In this episode, the hosts discuss a significant vulnerability found in Kia's web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST's updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community's perspectives on these evolving issues. Show notes: https://sharedsecurity.net/2024/10/07/kia-security-flaw-exposed-nists-new-password-guidelines/