Bravo to Microsoft, because it sounds like they’re doing something to improve the security of Office users.
Way back in 1995, Microsoft accidentally shipped a virus on CD-ROM. At first Microsoft refused to call it a virus, preferring to call it a “Prank macro,” but WM/Concept as it became known was the first widespread virus capable of spreading via Microsoft Word documents.
In fact, Concept became the most widespread computer virus of any kind – largely because users were much more likely to exchange Word documents with their colleagues than floppy disks or .EXE files.
Thousands of other macro viruses came in Concept’s wake, fuelled by the fact that each macro was written in a high level language and came complete with its own easy-to-edit source code – meaning that any ne’er-do-well could easily create their own variant with subtle changes.
One of the ways in which Microsoft eventually attempted to curb the spread of macro malware was to display a yellow warning strip along the top of Word documents that contained macros.
Security Warning. Macros have been disabled. <Enable Content>
Unfortunately, with clever social engineering, unsuspecting users could be tricked into clicking that “Enable Content” button and allowing the malicious macros to run.
In the following example, for instance, the document claims to be encrypted and unsuspecting recipients are told to enable macros to view the message.
In the years that followed Concept, cybercriminals have used poisoned Word documents and malicious macros to deliver malware to companies around the world – and they have often tricked targeted users into enabling macros as the first step of the attack.
But now, more than 25 years after it first distributed the Concept virus on CD-ROM and kickstarted the whole problem, Microsoft has done something which might be more successful at stopping the spread of macro malware.
Microsoft has announced that from April 2022 it is changing the default behavior of Office applications so that they block macros in files from the internet.
What’s more, it won’t give users a simple one-click way to allow the macros to run, foiling much of the social engineering tricks commonly used by cybercriminals.
And there’s no more yellow strip. It’s changed its hue to red.
SECURITY RISK: Microsoft has blocked macros from running because the source of this file is untrusted. <Learn More>
And clicking on “Learn more” will take you to a Microsoft webpage where it explains in detail why the macros have been blocked from running, and makes any user who really still wants to run the macro to jump through some hoops.
No-one is suggesting that this is the end of macro malware, or even the end of attempts by cybercriminals to socially engineer potential victims into allowing macros to run, but it will surely help reduce the chances of success.
What a concept, eh?
For more information, be sure to read this great blog post on the Checkpoint website, and refer to Microsoft’s guidance as to how you can manage macro policies in your company.
And for further discussion on the topic, be sure to listen to episode 262 of the “Smashing Security” podcast:
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Have we lost Thom? I'm here. I think he's loving it. He's loving it. He's bored.
Just checking. You know, unlike you, I don't interrupt people midway through their flow. No, it's just a conversation.
I would hate to interrupt a middle-aged man like Thom mid-flow. That can be very dangerous.
I'd never know when I could start again. Probably four o'clock in the morning. That's when it normally starts.
I'm up then too, you should text me. We can do it together. Yes! Do a live stream. Yeah. Right. Smashing Security, episode 262. Macro progress, eyeball tracking ads, and encryption backdoors. With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 262. My name's Graham Cluley. And I'm Carole Theriault. And this week on the show, Carole, we are joined by a special guest. He's returning to us from the Host Unknown podcast. It's Thom Langford. Hello, Thom.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us. We're both professional. Sorry, it's a force of habit.
Do you know what? We could make a doll of Thom. You know, those pull strings on the back and he'd have his five sentences that he says.
You see, we've already got the Thom AI on the podcast that we have.
Oh, yes, I heard that. So when I'm not there, they just rack out Thom AI and press a few buttons and off he goes. Unbelievable.
How about we thank this week's sponsors, Collide and Baramundi. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got? Death to macros. Thom, what about you?
Won't somebody think of the children?
And I'm looking at improving ad engagement in a quote-unquote novel way. All this and much more coming up on this episode of Smashing Security.
Now, chums, I think it's fair to say that we're all of a certain age, aren't we?
Some of us deny it, but yeah.
Some of us are not as old as the others.
I don't know who's the oldest amongst us, Thom, but...
I do.
You do?
Yep.
If we were to go back in time 27 years to 1995, Thom, what were you doing then?
1995. Gosh, I was a field
That's quite impressive. Carole, what were you up to?
I was in university partying my butt off.
Yeah, not studying, I imagine.
service engineer for a company in Southampton, as I recall, installing AutoCAD.
Yeah, exactly. I was very smart.
Well, I was working for an antivirus company. And in 1995, in mid-1995, something extraordinary happened. The world shook. Continents collided. Volcanoes erupted because Microsoft accidentally shipped on CD-ROM the first word macro virus, a virus called Concept. And this was the first ever virus which could infect Word documents. You may think, well, what's the big deal about that? Well, what the big deal was, was that previously viruses had spread via executable code, boot sectors or program files, which people were less likely to copy and send to each other, whereas a Word document you would share to each other.
Exactly. You didn't worry about that kind of stuff. Right.
But you wouldn't be surprised if someone sent you a Word document and you'd open it and you'd get infected. And this virus called Concept, it was a very simple virus, which had no purpose, really, other than to display a dialog box containing the number one. And inside, there was a little remark which said, that's enough to prove my point. The theory at the time was that there must have been someone who was trying to prove it was possible to write a virus using Microsoft Word and to then infect other Word documents. So that's why it was a concept virus.
So do you know what CD it was that this was shipped on? Was it an MSDN CD or something that?
It was a CD-ROM called Microsoft Compatibility Test that Microsoft shipped to hundreds of corporations.
Because it must have been buried deep in some folder structure somewhere for it to not have been picked up.
Well, the truth was that there were no antivirus programs at the time looking for word macro viruses. And so even if they had scanned it, I think, as I remember, it was in some sort of distributor Word document agreement. And you'd think, well, even if Microsoft did send that out, would it really get widespread? But widespread, it became the number one virus in the world. And it proved that a virus could actually spread around the world, potentially infecting thousands of computers in a matter of, well, really minutes.
What do you mean minutes? How?
Well, because someone can send an email attachment containing a Word document to a lot of people who would then open it. Because if they use the right social engineering and people, remember, weren't worried about Word documents because how can a data file infect your computer?
I don't think we really even had the term social engineering in 1995, actually.
Doesn't mean it didn't exist.
I'm sure we did. Maybe not in common day parlance, but I'm sure we did.
And previously, viruses had taken months and months to spread around into the wild. Whether it be via floppy disk or...
Well, you had to install them yourself, really, didn't you?
Well, exactly. Because previously, if the media had said to me, what do you have to look out for a virus, Graham? And I would have said, don't boot from an infected floppy disk and be careful what programs you run. Whereas now opening a Word document could get you infected.
Oh, interesting. Because they couldn't hijack your computer to send out spam. They couldn't turn you into a botnet. They couldn't open a backdoor to your computer. The language, the macro language, wasn't powerful enough to do that. Makes total sense. Yep. Right. Macro viruses ruled the roost. Yep. But there were still problems with malicious macro code out there and in the late 1990s, Microsoft began to display warnings when a macro was embedded inside a document. And you may have seen this. Yeah, of course. We all remember those. Right.
And what the criminals found out was there was actually a way of getting the macro language to download further malicious code from the Internet, which could do all these money making things. And all they had to do was use social engineering to get people—
What year are we now in this newsworthy story?
This, we're getting into the 2000s now, right?
Oh, we're getting into, okay, good. Yeah, we're 20 years now.
Okay. So, no, this is the point, Carole. This has been a problem for a long time.
I'm listening, I'm listening. So the viruses began to be able to do malicious stuff, but they had to get you to agree to enable macros, and they did this in a variety of ways. So when you'd get the poisoned Word document, albeit with Microsoft having disabled the macros, it would display a screen saying, oh, this document's created in an earlier version of Microsoft Word, or this document is encrypted. You have to click enable macros to decrypt it for your security. Playing security when actually it's, yeah, it's the opposite. Exactly. So what Microsoft did to try and fix the macro virus problem didn't actually work that well and the bad guys found a way around it until this month. Because Microsoft have just announced one quarter of a century after it accidentally shipped the first macro virus. They've said enough is enough and it is changing the default behavior of Office applications. That reminds me of the Red Dwarf skit, where they say, Crichton, let's go to red alert. They say, are you sure, sir? Because that means changing the bulb.
Well changing the bulb is only one thing they've done. The other thing they've done is it doesn't say enable macros. When you click on learn more you're going to get taken from April to a web page on Microsoft's site which describes at some length — if you thought me talking about this was tedious—
I'm not saying anything. Is it going to be voiced over by Bill Gates?
It will explain why you shouldn't allow macros to be enabled. And it will only let you allow them to run if you're really determined.
Okay. Can I ask you a question, Mr. I'm a security expert. Thank you. What do you think of this historical progress, this evolution of Microsoft managing its macro traumas?
This is quite literally Darwinian evolution. It's taken a long time.
It crawled from the primordial swamp. It climbed a tree and it is now falling off a branch. It's taken quite a while. Right? 25 years.
To change the hue.
Not just the hue. And add a learn more link. Yes, yes.
Yeah, to make their clever pivot tables and their clever pull this.
Well, they can be useful.
And to block them by default. But you know who has stopped this evolution from happening earlier? There's been companies and particularly finance departments who insisted on using macros in their spreadsheets.
But the problem says a person who doesn't work in a finance department.
I couldn't do a pivot table to save my life. I don't know how to do it.
Oh come on really? Define what a pivot table is.
It's a way of displaying data in—
I wasn't asking you Thom.
Thom's showing off just one of his many skills. It should be one of those things that everybody should know by the time they're 40. To me it isn't. I've never needed one. How would Graham apply a pivot table to his life to make it better?
His personal finances? No, neither has he because he's not used a pivot table. So I think this is good news, albeit it's taken a while. Now you will be able to configure it so only if the macros have come from somewhere untrusted like outside your organization, if they're not digitally signed, etc. But it's an important behavioral change and I think it's going to be much harder for a lot of the scammers and the people send them out.
I find this depressing.
What? Depressing? Why?
Yeah. I don't know. I haven't used Microsoft products for a long time, so I'm kind of talking out of my wazoo. But I just find it very like 1990s solution. Well, this is what the problem I find is that most IT departments and many third-party suppliers provide solutions to this problem and have done for the last 20 years. You know, making sure that you can't run macros unless you're explicitly allowed to and all that sort of thing. Anyway, it will be interesting to see how this revolutionizes the macro drama.
I just think it's going to be a lot more effort for the cyber criminals to get around this than the old just click on the enable content button. That's good news.
Yeah, absolutely. It's another barrier. Whether or not it's going to be sufficient by itself is another matter.
I'm sure there'll be ways to still subvert it, but it's going to make life harder for the bad guys, and we're all in favor of that.
And kids, don't forget your pivot tables.
I hate pivot tables too.
You don't even know what they are.
I do. I used to have to do them for—
A pivot table sounds like something like a sex swing. Is it a piece of furniture? Yes, exactly what it is, Graham. It is, yeah. Absolutely. That's absolutely right. Thom, what have you got for us this week?
Well, I have something else that is also an attempt to address a symptom rather than the cause of a problem. So you may know that the UK government has been upping the ante and has been really pushing this agenda of banning end-to-end encryption and ensuring that there are backdoors into cryptography controls.
Yeah, so I was going to ask, do they want to do away completely with end-to-end encryption or they just want a backdoor in that they're going to use themselves, that they'll keep very safe and no one will ever get their hands on? Well, I think the principle is that they get a backdoor into what they want. But of course, the problem being that when you break one set of cryptographic controls, you're ostensibly breaking them all. Because that's how maths works.
Yeah, exactly. Break one, break them all. But the thing is, there's been a huge pushback, very much so from our industry, basically saying our whole economy and life depends on strong end-to-end encryption. Everything from banking to general online purchasing to the way you communicate with your friends, etc. Oh, I predicted it completely. I predicted it, yep. Obviously.
The thing is, the UK government, they're really keen on things like WhatsApp, aren't they? Absolutely. But the point of this story is they've upped the ante, so they have got a website and I hesitate to advertise a website but you know we need to know what's out there but it's called No Place to Hide.org.uk which already gives you a sense of what this is all about. Some legitimate charities here. Absolutely. NSPCC, Barnardo's, the Children's Society, etc. All very good. Those are applications which are run by companies which are based overseas yes it's not...
And they're carrying out governmental business on these things. Well yeah, can I just say what bugs me here? So what bugs me on this website is there's only one mention at the very bottom of your landing page that this is a campaign funded by the UK government.
It's oh well it is definitely propaganda because this is aimed at your Daily Mail readers who of course... I'm looking...
At it and our listeners but...
They're always WhatsApping each other and inviting each other to their government parties, bring your booze.
Yeah but like everybody else in the country, or most people in the country, we obviously abhor child abuse, and we don't want child abuse to take place. Of course.
Yeah, £534,000 to do this website, but it's part of a large campaign. Okay, but the website is just one page and there's a one-minute video on it. I would happily have done this for £15,000. It just feels like a waste of money. It's not even – it's a poster. And there's no meat to it. There's no evidence behind it. There's no peer-reviewed studies and real kind of meat.
But this is the wrong way of tackling it, because there are so many other people who will suffer if end-to-end encryption is weakened, if there are backdoors. And who on earth is going to hold the keys for that? And can they be responsible? And what happens when it ends up in the hands of others? I'll tell you what else annoys me about this website, though. Did you say it cost half a million quid?
I know that Alec Muffet, I mean, you've pointed to that one post of his. He's done a series of posts up on his blog where he talks about the different aspects of this and includes links to research and evidence. And I think overall, that's much more convincing. But of course, he doesn't have the power of a PR firm like MC Saatchi promoting his site.
Isn't this a problem for, you know, journalists to kind of go, guys, do you think the government should be doing this? Is this really a thing that we should be funding in order to convince people to approve our bill?
Well, we know you've got chums in the BBC, you two. So, you know, maybe we can get this amplified.
Oh, yeah, because they're really popular with the government, aren't they? The BBC at the moment.
Yeah, well, pretty. Someone's going to cut their... Who is it?
Nadine Dorries. Oh, dear God. Nadine Dorries. Nadine, what's my password? I shout every morning, Dorries. Oh, my goodness. Who would have predicted 10 years ago, apart from Carole, who would have predicted... Carole, what have you got for us this week?
Way back, Graham. Way back in episode 68. I spoke about MoviePass. Now, MoviePass was a company that wanted to kind of de-glue US butts from the couch and put them into movie theaters. And it was basically a movie theater subscription service. So you paid, I don't know, 10 bucks a month.
Oh, yes. Yeah, I remember.
The service used this mobile app where registered users would check into a cinema, choose a film, Showtime, you'd present your voucher, you know, da-da-da-da-da. And the thing was, is it was super cheap, right? Because you could have a movie a day, every day, for less than the price of a single movie ticket that you would pay for. Because 10 bucks a month, movie tickets cost way more than that. So how would this work?
Yeah, how did it work? How do they make money out of that?
Data tracking. And they even came clear, and that's what that show, episode 68, was all about, was that the CEO, the then-CEO, did a talk called Data is the New Oil. How will MoviePass monetize it? And during this keynote, he literally crowed about how much data they were currently hoovering up from their paying customers. And he said, we get an enormous amount of information. We watch how you drive home from the movies. We watch where you go afterwards. But things didn't work out as planned. Because in 2019, September 2019, MoviePass shut down its mobile ticketing service. And its parent company soon filed for Chapter 7 bankruptcy and announced that it was ceasing all business. So this is pre-Rona. Have we lost Thom?
No, I'm here. I think he's loving it. He's loving it. He's bored. Just checking.
You know, unlike you I don't interrupt people midway through their flow.
No, it's just a conversation.
The show normally I would hate to interrupt a middle-aged man like Thom mid-flow that can be very dangerous.
I'd never know when I could start again probably four o'clock in the morning that's when it normally starts.
I'm up then too you should text me we do it together do a live stream.
So fun right. So movie pass defunct bankruptcy you know bye-bye movie pass what a dumb idea.
Not a dumb idea it was a great idea because you're trading something that you have and you know you're trading it for something that you want and it's a transparent business arrangement.
You think most people realised how much data they were hoovering up because it was quite a little bleep in the press at the time that they were grabbing all this data in order to cue where you were going.
Are you suggesting people didn't read the terms and conditions and privacy policy?
Yes, that is always my main point.
Well, also, and if it's free, you are the product, blah, blah, blah. It isn't free. You're paying a tenner a month. A whole tenner a month for 30 films? Of course. I mean, it might as well be free.
Yeah, but it didn't work because they went bankrupt, right? So it was good for you, but it wasn't good for MoviePass. But like a groaning, knuckle-dragging, mud-drenched zombie, MoviePass has been raised from the dead. This past November, the original co-founder, Stacey Spikes, was approved ownership of the company by a New York bankruptcy court judge. And just a few days ago, this new CEO explained how it's going to change the movie business. And our question is, is this a win-win for everyone? Obviously, it's going to be interesting. Thom, I look forward to your opinion on this. So just as a quick aside, though, so the movie business obviously took a serious hit during the pandemic. In 2021, I think ticket sales hit 4.4 billion. And this is double from 2020 when the cinemas were all shut. But it's still way low compared to 2019.
Yeah, but the streaming services made a fortune though, didn't they? The streaming services made a fortune. Exactly. Not the cinema going, right? So Stacey Spikes' solution here was revealed at this launch this past week that MoviePass will now be a subscription system that incorporates virtual credits that can be spent on movie tickets. Adverts at the cinema? Okay.
Between us, us three. It's unclear to me if this is actually a movie theater experience or a home streaming service. So I've read a number of articles on this and I am unclear. I think it's all going to be done on the phone.
It would have to be for the eye tracking, right? Exactly. But I was a little concerned that the ad stuff would happen on the phone. You could do that as an extra, but also go to the theater. I'm just not sure. So I think it's a phone service. Now, if you have a glass eye, could you take it out and put it on a stick? And then go and make a cup of tea.
Couldn't you do that with eyeballs, ping pong balls and a bit of paint? I'm a good artist. I could probably start a new business.
This is Web3. I think it's a little bit more complicated than that, Carole.
Could you not? I mean, I was thinking along similar lines. I was thinking, surely someone is going to come up with an app which simulates eyes watching something.
Or a video. Yeah, you record your face on a loop.
Yeah, you have one phone which is playing a video and you shove your other phone in front of it. And you just make money. Doesn't that work? You could have deep fakes of yourself watching, just sitting there paying attention and blinking occasionally.
You know me so well, Carole. It's like you're peering into my very soul with that statement.
So there we are at Thom's funeral. Carole's been asked to give a speech. Thom was a fascinating chap. He was into Lego and stuff. Now, obviously, we can see why this is interesting to MoviePass. It's an interesting pitch because I can see them now going, hey, ad guys, I can guarantee eyeballs happening and watching your ads. So I'm going to ask for a higher price to place those ads. Chris and all that sort of thing. If people want to go for this, then great. It reminds me of that Black Mirror episode where you're on an exercise bike and you have to cycle and exercise in order to earn points to live and you go up the social scale and things like that.
What? You can't bear an advert watching you watch it? That's right. Because you just basically said, hey, dude, you think this is a good idea? Go do it. Oh, they're still paying. They're still paying.
And, you know, the algorithm, the ad algorithm, we'll never get it wrong anyway, right? They're never going to show alcoholics, people clinking glasses of Shabblee or showing, you know, a fast food ad to someone trying to, you know, eat more healthily. No, exactly. Exactly. Exactly. My hope though, what would be, what would make me feel a little bit better about all this, even though I don't like the model, is if they had a bounty program to get the best techies out there to hammer the system to expose any holes before customers are lured into using this service. Well, are you surprised? One would hope that they make this rock solid because otherwise you're going to get pretty Patel and Nadine Dorries onto them.
You went into the Daily Mail comment section that's a... I know I did.
It with like my eyes squinted so I couldn't read everything. And took a shower afterwards.
The world's fine. That's why I visit the Daily Mail website and regularly go down the sidebar of shame to read about Kim Kardashian. Do you know if that was a comment from a socialist worker or hippies are us? I, you know, maybe they don't have a TV and a radio or anything like that and they just knit their own yogurt and play their own songs or something but given it's on the Daily Mail on a website I'm thinking that person has got a TV and probably a Netflix subscription and probably listens to a lot of music either on the radio or downloaded illegally from the internet.
Baramundi offer unified endpoint management from a single platform. Think of it as an all-in-one solution, consolidated endpoint management under a single interface. For example, with Baramundi Jobs, you can control and monitor all tasks in the management suite, including software deployment, automation, and operating system installation. Baramundi also offer vulnerability detection and patch management, so you're ready to deploy updates and patches from Microsoft and third-party applications. And you can centrally manage any number of devices, no matter where they're located. And that means you can distribute all the necessary updates to smartphones, tablets, notebooks. Excited to check it out? Well, we don't blame you. Our pals at Baramundi are offering Smashing Security listeners a 30-day full version free trial. Check it out at baramundi.com/smashing. That's baramundi.com/smashing.
Collide sends employees important, timely, and relevant security recommendations for Linux, Mac, and Windows devices right inside Slack. Collide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
Did you replace the printer that your antenna was sat on? Because that may well have been blocking some of the signal.
It was like a leaning tower of Pisa to try and get my antenna as high as possible. A leaning tower of Canon, more like.
And with the speed of Microsoft dealing with the macro problem.
I have now invested in a solution, which I hope is going to work. I'm speaking to you right now via a low Earth orbit satellite.
Is that basically the equivalent of getting the string wet between the tin cans? There are no tin cans involved. Pigeons, maybe.
Which tech juggernaut gets the cash for that purchase?
This is the slight problem because it is, of course, part of Elon Musk's empire. Do you not like Elon then? Why not?
He just seems a bit of a twat. Yeah. But hey, he makes great tech.
Well, possibly they are, but he seems particularly weird.
I'm not a fan either. How much did it set you back? It's quite expensive. Dish itself, it's a little rectangular dish, that costs, I think it's about £499.
The ping's low-ish. It's 39, isn't it? It varies. It changes. But I do see from the images that are in the show notes, I do see that by paying for Starlink has meant you couldn't upgrade your phone. Why is that?
An iPhone SE is the best iPhone there is.
No, it isn't. What are you talking about?
The iPhone SE is the best phone Apple's ever made.
Why is that?
Because it's a sensible size rather than being like a clown shoe or having stupid cameras sticking out the back, which you don't need.
This is from a man with very small hands. I don't like all those big stupid... I mean, I don't need a camera. Stop giving me a better camera.
Why do you not need a better camera?
What would I need a better camera for?
To take better photos.
Of what? Stuff. Family. I don't need a gazillion megapixels. It's not required.
Your future descendants will not thank you as they look at the equivalent of a 500k GIF of your photo.
They don't want to see all the plaque on my teeth or the hair coming out of my nostrils. They don't need details like that. Graham, stop biting. Stop biting. Exactly. So there it is. Is my pick of the week. So far, I'm very, very happy of it. Go and investigate it yourself. Starlink.
Hallelujah, I say, you know. In a blink of an eye, you sort of the problem.
Very good. I'm really impressed by this. Although I did see that a whole bunch of his Starlink satellites came crashing down to Earth the other day after a geomagnetic storm.
They did, didn't they? Yeah.
Don't worry. Your 400 bucks will help fix that. Yeah.
Thom, what's your pick of the week? So my pick of the week is something that many people may describe as a guilty pleasure. But actually frankly I don't feel guilty about it. Hang on a minute, what are you talking about? You're talking about what? What is a prog? Oh a comic. Yeah comic. So one epic, so one sort of comic. So they had progs one, two and three and they had those three times over. Now those three comics in reasonable condition, not even mint condition, today are worth about three, four thousand pounds. Wow. Very, very good. No.
Great. Have you watched V for Vendetta?
No.
No. What? Have you watched Watchmen?
No.
Oh, my God. Have you watched The Boys on Amazon?
Yeah, I saw that. Yeah.
Have you watched Kick-Ass?
Yes.
No. Have you watched Wanted?
No. I don't know.
Okay. What about, have you heard of Judge Dredd?
Yes. There you go. Okay. All of this stuff. We don't talk about that Judge Dredd. Well that's why I haven't read it.
Well yeah, because you haven't died yet.
I'm in no rush.
But it also was turned into a big film by Zack Snyder and a TV series as well as that. Dave Gibbons was artist for that. Garth Ennis, the writer of The Boys. Mark Millar, who wrote Wanted, Kick-Ass, Jupiter's Legacy, Super Crooks, which is on Netflix now, is a very good show. Judge Dredd was a character that was created and drawn by Carlos Ezquerra, Strontium Dog. That was a character that was, frankly, murdered by Sylvester Stallone, was immortalised by Karl Urban in Dredd, and is soon to be a Netflix series called Mega City One.
Oh, cool. Rogue Trooper, another character, soon to be directed in film form by Duncan Jones. Duncan Jones is David Bowie's son, and he's the director of Moon, Mute, Source Code, World of Warcraft. So very, very talented, very forward-looking director.
So I've never read 2000 AD, but I do know about some of these things and I do know it's very highly regarded and it is meant to be very good. It's just never been my particular bag.
No, absolutely not. But what they also have is the Rebellion, who owned 2000 AD, they also have a Treasury of British Comics group. They do bringing back a lot of the old school comics that kind of went out of print. So Scream, Misty, The 13th Floor.
The Trigan Empire.
Trigan Empire. Which I, yeah, that's right. I always call them Trigan. Are you sure it's Trigan?
It's Trigan. From Look and Learn, right?
That's right. It's an old pick of the week of mine. And I think Rebellion are based in Oxford.
So there you are. Another link to Smashing Security.
So, yeah, there you go. But check it out. 2000 AD, there's an app. You can get weekly comics and a monthly Judge Dredd and lots of stories, lots of books. You can buy online, watch the film, strongly suggest it. I don't get paid for any of these endorsements.
No, you obviously love it. See, that's why it's great having guests on with their own pick of the week, right? It's great. It's fantastic.
It's great. Let's see if you can match it, Carole, with your pick of the week.
Yeah, I'm not sure. Okay, my pick of the week. So this past weekend, I was at a mini family event in a kind of, I don't know what you call it, like a manor house. Oh, la-di-da. Yeah, I know. A bit la-di-da. Exactly. Were you upstairs or downstairs? Just asking.
A bit personal. I have no idea what that even means. And the house has been in the family for generations, and there was loads of evidence, like, you know, with art, everything, furniture, everything. So it got me to thinking about how dinner parties would have been held in this house.
I'm looking right now. Ladies, you should smile when talking on the telephone.
I know. There is one, shake hands at elbow level, so make sure your hands at a right angle when you shake. A host always serves the meat.
Please, what kind of party are you at? See, I learned from these places, the posh places you have people serving you. The really posh places you have a butler who brings around the food and you serve yourself, which is kind of a little bit back to front.
There's this one from the 60s that says, avoid dead fish hands. What is that? Fish don't have hands.
Well, it's a bit late.
Men should enter dark rooms first. Right? That's slightly sinister, what's that about?
Well, it's protecting the ladies. Oh, I see. I like always have a cigarette on hand. That's aged a bit, huh?
With the toilet paper I've got, it's more like Swan Vesta.
Link in the show notes, Good Housekeeping article, if you want to read about wacky, I don't know, what is it? Do's and don'ts.
Very handy, very handy. Well that just about wraps up the show for this week Thom. I'm sure lots of our listeners would love to follow you online, what's the best way for folks to do that?
You can catch me on Twitter at Thom Langford that's Thom with an H because they wouldn't let me have the H. I'm also at TomLangford.com and you can also catch the other best InfoSec podcast HostUnknown at HostUnknown.tv.
Fantastic and you can follow us on Twitter at smashinsecurity, no G, Twitter and last have a G. And we also have a Smashing Security subreddit. And don't forget, to ensure you never miss another episode, follow Smashing Security in your favourite podcast app.
And of course, shiny shout out to our episode sponsors, Collide and Baramundi, and to our wonderful Patreon supporters. Thanks to all of you, this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalogue for more than 261 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye bye.
Bye.
Goodbye. Short and sweet this week.
Was it? Short and sweet. You've been going for an hour.
Oh, oh, sarcasm, right. Well, who talked forever? Not me. 25 years I...
I think he was wasn't it? Yeah 1993. Have you ever heard of a macro Thom Carole? Well let me tell you what a macro did.
