Smashing Security podcast #469: What your Oura ring won’t tell you
Graham CluleyArchived May 28, 2026✓ Full text saved
CISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted - and when one journalist asked the company how often it hands user data to law enforcement, the answer was quite telling. Plus don't miss our featured interview with OPSWAT's Benny Czarny about his new book "Cybersecur
Full text archived locally
✦ AI Summary· Claude Sonnet
Graham Cluley @ 12:05 am, May 28, 2026
@grahamcluley.com
/ grahamcluley
CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile.
Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and when one journalist asked the company how often it hands user data to law enforcement, the answer was quite telling.
Plus don’t miss our featured interview with OPSWAT’s Benny Czarny about his new book “Cybersecurity Upside Down.”
All this and more in episode 469 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Lesley Carhart.
Smashing Security #469
What your Oura ring won't tell you
↺ 15 ↻ 30 0:00
0:00 0:00
0:00 1×
Show full transcript ▼
Host:
Graham Cluley:
@grahamcluley.com @gcluley@mastodon.green / grahamcluley
Guest:
Lesley Carhart
@hacks4pancakes.com @hacks4pancakes@infosec.exchange / lcarhart
Episode links:
Canadian man arrested by international authorities, charged with administrating KimWolf DDoS botnet – US Dept of Justice.
700+ education and tech websites hijacked in huge ClickFix malware campaign – Malwarebytes.
Leaked Documents Reveal Russian ‘Cognitive Strikes’ Against the West – Including Islamophobic ‘Pig Head’ Attacks in Paris – OCCRP.
Lawmakers Demand Answers as CISA Tries to Contain Data Leak – Krebs On Security.
US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs – TechCrunch.
Oura says it gets government demands for user data. Will it share how many? – This Week In Security.
Privacy and transparency of fitness tracking devices – Whyli.
Upfest – Europe’s largest street-art festival.
Magnets Are Bad For Hardware Again – Hackaday.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
XBOW – The autonomous offensive security platform that helps security teams scale. Start a pentest today.
OPSWAT – Read Benny Czarny’s book, “Cybersecurity Upside Down”, to rethink how you protect your organization from file-based threats, including those powered by AI.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Join Smashing Security PLUS for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Found this article interesting? Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.
Data loss
Law & order
Podcast
Privacy
#CISA
#data breach
#GitHub
#Oura
#Podcast
#Smashing Security
#wearables
Graham Cluley
Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.