Fitness trackers breaching your privacy, how anyone can create convincing celebrity porn, and how ransomware authors are getting ripped off by scammers.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
And now I'm done. I've said myself.
You're done. We're done. Close down the podcast. Turn off the internet.
Take all the episodes off the internet.
Yes. Yeah, we're going to delete them off iTunes right now. Smashing Security, Episode 63: Carole's Back, with Carole Theriault and Graham Cluley.
Hello. Hello.
And welcome to Smashing Security episode 63. My name is Graham Cluley.
I'm Carole Theriault.
And we're joined by a special guest once again, and it is Maria Varmazis. Hi, Maria.
Hello. Hi, Maria. Hello. Hello.
And Carole, good to have you back as well, because you didn't show, didn't bother showing up last week. Your absence was noted. Loads of complaints from listeners.
I did have a very good excuse.
You did?
So I suffered a rather nasty disc slip last week, and I'm currently still dealing with rather acute sciatica.
So it's not my first time doing this, but I can say with perfect conviction that it is really, really horrible.
I'm actually currently working right now from a kind of Roman lounge style position here.
So it's not my first time doing this, but I can say with perfect conviction that it is really, really horrible.
I'm actually currently working right now from a kind of Roman lounge style position here.
Is someone feeding you grapes?
They should be, they should be. And I'm also on extremely strong meds at the moment, so this show is going to be risky. It could be a total bomb, or it might be amazing show.
So let's just put your seatbelts on. Let's see what happens.
So let's just put your seatbelts on. Let's see what happens.
I'm ready.
Is it the first time you've recorded a Smashing Security under the influence?
Pass. Pass.
We'll be right back after this break.
This episode of Smashing Security is sponsored by the fine folks at Chess Cybersecurity, and they are asking our listeners to take a very quick 3-minute quiz.
Why would you want to take this 3-minute quiz? Because everyone who completes the quiz will be entered into an amazing prize giveaway.
You can win limited edition t-shirts and goodie bags, and also you could win wireless headphones, an Apple iPad Pro, Sony PlayStations, all kinds of goodies.
And Chess Cybersecurity will donate £1 for every completed survey to the Prince's Trust charity, which is pretty smashing as well, isn't it?
This episode of Smashing Security is sponsored by the fine folks at Chess Cybersecurity, and they are asking our listeners to take a very quick 3-minute quiz.
Why would you want to take this 3-minute quiz? Because everyone who completes the quiz will be entered into an amazing prize giveaway.
You can win limited edition t-shirts and goodie bags, and also you could win wireless headphones, an Apple iPad Pro, Sony PlayStations, all kinds of goodies.
And Chess Cybersecurity will donate £1 for every completed survey to the Prince's Trust charity, which is pretty smashing as well, isn't it?
It totally is. Now, the whole point behind this is that Chess Cybersecurity are trying to take the pulse of the IT nation.
So this is exclusive to those that work in information technology. That's right.
So this is exclusive to those that work in information technology. That's right.
The way to complete the quiz is to go to smashingsecurity.com/itquiz, and thank you to Chess Cybersecurity. On with the show. And welcome back.
Well, like every episode of Smashing Security, we're going to be looking back at the week's news and things which tickled us.
And hey, do you remember in the early days of Smashing Security, we used to record our chats on video? We did it via Google Hangouts, didn't we?
Well, like every episode of Smashing Security, we're going to be looking back at the week's news and things which tickled us.
And hey, do you remember in the early days of Smashing Security, we used to record our chats on video? We did it via Google Hangouts, didn't we?
We did. We did.
And do you remember, Carole, why we had to stop?
Because I didn't like taking off my pyjamas.
No. Well, that potentially was an issue. It was because we're so damn hot. That's why we had to stop.
Oh, right. Yeah.
Do you remember?
Yeah. Yeah.
People were getting— what was that clapping?
That was a sarcastic clap from me.
Oh, it was a gulf clap.
Yeah.
Let's face it. People were getting all hot and bothered in the workplace thinking, geez, that British guy, he can butter my parsnips any day of the week.
And as for that Canadian chick, she is everything a man could want. No, seriously. I don't want to hear. I don't want to hear. Carole, you are everything a man could want.
Big muscles, hairy chest. You've got it all.
And as for that Canadian chick, she is everything a man could want. No, seriously. I don't want to hear. I don't want to hear. Carole, you are everything a man could want.
Big muscles, hairy chest. You've got it all.
Spineless, literally.
Well, one of the things, so we had to stop it, right? It was just getting out of order. It was just horrendous.
Well, one of the things that we definitely don't have to do because we're basically Instagram models is maintain a rigorous exercise regime.
But if we did, maybe we would have a Strava-enabled fitness tracker. That is the athletic social network. What, what, what?
Well, one of the things that we definitely don't have to do because we're basically Instagram models is maintain a rigorous exercise regime.
But if we did, maybe we would have a Strava-enabled fitness tracker. That is the athletic social network. What, what, what?
Did you just choose the story because I can't actually walk at the moment?
Twisting the knife.
I just, I'm just shocked at the lack of sympathy here.
Really? Wow. No, not really. No, no.
The thing is, right, on a regular social network, you're showing off about your perfect life.
There you are, you know, walking the hills and the meadows arm in arm with your loved ones and your business.
There you are, you know, walking the hills and the meadows arm in arm with your loved ones and your business.
Into the sunset.
Exactly. Into the sunset in your case. But on Strava, you are basically uploading details of your workouts, your exercise regimes.
You're competing with others to see who can do a circuit the fastest.
You're competing with others to see who can do a circuit the fastest.
Oh, okay. Cool. Cool.
Yeah.
Gotcha.
Yeah.
And yes, you know, also one of the benefits is you can see, oh, look, loads of other people in my city go for a run around this particular park.
Or something like this, and so you can find out where a good route is. Make some new friends, some running buddies, some buddies to get all sweaty and hot with.
Now, back last— well, I don't sweat, obviously. Now, back last— thank you, I like having Maria on.
Back last November, fitness tracking app firm Strava, they released what they described as a most beautiful dataset.
And this was a heat map of all the data they had received from all around the globe of more than 3 trillion individual GPS data points as their users ran and cycled and hiked.
And it's—
Or something like this, and so you can find out where a good route is. Make some new friends, some running buddies, some buddies to get all sweaty and hot with.
Now, back last— well, I don't sweat, obviously. Now, back last— thank you, I like having Maria on.
Back last November, fitness tracking app firm Strava, they released what they described as a most beautiful dataset.
And this was a heat map of all the data they had received from all around the globe of more than 3 trillion individual GPS data points as their users ran and cycled and hiked.
And it's—
Okay, sorry, that's a really annoying stat, 3 trillion individual GPS data points. How many, you know, how many people? I don't know, it's just annoying. Okay.
Well, I don't know, it depends how far they've gone. But anyway, obviously they have a lot of users, right, who are doing this. Right, right.
And if you look at this, this image and things, it is kind of beautiful. So there's a lot of data out there which you can go and use.
And they said, look, we're collecting this data, but we're keeping it anonymous. So don't worry about it.
Now, even though it's a most beautiful heat map, tremendous heat map, it does have an ugly side.
As an alarm raised by a 20-year-old Australian student called Nathan Ruser, he raised the alarm.
He bonged on his surfboard and said, "G'day, Carole!" He said, "It looks—" It's like Crocodile Dundee all over again. "You call that a knife?
You call that a data point?" They're going to boycott you in Australia. He said, "It looks very pretty, but not amazing for OPSEC.
US bases are clearly identifiable." And he was right.
What he managed to do was he posted in a series of tweets, and we'll link to these, what appeared to be movement patterns of people who were working in the US military at remotely located military bases, right?
And if you look at this, this image and things, it is kind of beautiful. So there's a lot of data out there which you can go and use.
And they said, look, we're collecting this data, but we're keeping it anonymous. So don't worry about it.
Now, even though it's a most beautiful heat map, tremendous heat map, it does have an ugly side.
As an alarm raised by a 20-year-old Australian student called Nathan Ruser, he raised the alarm.
He bonged on his surfboard and said, "G'day, Carole!" He said, "It looks—" It's like Crocodile Dundee all over again. "You call that a knife?
You call that a data point?" They're going to boycott you in Australia. He said, "It looks very pretty, but not amazing for OPSEC.
US bases are clearly identifiable." And he was right.
What he managed to do was he posted in a series of tweets, and we'll link to these, what appeared to be movement patterns of people who were working in the US military at remotely located military bases, right?
Yeah. You didn't have to identify a particular person to be a military person, but because they were near a base, you could assume that? Is that what you mean?
What you could do is you could take this data and you could map it on something like Google Maps and satellite imagery, and you'd be able to see these are guys who are running around, for instance, runway at a military base.
Or maybe these are people who are running around a nuclear submarine station.
Or maybe these are people who are running around a nuclear submarine station.
Because those are easily found on Google Maps?
Well, some are.
Well, I remember one of the things that people were seeing is that they were looking at the front lines in Afghanistan and seeing that there's the sea of nothingness in terms of Strava data.
And suddenly in the middle of there's this tiny bright spot and you're just wondering who's running around in Afghanistan.
Well, I remember one of the things that people were seeing is that they were looking at the front lines in Afghanistan and seeing that there's the sea of nothingness in terms of Strava data.
And suddenly in the middle of there's this tiny bright spot and you're just wondering who's running around in Afghanistan.
Exactly. Why are these guys running around in sort of runway-shaped circles or whatever it was. There's obviously some concern about that.
And even though one would hope that soldiers would take off fitness trackers and they'd be ordered to do so, which might be leaking their information, as well as disabling potentially risky apps on their smartphone, it's easy to imagine how those sort of things could be overlooked.
And even if they're doing it in their spare time, that is still data which people could collect. And it's not just US military bases.
There were, I think, Turkish forces and others who have been identified.
And even The Register, they wrote a fun article all about what appeared to be evidence that people have been poking around a shipwreck in the Thames which contains nearly 1,500 tons of explosives from the Second World War.
The SS Richard Montgomery has been there since 1944 when it was grounded, and it's never been dealt with. It's just too complicated.
But there are people going there wearing their Fitbits or whatever, their Strava-enabled apps, and this data has been collected.
And even though one would hope that soldiers would take off fitness trackers and they'd be ordered to do so, which might be leaking their information, as well as disabling potentially risky apps on their smartphone, it's easy to imagine how those sort of things could be overlooked.
And even if they're doing it in their spare time, that is still data which people could collect. And it's not just US military bases.
There were, I think, Turkish forces and others who have been identified.
And even The Register, they wrote a fun article all about what appeared to be evidence that people have been poking around a shipwreck in the Thames which contains nearly 1,500 tons of explosives from the Second World War.
The SS Richard Montgomery has been there since 1944 when it was grounded, and it's never been dealt with. It's just too complicated.
But there are people going there wearing their Fitbits or whatever, their Strava-enabled apps, and this data has been collected.
But you know what? This is really, really shitty for military people, right? They can't even, you know, okay, what are the Stravas used for?
I mean, obviously they're used for competition. It's a kind of entertainment app, really, right?
Because if you just want to get healthy, you just go outside and run, surely, you know, lift some weights. Well, that's what I'm saying. Stay away from the ice cream. Yes, exactly.
It's not rocket science.
I mean, obviously they're used for competition. It's a kind of entertainment app, really, right?
Because if you just want to get healthy, you just go outside and run, surely, you know, lift some weights. Well, that's what I'm saying. Stay away from the ice cream. Yes, exactly.
It's not rocket science.
I have a fitness regime, you know, I'm picking up cheese sandwiches, I'm picking up donuts. And if you get enough of them, you begin to build up some muscles.
It's something which— Just like Homer Simpson. Exactly. Thank you. There I am in my moo moo. That's how I record my podcast.
It's something which— Just like Homer Simpson. Exactly. Thank you. There I am in my moo moo. That's how I record my podcast.
That's why we don't do video anymore, though.
You can't even fit on the screen, guys. You can't even fit on the screen.
Anyway, the thing is, I mean, yes. These are guys who want to get fit and stay fit. You know, it's obviously important for their jobs.
And they're also helping everyone look after their country, and they can't even be allowed a bit of downtime where they can kind of, you know, hang out with their buddies and—
We can, but take your blinking fitness tracker off, buddy.
Yeah, no, I agree. Okay.
Yeah, I'm surprised that that's not a policy, or if it is, I imagine some people got a very stern talking to.
I imagine it is, but then I wonder whether in their free time.
That, you know, people, or indeed so many people carry smartphones, which may be tracking this kind of information as well.
That, you know, people, or indeed so many people carry smartphones, which may be tracking this kind of information as well.
Do they know that it's even, they're being tracked? Are they aware? Is it running in the background? I mean, maybe they don't even know.
It might be being uploaded to the cloud as a default setting that no one's ever managed to toggle off or even thought of toggling off before.
Well, surprise, surprise, with Strava, this is a feature which is enabled by default. So you have to opt out if you don't want your data being uploaded.
But it's more than just that these images of where people are running in these particular bases and other things are coming to light now through this heat map.
Another security researcher, a guy called Steve Loughran, who as far as I know isn't Australian, so I can't do an accent for him, he has identified that it's actually possible to identify who has been doing some of the runs.
Because even though the data has been totally anonymized, there are some tricks you can do.
He describes how he managed to upload some faked data of a run around the UK's Faslane nuclear submarine base.
And having done that, having tricked it into thinking that he was running around it, it then told him the identities, or the usernames at least, and the profiles of the other top 10 runners in his age group who had done that.
And if they hadn't locked down their profiles on Strava properly, if they'd been dumb enough to put their surnames, for instance, or other identifiable information, or their real photograph, then maybe people could identify who they were as well and potentially could put themselves at risk.
But it's more than just that these images of where people are running in these particular bases and other things are coming to light now through this heat map.
Another security researcher, a guy called Steve Loughran, who as far as I know isn't Australian, so I can't do an accent for him, he has identified that it's actually possible to identify who has been doing some of the runs.
Because even though the data has been totally anonymized, there are some tricks you can do.
He describes how he managed to upload some faked data of a run around the UK's Faslane nuclear submarine base.
And having done that, having tricked it into thinking that he was running around it, it then told him the identities, or the usernames at least, and the profiles of the other top 10 runners in his age group who had done that.
And if they hadn't locked down their profiles on Strava properly, if they'd been dumb enough to put their surnames, for instance, or other identifiable information, or their real photograph, then maybe people could identify who they were as well and potentially could put themselves at risk.
So the road to hell is paved with good intentions. Strava dudes go out there and they try and make this cool, hey, meet some like-minded people in your age group, make some friends.
And actually it just turns out that you're giving away loads of personal identifiable data.
And actually it just turns out that you're giving away loads of personal identifiable data.
And let me make this even bigger. It's not just a fitness app problem because of course there are so many apps tracking your position.
Take for instance, Google Maps, which is used by over 1 billion people, according to Google.
And if you haven't told it specifically not to, Google Maps is keeping a track of where you go every single day. There is an option inside it.
Go and look on your settings on Google Maps on your phone, because there is an option called Timeline and it stretches back much further than you remember.
And some things which you may have chosen to forget, and that is being collected as well.
Take for instance, Google Maps, which is used by over 1 billion people, according to Google.
And if you haven't told it specifically not to, Google Maps is keeping a track of where you go every single day. There is an option inside it.
Go and look on your settings on Google Maps on your phone, because there is an option called Timeline and it stretches back much further than you remember.
And some things which you may have chosen to forget, and that is being collected as well.
You're talking to me specifically there.
No, I don't think you're going anywhere at the moment, Carole. That's right. I'm right here.
X marks the spot.
In case you've taken 2 seconds to forget you're polite, he's going to remind you as often as possible.
So folks, sort it out. Strava isn't private by default. Check your settings. Be really careful with the apps you install.
And when they say to you, oh, we can— let's take some of your anonymous data, we can do cool things with it, think twice about whether you really want to do that, because maybe it is telling people much more than you might have wanted.
And when they say to you, oh, we can— let's take some of your anonymous data, we can do cool things with it, think twice about whether you really want to do that, because maybe it is telling people much more than you might have wanted.
And don't rely on default settings. So important everywhere.
Yeah, the defaults normally chosen by apps are for the benefit of the app manufacturer and not you, right?
Exactly, not the user.
And certainly not for national security reasons. Jeez.
Maria, what's your story for us this week?
Well, I have a story about fake news this week. Oh, can we—
Look, you know what? I just want that phrase to be banned.
Well, that'll make the story a little difficult.
So I was— Faux news. Faux news.
Faux news. And faux news is getting a lot fauxer, a lot sooner than any of us might have thought. And honestly, I love this story because it has it all. Star Wars, porn, and Adobe.
Porn and Adobe. Whoa. This sounds like a Forensic Files episode.
I've got the popcorn. So I'm imagining maybe Carole, you've been on some sort of social media in the past 10 years. I don't know, maybe a little bit. I don't know about you, Graham.
I don't think so.
If you've been anywhere on any kind of social media lately, or if you've seen any of the Apple iPhone X Animoji commercials, you've probably noticed that it's crazy easy right now for the average person, like even me, with a phone and a front-facing camera to do all sorts of incredible effects on a live video of your face.
So, on Snapchat, the dog filter is really popular, and you can have a talking poo on iPhone X and emoji. You know, the future.
I don't think so.
If you've been anywhere on any kind of social media lately, or if you've seen any of the Apple iPhone X Animoji commercials, you've probably noticed that it's crazy easy right now for the average person, like even me, with a phone and a front-facing camera to do all sorts of incredible effects on a live video of your face.
So, on Snapchat, the dog filter is really popular, and you can have a talking poo on iPhone X and emoji. You know, the future.
That's good to know. That's— I'll put that in my back pocket.
We all need talking poo in our lives. This is clearly something that Apple— You know we're going there.
So, I mean, if you thought about this 10 years ago, swapping someone else's face with your face in real time, that would have seemed completely sci-fi.
But yeah, it's totally doable, and that's cool, right?
So, I mean, if you thought about this 10 years ago, swapping someone else's face with your face in real time, that would have seemed completely sci-fi.
But yeah, it's totally doable, and that's cool, right?
Nicolas Cage and John Travolta did it, didn't they?
They did. They predicted the future. Face/Off.
Yes, they did. Yeah, I've seen all this, the Animoji stuff. I can't say that it's grabbed me in any way.
I mean, I do actually, when you talk about it, I kind of think, yeah, actually it's pretty amazing. It is. But I think I'm just the wrong—
I mean, I do actually, when you talk about it, I kind of think, yeah, actually it's pretty amazing. It is. But I think I'm just the wrong—
It's amazing slash completely and utterly pointless. Yeah, yeah.
It— I mean, I've seen the adverts for the iPhone X, for instance, where you become a poop talking or a dog talking poop. Yep. And I just thought, okay, yeah, I've—
It— I mean, I've seen the adverts for the iPhone X, for instance, where you become a poop talking or a dog talking poop. Yep. And I just thought, okay, yeah, I've—
You're like, I do that all the time. I talk shit all the time. That's what you're thinking.
So clearly you were thinking, all right, that's great and all, but where can we really take this? Where can this go? I mean, what's the real use for that?
And the answer from the internet, of course, is porn. So, of course it's porn. So basically, coprophilia porn, I imagine.
And the answer from the internet, of course, is porn. So, of course it's porn. So basically, coprophilia porn, I imagine.
Oh, you're not going there.
No. Okay.
I wasn't actually going there, but you went there. Shush. Shush.
So face swapping tech has gotten a lot more sophisticated, way beyond just talking poop and coprophilia and all that good stuff. It's not just social media face filters now.
We are talking heavy lifting with deep learning, artificial intelligence, and crazy phrases like that.
So in the hands of savvy Reddit users, because of course it's gotta have something to do with Reddit too.
There are now totally convincing— can't tell if it's face swap tech or actually real— face-swapped porn using celebrity faces. So okay, I don't understand.
So face swapping tech has gotten a lot more sophisticated, way beyond just talking poop and coprophilia and all that good stuff. It's not just social media face filters now.
We are talking heavy lifting with deep learning, artificial intelligence, and crazy phrases like that.
So in the hands of savvy Reddit users, because of course it's gotta have something to do with Reddit too.
There are now totally convincing— can't tell if it's face swap tech or actually real— face-swapped porn using celebrity faces. So okay, I don't understand.
So basically there's a porn movie or something and the faces have been swapped to be the faces of celebrities that aren't actually the ones taking part in the activity?
And it's not just the face is frozen from a photograph and it just looking at you dead in the eyes. The face is mapped to the face of the actor originally in the porn film.
So this would have been when I took a picture of a pig and then I put someone's face on the pig face, right, Graham?
Yeah. Thanks. Thanks, that girl.
But in a much ruder way. Okay. I'm with— okay. So this is not fun.
All right. So I have a quote from a Motherboard article that explains this a little bit.
So thanks to AI training techniques like machine learning, again, those fancy phrases, scores of photographs can be fed into an algorithm that creates convincing human masks to replace the faces of anyone on video, all by using lookalike data and letting the software train itself to improve over time.
In this case, these Reddit users are putting famous actresses into existing adult films.
According to a user called Deepfakes— and it's called, the AI-assisted face swaps are called deepfakes— okay, this requires some extensive computer science know-how.
But one user in the burgeoning community of the pornographic celebrity face swapping has created a user-friendly app that basically anyone can use.
So thanks to AI training techniques like machine learning, again, those fancy phrases, scores of photographs can be fed into an algorithm that creates convincing human masks to replace the faces of anyone on video, all by using lookalike data and letting the software train itself to improve over time.
In this case, these Reddit users are putting famous actresses into existing adult films.
According to a user called Deepfakes— and it's called, the AI-assisted face swaps are called deepfakes— okay, this requires some extensive computer science know-how.
But one user in the burgeoning community of the pornographic celebrity face swapping has created a user-friendly app that basically anyone can use.
No.
I love, first of all, that there's a pornographic celebrity face swapping community. There is. But they've— so they've created a user-friendly app.
That anyone can use. Okay.
So I could take the face of— so.
I'm thinking of the Queen. I'm thinking of the Queen. She's the one you don't want to— oh no.
I don't think there's even a philia for that one, Carole. I don't think that one exists.
There is now. Now that you've said it, it's going to happen.
So I could take someone who, you know, someone who I fancy, right? In the public eye.
Who would that be, Graham? Who would that be?
The Queen one. Let me have a little daydream here. Margaret Rutherford. Dame Diana Rigg. Oh, wow. Dame Diana Rigg. In her day, you know. In her day or now? Well, or does it matter?
She's still charming. Diane Keaton, you know, in Play It Again, Sam, that kind of thing. Anyway, the thing is I could take something—
She's still charming. Diane Keaton, you know, in Play It Again, Sam, that kind of thing. Anyway, the thing is I could take something—
I'm learning too much about you, Graham. I don't know what to do with this information.
I could take something like that and I could basically soil all my lovely memories of them by sticking their face onto some porn actress, and then I would have effectively a porn film starring Greta Garbo or something like that.
And arguably you could put your face on the other person and you, I mean, you could, I mean, it could go anywhere. You see where I'm going? Yeah, yeah, yeah, yeah.
I could put my face on the porn actress? On the actress.
Sure. I mean, I'm not going to judge. On her face, I mean. Oh my God. Yeah, that's, that's, and again, it's part of a user-friendly app that anyone can use.
This is really creepy because it's one thing to do this with celebrities, of course, who your chances are you'll never meet.
But imagine you had some crush in the office and you somehow collected some images of this crush.
But imagine you had some crush in the office and you somehow collected some images of this crush.
Imagine you're a teenager who's being cyberbullied at school.
Well, and then people could distribute some fake—
Yep, you're going down that rabbit hole. I mean, this is Black Mirror level stuff and it's really, it's out there. Yep, I'm getting there. Okay, I'm getting there.
Close down the internet.
Close down the internet. I'm not even done. There's even more to this.
Oh, go on then. Make it worse for me.
Yeah, it's gonna get weirder.
So just to put the little hook for Star Wars in there, somebody did a face swap with the young Princess Leia at the end of the recent Star Wars Rogue One film, which came out a couple years ago.
And they did a face swap with Carrie Fisher, the actress, on the CGI version of her.
And the face swapped version was actually more convincing than the expensive Disney paid for CGI version. There's a video of it. I have a link for it. People can take a look.
It's outdoing expensive Disney CGI, which is, I mean, that's where we're going. So, okay, if that's all not enough, I know we're all thoroughly creeped out right now, there's more.
So there is actual active development of tech where we can convincingly map another person's expressions onto another person's face in real time.
I don't know if I'm explaining this well, but this is kind of puppet mastery stuff.
So just to put the little hook for Star Wars in there, somebody did a face swap with the young Princess Leia at the end of the recent Star Wars Rogue One film, which came out a couple years ago.
And they did a face swap with Carrie Fisher, the actress, on the CGI version of her.
And the face swapped version was actually more convincing than the expensive Disney paid for CGI version. There's a video of it. I have a link for it. People can take a look.
It's outdoing expensive Disney CGI, which is, I mean, that's where we're going. So, okay, if that's all not enough, I know we're all thoroughly creeped out right now, there's more.
So there is actual active development of tech where we can convincingly map another person's expressions onto another person's face in real time.
I don't know if I'm explaining this well, but this is kind of puppet mastery stuff.
So imagine I'm someone evil, okay? I could make facial expressions. Imagine.
And these would be sort of magically convincingly put onto some celebrity's face so they are moving their face like I'm moving mine.
And these would be sort of magically convincingly put onto some celebrity's face so they are moving their face like I'm moving mine.
Correct.
Oh, so you could take someone's face and basically make them—
So I could pick my nose or pull out a bit of, you know, something embarrassing from between my teeth or something which could then, you know, be released onto the internet.
Everyone say, oh, look at him picking his nose or something like that.
Everyone say, oh, look at him picking his nose or something like that.
Yeah, this can happen in— this is happening in real time.
So for example, imagine you've got a breaking news story of, you know, President Trump and he's on a video stream talking at his podiums, talking about stuff.
And then there's an actor somewhere making his own expressions or her own expressions and mouth movements. And those would be mapped to Trump's face in real time.
So we would be seeing Trump making those facial expressions and mouth movements and all that stuff.
So for example, imagine you've got a breaking news story of, you know, President Trump and he's on a video stream talking at his podiums, talking about stuff.
And then there's an actor somewhere making his own expressions or her own expressions and mouth movements. And those would be mapped to Trump's face in real time.
So we would be seeing Trump making those facial expressions and mouth movements and all that stuff.
This is pure Mission: Impossible kind of stuff, isn't it?
This is the kind of thing which you— this kind of thing which we normally see on TV programs or in the movies and think, well, that's fun for the TV show, but could never actually happen.
This is the kind of thing which you— this kind of thing which we normally see on TV programs or in the movies and think, well, that's fun for the TV show, but could never actually happen.
Right. That's like enhance with images. Exactly. Enhance, enhance.
So this is the kind of thing which we think is impossible, but actually, oh my goodness, this is extraordinary.
This is the end of an era.
But there's even one more thing I have to mention.
Oh no!
It gets even worse.
If that's all not enough, Adobe, our good friend Adobe, has an active development right now the tech to fake someone's voice and speech using just a short clip of them talking.
And they call it Photoshop for audio, meaning all you need is a snippet of someone's voice, just a few seconds, and then you can completely fake them saying whatever you want.
And it's actually convincing. It doesn't sound like one of those '90s radio soundboards where, you know, it sounds like this. It actually sounds like real cadence of speech.
If that's all not enough, Adobe, our good friend Adobe, has an active development right now the tech to fake someone's voice and speech using just a short clip of them talking.
And they call it Photoshop for audio, meaning all you need is a snippet of someone's voice, just a few seconds, and then you can completely fake them saying whatever you want.
And it's actually convincing. It doesn't sound like one of those '90s radio soundboards where, you know, it sounds like this. It actually sounds like real cadence of speech.
Gee. So if someone were able to get hold of, for instance, a lot of audio maybe an MP3 or a podcast of Carole speaking for a long time. We could get her to say whatever we like.
We could get her saying misanthropic rhododendron and it wouldn't be difficult.
We could get her saying misanthropic rhododendron and it wouldn't be difficult.
Okay. If anyone hears me say Graham is so great and cool and wonderful, you know I've been faked.
Boy, it is convincing, isn't it? Did you hear that?
Adobe, good job. Yeah.
I mean, Adobe went through pains to say that their audio photoshopping tech is water-markable and built to be easily detected and nobody's ever gonna use this for nefarious purposes.
Of course they wouldn't! I'm sure nobody will ever— What the fuck? No one's ever pirated Adobe software before to do stuff it shouldn't do, so I'm sure they're totally right.
I mean, Adobe went through pains to say that their audio photoshopping tech is water-markable and built to be easily detected and nobody's ever gonna use this for nefarious purposes.
Of course they wouldn't! I'm sure nobody will ever— What the fuck? No one's ever pirated Adobe software before to do stuff it shouldn't do, so I'm sure they're totally right.
Exactly. And they never have any vulnerabilities, never have any exploits. But this water-markable thing, does that mean all the time they have, "This is an order.
This is an Adobe—" Well, how are they gonna do that? Or do they have a little jingle underneath?
Like, "This is a fake, this is a fake, this is a fake, fake, fake, fake, fake." Wouldn't it be wonderful if our fake news always came with that?
This is an Adobe—" Well, how are they gonna do that? Or do they have a little jingle underneath?
Like, "This is a fake, this is a fake, this is a fake, fake, fake, fake, fake." Wouldn't it be wonderful if our fake news always came with that?
Yeah. I'm just gonna adjust my tinfoil hat thoroughly, because now I can't trust anything I read, and now I can't trust anything I see or hear either. Everything's fake.
I think fake news already does have a soundtrack. It's largely— That's the tune.
Jeez. Now I'm done. I've said myself. You're done.
We're done. Close down the podcast. Turn off the internet.
Take all the episodes off the internet.
Yeah, we're going to delete them off iTunes right now.
But somebody could make a new one using the audio they already have. It's taking a lock of hair. They don't even need that anymore. A lot less effort.
Okay, go get your voice changed and then never say anything again.
Oh, that's easy. I'm just sick of technology. I'm sick of this.
I've had enough of it. The genie's out of the bottle. I mean, where is it going to even, I don't know.
But the implications of all this as we've been talking about, I can't even wrap my head around it.
But the implications of all this as we've been talking about, I can't even wrap my head around it.
It's just imagine what evil kids are going to do with this to each other. It's the police back then.
Evil adults. Evil governments. Evil grandparents. Imagine.
They're going to go crazy. Evil Canadians.
The political ramifications of faking a video convincingly, in real time, of a leader saying something declaring war on another country, saying, I'm going to nuke another country in real time.
My button's bigger than your button.
Yeah, we got real close. And then we could get there tomorrow, basically, with the tech that's out there right now.
Maybe this is how a certain somebody might get out of any impeachment.
You know, by saying, no, no, no, no that ever happened. And how would we know how we tell what's next? You know, how can we tell? No news.
I wish I could be cheering you up with my story, but I'm not gonna be.
What story have you got for us, Carole?
Okay, so picture the scene. Your hip and sassy Aunt Mimi has just become the victim of ransomware, and of course Auntie Mims here has never backed up a file in her life.
Now she can't, of course, access any files on her laptop, and they're encrypted by the ransomware. And she's received a ransom demand for bitcoin for the value of $100 US.
Now she's thinking, that's not that expensive, right? And she decides just to pay the ransom to get her files back.
This is probably a pretty standard— you think— do you think this happens fairly regularly?
Now she can't, of course, access any files on her laptop, and they're encrypted by the ransomware. And she's received a ransom demand for bitcoin for the value of $100 US.
Now she's thinking, that's not that expensive, right? And she decides just to pay the ransom to get her files back.
This is probably a pretty standard— you think— do you think this happens fairly regularly?
Oh yeah, to ransomware victims. Exactly. To your Aunt Mimi, I reckon it happens all the time. Oh, not again! She's going, oh no, I should have listened to my little weenie squirrel.
Where is she? Where is she living?
These accents are all over the place, Graham.
I don't know where you're going. I mix up sometimes Canada and Scotland in my head.
I think you're not the only one. You're not the only one.
They are sort of similar in a way.
Don't tell the Québécois, they're not gonna like that.
You guys, now what's crazy about this is of course the attackers are not just demanding that Auntie Mimi pay in bitcoin.
They're also demanding that she takes the payment via Tor or the darkweb. Yes.
And of course, Auntie Mimi has never even heard of the darkweb or Tor and is clueless about her next steps. Yeah. So she decides to do a bit of poking around online.
Yeah, she could call up her nephew Graham, right? She could call him up.
They're also demanding that she takes the payment via Tor or the darkweb. Yes.
And of course, Auntie Mimi has never even heard of the darkweb or Tor and is clueless about her next steps. Yeah. So she decides to do a bit of poking around online.
Yeah, she could call up her nephew Graham, right? She could call him up.
Don't get me involved.
Or niece Maria to get a bit of information, but she's probably a little bit embarrassed this has happened, right?
So she decides to do a bit of poking around online, and she finds this service, which is basically a Tor proxy.
And this is a service that basically takes the mystery for people like Auntie Mimi of getting onto the darkweb.
So basically, it's a website that allows users to access .onion domains hosted on the Tor network, but without needing to install the Tor browser. Right.
So basically domain extensions, they have a suffix like .top, .cab, .cab.to, and you can use any browser like Firefox, Chrome, Edge to get to these Tor websites.
So she decides to do a bit of poking around online, and she finds this service, which is basically a Tor proxy.
And this is a service that basically takes the mystery for people like Auntie Mimi of getting onto the darkweb.
So basically, it's a website that allows users to access .onion domains hosted on the Tor network, but without needing to install the Tor browser. Right.
So basically domain extensions, they have a suffix like .top, .cab, .cab.to, and you can use any browser like Firefox, Chrome, Edge to get to these Tor websites.
Interesting.
At first glance, these seem like really cool things, don't they? Because they make it a very easy way to access the deep web.
Auntie Mimi is hip hip hooray-ing here, right?
Because now she's managed to get herself some bitcoin, and she can now access the site she needs to go to to pay off this ransomware and get her files back.
Because now she's managed to get herself some bitcoin, and she can now access the site she needs to go to to pay off this ransomware and get her files back.
And she's on the darkweb. So, you know, it's always fascinating.
Rock and roll. Poke around. All right.
The next reunion is going to be amazing.
She's like, I was on Silk Road and I just did a little shopping. Yeah, did a bit of surfing on the Silk Road. That's going to be a great holiday. It's going to be amazing.
But there's a problem. She manages to do all this. She wipes her hands. She's like, hip, hip, hooray, it's all done.
Except the ransomware say, hey, Auntie Mimi, we never received a payment from you. And she's like, hey dudes, I swear I made it. Dude, what's going on? Because she's hip. She's hip.
She says dudes all the time. She's totally cool.
Except the ransomware say, hey, Auntie Mimi, we never received a payment from you. And she's like, hey dudes, I swear I made it. Dude, what's going on? Because she's hip. She's hip.
She says dudes all the time. She's totally cool.
So she's like, truth, I've paid you, mate.
What's your problem?
Not my Auntie Mimi.
Okay, so Proofpoint security researchers uncovered evidence that at least one Tor proxy service was interfering with ransomware payments, basically acting like a man-in-the-middle attack and stealing the ransom before it got to the ransomware.
Okay, so Proofpoint security researchers uncovered evidence that at least one Tor proxy service was interfering with ransomware payments, basically acting like a man-in-the-middle attack and stealing the ransom before it got to the ransomware.
Oh my God, insult to injury, right? Terrible. You can't trust anybody, can you?
No, trust no one.
The way they kind of did it is they would secretly alter the ransomware payment page and change the public key so that when you went to make the payment, everything else looked legit, but the key had changed.
I mean, how are you— you know, unless you had a photographic memory, there's no way you would have known that. You go ahead, done. Pay them.
I mean, how are you— you know, unless you had a photographic memory, there's no way you would have known that. You go ahead, done. Pay them.
Oh. And you didn't get a receipt? You don't get a receipt.
There's no complaint phone number.
So, no, there's a plate of mints. Here you go.
Loyalty card stamped. Exactly. Exactly. You don't even get, this is your fifth one free.
So ransomware such as Sigma, Globe Imposter, and Locker have been identified as suffering from this.
So ransomware such as Sigma, Globe Imposter, and Locker have been identified as suffering from this.
Oh, those poor ransomware makers, they're suffering from this. You know, this is just greed gone mad.
So how do you avoid this? Don't get ransomware in the first place and back up your files.
Ah, nope.
Listen to our backups episode. Backing up, backing up.
Yeah, listen to that.
And also probably you shouldn't try, if you're really concerned about security and privacy, which you might be if you're using Tor, don't use this Tor proxy because obviously they, if they're up to shenanigans, they're able to see everywhere that you're going on the internet and maybe interfering with the information you're posting or the information you're receiving.
I think it's actually irresponsible to go onto the darkweb on your own with that on for the first time.
I think your hand should be held and you should be shown around by a trusted friend.
I think your hand should be held and you should be shown around by a trusted friend.
Tie a rope round your waist. Drop some breadcrumbs.
Yes. What do you do? Meet in a cafe and go, hey friend, can you show me through the darkweb? It's my first time.
Knot it onto the banister.
Yes.
So you're not sucked down into the darkweb. Exactly. It's like going to a timeshare, isn't it? It's that kind of scary.
You know, you're never really sure if you're going to come out the other side.
You know, you're never really sure if you're going to come out the other side.
Anyway, so there you go. So be careful out there. And basically, even if you do pay, doesn't mean that they release your data.
So you know, don't do it. How do we help Aunt Mimi? How do we help her?
We say no, Aunt Mimi, no. Do not pay the ransomers. Do not go on to the darkweb on your own and do not try and manage this whole system on your own.
Well, certainly prevention is better than cure. But if you do find yourself in a pickle, don't make this kind of mistake because you'll end up out of pocket.
And the poor old ransomware authors as well. They're being shortchanged. Of course they are. And they have aunties.
And the poor old ransomware authors as well. They're being shortchanged. Of course they are. And they have aunties.
And they haven't been that greedy. $100, right? Yeah, pocket change. Yeah. Jerks. Jerks.
We'll be right back after this break.
Remember, you can win lots of goodies from Chess Cybersecurity simply by filling in a 3-minute quiz. Go to smashingsecurity.com/itquiz.
And remember, this is only for IT people that are in the UK.
And remember, this is only for IT people that are in the UK.
Oh, but you could just lie, couldn't you?
Graham, go to smashingsecurity.com/itquiz and get your hand on some good prizes. On with the show.
And welcome back to our favorite part of the show, which we like to call Pick of the Week. Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, website, a podcast, whatever they like. It doesn't have to be security related necessarily.
Definitely not. Now, there were some complaints after last week's episode. Carole, did you hear last week's episode? You weren't on it, so I wouldn't expect you to have tuned in.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, website, a podcast, whatever they like. It doesn't have to be security related necessarily.
Definitely not. Now, there were some complaints after last week's episode. Carole, did you hear last week's episode? You weren't on it, so I wouldn't expect you to have tuned in.
I did hear last week's episode. I loved the song at the end. I thought it was amazing. I can't believe you included that.
That probably was your favorite bit, wasn't it? Well, there was a complaint from one listener who said Pick of the Week went on a little bit too long.
Oh, I know it's a little bit rude of them, but—
Oh, I know it's a little bit rude of them, but—
Yeah, well, you love the sound of your own voice, so—
Well, yeah, and you don't love the sound of my voice. So anyway, you complained, basically, Carole. Let's cut to the chase.
You complained and said maybe we need to make Pick of the Week a bit quicker. So this week, just for Carole, as an experiment, we now introduce The 60-second Pick of the Week.
You complained and said maybe we need to make Pick of the Week a bit quicker. So this week, just for Carole, as an experiment, we now introduce The 60-second Pick of the Week.
You get a 60-second pitch, Graham, and then Maria and I are going to discuss it. All right. Okay. 3, 2, 1. Okay. 3, 2, 1, and go.
Here is my Pick of the Week. Now, I love myself a bit of Bob Dylan. I know some people say he sounds like a cat being strangled by a monkey, but I think he's written some fine songs.
I discovered a couple of chaps on YouTube called The Other Favorites, who are a popular little act, and they— oh my, it's really difficult doing this in 60 seconds, you know.
Anyway, I was looking for a Bob Dylan cover on YouTube, and I was looking for "Don't Think Twice, It's All Right," and I came across a cover that Josh Turner and Carson McKee, who are The Other Favorites, were recording at 2 in the morning about 7 or so years ago, and they're terrific.
And you can go and check out their channel on YouTube. Josh Turner is a mean instrumentalist, and give him a guitar or mandolin and he's all over it.
Carson McKee is the guitarist and I think the main songwriter.
They're a little bit bluegrass, a little bit rock, a little bit country, and they've been doing it for a while and they're fantastic.
And I've got their latest album or EP, it's called Fools, and I would recommend it. It's terrific, and you can go and check them out on YouTube and support them.
And I love the fact that YouTube is giving a platform for all these kind of characters to get up to things and get themselves noticed.
My one problem with the Other Favorites— I don't think I did hear a bing bong— is that Favorites is spelled without a U, which might be all right on your side of the Atlantic, Maria.
Tsk, tsk on ours. Definitely not on mine. And also, what a ridiculous name to Google as well. Other Favorites. Pathetic. But other than that, the music's great. Thank you.
That is my pick of the week.
I discovered a couple of chaps on YouTube called The Other Favorites, who are a popular little act, and they— oh my, it's really difficult doing this in 60 seconds, you know.
Anyway, I was looking for a Bob Dylan cover on YouTube, and I was looking for "Don't Think Twice, It's All Right," and I came across a cover that Josh Turner and Carson McKee, who are The Other Favorites, were recording at 2 in the morning about 7 or so years ago, and they're terrific.
And you can go and check out their channel on YouTube. Josh Turner is a mean instrumentalist, and give him a guitar or mandolin and he's all over it.
Carson McKee is the guitarist and I think the main songwriter.
They're a little bit bluegrass, a little bit rock, a little bit country, and they've been doing it for a while and they're fantastic.
And I've got their latest album or EP, it's called Fools, and I would recommend it. It's terrific, and you can go and check them out on YouTube and support them.
And I love the fact that YouTube is giving a platform for all these kind of characters to get up to things and get themselves noticed.
My one problem with the Other Favorites— I don't think I did hear a bing bong— is that Favorites is spelled without a U, which might be all right on your side of the Atlantic, Maria.
Tsk, tsk on ours. Definitely not on mine. And also, what a ridiculous name to Google as well. Other Favorites. Pathetic. But other than that, the music's great. Thank you.
That is my pick of the week.
Graham, you did remarkably well.
Well, I spoke at about 900 miles per hour in order to get it all out.
I'm not even listening to you.
Yeah, but all basically you said is, check out this cover band, they're pretty cool.
They're not just a cover band, they do their own original songs. Oh, sorry, but they also do covers, don't they? Songs they've written.
They do do a lot of covers on YouTube and they're really cool guys.
They do do a lot of covers on YouTube and they're really cool guys.
I it. Yeah, I will check it out. Maybe you can tweet out a few links as well to their songs. Sure. I'll give them a listen, why not?
I don't Dylan though. I'm just, I'm not, I am a cat being strangled on that side. Side of things. I—
Well, look, look, the thing with Bob Dylan— now let's— now we're doing—
I've revealed myself. I think a lot of Bob Dylan is completely unlistenable. The lyrics are fantastic though. Exactly.
Because it is horrendous. But there is a certain period of Bob Dylan. There's a couple of periods of Bob Dylan. I'd say round about 1965, '66, and then again in 1974.
When he produced some tremendous albums which are quite listenable to. So don't be put off by every Bob Dylan which you hear. Go and check out, for instance, Blood on the Tracks.
Okay, great album. Or something that. Quite accessible and incredible lyrics. And you think this is a great, great song.
When he produced some tremendous albums which are quite listenable to. So don't be put off by every Bob Dylan which you hear. Go and check out, for instance, Blood on the Tracks.
Okay, great album. Or something that. Quite accessible and incredible lyrics. And you think this is a great, great song.
I don't think many people are afraid of listening to Bob Dylan, Graham. I think there's just a very few number of people that actually just don't him. Like Maria.
I think the lyrics are great, but the sound for me is like, it's a barrier for me. But I will, I am absolutely open to listening to the recommendation there.
I mean, all right, he's lauded for a reason. I mean, there's got to be something I like.
I mean, all right, he's lauded for a reason. I mean, there's got to be something I like.
Okay, very good, Graham. Very good.
Thank you. I'm ex— I need to have a lie down on the floor. Okay, Maria, 60 seconds isn't—
Oh yeah, all right, I gotta follow that. Yeah, you got a whole minute.
You don't even know— you know what, you have a lot less words to say probably because you're, you know, you're more efficient as a writer.
You don't even know— you know what, you have a lot less words to say probably because you're, you know, you're more efficient as a writer.
It's that American thing.
I don't know, you just take your time, chickadee. You go ahead. I'm starting it now. 3, 2, 1.
All right. The internet is abuzz with this completely ridiculous story about a recent attempt to bring a peacock on board a United flight. A peacock?
A peacock on board a United flight as a, quote, emotional support animal. And that has reignited a whole emotional support animal frou-frou stateside. That's a whole other thing.
A peacock on board a United flight as a, quote, emotional support animal. And that has reignited a whole emotional support animal frou-frou stateside. That's a whole other thing.
Whoa, whoa, whoa, whoa, whoa.
You're taking from my time. You just shush for a minute, Graham.
Oh, okay. All right. Okay.
To be honest, I'm not interested in the whole emotional support animal thing. That's a whole other discussion.
My thing is that this peacock lives in Brooklyn because of course he does, and he's owned by artists because of course he is, and he has his own Instagram account because of course he does.
And the Instagram account is instagram.com/dexterthepeacock. He has nearly 2,000 followers and he's a goddamn bird. You need to go check out that Instagram account. It's ridiculous.
My thing is that this peacock lives in Brooklyn because of course he does, and he's owned by artists because of course he is, and he has his own Instagram account because of course he does.
And the Instagram account is instagram.com/dexterthepeacock. He has nearly 2,000 followers and he's a goddamn bird. You need to go check out that Instagram account. It's ridiculous.
And that's my pick of the week. And he's called Dexter because of course he is. A few things here. I've never heard of this phrase emotional support animal before. What? Really? No.
What is that?
What is that?
Oh, it's— the Americans with Disabilities Act requires having dogs that are trained to be admitted anywhere.
So a lot of people who basically don't have trained dogs to help with disabilities are like, I wanna bring my dog anywhere. So I'm gonna call him a quote, emotional support animal.
Everyone who really wants to take their pets everywhere with them is trying to push that barrier. And it's a whole thing of people bringing—
So a lot of people who basically don't have trained dogs to help with disabilities are like, I wanna bring my dog anywhere. So I'm gonna call him a quote, emotional support animal.
Everyone who really wants to take their pets everywhere with them is trying to push that barrier. And it's a whole thing of people bringing—
It basically gets you into places where you're not allowed to take your pets.
Yeah, people—
It's just showing you— People are bringing every animal imaginable into places where they really shouldn't be.
Yeah. I have a huge anxiety problem. So I, you know, but I'm fine when I'm holding Fifi. Or me, right? I actually can't walk right now. So my pet elephant's gonna take me everywhere.
Right. And flying, especially in the United States, is a completely traumatic thing now.
Nowadays, because you could get beaten or dragged or who knows what, because, you know, American service. And so you need an animal.
Nowadays, because you could get beaten or dragged or who knows what, because, you know, American service. And so you need an animal.
You get kicked off the flight for tweeting something, not bringing your peacock.
Carole, if holding your Fifi makes you feel better right now, I don't think anyone's gonna complain about that.
Graham, just— What? What?
Just— Carole, what's your pick of the week?
Well, my pick of the week is about UK-based firm BioCarbon Engineering, who have developed a high-tech system to use drones to replant deforested areas, even in areas where planting would be unfeasible.
So they basically send these drones into target areas to create detailed 3D maps, and then the drones are loaded up with basically an agribullet or bio seed pods, and they're brought to the area and they basically start a firing zone of—
So they basically send these drones into target areas to create detailed 3D maps, and then the drones are loaded up with basically an agribullet or bio seed pods, and they're brought to the area and they basically start a firing zone of—
Firing these agribullets into the ground, scattering their seed left, right, and center.
This is UK-based? This is not American-based?
This is a UK-based company.
Yeah, solutions.
They can plant— okay, get ready for it, get ready for it— they can plant upwards of 100,000 trees in a day. They are 10 times faster than people and cost 85% less.
And their CEO, Dr. Lauren Fletcher, says his goal is to plant half a trillion trees in the next 3 decades. And he might actually manage it, and he may just save us all.
And their CEO, Dr. Lauren Fletcher, says his goal is to plant half a trillion trees in the next 3 decades. And he might actually manage it, and he may just save us all.
And your time is up. Boom. Dr. Lauren Fletcher. That's a man, is it? Called Lauren?
Well, it's his— they say his company. So I'm imagining. Lauren, I've known Laurens, man. I know many men Laurens. Not Lawrence. No, Lauren. Lauren as a man's name. Really?
Yes. Like Lauren Bacall? You know what? That's perfectly fine. People can call themselves whatever they like.
If they want to call themselves Dexter the Peacock, if they want to call themselves Fifi the Frou-Frou, whatever it is, that's fine with me. So, okay.
So what you're basically saying is this is your pick of the week, this firm. Who are going around spurting their seeds everywhere to plant things. Shooting things.
If they want to call themselves Dexter the Peacock, if they want to call themselves Fifi the Frou-Frou, whatever it is, that's fine with me. So, okay.
So what you're basically saying is this is your pick of the week, this firm. Who are going around spurting their seeds everywhere to plant things. Shooting things.
From drones.
I don't think I can do this podcast with you anymore because you are just in the gutter.
I'm not in the gutter. No, I'm just trying to— So they're firing their bullet into the ground, 100,000 trees. Are these proper trees? These are proper seeds.
They're bio seed pods and they have— they don't just have to have one culture of tree, they could have many trees.
So you could basically put a very diverse forest and because it uses very, very careful GPS tracking, you can really plan your whole forest beautifully to make sure all the different trees have enough space, etc., etc., etc.
So yay, yay them.
So you could basically put a very diverse forest and because it uses very, very careful GPS tracking, you can really plan your whole forest beautifully to make sure all the different trees have enough space, etc., etc., etc.
So yay, yay them.
Yay for trees.
Okay, so your pick of the week, trees. Love trees. We can all get behind that. Trees. And we've got a bird from Maria. We love birds.
We love birds.
And me, I can't even remember what I did. It was so long ago. But whatever I did—
You did the album.
Yeah, well, they're nice guys. Okay.
I should mention that my bird is currently driving across America right now because it couldn't get on the flight. I feel like that's an important detail.
I'm sure he's not the one at the wheel. You know what?
I'm sure he's not the one at the wheel. You know what?
I don't know anymore. Maybe. Emotional support.
Peacock. You're kind of my emotional support animal, Graham.
If I was an emotional support animal for you, Carole, what kind of animal would I be?
And tune in next week.
Oh, Lord. Tune in next week where we will be back. If you want to follow us on Twitter, we are @SmashInSecurity without a G. Twitter wouldn't give us a G.
We're on Facebook at smashingsecurity.com/facebook, and we have an online store we can buy tat at smashingsecurity.com/store. Thank you, Maria, for joining us.
Where should people find you if they want to follow you online?
We're on Facebook at smashingsecurity.com/facebook, and we have an online store we can buy tat at smashingsecurity.com/store. Thank you, Maria, for joining us.
Where should people find you if they want to follow you online?
Twitter is the best place. So my handle is @mvarmazis. It's impossible to spell, so just look for it on the website.
We'll have it in the show notes. People can click on our website and find that. Thank you for tuning in. If you like the show, rate it on Apple Podcasts.
It really does help new listeners discover us.
It really does help new listeners discover us.
And it'll maybe make me feel better.
Oh, Carole, you know, I think we're gonna have to have a regular check-in with you just to see how you're doing. Hey, you know what we should call this episode? What? Carole's Back.
Ah, yeah, no, that's— Because it's about your back and you're back after last episode. Standing ovation. Is that good?
Ah, yeah, no, that's— Because it's about your back and you're back after last episode. Standing ovation. Is that good?
Yeah, or maybe we don't, but then when they get here, they can go, oh, cute.
Until next time. Cheerio. Bye bye.
Toodles. The game is so great and cool and wonderful.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Maria Varmazis:
Show notes:
- Strava's Global Heatmap
- Nathan Ruser tweets about Strava's global heatmap
- Privacy of fitness tracking apps in the spotlight after soldiers' exercise routes shared online
- Thar she blows: Strava heat map shows folk on shipwreck packed with 1,500 tonnes of bombs
- Advanced Deanonymization through Strava
- Fake celebrity porn is blowing up on Reddit, thanks to artificial intelligence
- Reddit User Outperforms Disney with AI-Generated Princess Leia
- Fake News Is About to Get Even Scarier than You Ever Dreamed
- Josh Turner of The Other Favorites – YouTube
- The Levee by The Other Favorites – YouTube
- Blood on the Tracks by Bob Dylan
- United denies woman's attempt to bring peacock onto flight
- Dexter The Peacock on Instagram
- Reforestation Drones Can Plant 100K Trees In An Hour
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Chess CyberSecurity
Chess CyberSecurity is taking the pulse of the IT nation. Complete their three-minute quiz and you could win amazing prizes – including limited edition t-shirts, wireless headphones, an iPad Pro and a Sony PS4.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
