Smashing Security podcast #056: Peeping Toms, prison hacks, and parliamentary passwords

Why you should check your Airbnb for hidden cameras, a hacker attempts a different kind of jailbreak, and British MPs prove that they really are clueless when it comes to cybersecurity.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Ian Whalley.
Show notes:
Please check out the show notes for this episode of the podcast on the Smashing Security webpage.
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述

Your browser does not support this audio element.
Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.
Graham Cluley – @gcluley
Carole Theriault – @caroletheriault
Ian Whalley
Thanks to our sponsors Netsparker and OneLogin:
Netsparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need NetSparker.
Try it out now by downloading a demo from
OneLogin provides Single Sign On for customers like Airbus, Royal Mail, BSI, and Dun and Bradstreet. With hundreds of apps being used in the typical workplace, and the average user having to remember about 40 different passwords, we all know that if we don’t have a product to remember passwords they end up in spreadsheets, stored in emails, or left on post-it notes. And that is a security nightmare. OneLogin allows IT to say which users have access to which applications at what time and also enforce two factor authentication. So even if credentials are compromised, hackers can’t get access to those corporate services. And, by connecting to Active Directory, access to all of these services is de-provisioned as soon as someone leaves the organisation.
Learn more, and download a free guide to identity access management, at
Follow the show:
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


网络安全法普法宣传 004《网络安全法》的突出亮点

Why Security Priorities Need to Shift to Safety Issues

Joshua Corman, co-founder, I Am The Cavalry

The healthcare sector’s cybersecurity efforts need to shift from a focus on protecting patient information confidentiality to protecting patient safety, says Joshua Corman, co-founder of I Am The Cavalry, a grassroots, not-for-profit cyber safety organization. He’s also chief security officer at software developer PTC and a fellow at the Atlantic Council.
See Also: Ransomware: The Look at Future Trends
“We make a joke in the Cavalry: I love my privacy; I’d like to be alive to enjoy it,” he says in a video interview at Information Security Media Group’s recent Healthcare Security Summit in New York.
The top security priority of most healthcare sector entities has long been protecting the privacy of patient information, Corman notes. But as ambitious new efforts, such as the national Precision Medicine Initiative, take shape, organizations also need to “focus on patient safety and the availability of critical resources,” he says.
“It’s not that privacy doesn’t matter – we’re failing miserably at it – and in a lot of ways, the toothpaste is out of the tube. But if you just design for privacy, you might encrypt things, but if you design for privacy and safety, maybe you design things differently,” he says. “The threat models are more comprehensive. So there’s significant work to do, and right now, if a hospital has to choose between protecting a patient record or protecting the patient … there’s no incentive to protect the patient, really. This is unchartered territory and we’re out of time.”
In the interview, Corman also discusses:
The serious threats to patient safety posed by ransomware and other cyberattacks on the healthcare sector;
Recent hacking simulations conducted by I Am the Cavalry involving emergency room physicians to study the potential safety impact on patients;
The cybersecurity challenges facing especially small, midsized and rural healthcare providers.
In addition to his work at I Am the Cavalry, Corman is also chief security officer at software developer PTC, a fellow at the Atlantic Council, and a member of the Department of Health and Human Services’ Cybersecurity Task Force. Corman formerly served as chief technology officer for Sonatype, director of security intelligence for Akamai and in senior research and strategy roles for The 451 Group and IBM Internet Security Systems.