Shared Security - Archive

A landmark jury verdict has found Meta and YouTube negligent in a social media addiction case, raising major questions about platform accountability and legal protections under Section 230. This episode covers the details of the case, why the ruling is significant, and what it could mean for the future of social media, privacy, and cybersecurity. Could this trigger a wave of lawsuits against tech companies? And are platforms finally being held accountable? ** Links mentioned on the show ** Jury rules against Meta, YouTube in bellwether teen addiction case https://www.businessinsider.com/social-media-addiction-trial-jury-verdict-meta-youtube-negligent-2026-3 Meta,

In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because the sensors broadcast unencrypted, uniquely identifying wireless signals that could be used to track vehicles. They reference a 10-week study by researchers at IMDEA in Madrid that collected about 6 million signals from over 20,000 cars at roughly 50 meters range, noting the signals can reveal details like tire pressure, car type, weight, and possible driving patterns, and can be captured with about $100 of equipment. The hosts

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico’s growing cybersecurity and AI ecosystem, driven by talent, community events, and government-university partnerships, and how offensive security has shifted from “one-person army” generalists to more specialized roles. Wilson explains his PhD work modeling expert pen testers’

This episode discusses Meta Ray-Ban Smart Glasses, which blend a camera, microphone, AI features, and social media integration into sunglasses that look like normal fashion eyewear, raising major privacy concerns. It highlights reports that footage captured by the glasses may be reviewed by human contractors to help train Meta’s AI systems, and notes critics’ concerns about how easily people can be recorded in public without their knowledge. Although the glasses include a small LED indicator when recording, many people reportedly don’t notice it. ** Links mentioned on the show ** People

In a move that bucks the entire industry trend, TikTok has confirmed it will not implement end-to-end encryption (E2EE) for direct messages on its platform — arguing that E2EE would make users less safe. We break down what’s really going on: the child safety argument, the privacy counterargument, the geopolitical questions surrounding ByteDance, and what it all means for TikTok’s 1 billion+ users. If you use TikTok, this episode is essential listening. ** Links mentioned on the show ** TikTok won’t protect DMs with controversial privacy tech, saying it would put

Anthropic’s Claude Code Security research preview promises AI-powered code analysis and vulnerability detection at scale. The announcement triggered strong reactions across the cybersecurity community and sent several vendor stocks lower. In this episode, we break down what the tool actually does, where it fits in modern AppSec, and whether AI automation threatens traditional security products or simply makes teams more efficient. Expect a practical, no-hype conversation about what changes and what doesn’t. ** Links mentioned on the show ** Anthropic’s New Claude AI Security Tool Wipes Out Over $15 Billion From

TikTok has shifted to a majority-American entity, TikTok USDS Joint Venture, LLC, to comply with U.S. national security requirements and avoid a ban. This week we discuss why a recent privacy policy update went viral—especially language about sensitive data like immigration status and precise location—and argue much of it reflects longstanding practices and required California privacy disclosures. We emphasize reading policies, understanding your threat model, and making your own decision about using TikTok or other social platforms. The episode also briefly mentions Ring ending its partnership with Flock and a rumored

In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about a zero-click remote code execution flaw in the Claude Desktop, highlighting the potential risks of AI. The hosts also reflect on their most popular YouTube episode on why Gen Z is ditching smartphones. ** Links mentioned on the show ** How to disable Search Party on your Ring Camera Open the

Autonomous AI assistants are hitting the mainstream — but at what cost? This week, we discuss the recent OpenClaw phenomenon (formerly Clawdbot/Moltbot), the security fiasco surrounding Moltbook’s exposed database, and the quirky yet concerning AI agent dating platform MoltMatch. We explore the privacy and cybersecurity implications of entrusting AI agents with sensitive access and how defenders should think about emerging agentic risks. ** Links mentioned on the show ** OpenClaw (a.k.a. Moltbot) is everywhere all at once, and a disaster waiting to happen https://garymarcus.substack.com/p/openclaw-aka-moltbot-is-everywhere Exposed Moltbook Database Let Anyone Take Control

Younger generations are increasingly ditching smartphones in favor of “dumbphones”—simpler devices with fewer apps, fewer distractions, and less tracking. But what happens when you step away from a device that now functions as your wallet, your memory, and your security key? In this episode, Tom and Scott explore the dumbphone movement through a privacy and cybersecurity lens. Drawing from a recent Wired article, the conversation digs into digital burnout, surveillance capitalism, multi-factor authentication dependencies, and whether opting out of smartphones is an act of digital self-defense—or a step toward digital disadvantage.

In this episode, we explore the latest changes to AirDrop in iOS 26.2 and how they enhance privacy and security. Learn about the new 10-minute limitation on the ‘Everyone’ setting and the introduction of AirDrop codes for safer file sharing with non-contacts. We also discuss best practices for configuring your AirDrop settings to safeguard your privacy, including tips for high-risk individuals and general recommendations for everyday use. Stay informed and keep your device secure by updating to the latest iOS version and regularly reviewing your AirDrop settings. ** Links mentioned on

In this episode, we explore Amazon Ring’s newly introduced Familiar Faces feature that utilizes AI for facial recognition. We discuss the convenience of identifying familiar people at your doorstep, the privacy concerns it raises, and the legal implications surrounding biometric data. Learn about how this feature works, potential inaccuracies, and privacy laws in certain U.S. states. We also discuss broader concerns about AI and surveillance, and provide practical advice on using this technology responsibly. ** Links mentioned on the show ** Ring Doorbells Can Now Identify Faces—But Experts Say It’s a

In this episode of Shared Security, we discuss a significant Pennsylvania Supreme Court ruling that permits police to access unprotected Google search histories without a traditional warrant. The discussion centers around the implications of the Commonwealth vs. Kurtz case and the concept of reverse keyword searches. Kevin Tackett joins the conversation, providing insights and posing critical questions about the balance between law enforcement needs and privacy rights. The episode explores concerns over digital privacy, third-party data, and potential broader impacts on users. ** Links mentioned on the show ** Pennsylvania court

Welcome to the first episode of the Shared Security Podcast in 2026! As AI becomes increasingly integrated into technical fields such as software development and cybersecurity, traditional entry-level roles are evolving or disappearing. This episode discusses the implications of AI on entry-level knowledge worker jobs, emphasizing the need for students, recent graduates, and those entering the job market to adapt their strategies. Discover the new skills and approaches needed to stay relevant, explore potential career pivots, and learn why degrees and certifications alone are no longer sufficient. Tune in for practical

Join us this week as we rewind the tape on our 2025 predictions. In this episode, we revisit last year’s forecasts in cybersecurity, geopolitics, and AI, discussing which ones came true, which ones fizzled out, and which ones were a mixed bag. Additionally, we share insights from past guests, celebrate milestones, and make bold new predictions for 2026. Find out what we got right, what surprised us, and what we think is on the horizon for the coming year! ** Links mentioned on the show ** Scott’s 2025 Predictions https://youtu.be/Fgc4UlraU-o?si=hgTp0trKZ6vlwqB_&t=710 Kevin’s

In this episode, Tom Eston discusses the unique challenges in the current cybersecurity job market, emphasizing the importance of networking. Tom provides practical tips on how to enhance networking skills, such as attending conferences, volunteering for open source projects, creating a blog, and seeking mentors. He also addresses misconceptions about the job shortage in cybersecurity and encourages listeners to start building their professional networks early. Tune in for valuable insights to help you advance your cybersecurity career. ** Links mentioned on the show ** Connect with Tom on LinkedIn https://www.linkedin.com/in/tomeston/ **

Join us in the midst of the holiday shopping season as we discuss a growing privacy problem: tracking pixels embedded in marketing emails. According to Proton’s latest Spam Watch 2025 report, nearly 80% of promotional emails now contain trackers that report back your email activity. We discuss how these trackers work, why they become more aggressive during the holidays, the data being collected by marketers, and how you can protect yourself. We are joined by Scott Wright to explore Proton’s comprehensive study, identify the worst offenders in email tracking, and share

In this episode we discuss the rising challenge of AI-generated videos, including deepfakes and synthetic clips that can deceive even a skeptical viewer. Once the gold standard of proof, video content is now increasingly manipulated through advanced AI tools like Sora 2 and Google’s Nano Banana, making it harder to separate reality from fiction. Tom and Scott discuss the differences between malicious deepfakes and poorly-made AI-generated content, identify key indicators that reveal a video might be AI-generated, and explain how these videos are used in social engineering attacks. Practical advice is

In this special episode of the Shared Security Podcast, host Tom Eston reunites with former co-host and experienced fractional CISO, Chris Clymer. They reminisce about their early podcasting days and discuss the evolving role of a Chief Information Security Officer (CISO). The conversation covers the responsibilities, challenges, and skills required to be a successful CISO, including technical and soft skills, business acumen, and people management. Chris shares his journey, the concept of a fractional CISO, and offers valuable advice for those aspiring to enter the CISO role. Tune in for a

In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as we examine the details, Anthropic’s response, and the broader impact on AI in cybersecurity. ** Links mentioned on the show ** Disrupting the first reported AI-orchestrated cyber espionage campaign https://www.anthropic.com/news/disrupting-AI-espionage Jen Easterly’s LinkedIn post about the Anthropic disclosure https://www.linkedin.com/feed/update/urn:li:activity:7395115984224690176/

In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conversation touches on the history of the OWASP Top 10, its release cycle, the evolution from specific vulnerabilities to broader categories, and the impact on vulnerability assessment and compliance. ** Links mentioned on the show **

The future of home robotics is here — and it’s a little awkward. Meet the NEO 1X humanoid robot, designed to help with chores but raising huge cybersecurity and privacy questions. We discuss what it can actually do, the risks of having an always-connected humanoid in your home, and why it’s definitely not the “Robot Rosie” we were promised. ** Links mentioned on the show ** NEO launched by 1X: What to know about the humanoid robot that will do your chores https://www.yahoo.com/news/article/neo-launched-by-1x-what-to-know-about-the-humanoid-robot-that-will-do-your-chores-215410885.html FULL EPISODE : Rosey The Robot | The

In this episode, we explore OpenAI’s groundbreaking release GPT Atlas, the AI-powered browser that remembers your activities and acts on your behalf. Discover its features, implications for enterprise security, and the risks it poses to privacy. Join hosts Tom Eston and Scott Wright as they discuss everything from the browser’s memory function to vulnerabilities like indirect prompt injection. Stay informed on how AI browsers could reshape web browsing and cybersecurity. ** Links mentioned on the show ** OpenAI launches ChatGPT-powered web browser. What to know before downloading. https://www.usatoday.com/story/tech/2025/10/22/open-ai-launches-chatgpt-atlas-web-browser/86833766007/ OpenAI’s Atlas shrugs

In episode 404 (no pun intended!) we discuss the recurring issue of DNS outages, the recent Amazon AWS disruption, and what this reveals about our dependency on cloud services. The conversation touches on the need for tested business continuity plans, the implications of DNS failures, and the misconceptions around cloud infrastructure’s automatic failover capabilities. ** Links mentioned on the show ** An AWS failure took down the internet Monday morning – and the aftershocks continue https://www.zdnet.com/home-and-office/networking/an-aws-failure-took-down-the-internet-monday-morning-and-the-aftershocks-continue/ What the Huge AWS Outage Reveals About the Internet https://www.wired.com/story/what-that-huge-aws-outage-reveals-about-the-internet/ ** Watch this episode on

OpenAI’s Sora 2 is here — and it’s not just another AI toy. This episode explores how Sora 2 works, how users can insert almost anything into generated content, and why that’s raising alarms about privacy, identity, and copyright. We walk you through the initial opt-out copyright controversy, the backlash from studios and creators, and how OpenAI is scrambling to offer more control. Tune in to understand what rights you might lose — or want to protect — in this new media era. ** Links mentioned on the show ** Tilly

In this episode, we discuss the surge of age verification laws spreading across the US, including the recent implementation in Ohio. These laws intend to shield children but come at a significant cost to privacy and cybersecurity. We’ll explore how third-party ID verification companies operate, the risks associated with these systems, and the broader definition of adult content beyond pornography. We also question the effectiveness and security of these measures as we share insights into the ease of bypassing verification systems. Are we protecting kids, or building a privacy nightmare? **

Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how phishing programs might evolve — or even be replaced — in the future. ** Links mentioned on the show ** Find out more about ClickArmor! https://clickarmor.ca/ ** Watch this episode on YouTube ** ** Become a

Episode 400! In this special milestone edition of the Shared Security Podcast, we look back at 16 years of conversations on security, privacy, and technology. From our very first episodes in 2009 to today’s AI-driven threats, we cover the topics that defined each era, the surprises along the way, and the lessons that still matter. Plus, we share listener favorites, memorable moments, and predictions for the future of security and privacy. Thank you for being part of our journey! ** Links mentioned on the show ** Join us for the next

Join the Shared Security Podcast for a critical discussion about situational awareness with special guest, Andy Murphy, host of the Secure Family Podcast. In a world where mass shootings and violence in public places are alarming realities, staying alert to your surroundings has never been more important. Andy shares his expertise on personal and family safety, providing practical tips for recognizing unusual behavior, planning for emergencies, and teaching kids safety skills. The conversation also touches upon digital security and how situational awareness applies online. Learn how to own your safety and

In this “best of” episode of the Shared Security Podcast, we revisit a discussion from September 2020 that’s just as relevant today as it was then. First, we cover how ransomware attacks forced several school districts—including Hartford, CT and Toledo, OH—to delay or shut down classes on the very first day of school. Then we dive into Google Chrome’s new (at the time) update designed to block resource-heavy ads, making browsing faster and safer. Finally, we look at Microsoft’s warning about foreign interference attempts targeting the 2020 U.S. election. What makes

In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. The hosts discuss how the breach happened, its implications, and what organizations can do to protect themselves from similar threats. They also provide insights into Salesforce’s security posture, the role of third-party integrations, and the importance of data retention

In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused tools and making informed choices. Join the conversation in the comments or on Bluesky (@sharedsecurity). ** Links mentioned on the show ** Is convenience killing our Right to Privacy? Is convenience killing our Right to Privacy?

Public Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN. ** Links mentioned on the show ** No links mentioned in this episode. ** Watch this episode on YouTube ** ** Become a

In this episode we’re discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We’ll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app’s source code, the ensuing legal and privacy repercussions,

In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they’re effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device. ** Links mentioned on the show ** Got a weird text message? ‘Smishing’ scams likely rising because of AI,

This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what’s happening

In this episode, we examine Amazon’s Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation’s recent report criticizes Ring’s AI-first approach and the rollback of prior privacy reforms, describing it as ‘techno authoritarianism.’ We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications

In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group. ** Links mentioned on the show

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google’s APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization’s security. Thanks to

In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW’s recent breakthrough. XBOW claims to have topped HackerOne’s leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for pen testers, bug bounty hunters, and security teams, and whether this represents a genuine advancement or just more AI hype. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only

Is there really a cybersecurity talent shortage, or are we just looking in all the wrong places? This week on the Shared Security Podcast, we tackle the buzz around the so-called cybersecurity skills gap. Host Tom Eston welcomes Katie Soper, Senior Consultant at Avetix Cyber and co-founder of the CyberVault Podcast, to discuss the challenges and misconceptions in the industry. They explore whether the shortage is a myth, a mismatch, or something else entirely and what companies and professionals can do about it. With insights into hiring practices, skill shortages, and

In this episode, we explore the Kids Online Safety Act (KOSA), a controversial bill aimed at protecting children online. Joined by co-host Scott Wright, we discuss the potential implications of KOSA, including concerns about censorship, mass surveillance, and the impact on free expression and online privacy. We also touch on the broad support for the bill from both political parties and the involvement of social media giants like X. Additionally, we examine the balance between government regulation and parental responsibility in ensuring online safety for children. Thanks to Material Security for

Join us as we explore the concept of smart cities—municipalities enhanced by connected technology like sensors, cameras, and automated systems to improve services and infrastructure. We discuss the inherent vulnerabilities that come with these advancements, including cybersecurity threats and real-life incidents such as hacked crosswalk signals featuring voices of tech moguls. Our discussion covers how easily these systems can be compromised, the inadequate security measures currently in place, and the broader implications for critical infrastructure. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only

Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA’s plans. We also discuss the broader implications for identity surveillance and who truly benefits from these security upgrades. We also discuss the problems faced by individuals with name changes and the challenges they face with REAL IDs. Plus, we explore the political and social ramifications of such security measures and why

Ever worried about hidden cameras in Airbnb rentals? You’re not alone! In this episode, we explore the unsettling rise of hidden cameras in personal spaces, the inadequacy of current laws, and practical tips to detect surveillance devices. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they share insights and discuss the implications of voyeurism technology, law enforcement challenges, and personal safety strategies. ** Links mentioned on the show ** Every time I took a shower I thought: is he watching me?’ – the terrifying rise of secret cameras https://www.theguardian.com/uk-news/2025/may/27/secret-spy-cameras-voyeurism-uk

In this episode, we explore an incident where Anthropic’s AI, Claude, didn’t just resist shutdown but allegedly blackmailed its engineers. Is this a glitch or the beginning of an AI uprising? Along with co-host Kevin Johnson, we reminisce about past episodes, discuss AI safety and ethics, and examine the implications of AI mimicking human behaviors like blackmail. Join us for an in-depth conversation on the future of AI and its potential risks. ** Links mentioned on the show ** Anthropic’s new AI model turns to blackmail when engineers try to take

In this episode, we explore Mark Zuckerberg’s bold claim that AI friends will replace human friendships, and discuss the potential implications of a world where technology mediates our connections. We also update listeners on the recent developments in the 23andMe bankruptcy case and what it means for former customers. Joining the conversation is co-host Scott Wright, who shares his insights on AI, social media, privacy, and a thought-provoking book on the potential for a future US civil war. We touch on the eerie predictions of AI companionship and what this might

Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. Gain insights into social media security from the past and see how much has (or hasn’t) changed. Don’t miss out on this informative episode on web application security, user privacy, and the efforts to keep social media safe. ** Links mentioned on the show ** Original show

Join us as we explore the transformative changes in software development and cybersecurity due to AI. We discuss new terminology like ‘vibe coding’ — a novel, behavior-focused development approach, and ‘MCP’ (Model Context Protocol) — an open standard for AI interfaces. We also address the concept of ‘slopsquatting,’ a new type of threat involving AI-generated package names. Our co-hosts Scott Wright and Kevin Johnson discuss these topics, share personal insights, and ponder the future of coding in the AI era. Additionally, we draw some intriguing parallels between AI advancements and past

What would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration’s executive order that revoked the security clearance of former CISA Director Chris Krebs, following his declaration that the 2020 election was the most secure in history. Join us as we unpack the impact of these events on the cybersecurity landscape and what

Welcome to part three of our series with PlexTrac where we address data overload in vulnerability remediation. Join us as we preview the latest PlexTrac capabilities, including new ways to centralize asset and findings data, smarter workflow automation, and enhanced analytics. Guest speakers Dan DeCloss, CTO and founder of PlexTrac, and Sarah Foley, VP of Product at PlexTrac, share insights and demonstrate upcoming features. Learn about PlexTrac’s Continuous Threat Exposure Management (CTEM) framework and their exciting plans for RSA. To find out more information about PlexTrac and to get a demo

Planning to travel to the United States? This episode covers recent travel advisories regarding US border agents searching electronic devices, regardless of your citizenship status. Learn essential tips on smartphone security and how to protect your personal information, especially when attending protests. Scott Wright joins the discussion to provide valuable insights on safeguarding your data. Also covered are newer communication technologies like Meshtastic and advice on physical security measures to consider. ** Links mentioned on the show ** So you want to go to the USA? Are you sure? Here’s how

In this episode, we discuss the urgent need to delete your DNA data from 23andMe amid concerns about the company’s potential collapse and lack of federal protections for your personal information. Kevin joins the show to give his thoughts on the Signal Gate scandal involving top government officials, emphasizing the potential risks and lack of accountability. We also touch on the importance of proper communication and document retention in government operations. Stay tuned for insights and steps you can take to protect your data. ** Links mentioned on the show **

In this episode, host Tom Eston discusses recent privacy changes on eBay related to AI training and the implications for user data. He highlights the hidden opt-out feature for AI data usage and questions the transparency of such policies, especially in regions without strict privacy laws like the United States. The host also explores how AI is transforming our understanding of privacy and the potential increase in AI-driven surveillance. Tune in for insights on navigating these evolving challenges and the future of data privacy. ** Links mentioned on the show **

In this special episode of the Shared Security Podcast, join Tom Eston and Dan DeCloss, CTO and founder of PlexTrac, as they discuss the challenges of data overload in vulnerability remediation. Discover how PlexTrac addresses these issues by integrating various data sources, providing customized risk scoring, and enhancing remediation workflows. The episode offers an insightful look into PlexTrac’s powerful features, real-world success stories, and how these tools help teams prioritize and act on critical findings efficiently. Don’t miss out on learning how to turn overwhelming data into actionable insights and maintain

In part one of our three part series with PlexTrac, we address the challenges of data overload in vulnerability remediation. Tom hosts Dahvid Schloss, co-founder and course creator at Emulated Criminals, and Dan DeCloss, CTO and founder of PlexTrac. They share their expertise on the key data and workflow hurdles that security teams face today. From managing influxes of scanner data and asset management tools to prioritizing meaningful security actions, this episode offers valuable insights. Learn about the importance of context, the integration of threat intelligence, the future role of automation,

In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox’s privacy policy and what it means for user data. ** Links mentioned on the show ** We Are Canadian Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/ https://www.zetter-zeroday.com/email/23342106-9d66-493e-807b-3eb3efd21b13/ The Firefox I loved is gone – how to protect your

In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple’s decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the implications for both government and corporate security. ** Links mentioned on the show ** Trump 2.0 Brings Cuts to Cyber, Consumer Protections https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/ “We will never build a backdoor” – Apple kills its iCloud’s end-to-end encryption

In this episode, we welcome cybersecurity researcher and YouTube legend John Hammond. John shares insights from his career at Huntress and his popular YouTube channel, where he creates educational content on cybersecurity. He introduces his new platform, Just Hacking Training, aimed at providing affordable, high-quality training. John also discusses current trends in cybercrime, the role of AI in attacks, and provides tips on avoiding social engineering. The episode highlights an upcoming Capture the Flag event hosted by Snyk, and how Just Hacking Training offers access to archived CTF challenges for continuous

In this episode, we discuss the UK government’s demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy. We also discuss the first known case where AI chatbots were used in a stalking indictment, highlighting the dangers of technology misuse and the challenges it poses for legal systems. Join hosts Tom and Scott as they explore these pressing issues and introduce a new sub segment ‘AI Spy’ to focus on AI risks. Stay safe, stay secure,

In this episode we welcome Kathleen Smith, CMO of ClearedJobs.net, to discuss the current state of the cybersecurity job market. Kathleen shares her extensive experience in the field, recounting her tenure in various cybersecurity events and her contributions to job market research and recruiting. She discusses challenges such as distinguishing between genuine workforce shortages and hype, the importance of precise job descriptions, and the impacts of using AI in resume generation. Kathleen emphasizes that thorough job searches and well-crafted resumes are crucial for job seekers. Additionally, she highlights the need for

In this episode, we explore the rollout of digital driver’s licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese AI model, DeepSeek, which is affecting U.S. tech companies’ stock prices. Join us as we provide insights on these emerging trends and their implications. ** Links mentioned on the show ** Illinois residents may soon be able to own digital driver’s licenses and state IDs https://www.sj-r.com/story/news/state/2025/01/15/digital-state-ids-licenses-could-be-available-soon-in-illinois/77697952007/ DeepSeek’s popularity exploited by malware

In this episode, we discuss the latest issues with data brokers, focusing on a breach at Gravy Analytics that leaked 30 million location data points online. We also explore a vulnerability in Subaru’s Starlink system that allows unrestricted access to vehicle controls and customer data using just a last name and license plate number. Co-host Kevin Johnson joins the discussion to share insights and emphasize the need for stronger privacy regulations. ** Links mentioned on the show ** Data broker Gravy Analytics confirms a data breach after a hacker leaked millions

In this episode, we explore Meta’s recent decision to replace traditional fact-checking with community notes and its potential impact on misinformation. We also discuss the implications of a TikTok ban in the U.S., with users migrating to similar apps like RedNote. The conversation covers the challenges of maintaining reliable information in social media and the shifting landscape of news consumption. Additionally, we delve into issues regarding AI-generated content, privacy concerns with Chinese-owned apps, and the importance of personal responsibility in fact-checking. ** Links mentioned on the show ** Meta ditches fact-checking

Do you ever read the privacy policy of your favorite AI tools like ChatGPT, Gemini, or Claude? In this episode, Scott Wright and Tom Eston discuss the critical aspects of these policies, comparing how each AI engine handles your personal data. They explore the implications of data usage, security, and privacy in AI, with insights from industry giants like Anthropic’s CEO, Dario Amodai. Are these AI tools safe to use? Find out as we break down the complexities and share our thoughts on the future of AI – and its impact

Join us as we reminisce about Y2K, the panic, the preparations, and the lessons learned 25 years later. We also discuss the implications for future technology like AI and potential cybersecurity crises. Plus, in our ‘Aware Much’ segment, Scott shares tips on protecting your data if your phone is stolen. Happy New Year and welcome to our first episode of 2025! ** Links mentioned on the show ** Y2K at 25: Panic, preparation and payoff https://mashable.com/article/y2k-25-years-later Protecting your data when your phone is stolen – literally right out of your hands

In the final episode of the Shared Security Podcast for 2024, join us as we recap our predictions for the year, discuss what we got right and wrong, and highlight our top episodes on YouTube. We also extend a heartfelt thank you to our Patreon supporters and special guests. Plus, stay tuned for our predictions for 2025 and some fun discussions on AI’s impact, phishing attacks, and more. Happy New Year and thank you for your support! ** Links mentioned on the show ** Our 2024 Prediction Episode https://sharedsecurity.net/2023/12/25/the-year-in-review-and-2024-predictions/ Become a

In this episode Tom, Scott, and Kevin discuss the vulnerabilities of digital license plates and the potential for hackers to exploit them. They explain what digital license plates are and how they work. The ‘Aware Much?’ segment covers the topic of suspicious text messages and why you should avoid responding to unknown senders. The team also shares personal project frustrations and emphasizes the importance of cybersecurity measures in IoT devices. Stay tuned for insightful discussions and practical advice on staying secure. ** Links mentioned on the show ** Hackers Can Jailbreak

In Episode 359 of the Shared Security Podcast, the team examines a shocking hack-for-hire operation alleged to target over 500 climate activists and journalists, potentially involving corporate sponsorship by ExxonMobil. They explore the intricate layers of this multifaceted campaign and the broader implications on security risk assessments. Additionally, Scott discusses the massive Salt Typhoon hacking campaign attributed to China, which has compromised major U.S. telecommunications companies, and the surprising shift in U.S. government stance on end-to-end encryption. Join Tom, Kevin, and Scott for their in-depth analysis and a touch of humor

Join us for an insightful episode of the Shared Security Podcast as Tanya Janca returns for her fifth appearance. Discover the latest on her new book about secure coding, exciting updates in Application Security, and the use of AI in security. Learn how her new book goes deeper into secure coding practices, backed by her practical experiences and detailed research, aimed at empowering developers with actionable advice. Don’t miss Tanya’s take on privacy, better security practices, and much more! ** Links mentioned on the show ** Pre-order Tanya’s new book “Alice

In this episode, we discuss Australia’s new legislation banning social media for users under 16 and its potential impact. Our hosts also explore the issue of vishing (voicemail phishing), why it’s escalating, particularly during the holiday season, and how to protect yourself against these scams. Plus, we celebrate a milestone on our YouTube channel and share some fun community feedback! ** Links mentioned on the show ** Australia launches bill banning social media for under 16s https://www.dw.com/en/australia-launches-bill-banning-social-media-for-under-16s/a-70838309 Voice Phishing Attacks: How to Prevent and Respond to Them https://securityboulevard.com/2024/11/voice-phishing-attacks-how-to-prevent-and-respond-to-them/ ** Watch this

In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue Sky, and Mastodon, discussing user experiences and migrations. The episode wraps up with a humorous and radical suggestion for dealing with data brokers. Tune in for an engaging discussion on security, privacy, and the impact of

In episode 355, Tom discusses his decision to deactivate his Twitter accounts due to privacy concerns with Twitter’s new AI policy and changes in the blocking features. He outlines the steps for leaving Twitter, including how to archive and delete tweets, and evaluates alternative platforms such as Bluesky, Mastodon, and Threads for cybersecurity professionals seeking new social media spaces. ** Links mentioned on the show ** X updates block feature, letting blocked users see your public posts https://techcrunch.com/2024/11/03/x-updates-block-feature-letting-blocked-users-see-your-public-posts/ Changes in X’s Privacy Policy Promote AI https://etownian.com/main/news/changes-in-xs-privacy-policy-promote-ai/ Dropping X for Bluesky? These

In episode 354, we discuss the emergence of the term ‘Advanced Persistent Teenagers’ (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without the correct password and its implications. Tune in for an engaging conversation on the evolving landscape of cyber threats. ** Links mentioned on the show ** The biggest underestimated security threat of today? Advanced persistent teenagers

In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution. In the ‘Aware Much’ segment, Scott explains how mortgage wire fraud works and provides essential tips for real estate transactions to avoid such scams. Plus, a quick recap on our popular AI-powered toilet cameras episode. ** Links

In this episode, we discuss the significant data breach at the Internet Archive, affecting 33 million users. We also examine the introduction of an AI-integrated toilet camera by Throne, designed for health monitoring by analyzing bodily waste, and the ensuing privacy concerns. We explore these technological advancements alongside other unusual tech innovations, touching upon security issues with home cameras, personal data in health apps, and broader implications for privacy and technology. ** Links mentioned on the show ** Internet Archive hacked, data breach impacts 31 million users https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/ Internet Archive breached

In episode 351, hosts Tom and Scott explore an unusual incident where robot vacuums were hacked to shout obscenities, exposing significant IoT security issues. The discussion includes the mechanics of the Bluetooth hack and its broader cybersecurity implications. Additionally, the ‘Aware Much?’ segment reveals the world of hidden printer tracking dots, used for tracing document origins and their historical use by governments for tracking. This episode also highlights the technology’s role in preventing currency counterfeiting and capturing high-profile leaks, underscoring the intersection of privacy and security in modern times. ** Links

In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast’s evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies. The ‘Aware Much’ segment focuses on the lack of change in user behavior towards cybersecurity, highlighting persistent issues like inadequate password manager usage and infrequent software updates. The episode covers historical insights into social media’s evolution, including privacy guides and LinkedIn’s fake

In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community’s perspectives on these evolving issues. ** Links mentioned on the show ** Millions

In episode 348, Tom and Scott discuss Discord’s new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. They also address LinkedIn’s controversial move to automatically opt users into using their data to train AI models without initial consent, suggestions for opting out, and the broader implications for user privacy. ** Links mentioned on the show ** Meet DAVE: Discord’s New End-to-End Encryption for Audio and Video https://discord.com/blog/meet-dave-e2ee-for-audio-video LinkedIn is using your data to train generative AI models.

In Episode 347, we discuss the recent alarming incidents involving exploding pagers targeting Hezbollah operatives in Lebanon, which resulted in multiple casualties. We clarify why this is not a cyber attack and should not cause widespread panic about personal device safety. Additionally, we cover Instagram’s new policies to default teen accounts to private and the implications for parental control and teen safety on social media. ** Links mentioned on the show ** Exploding pagers belonging to Hezbollah kill 8 and injure more than 2,700 in Lebanon https://www.nbcnews.com/news/world/hezbollah-pagers-expolsion-lebanon-handheld-devices-rcna171457 https://www.reuters.com/world/middle-east/israel-planted-explosives-hezbollahs-taiwan-made-pagers-sources-say-2024-09-18/ Introducing Instagram Teen

In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. We also explore recent research on the privacy concerns surrounding donations to political parties through their websites. Additionally, we celebrate the 15th anniversary of the podcast and share some reflections and fun facts about the journey. Join us for this insightful and informative episode! ** Links mentioned on the show ** Security Justice Podcast (2008-2011) https://archive.org/details/securityjustice Your personal data is political: W&M computer scientists find gaps in the privacy practices of campaign websites

This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of Bitcoin ATM scams exploiting older adults, providing essential tips to protect your loved ones from these devious schemes. Tune in for unique insights and vital cybersecurity advice! ** Links mentioned on the show ** Bypassing airport security via SQL injection https://ian.sh/tsa https://x.com/mattjay/status/1831004620950278397?s=46&t=S0l2WLszljUYE1vbjB4M9A FTC: Over $110 million lost to Bitcoin ATM scams in 2023 https://www.bleepingcomputer.com/news/security/ftc-americans-lost-over-110-million-to-bitcoin-atm-scams-in-2023/ ** Watch this episode on

In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app’s encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including ‘LulaRich’ about the LuLaRoe leggings company and ‘Class Action Park’ about a dangerous theme park in New Jersey. Tune in to hear our thoughts on these topics and more! ** Links mentioned on the show ** The Arrest of Pavel Durov Is a Reminder

This week, we discuss Google’s recent accusation by the U.S. Justice Department for being a monopoly and its implications for privacy and cybersecurity. We also cover essential privacy settings for Alexa smart speakers and their importance. Join the hosts, Tom, Kevin, and Scott, for an engaging conversation on these topics, along with a segment from ClickArmor on cybersecurity training. Plus, a recap of the Black Hat and BSides Las Vegas conferences. ** Links mentioned on the show ** Google illegally maintains monopoly over internet search, judge rules https://apnews.com/article/google-antitrust-search-engine-verdict-apple-319a61f20fb11510097845a30abaefd8 5 Amazon Alexa

In episode 342, we discuss the effectiveness of people-search removal tools like DeleteMe and Reputation Defender, based on a study by Consumer Reports. We also cover how almost every American’s social security number has potentially been stolen by hackers and shared on the dark web. Scott and Tom talk about the importance of protecting your personal information and methods to do so, including manually removing data and placing credit freezes. Plus, we touch on Canada’s privacy laws and wrap up with our Aware Much segment. Stay safe, stay secure, and stay

Join us for this special live edition of the Shared Security Podcast, recorded in scorching Las Vegas at Black Hat 2024. Host Tom Eston is joined by Shourya Pratap Singh, Principal Software Engineer at SquareX. They discuss highlights from Black Hat 2024, emerging themes in cybersecurity such as AI-based threats, compliance, and cloud security. The conversation also covers the DEF CON talk given by Vivek and Shourya on Last Mile Reassembly Attacks, which exposes a critical flaw in Secure Web Gateways (SWGs) and introduces an open-source toolkit for Red Teams.

In episode 341, we cover the unprecedented global IT outage caused by a CrowdStrike update crash, affecting 8.5 million Windows machines. We discuss whether it’s the largest outage in history and discuss the intricacies of internet accessibility and responses from key stakeholders like Microsoft. Also, in our Aware Much segment, we explore Japan’s AI system, Mr. Smile, designed to standardize employee smiles, and its implications on employee monitoring. Plus, we welcome back Kevin and give a special shout-out to our latest Patreon supporter. ** Links mentioned on the show ** CrowdStrike

In this episode, Tom Eston hosts Jeswin Mathai, Chief Architect at SquareX. This episode is part two of a series featuring SquareX, and Jeswin takes a deeper look into their cybersecurity solutions. Jeswin shares his extensive experience in the field and details how SquareX offers innovative protections at the browser level to guard against phishing attacks and other online threats. Learn about their unique approach by monitoring user activity in a privacy-safe manner and leveraging the power of modern browsers and device capabilities. Jeswin also discusses the limitations of traditional antivirus

In this episode, host Tom Eston welcomes Dan DeCloss, founder and CTO of PlexTrac. They exchange insights about their history at Veracode and explore Dan’s journey in cybersecurity. Dan shares his experience in penetration testing, the origins of PlexTrac, and the need to streamline reporting processes. The conversation also covers the state of the cybersecurity industry, the impact of generative AI, and future challenges such as deepfake technology. Dan touches upon the evolution of attackers and the role of both AI and human elements. The episode wraps up with thoughts on

In episode 339, hosts Tom Eston and Scott Wright discuss the massive AT&T data breach affecting 110 million customers, which is larger than a previous breach from March affecting 73 million customers. They also talk about the importance of reading privacy policies on sites like Facebook and Instagram, as these platforms may use user data to train AI models. Additionally, they explore the implications of third-party cloud platform breaches, specifically mentioning the Snowflake incident. The ‘Aware Much?’ segment highlights evolving privacy policies, with Meta’s revised policy allowing user data for AI

In episode 338, we discuss the recent breach of the two-factor authentication provider Authy and its implications for users. We also explore a massive password list leak titled ‘Rock You 2024’ that has surfaced online. Find out why this file may not be as significant as it seems and the importance of avoiding password reuse. Stay tuned for our ‘Aware Much?’ segment with Scott Wright, featuring insights on credential stuffing and practical password management tips. ** Links mentioned on the show ** Using Authy? Beware of impending phishing attempts https://www.helpnetsecurity.com/2024/07/11/using-authy-beware-of-impending-phishing-attempts/ Nearly

In episode 337, we cover “broken” news about the new SSH vulnerability ‘regreSSHion‘ highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police Department’s new guidelines on facial recognition technology following a lawsuit over a wrongful arrest due to misidentification, shedding light on the broader issues with such technologies, especially their impact on minorities. Lastly, in the ‘Aware Much’ segment, Scott shares essential tips on securely wiping personal data from old PCs, laptops, smartphones, and other electronic devices before selling or disposing

In episode 336 of the Shared Security Podcast, we discuss the Biden administration’s recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We also highlight the importance of keeping all software updated, using recent examples of supply chain attacks that have compromised several popular WordPress plugins. Join hosts Tom Eston and Scott Wright as they examine these key cybersecurity issues and emphasize proactive security measures. Plus, find out why co-host Kevin Johnson is missing this week and get the latest updates from

In this special episode of the Shared Security Podcast, host Tom Eston interviews Vivek Ramachandran, the founder of SquareX. Vivek shares his journey in WiFi security, recounting his introduction of the Cafe Latte man-in-the-middle attack and founding of Pentest Academy. He discusses his latest venture, SquareX, a company focused on browser security to protect employees from client-side attacks. Vivek explains SquareX’s workings, industry challenges, and insights into Secure Web Gateways (SWGs). He also previews his upcoming DEF CON talk on bypassing SWGs and shares thoughts on AI in cyber-attacks. Learn about

In this episode of the Shared Security Podcast, the team debates the Surgeon General’s recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft’s delayed release of CoPilot Plus PCs due to security concerns and reflect on the underlying privacy issues. Join Tom, Scott, and Kevin for these engaging discussions and more! ** Links mentioned on the show ** Recall recalled (delayed) https://www.bleepingcomputer.com/news/microsoft/microsoft-delays-windows-recall-amid-privacy-and-security-concerns/ The Surgeon General’s

In episode 334, hosts Tom Eston, Scott Wright, and Kevin Johnson discuss two major topics. First, they explore the ongoing legal battle between Citizen Lab and the Israeli spyware company NSO Group. The courts have consistently blocked NSO’s attempts to access Citizen Lab’s documents to protect victim privacy. Second, they discuss Apple’s new AI features announced at their developer conference, prioritizing user privacy through opt-in by default, and its implications. Kevin shares strong opinions on NSO Group, while the hosts also review Citizen Lab’s investigative work and Apple’s approach to AI

In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the rise of work-from-home job scams is analyzed, highlighting FBI warnings and tips to avoid falling victim to such schemes. The success of a past episode on Microsoft’s new recall feature is also mentioned, emphasizing privacy concerns

In this episode host Tom Eston welcomes Jen VanAntwerp, founder of Sober in Cyber. Jen shares her journey in cybersecurity and marketing, and discusses the motivation behind creating alcohol-free networking events. Sober in Cyber provides much-needed alternatives to typical alcohol-centered industry events, fostering inclusive environments for both sober professionals and those simply seeking a different experience. Tune in to learn about their successful sober events, the growing support for such initiatives, and how they foster authentic professional connections without the influence of alcohol. For more details, visit SoberInCyber.org and join their

Episode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsoft’s Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by default. Tom and Kevin express significant concerns over the implications for privacy, data security, and the potential for misuse of these features. Discussions cover the technical workings, potential vulnerabilities, and broader impacts of these technologies on