282 episodes

A helpful and hilarious take on the week's tech SNAFUs. Computer security industry veterans Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy. It's not your typical cybersecurity podcast...
Winner of the "Best Security Podcast 2018" and "Best Security Podcast 2019", Smashing Security has had over eight million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Rory Cellan-Jones.
Follow the podcast on Twitter at @SmashinSecurity, and subscribe for free in your favourite podcast app. New episodes released at 7pm EST every Wednesday (midnight UK).

Smashing Security Graham Cluley, Carole Theriault

    • Technology
    • 4.8 • 233 Ratings

A helpful and hilarious take on the week's tech SNAFUs. Computer security industry veterans Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy. It's not your typical cybersecurity podcast...
Winner of the "Best Security Podcast 2018" and "Best Security Podcast 2019", Smashing Security has had over eight million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Rory Cellan-Jones.
Follow the podcast on Twitter at @SmashinSecurity, and subscribe for free in your favourite podcast app. New episodes released at 7pm EST every Wednesday (midnight UK).

    281: Debug ransomware and win $1,000,000, period-tracking apps, and AI gets emotional

    281: Debug ransomware and win $1,000,000, period-tracking apps, and AI gets emotional

    A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling.


    All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast.


    Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin.


    Visit https://www.smashingsecurity.com/281 to check out this episode’s show notes and episode links.


    Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.


    Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


    Warning: This podcast may contain nuts, adult themes, and rude language.


    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.
    Special Guests: Kyle Spearrin and Thom Langford.
    Sponsored By:
    Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.

    Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.

    Try Kolide Free for 14 Days; no credit card required.Snyk: Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

    Get started right now, with a free forever account, at snyk.co/smashingBitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.

    Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Support Smashing Security
    Links:
    LockBit 3.0 introduces the first ransomware bug bounty program — Bleeping Computer.Fake copyright infringement emails install LockBit ransomware — Bleeping Computer.Why US women are deleting their period tracking apps — The Guardian.Privacy not included — Mozilla Foundation.The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant — Vice.Microsoft is removing emotion recognition features from its facial recognition tech — NBC News.Top 10 Emotional AI Examples in 2022 & Reasons for Success — AI Multiple.Analysis of Speech Features for Emotion Detection: A Review — IEEE Xplore.Microsoft's framework for building AI systems responsibly — Microsoft.Alley Cat — Wikipedia.Play Alley Cat — Internet Archive.Alley Cat Remeow Edition — Game Jolt.reMarkable.SOLAR podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    • 59 min
    280: Hot tub hijinx, and a sentient AI

    280: Hot tub hijinx, and a sentient AI

    Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings.


    All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.


    Visit https://www.smashingsecurity.com/280 to check out this episode’s show notes and episode links.


    Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.


    Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


    Warning: This podcast may contain nuts, adult themes, and rude language.


    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.
    Sponsored By:
    Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

    Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.

    You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
    Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.

    Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too

    Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.

    Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
    Support Smashing Security
    Links:
    Hot Tub Time Machine trailer — YouTube.Hacking into the worldwide Jacuzzi SmartTub network — Eaton Works.SmartTub — Apple iOS App Store.SmartTub — Google Play store.Hot tub hack reveals washed-up security protection — BBC News.Google engineer Blake Lemoine thinks its LaMDA AI has come to life — The Washington Post.Google engineer put on leave after saying AI chatbot has become sentient — The Guardian.AI's most convincing conversations are not what they seem — The Register.Blake Lemoine's blog.Van Gogh Bristol Exhibition: The Immersive Experience.Van Gogh: The Immersive Experience — YouTube.The Inquiry — BBC World Service.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    • 40 min
    279: Encrypted notes, and a deadly case of AirTag spying

    279: Encrypted notes, and a deadly case of AirTag spying

    How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great?


    All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.


    Visit https://www.smashingsecurity.com/279 to check out this episode’s show notes and episode links.


    Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.


    Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


    Warning: This podcast may contain nuts, adult themes, and rude language.


    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.
    Sponsored By:
    Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

    Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.

    You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
    Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.

    Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too

    Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.

    Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
    Support Smashing Security
    Links:
    Welsh James Bond Timothy Dalton's cello escape in "The Living Daylights" — YouTube.How a Saxophonist Tricked the KGB by Encrypting Secrets in Music — Wired.Woman accused of killing boyfriend using AirTag tracking — The Register.Andre Smith fatally struck by car outside Tilly's Pub, woman charged — Indy Star.Indianapolis woman Gaylyn Morris accused of tracking boyfriend with Apple AirTag, killing him with car, police say — The Washington Post.An update on AirTag and unwanted tracking — Apple.Apple Updates iPhone with 'Safety Check' for Domestic Victims — Gizmodo.Web3 is going just great.Audm - Listen to feature stories from The Atlantic, WIRED, and more.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    • 36 min
    278: Tim Hortons, avoiding sanctions, and good faith security research

    278: Tim Hortons, avoiding sanctions, and good faith security research

    Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?


    All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.


    Visit https://www.smashingsecurity.com/278 to check out this episode’s show notes and episode links.


    Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.


    Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


    Warning: This podcast may contain nuts, adult themes, and rude language.


    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.
    Special Guest: Geoff White.
    Sponsored By:
    Snyk: Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

    Get started right now, with a free forever account, at snyk.co/smashingKolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

    Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.

    You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
    Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.

    Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Support Smashing Security
    Links:
    Double-double tracking: How Tim Hortons knows where you sleep, work and vacation — Financial Post.Report: Tim Hortons collected location data without consent — The Register.Joint investigation into location tracking by the Tim Hortons App — Office of the Privacy Commissioner of Canada.Mandiant: “No evidence” we were hacked by LockBit ransomware — Bleeping Computer.Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act — Dept of Justice.DOJ: Congress looked into CFAA updates but effort was stalled by extortion concerns — The Record.The (still) unanswered questions around the CFAA and ‘good faith’ security research — SC Magazine.Sex Education — Netflix.Forest fr1ends — Twitter.Inch Calculator.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    • 40 min
    277: Bad bots, cheeky ransoms, and good deepfakes

    277: Bad bots, cheeky ransoms, and good deepfakes

    Ransom acts of kindness are top of our mind, as we also explore how bad bots are hogging more and more of the internet's activity, and look at how deepfakes could be a good thing after all.


    All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray [REDACTED].


    Visit https://www.smashingsecurity.com/277 to check out this episode’s show notes and episode links.


    Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.


    Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


    Warning: This podcast may contain nuts, adult themes, and rude language.


    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.
    Special Guest: Ray [REDACTED].
    Sponsored By:
    Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.

    Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.

    Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.

    You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
    Support Smashing Security
    Links:
    Popcorn Time ransomware invites you to get ‘nasty’ to recover your files — Graham Cluley.Rensenware — Wikipedia.GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need — CloudSEK.Bad Bot Report — Imperva.Bad Bot Traffic Report: Almost Half of All 2021 Internet Traffic Was Not Human — CPO Magazine.Automated Threats - web applications — OWASP.Home Stallone [Deepfake] — YouTube.The Emergence of Deepfake Technology: A Review — ResearchGate.Positive Use Cases of Synthetic Media (aka Deepfakes) — Towards Data Science.Deepfake pornography could become an 'epidemic', expert warns — BBC News.Europol report finds deepfake technology could become staple tool for organised crime — Europol.Google quietly bans deepfake training projects on Colab — Bleeping Computer.Japanese man spends £12,500 on ultra-realistic dog costume so he can live like an animal — Daily Mail.Google Colab FAQ.Talky.The Relationship Between Valence and Chills in Music: A Corpus Analysis.Frisson: This playlist is scientifically verified to give you chills — Big Think.A Spotify playlist with 715 songs known to give people chills — Quartz.Songs to give you chills — Spotify playlist.Zen Motoring — BBC iPlayer.Ogmios School of Zen Motoring Ep 1 — YouTube.Zen School of Motoring: TV that will cleanse your spirit like meditation — The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    • 51 min
    276: Webcam extortion, Michael Fish, and food foul-ups

    276: Webcam extortion, Michael Fish, and food foul-ups

    A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one...) hacked into his female classmates' online accounts, hunting for nude photos and videos.


    All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.


    Visit https://www.smashingsecurity.com/276 to check out this episode’s show notes and episode links.


    Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.


    Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


    Warning: This podcast may contain nuts, adult themes, and rude language.


    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.
    Special Guest: Mark Stockley.
    Sponsored By:
    GoodAccess: GoodAccess - Free Business Cloud VPN for up to 100 Users.

    Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.Kolide: At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.

    Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.

    Try Kolide Free for 14 Days; no credit card required.Rumble: Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems.

    It can even tell you which machines are missing endpoint protection, from your local network to the cloud.

    Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run
    Support Smashing Security
    Links:
    Vote for your favourite cybersecurity podcast in the European Security Blogger Awards!Michael Fish (the weatherman) — Wikipedia."I wish I wish Michael Fish" by Rachel & Nicki — YouTube."John Kettley (Is A Weatherman)" by The Tribe of Toffs — YouTube.Albany Man Sentenced to 111 Months for Stealing Nude Photos of Numerous Victims and Possessing Child Pornography — Department of Justice.Hijacking webcams with Screencastify — Almost Secure.Cyber security: Global food supply chain at risk from malicious hackers — BBC News.4 Predictions for Food and Agriculture in 2022 — Food LogisticsRisks of using AI to grow our food are substantial and must not be ignored, warn researchers — University of Cambridge.With food prices continuing to climb, UN warns of crippling global shortages — NPR.OutHorse Your Email.Solitary Bee Nesting Equipment — Mason Bees.Limelight — BBC Radio 4.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    • 54 min

Customer Reviews

4.8 out of 5
233 Ratings

233 Ratings

Alexxxxxxxxxxxxx :) ,

Brilliant

Funny and well put together. Makes my Thursday every week!

It’s also good to hear a tech podcast with something even approximating a gender balance!!

andrethescribe ,

Veteran being the appropriate word…

Time to retire. I’m 47 and feel more in touch with pop culture than this lot. Trash.

wifiramirez ,

It used to be my favourite podcast

Each Thursday I tune to Smashing Security. It is informative podcast with a little bit of comedy. It used to be my favourite cyber show and it stopped due to Carole rudness. I started finding her jokes and comments not in place. To me it looks as her dislike towards males took over. I am female and I find her attacks and sad male jokes rude. I think Carole will get better because clearly she is goong through something, I miss old Carole.

Top Podcasts In Technology

Lex Fridman
Jack Rhysider
Jason Calacanis
PJ Vogt
The Verge
Vox Media Podcast Network

You Might Also Like

Cybereason
CyberWire Inc.
CyberWire, Inc.
VICE
The Record by Recorded Future
Johannes B. Ullrich