Shared Security Podcast

Join us for an insightful episode of the Shared Security Podcast as Tanya Janca returns for her fifth appearance. Discover the latest on her new book about secure coding, exciting updates in Application Security, and the use of AI in security. Learn how her new book goes deeper into secure coding practices, backed by her practical experiences and detailed research, aimed at empowering developers with actionable advice. Don’t miss Tanya’s take on privacy, better security practices, and much more! ** Links mentioned on the show ** Pre-order Tanya’s new book “Alice and Bob Learn Secure Coding” https://a.co/d/32FCrwt Tanya’s first book “Alice and Bob Learn Application Security” https://a.co/d/873MEWt Tanya’s previous guest appearances on the podcast https://sharedsecurity.net/2018/11/30/special-guest-tanya-janca-devops-and-appsec-women-in-cybersecurity-82/ https://sharedsecurity.net/2021/01/28/tanya-janca-ceo-and-founder-we-hack-purple/ https://sharedsecurity.net/2022/05/30/the-state-of-application-security-with-tanya-janca/ https://sharedsecurity.net/2023/12/04/application-security-trends-challenges-with-tanya-janca/ Connect with Tanya https://shehackspurple.ca/ https://www.linkedin.com/in/tanya-janca/ https://bsky.app/profile/shehackspurple.bsky.social ** Watch this episode on YouTube ** https://youtu.be/M3H1YCy6FjU ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book appeared first on Shared Security Podcast.

In this episode, we discuss Australia’s new legislation banning social media for users under 16 and its potential impact. Our hosts also explore the issue of vishing (voicemail phishing), why it’s escalating, particularly during the holiday season, and how to protect yourself against these scams. Plus, we celebrate a milestone on our YouTube channel and share some fun community feedback! ** Links mentioned on the show ** Australia launches bill banning social media for under 16s https://www.dw.com/en/australia-launches-bill-banning-social-media-for-under-16s/a-70838309 Voice Phishing Attacks: How to Prevent and Respond to Them https://securityboulevard.com/2024/11/voice-phishing-attacks-how-to-prevent-and-respond-to-them/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Australia Bans Social Media for Kids, Holiday Vishing Scams appeared first on Shared Security Podcast.

In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue Sky, and Mastodon, discussing user experiences and migrations. The episode wraps up with a humorous and radical suggestion for dealing with data brokers. Tune in for an engaging discussion on security, privacy, and the impact of emerging fraud technologies. ** Links mentioned on the show ** One Deepfake Digital Identity Attack Strikes Every Five Minutes https://www.infosecurity-magazine.com/news/deepfake-identity-attack-every/ Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/ ** Watch this episode on YouTube ** https://youtu.be/VyttgAKIadI ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Deepfake Fraud, Data Brokers Tracking Military Personnel appeared first on Shared Security Podcast.

In episode 355, Tom discusses his decision to deactivate his Twitter accounts due to privacy concerns with Twitter’s new AI policy and changes in the blocking features. He outlines the steps for leaving Twitter, including how to archive and delete tweets, and evaluates alternative platforms such as Bluesky, Mastodon, and Threads for cybersecurity professionals seeking new social media spaces. ** Links mentioned on the show ** X updates block feature, letting blocked users see your public posts https://techcrunch.com/2024/11/03/x-updates-block-feature-letting-blocked-users-see-your-public-posts/ Changes in X’s Privacy Policy Promote AI https://etownian.com/main/news/changes-in-xs-privacy-policy-promote-ai/ Dropping X for Bluesky? These tips will make the migration easier https://www.fastcompany.com/91228063/dropping-x-for-bluesky-these-tips-will-make-the-migration-easier Script to delete your tweets (tweetXer) https://github.com/lucahammer/tweetXer?tab=readme-ov-file ** Watch this episode on YouTube ** https://youtu.be/NBr5jmnIzkA ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Why It’s Time to Leave Twitter appeared first on Shared Security Podcast.

In episode 354, we discuss the emergence of the term ‘Advanced Persistent Teenagers’ (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without the correct password and its implications. Tune in for an engaging conversation on the evolving landscape of cyber threats. ** Links mentioned on the show ** The biggest underestimated security threat of today? Advanced persistent teenagers https://techcrunch.com/2024/11/01/the-biggest-underestimated-security-threat-of-today-advanced-persistent-teenagers/ Okta Bug Allowed Log-Ins Without a Correct Password https://www.yahoo.com/tech/okta-bug-allowed-log-ins-150248386.html ** Watch this episode on YouTube ** https://youtu.be/d1Od61NkbvU ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password appeared first on Shared Security Podcast.

In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution. In the ‘Aware Much’ segment, Scott explains how mortgage wire fraud works and provides essential tips for real estate transactions to avoid such scams. Plus, a quick recap on our popular AI-powered toilet cameras episode. ** Links mentioned on the show ** Change Healthcare Breach Hits 100M Americans https://krebsonsecurity.com/2024/10/change-healthcare-breach-hits-100m-americans/ Buyer Beware of Mortgage Wire Fraud: Here’s How To Not Get Scammed https://www.realtor.com/advice/finance/mortgage-wire-fraud-how-to-not-get-scammed/ Additional Mortgage Wire Fraud Examples from the News https://www.nj.com/news/2024/06/they-wanted-to-buy-a-home-but-they-lost-32k-in-an-increasingly-common-real-estate-scam.html https://www.trisearch.com.au/a-conveyancing-transaction-gone-so-wrong/ https://fox4kc.com/news/problem-solvers/retired-teacher-and-daughter-scammed-out-of-200k-while-trying-to-buy-townhome/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Fallout from the Change Healthcare Breach, Mortgage Wire Fraud What You Need To Know appeared first on Shared Security Podcast.

In this episode, we discuss the significant data breach at the Internet Archive, affecting 33 million users. We also examine the introduction of an AI-integrated toilet camera by Throne, designed for health monitoring by analyzing bodily waste, and the ensuing privacy concerns. We explore these technological advancements alongside other unusual tech innovations, touching upon security issues with home cameras, personal data in health apps, and broader implications for privacy and technology. ** Links mentioned on the show ** Internet Archive hacked, data breach impacts 31 million users https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/ Internet Archive breached again through stolen access tokens https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/ Throne’s toilet camera takes pictures of your poop https://techcrunch.com/2024/10/20/thrones-toilet-camera-takes-pictures-of-your-poop/ ** Watch this episode on YouTube ** https://youtu.be/HVPcSGPYD1k ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Internet Archive Hacked, Introducing The AI Toilet Camera appeared first on Shared Security Podcast.

In episode 351, hosts Tom and Scott explore an unusual incident where robot vacuums were hacked to shout obscenities, exposing significant IoT security issues. The discussion includes the mechanics of the Bluetooth hack and its broader cybersecurity implications. Additionally, the ‘Aware Much?’ segment reveals the world of hidden printer tracking dots, used for tracing document origins and their historical use by governments for tracking. This episode also highlights the technology’s role in preventing currency counterfeiting and capturing high-profile leaks, underscoring the intersection of privacy and security in modern times. ** Links mentioned on the show ** Hacked Robot Vacuums Across the U.S. Started Yelling Slurs https://gizmodo.com/hacked-robot-vacuums-across-the-us-started-yelling-slurs-2000511013 Why Printers Add Secret Tracking Dots https://getpocket.com/explore/item/why-printers-add-secret-tracking-dots https://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots ** Watch this episode on YouTube ** https://youtu.be/16t7Pll53fU ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Hacked Robot Vacuums, Secret Printer Tracking Dots appeared first on Shared Security Podcast.

In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast’s evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies. The ‘Aware Much’ segment focuses on the lack of change in user behavior towards cybersecurity, highlighting persistent issues like inadequate password manager usage and infrequent software updates. The episode covers historical insights into social media’s evolution, including privacy guides and LinkedIn’s fake profile problem, emphasizing the importance of a well-rounded approach to cybersecurity awareness and education. ** Links mentioned on the show ** How to use your iPhone’s emergency satellite features if you lose cell coverage https://www.zdnet.com/article/how-to-use-your-iphones-emergency-satellite-features-if-you-lose-cell-coverage/ For Android: https://www.zdnet.com/article/how-to-use-androids-emergency-satellite-texting-if-you-lose-cell-signal/ Our episode on ham radio https://sharedsecurity.net/2022/06/13/hacking-ham-radio/ Despite Online Threats, Users Aren’t Changing Behavior https://www.darkreading.com/endpoint-security/despite-online-threats-users-are-not-changing-behavior ** Watch this episode on YouTube ** https://youtu.be/unJGsnEdFGc ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Emergency Satellite Messaging, Stagnation in User Cybersecurity Habits appeared first on Shared Security Podcast.

In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community’s perspectives on these evolving issues. ** Links mentioned on the show ** Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/ https://samcurry.net/hacking-kia NIST: No More Regular Password Resets and Arbitrary Complexity Rules https://www.vulnu.com/p/nist-no-more-regular-password-resets-and-arbitrary-complexity-rules ** Watch this episode on YouTube ** https://youtu.be/b5xvgfxIEb0 ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity Get our new Shared Security Podcast glitter stickers! https://sharedsecurity.net/stickers ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on X: https://twitter.com/sharedsec Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Shared Security Podcast.