Locked Down - The Spotify Security Podcast

In 2022/3 I discovered that I had been the victim of complex repeat pattern digital offending by partie(s) using Amazon Kindle Fire tablets to access my personal privileged data, application data, images, contact data, Prime video and shopping data, Alexa logs and voice data. On discovering the depth of the hack I immediately contacted Amazon in the US as would be the norm as an ethical hacker to give full disclosure. I spoke to Amazon's Principal Engineer who arranged meetings with the Head of Amazon Security for devices and a three hour meeting ensued. Logged access to the hack data was provided and from that a workflow followed to patch major huge vulnerabilities in the Amazon Fire Kindle ecosystem. These had come from poor design planning of the Kindle's authentication model, device provisioning and API model and the lack of communication between device management folk and the user experience team.Amazon had time and grace to get these fixed, alongside two other issues which remain unfixed (including a huge privacy breach in the Amazon Echo range of products that is still unpatched as of June 12th 2025). I am giving Amazon 90 days from today to fix that or I will go public with that matter and the fallout from that could be even bigger than the issues with the bugs and holes I came to Amazon with in summer 2023. I am aware from an internal whisteblower at the highest level in Amazon whose messages and recorded audio I retain, of procedures and practices that do not paint Amazon in a good light took place in the weeks after I gave full disclosure to Amazon's Head of Security. I am also very aware of pressure placed on a major US news publishing company to not run the story (see the link https://practical-tech.com/2023/06/13/how-an-amazon-fire-kids-tablet-was-allegedly-used-to-stalk-a-security-pro/ where part of the story in sanitised format was published). However, this is a major vulnerability that Amazon chose not to communicate to end users, end users where the devices were in the hands of children and vulnerable adults globally. Where Amazon did not release changelogs or security errata or any CVE data. Which just looks like you're trying to make sure as few people as possible know.Additionally Amazon did not publish the risks of this and also the wider definition of the huge problem and the consequences of that issue to the Security Exchange Commission (the SEC) in their 10Q and 8Q filings. And have never sought to do so. Amazon have failed to answer emails and messages since Steven J Vaughn Nicholls, one of the world's foremost respected technology journalists ran the story.I've asked the Head of Amazon Security repeatedly to jump in. He's chosen not to do so. I've reached out to Amazon's Investor Relations and they have a responsibility, at the earliest opportunity to now engage with the SEC to explain the conduct of Amazon in misleading the markets and also not taking the opportunity to engage with end users especially those where these bugs and vulnerabilities that were used to attack myself, my children and my family and people in my homes, vehicles, and my office (by virtue of Alexa being my default assistant on my phone).And Amazon having failed to live up to the expectations of the community and their customers whose privacy and safety they failed to take seriously. Yet when a globally respected security author, friend of Amazon, journalist and podcaster comes to you with actual evidence of domestic abuse perpetuated using your technology you circle the wagons and hope it goes away.Listen in, I think we can establish that was not the best course of action.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

This show was recorded INSIDE BBC Broadcasting House in Central London interviewing the amazing Bill Thompson for a second time. We talk about digital transformation, digital rights, security of data and reputation. Recorded live on the studio floor of the BBC Science team responsible for BBC ClickBrought to you by Voxiferi BroadcastingThis is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Sat down with me today is Lance James, Chief Scientist at Flashpoint. Flashpoint are probably THE guys to go to when you think about emerging threat. If you've seen Mr Robot, Flashpoint is about as close to that as it gets, except real world. Threat identification, planning and looking at emerging threat globally, looking at terrorist threat, cyber terrorism, ransomware etc. Lance is a good friend and I always panic before recording as he and I will laugh like drains if allowed. Lance is the author of "Phishing Exposed", former Deloitte, working with CBC, CNN, the BBC, the David Lawrence Show, ZDNet, Wired News, CSO, USA Today, Fox News, and the Washington Post and now seen live on US TV as a security anchorman. He's also my drinking buddy.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

The RSA Conference organising committee do an amazing job every year to spend 365 days putting together the best conference they can and the continual planning for other geographic RSA events.I'm joined on the show by Todd Inskeep and he and I detail why attending RSA, being an exhibitor or an attendee is so vital to be taken credibly and to increase your chances of succeeding in security or dealing with emerging threat.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Jim Reavis is one of my trusted long term friends in the world of security. He has built up with tenacity the global presence of the CSA and to work hard to ensure that tools that have come of CSA have slowly but surely affected the way governments understand threat.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Dick is in San Francisco recording with the UK Government - yes, in the US, taking coals to Newcastle

I mentioned ZoneFox in my column on TheStack yesterday. Well I think it’s time you heard them talk. They are an ethical and hugely talented startup in Scotland. I really hope they are NOT acquired soon. I think being acquired could be the dumbest thing they could do unless it was on the promise of their product and futures being assured. This technology, and I am really hard to impress, is one of the diamonds of RSAConference this year. Sadly 99.8% of the people attending will come away without ever hearing of it. So lets do something about that. Listen to this show because if you are a developer or a company executive you’re going to come away thinking - I want or need this product. It’s THAT good. This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Ever seen the thriller series "Person of Interest" ? In the show an overarching computer called "The Machine" knows and sees everything, Nuix an Australian company staffed by former military intelligence staffers has produced just that. Keith and I discuss.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Bastille-Networks are clever folk. They are in the top three IoT security companies on the planet and Marc Newlin is a smart engineer, listen in because there is a vulnerability he has discovered which should concern us all. I’m not going to spoil this - Go listen…. This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com

This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Neira Jones is one of the most forthright exponents of doing security right in the financial and payments industry. Acclaimed by the press and fellow professionals as the top of her field it was great to have her come and sit in on the show and be on my panel here at CES2016.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

ExoScale are one of my favourite companies in Switzerland a country I adore since childhood. Come listen to them talk to me about their community built secure cloud. This is the second time they've been on my podcast - first time was a few years ago in Amsterdam. Listen in now.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Mikko Hypponen is one of the nicest security guys on the planet. Chief Research Scientist at F-Secure, 25 year veteran of the security industry. Probably the BEST security orator in the world and this podcast is long overdue. We talk about threat landscape, some predictions, fads, trends, pinball, container security, ransomware etc.Tune in - we keep it real.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Dr JR Reagan is one of the most forward thinking CiSO in the security industry, a thought leader an inspirational security professional that is highly in demand for speaking opportunities. A coup to get him on the show and we talk with honesty and brevity about how to think about security management in cloud and to try and work out roles, responsibilities, security engineering, scalability etc.A must listen to for the savvy CIO or CiSO.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Joining me on the show today are Eurotech who are partnering with Red Hat in the IoT world. We talk with Andrea Ceiner who is Product Marketing Manager M2M/IoT at Eurotech. Recently Red Hat announced publically that we had chosen Eurotech as our partner for intelligent gateways and this podcast gives you a deep dive as to why we are working so closely together. This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Joining me on the show this morning is Martin Percival Senior SI Solutions Architect here at Red Hat EMEA. Martin is one of our global team of solution architects who works daily with our customers to add strength in depth to their aspirations.We try to explain what Red Hat brings to the marketplace, what we actually do - compared to what you think we do. Listen in.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

I am joined on this show by Evelyn de Souza from Cisco. Evelyn is a huge security voice in Cisco Systems working in the Chief Technology and Architecture Office (CTAO). Well known for her public speaking and security leadership. Like me she also contributes and supports the Cloud Security Alliance where she is a strategy advisor. We talk about her CHAOS thery concept and also how Cloud Access Service Brokers will change cloud security, how we need to think about the positioning of security services and solutions and just be more grown up about architecture.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Jim Reavis joins me from Cloud Security Expo 2016 at London ExCel centre. Jim is now on his fifth podcast with me since 2012 and we talk Cloud Security Access Brokers, changes at the CSA, we talk about why you can't be lax about not using freely available matrixes and resources and why you should be working with the CSA. We look ahead to the end of May where we will be presenting in Dublin so for more info check the website or the Twitter (or my Twitter) feeds.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

Lance previously joined me at RSAC in March. If you saw Mr Robot Decoded - the warmup show for Mr Robot season 2 you'll have seen Lance talking about what drives hackers. So we thought wouldn't it be good to really do a deep dive about why hackers do what they do, what it means for you. This is education as good as it gets and it's costing you nothing to listen to. This is part 1 of a 2 part show. Tune in next week for the next one.This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.

This is part 2 of the 2 part podcast talking to Lance James of Flashpoint who you may have seen on Mr Robot Decoded the Season 2 warmup for USANetwork's award winning Mr Robot. Companies and conferences globally pay a fortune to have Lance appear on stage. So for you guys to have an hour of his time in two half hour podcasts this stuff is worth it's weight in gold. We talk how to build out your network, be a better infosec professional, how to lead and how to build usecases and risk operations strategies seriously.These two shows are some of the best security content you'll listen to in 2016 so download and share !This is content created and hosted by Voxiferi Studios - for more information visit https://voxiferi.com Hosted on Acast. See acast.com/privacy for more information.