Oops! I auto-filled my password into a cookie banner
Smashing Security
Graham Cluley
4.7 • 579 Ratings
🗓️ 27 August 2025
⏱️ 35 minutes
🧾️ Download transcript
Summary
We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault.
Then we time-hop to the post-quantum scramble: "harvest-now, decrypt later", Microsoft's 2033 quantum-safe pledge, and whether your printer will survive the update apocalypse.
All this, plus a gloriously dodgy URL “shadyfier,” and turning the iconic iMac G4 into a modern media hub.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Thom Langford.
EPISODE LINKS:
- DOM-based Extension Clickjacking: Your Password Manager Data at Risk - Marek Tóth.
- Major password managers can leak logins in clickjacking attacks - Bleeping Computer.
- Microsoft to Make All Products Quantum Safe by 2033 - Infosecurity Magazine.
- Shady URL.
- DockLite G4 - Juicy Crumb.
- I perfected the iMac G4 - YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!
FOLLOW THE SHOW:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
ENJOYED THE SHOW?
Make sure to check out our sister podcast, "The AI Fix".
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Some people do have strong passwords, but they've only got one. |
| 0:06.7 | Maybe you've used a num... I can't say nomonic. |
| 0:09.7 | Menomic? |
| 0:10.2 | Yes. |
| 0:11.0 | Menorminom. |
| 0:11.7 | D-do-d-d-do. Smashing Security, Episode 432. |
| 0:25.7 | Oops, I auto-filled my password into a cookie banner with Graham Cluley. |
| 0:31.3 | Hello, hello, and welcome to Smashing Security episode 432. |
| 0:34.8 | My name's Graham Cluley. |
| 0:36.2 | And I'm Tom Langford. |
| 0:37.8 | Tom, welcome back on the show. Lovely to have you here. Yes, thank you very much. It feels |
| 0:43.0 | like it's been forever, but I know it hasn't. Well, not forever, but it's been a while. |
| 0:47.3 | It's been a while. Yeah. Everything going well with you and the host Unknown podcast? |
| 0:52.3 | It's going very well. We're on episode 224 or something like that. |
| 0:57.5 | It is astonishing that you've kept going all this time. |
| 1:01.4 | It's astonishing that we've not been taken off. I find it astonishing as well, but maybe for different reasons. |
| 1:08.5 | This week on Smashing Security. We won't be talking about how a researcher downloaded the data of over a quarter of a |
| 1:15.4 | million Intel employees from an internal business card website and a breach dubbed Intel |
| 1:21.7 | Outside. |
| 1:23.5 | You'll hear no discussion of... |
| 1:25.2 | How distraction, lack of training and burnout, not technical complexity are the factors driving most breaches. |
| 1:34.5 | And we won't even mention... |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Graham Cluley, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Graham Cluley and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.