Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have a casual video chat about whatever is on our minds. You can either watch the video, or listen to the podcast.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Smashing Security 001: One Cup, Two Hotel Guests. And here are your hosts: Carole Theriault, Vanja Švajcer, and Graham Cluley. And, well, exciting time.
You're doing great, you're doing great. Carry on, it's really riveting. Thriving. I sense you have a goal and you're going there with purpose, and we are there.
We're waiting with bated breath.
We're waiting with bated breath.
Yes, please do continue.
Carry on, shall I?
Yeah.
The date is significant because it is— I've got my glasses on. 22nd of December.
And this is not just because it's National Army of Yugoslavia Day here in former Yugoslav countries.
The national—
Well, it's the People Liberation Army equivalent of former country of Yugoslavia. Today is the 22nd of December, so a little bit of trivia for you.
It was the day where they held all these parades, army parades, and I think it might have been a day off as well. I'm not sure, I don't remember correctly.
It was the day where they held all these parades, army parades, and I think it might have been a day off as well. I'm not sure, I don't remember correctly.
Fun, fun, fun. What was Christmas like in the old days, Vanja?
It was great, there was no Christmas.
Didn't have that to worry about.
It was pretty, pretty cool. Only the people who were really subversive could celebrate Christmas.
Two minutes in and we talk politics. Great.
No, no, no, you had so-called on the New Year's Eve that was also called the day of children's happiness or joy.
And this is where a lot of children would actually get presents from Santa.
And this is where a lot of children would actually get presents from Santa.
Forget about happiness for the children the other 364 days of the year.
No, that's— that was the only day.
Yeah, it's the only one that's worth it.
Yeah.
But Christmas is just around the corner for you.
Two days away.
Is it two days?
Two days.
Yeah, no, 3 days. 3 days. When I said 2, what I really meant was to say 2 sleeps.
2 sleeps.
Mine starts on the 24th because I'm going off to the in-laws, you see. So that to me is the big D-Day. That's D-Day.
So your in-laws, are they technical? Are they nerdy? Will they be dreaming of a laptop Christmas?
No, they are very, you know, they know their way around, but I think there's always a few questions when we go down there as to how we can help them with any device connectivity, security, the same as everybody.
Anyone in our position will have this, right?
Anyone in our position will have this, right?
Because that's what I had yesterday. I was at my in-laws yesterday and my father-in-law has just bought himself a new laptop.
He went to those nice people in PC World who made a recommendation to him, and he bought that. And he's very pleased with it. And obviously he wants me to get it up and running.
And so it was my job to install the browser that he prefers and to set up his bookmarks because, you know, he has bookmarks on one computer, doesn't have bookmarks on the other.
And how do I get here? And how do I open Word?
And he's a little bit unusual in his requirements because he's obsessed with icons on the desktop and how the icons on the desktop take up—
He went to those nice people in PC World who made a recommendation to him, and he bought that. And he's very pleased with it. And obviously he wants me to get it up and running.
And so it was my job to install the browser that he prefers and to set up his bookmarks because, you know, he has bookmarks on one computer, doesn't have bookmarks on the other.
And how do I get here? And how do I open Word?
And he's a little bit unusual in his requirements because he's obsessed with icons on the desktop and how the icons on the desktop take up—
How organized.
Well, they take up too much memory, Vanja.
I see.
If you have too many icons on the desktop, that's eating up all the memory. So all of those have to be deleted.
But during the process of this, I said, well, what's your— he's on Gmail, right? And I said, what's your Gmail password? And I'll set you up so you can access your email.
Oh, I don't know my Gmail password, he says, because he's permanently logged in upstairs.
And so I had to go through the process of saying we've forgotten our Gmail password in order to get them to remind us. And Google—
But during the process of this, I said, well, what's your— he's on Gmail, right? And I said, what's your Gmail password? And I'll set you up so you can access your email.
Oh, I don't know my Gmail password, he says, because he's permanently logged in upstairs.
And so I had to go through the process of saying we've forgotten our Gmail password in order to get them to remind us. And Google—
Quite an elaborate process.
It was a little bit. Yeah, because it wanted to phone us up and leave us a message or text us or something. And of course, the number which it had for him was from 3 houses ago.
And so that didn't work anyway. And then the same rigmarole with PayPal as well and all of those other sites.
And he told me, oh, the other day, Graham, I got an email from Amazon telling me that I have to change my password. It's been compromised. And so I changed my password.
I'm going, what have you done? And I assumed it was a phishing message because that would be par for the course.
So I went back through his email and it turned out it was actually a legitimate email from Amazon.
It hadn't been that he'd requested a password reset, but instead Amazon had obviously scooped up one of these big mega breaches and found that he used the same password because he uses the same password for everything.
And so that didn't work anyway. And then the same rigmarole with PayPal as well and all of those other sites.
And he told me, oh, the other day, Graham, I got an email from Amazon telling me that I have to change my password. It's been compromised. And so I changed my password.
I'm going, what have you done? And I assumed it was a phishing message because that would be par for the course.
So I went back through his email and it turned out it was actually a legitimate email from Amazon.
It hadn't been that he'd requested a password reset, but instead Amazon had obviously scooped up one of these big mega breaches and found that he used the same password because he uses the same password for everything.
Okay, how unusual do you think that is? Really, really? I don't think it's unusual at all.
I think— I—
It's pretty—
I think it's common, probably the norm, isn't it, really, if we were to count everyone who uses computers?
Because even if you don't use the same password for everything maybe you have a password, I don't know, Fred or something, but then you make it Fred Amazon, Fred LinkedIn, Fred PayPal.
Because even if you don't use the same password for everything maybe you have a password, I don't know, Fred or something, but then you make it Fred Amazon, Fred LinkedIn, Fred PayPal.
Hey, don't tell them my scheme.
But you know, it's—
Yeah. But you know why? A, if you don't know about digital password safes and everyone tells you don't write them down, what are you going to do?
You're either going to come up with your own little algorithm, or you're going to use one of a handful or one password across all of them.
You're either going to come up with your own little algorithm, or you're going to use one of a handful or one password across all of them.
You know what, I'm going to— maybe this is wrong for me to say, but I kind of think maybe it's not so bad writing them down for some people.
Ha! I just wrote a blog recently saying exactly that, saying, you know, if a person— because not everyone is au fait or can really grapple with the idea of online digital safes.
I have tried with some people, and I'm not going to name them, but, you know, they really just— it's a difficult concept to understand.
And I just think, OK, get a hard copy book, put it into your household safe. Don't worry about it.
I have tried with some people, and I'm not going to name them, but, you know, they really just— it's a difficult concept to understand.
And I just think, OK, get a hard copy book, put it into your household safe. Don't worry about it.
Yeah, because normally my argument against that is if you're in a shared house or if your partner's, you know, a bit jealous or whatever or something.
But then I thought, well, hang on. My father-in-law has been married to my mother-in-law for 47 years. They're probably going to stay together.
She probably knows every bit of dirt about him already.
But then I thought, well, hang on. My father-in-law has been married to my mother-in-law for 47 years. They're probably going to stay together.
She probably knows every bit of dirt about him already.
They share bank accounts. They can share passwords, surely.
So maybe the only danger or the only danger of writing it down is if there's a fire or if there's a burglary or something. And maybe it's not so bad.
And having said all that, well, that's why you have to have your offsite backups too, right?
Yeah. Well, ideally photocopies which you send to the son-in-law. What I ended up doing, though, was because of course they're of a certain vintage, right?
And they are getting very forgetful and, you know, it's understandable. And now we've added all this complexity of you have to have different passwords.
So I use 1Password, but there's a 1Password family option or 1Password Teams or something like that, which means that we can manage their password manager for them.
And if they can't remember how to get into their password manager, I can actually now see my father-in-law's passwords.
And I'll set this up for my mother-in-law next time I'm there as well, so that we can secure them.
And if we need to, I mean, if they become invalid or something like that in the future, we can access their systems and look after them a bit.
So that's actually what I ended up setting up.
And they are getting very forgetful and, you know, it's understandable. And now we've added all this complexity of you have to have different passwords.
So I use 1Password, but there's a 1Password family option or 1Password Teams or something like that, which means that we can manage their password manager for them.
And if they can't remember how to get into their password manager, I can actually now see my father-in-law's passwords.
And I'll set this up for my mother-in-law next time I'm there as well, so that we can secure them.
And if we need to, I mean, if they become invalid or something like that in the future, we can access their systems and look after them a bit.
So that's actually what I ended up setting up.
So sorry, just I just need to clarify something.
So you're worried about couples not wanting to share passwords between each other, but you have now got full access to your parents-in-law's entire digital.
So you're worried about couples not wanting to share passwords between each other, but you have now got full access to your parents-in-law's entire digital.
Well, that's because he's an expert.
But is he trustworthy?
By millions of people.
Me?
Yeah, look at him. Of course I'm trustworthy.
Look at me. Hey, look at me, look at me. Of course I'm trustworthy.
Is that Joe Pesci?
Million followers on Twitter trust him.
Do they?
No, no, I think they just— it's not a million anyway, but I mean, it's He's just—
I don't think following— it's certainly not with my— following does not equate trust, I don't think.
Yeah, I mean, I follow Donald Trump, right? It's a kind of perverse entertainment.
And you fully trust him, of course.
Well, I do trust him, actually. I trust him to do certain things with great reliability.
Yeah.
But have you also considered, now that you have control over their passwords, installing something like TeamViewer, because many people here in Croatia, even they have small businesses or homes, they use TeamViewer and they connect the machines to help them, let's say.
Obviously opening another potential security hole.
Obviously opening another potential security hole.
Well, some scammer hasn't already installed TeamViewer on his previous laptop, which is— that's why he's had to—
Oh, that's what happened? Oh cool.
Well, no, that has happened.
Was it the Microsoft support calling?
That has happened in the past with him. It was really funny, actually, because he got— he's a very trusting guy.
I mean, it's fantastic, you know, that there were these innocent times where you just trusted people. And he comes from this different age.
And someone called him up and said, "Hello, it's Microsoft here.
You've got a virus." And he didn't think, "Let's speak to my son-in-law who works in the antivirus industry and knows virus experts like Carole Theriault and Vanja Švajcer." He doesn't think like that.
He thinks, "Oh, this is fantastic.
Yes, please help me with my problem." But the problem was he was keeping his computer in his shed, in his cabin, as he likes to call it, down the bottom of the garden.
And he couldn't find the key to that cabin for about 45 minutes. So this poor scammer must have thought it was a wind-up because he was looking everywhere.
"Oh, just hold on a minute." And he genuinely was looking for the key. And then he got too tired just as they were about to install the remote access program.
He was like, "Oh, could you call back tomorrow? I really need to have a lie down now." And so, so there you go. You know, it's a good way to protect yourself.
I mean, it's fantastic, you know, that there were these innocent times where you just trusted people. And he comes from this different age.
And someone called him up and said, "Hello, it's Microsoft here.
You've got a virus." And he didn't think, "Let's speak to my son-in-law who works in the antivirus industry and knows virus experts like Carole Theriault and Vanja Švajcer." He doesn't think like that.
He thinks, "Oh, this is fantastic.
Yes, please help me with my problem." But the problem was he was keeping his computer in his shed, in his cabin, as he likes to call it, down the bottom of the garden.
And he couldn't find the key to that cabin for about 45 minutes. So this poor scammer must have thought it was a wind-up because he was looking everywhere.
"Oh, just hold on a minute." And he genuinely was looking for the key. And then he got too tired just as they were about to install the remote access program.
He was like, "Oh, could you call back tomorrow? I really need to have a lie down now." And so, so there you go. You know, it's a good way to protect yourself.
Good story.
So how much of this kind of thing happens for you guys at Christmas? Do you get lumbered with stuff like that?
Well, I'm lucky in that my brothers are also pretty tech savvy. So we get to split the— we share the load, so to speak.
Right.
And sort out different family members on different devices. But yeah, of course we do it. Of course.
Because is it the case that—
I tend to run away from those things as much as possible because often it's a ransomware problem where, "Hey, all my files are gone, but you are an expert, right?
You will help me retrieve them back." And I go, "Yeah."
You will help me retrieve them back." And I go, "Yeah."
Okay. But the problem with that though, right? It's a bit like my dad. My dad's a doctor, right? A medical doctor.
So we would be out at, say, I don't know, having dinner somewhere and someone would start choking or something. And he would basically go, "Shh, shut up.
Don't say a word." Because all those kids would be like, "Hey, Dad could be a hero, right? Dad, go sort that out." So yeah, Vanja, I think you should step up to the plate.
Don't you think?
So we would be out at, say, I don't know, having dinner somewhere and someone would start choking or something. And he would basically go, "Shh, shut up.
Don't say a word." Because all those kids would be like, "Hey, Dad could be a hero, right? Dad, go sort that out." So yeah, Vanja, I think you should step up to the plate.
Don't you think?
Carole has this—
I always help, but I immediately start sweating because they expect you to solve the problem in 5 minutes.
And you go, "Wait a second, where is the escape key or whatever?" Carole, have you ever considered that maybe your dad wasn't a doctor?
And you go, "Wait a second, where is the escape key or whatever?" Carole, have you ever considered that maybe your dad wasn't a doctor?
And actually he's been lying to you all this time. He's actually an insurance salesman or something like that.
And then when you get yourself into that situation of someone needing the Heimlich maneuver, he's hoping—
And then when you get yourself into that situation of someone needing the Heimlich maneuver, he's hoping—
He went— well, he went to extraordinary lengths to convince me that he was a doctor, as I did work in his office for about two years as a kid.
So yeah, I'm pretty— I'm pretty sure—
So yeah, I'm pretty— I'm pretty sure—
I'm pretty sure the way these lies escalate sometimes, sometimes you've got to fake these things, right? I'm just— my own experience.
So Vanja, you're avoiding all of these kind of problems. I'm probably going to get quite lumbered with them, to be honest.
But yeah, it's, I mean, but obviously it's an opportunity for all of us in tech to sort of advise and maybe give some advice for the next year as to how people can avoid these kind of problems.
So Vanja, you're avoiding all of these kind of problems. I'm probably going to get quite lumbered with them, to be honest.
But yeah, it's, I mean, but obviously it's an opportunity for all of us in tech to sort of advise and maybe give some advice for the next year as to how people can avoid these kind of problems.
I wish we had some swelling movement music behind that as we started talking now. I'll hum, yeah. Keep talking about how the industry should come together and improve.
I have a dream.
Yeah, or maybe those of us in the industry know how painful it is to clean up after a mess has occurred.
Okay, I've had that joy after it's all blown up and an identity's been stolen and you have to try and claw back everything you can. That is so painful.
So maybe it's worthwhile helping Christmas so that you yourself don't have to deal with this later, this horrible, my account's been emptied, my password's—
Okay, I've had that joy after it's all blown up and an identity's been stolen and you have to try and claw back everything you can. That is so painful.
So maybe it's worthwhile helping Christmas so that you yourself don't have to deal with this later, this horrible, my account's been emptied, my password's—
Right, which is why one of the things that I'll be setting up for my parents-in-law, if they'll let me, is an online backup service.
So their computers are every day or whatever, they'll be backing up whatever's changed on the computer, which won't be very much, to be honest.
And would mean if they get hit by ransomware, we have a way of recovering.
It may take a day or two to recover depending on how much has been encrypted, but there's a way of restoring after those sort of incidents.
So their computers are every day or whatever, they'll be backing up whatever's changed on the computer, which won't be very much, to be honest.
And would mean if they get hit by ransomware, we have a way of recovering.
It may take a day or two to recover depending on how much has been encrypted, but there's a way of restoring after those sort of incidents.
So just playing the devil's advocate, how long are those backups stored for?
Because thinking about ransomware that's today, obviously it shows up, encrypts all of your files and you immediately know you're screwed.
But what if something, and I think people talked about it in the past, just slightly corrupts the data? You start seeing changes, but not anything significant.
And basically, everything is replicated to the cloud. At some point, you may lose the backup that's healthy and you're screwed.
I'm actually surprised that it hasn't happened already, something like that. There are not enough people using those cloud services.
Because thinking about ransomware that's today, obviously it shows up, encrypts all of your files and you immediately know you're screwed.
But what if something, and I think people talked about it in the past, just slightly corrupts the data? You start seeing changes, but not anything significant.
And basically, everything is replicated to the cloud. At some point, you may lose the backup that's healthy and you're screwed.
I'm actually surprised that it hasn't happened already, something like that. There are not enough people using those cloud services.
Well, you know what? It used to. Isn't that what we used to have with old macroviruses?
If you couldn't detect them, they would just sit there corrupting a document over and over again.
So you saved versions for months on end and you wouldn't have an actual virgin copy without corruption.
If you couldn't detect them, they would just sit there corrupting a document over and over again.
So you saved versions for months on end and you wouldn't have an actual virgin copy without corruption.
Yeah, some did and some did it in a very subtle way.
For instance, there were Excel macroviruses which would take one number from here and another one here and just move them around.
For instance, there were Excel macroviruses which would take one number from here and another one here and just move them around.
God, what a nightmare to clean that up.
Well, the only way is if you go back far enough in your backups.
But then how do you know which backup in that sort of situation, the right one, how do you know which one's safe and which one isn't?
I think the online backup service I use, I guess I should know, I think it just keeps backups forever.
I mean, hard disk space is fairly cheap, whereas— so what I do is I back up to a local drive. Here in my— I call it an office. And that happens at 2 o'clock every morning, right?
I just back up the entire drive, make it bootable so I can recover from that if I want to.
But also constantly I have this thing backing up into the cloud as well, which is indefinite.
It will take longer for me to recover that data, obviously, if I wanted to download everything. But I think I can go back as far as I want with that.
But then how do you know which backup in that sort of situation, the right one, how do you know which one's safe and which one isn't?
I think the online backup service I use, I guess I should know, I think it just keeps backups forever.
I mean, hard disk space is fairly cheap, whereas— so what I do is I back up to a local drive. Here in my— I call it an office. And that happens at 2 o'clock every morning, right?
I just back up the entire drive, make it bootable so I can recover from that if I want to.
But also constantly I have this thing backing up into the cloud as well, which is indefinite.
It will take longer for me to recover that data, obviously, if I wanted to download everything. But I think I can go back as far as I want with that.
You see, I have a problem with this online backups a bit, even with online drives and things like Dropbox as well.
Is that actually if your internet connection is not good enough, in Croatia on ADSL is not great still. So what I get is 500 kilobyte uploads.
To upload something like hundreds of gigabytes, it takes forever. So it's not ready for all the developing countries, let's say.
Is that actually if your internet connection is not good enough, in Croatia on ADSL is not great still. So what I get is 500 kilobyte uploads.
To upload something like hundreds of gigabytes, it takes forever. So it's not ready for all the developing countries, let's say.
No, no.
Or, or in fact, New York. I don't know if everyone's ever used Wi-Fi in New York, but wow, it's not always fast.
Fun fact. And if you're on free Wi-Fi, or if you're in a hotel, sometimes it is diabolical, isn't it? Yeah, such a pain.
I mean, it's got to the point now where I'm sort of carrying around a 4G device, not for when I'm on the train, but just so I can have a reliable internet connection when I'm actually at the hotel, which is meant to have decent Wi-Fi.
I mean, it's got to the point now where I'm sort of carrying around a 4G device, not for when I'm on the train, but just so I can have a reliable internet connection when I'm actually at the hotel, which is meant to have decent Wi-Fi.
And it's good security as well.
Yeah, yeah, yeah.
I have an off-piste rant here. I have an off-piste rant about hotels because I've just come back from one.
So why is it okay for them to give you free coffee and paraphernalia but charge you for water?
So why is it okay for them to give you free coffee and paraphernalia but charge you for water?
That is a bit weird. And as a non-tea, non-coffee drinker, someone who likes water, you're quite right. Yeah, they give you— and they even tempt you sometimes, don't they?
They get— they have a little bottle there, go yeah, yeah, yeah, drink tea, £3.50.
They get— they have a little bottle there, go yeah, yeah, yeah, drink tea, £3.50.
You're lucky, £3.50.
Don't you just usually go and drink tap water in any normal country? That should be reasonably safe.
I— okay, I get it. But, you know, fridge water is very nice, right? It's nice, cold fridge temperature water. They don't even leave it, you know, and then are those cups clean?
I do have a friend who's often questioned where the cups in the room I never thought about it.
I do have a friend who's often questioned where the cups in the room I never thought about it.
What sort of thing are you imagining, Carole, is going on in these cups?
Well, what my friends— one cup, two hotel guests, they never seem to have cups on the trolleys, so do they just wash the cups up in the bathroom sink?
And what do they use as a cleaner? Anyway, there you are. Yeah, but anyway, Wi-Fi in hotels most often pretty bad.
And what do they use as a cleaner? Anyway, there you are. Yeah, but anyway, Wi-Fi in hotels most often pretty bad.
So I guess the other side of Christmas, of course, and you know, the real reason for Christmas, let's face it, is presents. And you're so Western. Have you bought your wife presents?
Well, she sent me an SMS with a list of things that she'd quite like.
I've bought none. I've bought none.
Really? Nothing.
My husband, nothing.
I just— it's bizarre, isn't it? The older I get, the more I just want socks. And it's inversely proportional to your age. When I was a teenager, I would have hated socks.
I recently read two completely opposite articles on whether you should buy people something that they want or something that they need.
In one article said definitely buy what they want, and the other one, no, no, no, just go with something that's actually useful to them. So we're always looking for novelties.
We're always trying to find something that, you know, they're going to go, oh, it's so nice. But whether it's—
In one article said definitely buy what they want, and the other one, no, no, no, just go with something that's actually useful to them. So we're always looking for novelties.
We're always trying to find something that, you know, they're going to go, oh, it's so nice. But whether it's—
So John should come home with a box of female hygiene products?
Exactly. Here you are, darling.
What? My goodness. So I'm wondering, this Christmas is obviously there's going to be lots of internet-enabled gifts being sold, right?
Yes.
They're everywhere now. It's not just drones, although drones are sort of, you know, you've seen them in the high street.
I have one that I would really like.
Really?
It's a smart basketball that measures how well you're actually playing.
It's a proper basketball and it measures the distance, how well you've percentage of scoring, all this sort of stuff. It's pretty cool.
It's a proper basketball and it measures the distance, how well you've percentage of scoring, all this sort of stuff. It's pretty cool.
So it doesn't have a screen, I imagine, because it's a basketball, but it has something in it which communicates via Bluetooth.
Yes, with Bluetooth. And on your phone, you have an app, and then you connect all, and you have all the data.
And it's— the only thing that I don't know is when you play the actual game, how do you know who's playing? That I don't think they've managed to solve that one yet.
And it's— the only thing that I don't know is when you play the actual game, how do you know who's playing? That I don't think they've managed to solve that one yet.
If they combined it with Touch ID, or something similar.
Yep, yep, yep.
Or do some biometrics of the style of your basketball playing and they'd be able to identify who you are.
Fingerprint reader.
Yes. And then the NSA hack it because you can't trust basketball players.
Obviously, obviously.
Someone told me the other day that the Harlem Globetrotters weren't a real basketball team, which shattered a lot of my dreams. Is that not the case?
I don't think they said something like that.
Apparently, it's all a stage act. That I don't think people— yeah, things like—
They were just a bit of a— or shall we— you know, they were the best players in the world.
So assuming— okay, so I don't know how much the smart basketball is, but if a family member was given an Internet of Things style device, I don't know, something which connected like an e-kettle or or one of those sort of gadgets, what would be your advice to them or what would be your concerns?
Tell them to send it back. Who needs an e-kettle? Who needs an e-kettle?
What about a kitchen scale that can actually tell you, multiply the amounts of things when you make a cake?
So I want to make a cake for 4, this much, how you kind of immediately takes the kind of recipe from the internet and it takes all of them.
Measures and then actually converts them to the amounts that you actually need. So that could be useful, but it still connects to the internet. There is still a CPU inside.
So, do you really need that kind of thing or not?
So I want to make a cake for 4, this much, how you kind of immediately takes the kind of recipe from the internet and it takes all of them.
Measures and then actually converts them to the amounts that you actually need. So that could be useful, but it still connects to the internet. There is still a CPU inside.
So, do you really need that kind of thing or not?
That's a big question still, because our concern is if there's a computer inside it, it can be exploited.
And we've seen attacks which have taken over baby cameras and routers and CCTV and all kinds of other devices online where the computer gets hijacked and then you launch a denial of service attack, or in some cases they've even cracked Wi-Fi passwords and things like that, haven't they?
And we've seen attacks which have taken over baby cameras and routers and CCTV and all kinds of other devices online where the computer gets hijacked and then you launch a denial of service attack, or in some cases they've even cracked Wi-Fi passwords and things like that, haven't they?
Yeah.
And we saw even with things which appeared harmless, those VTech educational toys, right, right, right, that was awful.
Yeah, there was a camera there and you could grab information about the children, take pictures, and it's just like that.
Even if it wasn't being actively exploited, and I don't think in that case it was, I think someone just found the vulnerability, it's still alarming that those kind of vulnerabilities exist.
Yeah, there was a camera there and you could grab information about the children, take pictures, and it's just like that.
Even if it wasn't being actively exploited, and I don't think in that case it was, I think someone just found the vulnerability, it's still alarming that those kind of vulnerabilities exist.
But hey, you know, do you not think it's a balancing act between how convenient and available something is?
There's a, you know, there's a, you know, so depending on how easy it is to access, presumably you want to make it be more secure in how you protect it, using a proper password, trying to encrypt where possible, use two-factor authentication if supplies.
There's a, you know, there's a, you know, so depending on how easy it is to access, presumably you want to make it be more secure in how you protect it, using a proper password, trying to encrypt where possible, use two-factor authentication if supplies.
If that's possible at all, if those devices are powerful enough to have those controls. A lot of them would just have one hardcoded password for some—
Right, I was gonna say, many of them can't even change the password, right? You have to hack it in order to do that, and that's crazy.
Yeah, yeah.
So I say until there's, you know, if you connect to the internet, you're basically, you know, you want to have— you want to make sure that you really need that thing and you understand how to protect it.
All right, but you're the one who's telling me, why am I going on about password managers when we should just write them down in a book?
How are you going to convince people who already have— if you could see my room, it is just full of tat right now, right? You have everything you can—
How are you going to convince people who already have— if you could see my room, it is just full of tat right now, right? You have everything you can—
By the way, I don't know if you can— the camera, the camera.
Anyway, but the thing is that we already have everything we could ever need in our lives, and so we're constantly looking for some new gadget or something cool which has some feature that we can show off to our pals.
The internet is the easy thing for them to put in and the manufacturers aren't going to make these things secure, are they?
I just have no confidence that it's going to get better before it gets much, much worse.
The internet is the easy thing for them to put in and the manufacturers aren't going to make these things secure, are they?
I just have no confidence that it's going to get better before it gets much, much worse.
Well, you know what? Thanks for ending this on a cheery tone two days before Christmas. Bug, bug, bug.
Are you saying that the IoT is actually internet of trash?
Oh yeah, or the internet of insecure things. Very good. Internet of threats, maybe.
Of threats. Of the— that can be—
Yeah, that is, isn't it? It sounds a bit like the io with th. It doesn't work as well.
Whatever.
Well, look, guys, I hope you have a good Christmas, you chaps. And Vanja, I hope you get that. I'll have a word with Mrs. Vanja and see if she can get you that smart basketball.
Sooner or later we'll have one.
Yeah, it's going to happen, isn't it? I've got my eye on a very high-tech chessboard. Yeah, I'll send you a link privately and you can check it out and see what you think.
But it's just ridiculous. In fact, it's so ridiculously expensive, I said to my wife, wait till a big birthday rather than now. I'll just stay with socks for now.
And Carole, what are you hoping for?
But it's just ridiculous. In fact, it's so ridiculously expensive, I said to my wife, wait till a big birthday rather than now. I'll just stay with socks for now.
And Carole, what are you hoping for?
Honestly, nothing. I think just bottles, nice bottle of scotch. I feel like I'm inundated with stuff. I just want things that can actually be imbibed or ingested.
That's you, that's you. We've got it, we've got the picture, we got it. All right, well, I think it's been fun chatting to you guys as ever. Maybe we'll tune in again next week.
If people enjoy this, leave a comment.
If you've got a question you'd like to ask us about computer security or just wanted to be in on the conversation or disagreed violently with what we said, do send us a tweet or leave a comment.
Our Twitter account is Smashing Security, smashing without a G, because Twitter can't handle that many characters in a username. Crazy, I know, Smashing Security.
But until next time, cheerio and thanks for watching. Bye-bye.
If people enjoy this, leave a comment.
If you've got a question you'd like to ask us about computer security or just wanted to be in on the conversation or disagreed violently with what we said, do send us a tweet or leave a comment.
Our Twitter account is Smashing Security, smashing without a G, because Twitter can't handle that many characters in a username. Crazy, I know, Smashing Security.
But until next time, cheerio and thanks for watching. Bye-bye.
Smashing.
This week, in Smashing Security #001: “One cup, two hotel guests”, we discuss the pains of providing tech support to family and friends, how writing down your passwords might actually sometimes be a good idea, and muse on cloud backup services.
What else? Well how about cool gadgetry, smart basketballs, below-par hotel services and, of course, Christmas being “..in TWO days”?
Hope you enjoy the show, and tell us what you think!
i came across a book called encrypted pocketbook of password which I might consider proposing to solve the password remembering issue. Keep up guys!