer, as long as the coins are not on your computer or even worse, at an exchange, anything else is much more secure.
Whether it's a piece of paper with the private keys printed on it or a hardware wallet.
There's a couple of others, but these two seem to be the biggest names in the business and they've been tested many, many times.
Of course, nothing's 100% secure, but the fact is that as long as it's not on your computer, as long as the coins are not on your computer or even worse, at an exchange, anything else is much more secure.
Whether it's a piece of paper with the private keys printed on it or a hardware wallet.
It's almost like multifactor. What, you wear it around your neck, Graham, your little USB?
No, Carole, I don't.
So, Graham, where do you have it then?
I won't tell you where I'm dangling it from.
Disgusting.
I'm sorry, I'm sure you never get that in the cybersecurity sauna, that kind of talk, would you?
That's true. But let me re-emphasize that the most important thing though is not to keep your money on an exchange. Many people remember the hacking of Mt.
Gox, the biggest exchange at the time. And then we learned that many, many people who had bought bitcoin or other currencies from Mt.
Gox, they never moved the money away from the exchange. And this is like going to an airport and changing your pounds to euros and leaving them there. That's a bad idea.
So you want to move them away from an exchange because exchanges are prime targets for hackers.
So move your money away from exchanges and move it from your computer to a hardware wallet.
Gox, the biggest exchange at the time. And then we learned that many, many people who had bought bitcoin or other currencies from Mt.
Gox, they never moved the money away from the exchange. And this is like going to an airport and changing your pounds to euros and leaving them there. That's a bad idea.
So you want to move them away from an exchange because exchanges are prime targets for hackers.
So move your money away from exchanges and move it from your computer to a hardware wallet.
Great advice.
And also bear in mind, a lot of people are predicting the bubble is going to burst on some of these crypto. I don't know whether they will or when they will or not, who knows?
But the acceleration and the speed at which they've grown has been so considerable.
And what you have to watch out for is when the price does begin to go down and you want to get your money out, how easy is it going to be to get it out of those exchanges?
Some have limits.
Some I saw, I think one of the sites, Coinbase, I think put out an alert in the last few days just reminding people, you know, if lots of people try and take out money at the same time, we are going to struggle to manage that with our infrastructure.
So there's sort of a coded warning there.
But the acceleration and the speed at which they've grown has been so considerable.
And what you have to watch out for is when the price does begin to go down and you want to get your money out, how easy is it going to be to get it out of those exchanges?
Some have limits.
Some I saw, I think one of the sites, Coinbase, I think put out an alert in the last few days just reminding people, you know, if lots of people try and take out money at the same time, we are going to struggle to manage that with our infrastructure.
So there's sort of a coded warning there.
If there's a run on bitcoin, holy moly. And it's likely because this growth isn't sustainable. Well, it's, you know, and greed always wins, it seems.
Yeah, and especially the ICO market is just crazy.
That's the initial coin offerings, and there's tons of really, really shady tiny operations collecting massive investments through these ICOs.
So I would be really, really careful about that.
That's the initial coin offerings, and there's tons of really, really shady tiny operations collecting massive investments through these ICOs.
So I would be really, really careful about that.
And some of them are being promoted by celebrities, aren't they? They're sort of Paris Hiltons and the John McAfees of this world.
I'm really glad you guys did this topic, because I don't know very much about bitcoin or blockchain, and I've just started my research on it to try and understand it, because obviously it's everywhere.
I guess that the most— if I want to be really boring and a bit of a dad at this point—
Not hard, not hard for you.
Not hard for me. If anyone is thinking about putting their toe into bitcoin and these other cryptocurrencies, just always remember, only invest what you are prepared to lose.
Yeah, great advice, great advice, because it's highly likely you will lose it.
And one last thing, and I'll add a link to show notes, is that one neat way of investing, if you want to invest into bitcoin without worrying about it getting hacked from you, is to buy physical coins.
Most of these physical real-world bitcoins are thought of as gimmicks, but they actually are quite nice in the sense that you can take them, they hold real virtual coins inside, and you put them in a safe and then they can't be hacked because they are physical.
So, you know, there's a company called Denarium and a couple of others which make these, and I'll add a link to show notes.
And one last thing, and I'll add a link to show notes, is that one neat way of investing, if you want to invest into bitcoin without worrying about it getting hacked from you, is to buy physical coins.
Most of these physical real-world bitcoins are thought of as gimmicks, but they actually are quite nice in the sense that you can take them, they hold real virtual coins inside, and you put them in a safe and then they can't be hacked because they are physical.
So, you know, there's a company called Denarium and a couple of others which make these, and I'll add a link to show notes.
It's funny because with the crazy increase in the prices recently of bitcoin, I was sort of remembering, I think, oh, I created an account at one of these exchanges about 3 years ago.
Oh, I wonder if I put any money in. And so I logged into the account.
It turned out I hadn't, but some people had at the beginning of this year given me some bitcoins just because they liked my blog or whatever.
And it turned out they'd given me 3 pence. So I now have 97 pence in that particular, which is a great increase, I have to say. It's a fabulous increase.
Oh, I wonder if I put any money in. And so I logged into the account.
It turned out I hadn't, but some people had at the beginning of this year given me some bitcoins just because they liked my blog or whatever.
And it turned out they'd given me 3 pence. So I now have 97 pence in that particular, which is a great increase, I have to say. It's a fabulous increase.
You can't even get me a coffee.
You can't even get me a coffee for that.
I had a fairly similar experience because I was looking at my password manager and I realized I had saved a password for an exchange called bitcoin.de 4 years ago.
And I had no recollection that I had ever used them. So I looked into it. I had to change my password twice because it had been hacked twice since I last used it.
But turns out I never bought any bitcoin on the service. But whoever signed up for them 4 or 5 years ago was given 0.01 bitcoins for free. Which is $170 right now. That's free money.
I had a fairly similar experience because I was looking at my password manager and I realized I had saved a password for an exchange called bitcoin.de 4 years ago.
And I had no recollection that I had ever used them. So I looked into it. I had to change my password twice because it had been hacked twice since I last used it.
But turns out I never bought any bitcoin on the service. But whoever signed up for them 4 or 5 years ago was given 0.01 bitcoins for free. Which is $170 right now. That's free money.
Yeah.
Well, it's not money until it's sold, right?
Yes.
True.
Very good advice.
I haven't sold it yet. You want to buy it?
Carole, what have you got for us today?
Well, none of us, I think, are in any doubt that Amazon is super, super busy right now with the holiday shopping rush.
We know drivers and packers aren't lazing about sipping flat whites, don't we?
Just this week, in fact, UK paper The Mirror reported that Amazon drivers were forced to deliver 200 parcels a day while earning less than minimum wage.
And staff were reported to have so little time for food or toilet stops that they snatched hurried meals and urinated into plastic bottles in the van.
We know drivers and packers aren't lazing about sipping flat whites, don't we?
Just this week, in fact, UK paper The Mirror reported that Amazon drivers were forced to deliver 200 parcels a day while earning less than minimum wage.
And staff were reported to have so little time for food or toilet stops that they snatched hurried meals and urinated into plastic bottles in the van.
Oh, nice.
I hope they weren't driving at the time.
Too much detail.
I'll remember not to shake their hand when they pass me a parcel.
Lovely.
Merry Christmas, nice wave. Exactly. So obviously, drivers are being pushed to crazy delivery targets. But on the flip side, consumers are also suffering.
UK news reports say that 1 in 5 UK packages go missing because of theft from the doorstep. So Graham, you get a lot of packages delivered at your place.
UK news reports say that 1 in 5 UK packages go missing because of theft from the doorstep. So Graham, you get a lot of packages delivered at your place.
Yes, we do get a lot of deliveries here at our house. Yes.
Have you suffered any thefts?
No, not very fast, but it's quite quiet where I live, to be honest. And we've got a dog who will bark at anything which comes within about half a mile.
So that sort of warns me if anyone's coming up the path.
So that sort of warns me if anyone's coming up the path.
So I'm guessing you've never wondered, wouldn't it be great if packages could be delivered inside your house so that you would give it basically access to an Amazon driver to come in and pop them inside the house and take off?
Sorry, Carole. Sorry. When you said, wouldn't it be great?
Wouldn't it be an absolutely terrible idea to get these people who are paid very, very little money, who want to use a proper lavatory rather than a plastic bag, into my house while I'm not there?
Wouldn't it be an absolutely terrible idea to get these people who are paid very, very little money, who want to use a proper lavatory rather than a plastic bag, into my house while I'm not there?
Yeah, well, exactly. You could do a service and let them use a loo.
If they want to ask me, that's fine.
But maybe give them a sandwich, you know.
Exactly, make them sandwiches. So, well, say hello to the Amazon Key. New York Post reporter Jeffrey A.
Fowler recently tested the $250 internet-connected lock that is designed to give Amazon drivers access to your home so they can drop stuff off inside.
Now, a lot of people are complaining, and there's lots of videos online of people seeing packages being stolen.
However, aren't you worried about the Amazon driver in your house when you're not around?
Fowler recently tested the $250 internet-connected lock that is designed to give Amazon drivers access to your home so they can drop stuff off inside.
Now, a lot of people are complaining, and there's lots of videos online of people seeing packages being stolen.
However, aren't you worried about the Amazon driver in your house when you're not around?
So, so how does this work, Carole? The Amazon driver comes to your door and you're not there. What happens next?
Okay, so if you have the Amazon Key installed, you will get a phone alert with a window when the delivery is planned to happen.
And if no one is home, the delivery person taps an app that grants them one-time access to unlock your door, and he places the package— or she places the package inside and then relocks the door.
The moment the door's—
And if no one is home, the delivery person taps an app that grants them one-time access to unlock your door, and he places the package— or she places the package inside and then relocks the door.
The moment the door's—
And visits the loo—
The moment the door unlocks, the cloud cam which is attached to this Amazon Key starts recording and it sends you, the user, a live stream of the whole thing.
I'm really uncomfortable with you using the phrase live stream based upon what we've already described as the typical problem faced by an Amazon delivery person.
You know, I like to get a few of those in. So our journalist here basically ordered a bag full of packages and waited to see what would happen.
Right.
There was no nonsense behavior from the drivers. They obviously don't have time for any of that if they're delivering 200 parcels a day and nothing was stolen.
However, the experience was not problem-free. Setting up the Amazon Key on your door is really finicky.
I mean, obviously doors come in lots of shapes and sizes, and our journalist here had to fork out $100 for a new strike plate, which was an Amazon recommendation, in order to make sure that the Amazon Key could work properly.
He chose one of the 3 smart lock options that work with the Amazon Key.
And from time to time, he wrote, his Kwikset Convert Lock makes a screech that would alarm a hyena and flash a warning in the key app about jamming.
And this actually happened to him when one of his drivers was dropping off a package. The door started screaming at the driver and he basically, thank God he stayed.
I guess he gets fired if he leaves and the door is not closed properly, but he couldn't close the door.
However, the experience was not problem-free. Setting up the Amazon Key on your door is really finicky.
I mean, obviously doors come in lots of shapes and sizes, and our journalist here had to fork out $100 for a new strike plate, which was an Amazon recommendation, in order to make sure that the Amazon Key could work properly.
He chose one of the 3 smart lock options that work with the Amazon Key.
And from time to time, he wrote, his Kwikset Convert Lock makes a screech that would alarm a hyena and flash a warning in the key app about jamming.
And this actually happened to him when one of his drivers was dropping off a package. The door started screaming at the driver and he basically, thank God he stayed.
I guess he gets fired if he leaves and the door is not closed properly, but he couldn't close the door.
And you're paying $250 for this privilege of having a screeching door. Okay, carry on. Yeah. Great.
He'd ordered 8 different in-home deliveries and Amazon missed the original delivery window on 4 of them. And it also sent inaccurate alerts about when packages might arrive.
Which is annoying. You know, it's annoying when they say it's going to be delivered between 12 and 6. I'm like, oh, well, I'll just sit around. I'll wait for you.
But the big thing about all this is that it can't be accessed by any other businesses.
So in other words, you can't give access to Walmart or UPS or even a local cat or dog sitting company unless they're trading in the Amazon marketplace.
So Amazon's basically wanting to become the operating system of your home.
And add this to the Echo, the Dot, the Alexa, which, you know, is being adopted way faster than ever thought it would happen. Most people I know have one in their house.
Which is annoying. You know, it's annoying when they say it's going to be delivered between 12 and 6. I'm like, oh, well, I'll just sit around. I'll wait for you.
But the big thing about all this is that it can't be accessed by any other businesses.
So in other words, you can't give access to Walmart or UPS or even a local cat or dog sitting company unless they're trading in the Amazon marketplace.
So Amazon's basically wanting to become the operating system of your home.
And add this to the Echo, the Dot, the Alexa, which, you know, is being adopted way faster than ever thought it would happen. Most people I know have one in their house.
So they are becoming a monopoly.
But with all the market cap they have, you would think that Amazon would be able to build instead of this some sort of a, I don't know, teleportation system or something, you know, beam the goods to your home.
But with all the market cap they have, you would think that Amazon would be able to build instead of this some sort of a, I don't know, teleportation system or something, you know, beam the goods to your home.
That would be nice.
Am I right? I mean, we already have 3D printers. If you have an Amazon 3D printer in your house, they would just print all the stuff you want. Yeah. Like a replicator, huh?
Yeah, you'd need a lot of base materials in that printer, wouldn't you?
Well, one day. One day.
One day.
Today's podcast is sponsored in part by OneLogin. OneLogin provides single sign-on, which people think is a productivity tool, but it's very much a security tool.
Companies use hundreds of applications every day, with the average worker having to remember about 40 passwords.
Unless you use a product like OneLogin, passwords go into spreadsheets, into emails, and end up on Post-it notes.
OneLogin allows IT to say which users have access to which applications at what time, and also enforce two-factor authentication.
So even if credentials are compromised, hackers can't get access to those corporate services.
And by connecting to Active Directory, access to all of these services is deprovisioned as soon as someone leaves the organization.
OneLogin has customers like Airbus, Royal Mail, BSI, and Dun & Bradstreet.
Find out more about OneLogin and download a free guide to identity access management at smashingsecurity.com/one-login. That's smashingsecurity.com/one-login.
Companies use hundreds of applications every day, with the average worker having to remember about 40 passwords.
Unless you use a product like OneLogin, passwords go into spreadsheets, into emails, and end up on Post-it notes.
OneLogin allows IT to say which users have access to which applications at what time, and also enforce two-factor authentication.
So even if credentials are compromised, hackers can't get access to those corporate services.
And by connecting to Active Directory, access to all of these services is deprovisioned as soon as someone leaves the organization.
OneLogin has customers like Airbus, Royal Mail, BSI, and Dun & Bradstreet.
Find out more about OneLogin and download a free guide to identity access management at smashingsecurity.com/one-login. That's smashingsecurity.com/one-login.
Are you worried that your website might be the backdoor through which hackers can access your information and steal data? Well, if so, you'll be interested in our sponsor today.
NetSparker is a web application security scanner. It can automatically find the flaws in your website security and fix them before hackers can exploit them.
You can try it out right now. Download a demo from www.netsparker.com/smashing. On with the show.
And welcome back to our favorite bit of the show, the bit of the show we like to call Pick of the Week.
NetSparker is a web application security scanner. It can automatically find the flaws in your website security and fix them before hackers can exploit them.
You can try it out right now. Download a demo from www.netsparker.com/smashing. On with the show.
And welcome back to our favorite bit of the show, the bit of the show we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Should I repeat that?
Yes. Oh man, all right.
Pick of the Week. Fuck off, Graham.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, podcast, whatever they like. Doesn't have to be security related necessarily.
And my pick of the week this week.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, podcast, whatever they like. Doesn't have to be security related necessarily.
And my pick of the week this week.
Which is not security related.
Which is not security related necessarily, is a really cool website called code.org. So I've got a young son, he's 6 and something months, and he loves computer games.
He loves watching videos of people playing computer games. And he heard that many, many years—
He loves watching videos of people playing computer games. And he heard that many, many years—
That's unusual.
Yeah, very unusual. But he heard that many years ago when I was a young man, I used to write computer games. I bet you've been telling him that since the day he was born.
Yep, son, you might think this is impressive, you should see my CGA Tetris ripoff.
Anyway, so he's always said, "Oh, Dad, Dad, do you think we—" So it was all snowy this weekend and he said, "Do you think I could write a computer game, Dad?
I'd like to write a computer game like you used to." Just his way basically of getting screen time with me approving. Smart kid.
And I said, "Yes, you can." And we went to this site called code.org and it is terrific. And it's not just for 6-year-olds.
You can do this at any age, but there is a great easy learning path if you are young or if you feel intimidated by coding.
They have something called the Hour of Code Challenge, which is basically a sort of drag-and-drop visual programming language, a bit like Logo, if you remember pushing a turtle around, and it's really groovy.
So for instance, we wrote a little Minecraft game where he goes around and there are sheep spawning, there are creepers appearing at nighttime.
He wrote a Star Trek game where there's stormtroopers who he has to avoid. And he's telling it, you know, when I press the up arrow, move up, and when I do this, score 10 points.
And the last thing we did was yesterday morning, we made a Flappy Bird game.
And it's— this is awesome because you get these fantastic results within about half an hour to 45 minutes. You've got a game which you can then play.
You can send it to your friends as well and say, "I have written a computer game."
Yep, son, you might think this is impressive, you should see my CGA Tetris ripoff.
Anyway, so he's always said, "Oh, Dad, Dad, do you think we—" So it was all snowy this weekend and he said, "Do you think I could write a computer game, Dad?
I'd like to write a computer game like you used to." Just his way basically of getting screen time with me approving. Smart kid.
And I said, "Yes, you can." And we went to this site called code.org and it is terrific. And it's not just for 6-year-olds.
You can do this at any age, but there is a great easy learning path if you are young or if you feel intimidated by coding.
They have something called the Hour of Code Challenge, which is basically a sort of drag-and-drop visual programming language, a bit like Logo, if you remember pushing a turtle around, and it's really groovy.
So for instance, we wrote a little Minecraft game where he goes around and there are sheep spawning, there are creepers appearing at nighttime.
He wrote a Star Trek game where there's stormtroopers who he has to avoid. And he's telling it, you know, when I press the up arrow, move up, and when I do this, score 10 points.
And the last thing we did was yesterday morning, we made a Flappy Bird game.
And it's— this is awesome because you get these fantastic results within about half an hour to 45 minutes. You've got a game which you can then play.
You can send it to your friends as well and say, "I have written a computer game."
And they're actually— And this actually does remind me of Logo. I remember playing around with Logo on a Commodore 64 in 1980.
Kids. Yeah. Back in the Stone Age. But they move from this as you begin to progress.
And at first it's things like, you know, setting it up and they begin to get into for-next loops and they have events.
So when something happens or when you bump into this character, what should happen? And over time you actually begin to get into more sophisticated programming as well.
But these are the basic building blocks, which not just kids, but anyone who wants to learn about programming. I know I should have a go. Yeah. Carole, I even got Mrs.
Cluley to have a go. And she actually did some programming, much to her amazement. And found it quite fun. The site is called code.org.
It is completely free and it's worth checking out. And my son is having a blast and I think many other people of other ages would have great fun with it as well.
And at first it's things like, you know, setting it up and they begin to get into for-next loops and they have events.
So when something happens or when you bump into this character, what should happen? And over time you actually begin to get into more sophisticated programming as well.
But these are the basic building blocks, which not just kids, but anyone who wants to learn about programming. I know I should have a go. Yeah. Carole, I even got Mrs.
Cluley to have a go. And she actually did some programming, much to her amazement. And found it quite fun. The site is called code.org.
It is completely free and it's worth checking out. And my son is having a blast and I think many other people of other ages would have great fun with it as well.
Well, that was a good pick, Graham. And my pick of the week is a blog.
Some of you might know that outside of computer security stuff, my hobby is retro gaming, especially games from the early 1980s, late 1970s, and especially arcade coin-operated video games.
So there's this great blog run from UK from a guy called Tony Temple called Arcade Blogger, arcadeblogger.com. I'll put a link to show notes. It's a really good resource.
It's mainly just stories of finding really hard-to-find old machines and restoring them to their original glory and tons of pictures and stories about arcade raids and going and finding old barns full of old game machines and getting them saved.
It's a really good blog and I recommend it.
Some of you might know that outside of computer security stuff, my hobby is retro gaming, especially games from the early 1980s, late 1970s, and especially arcade coin-operated video games.
So there's this great blog run from UK from a guy called Tony Temple called Arcade Blogger, arcadeblogger.com. I'll put a link to show notes. It's a really good resource.
It's mainly just stories of finding really hard-to-find old machines and restoring them to their original glory and tons of pictures and stories about arcade raids and going and finding old barns full of old game machines and getting them saved.
It's a really good blog and I recommend it.
It does. This can't be from the Tony Temple that we know, Graham, because there'd be pictures of him everywhere.
Yes, we do know a Tony Temple who's quite a character. I don't believe he's interested in anything as much as himself.
Hi Tony, if you're listening.
There's actually a whole section on arcade raids, which is about finding old machines, including raiding an old ship in UK, which used to have a huge arcade, the Duke of Lancaster.
There's a great story with tons of photos saving these games from the ship where they had been for decades.
There's a great story with tons of photos saving these games from the ship where they had been for decades.
So Mikko, I want to put you on the spot right now. You are a huge fan of arcade video games, as we know. What is the greatest arcade video game? What is your favorite one?
That's a really easy question, and everybody agrees on the answer. The best video game ever is Xevious, made by Namco in Japan in 1982. Am I right?
It's called what?
It's called Xevious, like Devious with an X.
Oh, with an X. Yes. Yes. I know the one. Yes.
It's a shooter. First vertical shooter. Really great graphics. It had something unique in the sound. Actually had a Xevious upright video game myself.
I think it was the first one to have a separate sound chip or something like that. It was a groundbreaking game at its time and it's really fun still today.
I think it was the first one to have a separate sound chip or something like that. It was a groundbreaking game at its time and it's really fun still today.
So do you have one of these?
I've donated many of my upright coin-operated video games to collectors and museums.
There's a gaming museum in the city of Tampere in Finland, roughly 200 kilometers north from Helsinki, which is a permanent museum of gaming of all kinds, including home video games and arcade games.
And my Space Invaders and Defender are actually donated to that museum. So next time you're in Tampere, visit the Video Game Museum.
There's a gaming museum in the city of Tampere in Finland, roughly 200 kilometers north from Helsinki, which is a permanent museum of gaming of all kinds, including home video games and arcade games.
And my Space Invaders and Defender are actually donated to that museum. So next time you're in Tampere, visit the Video Game Museum.
Fantastic. Wow. Carole, you're not going to have anything as good as that.
I think we just finished the show right now because you're not going to be able to top Mikko's pick of the week.
I think we just finished the show right now because you're not going to be able to top Mikko's pick of the week.
Well, we'll find out. We'll find out because I chose this pick of the week in honor of Mikko. Or Mikko. Mikko Hypponen. Excellent.
You guys might know my husband is a bit of a film buff.
And a few days ago, we were putting up the Christmas tree, stuffing our faces with mince pies, and he suggested to put on a Christmas movie.
You guys might know my husband is a bit of a film buff.
And a few days ago, we were putting up the Christmas tree, stuffing our faces with mince pies, and he suggested to put on a Christmas movie.
Oh, you mean like Die Hard?
Oh, he loves Die Hard. Oh my God, he went once as Die Hard to a Halloween event and during the evening kind of became more and more disheveled and bloody and beaten up. It was great.
So anyway, I asked him what I always ask him when he suggests a movie to us, and I say, is it like The Happiness of the Katakuris, which is a crazy Japanese musical comedy horror film?
You know, it's a great film, but you need to be ready and you have to be in the proper headspace for it.
So anyway, I asked him what I always ask him when he suggests a movie to us, and I say, is it like The Happiness of the Katakuris, which is a crazy Japanese musical comedy horror film?
You know, it's a great film, but you need to be ready and you have to be in the proper headspace for it.
I have seen it. I'm not sure I'm still in the correct headspace for Happiness of the Katakuris, but yes.
Anyway, so he says maybe a little, maybe a little bit. So Mikko, tell me if you can guess the name of this movie.
So it's a 2010 Finnish dark fantasy horror thriller film about people living near the— now I'm trying to get this right— Korvatunturi.
So it's a 2010 Finnish dark fantasy horror thriller film about people living near the— now I'm trying to get this right— Korvatunturi.
Yeah, yeah, yeah, I know the movie. It's Rare Exports, isn't it?
That's right, it's called Rare Exports: A Christmas Tale. Yeah, here we go. And I recommend this.
Basically, you follow a young brave boy who's treated basically as a bit of a nuisance kid in the film, but who turns out to be our hero.
And for one thing, he delves into ancient books to discover the real Santa Claus— not a lovely jolly bearded man, but a horned beast who whips misbehaving children and boils them in a cauldron.
Do I need to say adults only? But it's a great way to enjoy maybe the darker side of the holiday festivities.
Basically, you follow a young brave boy who's treated basically as a bit of a nuisance kid in the film, but who turns out to be our hero.
And for one thing, he delves into ancient books to discover the real Santa Claus— not a lovely jolly bearded man, but a horned beast who whips misbehaving children and boils them in a cauldron.
Do I need to say adults only? But it's a great way to enjoy maybe the darker side of the holiday festivities.
It's a great movie. And the Korvatunturi Mountain, it's a real mountain in Finland. We believe that's where Santa lives. And I was actually hiking a year ago, right?
I could actually see the mountain. However, Korvatunturi is actually right on the border between Finland and Russia, and you can't actually go there. It's border area.
You have to have special permission if you want to summit the Korvatunturi Mountain. So I actually did not summit it, but I've seen it.
I could actually see the mountain. However, Korvatunturi is actually right on the border between Finland and Russia, and you can't actually go there. It's border area.
You have to have special permission if you want to summit the Korvatunturi Mountain. So I actually did not summit it, but I've seen it.
The movie claims that it's kind of an ancient burial ground. Is that also—
No. Okay. It must be handy for Father Christmas that he lives in this sort of no man's land where you're not really allowed to go and explore.
Live is an interesting word, Graham, if you watch the film. Just saying. Just saying. Anyway, really worth checking out. It's quite fun.
All that remains— oh, Mikko, we should ask people if they're not already following you online, what's the best way for them to stalk you?
You'll find me on Twitter. My Twitter name is my first name, Mikko, M-I-K-K-O.
Simple as that. And of course, you'll probably be appearing on future episodes of the Cybersecurity Sauna as well. True. From time to time. Thank you, everybody, for tuning in.
Thank you, Mikko, for joining us. Thank you. And if you know someone who might like the show, please tell them about it.
And if you've got no friends at all, go to iTunes and leave us a nice review, not a nasty one.
Thank you, Mikko, for joining us. Thank you. And if you know someone who might like the show, please tell them about it.
And if you've got no friends at all, go to iTunes and leave us a nice review, not a nasty one.
Oh no, just join our group. We'll be your friends. Oh, okay.
Yeah, we'll all be pals. And then we'll sort of, yeah, encourage you to leave us a review. Until next time, cheerio.
Bye-bye. Bye everyone. Stay secure out there.
Ta-da! That was painless.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Mikko Hyppönen – @mikko
Show notes:
- Mikko Hypponen has his ponytail hair cut. – YouTube
- Cyber Security Sauna podcast
- Louisiana man admits misusing Trump's Social Security number
- One of Your Equifax Hack Protections Expires Soon
- How to protect yourself in the wake of the Equifax data breach
- Larry Flynt offers $10 million for info that could get Trump impeached
- Cryptocurrency Market Capitalizations
- Physical Bitcoins from Denarium
- TREZOR Bitcoin Wallet
- Ledger Wallet
- Amazon drivers forced to deliver 200 parcels a day with no time for toilet breaks while earning less than minimum wage
- Amazon wants a key to your house. I did it. I regretted it
- Black Friday Delivery THIEVES: 1 in 5 UK packages missing as thefts SURGE before Christmas
- Code.org
- The Arcade Blogger
- The Happiness of the Katakuris
- 'Rare Exports: A Christmas Tale' Trailer – YouTube
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Netsparker
Netsparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker.
Try it out now by downloading a demo from www.netsparker.com/smashing
Sponsor: OneLogin
OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don’t have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation.
Learn more, and download a free guide to identity access management, at www.smashingsecurity.com/onelogin
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
