British newspaper The Daily Mail has published an article on its website, designed to petrify millions of customers of Barclays Bank.
The headline breathlessly reads:
“Has Barclays given millions of customers ‘anti-virus software’ that’s actually SPYING on them for the Russian government?”
Make a note. Whenever you see the Daily Mail publish a headline which asks a question, the correct answer is invariably “no”. If they had any reason to believe it was “yes”, then they wouldn’t have posed it as a question.
The truth is that newspapers post these “Is the Loch Ness Monster on Tinder?”-style headlines because they know they’ll get more clicks than if they use a headline which reflects the actual conclusion of the article.
As we’ll see when we dig into this article, the story just doesn’t stand up.
Security chiefs are concerned that free anti-virus software handed out by Barclays is spying on customers for the Russian government.
GCHQ officials have been concerned about the Kaspersky Lab, which is led by a former Soviet military intelligence expert and supplied the bank with the software, amid fears it may have been influenced by Vladimir Putin’s Federal Security Service.
There are now fears that any Barclays customers who are in high-security jobs are at risk of having their personal files hacked.
From the above preamble to the article you imagine that you’ll find some juicy background on how worried GCHQ is about Kaspersky, or some anonymous sources within Barclays confiding their concerns to the Daily Mail.
But instead you get this…
However, both Barclays and GCHQ have confirmed that neither organisation has been in contact with the other about any potential breaches.
A spokesman for the relevant arm of GCHQ, the NCSC, told the Financial Times: “The NCSC has never advised Barclays against the use of Kaspersky products. Any suggestion to the contrary is categorically untrue. The NCSC is not a regulator and does not mandate or ban any products. Our certification schemes do not currently cover anti-virus or anti-malware services.”
A Barclays spokesman corroborated this, adding: “We have never received any advice or guidance from GCHQ or the National Cyber Security Centre in relation to Kaspersky.”
And that’s it, aside from a standard statement from Kaspersky denying any wrongdoing.
The Daily Mail‘s frankly pointless article, and utterly misleading headline, come amid real problems for Kaspersky in the United States – where it is finding itself controversially attacked by competitors and struggling to keep contracts after private briefings from the FBI.
You can hear more about the pickle Kaspersky has found itself in, in this edition of the Smashing Security podcast.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Lovely. Right, now we're going.
Okay. It's very late in the evening.
Really? 9 o'clock.
I haven't had dinner yet. I'm going to be grumpy. I'm just warning you now, I'm going to be grumpy.
Do you want to get a little nosebag now to keep you going for the podcast?
Unbelievable. The number of times you call me when you're eating a frickin' sandwich. Honestly, Clue. Carole, we have a new sponsor.
Yes, we jolly well do. It's exciting, isn't it?
It is. NetSparker. Do you know what they do?
Yeah, I do.
Okay, well, this is fun. Can you pretend that you don't know what they do so I can tell you?
All right. What do they do? What do NetSparker do, Carole?
A bit more excitement.
What do NetSparker do, Carole?
They provide a web application security scanner.
Oh, right. Okay.
If you out there, our listeners, want to check your web applications for cross-site scripting, SQL injection, other vulnerabilities or coding errors, you need NetSparker.
Download a demo from netsparker.com/smashing. On with the show.
Download a demo from netsparker.com/smashing. On with the show.
Smashing Security, Episode 47: Kaspersky, AI, and a Well-Handled Data Breach with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 47, for the 12th of October 2017.
My name is Graham Cluley, and I'm joined as always by my good chum and co-host Carole Theriault. Hello, Carole! Hello! How are you doing?
Hello, hello, and welcome to another episode of Smashing Security, episode 47, for the 12th of October 2017.
My name is Graham Cluley, and I'm joined as always by my good chum and co-host Carole Theriault. Hello, Carole! Hello! How are you doing?
I'm good. I made it back from Madrid, so that's great.
Good. We'll ask you about that in just a minute, what you've been up to over there.
All right, and we'll find out because—well, no, because let's introduce the other chap, the guest on the podcast today.
Returning to the show is broadcaster extraordinaire David McClelland. Hello, David. How are you?
All right, and we'll find out because—well, no, because let's introduce the other chap, the guest on the podcast today.
Returning to the show is broadcaster extraordinaire David McClelland. Hello, David. How are you?
Hello. I'm very well, thank you very much.
You know, there's an old saying in information security that you play the Smashing Security podcast twice in your career, once on the way up and once on the way down.
It's good to be back, everyone. Good to be back.
You know, there's an old saying in information security that you play the Smashing Security podcast twice in your career, once on the way up and once on the way down.
It's good to be back, everyone. Good to be back.
I like it.
So what's everyone been up to this week? I've had a very exciting week and I can't wait to tell you. And that's why I'm asking you what you've been up to.
Okay. Well, I was in Madrid at the Virus Bulletin Conference. It was actually great. There was a lot of the old guard and a ton of new faces I've never seen before.
All right.
So they're talking about malware and stuff.
I can tell you're going, "Yeah, yeah, yeah, yeah, yeah. Next." David, go.
I will be very quick. I've been getting older this week. It was my birthday last Friday.
Oh, I know, I know, I know.
And I—
Everyone, everyone, David's birthday is now on Friday. We just worked it out.
Well, do you know what? I had so many birthday well wishes, not only from the normal Facebook and Twitter and so on, but from LinkedIn as well.
And you know, LinkedIn's a very different sort of social network.
And you know, LinkedIn's a very different sort of social network.
Is it?
Well, maybe it's changing with the whole Microsoft acquisition thing.
But anyway, I got a lot of personal happy birthday things through LinkedIn, and somebody, David Wright— hello, David Wright, if you're listening— he did say, "Oh, brilliant.
Now there's another way to crack some of your accounts." High five, David.
To which my retort was, well, frankly, most of the companies are giving away our data anyway, leaving their back doors open, so there's no blooming point in keeping it secure.
But anyway, I got a lot of personal happy birthday things through LinkedIn, and somebody, David Wright— hello, David Wright, if you're listening— he did say, "Oh, brilliant.
Now there's another way to crack some of your accounts." High five, David.
To which my retort was, well, frankly, most of the companies are giving away our data anyway, leaving their back doors open, so there's no blooming point in keeping it secure.
And let's be honest, we're discussing this on LinkedIn. They got our passwords a few years ago, so they've probably been inside the accounts 3 or 4 times already as well.
Oh, oh, Carole, I think— yes.
Oh, oh, Carole, I think— yes.
Graham, what did you do this week?
Oh yes, you were about to ask me. Well, I was speaking at IP Expo, which was lots of fun, at the Excel Center.
What was really exciting for me was one of the other speakers was none other than Garry Kasparov.
What was really exciting for me was one of the other speakers was none other than Garry Kasparov.
No way.
Who is, of course—
Who is that?
Oh, come on, Carole. Just kidding. Garry Kasparov is the greatest chess player of all time, brackets, other than maybe Bobby Fischer.
World champion for many years, and he's currently an ambassador for a vast antivirus company. So he was out there giving a talk about artificial intelligence or something like that.
World champion for many years, and he's currently an ambassador for a vast antivirus company. So he was out there giving a talk about artificial intelligence or something like that.
Hey, that's my topic this week. Don't be all—
Well, we could have maybe got him on because that was my intention, you see, because rather than David— not rather than David, obviously. No, no, no. I mean, in a future episode.
So I saw that I was speaking— obviously, I knew I was speaking at this conference, right? But I also saw that Garry was speaking at it.
And so I cheekily tweeted him, right, saying, I see Garry Kasparov is also speaking at IP Expo. Who thinks I'll have the bottle to ask him to come on the show?
So I saw that I was speaking— obviously, I knew I was speaking at this conference, right? But I also saw that Garry was speaking at it.
And so I cheekily tweeted him, right, saying, I see Garry Kasparov is also speaking at IP Expo. Who thinks I'll have the bottle to ask him to come on the show?
You basically fluttered your eyelashes at him over Twitter. Oh, yeah.
And do you know what? When I said, will I have the bottle, he replied saying, bottle of vodka.
Oh.
And I thought, get in there, Graham, right? Right. Now, I don't drink.
And you know so much about alcohol. Did you get him a Tesco bargain-based basement, $9.99.
Well, it was about 7:30 or 8 o'clock at night. So I raced down to Waitrose, because I thought we have to go quality here.
Oh, classy.
And of course—
For our American listeners, that's like our Whole Foods.
So I got a bottle, I just chose one, and I turned up and I'm standing next to Garry Kasparov, right? The next day. And this is brilliant, right?
And I've got this in my little satchel. And so I say to him, Garry, Garry, remember the tweet from last night? I've got you some vodka.
And he looks at me and says, oh, I don't drink actually.
And I've got this in my little satchel. And so I say to him, Garry, Garry, remember the tweet from last night? I've got you some vodka.
And he looks at me and says, oh, I don't drink actually.
No. I'm thinking. That's a bit jerky. It is. I'm sorry. I know he's the best chess player in the world, but come on. He could have just been polite and said, oh, thank you very much.
That's kind.
Yeah, and then throw it down the sink or something, couldn't he?
Yeah.
Or give it to someone. Exactly.
But I did get to play chess with him. Me and a few other people.
Did you win?
Did I win?
Look, how long did it take him to beat you?
20 minutes.
Oh, that's quite good.
He was playing 6 other people at the same time, so he was flitting from board to board. But it was really cool. I can't believe I've been talking about this now for 5 minutes.
Me neither, because I have to edit it.
So anyway, can I say one of the best things that's ever happened to me? He was a really nice guy.
He wasn't that nice.
Sorry, Gary, but yeah, talking of Russians, this is my segue, who might be nice or not nice. Have you seen the sticky situation that Kaspersky has got itself into?
Yeah, I was wondering if you were going to cover this.
Right. Because this is one of the most interesting stories that's come out of the computer security industry for a while.
I'm sure many of our listeners, most of our listeners are in America. And I guess you guys out there are going into your local sort of Office Depot. Do they say Depot? Depot?
I'm sure many of our listeners, most of our listeners are in America. And I guess you guys out there are going into your local sort of Office Depot. Do they say Depot? Depot?
Yeah.
Or Best Buy stores. Best Boy? I don't know. And you'll see this very strange sign they've posted up inside Office Depot saying, software news about Kaspersky Total Security.
Due to the recent news over Kaspersky Total Security software, we are providing free in-store software removal.
Due to the recent news over Kaspersky Total Security software, we are providing free in-store software removal.
You need to back this all up.
So what's happening is they are saying we will take Kaspersky off your computers, we'll give you a free copy of McAfee.
We have a 1-year license, and we'll do a virus scan of your PC to make sure there's nothing nasty on it. Ow! Ouch! Right?
We have a 1-year license, and we'll do a virus scan of your PC to make sure there's nothing nasty on it. Ow! Ouch! Right?
But what's the big problem with Kaspersky?
Well, there's lots of claims being made that Kaspersky is too close to the Kremlin, even so far as that maybe Eugene Kaspersky, who's the founder of the company, is fond of meeting up with intelligence agents at the sauna and sharing communications and all this sort of thing going on.
And this has been going around for I don't know, maybe a year or two now, these accusations. And there's been a lot of heat in America in particular.
And the most recent claim has come from the Wall Street Journal, which has claimed that usage of Kaspersky software actually helped state-sponsored hackers steal NSA files from an NSA contractor's PC.
What? Right. So they're saying that there was a contractor. Took files home with him. Oh, a bit naughty.
And this has been going around for I don't know, maybe a year or two now, these accusations. And there's been a lot of heat in America in particular.
And the most recent claim has come from the Wall Street Journal, which has claimed that usage of Kaspersky software actually helped state-sponsored hackers steal NSA files from an NSA contractor's PC.
What? Right. So they're saying that there was a contractor. Took files home with him. Oh, a bit naughty.
Yeah, yeah, yeah.
Put it on his home PC. Tut tut. Stuff which he took home with him was details about how the NSA penetrates foreign computer networks, the code it uses for spying.
What the heck was he thinking?
Stuff that would have looked like a virus. And on his home computer, a piece of, I guess, Kaspersky anti-malware software would have picked it up and then done something with it.
That's exactly what happened. So he's taken these tools and this malware, frankly, which the NSA has written.
And surprise, surprise, Kaspersky— and it could have been any other antivirus, presumably— has detected it, has sent it up into the cloud for detailed analysis.
And the claim which has come out from America is that this then fell into Russian Kremlin hands.
And surprise, surprise, Kaspersky— and it could have been any other antivirus, presumably— has detected it, has sent it up into the cloud for detailed analysis.
And the claim which has come out from America is that this then fell into Russian Kremlin hands.
And they're blaming Kaspersky.
And Kaspersky is being blamed. And Kaspersky is having a really tough time of it right now because America is basically saying You shouldn't use this in the Department of Defense.
You shouldn't use this in government organizations. You shouldn't be using this now on your home computers as well.
You shouldn't use this in government organizations. You shouldn't be using this now on your home computers as well.
I read about this a little bit. I didn't see anything in my looking around, anything that kind of seemed like a direct tie with Kaspersky. Did you?
Yeah. So the story, which has been published by the Wall Street Journal, is based upon anonymous reports.
There's no evidence presented as such, but there is this steady drumbeat coming out of America that Kaspersky is trouble.
And of course, it's very hard to defend yourself if there's no definitive reports.
So if you look at this from the other way around, which I think is always worth doing, look at it from the American intelligence services' point of view.
From their point of view, there's a lot less risk banning one Russian antivirus company if there's the smallest chance that their software has been compromised.
Or they're working in league with Russian intelligence.
Their view is, why are you running that piece of software on all these mission-critical computers with the potential to take files and upload them to their cloud for analysis?
But mind you, are they feeling the same about Chinese hardware and Chinese tech, right? Even Chinese antivirus companies?
There's no evidence presented as such, but there is this steady drumbeat coming out of America that Kaspersky is trouble.
And of course, it's very hard to defend yourself if there's no definitive reports.
So if you look at this from the other way around, which I think is always worth doing, look at it from the American intelligence services' point of view.
From their point of view, there's a lot less risk banning one Russian antivirus company if there's the smallest chance that their software has been compromised.
Or they're working in league with Russian intelligence.
Their view is, why are you running that piece of software on all these mission-critical computers with the potential to take files and upload them to their cloud for analysis?
But mind you, are they feeling the same about Chinese hardware and Chinese tech, right? Even Chinese antivirus companies?
Yeah, I see that Eugene Kaspersky is due to— providing his visa, I think, gets approved— he's due to be heading over to the United States later this month to speak to Congress about this.
This story, like you say, it's already escalating.
But when we see Eugene Kaspersky, and he's a larger than life character, when we see him in Congress directly batting away or trying to bat away these questions, I think that's going to be as close as this kind of cybersecurity comes to mainstream media.
And I personally can't wait to watch it. I'll be getting the popcorn out.
This story, like you say, it's already escalating.
But when we see Eugene Kaspersky, and he's a larger than life character, when we see him in Congress directly batting away or trying to bat away these questions, I think that's going to be as close as this kind of cybersecurity comes to mainstream media.
And I personally can't wait to watch it. I'll be getting the popcorn out.
I think it's hard for me, probably for you too, Graham. We've been close to this a long time because we worked for a competitor. We met them at different trade shows.
We know Eugene, you know, and we know the people that work there. There's a lot of smart people. And, you know, to kind of suddenly see this feels really odd.
You know, sure, it could be true, but it could also be not true. And it's really hard to—
We know Eugene, you know, and we know the people that work there. There's a lot of smart people. And, you know, to kind of suddenly see this feels really odd.
You know, sure, it could be true, but it could also be not true. And it's really hard to—
They've offered to say, look, we'll open up our source code. You can examine the source code, which I have to say isn't a perfect answer.
It's a good media answer because it sounds like they're being entirely open.
But the way antivirus software actually works, it's very easy to include a new definition with new instructions.
So even if you've seen the source code, it's still possible to send new commands to the software to act in different ways and maybe to identify a file of a particular type and upload it.
So I can see both points of view here, but I have to say, I feel very sorry for Kaspersky because they're really being screwed over now in the American marketplace.
And what I actually find quite distasteful is how some of the other security companies are responding to this.
It's a good media answer because it sounds like they're being entirely open.
But the way antivirus software actually works, it's very easy to include a new definition with new instructions.
So even if you've seen the source code, it's still possible to send new commands to the software to act in different ways and maybe to identify a file of a particular type and upload it.
So I can see both points of view here, but I have to say, I feel very sorry for Kaspersky because they're really being screwed over now in the American marketplace.
And what I actually find quite distasteful is how some of the other security companies are responding to this.
Taking advantage.
Oh, unbelievably so. Now, I've just said that Office Depot are offering a free copy of McAfee to everybody.
McAfee has been running little landing pages on its website which say FBI advises removal of Kaspersky for suspected ties to Russian spies, and trust us because we are, we're the true American antivirus company.
And it's not good for the industry, this kind of thing.
I would love to see more solidarity, because it would be, of course, commercial suicide for Kaspersky, which is a very successful Russian company.
If they were ever involved in something like this, it would be utterly disastrous for them. But it feels to me like the disaster is beginning to happen to them.
McAfee has been running little landing pages on its website which say FBI advises removal of Kaspersky for suspected ties to Russian spies, and trust us because we are, we're the true American antivirus company.
And it's not good for the industry, this kind of thing.
I would love to see more solidarity, because it would be, of course, commercial suicide for Kaspersky, which is a very successful Russian company.
If they were ever involved in something like this, it would be utterly disastrous for them. But it feels to me like the disaster is beginning to happen to them.
You know what, this is going to be a scary episode, man, because my topic's about as cheery as yours.
Well, all I would say is all security companies do work with governments.
But it feels like now we're all beginning to turn on each other, and the security companies are beginning to sort of take potshots at each other to try and carve up this market.
And that's not a good thing. Kaspersky himself says he's caught up in the middle of a geopolitical fight between Russia and the United States.
But it feels like now we're all beginning to turn on each other, and the security companies are beginning to sort of take potshots at each other to try and carve up this market.
And that's not a good thing. Kaspersky himself says he's caught up in the middle of a geopolitical fight between Russia and the United States.
I hate to say it, but that sounds like it has more of a big ring of truth to me than anything else. Yeah.
Yeah. And meanwhile, what's the NSA doing allowing yet another contractor to take sensitive information out of the building? I mean, what's going on there? You know, come on, guys.
Anyway, I'm sure there'll be more to come on this. And like you, David, I'm interested to see if Eugene does get his moment in the spotlight and gets to testify in America.
Anyway, I'm sure there'll be more to come on this. And like you, David, I'm interested to see if Eugene does get his moment in the spotlight and gets to testify in America.
To be continued.
I think we should go to the next topic. Don't you, Graham?
Yes. Yes. David, what have you got for us?
So did a big company really just do data breach protection properly?
This is the news that Disqus, the popular online commenting platform as used by lots of news websites and blogs and communities and so on.
You know, we've got OK Magazine, Bloomberg, CNN have all used it in the past. Anyway, it has suffered a data breach. I know, another day, another data breach. Yeah, yeah, yeah.
This one happened in 2012, which by my reckoning— I don't know what you think— but 2012 was a bit of a purple patch for hackers.
There seemed to be a lot of data breaches reported now that happened back in 2012.
This is the news that Disqus, the popular online commenting platform as used by lots of news websites and blogs and communities and so on.
You know, we've got OK Magazine, Bloomberg, CNN have all used it in the past. Anyway, it has suffered a data breach. I know, another day, another data breach. Yeah, yeah, yeah.
This one happened in 2012, which by my reckoning— I don't know what you think— but 2012 was a bit of a purple patch for hackers.
There seemed to be a lot of data breaches reported now that happened back in 2012.
Maybe you have to report it after a certain amount of time.
Well, I think a lot of them are just coming to light now, and that seems to be the case with this Disqus one.
And it looks as though it's a snapshot of the user database, whether it was a backup snapshot, I don't know.
But look, the thing is, I mean, in one sense, I don't know if this is actually news anymore because, you know, this is happening every single day, and it probably is news for the 17.5 million Disqus users.
Yeah, I mean, 17.5 million, about a third of those, 6.5 million or so, had their weekly passwords made it out as well. But that's absolutely small fry in comparison to Yahoo.
Let's face it, which last week revealed that each and every one of its 3 billion user accounts was left completely wide open, which I work out as assuming everyone's got one account, that's about 40% of the world's population or pretty much everybody on the internet.
And it looks as though it's a snapshot of the user database, whether it was a backup snapshot, I don't know.
But look, the thing is, I mean, in one sense, I don't know if this is actually news anymore because, you know, this is happening every single day, and it probably is news for the 17.5 million Disqus users.
Yeah, I mean, 17.5 million, about a third of those, 6.5 million or so, had their weekly passwords made it out as well. But that's absolutely small fry in comparison to Yahoo.
Let's face it, which last week revealed that each and every one of its 3 billion user accounts was left completely wide open, which I work out as assuming everyone's got one account, that's about 40% of the world's population or pretty much everybody on the internet.
Yeah, but you know what, I don't think we have to say, you know, Disqus thing at 17.5 million.
That's still huge just because we have this ginormous mountain now that's called Yahoo.
That's still huge just because we have this ginormous mountain now that's called Yahoo.
One reason why this is really still interesting is that it's notable because it was handled, I think, and other people as well seem to think, properly.
So week after week, particularly here on Smashing Security, you've covered how firms should not handle a data disaster. I mean, obviously we've had Deloitte recently.
AA, the AA earlier this summer. Goodness me, what a mess. What a mess that was.
But with Disqus, within 45 minutes of receiving notification of the breach, which was late on a Thursday afternoon, within 45 minutes they said they were analyzing the data to confirm its veracity because not all breach notifications are genuine as we know.
And then by the following day, they've started to contact users, reset affected passwords, and still within 24 hours of the initial notification they'd gone public to disclose the instance.
Now, anyone would think that Disqus had done their homework. They had a runbook and a well-rehearsed disaster plan. I know that's crazy thinking.
So my question to you is, have we just witnessed a model of mishap management in action? Have they done it properly? Disqus.
So week after week, particularly here on Smashing Security, you've covered how firms should not handle a data disaster. I mean, obviously we've had Deloitte recently.
AA, the AA earlier this summer. Goodness me, what a mess. What a mess that was.
But with Disqus, within 45 minutes of receiving notification of the breach, which was late on a Thursday afternoon, within 45 minutes they said they were analyzing the data to confirm its veracity because not all breach notifications are genuine as we know.
And then by the following day, they've started to contact users, reset affected passwords, and still within 24 hours of the initial notification they'd gone public to disclose the instance.
Now, anyone would think that Disqus had done their homework. They had a runbook and a well-rehearsed disaster plan. I know that's crazy thinking.
So my question to you is, have we just witnessed a model of mishap management in action? Have they done it properly? Disqus.
I think they've done a superb job. I've been really impressed by them, and I haven't seen anything that they've done wrong yet.
They were incredibly quick and they've also been extremely transparent. They've explained what information has been taken, how much information.
They've described the hashing algorithm, which isn't ideal, but it appears that shortly after this incident, I think in the same year, they upgraded their security and improved their encryption to make it even stronger in future.
And the other thing which impressed me is that if you go to Disqus's website, there you will see it right on the top of the page, says there's been a security incident, find out more here.
They were incredibly quick and they've also been extremely transparent. They've explained what information has been taken, how much information.
They've described the hashing algorithm, which isn't ideal, but it appears that shortly after this incident, I think in the same year, they upgraded their security and improved their encryption to make it even stronger in future.
And the other thing which impressed me is that if you go to Disqus's website, there you will see it right on the top of the page, says there's been a security incident, find out more here.
Oh, that's yeah.
So many companies try and shove it under the carpet. And I was a bit disappointed actually.
I saw a report in The Register where they — I don't know if you saw this as well, David and Carole, but there was a report where they were sort of saying, oh, here we go again.
Late on Friday, a company reporting a breach. And I thought, you know what?
I saw a report in The Register where they — I don't know if you saw this as well, David and Carole, but there was a report where they were sort of saying, oh, here we go again.
Late on Friday, a company reporting a breach. And I thought, you know what?
Wrong attitude.
They only found out about this 24 hours before. I would rather they went public with it then than waited until the following week.
Maybe he was upset because he had to stay late to cover it.
I don't know, maybe. But I think they seem to have done a great job so far.
David, what's interesting is I've been hounding the web looking for stories, and it didn't pop up in the top stories for me. So that's interesting in itself.
It probably didn't attract as much attention as other hacks where they've tried to hide it and it dribbles out over days and days and days. Did they apologize publicly?
It probably didn't attract as much attention as other hacks where they've tried to hide it and it dribbles out over days and days and days. Did they apologize publicly?
In that blog post that went out within 24 hours or so, they said, look, we're sorry, but we're doing everything we can to be transparent. Brilliant. And, you know, watch this space.
Good for them.
Yeah, and they actually said the word apologize. It's wow, you know, the lawyers didn't get in there and say, oh, you can't actually accept any responsibility. No, they did it.
Isn't that great? That's how you build trust. That's how you build a good community and get people trusting you more in future. I mean, obviously no one would want a breach to happen.
Isn't that great? That's how you build trust. That's how you build a good community and get people trusting you more in future. I mean, obviously no one would want a breach to happen.
But it does smell to me of a company that had a plan.
And when they were notified that this chunk of data that looks suspicious has become available to them, they literally flicked the switch on that plan.
And it meant that they weren't running around like headless chickens wondering what to do and phoning up PRs and disaster agencies at whatever time.
They knew exactly what they needed to do and they executed on it. More data breaches like that, please. Data breaches are gonna happen, we know that.
So more of them like this, please.
And when they were notified that this chunk of data that looks suspicious has become available to them, they literally flicked the switch on that plan.
And it meant that they weren't running around like headless chickens wondering what to do and phoning up PRs and disaster agencies at whatever time.
They knew exactly what they needed to do and they executed on it. More data breaches like that, please. Data breaches are gonna happen, we know that.
So more of them like this, please.
Yeah, and I think a big concern people have during these scenarios is, well, how can you predict or how can you plan for the unpredictable?
We don't know what kind of breach we may have. But at the same time, what they've done is pretty basic, right?
They've apologised, they're informing the public, they're telling them what to do right away, and they're doing it publicly and loudly on the front page.
And I think everyone can follow that.
We don't know what kind of breach we may have. But at the same time, what they've done is pretty basic, right?
They've apologised, they're informing the public, they're telling them what to do right away, and they're doing it publicly and loudly on the front page.
And I think everyone can follow that.
Even if you don't know exactly what's going to happen, you can put together the basic scenarios, right?
I don't watch Game of Thrones, but I can tell you basically what's going to happen in the next episode.
I don't watch Game of Thrones, but I can tell you basically what's going to happen in the next episode.
No, you couldn't. That is a lie.
No, that girl will take her kit off. There'll be some dragon action. You know, there'll be some unnecessary bonking.
You know, there'll be certain things, you know, sort of moody talking like this by Sean Bean. That's dated how long ago I last watched it.
But, you know, it's— but more or less you can put together a scenario. So I think every company could consider what are our crown jewels?
What are the information that we need to protect? What would we do if we lost control of it? And then you do another disaster scenario. What happens when our website gets defaced?
You know, there'll be certain things, you know, sort of moody talking like this by Sean Bean. That's dated how long ago I last watched it.
But, you know, it's— but more or less you can put together a scenario. So I think every company could consider what are our crown jewels?
What are the information that we need to protect? What would we do if we lost control of it? And then you do another disaster scenario. What happens when our website gets defaced?
What if someone steals all our info? What if someone hacks our third party? Yeah, exactly. Great.
Anything else to say about this?
I think our discussion is over.
Carole, what have you got for us?
Okay, so I'm going to talk about artificial intelligence or AI, and I'm going to try and approach this a little bit in the style of the wonderful BBC Radio 4 From Our Own Correspondent show.
Have you ever heard it? Have you ever heard it?
Have you ever heard it? Have you ever heard it?
It's so good. Yeah. You're Kate Adie effectively.
Yeah, but you guys can just jump in anytime anyway, so maybe it's not like that. So the question I want you guys to consider is the following: Is humanity okay?
AI is no longer an imaginary Asimov sci-fi prediction, right? It's everywhere right here, right now. We're immersed in the first tier of AI, right?
So they call it artificial narrow intelligence or ANI. And this is where a machine exceeds human intelligence or efficiency for a specific task or a set of tasks, right?
Like so like hoovering or providing search results or buying and selling shares or driving cars or even playing chess, Graham. Even playing chess.
So the next tier called AGI, or artificial general intelligence. And this is where the machine proves itself to be as smart as a human, right?
It can perform any mental task that a human can. Now this is way harder than just being good at hoovering or kicking ass at chess, right?
The AGI machine has to be good at everything like abstract thinking or complex problem solving or understanding Shakespearean sonnets. Right?
The AGI will need to adapt in order to compete with humans, and that means it will need to self-learn, and we'll need to do that all without human intervention.
Okay, so it sounds all huge and big and far away, but just wait. There's one more tier here, probably the most disconcerting for most.
This is called artificial superintelligence, or ASI, and this is defined by AI dude Nick Bostrom as an intellect that is so much smarter than the best human brain. Right?
That in practically every field, so including scientific creativity, general wisdom, or social skills. Does this sound all sci-fi to you guys right now?
AI is no longer an imaginary Asimov sci-fi prediction, right? It's everywhere right here, right now. We're immersed in the first tier of AI, right?
So they call it artificial narrow intelligence or ANI. And this is where a machine exceeds human intelligence or efficiency for a specific task or a set of tasks, right?
Like so like hoovering or providing search results or buying and selling shares or driving cars or even playing chess, Graham. Even playing chess.
So the next tier called AGI, or artificial general intelligence. And this is where the machine proves itself to be as smart as a human, right?
It can perform any mental task that a human can. Now this is way harder than just being good at hoovering or kicking ass at chess, right?
The AGI machine has to be good at everything like abstract thinking or complex problem solving or understanding Shakespearean sonnets. Right?
The AGI will need to adapt in order to compete with humans, and that means it will need to self-learn, and we'll need to do that all without human intervention.
Okay, so it sounds all huge and big and far away, but just wait. There's one more tier here, probably the most disconcerting for most.
This is called artificial superintelligence, or ASI, and this is defined by AI dude Nick Bostrom as an intellect that is so much smarter than the best human brain. Right?
That in practically every field, so including scientific creativity, general wisdom, or social skills. Does this sound all sci-fi to you guys right now?
It sounds a bit sci-fi.
I can't imagine one of these things writing beautiful poetry or making the world's best sausage roll or something like that, which are probably the most important things in my life.
I can't imagine one of these things writing beautiful poetry or making the world's best sausage roll or something like that, which are probably the most important things in my life.
But you see, the whole thing is the secret sauce here, right? Is the computational power.
And today we have loads and loads of computational power, but it takes a lot of space, right? It takes a lot of power and takes a lot of cash.
And it doesn't compare at all right now to the human brain. It doesn't even compare to a mouse's brain.
But whether or not you agree with Moore's Law, computer chips are getting smaller and cheaper and more powerful all the time. It's at a pretty impressive clip as well.
So here's the big question. So unless you bake in security now, let's not even talk about human value systems and all that kind of stuff.
How do we plan to control a machine that is effectively omniscient? It's going to have more power than we do, be smarter than us. And how are we planning to coexist with that?
I mean, think of how we coexist with things like ants. We don't have a problem with them, but if they get in our way, we have no problem getting the Roundup and getting rid of them.
So there's two sides to this. On one side, you've got popular technologists and thinkers like Elon Musk and Nick Bostrom, who I mentioned earlier.
There's Sam Harris, Stephen Hawking, and they're all these guys who've voiced a version of, hey guys, take heed when it comes to ASIs, right?
And particularly when it comes to AI weaponry.
In fact, one of the main drivers behind Elon Musk's wish to colonize Mars is, you know, to have a bolt hole if artificial intelligence goes rogue and turns on humanity.
And today we have loads and loads of computational power, but it takes a lot of space, right? It takes a lot of power and takes a lot of cash.
And it doesn't compare at all right now to the human brain. It doesn't even compare to a mouse's brain.
But whether or not you agree with Moore's Law, computer chips are getting smaller and cheaper and more powerful all the time. It's at a pretty impressive clip as well.
So here's the big question. So unless you bake in security now, let's not even talk about human value systems and all that kind of stuff.
How do we plan to control a machine that is effectively omniscient? It's going to have more power than we do, be smarter than us. And how are we planning to coexist with that?
I mean, think of how we coexist with things like ants. We don't have a problem with them, but if they get in our way, we have no problem getting the Roundup and getting rid of them.
So there's two sides to this. On one side, you've got popular technologists and thinkers like Elon Musk and Nick Bostrom, who I mentioned earlier.
There's Sam Harris, Stephen Hawking, and they're all these guys who've voiced a version of, hey guys, take heed when it comes to ASIs, right?
And particularly when it comes to AI weaponry.
In fact, one of the main drivers behind Elon Musk's wish to colonize Mars is, you know, to have a bolt hole if artificial intelligence goes rogue and turns on humanity.
Where's our bolt hole from Elon Musk? That's what I want to know.
You can just stay here, I guess. He's gonna be gone unless he can clone himself before that. Okay. The distant future. The distant future.
It is the distant future, the year 2000.
But the flip side of this argument is people, you know, there's a lot of equally powerful groups out there that say this all sounds like sci-fi fantasy, right?
Like more 2001: Space Odyssey or Ex Machina or Star Wars than reality. So I don't know where it all sits.
You know, you've got people like Google and Microsoft and the rest of them all working on super AI or super intelligent AI, they're all trying to race to be the first out.
And are they taking the whole problem of how do we coexist?
Like more 2001: Space Odyssey or Ex Machina or Star Wars than reality. So I don't know where it all sits.
You know, you've got people like Google and Microsoft and the rest of them all working on super AI or super intelligent AI, they're all trying to race to be the first out.
And are they taking the whole problem of how do we coexist?
This is all a bit deep for Smashing Security.
Is it? Is it a bit deep? Have I lost you? Finally, robotic beings rule the world.
Yes, let's be honest. But so what they're doing is they're thinking, they're building sort of general purpose artificial intelligence.
Because I thought normally what happens is that things are being programmed for very specific sort of purposes and it's like, oh, you—
Because I thought normally what happens is that things are being programmed for very specific sort of purposes and it's like, oh, you—
Yes, and that's what's happening right now. Absolutely.
Right now we're doing machines that do one or a few tasks really, really well and they can learn and improve at that specific task or set of tasks.
Right now we're doing machines that do one or a few tasks really, really well and they can learn and improve at that specific task or set of tasks.
So they're sort of at the Kindle level. So a Kindle, really good for reading books.
Right.
But then of course people want iPads, which can do just about everything.
That's a sweet analogy. Yes. Yes, exactly. You want something to do more and faster.
Right.
Exactly. On one side, I was thinking, God, don't these guys care about this?
And I've been reading about— and then just last week, Google announced that it established a kind of unit dedicated to answering questions about the effect technology might have on the way we live.
And of course, they're not the first at this. In 2015, Elon Musk started a nonprofit called OpenAI with the public mission to build safe AGI. So I don't know.
I'm just thinking, we need regulations, right? We need regulations here. Otherwise, we're fucked.
And I've been reading about— and then just last week, Google announced that it established a kind of unit dedicated to answering questions about the effect technology might have on the way we live.
And of course, they're not the first at this. In 2015, Elon Musk started a nonprofit called OpenAI with the public mission to build safe AGI. So I don't know.
I'm just thinking, we need regulations, right? We need regulations here. Otherwise, we're fucked.
Well, regulation isn't going to work though, because anyone could set up their own little evil supercomputer to do all these things and think of these things, couldn't they, if they wanted to?
It all sounds— I hate sounding a curmudgeon on this podcast, but I don't know, it does sort of worry me a little bit, I think, that maybe we're allowing computers and technology to do too much and we become sort of redundant.
It all sounds— I hate sounding a curmudgeon on this podcast, but I don't know, it does sort of worry me a little bit, I think, that maybe we're allowing computers and technology to do too much and we become sort of redundant.
Yeah.
Would we at some point listen to podcasts being broadcast by ubercomputers chatting to each other? It's actually that now it's beginning to sound good, to be honest.
We could have that.
We could have that.
I'm fortunate inasmuch, or well, maybe unfortunate, I don't know, but I've interviewed a lot of futurists, a lot of people with incredibly big brains who've mused on what the future may look like, particularly in the world of artificial intelligence.
And then a couple of things you said, Carole, just made me think of an interview I did last year with a guy called Kevin Kelly, who was the co-founder of Wired magazine.
And he wrote a book called The Inevitable, which he published last year. Well worth a read or a listen to. It's available as an audiobook as well.
And he talks a lot about AI, but you mentioned Google there. He talks about a conversation he had with Larry Page back in 2002. So really, really early days of Google.
And he was saying, you know, so, you know, what's this? You know, he was quite skeptical about Google's business model.
He says, you know, so what's this free web search model all about? Tell us about that. And Larry, even back in 2002, said, oh, well, actually, we're making an AI.
Yeah, he knew exactly what he was doing back then. And Kevin Kelly makes a prediction that by 2026, Google's main product won't be search, but it will be AI.
And when you think about it, you know, we are contributing enormously to the brains of these computers when we search for something whichever search engine it is, you know, if we're searching for pencils, if we're searching for chess grandmasters, or whatever it is, it comes back with a number of answers, and then we're the ones that refine that and select the right one.
And we're doing that millions and millions of times every second.
So if these computers, if these artificial intelligences, whether they're general, whether they're narrow, whatever they are, we are the ones that are feeding them with brainpower in order to, you know, maybe one day not only rub shoulders with us, but barge us out of the way.
And then a couple of things you said, Carole, just made me think of an interview I did last year with a guy called Kevin Kelly, who was the co-founder of Wired magazine.
And he wrote a book called The Inevitable, which he published last year. Well worth a read or a listen to. It's available as an audiobook as well.
And he talks a lot about AI, but you mentioned Google there. He talks about a conversation he had with Larry Page back in 2002. So really, really early days of Google.
And he was saying, you know, so, you know, what's this? You know, he was quite skeptical about Google's business model.
He says, you know, so what's this free web search model all about? Tell us about that. And Larry, even back in 2002, said, oh, well, actually, we're making an AI.
Yeah, he knew exactly what he was doing back then. And Kevin Kelly makes a prediction that by 2026, Google's main product won't be search, but it will be AI.
And when you think about it, you know, we are contributing enormously to the brains of these computers when we search for something whichever search engine it is, you know, if we're searching for pencils, if we're searching for chess grandmasters, or whatever it is, it comes back with a number of answers, and then we're the ones that refine that and select the right one.
And we're doing that millions and millions of times every second.
So if these computers, if these artificial intelligences, whether they're general, whether they're narrow, whatever they are, we are the ones that are feeding them with brainpower in order to, you know, maybe one day not only rub shoulders with us, but barge us out of the way.
I think, you know, it's not when, but if. When AI reaches the ability to self-teach and learn at speeds way beyond our human comprehension, you know, what's going to happen to us?
And the way I see it, at best, we're going to be reduced to cuddly, curious pets, the way we treat our own little animals, or at worst, we're going to be seen as pests that need controlling, right?
Or removal.
And the way I see it, at best, we're going to be reduced to cuddly, curious pets, the way we treat our own little animals, or at worst, we're going to be seen as pests that need controlling, right?
Or removal.
The thing that many of these big brains tend to say is that machine intelligence is different to human intelligence. Machines they can't see that they will ever—
They have no values.
Well, yeah, that as well. But they won't be able to be as creative as us humans are.
Now, whether that's a defense mechanism and that's the only way that they can rationalize it in their heads, I don't know.
But it is a bit scary when you let yourself think that far in the future. And I really don't know what's around the corner in that respect.
Now, whether that's a defense mechanism and that's the only way that they can rationalize it in their heads, I don't know.
But it is a bit scary when you let yourself think that far in the future. And I really don't know what's around the corner in that respect.
Crikey. What?
Has anyone seen the new Blade Runner yet? I mean, let's speak about fun things about the future. Oh, I've got tickets to go and see it at the BFI IMAX in London.
How is that not your pick of the week?
Because I haven't seen it yet.
Okay, that's good. Fair, fair. I'm glad.
But I'm very much looking forward to that, even though it is 2 and 3/4 hours long, which is—
Oh, who cares? It could be the best. Just buy an extra big thing of popcorn, you know, a Mega Gulp.
I'd be asleep in 20 minutes. I know if there's CGI in it, I'm a goner.
I don't think you've ever stayed up through a whole movie. I don't believe you've ever managed it ever. It doesn't matter what the topic is.
One thing that I always find absolutely riveting, however, Carole, is to hear about our latest sponsor.
Bling!
This episode of Smashing Security is supported in part by NetSparker.
NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
Try it now by downloading a demo from www.netsparker.com/smashing. On with the show.
NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
Try it now by downloading a demo from www.netsparker.com/smashing. On with the show.
And welcome back to the show. It's time for Pick of the Week.
Pick of the Week.
Pick of the Week.
So Pick of the Week is the part of the show where we choose something that we like, something that's tickled our fancy over the last week.
It could be a funny story, a book, a video that we've seen, a TV show, a movie, a record, an app, a website, a podcast, whatever. It doesn't have to be security related.
It could be a funny story, a book, a video that we've seen, a TV show, a movie, a record, an app, a website, a podcast, whatever. It doesn't have to be security related.
Should not be.
Can be though.
You keep goading me.
It can be. Can be. So my Pick of the Week, I went through a few different choices.
Were they boring? Do you not have one?
No, they were all fantastic.
You can skip. We've heard you a lot this show.
There was the bad lip reading, the Yoda bad lip reading Empire Strikes Back video where he sings a song about seagulls. And I have been watching that quite a lot today.
I've been quite enjoying that.
I've been quite enjoying that.
What, over and over again?
Well, actually, what someone did was they took the song and they looped it and they uploaded a video of it for an hour.
So you can have it playing constantly in the background while you're working. So that's what I was listening to.
So you can have it playing constantly in the background while you're working. So that's what I was listening to.
Okay, you were. Okay, I see how you covered yourself because I did call you the day and you're "sorry, I can't talk, too busy." And now I find out it was you're watching.
I wasn't watching it. I was just playing it in the background because I was enjoying the music.
Yeah, it's good.
My pick of the week this week is, and he'll be very excited to hear this, I hope, Mr. David Stranach, InfoSec student at Royal Holloway, University of London. Yippee!
Basically, as you remember last week, we went on the scrounge and we told everyone, go and spread the word about Smashing Security.
Basically, as you remember last week, we went on the scrounge and we told everyone, go and spread the word about Smashing Security.
Yes, we did.
Well, David's done exactly that.
Oh, he has been spreading the love for Smashing Security at Royal Holloway, telling all of his fellow postgrad information security students that we are a must-listen.
So far, 6 colleagues have come back and told him they're loving the show.
Oh, he has been spreading the love for Smashing Security at Royal Holloway, telling all of his fellow postgrad information security students that we are a must-listen.
So far, 6 colleagues have come back and told him they're loving the show.
That's brilliant.
I don't know how many came back and told him they weren't loving the show.
We don't need to know that. We don't need to know that. Won't be good for our ego.
No, it's probably 30 people on the course, but 6 of them came back.
And then he tries to scrounge some swag off us because of course you can go to smashingsecurity.com/store and buy t-shirts and things.
Now, I don't really want to give any swag to David because I think we can do better than that.
So if anyone else wants to say that they've done a lot better at spreading the word, maybe—
And then he tries to scrounge some swag off us because of course you can go to smashingsecurity.com/store and buy t-shirts and things.
Now, I don't really want to give any swag to David because I think we can do better than that.
So if anyone else wants to say that they've done a lot better at spreading the word, maybe—
You are freaking outrageous. Are you seriously doing this? And you're going to use them to leverage more love?
Well, look, he's done 6. There's always an opportunity for him to increase the number, right? Basically, this is how L. Ron Hubbard started.
All right, if we're going to monetize this—
All right, if we're going to monetize this—
Stand down, Mr. Cluley. Stand down, Mr. Greedy Guts. Jeez. Well done, David. Thank you.
What I will say is that on that David Stronach post on your Facebook page, a guy called Steve Galloway, trying to one-up David Stronach, said, "I threw my phone at someone while the podcast was playing.
Does that help?"
Does that help?"
Okay, that's made my night. I really need to go on Facebook more if it's that funny.
And purely in terms of engagement, that comment by Steve got 5 thumbs up versus David Stronach's 4 thumbs up.
Okay, so physical violence with the podcast appears to be more popular. So there's an encouragement for you. See what you can do next. Now, other David, what's your pick of the week?
My pick of the week, well, if you can choose a person, then so can I. I'm going with a guy, and in particular a video from a guy called Nigel Stanford.
Now, he's a New Zealand-based musician, composer, entrepreneur, and scientist, I guess.
Now, if you haven't heard of his name, you may have heard of some of his music, particularly if you saw that Timescapes film on the internet a few years ago with those jaw-dropping, incredible slow motions and time lapses.
He was the one who made the music, and I think that was first ever film that was sold in 4K.
And you may have come across Nigel with his last album, which had a lead track called Cymatics. Just 14 million views on YouTube with that.
And as with all of his work, it's about science versus music. And in that one, it's about vibration, sound waves, a Tesla oscillator machine thrown in.
I mean, seriously, everybody who's doing physics at school or university should watch this.
Now, he's a New Zealand-based musician, composer, entrepreneur, and scientist, I guess.
Now, if you haven't heard of his name, you may have heard of some of his music, particularly if you saw that Timescapes film on the internet a few years ago with those jaw-dropping, incredible slow motions and time lapses.
He was the one who made the music, and I think that was first ever film that was sold in 4K.
And you may have come across Nigel with his last album, which had a lead track called Cymatics. Just 14 million views on YouTube with that.
And as with all of his work, it's about science versus music. And in that one, it's about vibration, sound waves, a Tesla oscillator machine thrown in.
I mean, seriously, everybody who's doing physics at school or university should watch this.
David, is it wanky? Is it wanky?
No, it's amazing. It's amazing, seriously.
But I'm building up to his latest video, which is called Automatica, and it's the video for the title track of his latest album where he's got a room full of industrial robots playing the instruments.
It is a visual delight. Musically, it's strong, and I urge you for both of those to watch the making-of films as well.
Seriously, I was watching this with my 7-year-old daughter earlier this evening, and she was gobsmacked.
But I'm building up to his latest video, which is called Automatica, and it's the video for the title track of his latest album where he's got a room full of industrial robots playing the instruments.
It is a visual delight. Musically, it's strong, and I urge you for both of those to watch the making-of films as well.
Seriously, I was watching this with my 7-year-old daughter earlier this evening, and she was gobsmacked.
I'm watching it right now. It's very cool.
So he's got these robots, which are similar sort of robots that you'd see on a car construction line, and they're playing the drums or they're doing— it's called scratching with the records, go wicka wicka wicka wicka wicka.
So he's got these robots, which are similar sort of robots that you'd see on a car construction line, and they're playing the drums or they're doing— it's called scratching with the records, go wicka wicka wicka wicka wicka.
Exactly, they're doing the bass guitar and he's teaching them how to do it. You see a little bit of the software in there.
And then what do you know, in the last minute or so, the machines go rogue and they start tearing down the joint.
And then what do you know, in the last minute or so, the machines go rogue and they start tearing down the joint.
It's a warning. Very cool. And Carole, what's your pick of the week?
Well, okay, everyone's gonna think all I do all day and all night is watch TV.
What, another series you're going to tell us to binge on?
Yes, but I am convinced how awesome it is based on the few episodes I've watched. It is called Comrade Detective, and it's available on Amazon Prime.
So Comrade Detective parodies communist propaganda with U.S. action buddy dramas. Think 1980s, think American swagger as they combat the great enemy of the state, capitalism.
Now the whole gimmick of the show is that in concept it pretends to be a lost fictional Romanian propaganda TV show, but in fact it was written in the West.
The scripts were sent to Romania for filming with local actors. And then the whole thing was sent back to the States to be dubbed into English. It is very, very cool.
It is super wonderful. The lines in it are brilliant. There's lines like, of course a police officer will never be contrary, is always right. So it's brilliant.
Rotten Tomatoes gives it 86%. I give it 90% as an homage to Good God, With God. I watched it, I loved it. Check it out.
So Comrade Detective parodies communist propaganda with U.S. action buddy dramas. Think 1980s, think American swagger as they combat the great enemy of the state, capitalism.
Now the whole gimmick of the show is that in concept it pretends to be a lost fictional Romanian propaganda TV show, but in fact it was written in the West.
The scripts were sent to Romania for filming with local actors. And then the whole thing was sent back to the States to be dubbed into English. It is very, very cool.
It is super wonderful. The lines in it are brilliant. There's lines like, of course a police officer will never be contrary, is always right. So it's brilliant.
Rotten Tomatoes gives it 86%. I give it 90% as an homage to Good God, With God. I watched it, I loved it. Check it out.
Wow. And what's the name of this again? Comrade Detective.
Comrade Detective.
Right.
I think it started in late August, early August on Amazon Prime. Wow.
Okay.
Anyway, I think it's awesome.
It sounds absolutely bonkers. All right, well, thank you very much, Carole, for that pick of the week. And thank you as well, David, for joining us on the show today.
If anyone wants to follow you online, David, where's the best place to do that?
If anyone wants to follow you online, David, where's the best place to do that?
Probably on Twitter @DavidMcClelland. It's a bit of a pain to spell, so find it in the show notes.
Thanks, Mum and Dad.
Thank you for that.
I don't think it's the David bit, Carole.
On this point, seriously, I've got a lot to thank my mum and dad for, in particular my collection of middle names. I've got 5 names in total. So yeah, thanks a lot, Mum and Dad.
Well, if you want to follow us on Twitter, we are @SmashingSecurity without a G. Twitter didn't allow us to have the extra character, which is rather annoying.
And also we're on Facebook as Carole was saying, and maybe even Carole will show up there at some point.
Smashingsecurity.com/facebook will take you to our Smashing Security group up there. And we've got swag, as I mentioned, at smashingsecurity.com/store.
And that just about wraps it up. Thank you very much, David, for joining us. Thank you, Carole, as well, of course. And thank you for listening.
If you know somebody who might like the podcast, do go and tell them about it or visit our website and you can point them to all of our past episodes there as well.
And also we're on Facebook as Carole was saying, and maybe even Carole will show up there at some point.
Smashingsecurity.com/facebook will take you to our Smashing Security group up there. And we've got swag, as I mentioned, at smashingsecurity.com/store.
And that just about wraps it up. Thank you very much, David, for joining us. Thank you, Carole, as well, of course. And thank you for listening.
If you know somebody who might like the podcast, do go and tell them about it or visit our website and you can point them to all of our past episodes there as well.
Or you can have a week off. Just put your feet up, enjoy the show, and we're glad you're here.
They won't be beating David Stanek from Royal Holloway if they do that, Carole, will they? Until next time, cheerio, bye-bye.
Toodles. Bye-bye.
Look, last time I was on the show, I think—
You were so filthy.
Well, exactly, but it got a parental advisory thing, didn't it? Which is great. I forced you to do an extra recording. I'm disappointed that there's no smuttiness this time round.
Oh, we were so sweaty last week.
I know, I know.
There was some, there was mention of wanky from Carole.
Oh yeah.
Yeah, there was a bit of potty mouth.
I pulled out the potty mouth sword. I slashed it around. Not anyone else did. You guys were just all very polite.
There were no IoT vibrators or penis biometrics.
Always a shame. Try and bounce it up next week and get some more smut.
Martin.
Of course, if you do read the Daily Mail article you will enjoy this wonderful typo.
This isn’t, of course, the first time that The Daily Mail has proven itself to be bonkers in a computer security-related story.
Now, if you’ll excuse me I’ll go back to reading about barefaced beauty Pippa Middleton going makeup-free as she enjoys a day out with a friend and Angelina Jolie oozing glamour in a black blazer and cocktail dress in Los Angeles.
It feels to me that the kind of content the Daily Mail website does best.
Can't help thinking that it would be a little stupid for Russian intelligence to use a Russian cyber security firm to spy on others. More likely use a foreign cyber security to do the spying. Also from a competition angle I suspect some cyber security companies are taking advantage of this situation.
Internet "baking" is what the media is doing when posting some of this clickbait… heh.
Betteridge's law of headlines
https://en.wikipedia.org/wiki/Betteridge%27s_law_of_headlines