Shared Security
Shared Security
Tom Eston, Scott Wright, Kevin Johnson
Shared Security is your premier cybersecurity and privacy podcast where we explore the bonds shared between people and technology. Join industry experts Tom Eston, Scott Wright, and Kevin Johnson as they deliver the latest news, actionable tips, expert guidance, and insightful interviews with top cybersecurity and privacy specialists. Stay informed and take control of your online security and privacy in today’s interconnected world. Tune in every week to discover invaluable insights, strategies, and tools to live confidently and safeguard your digital life.
The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked
In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting a guide written by Rachel Tobac. Lastly, they share fascinating news about a network connected wrench, the Bosch Rexroth Handheld Nutrunner, could be used in a ransomware attack, hinting how even everyday objects are now internet-connected. Join hosts, Tom and Scott, in this engaging conversation revolving around critical cybersecurity topics!
Jan 21
19 min
Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses
In episode 312, Tom and Scott discuss the implications of a new law in Ohio that may require parental consent for children under 16 using social media, including the pros and cons of this legislation. They also discuss Meta's new link history feature and the repercussions it might have on ad targeting on Facebook and Instagram. The episode concludes with a discussion on a court case in Ottawa, where a judge ruled that three smartphones from an alleged pedophile must be returned after 175 million unsuccessful passcode guesses. Plus, don’t miss the discussion about some refined AI-generated security awareness manager images shared by a Patron!
Jan 14
17 min
Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App
In this episode, we discuss the most sophisticated iPhone exploit ever, Google&#8217;s agreement to settle a $5 billion lawsuit about tracking users in &#8216;incognito&#8217; mode, and a new iOS app, Journal. The iPhone exploit, known as Operation Triangulation, has complex chains of events that lead to compromised iPhone security. Meanwhile, the lawsuit against Google claims that the company&#8217;s technology was still tracking users&#8217; site visits even in &#8216;incognito&#8217; mode. The newly added Journal app on iOS has raised questions and discussions on its security and privacy features as it encourages users to put their life updates on the app. ** Links mentioned on the show * iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers https://www.hackread.com/iphone-spyware-exploits-obscure-chip-feature/ https://usa.kaspersky.com/blog/triangulation-attack-on-ios/28444/ Google settles $5 billion privacy lawsuit over tracking people using &#8216;incognito mode&#8217; https://www.npr.org/2023/12/30/1222268415/google-settles-5-billion-privacy-lawsuit Apple launches Journal, a new app to reflect on everyday moments and life’s special events https://www.apple.com/newsroom/2023/12/apple-launches-journal-app-a-new-app-for-reflecting-on-everyday-moments/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT&#8217;s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code &#8220;sharedsecurity&#8221;. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: <a href="https://shared-security....
Jan 7
24 min
The Three Keys to Success in Cybersecurity
In this episode, host Tom Eston shares the three key lessons he's learned over his 18-year career in cybersecurity: effective communication, continuous learning, and empathy. He talks about the importance of understanding and reaching both technical and non-technical audiences, the necessity of continuous learning despite your role, and the power of empathy in contributing to success.
Dec 31, 2023
6 min
The Year in Review and 2024 Predictions
In our last episode of the year, we replay our predictions for 2023 reviewing what we got right and what we didn't. We cover various topics, such as Twitter's influence, the future of Mastodon, the ban of TikTok in certain states, and the rising issue of ransomware. In addition, we give credit to Scott for accurately predicting multiple cybersecurity events during the year! We also share our expectations for 2024 — predicting increased AI adoption, many more cybersecurity layoffs, more consolidation in InfoSec, and implementation of flawed legislation targeting symptoms instead of causes.
Dec 24, 2023
20 min
Password Security for the Elderly: Tips and Best Practices
In episode 308, we discuss the often overlooked topic of password management for the elderly. Addressing the commonly held belief that writing down passwords is a bad idea, we discuss the nuances and context of this practice. Elderly individuals who may struggle with technology can benefit from recording passwords, but we discuss the importance of putting suitable controls around this. We also touch on usability issues associated with technology changes and the consequences of not planning for what happens to a person's digital presence after they pass away. Do you have your own tips or stories of your experiences with passwords and the elderly? We would love to hear your comments on our YouTube video, on X, or on the episode post on sharedsecurity.net!
Dec 17, 2023
18 min
iOS 17 NameDrop Debunking, Real World QR Code Attacks, Impact of Ransomware on Hospitals
In episode 307, Tom and Scott debunk misinformation circulating about the iOS 17 NameDrop feature by law enforcement and others on social media. Next, they discuss the potential risks of QR code scams, detailing a real-life incident where a woman lost a significant amount of money due to a QR code scam. Finally, the episode concludes with a discussion on a ransomware attack on a large US healthcare provider, examining potential repercussions and stressing the need for increased security for critical infrastructure. Co-host Scott Wright also presents an overview of the Click Armor platform, an innovative gamified security awareness training platform.
Dec 10, 2023
16 min
Application Security Trends & Challenges with Tanya Janca
In episode 306, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of AppSec. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner with Semgrep, a company that aligns with her vision of providing free resources in the AppSec community. Despite facing a failed acquisition process the previous year, WeHackPurple received multiple acquisition offers, leading to a bidding war. In addition, Tanya shares her optimism about the maturity of AppSec programs, presents her concerns about consolidation in the industry, and highlights the importance of role-based, tailored training. She also reveals her ongoing work on the sequel to her book titled 'Alice and Bob Learn Secure Coding' and hints at the launch of the Semgrep Academy. For our Patreon supporters, don't miss our bonus episode where Tanya shares her biggest career accomplishment and failure, offering invaluable lessons for all!
Dec 3, 2023
27 min
Apple Finally Adopts RCS, AI Powered Scams Targeting the Elderly
In this episode, Tom shows off AI generated images of a "Lonely and Sad Security Awareness Manager in a Dog Pound" and the humorous outcomes. The conversation shifts to Apple's upcoming support for Rich Communication Services (RCS) and the potential security implications. Lastly, Tom and Kevin reflect on reports of AI-powered voice cloning scams targeting elderly Americans, and argue that the true issue lies with social engineering rather than the involvement of AI.
Nov 26, 2023
26 min
Paying Big Tech for Privacy, New Privacy Policy Study, Biden’s Executive Order on AI
In this week's episode of the Shared Security Podcast, hosts Tom Eston, Scott Wright and Kevin Johnson tackle a number of topics related to AI, privacy and security. They begin with an amusing discussion about their respective roles on the podcast, before shifting to big tech's use of user data and whether subscribers should pay to not have their data used. The focus then turns to a recent move by Meta to charge European users who wish to use Instagram and Facebook without ads. Next, they touch on new research from NordVPN about the burdensome length and complexity of privacy policies on popular websites, and offer alternatives for consumers to navigate them. Lastly, the hosts discuss a new executive order by the Biden administration directed towards AI companies, calling for a watermark system to alert consumers when they interact with an AI-enabled product. They express concerns about businesses benefiting from the new AI rules while potentially stifling competition and highlight the need for stronger, enforceable laws to truly protect users' data and privacy.
Nov 19, 2023
24 min
Load more