Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.

Visit https://www.smashingsecurity.com/278 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Geoff White.

Sponsored By:

• Snyk: Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
• 
  
• Get started right now, with a free forever account, at snyk.co/smashing
• Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
• 
  
• Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
• 
  
• You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
• Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
• 
  
• Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.

Support Smashing Security

Links:

• Double-double tracking: How Tim Hortons knows where you sleep, work and vacation — Financial Post.
• Report: Tim Hortons collected location data without consent — The Register.
• Joint investigation into location tracking by the Tim Hortons App — Office of the Privacy Commissioner of Canada.
• Mandiant: “No evidence” we were hacked by LockBit ransomware — Bleeping Computer.
• Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act — Dept of Justice.
• DOJ: Congress looked into CFAA updates but effort was stalled by extortion concerns — The Record.
• The (still) unanswered questions around the CFAA and ‘good faith’ security research — SC Magazine.
• Sex Education — Netflix.
• Forest fr1ends — Twitter.
• Inch Calculator.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

This podcast uses the following third-party services for analysis:

OP3 - https://op3.dev/privacy