Incognito mode on your browser not as private as you think, consumer spyware companies get hacked, Graham is accused of “multitasking” in his hotel room, and Carole champions the students of Parkland, Florida.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, who recorded without a special guest this week.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
And that's why some people actually call incognito windows, they just call them smut mode.
Where do I live? I've never even heard that expression. No, for real, Graham.
You're just so innocent, aren't you?
I thought I lived quite edgily, but I guess I don't.
Maybe you just constantly live in smut mode.
It looks normal. Okay, I got it. Okay, that makes a lot of sense.
Smashing Security.
Smashing Security, Episode 67: Cyberstalking and Gun Control with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, number 67, for the 1st of March, 2018. And my name is Graham Cluley.
I'm Carole Theriault.
And we're joined today by a very special—
No one.
Mr. Nobody.
Yeah, so it's going to be quick, cheery, just the two of us, see if we can get on without someone helping us not to spar. And you're busy this week. You're flying.
You're about to fly off.
You're about to fly off.
Well, I might sound a little bit different because I am from an illustrious hotel room at Stansted Airport.
Oh, how jealous are we?
Well, and also, as I was traveling, we were being told in the British media that the beast from the east was coming, which is a Siberian snowstorm.
For those that know about snow, it means about 3 inches.
And the entire country in England, it's, you want to stay off the roads just because they're all on bald tires driving around crazed loons. It is seriously, yeah.
And the entire country in England, it's, you want to stay off the roads just because they're all on bald tires driving around crazed loons. It is seriously, yeah.
Well, I was quite worried about it. So I popped down to the local motorist shop and I got myself a little ice scraper. I got myself some gloves.
Yes.
And I got myself a torch.
You scrape, what did you scrape with the ice scraper?
Well, I haven't actually encountered any snow yet.
This episode of Smashing Security is sponsored by LastPass. LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size with the right tools to secure your business with centralized control of employee passwords and applications.
But LastPass isn't just for enterprises. It's an equally great solution for business teams, families, and single users.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses.
LastPass Enterprise simplifies password management for companies of every size with the right tools to secure your business with centralized control of employee passwords and applications.
But LastPass isn't just for enterprises. It's an equally great solution for business teams, families, and single users.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses.
And welcome back. Now, Carole—
Graham.
Do you use incognito windows on your browser?
I do. I do. You're right now, of course, you're probably thinking adult stuff, right? I don't use it for that.
I use it for things if I'm looking for a flight and I'm worried they've cached me to see if my flight's gone up in value.
So I use a private browser to try and bypass things where they can kind of up the price 'cause they know I'm interested based on how many times I've visited the page.
I use it for things if I'm looking for a flight and I'm worried they've cached me to see if my flight's gone up in value.
So I use a private browser to try and bypass things where they can kind of up the price 'cause they know I'm interested based on how many times I've visited the page.
Yes, that is kind of dirty trick you would expect someone Ryanair to do.
I don't know, I wouldn't know if Ryanair would do that.
Yeah, well, that is just one of many legitimate uses for opening a private window or an incognito in your browser.
It might be that you don't want whoever else uses the computer to find where you've been going in your web browser history, and that might be for legitimate reasons, you know, maybe because you're buying them.
It might be that you don't want whoever else uses the computer to find where you've been going in your web browser history, and that might be for legitimate reasons, you know, maybe because you're buying them.
Exactly.
Or something like that.
Or maybe you're in a hotel lobby and you want to quickly check your email and you don't want to leave any sort of evidence or traces or cookies left behind on the computer.
I wouldn't necessarily recommend that because someone else's computer could of course have some keylogging password grabbing malware on it, so not necessarily a good idea.
Or maybe you're in a hotel lobby and you want to quickly check your email and you don't want to leave any sort of evidence or traces or cookies left behind on the computer.
I wouldn't necessarily recommend that because someone else's computer could of course have some keylogging password grabbing malware on it, so not necessarily a good idea.
Wait for my segment.
Oh really? Or maybe your husband or partner just wouldn't approve of you visiting wetwildandwilling.com. And if that's the case, you're protected.
Sorry, wild and willing?
Wet wild and willing. I don't know if it exists. It probably will do by the time some people have listened to this podcast. But you know, a generic porny website.
And that's why some people actually call incognito windows, they just call them smut mode, because that—
And that's why some people actually call incognito windows, they just call them smut mode, because that—
Where do I live? I've never even heard that expression. No, for real, for real.
All right, okay.
I thought I lived quite edgily, but I guess I don't.
Maybe you just constantly live in smut mode, Carole, and so you don't recognize that sometimes.
Okay, that makes a lot of sense.
Now, the thing is this: did you know that even if you have a private window in your browser on incognito window, that it can still leave traces of your browsing on your computer?
I'm really glad you're covering this because I do know that, but I don't know what traces, and I haven't even researched it ever. So this is a great topic.
Well, a chap called Frank Wang, who is an MIT grad student, he has just produced a paper and he's described some of the ways in which it can happen.
For instance, when you connect to a website via your browser, your browser translates the domain name like smashingsecurity.com into a bunch of numbers known as an IP address, and that's the thing which computers and the internet understand.
Now, details of those can end up in what is known as your DNS cache, a part of your computer which is trying to speed up your access to the internet.
And that can mean that if Computer Nerd comes along and accesses your DNS cache on your computer, they could figure out what sites you've been visiting.
And your browser, I'm afraid, does not clear out that cache—it doesn't actually have the access rights to clear out that cache.
For instance, when you connect to a website via your browser, your browser translates the domain name like smashingsecurity.com into a bunch of numbers known as an IP address, and that's the thing which computers and the internet understand.
Now, details of those can end up in what is known as your DNS cache, a part of your computer which is trying to speed up your access to the internet.
And that can mean that if Computer Nerd comes along and accesses your DNS cache on your computer, they could figure out what sites you've been visiting.
And your browser, I'm afraid, does not clear out that cache—it doesn't actually have the access rights to clear out that cache.
Okay.
Secondly, the second way in which this could happen is there's a chance that information about your browser sessions, such as your images you're looking at, the HTML codes of the sites you're visiting, could be swapped out to the hard drive as your operating system attempts to handle memory more efficiently.
So if your computer is running out of memory, if the fans go bonkers, it may decide, "Oh crumbs, there's so much going on on this computer, I'm going to shove this little bit out onto the hard drive for a while, and then I'll bring it back later should it be needed."
So if your computer is running out of memory, if the fans go bonkers, it may decide, "Oh crumbs, there's so much going on on this computer, I'm going to shove this little bit out onto the hard drive for a while, and then I'll bring it back later should it be needed."
Right, right, right. I pull it out of memory and then pull it back in when I require it, right.
And your browser will not securely wipe that area of your hard drive. So again, someone who's into computer forensics could potentially find out what websites you've been going to.
Now, okay, well, are you giving advice to bad guys here? Is this what the show started to become?
No, what I'm doing—Carole, what I'm doing is I'm explaining the risk.
Now it's up to you to determine whether you are actually at risk from this, whether your partner is the sort of—
Now it's up to you to determine whether you are actually at risk from this, whether your partner is the sort of—
You just mentioned forensics. I'm just wondering why there'd be a forensics team looking at your computer if you're a good guy.
It could be that, or it could be somebody's just simply got hold of a computer forensics tool. Okay, good point.
Yes, so the obvious answer to that one is you need more memory, don't you?
I just bought a brand new computer and, you know, I was thinking, oh, I just want as much memory as I can get. Not for this reason, but you know, it's 32 gigabytes. Yes, of course.
Yes, so the obvious answer to that one is you need more memory, don't you?
I just bought a brand new computer and, you know, I was thinking, oh, I just want as much memory as I can get. Not for this reason, but you know, it's 32 gigabytes. Yes, of course.
Yes, you want to help all the crypto mining, right? You need a lot of memory for that.
I've described the two ways in which information can leak out about your private browsing session.
Correct.
Right, and so you want a solution for this problem, right?
Yes.
Well, Frank Wang of MIT has proposed a system which he calls Veil.
Oh, I like the name.
Yeah, the name, good name. Yeah, it's good, isn't it?
So it would work a bit like this: rather than you going directly to fervortforum.co.uk, instead, Carole, you would go to an intermediary website known as a blinding server.
Now, whether that's because it's— it's not because it's blinking good or something. I think it's blinding because it stops people from being able to see where you're really going.
So it would work a bit like this: rather than you going directly to fervortforum.co.uk, instead, Carole, you would go to an intermediary website known as a blinding server.
Now, whether that's because it's— it's not because it's blinking good or something. I think it's blinding because it stops people from being able to see where you're really going.
Acts as a veil.
Right, very, very good.
Yeah, yeah, got it.
So on that site, the intermediary site, you would enter the URL where you really want to visit, and it retrieves the content for you encrypted.
In transit, the present that I want to buy for my husband.
Yes, yes, yes, yes, yes. Only decrypted for you to view, and links and URLs are encrypted as well, so they can't be linked to the content that you're viewing.
And it can even— and this is really clever, I thought— can even inject invisible sort of gibberish into the page.
And it can even— and this is really clever, I thought— can even inject invisible sort of gibberish into the page.
Oh, I love that. I love that approach. The needle in the haystack approach: make more, make more haystack, right.
And this mutates the content of the page, making it different each time, which means although it looks the same to you in your browser, it looks different to computers.
Clever.
And that means digital fingerprinting can't be used against you. Say, "Oh look, he's going to the same web page every time," you know.
Yeah, it just kind of obfuscates the pathway, doesn't it?
Right, right.
VPN cool.
So your computer no longer registers the real URL. It never caches any of the data. Any traces left won't match up with any database or even each other.
The blinding server, however, knows. They are the connector between everyone.
Yes.
Unless the blinding server is a peer-to-peer network and it just pings around.
Well, you'll have to go and read his paper to find out more about that, Carole. But that's an excellent point, which I don't have time to go into right now.
Let's go back the podcast too long, Carole, for goodness' sake.
Let's go back the podcast too long, Carole, for goodness' sake.
Now he doesn't know.
When can— you're probably asking yourself, when can you have this, right?
Yes.
Because you want it right now before John's birthday, right?
Yes.
Well, you can't. It's all theoretical because he hasn't actually built it. He's just written a paper about it.
No, hey, hey, hey, writing a paper is not just a jest thing. It's a big deal. If he's done his research properly, that's a great thing. It's not just a paper.
Well done to Frank. Yeah, absolutely.
The other thing to bear in mind though, regarding adoption of this, it may be curbed a little bit because any website which wants to be accessible via Veil has to kind of come into the scheme.
It has to be part of it and they need to do some setup on their site as well. So it's not like Veil sets up and then you can go anywhere on the web.
But it certainly could be of interest, I think, to sites that are very privacy-focused or have privacy-focused users. So interesting thing.
The other thing to bear in mind though, regarding adoption of this, it may be curbed a little bit because any website which wants to be accessible via Veil has to kind of come into the scheme.
It has to be part of it and they need to do some setup on their site as well. So it's not like Veil sets up and then you can go anywhere on the web.
But it certainly could be of interest, I think, to sites that are very privacy-focused or have privacy-focused users. So interesting thing.
Yeah.
So Veil doesn't exist, but what can you do right now? Well, certainly I do think running an incognito window generally is a good idea.
But how often do you— would you say a day do you run the incognito window? Just out of interest.
Well, I just— I'm running one right now, actually, Carole, because we were having a little bit of trouble connecting with our voice.
Okay. I was shocked that you might be multitasking.
Oh no. I'm in a hotel room.
Exactly.
So the important thing to realize about incognito windows is it tries to avoid any breadcrumbs and browsing history being left on your PC.
It doesn't stop your internet provider being able to tell what you've been up to online. Better protect your privacy, use a VPN.
As well, you can mask your location and your IP address. Hopefully the VPN can be trusted.
It doesn't stop your internet provider being able to tell what you've been up to online. Better protect your privacy, use a VPN.
As well, you can mask your location and your IP address. Hopefully the VPN can be trusted.
And people complain about VPN slowing things down, and I think it— yeah, they do, but it's so imperceptible most of the time. Don't let that put you off getting one.
I think the privacy benefits are worth it.
I think the privacy benefits are worth it.
And the other thing you can do is you could consider using a Tor web browser instead of your regular web browser.
So there are steps you can take for greater privacy online, and then you can go to Furvert Forum as much as— are you buying your husband a Furvert costume for his birthday?
Is that what you're planning to do?
So there are steps you can take for greater privacy online, and then you can go to Furvert Forum as much as— are you buying your husband a Furvert costume for his birthday?
Is that what you're planning to do?
He does not require one because he's a hairy guy. That's all I can say. I don't want to go into any details, but yeah.
Well, Carole, we've got no guests this week.
No, I know, it's kind of exciting. You can hand over to me.
I'm going to hand over to you. Carole, take it away. What have you got?
So Motherboard, you know Motherboard, great online publication. They've been doing this series on surveillance software.
This is neatly packaged code that people use to spy on friends or colleagues or staff members or enemies or frenemies or partners, family, and loved ones.
So last week, Motherboard reported on a hacker cell who broke into two consumer spyware companies. Now, these are called MobiStealth and Spymaster Pro.
Now, these are companies that sell monitoring software for Android and iPhone devices.
The hackers reportedly stole data from these two firms and then provided this large cache of data to Motherboard. And this is what was the germ of this exposé.
So both of these companies, MobiStealth and Spymaster Pro, and they sell them to average Joes just you or me.
Now, why— it's interesting following the piece you've just done, but why would an average Joe or me want spyware?
This is neatly packaged code that people use to spy on friends or colleagues or staff members or enemies or frenemies or partners, family, and loved ones.
So last week, Motherboard reported on a hacker cell who broke into two consumer spyware companies. Now, these are called MobiStealth and Spymaster Pro.
Now, these are companies that sell monitoring software for Android and iPhone devices.
The hackers reportedly stole data from these two firms and then provided this large cache of data to Motherboard. And this is what was the germ of this exposé.
So both of these companies, MobiStealth and Spymaster Pro, and they sell them to average Joes just you or me.
Now, why— it's interesting following the piece you've just done, but why would an average Joe or me want spyware?
Well, thank you, first of all, for describing me as an average Joe. That's quite complimentary from you, actually. Why would someone want spyware?
Well, I think— okay, shall we be honest or shall we talk about the way they're probably—
Well, I think— okay, shall we be honest or shall we talk about the way they're probably—
Okay, probably, so legally speaking, we know companies love this stuff, right?
They love this stuff because they can spy on their employees, make sure they're not spending all their time watching Rik and Morty, or in your case, playing chess, right?
Or watching Doctor Who or whatever boring thing you do in your time off, right? And maybe parents for their young kids because—
They love this stuff because they can spy on their employees, make sure they're not spending all their time watching Rik and Morty, or in your case, playing chess, right?
Or watching Doctor Who or whatever boring thing you do in your time off, right? And maybe parents for their young kids because—
Yes, because you might want to keep an eye on your kids and how long they spend playing games, or if they're a teenager you may want to snoop upon them and what they're saying online and whether they're getting themselves into any trouble.
Hey, I'm sorry, the kid in me is so against this, right? It's the reading the diary thing. I hate it.
I hate it.
I mean, I know kids of 8 years old now have phones. I think that's a little bit different than, you know, but people putting this on their 15-year-olds.
Well, ideally, I mean, obviously you should really ask people's permission. And the other scenario, of course, is you may want to snoop upon your partner.
Maybe they've started going to the gym a lot, or taking more care about their appearance.
Maybe they've started going to the gym a lot, or taking more care about their appearance.
Right, right. And that's a really good point, because that's the thing, right?
There are a ton of people who apparently want to spy on their spouses, or ex-spouses, or partners, or whatever.
And the problem is, these two companies, MobiStealth and SpyMaster Pro, actively promote the act of spying on your partner.
And there's a kind of question mark as to whether that's legal. And I guess that might be state-based, right? But is that legal behavior?
There are a ton of people who apparently want to spy on their spouses, or ex-spouses, or partners, or whatever.
And the problem is, these two companies, MobiStealth and SpyMaster Pro, actively promote the act of spying on your partner.
And there's a kind of question mark as to whether that's legal. And I guess that might be state-based, right? But is that legal behavior?
Well, I would expect in the small print, they would say you need to have the permission of the person you are spying upon. And they're saying, oh, you can only use this legally.
But of course, we all know people aren't going to ask for permission.
But of course, we all know people aren't going to ask for permission.
OK, let's imagine they say that. OK, let's imagine they say that. But then look at these excerpts. OK, this is from— the first one's from a SpyMaster Pro blog post.
OK, this was posted on Valentine's Day this year.
OK, this was posted on Valentine's Day this year.
Ah, random.
I'm going to paraphrase it because the English isn't great, but I have links if you want to go read the original.
Maybe say it in an East European accent.
Okay, do you think that'll work? Do you want to try and do that?
Are you too susceptible of your partner's behavior? Want to make sure if the person you love is loyal or not?
Well, if yes, then phone monitoring software is all that you can look for at this time.
Well, if yes, then phone monitoring software is all that you can look for at this time.
Good. Yeah, no, that didn't really help.
Right.
Okay, so let me translate. Are you suspicious of your partner's behavior? Want to make sure the person you love is loyal? If yes, then phone monitoring software is all you need.
There you go. Well done. Well, you've done a really splendid job of sub-editing their blog post for them. I think you should invoice them.
I hope they're a lot better at writing spying software than they are about writing blog posts. Because this is gibberish.
I hope they're a lot better at writing spying software than they are about writing blog posts. Because this is gibberish.
I know, but the whole post is basically promoting this.
So my point is, you know, maybe they're covering their asses by putting some legalese saying, you know, you've got to get permission, but they're certainly not marketing it that way.
Shall I creep you out a bit and tell you what this software can do?
So my point is, you know, maybe they're covering their asses by putting some legalese saying, you know, you've got to get permission, but they're certainly not marketing it that way.
Shall I creep you out a bit and tell you what this software can do?
Okay, I'm a little bit worried.
So once it's installed on the phone, it can work in hidden mode.
So first thing, it's not like you'd see an icon displayed anywhere, or there'd be nothing different in the way your phone looked or acted as if you were the victim of it.
So first thing, it's not like you'd see an icon displayed anywhere, or there'd be nothing different in the way your phone looked or acted as if you were the victim of it.
Okay.
It can track your GPS location in real time. That's kind of creepy, right? Especially if you've just broken up with someone, you may not want them to know where you're going, right?
You may not want them to know that you're going to this gym or to that pub or whatever. Some of the software can remotely switch on the microphone.
It also can allow the person, the interceptor, let's call them, to view all text messages, call logs, web browsing history, email, phone book details, calendar activities, files, etc.
And here's the clincher: to monitor IM chats like WhatsApp, Facebook, Instagram, all that.
You may not want them to know that you're going to this gym or to that pub or whatever. Some of the software can remotely switch on the microphone.
It also can allow the person, the interceptor, let's call them, to view all text messages, call logs, web browsing history, email, phone book details, calendar activities, files, etc.
And here's the clincher: to monitor IM chats like WhatsApp, Facebook, Instagram, all that.
If you've found yourself in this position that you want to spy on someone to this extent, I hate to break it to you, the relationship's not going to work. It's past the point.
So funny you identify. See, I see this as finding this on my phone after two months, finally finding out that this has been going on for a period of time and going, holy shit.
And you get really hot and horny. You're thinking, I love being spied on. Yeah, I love this.
That's the barking with the— yeah, I love the growl there.
It doesn't work for you? Can I tell you something?
Every single week I receive emails from people saying, my boyfriend, my girlfriend, whoever, isn't responding to my messages on Facebook anymore.
They've blocked me from their friend list. I want to know if they still really love me or whether they're seeing somebody else. Do you mind hacking into their account?
Is there a tool I can use to get that password? Blah blah blah. Every week. And Carole, I've even had phone calls.
Every single week I receive emails from people saying, my boyfriend, my girlfriend, whoever, isn't responding to my messages on Facebook anymore.
They've blocked me from their friend list. I want to know if they still really love me or whether they're seeing somebody else. Do you mind hacking into their account?
Is there a tool I can use to get that password? Blah blah blah. Every week. And Carole, I've even had phone calls.
Hi, Graham Cluley, this is, I was trying to figure out how to hack a Facebook account. I've been trying so many ways to do it and it's just not working.
So I know you're the right guy to do these kind of things and just kind of help me out here.
But you could call me back at 801— well, this is the number that I called you from, but yeah.
And I just really needed your help and I emailed you, I called you 5 times, but you know, you didn't answer.
I'm pretty sure you're probably busy, but just give me a call back please. This is your biggest fan. I really need your help.
So I know you're the right guy to do these kind of things and just kind of help me out here.
But you could call me back at 801— well, this is the number that I called you from, but yeah.
And I just really needed your help and I emailed you, I called you 5 times, but you know, you didn't answer.
I'm pretty sure you're probably busy, but just give me a call back please. This is your biggest fan. I really need your help.
Thanks. I've got the MP3. They left me a voicemail asking for me to hack into someone's account. This is the kind of thing which happens to me.
Okay, so you've just turned this whole thing to be about you?
No, no, no, no. And I'm not offering this service, can I say.
But the thing is that there are so many people who do want to spy on, quote, their loved ones and don't realize they're already past the point of no return.
But the thing is that there are so many people who do want to spy on, quote, their loved ones and don't realize they're already past the point of no return.
Yeah. So if you are concerned and you feel a bit under threat and you think, hmm, how does he know, how does she know where I've been?
And you're kind of nervous, go get your phone checked and find out if there's anything dodgy installed on your phone that is not obvious to you as the user.
And you're kind of nervous, go get your phone checked and find out if there's anything dodgy installed on your phone that is not obvious to you as the user.
Yeah, great advice. Or get a brand new phone.
Yeah, dump it.
Yeah.
Yeah.
You know, if you're concerned about this thing, if they seem to know where you are or know who you've been meeting up with, just remember you've got this device tracking you.
This is not something that happens as rarely as you'd think.
And even if it's not your phone which has been hacked, you maybe should change passwords on your email account.
Absolutely. Every single account that might— they may know the password to. We've all been in situations where we're close to people and suddenly we're not close to them anymore.
And in some cases you have a nice trusting new relationship and sometimes it ain't so trusting. And handle yourself properly.
And in some cases you have a nice trusting new relationship and sometimes it ain't so trusting. And handle yourself properly.
Do you feel like Dr. Laura?
Yeah. Pfft, fuck off. Fuck it.
Okay, so this is interesting, but so these hackers hacked these spy companies.
Do you want to know why they say they are targeting these companies?
Well, because they're scumbags, I imagine.
They say that this consumer malware industry is regularly tied to things like violent stalking and illegal spying, and that the software basically facilitates this abuse.
And it got me thinking whether or not this is something that should be punishable by law.
You know, we know that many states, and indeed in the UK, it's illegal to record someone without their knowledge, but companies can kind of do it. Right?
And I don't think I am perfectly clear on what's legal and what's not.
If you have a meeting with someone and you decide, look, for later on, I need to have a recording of this conversation for my notes, is it legal to record that even if you plan not to share it?
Without telling them, probably not.
And it got me thinking whether or not this is something that should be punishable by law.
You know, we know that many states, and indeed in the UK, it's illegal to record someone without their knowledge, but companies can kind of do it. Right?
And I don't think I am perfectly clear on what's legal and what's not.
If you have a meeting with someone and you decide, look, for later on, I need to have a recording of this conversation for my notes, is it legal to record that even if you plan not to share it?
Without telling them, probably not.
The thing is with these tools is they can be used in legitimate ways. I mean, if you had it.
And so I think they would use a similar argument to people who make and sell hammers, for instance, and say, look, you can use it to bang nails, or you can do it to bash someone's head in as well.
It's not our fault, and we don't condone the bashing of people's heads with hammers.
It's a difficult one, but certainly I have to say, I'm not going to spill any tears for these companies who've been hacked.
Clearly they've been a bit sloppy with their security as well.
And so I think they would use a similar argument to people who make and sell hammers, for instance, and say, look, you can use it to bang nails, or you can do it to bash someone's head in as well.
It's not our fault, and we don't condone the bashing of people's heads with hammers.
It's a difficult one, but certainly I have to say, I'm not going to spill any tears for these companies who've been hacked.
Clearly they've been a bit sloppy with their security as well.
No, they're preying on those that feel insecure, and they are or maybe even encouraging you to do something illegal. So yeah, jerks.
Jerks. We won't accept them to be our sponsors in future, will we, Carole?
No, thank you.
We will choose fine, upstanding sponsors.
This episode of Smashing Security is sponsored by LastPass. LastPass simplifies password management for companies of every size, but it isn't just for enterprises.
It's equally a great solution for business teams, families, and single users. Learn more at smashingsecurity.com/lastpass.
It's equally a great solution for business teams, families, and single users. Learn more at smashingsecurity.com/lastpass.
And welcome back to our favorite part of the show, which we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
This is the part of the show where everyone chooses something they like.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like. Doesn't have to be security related necessarily.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like. Doesn't have to be security related necessarily.
Definitely not security related this week.
Well, mine isn't security related.
Yours isn't? Good.
No, it's not. After last week's magnificent security related pick, this one is a website called Trailer Night.
Okay.
Now, it's not somewhere to take your trailer in the evenings.
Trailer Nite, which I'm disappointed to tell you spells night N-I-T-E rather than N-I-G-H-T, which I have to say I'm disappointed with, and it almost stopped it from being my pick of the week.
But this is a website which shows you movie trailers constantly. Now, this is quite good for me because when I go to the cinema, I basically get to see the trailers.
I don't get to see the movies very much.
Trailer Nite, which I'm disappointed to tell you spells night N-I-T-E rather than N-I-G-H-T, which I have to say I'm disappointed with, and it almost stopped it from being my pick of the week.
But this is a website which shows you movie trailers constantly. Now, this is quite good for me because when I go to the cinema, I basically get to see the trailers.
I don't get to see the movies very much.
Because you fall asleep.
Yes, because I fall asleep during the movie.
But I do get to see trailers, and I find that if I see a trailer, I pretty much know what's going to happen in the movie anyway, and then I can pretend to be one of the cognoscenti, and I can say, oh yes, I can tell you all about that movie, and I can engage in a simplistic conversation.
There are some trailers I haven't seen yet. Have you heard about this movie Black Panther that everyone's talking about?
But I do get to see trailers, and I find that if I see a trailer, I pretty much know what's going to happen in the movie anyway, and then I can pretend to be one of the cognoscenti, and I can say, oh yes, I can tell you all about that movie, and I can engage in a simplistic conversation.
There are some trailers I haven't seen yet. Have you heard about this movie Black Panther that everyone's talking about?
I've not seen the movie. I've heard of it. I've read about it, yes.
So you've read about it. I haven't read about it. I've heard about it. I have no idea what it's about. All I know is everyone's talking about it.
It's a bit like Hamilton the musical, right?
It's a bit like Hamilton the musical, right?
So you've watched the trailer and now you feel that you can be a—
Well, I haven't actually seen that trailer yet. I have seen a trailer for something. I think it was—
This is like Cliff Notes for movies. Is basically what you're saying, right? You know what, why bother reading the book? Why read Shakespeare? I've got Cliff Notes.
I got Romeo and Juliet right here. Got it all. Excellent. Okay, well, nice. Yeah, we are different people.
I got Romeo and Juliet right here. Got it all. Excellent. Okay, well, nice. Yeah, we are different people.
Star-crossed lovers. Yeah, poison.
Yeah, you think he's— you probably think he's the biggest movie hero of them all, the voiceover guy.
Well, he was wonderful.
In a world in the year 2017. So basically that's what it is. You like that grumbly voice that puts you to sleep all beautifully, and that's what you like about trailernight.com.
I think there was a guy called Bill Mitchell, was one. He's suddenly dead. He was one of those really gravelly voices, but I think there's a few of them actually.
I don't know why I know the name of the voiceover man, but yes.
I don't know why I know the name of the voiceover man, but yes.
Yep. So basically that's what it is. You like that grumbly voice that puts you to sleep all beautifully, and that's what—
All I can tell you is that in a world of poor Pick of the Week choices.
My Pick of the Week is marvellous this week, and if you're into trailers like I am, go to TrailerNight— brackets spelled incorrectly—.com. And that is my Pick of the Week.
My Pick of the Week is marvellous this week, and if you're into trailers like I am, go to TrailerNight— brackets spelled incorrectly—.com. And that is my Pick of the Week.
Yep, yep, not scraping the barrel at all.
What's your Pick of the Week? Mine's great, actually.
Yeah, I'm on my soapbox because it's not funny, it's not silly, it's not techie, it's not even entertaining, but it's inspiring. And that's, you know, a rare thing these days.
So I'm going to champion a human being. I knew nothing about her about a week ago, and today she tops my list of inspiring people, and I am talking about Emma González.
Now, Emma González is a 17-year-old Florida student who gave an insanely powerful public appeal to Florida lawmakers to do more about gun control at a rally in Fort Lauderdale.
Just listen to this. This is a snippet of her about 10-minute-long speech.
"The founding fathers, and since they added the Second Amendment to the Constitution, our guns have developed at a rate that leaves me dizzy.
The guns have changed, and the laws have not.
We certainly do not understand why it should be harder to make plans with friends on weekends than it is to buy an automatic or semi-automatic weapon.
In Florida— in Florida, to buy a gun, you do not need a permit, you do not need a gun license, and once you buy it, you do not need to register it.
You do not need a permit to carry a concealed rifle or shotgun. You can buy as many guns as you want at one time. I read something very powerful to me today.
It was from the point of view of a teacher, and I quote, 'When adults tell me I have the right to own a gun, all I can hear is, my right to own a gun outweighs your students' right to live.
All I can hear is mine, mine, mine, mine.'" And this was literally days after the gunning down of innocent kids, Emma González's classmates and friends, right?
And she was at school located in the greatest country in the world.
And I don't know, I champion her because she's delivered a speech that took guts and passion and integrity and honesty.
And I'm not the only one who noticed the power in that speech. She's spurred a movement that I hope will change the relationship that Americans have with their guns.
I really believe that. So, I know you're probably thinking, lofty goal, but you watch, this girl's on fire, man. She's a phoenix.
And she has me and millions of others supporting her cause. So I say check out her speech if you haven't already.
If you've missed it, you're probably living under a rock, but if you haven't missed it, go see it, it's in the show notes.
Find her on Twitter @EmmaForChange and support her event, March for Our Lives. And you can attend it or donate to it. And literally just do it for the kids.
So I'm going to champion a human being. I knew nothing about her about a week ago, and today she tops my list of inspiring people, and I am talking about Emma González.
Now, Emma González is a 17-year-old Florida student who gave an insanely powerful public appeal to Florida lawmakers to do more about gun control at a rally in Fort Lauderdale.
Just listen to this. This is a snippet of her about 10-minute-long speech.
"The founding fathers, and since they added the Second Amendment to the Constitution, our guns have developed at a rate that leaves me dizzy.
The guns have changed, and the laws have not.
We certainly do not understand why it should be harder to make plans with friends on weekends than it is to buy an automatic or semi-automatic weapon.
In Florida— in Florida, to buy a gun, you do not need a permit, you do not need a gun license, and once you buy it, you do not need to register it.
You do not need a permit to carry a concealed rifle or shotgun. You can buy as many guns as you want at one time. I read something very powerful to me today.
It was from the point of view of a teacher, and I quote, 'When adults tell me I have the right to own a gun, all I can hear is, my right to own a gun outweighs your students' right to live.
All I can hear is mine, mine, mine, mine.'" And this was literally days after the gunning down of innocent kids, Emma González's classmates and friends, right?
And she was at school located in the greatest country in the world.
And I don't know, I champion her because she's delivered a speech that took guts and passion and integrity and honesty.
And I'm not the only one who noticed the power in that speech. She's spurred a movement that I hope will change the relationship that Americans have with their guns.
I really believe that. So, I know you're probably thinking, lofty goal, but you watch, this girl's on fire, man. She's a phoenix.
And she has me and millions of others supporting her cause. So I say check out her speech if you haven't already.
If you've missed it, you're probably living under a rock, but if you haven't missed it, go see it, it's in the show notes.
Find her on Twitter @EmmaForChange and support her event, March for Our Lives. And you can attend it or donate to it. And literally just do it for the kids.
Wow. Well, I've just watched this video and it is profound, isn't it? It's inspiring actually, because you know what? She's 17!
Well, exactly, because I'm so used— and I'm guilty of it just like everyone else— I'm so used to slagging off young people and saying, oh, they feel so entitled and all the rest of it, and they think they're going to become the absolute heroes.
And well, no, sometimes I do feel that, and maybe I'm guilty of tarring everyone with that brush, but the response of some of these students in America to this horrendous thing which has happened is truly inspiring.
And you know what? It is shameful, I think, to be one of the grown-ups, one of the adults who has allowed them to grow up into a country which is in that sort of mess.
And I know I probably— there will be people listening to this who just think, oh, there they go, the Europeans again.
We had a bad review a while ago, didn't we, because they thought we were anti-gun or anti-Trump or something.
Well, exactly, because I'm so used— and I'm guilty of it just like everyone else— I'm so used to slagging off young people and saying, oh, they feel so entitled and all the rest of it, and they think they're going to become the absolute heroes.
And well, no, sometimes I do feel that, and maybe I'm guilty of tarring everyone with that brush, but the response of some of these students in America to this horrendous thing which has happened is truly inspiring.
And you know what? It is shameful, I think, to be one of the grown-ups, one of the adults who has allowed them to grow up into a country which is in that sort of mess.
And I know I probably— there will be people listening to this who just think, oh, there they go, the Europeans again.
We had a bad review a while ago, didn't we, because they thought we were anti-gun or anti-Trump or something.
Oh, but blah blah, it's hard. You know what, it's hard for us to understand guns because we don't live with them.
We don't get that whole protect yourself thing in the same way at all.
And I'm sure, you know, there's two sides to the coin, whatever, but no one wants their kids gunned down in school, period.
We don't get that whole protect yourself thing in the same way at all.
And I'm sure, you know, there's two sides to the coin, whatever, but no one wants their kids gunned down in school, period.
That's the point, isn't it? That is the quintessential point.
She's making changes. There are companies right now who are basically giving up their relationship with the NRA because of her and this movement.
They are publicly stating, we are no longer doing business with the NRA until the NRA changes their...
I hope that a movement doesn't lose momentum and that the media doesn't move on to the next crazy bit of celebrity nonsense.
I hope that a movement doesn't lose momentum and that the media doesn't move on to the next crazy bit of celebrity nonsense.
This is exactly why I didn't talk about this last week, so I wanted to bring it up this week because that's important.
You know, we all have fire in our belly when things happen and we tend to let them go, but I think she's managing this very well and it's stressful.
I can't even imagine the stress she's under. But she's also hopefully supported by millions of people that are there to help her get through everything.
She hasn't even grieved yet about what's happened. Of course, no. Anyway, I know it's a bit serious for our show, but I just say, Emma Gonzalez, you go.
Can I tell you one thing, Graham? I bet she's cooler than you've ever been.
You know, we all have fire in our belly when things happen and we tend to let them go, but I think she's managing this very well and it's stressful.
I can't even imagine the stress she's under. But she's also hopefully supported by millions of people that are there to help her get through everything.
She hasn't even grieved yet about what's happened. Of course, no. Anyway, I know it's a bit serious for our show, but I just say, Emma Gonzalez, you go.
Can I tell you one thing, Graham? I bet she's cooler than you've ever been.
Oh, I've been pretty cool, you know. I won a chess game last night. I have played chess with Garry Kasparov. I've written my own pantomime. I invented the patent pending zip fastener.
It's been a little bit different this week. No guest. We will be back to normal next week. But if you want to follow us on Twitter, you can do so @SmashInSecurity.
Twitter wouldn't let us have a G. You can join our Facebook group on the Smashing Security podcast, or you can go to our online store at smashingsecurity.com/store.
Thanks for tuning in. If you the show, what have people got to do, Carole?
It's been a little bit different this week. No guest. We will be back to normal next week. But if you want to follow us on Twitter, you can do so @SmashInSecurity.
Twitter wouldn't let us have a G. You can join our Facebook group on the Smashing Security podcast, or you can go to our online store at smashingsecurity.com/store.
Thanks for tuning in. If you the show, what have people got to do, Carole?
You don't have to do anything, but if you rate it, we'll really be happy. And those who've already rated it, thank you, thank you, thank you.
They keep coming in and they're wonderful. So thanks so much, guys.
They keep coming in and they're wonderful. So thanks so much, guys.
Carole, could you move a little bit from passive aggressiveness about getting people to rate it to slightly more aggressive?
I just think your whole relaxed, you don't really have to rate it.
I just think your whole relaxed, you don't really have to rate it.
We could really... No, because I don't all that. I don't that, you know, that's slutting out for ratings. I'm not slutting. You are, you're a whore. You're a whore, Graham Cluley.
And it's gross. And some of us here have to have our buttons dialed back. Thank you very much.
And it's gross. And some of us here have to have our buttons dialed back. Thank you very much.
Until next time, cheerio, bye-bye.
Toodles.
If you're going to go to dodgy smutty websites, we know what can happen when you— if you masturbate a lot. You know what can happen then, can't you?
I don't know what's happening right now. I don't know what's happening right now. I feel I've just gone into a fourth dimension.
Okay, I'm not sure how to do this.
Yeah, I don't know if this is the right way.
Okay, let's start again. I'll try one other one.
Well, and you know, if you're in the habit of regularly entering smut mode on your computer, maybe to go to slightly smutty websites to entertain yourself. Okay.
Of course, if you entertain yourself too much, there's that thing which happens to you. What is it? Or crumbs, I can't remember. Or you can become really forgetful. That's it.
Yeah, so you might need better memory. You might need more memory. That's not very funny. What's going on?
Well, and you know, if you're in the habit of regularly entering smut mode on your computer, maybe to go to slightly smutty websites to entertain yourself. Okay.
Of course, if you entertain yourself too much, there's that thing which happens to you. What is it? Or crumbs, I can't remember. Or you can become really forgetful. That's it.
Yeah, so you might need better memory. You might need more memory. That's not very funny. What's going on?
I don't even know where we are. Okay, take a deep breath. Take a deep breath. Get some oxygen in there. Holy moly. I need a glass of wine. Hold on.
I'm trying. I'm trying to make a pun about the need for more memory and linking it— actually, I've got this wrong, haven't I? Because masturbation makes you blind.
It doesn't make you forgetful, does it?
It doesn't make you forgetful, does it?
No, it has nothing to do with memory.
For some reason, I forgot that.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Show notes:
- How to go 'Incognito' on your web browser, and what it means
- Your private browsing isn’t as incognito as you want it to be
- Veil is private browsing for the ultra-paranoid
- Hacker Strikes ‘Stalkerware’ Companies, Stealing Alleged Texts and GPS Locations of Customers
- Spy on Your Valentine Using Spy Software
- How stalking has been made easier by the internet and social networks
- Trailer Nite
- Florida student to NRA and Trump: 'We call BS' – YouTube
- March for our lives
- Emma González on Twitter
- Florida Student Who Gave Emotional Gun Control Speech Now Has More Followers Than NRA
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
