Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual video chat about whatever is on our minds. You can either watch the video, or listen to the podcast.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Smashing Security, Episode 002: Invest in Carrier Pigeons with Carole Theriault, Vanja Švajcer, and Graham Cluley. Hello, hello, and welcome to Episode 2 of Smashing Security.
Well, what are you smirking at now at that point? I'm just trying to be upbeat.
Well, what are you smirking at now at that point? I'm just trying to be upbeat.
You said it's only because it's smashing.
You'll see, guys, Graham is standing up, right? And Graham does a lot of stage presenting, so that's what's going on here. He's presenting. Let's go, let's do this.
You said make it dynamic this time.
I don't think I've ever said that.
Put in lots of— because we want to be finished within about 20 minutes. Do you think we're going to do it? Do you think we're going to do it in 20 minutes?
20 minutes, let's go.
All right, okay.
Episode 2 is 5th of January 2017, and we have brought— each of us has brought to the table a story that we've uncovered from the world of computer security this week.
We don't reveal to each other what the story is until we actually meet here right now in the chat. So we can now see—
Episode 2 is 5th of January 2017, and we have brought— each of us has brought to the table a story that we've uncovered from the world of computer security this week.
We don't reveal to each other what the story is until we actually meet here right now in the chat. So we can now see—
He's lying. He's lying. He's lying. He's lying. He's totally lying. I don't know why he's lying, but I want— I just want— I want authenticity. I want transparency. Graham is lying.
Okay, carry on.
Okay, carry on.
Story number uno. Number one is friend of the show Donald Trump. He's between jobs at the moment, so he wasn't able to make it onto the podcast.
LastPass today, but he has been talking about computer security.
In fact, on New Year's Eve, he was accosted by one of those evil journalist types who asked him, so what's all this about the hacking and Russians hacking into America and into the Democratic Party and all these kind of things?
And Donald is not shy of an opinion. And he said some surprising things. He said that no computer is safe.
And that it's very hard to prove that a hack is linked to a particular country, he said.
LastPass today, but he has been talking about computer security.
In fact, on New Year's Eve, he was accosted by one of those evil journalist types who asked him, so what's all this about the hacking and Russians hacking into America and into the Democratic Party and all these kind of things?
And Donald is not shy of an opinion. And he said some surprising things. He said that no computer is safe.
And that it's very hard to prove that a hack is linked to a particular country, he said.
So he'd been well advised by his advisers, it seems.
Well, I completely agree. I mean, that was the surprising thing. I thought, actually, you know what, you're right.
What computers are safe in this day and age from internet attack and from hackers and from malware? There's the old joke of don't plug in your computer and then you're pretty safe.
You know, don't—
What computers are safe in this day and age from internet attack and from hackers and from malware? There's the old joke of don't plug in your computer and then you're pretty safe.
You know, don't—
Whoa, whoa, whoa. Are you saying then that you don't believe the CIA is right and it's pointing the finger at Russia?
Oh, well, that's different. Okay, so I do think it's probable that the Russians were behind the hack which hits the Democratic Party.
I think there's a number of reasons to believe that that's the most likely. However, proving it 100% is extraordinarily difficult.
What we do know is that they were effectively hacked via a phishing attack. That was the primary method. That gave them access to the email archive. But this is the other thing.
How do you keep the information safe? Well, the journalists asked Donald Trump that as well. And this is what he said.
He said, you want something to really go without detection, write it out and have it sent by courier. He didn't say carrier pigeon, although that presumably is an option as well.
But what he's saying is you want to keep a secret, don't put it on a computer. And yeah, that is going to stop it from being hacked.
I think there's a number of reasons to believe that that's the most likely. However, proving it 100% is extraordinarily difficult.
What we do know is that they were effectively hacked via a phishing attack. That was the primary method. That gave them access to the email archive. But this is the other thing.
How do you keep the information safe? Well, the journalists asked Donald Trump that as well. And this is what he said.
He said, you want something to really go without detection, write it out and have it sent by courier. He didn't say carrier pigeon, although that presumably is an option as well.
But what he's saying is you want to keep a secret, don't put it on a computer. And yeah, that is going to stop it from being hacked.
As you know, carrier pigeons were successfully used in the Second World War by the British intelligence.
That's right.
Yes, they were.
Of course, the couriers a few thousand years ago, even in the recent wars, they were used, but whether they're safe, that's a different question.
It depends on the cipher you're using.
It depends on the cipher you're using.
Right, exactly. If you're using a Caesar cipher or ROT13 or something like that, that is not going to be as secure as using OpenPGP or GPG to securely encrypt your messages.
And have some certainty as to who can open it, who can unlock it and decrypt it.
But even then, if you send an encrypted message, if the endpoint, if the other computer you're communicating with is compromised in some fashion, a hacker could still see the message, right?
And have some certainty as to who can open it, who can unlock it and decrypt it.
But even then, if you send an encrypted message, if the endpoint, if the other computer you're communicating with is compromised in some fashion, a hacker could still see the message, right?
Well, absolutely.
I mean, most of the recent Trojans and recent attacks have installed Trojans, which would actually allow remote attacker to exactly see what you're doing and record all this data and exfiltrate it.
I mean, most of the recent Trojans and recent attacks have installed Trojans, which would actually allow remote attacker to exactly see what you're doing and record all this data and exfiltrate it.
Right, it's sort of par for the course these days for hackers when they infect your computer.
Their malware is not only going to be able to access any file on your hard drive, but it has the ability to take over your webcam, to log what's happening on your screen, take remote control of your keyboard, grab your keystrokes and all kinds of other shenanigans as well.
Their malware is not only going to be able to access any file on your hard drive, but it has the ability to take over your webcam, to log what's happening on your screen, take remote control of your keyboard, grab your keystrokes and all kinds of other shenanigans as well.
Do you not think though, sorry, I know we got to move on, but don't you think though that social engineering is playing a much bigger part in malware than it used to?
So we're much more reliant now on things phishing emails or social engineering attacks where you're trying to dupe someone into providing you an access point to get in, to get the information you need, to hold it for ransom or for whatever your endgame is.
So we're much more reliant now on things phishing emails or social engineering attacks where you're trying to dupe someone into providing you an access point to get in, to get the information you need, to hold it for ransom or for whatever your endgame is.
I think the truth is that the weakness is where it always was. You know, thousands of years ago, the weakness was primarily a human one, yeah?
It was either gonna be someone who was corrupt, who you gave your message to, who you trusted to transport it across the plains of— you know, wherever to get to the endpoint.
Or there was someone at the other end who dressed up as the king and said, "Hey, hey, man, I'm the king.
Why didn't you give me the message so that I can read it?" That wasn't meant to be an Elvis impression, by the way.
It was either gonna be someone who was corrupt, who you gave your message to, who you trusted to transport it across the plains of— you know, wherever to get to the endpoint.
Or there was someone at the other end who dressed up as the king and said, "Hey, hey, man, I'm the king.
Why didn't you give me the message so that I can read it?" That wasn't meant to be an Elvis impression, by the way.
I love how you started bouncing around there. You started bouncing when he was the king. There's obviously a secret.
Hey, Graham's the king.
Graham wants to be the king so bad. Yeah, why not?
But, you know, those sort of threats, I mean, I think that the surprising thing is that some of these attacks can be perpetrated by 14-year-olds.
They don't need enormous sophistication.
Because just the simple attacks phishing really work, and they are going to carry on working for hundreds and hundreds of years because it ultimately is exploiting a weakness in people.
That's what happened to the Democratic Party.
They don't need enormous sophistication.
Because just the simple attacks phishing really work, and they are going to carry on working for hundreds and hundreds of years because it ultimately is exploiting a weakness in people.
That's what happened to the Democratic Party.
What we're saying then— The software itself is becoming more secure as we go.
Some of the remote code execution vulnerabilities in browsers, internet browsers, are not completely removed, but they are certainly a smaller number of new vulnerabilities discovered.
Some of the remote code execution vulnerabilities in browsers, internet browsers, are not completely removed, but they are certainly a smaller number of new vulnerabilities discovered.
So what we're saying basically is use encryption where possible.
We're saying only put emails, make sure what you put in emails and what you click online is not dodgy or wrong or gonna lead you down a bad path.
We're saying only put emails, make sure what you put in emails and what you click online is not dodgy or wrong or gonna lead you down a bad path.
And invest in carrier pigeons. Yeah, okay, something like that.
But what— so I mean, in summary, with this particular story, and there's been some absurd stories in the press and there's been some poor communication and all sorts of things like this, my personal belief is, do I think it was the Russians?
Yeah, I probably do. I think they had the motivation and they were attacking other military and government officials.
And so I suspect it wasn't a 14-year-old who was behind that particular attack. I think that's likely, but proving it 100%, really, really difficult.
Attributing an attack, confirming it's even state-sponsored, let alone which state might have done it, really, really hard.
But what— so I mean, in summary, with this particular story, and there's been some absurd stories in the press and there's been some poor communication and all sorts of things like this, my personal belief is, do I think it was the Russians?
Yeah, I probably do. I think they had the motivation and they were attacking other military and government officials.
And so I suspect it wasn't a 14-year-old who was behind that particular attack. I think that's likely, but proving it 100%, really, really difficult.
Attributing an attack, confirming it's even state-sponsored, let alone which state might have done it, really, really hard.
It's very hard. I often think of how, of this, one of those, some of the best companies that work with the government actually are able to attribute some of the attacks.
And I think the answer is looking at these sort of historical campaigns over the years, what kind of malware are they using?
What sort of infrastructure, command and control server, encryption algorithms, encryption key, everything that's repeated, you can attribute to an actor A.
So how do you now jump from, you know, this is an actor A to this is Russian intelligence is a different question.
So I wonder whether the American intelligence services are not telling us everything.
And I think the answer is looking at these sort of historical campaigns over the years, what kind of malware are they using?
What sort of infrastructure, command and control server, encryption algorithms, encryption key, everything that's repeated, you can attribute to an actor A.
So how do you now jump from, you know, this is an actor A to this is Russian intelligence is a different question.
So I wonder whether the American intelligence services are not telling us everything.
Well, and they may have information which they don't feel comfortable sharing.
For instance, they may have people on the inside in other countries who are feeding back information which they cannot reveal.
For instance, they may have people on the inside in other countries who are feeding back information which they cannot reveal.
Exactly, they don't want to compromise your sources.
They're stuck behind a rock and a hard place, basically.
It is kind of weird to watch the president-elect and CIA basically not trust each other publicly in the media. It's kind of eek.
You bet that's going to change pretty quickly.
Oh, yeah, they're going to completely trust and rely on each other.
I think we're going to enter a state of utter normality in the Trump presidency, so make the most of it while you can, Carole.
Things are going to dramatically calm down and everything's going to be wonderful. Don't worry about that. So let's move on. Vanja, what have you got?
I think we're going to enter a state of utter normality in the Trump presidency, so make the most of it while you can, Carole.
Things are going to dramatically calm down and everything's going to be wonderful. Don't worry about that. So let's move on. Vanja, what have you got?
Okay, the second story for today is quite related to what Graham was talking about, and it's about the same group of actors that computer security company CrowdStrike is calling APT28.
And the new piece of malware that's been discovered on Android phones in Ukraine. So the different, same attackers, different target of the attack.
And allegedly there was software that was used by the Ukrainian D-30 howitzer units to calculate the elevation or the angle of how well they should do target.
And it was actually infiltrated by the same actor who included the code that, among the other things from the phone, such as the model of the phone, the type of the phone, the phone number, and so on, sent the kind of coordinates of the nearest cell tower that the phone was connecting to.
And the new piece of malware that's been discovered on Android phones in Ukraine. So the different, same attackers, different target of the attack.
And allegedly there was software that was used by the Ukrainian D-30 howitzer units to calculate the elevation or the angle of how well they should do target.
And it was actually infiltrated by the same actor who included the code that, among the other things from the phone, such as the model of the phone, the type of the phone, the phone number, and so on, sent the kind of coordinates of the nearest cell tower that the phone was connecting to.
So what's D-30 howitzer? What is that?
Well, it was actually quite popular in the old Soviet times. It's a 122mm artillery weapon.
Oh, so it's for the army. It's for the army.
So basically, the howitzers are, well, cannons. I don't know how we call them.
He's pretending not to know.
Well, actually, they have been used in some previous conflicts in my parts of the world as well. And they were one of the biggest weapons that was used by the former Yugoslav army.
I love how we always get a history lesson from you, Vanja. I think that should be I think we need one every week. I love it.
So what we've got here are soldiers in Ukraine who are downloading this app in order to help them work out what elevation to have their artillery or something in order to shoot off missiles.
Yeah, so from the minutes to actually the way you have to set up your howitzer to shoot, it will bring the time of targeting to seconds.
And the original application was developed by one of the officers in Ukrainian army.
And the original application was developed by one of the officers in Ukrainian army.
Okay.
And allegedly distributed on Ukrainian military-related forums, which to me, it sounds a bit—
Well, you're assuming those are open forums. They could be closed forums, right?
Well, but how do you know if somebody who's a member of the forum, you can always pretend to be the author of the app, which is what allegedly has happened.
And that app was downloaded 9,000 times, the legitimate one, and we don't know how many people use the illegitimate or trojanous version of the app.
And that app was downloaded 9,000 times, the legitimate one, and we don't know how many people use the illegitimate or trojanous version of the app.
We think this malicious Android app which helps the army fire their cannons and things like this was leaking information about the location of these weapons. Potentially?
It seems, and if you read the report which was released by CrowdStrike, you could see that they claimed that about 50% of all the army units that had these howitzers were, how they're called, they had lots of them.
They were using the app?
Yeah, we don't know whether they were using an app or not, but read between the lines, it was implied that if you're using the app, you'll be easily discovered, easily or easier by the opponent forces.
They were using the app?
Yeah, we don't know whether they were using an app or not, but read between the lines, it was implied that if you're using the app, you'll be easily discovered, easily or easier by the opponent forces.
God, do you think some people are getting a big talking down to right now, I bet, on this, eh? Not now, but when it was released.
If you think about the whole topic of operational security, that was a big fail on Ukrainian side, if it's true that the Russians have managed to infiltrate their app in that sort of way.
So Vanja, as our man in Eastern Europe, do you have any thoughts as to who possibly might be interested in monitoring the location of Ukrainian armaments?
I mean, who'd want to do such a thing?
I mean, who'd want to do such a thing?
Yeah, I think it's pretty obvious that what people are saying is that the Russians may be behind it.
However, the guys from the Crisis research lab, in Hungarian research labs, have actually discovered a couple of interesting strings in malware.
One of them is, I think it's a variable name, or at least value of the variable that has German words for nothing, nichts, as a default value.
And then there's another misspell of phone standard with a T at the end, which, you know, is it kind of Russian spelling? Is it German? You know, it's difficult to say.
So once again, we come to the point that attributing attacks to a particular actor is not an easy thing to do.
However, the guys from the Crisis research lab, in Hungarian research labs, have actually discovered a couple of interesting strings in malware.
One of them is, I think it's a variable name, or at least value of the variable that has German words for nothing, nichts, as a default value.
And then there's another misspell of phone standard with a T at the end, which, you know, is it kind of Russian spelling? Is it German? You know, it's difficult to say.
So once again, we come to the point that attributing attacks to a particular actor is not an easy thing to do.
Not an easy thing at all. Oh, pretty heavy stuff. Carole, what have you got up your yellow sleeve today for us?
Oh, I've got something much more fun and light so we can end on a cheery note. So I've actually put a title to my topic. So note to you too.
So mine's called "We've Come a Long Way from Tinfoil Hats." And this is all about as digital surveillance increases, a lot of us think about privacy.
And there's this project called Hyperface and this guy, Adam Harvey, he's an artist and independent researcher based in Berlin, is handling it slightly differently than others by trying to design things like clothing that basically fools photo recognition software.
So imagine a coat that's made of a fabric with a pattern, and the pattern basically has faces on it that would be detected by face recognition software.
So mine's called "We've Come a Long Way from Tinfoil Hats." And this is all about as digital surveillance increases, a lot of us think about privacy.
And there's this project called Hyperface and this guy, Adam Harvey, he's an artist and independent researcher based in Berlin, is handling it slightly differently than others by trying to design things like clothing that basically fools photo recognition software.
So imagine a coat that's made of a fabric with a pattern, and the pattern basically has faces on it that would be detected by face recognition software.
You said faces, did you?
Faces. So imagine—
Yeah, something like this.
Yeah.
Were you making a very rude joke? You have a child, don't you? A 5-year-old?
Yeah, hence there's a lot of potty talk.
So the whole idea is it kind of confuses it.
So you'd wear this out if you didn't want people to take pictures of you and being able— and having the camera being able to kind of say, oh, that is definitely Graham Cluley, and I'm going to tag that with his social media pictures and find him everywhere on the web, is the idea.
Now, kind of cool, ridiculous? What are you guys thinking?
So you'd wear this out if you didn't want people to take pictures of you and being able— and having the camera being able to kind of say, oh, that is definitely Graham Cluley, and I'm going to tag that with his social media pictures and find him everywhere on the web, is the idea.
Now, kind of cool, ridiculous? What are you guys thinking?
Well, it reminds me of something that we did a long time ago in some of our previous lives, the April Fools' joke. Yes, which we did.
We actually claimed that we developed technology that can detect hacker or the bad guys simply by recording your photo the way you look like. So this is the counter that—
We actually claimed that we developed technology that can detect hacker or the bad guys simply by recording your photo the way you look like. So this is the counter that—
Yeah, it was when you wore a baseball cap or something like that, or if you had facial hair like Vanja does. Must be a bad—
Put a link, put a link.
Facial hair was almost instantly unrecognizable.
Yeah, we'll put a link in so people can see it because that's ages old, but that's great fun. Now this guy, this— let me just finish this because there's some great stuff here.
So this guy has done other projects, one called Camoflash, which would be a purse with an electronic device that reacts to a camera's flash, so with light.
So when the light hits, it basically shines back and it makes your face look like a halo of light. So it's all kind of stealthwear.
He has anti-drone scarves meant to be worn over your head, and it kind of subverts thermal vision surveillance for military drones. So it's useful fashion.
So this guy has done other projects, one called Camoflash, which would be a purse with an electronic device that reacts to a camera's flash, so with light.
So when the light hits, it basically shines back and it makes your face look like a halo of light. So it's all kind of stealthwear.
He has anti-drone scarves meant to be worn over your head, and it kind of subverts thermal vision surveillance for military drones. So it's useful fashion.
You either flash somebody or just hit them in the face. That's what they would do in Croatia.
I don't know if you noticed this, but we just lost Graham.
Oh, Graham.
No one noticed. You're back. I'm back.
Anyway, is it a dog issue?
It wasn't that I was bored, Carole. It wasn't that I was bored. It was my dog. So I had to disappear.
For those people just listening, not seeing the pictures, I had to go to the front door because the dog was going, wanted to get out. Yeah, but it's all right now.
Anyway, so what my question is is, why wouldn't someone just wear a balaclava or a wide-brimmed hat or some spangly sunglasses?
For those people just listening, not seeing the pictures, I had to go to the front door because the dog was going, wanted to get out. Yeah, but it's all right now.
Anyway, so what my question is is, why wouldn't someone just wear a balaclava or a wide-brimmed hat or some spangly sunglasses?
Well, I think they do. Yeah, I think they do.
I think this guy is giving, you know, he's an artist, he's also commenting on it, but he's also raising the issue of, look, privacy is something that we— I don't think we take for granted today.
I think we're fighting tooth and nail, many of us, to try and keep a hold of some level of privacy because somehow it feels like a human right to me anyway.
But I don't know if the next generations are going to feel the same.
If they're just going to be able, you know, for convenience, for convenience sake of having a phone or having a smartwatch or having all these gadgets, are we giving up something much more precious?
And I think that's what he's bringing to the fore, right? That's what he's bringing us to discuss and to think about, which is good.
I think this guy is giving, you know, he's an artist, he's also commenting on it, but he's also raising the issue of, look, privacy is something that we— I don't think we take for granted today.
I think we're fighting tooth and nail, many of us, to try and keep a hold of some level of privacy because somehow it feels like a human right to me anyway.
But I don't know if the next generations are going to feel the same.
If they're just going to be able, you know, for convenience, for convenience sake of having a phone or having a smartwatch or having all these gadgets, are we giving up something much more precious?
And I think that's what he's bringing to the fore, right? That's what he's bringing us to discuss and to think about, which is good.
Well, there are many people actually thinking about privacy, but I'm afraid this is a losing battle because most of the people really like their convenience of having a phone, having the information, posting it anywhere, posting it on Facebook.
They don't really care or they don't really mind that this information is actually collected and it's used for commercial and any other, and it's potentially for any other kind of surveillance type purposes.
So yeah, I don't know. There will always be people who will be very privacy conscious and they'll be, let's say, protected, or at least they'll think they're protected.
But majority of people will be kind of exposed to I don't know.
They don't really care or they don't really mind that this information is actually collected and it's used for commercial and any other, and it's potentially for any other kind of surveillance type purposes.
So yeah, I don't know. There will always be people who will be very privacy conscious and they'll be, let's say, protected, or at least they'll think they're protected.
But majority of people will be kind of exposed to I don't know.
We're all around the same age, but you remember when the door closed when we were kids, right? It was utter privacy in the house, right?
There was no way unless someone had a camera and they maybe get it developed a month later, there didn't be any evidence of it.
And now we all have cameras everywhere and voice recorders, and we put them in our homes liberally. We don't even have a room for it.
There was no way unless someone had a camera and they maybe get it developed a month later, there didn't be any evidence of it.
And now we all have cameras everywhere and voice recorders, and we put them in our homes liberally. We don't even have a room for it.
Some people are even streaming their podcast chats live on YouTube. How insane is that? And then the dog wants to get out the front door. Nuts what we're revealing here.
You'd never have noticed if you hadn't been watching. We are just about running out of time. Very quickly, let's have some feedback on last week's show.
It was our first ever episode and we were talking about the challenge of providing technical support to our friends and families over the holiday season and managing elderly relatives' passwords.
Thanks to everybody who gave us some feedback on the show. We're glad some of you enjoyed it anyway, including Juliet Spensley.
Who sent a message saying hilarious, absolute comedy gold, please post more. I don't know what on earth she was watching.
She must have been watching some— I don't know, she must have been watching Jimmy Kimmel or something rather than us.
But she carries on to say, 'I share your sentiments about your elderly parents and in-laws.
My mum is 80 and she wants an iPad.' And I actually think that's a really sensible type of computer to get an elderly parent.
Not too much tech support and no real risk of getting any malware on it.
You'd never have noticed if you hadn't been watching. We are just about running out of time. Very quickly, let's have some feedback on last week's show.
It was our first ever episode and we were talking about the challenge of providing technical support to our friends and families over the holiday season and managing elderly relatives' passwords.
Thanks to everybody who gave us some feedback on the show. We're glad some of you enjoyed it anyway, including Juliet Spensley.
Who sent a message saying hilarious, absolute comedy gold, please post more. I don't know what on earth she was watching.
She must have been watching some— I don't know, she must have been watching Jimmy Kimmel or something rather than us.
But she carries on to say, 'I share your sentiments about your elderly parents and in-laws.
My mum is 80 and she wants an iPad.' And I actually think that's a really sensible type of computer to get an elderly parent.
Not too much tech support and no real risk of getting any malware on it.
Yeah, even my mother-in-law has an iPad and she knows how to use it, so it's pretty good.
Well, Juliette's mum wants to FaceTime her mother in Australia who is 104, so well done Australian mum, grandmum over there. That's very impressive indeed.
Who else have we got in the list?
Who else have we got in the list?
And then we have David Lavecq who wrote more about security of the passwords, and he says, I both write down passwords and finally installed KeePass 2 for Android, which is free and open source.
So this is both the physical security and sort of digital security. And it could be actually, you know, having the best of both worlds.
And I know there are a few other people who also commented on the same idea of actually writing down the password. And yeah, this is actually, you know, and I accept it.
It's not necessarily bad.
So this is both the physical security and sort of digital security. And it could be actually, you know, having the best of both worlds.
And I know there are a few other people who also commented on the same idea of actually writing down the password. And yeah, this is actually, you know, and I accept it.
It's not necessarily bad.
It's not necessarily bad, but there are challenges involved.
And that's one thing to remember, because if you are, for instance, away from your home, and you need your password, you're away working, then having them written down in a book back home is no use at all, is it?
It's handier if you can access them on your computer in some ways. And there's a risk, of course, if you do take your password book with you that it might get stolen.
So, you know, horses for courses. But most important thing, have secure passwords, make them unique. And that's what people need to do. Well, we're about to wrap up very quickly.
Who had the least tedious story this week? Me?
And that's one thing to remember, because if you are, for instance, away from your home, and you need your password, you're away working, then having them written down in a book back home is no use at all, is it?
It's handier if you can access them on your computer in some ways. And there's a risk, of course, if you do take your password book with you that it might get stolen.
So, you know, horses for courses. But most important thing, have secure passwords, make them unique. And that's what people need to do. Well, we're about to wrap up very quickly.
Who had the least tedious story this week? Me?
Me?
Carole?
Me?
Maybe, maybe, maybe the listeners should decide, not us.
Oh, that's a good idea. Right, maybe they could leave a comment.
Yeah, say, 'Carole, that was a very amazing story.' Right, well done, Carole.
Well done. All right, well done, Carole. All right, okay, we'll find out next week who was the best.
Maybe, you know what they do on the X Factor show? Yes.
Well, that just about wraps it up. Thank you everybody for tuning in and the kind words and even the grumpy words as well. We appreciate all of them.
If you've got any thoughts, things that you think we should be talking about, get in touch with us. Our Twitter is @SmashingSecurity. That's smashing without a G, security.
So until next time, cheerio. Bye-bye.
If you've got any thoughts, things that you think we should be talking about, get in touch with us. Our Twitter is @SmashingSecurity. That's smashing without a G, security.
So until next time, cheerio. Bye-bye.
Bye. Bye.
This week, in Smashing Security #002: “Invest in carrier pigeons”, we discuss Donald Trump’s views on cybersecurity and his radical explanation of how to keep communications top secret, Ukrainian soldiers being spied upon by Android malware, and an artist who has devised a novel way of avoiding facial recognition technology.
All this, and an unplanned appearance by an invisible dog.
Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team on Bluesky.
Show notes
- Trump’s ‘no computer is safe’ stance could be disastrous for US and others, cybersecurity experts say
- Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units
- This camouflage makes you ‘immune’ from facial recognition cameras
- Sophos RAPIL: Wiping the smile off virus writers’ faces (starring a young Vanja Svajcer)
Carrier Pigeons! Hasn't The Donald heard of drones?
I enjoy these videos but the bad audio quality makes them difficult to listen to.
I assume you're using Google Hangouts and I appreciate that the other two speakers are not in the UK but the echo makes the whole audio track gnarly to the ear. Your voice Graham sounds crystal clear.
If Skype, FaceTime and other services are equally poor then perhaps if one person waited for the other to finish (I don't know whether delay makes this impracticable) the quality would improve. It seems that when people talk over each other the echo is exacerbated by the audio feedback and compression.
Thanks for bringing that to my attention Bob. I haven't heard from anyone else yet who is having problems with the audio, but that doesn't mean that it can't be improved.
We'll look into different ways that we can make it better, and I know there are plans afoot for an audio-only version for podcast fanatics who don't need to see our ugly mugs.
BTW, I'm imagining that the reason that I'm crystal clear and the other two are hard to decipher is because I'm the only one without an accent.
I too find the audio sketchy at times. The Christmas video was especially bad, it sounded like you were making a transatlantic call on a pre-digital cordless phone :-D
I don't think there's much that can be done to improve the quality unless all parties have fast, stable connections.
I had figured the reason Graham's voice was so clear was because he was recording himself and then overlaying the live streams.
It was all recorded through Google Hangouts. There was no post-production by us or any overlaying or editing (as if we would attempt anything so slick!). So it’s Google taking our audio streams live via Hangouts and shoving them into a YouTube video.
Since recording the Christmas episode, Vanja has switched to a better microphone (and a better webcam).
It’s odd that some people are hearing such poor sound and others don’t seem to be troubled – I think a transatlantic 1980s phone call would sound pretty bad too.
Anyway, thanks for letting me know and we will explore further. Please don’t let it put you off too much!
I normally listen with my Bose external speakers as I tend to only listen to the audio (i.e. I don't watch the video) whilst I'm getting on with some work.
Maybe it's because my speakers are good* and highlight the imperfections or it could be that I have good hearing and am more attuned than most.
* I did stream it to my TV from my computer to test this theory but the result was replicated – probably because the speakers are reasonably good. I also watched it on my phone without headphones and it sounded better because the audio wasn't as crisp.
I'll watch the next episode and see what that's like. For what it's worth I watched the video in 720p48.
Thanks for the additional information. We'll look into it and see what we can do to make things better.
Re privacy: I went from Windows 7 to 10 last summer, and was shocked by the super aggressive demands from Microsoft to know all my data, study my writing patterns, etc. Many people are not able to try to protect themselves from the spies and/or marketers (is there a difference???).