Yes, the “Smashing Security” podcast has reached its 100th episode!
Despite our celebratory mood, we don’t forget to take a look at the security stories of the last week – including an alarming IoT failure and a dating app disaster for Donald Trump devotees.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by cybersecurity veterans Graham Cluley and Carole Theriault.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Hello? Are you there? Okay, I've got my tea. What kind of tea are you drinking? I think it's just regular tea.
What we call builder's tea.
Yep.
Have you ever built anything in your life?
Lego?
Yeah, I don't know if that counts as an almost 50-year-old.
I've built up a podcast.
Have you on your own done that? Well done for you.
Well done you. Well done you. No, listen to what I said. Listen to the recording. I said with your help. That's what I said. You just jumped in too soon. Rewind. Rewind.
I built a podcast with your help.
Smashing Security, episode 100. One flippin' hundred. With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 100.
My name is Graham Cluley.
I'm Carole Theriault. Carole.
Graham.
We made it. We made it through the rain.
It wasn't without its ups and downs. But, yeah.
100. What an achievement. What a long way we have come.
Yeah, we should write a book about how to keep peace and how to finish a job without losing your shit.
I don't know if there is a finish line. With a podcast?
Well, there might be.
Really?
Let's see how this one goes.
You know, do you remember way back when, when we started?
We were once three.
Yes, we used to have Vanja with us. That was fun, wasn't it? Smashing Security 001. One cup, two hotel guests.
And here are your hosts, Carole Theriault Vanja Svajcer and Graham Cluley. And, well, exciting time.
And here are your hosts, Carole Theriault Vanja Svajcer and Graham Cluley. And, well, exciting time.
You're doing great. You're doing great. Carry on. It's really riveting.
And then he mysteriously disappeared.
Well, because we kind of needed that foil, didn't we?
Yeah. It's good having guests. We don't have a guest this week. Because who's worth it?
I was just going to say, I mean, who would you choose?
You know? Yeah. So we won an award as well along the way.
We won an award.
We lost an award along the way too.
We lost an award.
Yeah. Yeah. It was your idea, of course, to do a podcast.
It was my idea. I'm surprised. You're saying that now, because about 10 minutes ago, you took full credit for it.
About 6.
And now you're trying to sound so magnanimous. Thank you very much, Graham. Yes, it was mine.
But what, when was that? About 6 years ago?
Well, if you remember correctly, I started a podcast when I worked at Sophos.
Oh, yes. Yes. Yeah. I was a guest on it.
I think you were my first guest.
Was I?
I think you might have been.
Oh, cool.
I don't even know if those episodes still exist.
I expect they're out there somewhere.
And then I stopped for a while.
Yeah.
And then I really wanted to get one when we decided to leave Sophos. I wanted just to start a podcast and you were oh, Krul, I'm going to be way too busy.
I don't want to commit to anything. And then a few months went by and you missed me and you thought, I know how to get Krul back in my life is to play the podcast card.
I don't want to commit to anything. And then a few months went by and you missed me and you thought, I know how to get Krul back in my life is to play the podcast card.
I remember our meeting with Vanja at that cafe.
In Oxford.
In Oxford where we discussed it.
So, well, that wasn't that long ago, Graham. I'm glad you can remember it.
And I remember us discussing what we should call the podcast as well. Do you remember some of the alternative names other than Smashing Security?
Because Smashing Security wasn't my favorite. I was outvoted, can I say.
Because Smashing Security wasn't my favorite. I was outvoted, can I say.
Did you look this up?
No, I just remember it.
Do you really? I don't remember any of the names.
I remember my pro— well, I don't remember all of the suggestions, but I remember—
Okay, give me some, give me some.
Well, when I say I don't remember all of them, I only remember the one I actually wanted.
Okay. Which was?
Which was, I thought, very clever. I really liked the idea of The Safe Word. Do you see what I've done there?
Yes.
It's a little bit sexy, but it's also a little bit security, a little bit passwordy. I thought that was clever.
Yeah.
Is it too late to change it?
Bit mucky. Bit mucky. I don't know. Maybe now actually we should change our name.
Because then, you know, it could be about anything, couldn't it? If it's the safe word. Yeah.
Yeah.
Someone else is going to pinch that now.
Well, yes.
Start their own one.
It's a good name. But Smashing Security without the G, you wouldn't have, we wouldn't have our Twitter joke every show.
No, no, that's true.
Right? And that's very important.
It is, yes.
We've even made a t-shirt with it, you know, so.
Well, we've got mugs. We don't have a t-shirt at the moment. We have mugs and we have a pic. In fact, I am drinking right now from a Smashing Security mug.
I've got a cup of tea here to celebrate with you.
I've got a cup of tea here to celebrate with you.
Do you know what? I am drinking from a wine glass.
Right.
Because I'm having a glass of wine to celebrate our 100th.
Is that safe?
Well, we'll find out. So cheers to everyone.
Cheers.
Hey, Graham.
Hello. Hello.
I need some advice. Yes. I need some advice. I use a cloud service. I put all my files and data up there, and I'm kind of nervous about prying eyes looking at it. Any advice?
Yeah, you've got to encrypt it.
Before I load it up?
Well, I would recommend so, because any file which you put on Dropbox or Google Drive or OneDrive or those other cloud services, it could be accessed by that company or indeed law enforcement or any hacker who broke into your account.
So what I would recommend is use a piece of software like Boxcryptor.
It's what I run on my computer, and any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
So what I would recommend is use a piece of software like Boxcryptor.
It's what I run on my computer, and any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
Ah.
So the cloud service itself can't see the contents of the files which I'm putting on the cloud drive. It's all encrypted.
Cool, I'll check it out.
Go to Boxcryptor.com, and thanks to Boxcryptor for supporting the show this week. Many of us have worked in big companies, right?
And we know that it only takes one person to make a boo-boo to allow the hackers in.
Imagine running a company, hiring new staff, and worrying that one of them might bring their bad password habits into the office. Horrendous nightmare.
That's one of the reasons why businesses small and large need a password management solution like LastPass Enterprise.
LastPass brings a vast array of features for enterprise users, including company-wide policies, reporting, user groups and roles, and new support for Microsoft Active Directory.
As an administrator, you can create highly secure passwords for your new starters right from the onset. Means no snafus.
Listeners can check it out for themselves by visiting lastpass.com/smashingsecurity. No more password snafus, no more boo-boos, just LastPass.
Well, Carole, my story this week is about the company Yale. Are you familiar with Yale? As in Yale locks?
And we know that it only takes one person to make a boo-boo to allow the hackers in.
Imagine running a company, hiring new staff, and worrying that one of them might bring their bad password habits into the office. Horrendous nightmare.
That's one of the reasons why businesses small and large need a password management solution like LastPass Enterprise.
LastPass brings a vast array of features for enterprise users, including company-wide policies, reporting, user groups and roles, and new support for Microsoft Active Directory.
As an administrator, you can create highly secure passwords for your new starters right from the onset. Means no snafus.
Listeners can check it out for themselves by visiting lastpass.com/smashingsecurity. No more password snafus, no more boo-boos, just LastPass.
Well, Carole, my story this week is about the company Yale. Are you familiar with Yale? As in Yale locks?
Yes. I mean, I'm familiar with them everyone is. I probably have one and don't even know it.
Are they just a British company or are they—
No, no. I certainly knew them before I moved here. Yeah.
Oh, okay. All right. So, yeah. Okay. So people know them elsewhere.
Well-known name. Yeah, right.
Well, they don't just make keys and physical locks anymore. They also make a range of smart home security devices driven by smartphone apps. How cool is that?
It means you can set your burglar alarm, remotely unlock your front door, check CCTV cameras to make sure that your goldfish is eating while you're on holiday, all those sort of things from far, far away.
Absolutely marvelous. Nothing at all can go wrong with that, right?
It means you can set your burglar alarm, remotely unlock your front door, check CCTV cameras to make sure that your goldfish is eating while you're on holiday, all those sort of things from far, far away.
Absolutely marvelous. Nothing at all can go wrong with that, right?
I don't know how people can tie IoT to their actual physical security in these— today, today.
I'm sure one day we're all going to do it and this is going to seem— but right now it seems crazy to me.
I'm sure one day we're all going to do it and this is going to seem— but right now it seems crazy to me.
It's 2018, people love this kind of thing.
And just after 4 o'clock in the afternoon last week, on Wednesday, Yale tweeted that they were performing some unplanned network maintenance.
And the customers may experience connection issues.
And just after 4 o'clock in the afternoon last week, on Wednesday, Yale tweeted that they were performing some unplanned network maintenance.
And the customers may experience connection issues.
Okay. So they warned their clients, we're doing something, watch out if there's any glitches.
Yes, yes. If you're the sort of person who actually follows the Twitter account of your front door lock, then you would have seen this.
So they tweeted, they tweeted, they didn't send a letter, an email or anything that?
No, no, no, nobody sends letters.
So one tweet went out.
This was unplanned network maintenance Carole. You know what that is code for, don't you?
Wah wah.
It means ah ooga, ah ooga. Exactly. What the fuck is happening? Yeah. You need to fix this pronto. They found a big problem, right.
And of course, 4:00 PM, that's when kids start returning home from school, isn't it? Yeah. And you can imagine—
And of course, 4:00 PM, that's when kids start returning home from school, isn't it? Yeah. And you can imagine—
Oh yes, we're talking about door locks, not Twitter, of course.
Right, right.
So they're, okay, so kids are coming home from school.
Kids are coming home from school.
Planning to put in their code.
Or maybe they've, you know, oh, I've forgotten my door key or something, or my fob, you know, and I'll just text mum and get her to remotely unlock the front door, you know, so I can get in.
And it's not that long before parents will be coming back from work as well, you know, commuting back after a hard day's work.
Or what if you were running an Airbnb property, for instance? Maybe you've got one of these things in place. Well, their unplanned network maintenance had something of an impact.
When they talk about connection issues, users began to complain that they were unable to open or lock doors with that app or disable alarms.
And it's not that long before parents will be coming back from work as well, you know, commuting back after a hard day's work.
Or what if you were running an Airbnb property, for instance? Maybe you've got one of these things in place. Well, their unplanned network maintenance had something of an impact.
When they talk about connection issues, users began to complain that they were unable to open or lock doors with that app or disable alarms.
So people weren't able to get out of their houses and people were able to get in?
This is the thing. There are people who tweeted and saying, I'm stuck in my home because of this. Now, I think that was a little bit misleading because—
Because you're thinking there's sliding doors, there's back doors, there's garage doors.
Even if you have a smart lock on your front door, there's always a physical handle, which will allow you to get out because of fire and things like that, right?
It's not going to prevent you from getting out of your house if you want to, but there may have been people who felt like they had to stay in the home because they couldn't set their alarm with their app.
So that may have been why they were complaining that they were stuck inside. I don't really believe this, they were physically stuck inside.
You may remember we did a story about a hotel in Bavaria or somewhere, which got hit by ransomware.
And they, there was a claim that guests got stuck in the hotel rooms and we were quite skeptical of it way back when in the early days of Smashing Security.
By 7 o'clock, so 3 hours later, things were taking a turn for the worse because Yale then tweeted that they were working to fix the app, but while we've been doing that, we've experienced an unforeseen issue and now the app is temporarily unavailable.
Oh dear. And so you couldn't access the app at all. So things have deteriorated.
And as a consequence, if people were reliant on the app, they couldn't unlock doors or they couldn't change their alarms.
It's not going to prevent you from getting out of your house if you want to, but there may have been people who felt like they had to stay in the home because they couldn't set their alarm with their app.
So that may have been why they were complaining that they were stuck inside. I don't really believe this, they were physically stuck inside.
You may remember we did a story about a hotel in Bavaria or somewhere, which got hit by ransomware.
And they, there was a claim that guests got stuck in the hotel rooms and we were quite skeptical of it way back when in the early days of Smashing Security.
By 7 o'clock, so 3 hours later, things were taking a turn for the worse because Yale then tweeted that they were working to fix the app, but while we've been doing that, we've experienced an unforeseen issue and now the app is temporarily unavailable.
Oh dear. And so you couldn't access the app at all. So things have deteriorated.
And as a consequence, if people were reliant on the app, they couldn't unlock doors or they couldn't change their alarms.
Do you happen to know if all the locks actually have a key insert section? Like they're all manually overridable?
So what I think these locks have is you normally have a key tag or a key card.
Yeah, like a hotel.
Or you may have a PIN code which can override or turn off an alarm. But the problem is, many people won't carry those kinds of things around with them.
When they get used to having the technology work every day.
Right.
Or if you're a kid and you've forgotten your key fob and you left it in your bedroom or something like that, and you're just going to text your mum and say, "Can you remotely unlock the house for me so I can get in?" Or it's an Airbnb-style property where you don't give people the thing, but you say, "Look, as soon as you get there, text me and I'll unlock the door for you." So this was just, this was a serious inconvenience.
Oh yeah. And there were customers moaning left, right, and center. There's a guy called Paul Morgan, for instance.
He told Computer Business Review that due to the app not working, he couldn't gain entry to his house. 4 people, he said, lived in the house.
2 of them have got key fobs, which aren't affected by the outage, but both of them were out of town. And, you know, he just assumed that it could be relied upon to work.
And it's like, you know, Well, he should listen to our show more often. Well, you know what? I kind of agree with you. I mean, obviously—
Or if you're a kid and you've forgotten your key fob and you left it in your bedroom or something like that, and you're just going to text your mum and say, "Can you remotely unlock the house for me so I can get in?" Or it's an Airbnb-style property where you don't give people the thing, but you say, "Look, as soon as you get there, text me and I'll unlock the door for you." So this was just, this was a serious inconvenience.
Oh yeah. And there were customers moaning left, right, and center. There's a guy called Paul Morgan, for instance.
He told Computer Business Review that due to the app not working, he couldn't gain entry to his house. 4 people, he said, lived in the house.
2 of them have got key fobs, which aren't affected by the outage, but both of them were out of town. And, you know, he just assumed that it could be relied upon to work.
And it's like, you know, Well, he should listen to our show more often. Well, you know what? I kind of agree with you. I mean, obviously—
We've only done 100 of them, for God's sake.
Obviously it's not good what happened with Yale, but I also think, what were these people thinking?
How are these people planning to enter their properties if their phone was ever lost or broken or simply ran out of battery?
Were they planning to keep a fully charged phone with the app installed underneath their flower pot? Like you would with a key.
How are these people planning to enter their properties if their phone was ever lost or broken or simply ran out of battery?
Were they planning to keep a fully charged phone with the app installed underneath their flower pot? Like you would with a key.
It's just a plan B, right? It's just, that's what you want with these new technologies. It's like, okay, great, you want to adopt it, you've read all the risks, go for it.
But you know, if it doesn't work, what's plan B?
But you know, if it doesn't work, what's plan B?
Yeah.
Why wouldn't they have a key, you know, in a lockbox somewhere?
You'd need a key to unlock the lockbox, Carole, wouldn't you, to get to your key?
No, lockboxes are, no, they're done with passcodes as well. So you could have 1, 2, 3, 4.
Oh, good one. Yeah, you can tell everyone that. Nice one. Have you learned nothing?
Well, you know, my pretty little head, so crammed with dresses and pretty things.
So Yale's response is no one should be locked out of their house this end because you should have a spare key fob or know the PIN or something like this. But—
Right. But you didn't give us 10 key fobs and 10 people live in the house, for example.
And furthermore, if you're carrying around a key fob with you, isn't that just the same as carrying a key? You know, it takes up as much room.
The whole purpose, I presume, of having an IoT lock is that you don't have to carry so much around with you because you've got it on your smartphone.
So I have some sympathy with Yale, but I do think people haven't entirely thought this through. They thought this is a really cool thing.
Mechanical locks actually have some big advantages, right? They don't fail because the cloud has gone down, or they don't fail because there's been a power cut.
And the big benefit is you need to be physically present at the lock when you want to unlock it rather than someone remotely doing it.
The whole purpose, I presume, of having an IoT lock is that you don't have to carry so much around with you because you've got it on your smartphone.
So I have some sympathy with Yale, but I do think people haven't entirely thought this through. They thought this is a really cool thing.
Mechanical locks actually have some big advantages, right? They don't fail because the cloud has gone down, or they don't fail because there's been a power cut.
And the big benefit is you need to be physically present at the lock when you want to unlock it rather than someone remotely doing it.
You know, totally.
But I suppose the appeal, one of the mega appeals, is that you can just go around with your phone, you know, you use contactless, you know, and you use an app to buy everything.
You can unlock your house and car with your phone. You know, you can find everything so you don't have to carry keys. And right now that's annoying.
But I suppose the appeal, one of the mega appeals, is that you can just go around with your phone, you know, you use contactless, you know, and you use an app to buy everything.
You can unlock your house and car with your phone. You know, you can find everything so you don't have to carry keys. And right now that's annoying.
But if you only rely on the phone, it's a single point of failure. So if your battery does run down, or—
Totally understand that. I'm just saying that's what the appeal is, right?
Yes, that's the appeal.
That's the appeal. But you know, not having a plan B, disasters. In these situations. Yeah. This is just an example of how it can suck.
Another reason though, Carole, why you don't want to— this is me urging you to never get a smart lock. Not that I suspect you're planning to get one. Right.
Well, you have an internet-enabled thermostat though, don't you? Or something like that.
Well, you have an internet-enabled thermostat though, don't you? Or something like that.
We do. We do.
How's that working out?
Well, it's pretty good so far. I do think there are some issues with it. I mean, I can see, but I also have a failsafe. Right?
Oh, do you? Oh, what, you can just twiddle it?
No, I've got a fireplace.
Oh, good one.
Thanks.
Well, I'll tell you another reason why a physical lock is a good thing.
Because yes, a burglar can break down, smash your door if they really want to gain access to your property, but that is going to leave physical damage, right?
And physical damage is actually something you want because that is something which you can use as proof to your insurers there was forced entry.
So when you claim that your video recorder or your Nintendo DS has been stolen or whatever, you can say, oh no, no, no, it's not me putting them on eBay.
You know, these were actually stolen. If you have a smart lock, there aren't going to be any clues like that, are there?
Because yes, a burglar can break down, smash your door if they really want to gain access to your property, but that is going to leave physical damage, right?
And physical damage is actually something you want because that is something which you can use as proof to your insurers there was forced entry.
So when you claim that your video recorder or your Nintendo DS has been stolen or whatever, you can say, oh no, no, no, it's not me putting them on eBay.
You know, these were actually stolen. If you have a smart lock, there aren't going to be any clues like that, are there?
Mm-hmm.
So there you go, folks.
That's a very good point.
Yeah. Thank you very much. Well, it isn't the first time smart systems have failed, of course, way back in episode 38. Yeah.
I was just going to say, we've talked about these before.
Yeah. There were some smart locks then, which were bricked after receiving a duff over-the-air firmware update.
And there was an outage at Amazon Web Services last year, which prevented people from being able to turn on their lights and control their locks.
And there was an outage at Amazon Web Services last year, which prevented people from being able to turn on their lights and control their locks.
You see, you see, I should never have gotten this internet-enabled fricking heat thing.
Imagine not being able to turn it on.
I got talked into it by my husband. It's so cool, Carole. He went on for a year about how we should get it. I really, I held off for a year.
I know your husband and I suspect he wants to make it a little bit hotter at home, if you know what I'm saying.
Well, thank God it's not his anniversary today.
It's not just his pelt keeping him warm. He also—
It's just Smashing Security's birthday, not his.
Well, once again, episode 100. Why would we finish any other way than to say IoT, not always the best thing?
We didn't. We're not finishing.
Hmm?
We're not finishing.
Not yet.
We've got a lot more content coming up.
Have we?
Yeah.
Well, what have you got for us this week?
Well, it is our 100th episode, and we are two happily married cool cats. Thank God married to different people.
Yes.
So I thought a virtual swim in the dating pool might be fun.
Oh, hello.
So first, do you think opposites attract? Like, what's the story with you and Mrs. Cluley?
Me and Mrs. Clue?
Yeah.
Well, you know, she's got everything a man could want, you know, so hairy chest, muscles, you know, it's nice.
She's gonna love you.
She doesn't listen. She doesn't listen.
Yeah, you know what, I'm doing a test with my husband too because we're very similar, my husband and I, as you know. We're two peas in a pod, right?
We're both quiet thinkers, introverted, shy. He's a little bit bigger than me, being a ginormous beef bus of a man, but otherwise, right, we're the same, right?
We're both quiet thinkers, introverted, shy. He's a little bit bigger than me, being a ginormous beef bus of a man, but otherwise, right, we're the same, right?
Yeah, you're quite smart. Yeah.
Now we've all heard of dating sites for the rich, right? Or for the beautiful, or for the insert religion here.
But say hello to a new one that's focused on a relatively new group, and that is the group of Donald Trump supporters.
But say hello to a new one that's focused on a relatively new group, and that is the group of Donald Trump supporters.
Ah, that particular gene pool. Yes, it'd be good if they started dating, wouldn't it?
It seems, it seems that Donald Trump supporters may be facing a little dating problem. No one wants to date him.
What?
A 2017 Tinder survey kind of supports this. It says 7 out of 10 would kick a date to the curb if they had misaligned political views.
Yes, but that's not just true of Trump supporters. I mean, Trump supporters presumably don't want to date a Democrat either, do they?
Sure, sure.
But maybe they're having trouble finding themselves, or maybe they live in a very small town right out in the middle of nowhere and they're trying to online date, and there's a lot of people out there that are a little bit mean to them.
But maybe they're having trouble finding themselves, or maybe they live in a very small town right out in the middle of nowhere and they're trying to online date, and there's a lot of people out there that are a little bit mean to them.
Yeah, okay, right.
All right, now thankfully there's an answer, okay? There's a dedicated Trump supporter dating app which launched last week. This is called Donald Daters.
Their slogan, their slogan, get ready folks, make America date again.
Their slogan, their slogan, get ready folks, make America date again.
That's quite clever actually. Okay, I don't love the name Donald Daters. I'm not sure that— no, sort of increases my ardor in any way or romance, but Make America Date Again.
That's all right. Okay.
That's all right. Okay.
Quote from their website: Without bias, judgment, or liberal intolerance, with the free Donald Daters app, you have the power to quickly find the right partner near you.
All right.
See what they did there?
Yeah, I got it. It's Alexa, right?
Now, how is someone to test a lady's true support for the Donald? Grab them by the pussy? I mean, really, I suppose it would be a good way to show your support for misogyny.
Oh, Carole.
I digress, I digress, I digress. So Donald Daters was the brainchild of Emily Moreno. She was a former campaign aide to Florida Senator Rubio.
Oh yes, little Marco.
She told Fox News, for many young Trump supporters, liberal intolerance has made meeting and dating nearly impossible.
Support for the president has become a deal breaker instead of an icebreaker. So no PR help there.
Support for the president has become a deal breaker instead of an icebreaker. So no PR help there.
Yes. If they're suffering from romantic challenges because of their support for the Donald, there might be another solution to this rather than just getting the app.
Just putting it out there. You know, if they're getting a lot of feedback saying, uh, no, you know what? No, thank you. Hmm. Interesting. All right.
Just putting it out there. You know, if they're getting a lot of feedback saying, uh, no, you know what? No, thank you. Hmm. Interesting. All right.
So Moreno wants Monero, right? And see what I did there. I've worked on that one. So Moreno wants Monero, and she launches this Donald lovers dating app.
And things kicked off with some fanfare, presumably due to its inflammatory name, Donald Daters, and political ties, right?
And things kicked off with some fanfare, presumably due to its inflammatory name, Donald Daters, and political ties, right?
Yep.
The dating app launch got decent amount of press coverage from the likes of Fox News and Newsweek and others.
Does this app also give you tips on how to have a more successful date? You know, topics to discuss.
Wear your Make America Great Again hat.
Exactly. Walls.
Yeah. A red scarf always goes a long way.
It does. His goes a long way, doesn't it? I mean, you know, how to do your hair nicely for a date, that sort of thing. I mean, who would—
Where the best tanning salons are.
Are you actually serious? Is this actually a real app or is this a joke?
Yes, this is a very real app. Now, see where we are now, right? The app is launched, the press lapped it up.
Of course they would write about it. Yes.
And a few measly hours later, TechCrunch, Motherboard, and other security or technology-related publications report that the app has 1,600 users and counting so far.
Okay.
And the question is, how do they know that? Because it wasn't a big celebratory tweet from the Donald Daters. No, it was a huge privacy blunder uncovered by Robert Baptiste.
Oh, hello, ding dong.
Robert Baptiste is a security researcher who tweeted that Donald Daters effectively had piss-poor data privacy and security in place.
Now, he tweeted this via his Elliot Alderson Twitter handle. Okay, this is a nod to the Mr. Robot main character.
And Baptiste tweeted, "Hi @FoxNews and @RealDonaldTrump supporters, you should not use this app.
In 5 minutes, I managed to get the list of all the people registered, names, photos, personal messages, token to steal their session.
Ouch." In other words, Robert claims to have the names, photos, and tokens of the 1,600 or so registrants on this pro-Trump dating site.
And the full tweet thread actually, Graham, is rather juicy. This guy has been working it mad. I doubt he has slept since Monday.
So he's tweeted things "currently there are 1,607 users in the application and 128 rooms."
Now, he tweeted this via his Elliot Alderson Twitter handle. Okay, this is a nod to the Mr. Robot main character.
And Baptiste tweeted, "Hi @FoxNews and @RealDonaldTrump supporters, you should not use this app.
In 5 minutes, I managed to get the list of all the people registered, names, photos, personal messages, token to steal their session.
Ouch." In other words, Robert claims to have the names, photos, and tokens of the 1,600 or so registrants on this pro-Trump dating site.
And the full tweet thread actually, Graham, is rather juicy. This guy has been working it mad. I doubt he has slept since Monday.
So he's tweeted things "currently there are 1,607 users in the application and 128 rooms."
So what's a room? What's it?
I don't know. I guess from what I saw on the website, there's a room where you can go and chat, right? You're like-minded Trump supporters.
Welcome to the room. Let's talk.
Red door.
Red door.
Choose the red door. He directly tweeted Emily, goading her to reply with a hi. He created a video to prove his findings, or to attempt to prove his findings.
And Baptiste says at one point, "that's the whole point, hire competent programmers." So the driver in here seems to be clean up your backend, Donald Daters.
Now Baptiste has since tweeted that the vulnerability has been closed.
And Baptiste says at one point, "that's the whole point, hire competent programmers." So the driver in here seems to be clean up your backend, Donald Daters.
Now Baptiste has since tweeted that the vulnerability has been closed.
It's filthy.
Well, you're— it's your mind that's filthy.
It's just vulgar. Carry on, carry on.
Since tweeted that the vulnerability has been fixed and congratulated Emily for the quick response, right? But was it quick enough?
There is that saying, you live and die by the sword, right? And the same goes for PR.
You launch something with mega media appeal, a site called Donald Daters, and you better get it right. Because any faux pas is going to be much juicier to the press.
There is that saying, you live and die by the sword, right? And the same goes for PR.
You launch something with mega media appeal, a site called Donald Daters, and you better get it right. Because any faux pas is going to be much juicier to the press.
It's an interesting theory, Carole, and it's one which I would have ascribed and agreed with prior to 2016.
However, I think recent experience has shown that you can get things massively, massively wrong or incorrect and not be punished at all. In fact, you can go from—
However, I think recent experience has shown that you can get things massively, massively wrong or incorrect and not be punished at all. In fact, you can go from—
Yes.
You can carry on seemingly without a care in the world with nothing happening to you.
Nothing at all.
So the press is irrelevant, right? This is all fake news. What does it matter? "Who cares the app was rubbish? Now it's brilliant. Stop being so negative." It's a great app.
It's the best app I've ever seen. Everyone should use this app. I endorse this app. Okay, now there's another issue here.
And that is that Robert went nuclear on this site's incompetence.
It seems that rather than telling them privately, and getting Donald Daters to fix the vulnerability before shouting publicly about it, he went straight for the PR jugular and started tweeting and leaking out little bits and bobs of information.
And that is that Robert went nuclear on this site's incompetence.
It seems that rather than telling them privately, and getting Donald Daters to fix the vulnerability before shouting publicly about it, he went straight for the PR jugular and started tweeting and leaking out little bits and bobs of information.
Oh really? Yeah.
So it's a hard one because on one side, it is really shameful that a site that, let me tell you this, on their FAQ, on their FAQ, they say, question number 2 is, is my information kept private on DonaldDaters?
The answer: yes, all your personal information is kept private.
We encourage safe online dating, so please be sure not to share any private information on your profile before vetting anyone you may be interested in meeting in your community.
They don't say anywhere we're gonna leave this open for everybody to come and sniff at.
The answer: yes, all your personal information is kept private.
We encourage safe online dating, so please be sure not to share any private information on your profile before vetting anyone you may be interested in meeting in your community.
They don't say anywhere we're gonna leave this open for everybody to come and sniff at.
Well, they obviously created the app with the best intentions. They had no clue as to what they were doing. That's the problem. It's a bit like—
Speculating. I hope you're right.
It's a bit like the lock company deciding, oh, we're now going to be a software company, rather than a software company saying, who may have some background in security, saying, we're going to become a lock company.
Sometimes these things are the wrong way around. These guys obviously saw a problem.
Sometimes these things are the wrong way around. These guys obviously saw a problem.
Okay, by that argument, you're saying, hey, Facebook, you're an excellent internet company. Why don't you do dating stuff?
Well, which they've done.
Which they've done. And hasn't that gone well, Graham? I'm just gonna have a little sip here. Hold on. Happy 100th, by the way.
Happy 100th, by the way. Yeah, I finished my tea. I'm afraid I haven't got any more here, but yeah.
Yeah, it's— the news is full enough of data breaches and you would like to think that they, before going live, before doing the big push and getting Forbes and Mashable to write about the app, they would—
Yeah, it's— the news is full enough of data breaches and you would like to think that they, before going live, before doing the big push and getting Forbes and Mashable to write about the app, they would—
They do a bit of testing.
They get some competent people. I'm sorry, my voice has gone so high pitched.
It's either the wine. It's almost as bad as mine. Or the shock, right?
The shock that in 2018, a website that deals with personal and private information at a launch wouldn't have checked their backend.
The shock that in 2018, a website that deals with personal and private information at a launch wouldn't have checked their backend.
Including people's messages. Yes, don't keep mentioning that. Including the private messages that they would be sending each other, which could be quite flirtatious, couldn't they?
What would a Trump supporter say to another Trump supporter if they thought, we're alone now, right? Let's cue Tiffany. Cue Tiffany. I think we're alone now.
Fancy coming back to my place for an impeachment? Boom boom boom boom.
I'm sure I could have done better than that, but I don't think I got Comey.
Comey.
Yes, Comey over here, baby.
Very good. That's good. Very good.
Mueller yogurt, anyone?
It's a bit kinky.
Hey, Graham, you were talking about Boxcryptor earlier.
Yes.
What about price? Is it super expensive?
Oh no, it's free for non-commercial use.
And if you have a company and want to take advantage of some of the enterprise features, and obviously you spend a little bit of money, but they have flexible licenses as well.
But your data is encrypted before it reaches the cloud, works with lots of cloud services, and it's cloud security made in Germany. And that's cool, isn't it?
And if you have a company and want to take advantage of some of the enterprise features, and obviously you spend a little bit of money, but they have flexible licenses as well.
But your data is encrypted before it reaches the cloud, works with lots of cloud services, and it's cloud security made in Germany. And that's cool, isn't it?
Yeah! Thank you, Boxcryptor.
Boxcryptor.com, go and check it out.
Hey Graham.
Hey Carole.
I have a question for you about these password manager things you keep talking about.
Alright, go on then, shoot.
What happens if you forget your master password? What are you going to do about that?
Oh, you think you're really clever, don't you?
Yeah.
You think if you've forgotten your master password, you can't access any of your other passwords anymore.
Well, piff-paff-poof, Carole, because if you're running LastPass Enterprise, you can integrate your password manager with Microsoft Active Directory.
And that means the same password that your employees are already comfortable with using to log into your system will unlock everything.
It will unlock their passwords, it will unlock their work. It makes it super easy to bring LastPass into your enterprise.
Well, piff-paff-poof, Carole, because if you're running LastPass Enterprise, you can integrate your password manager with Microsoft Active Directory.
And that means the same password that your employees are already comfortable with using to log into your system will unlock everything.
It will unlock their passwords, it will unlock their work. It makes it super easy to bring LastPass into your enterprise.
Seriously? And it's still super safe?
It's still super safe. Wow! That's kind of cool. It's a great way of getting new employees using passwords safer and more securely.
Rock on, LastPass, I say.
And Carole, if you, or indeed our listeners, want to try it for themselves, all they need to do is go to lastpass.com/smashingsecurity.
And welcome back, and you join us at our favourite time of the show. It's the part of the show that we like to call Pick of the Week.
And welcome back, and you join us at our favourite time of the show. It's the part of the show that we like to call Pick of the Week.
Pick of the Week. It's not our 100th Pick of the Week.
No, we didn't have them from the very beginning, did we?
No, you see how the show evolved. Maybe in the next 100.
It's when we fattened up. It's when we went from 20 minutes to about 45 minutes.
Thinking it wouldn't add anything to our workload. Ah, remember the naivete.
For some people, this may be their very first episode, so we should explain what Pick of the Week is. It's the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security related necessarily.
Should not be ever security related, though I think both of us have broken that once in a while.
Occasionally.
Very rarely.
But not this week.
Not this week.
My Pick of the Week is not security related. My Pick of the Week is a birthday. Someone who is celebrating.
Ours?
No.
Oh.
Blue Peter, British television institution, is 60 years old. 6-0. And that is quite an achievement. It's a British TV show.
Probably don't see it elsewhere in the world, so this won't mean much to people.
But the thing which I actually wanted to direct people to, because I know we have a lot of British listeners, is a poem.
Performed by none other than Tony Walsh, who some of you may know because he famously performed a poem called "This Is the Place" after the Manchester Arena bombings.
A fantastic poem. Tony Walsh, also known as Longfella, has put together a little poem celebrating Blue Peter.
And if you are of a certain age, or if you grew up with Blue Peter and you've enjoyed some of their last 5,000+ episodes—
Probably don't see it elsewhere in the world, so this won't mean much to people.
But the thing which I actually wanted to direct people to, because I know we have a lot of British listeners, is a poem.
Performed by none other than Tony Walsh, who some of you may know because he famously performed a poem called "This Is the Place" after the Manchester Arena bombings.
A fantastic poem. Tony Walsh, also known as Longfella, has put together a little poem celebrating Blue Peter.
And if you are of a certain age, or if you grew up with Blue Peter and you've enjoyed some of their last 5,000+ episodes—
Wow. Yeah, it makes us seem like small fry.
You might get a little bit of—
Physically small.
You might get a little bit of grit in your eye when you listen to this and you see the footage. It's rather wonderful.
You trying to pretend you have a heart. So this is lost on me, having not grown up in the UK and having come to the UK after Blue Peter, you know, of the age.
I would be interested, Carole, if you were to click on the link which I've included in the show notes there. And if you watched it, what kind of impact it might have on you.
Now it's about 8 minutes long.
Now it's about 8 minutes long.
Oh, great.
I'm not saying watch all of it now. We each have our Blue Peter. It's dependent on our age. From being small to growing tall, then—
Oh, inspirational music.
It's that age. Oh yeah. So are these your time's presenters then? Or these guys? Maybe those? Is your here and near or nearer yesteryear? The Early Show.
Hello there. Hello.
Because since 1958, it's been a fixture in our lives, and now 6 long decades later, it still lives and breathes and thrives.
And so for 60 years of mums and dads and countless boys and girls, it is the longest-running children's TV program in the world.
From a jolly different brick in a world of black and white to this technical that the internet ignites. It's a diary, it's a record, it's a time capsule unsealed.
So here's one we made earlier. Let's see what is revealed. Blue Peter, I'm afraid, isn't what it was.
I'm a Peter Purvis, John Noakes— ah, John Noakes— Valerie Singleton, Leslie Judd kind of guy.
That was my era of Blue Peter, and the last 6 years or so, it's not even shown on the main BBC channel anymore.
It's been siphoned off to the BBC's children's channel and you know, they don't— it's not really the institution which it once was.
And so for 60 years of mums and dads and countless boys and girls, it is the longest-running children's TV program in the world.
From a jolly different brick in a world of black and white to this technical that the internet ignites. It's a diary, it's a record, it's a time capsule unsealed.
So here's one we made earlier. Let's see what is revealed. Blue Peter, I'm afraid, isn't what it was.
I'm a Peter Purvis, John Noakes— ah, John Noakes— Valerie Singleton, Leslie Judd kind of guy.
That was my era of Blue Peter, and the last 6 years or so, it's not even shown on the main BBC channel anymore.
It's been siphoned off to the BBC's children's channel and you know, they don't— it's not really the institution which it once was.
Sadly, you have a crush on a Blue Peter presenter.
Ah, this is what's going on. Not— well, there was an incident with me and a Blue Peter presenter.
Yes.
What? What? I can't remember. It was a Blue Peter— I'd forgotten about this— the Blue Peter presenter called Janet Ellis, who is the mother of Sophie Ellis-Bextor.
Yes. A British pop star who's famous for looking like a cat.
And Janet Ellis is quite adorable.
It's nice and furry.
And I once chopped Janet Ellis's arm off on stage with a magic trick with a guillotine.
Yeah, it's good that you put the magic in there late in the sentence.
But that is as close as I've ever got to Blue Peter. But anyway, for many British people, it is a part of their growing up.
And I think even if the show isn't as beloved by the BBC as it once was, I think 60 years is tremendous.
So I am actually choosing Blue Peter as my pick of the week rather than the return of Doctor Who, which has also been rather magnificent in the last week or two. But there you are.
Oh, so that's what I'm— That's what I— that's, that is my pick of the week. Go and check out, it's actually the poem. That's my pick of the week. The poem by Tony Walsh.
Go and check it out. It's wonderful.
And I think even if the show isn't as beloved by the BBC as it once was, I think 60 years is tremendous.
So I am actually choosing Blue Peter as my pick of the week rather than the return of Doctor Who, which has also been rather magnificent in the last week or two. But there you are.
Oh, so that's what I'm— That's what I— that's, that is my pick of the week. Go and check out, it's actually the poem. That's my pick of the week. The poem by Tony Walsh.
Go and check it out. It's wonderful.
There you go, that's a bit more timely. Thank you, Carole. So my 100th pick of the week— oh no, it's not my pick of the week.
Yes, as you know, I've started off talking about, you know, Donald daters. I thought, why get off the political train now?
Yes, as you know, I've started off talking about, you know, Donald daters. I thought, why get off the political train now?
Yeah, it's not like talking about Donald Trump hasn't got us our fair number of bad reviews. Yes, on iTunes in the past. So let's carry on doing this.
Maybe we will get some positive reviews to counter the upcoming reviews we will get because we talked about this. Who knows? It is our 100th episode after all. Yes.
So I am showcasing a new song called A Scary Time, written by a US-based dance teacher, so not someone big celebi, called Lindsay Lab.
And I choose it because it is super cute and catchy as shit. It is very timely, hashtag MeToo.
So I am showcasing a new song called A Scary Time, written by a US-based dance teacher, so not someone big celebi, called Lindsay Lab.
And I choose it because it is super cute and catchy as shit. It is very timely, hashtag MeToo.
By the way, I don't think shit is that catchy.
If someone throws some shit at you it'll stick to you, honey.
Okay, okay, fair enough. All right. Sticky as shit rather than catchy as shit then. All right, fine.
You mean you're not gonna put your hands out? Go, yeah. Probably not. What are you gonna do? Back away?
Just put up an umbrella or something. I keep one on me along with my IoT key fob.
The song is kind of cheeky, but it drives home a really important message. And basically, any listeners out there who want to relate better to women should have a listen.
I can't walk to my car late at night while on the phone. I can't open up my windows when I'm home alone. I can't go to the bar without a chaperone.
I can't wear a miniskirt if it's the only one I own. I can't use the elevator after 7 PM. I can't be brutal. You love it. I love it. So, what have you learned about women?
Just interested.
I can't walk to my car late at night while on the phone. I can't open up my windows when I'm home alone. I can't go to the bar without a chaperone.
I can't wear a miniskirt if it's the only one I own. I can't use the elevator after 7 PM. I can't be brutal. You love it. I love it. So, what have you learned about women?
Just interested.
I found out, well, maybe I already had a hint of this, that it's not great being a woman all the time.
Oh, actually, no, it's pretty great being a woman most of the time.
Is it really? Yeah. Apart from the men? Yeah.
It's not all men. Not all men. Just specific men. Just a tiny, tiny, tiny proportion of men.
So there might be one.
A few rotten apples.
Right. So then there may just be a few men in your life who you have to interact with who are a complete pain.
No, I'm saying hurrah to all the good apples out there. Graham, you know what side you're on. Right?
Yeah, totally.
You're not rotten, are you?
No, no, no. I'm woke, man.
You're woke? Yeah. Isn't that what they say?
I love this video and this song because it's clever. The words are clever. It's beautifully sung. The melody. It's satirical, a little twist in the end.
And you think, oh, she didn't really mean all those things she was saying.
And you think, oh, she didn't really mean all those things she was saying.
Oh yeah. Did you need to get to the end? Did you need to get to the end to get the message?
Because now everyone who's listening needs to go listen to this song just to marvel at how long it took Graham to figure out the song's meaning.
Because now everyone who's listening needs to go listen to this song just to marvel at how long it took Graham to figure out the song's meaning.
And on that note, it's almost time to say farewell for this 100th episode of Smashing Security. It's been a ride. We've got to thank some people.
We do. Let's thank everyone. I think we need to.
Why don't we thank all of our guests? Every single one of them.
Alex, BJ, Dan, Dave, David, David, David, Duck, Geoff, Iain with an I, Iain without an I, James, Javad, John, John, Kevin, and Lisa.
Alex, BJ, Dan, Dave, David, David, David, Duck, Geoff, Iain with an I, Iain without an I, James, Javad, John, John, Kevin, and Lisa.
Maria, Martin, Michael, Miko, Nick, Peter, Phil, Bob. I was gonna say Phil Fobb. Phil, Bob, Rich, Scott, Tommy, Troy, and of course, Fanya.
Who? Who's that? I've never heard of him. We need to thank the celebrities who we wanted on but turned us down. Gary Kasparov. I never wanted him on.
Well, I hate chess now.
Chess is stupid. I bought him a bottle of vodka. You'd have thought he'd have joined. Piers Morgan. We didn't invite him on.
Yeah, we didn't invite him. He's not invited.
But, you know, and we need to thank our listeners.
Every single one of you. There's a lot of you. Can I just say, you guys are basically, if we were all in one spot, it would be Glastonbury. I was gonna say that.
It would be. There'd be a lot of mud, rain, misery, camping, bad toilets.
But hey, some excellent content.
And we got some fantastic feedback.
So we put out the call, didn't we, a couple of weeks ago saying, if you've got a favorite bit of the show, if there's something you really enjoyed, drop us a line. And people did.
They sent us tweets, they sent us private messages, emails. It was lovely hearing.
So we put out the call, didn't we, a couple of weeks ago saying, if you've got a favorite bit of the show, if there's something you really enjoyed, drop us a line. And people did.
They sent us tweets, they sent us private messages, emails. It was lovely hearing.
We won an award this year.
Yeah. And we lost an award this year. We are going to put some of your favorite bits together in a little oral montage.
Thank you everyone who sent in your favorite episodes.
We will put some of that after the theme music, but for now, I think it's time to say cheerio. Bye!
See you again next week. Won't be that long. It's not that exciting.
Look, many films these days, there's lots of sex and violence, isn't there? But there's too much of that, some people say. Personally, I can't get enough of it. I love that stuff.
But when I'm fed up with flesh, I'm not afraid. I'm not afraid to turn to fur. And so I—
But when I'm fed up with flesh, I'm not afraid. I'm not afraid to turn to fur. And so I—
This weekend— I knew you were a furrvert.
I knew it. I, this weekend, saw Paddington 2. Did you fall asleep? No, I didn't fall asleep.
Not once?
No, not once.
Did you close your eyes for a ridiculously long time and call it just blinking?
I did actually fall asleep, but I only fell asleep for a small part.
I haven't even dared watch it, but just because so many times Hollywood has taken a big steaming dump on my childhood, and I just wasn't prepared to let that happen again.
So none of you guys have Echos? I can't shout activation commands down the mic at you? Oh no, please don't ask her to do anything, she's listening. I just said her name.
I haven't even dared watch it, but just because so many times Hollywood has taken a big steaming dump on my childhood, and I just wasn't prepared to let that happen again.
So none of you guys have Echos? I can't shout activation commands down the mic at you? Oh no, please don't ask her to do anything, she's listening. I just said her name.
It's actually not even Houston Airport, it's LaGuardia Airport. So it shows you all the people sharing it can't even recognize it.
Oh yeah, criticize them for that, Carole, that they can't tell the difference. So all the people who are real airport nerds— I think you'll find that's actually LaGuardia, Nick.
You will accidentally maybe make a mistake, or you will delete a file, or you will change some code, and you want to move back in time.
You will accidentally maybe make a mistake, or you will delete a file, or you will change some code, and you want to move back in time.
Yeah, or you've had a virus threat, for example, or someone's stolen your data. Your house burns down, cat pukes on your disks, whatever. Right.
That has never happened to me, that's why I would never mention it.
That has never happened to me, that's why I would never mention it.
They recognized that they needed to keep really tight control of the fingerprint so that it's stored in a secure enclave on your typical iPhone.
And with this new iPhone as well, it's storing that facial information on the device as well.
And with this new iPhone as well, it's storing that facial information on the device as well.
I don't know why I do any research at all, really. Yeah, why do you? I don't know. I should just let Graham just do my whole story for me.
I'm just— well, I'm not trying to steal it. I was just— A little bit of tension.
Good.
They have made a candle which makes your home smell like a brand new Apple Mac.
Oh, for God's sake.
They say with every whiff of our Inspire candle, you'll find strong notes of bergamot, lemon, and tarragon. Scent profiles that clear your mind of clutter and stimulate creativity.
A unique blend of bergamot and armoise with hints of lemon, tarragon, amber, and musk create a fresh aroma that will liven up any home or office. This is ridiculous.
A unique blend of bergamot and armoise with hints of lemon, tarragon, amber, and musk create a fresh aroma that will liven up any home or office. This is ridiculous.
I don't think I can do this podcast anymore. Am I in your favorites list, maybe?
You are one of the people who I FaceTime most often.
No, no, I understand that, but there's this option, I think, to say this is a favorite person on FaceTime.
And not a favorite, but yeah, I was about to say, hashtag awkward. You're not one of my favorites. Commissioner Gordon had the Batphone, right? He could do the Bat Signal.
If the Penguin was coming in and causing trouble, he knew he could get hold of Burt Ward and the other guy. Adam West. Sorry.
They're a Hong Kong-based maker of what they call wearable toys.
If the Penguin was coming in and causing trouble, he knew he could get hold of Burt Ward and the other guy. Adam West. Sorry.
They're a Hong Kong-based maker of what they call wearable toys.
All right. Okay.
They're also very fond of the term "teledildonics," obviously. Who isn't?
So they've admitted what they call a minor bug in their Android app, which basically resulted in sound recordings being captured while the app was in use and stored on your phone's local storage.
So, whoa, whoa, whoa, whoa, whoa.
So they've admitted what they call a minor bug in their Android app, which basically resulted in sound recordings being captured while the app was in use and stored on your phone's local storage.
So, whoa, whoa, whoa, whoa, whoa.
And they were recording the sound?
Yeah.
So this guy, some guy on basically on Reddit, where everything comes from, he was cleaning up his phone and he stumbled across this audio file that he hadn't expected to be there, and it turned out that it was a 6-minute recording of his session using the Lovense Remote app.
No way! 6 minutes, eh? What is a hamburger? A hamburger is different from a beef burger, right?
So this guy, some guy on basically on Reddit, where everything comes from, he was cleaning up his phone and he stumbled across this audio file that he hadn't expected to be there, and it turned out that it was a 6-minute recording of his session using the Lovense Remote app.
No way! 6 minutes, eh? What is a hamburger? A hamburger is different from a beef burger, right?
Because ham comes from pigs. Yeah, that's not where the name comes from. It's Hamburg, the place.
Oh, really? Yeah. And it's nothing to do with hamburglers? No.
Sorry, would you consider yourself a privacy wonk?
Are you asking me or Peter? Well, you, Graham, because you just mentioned it. I think in some way, yes, absolutely.
You just said it disparagingly, and I was thinking, well, you're in that group, I think. Oh no, there's nothing—
Don't be ashamed if you're wonking. There's nothing to hide, right? I think we may have forgotten what it was like to be in the middle of the Cold War. I mean, I'm of an age.
Graham fought at the Bay of Pigs, man. Maybe not Bay of Pigs, but suddenly in the early 1980s— No, I can't. I just can't. Sorry. With his little spectacles.
Graham fought at the Bay of Pigs, man. Maybe not Bay of Pigs, but suddenly in the early 1980s— No, I can't. I just can't. Sorry. With his little spectacles.
I'm just amazed that you knew Robin, but not Batman. Graham is an unusual beast.
And they can even determine whether you swiped left or whether you swiped right.
Left, by the way, Vanja, is rejecting, and right means, oh yes, this is woman who could throw potato over house and would be good match.
She would be able to pull plough through field. This is just a little stink pad. They had no computer power.
You weren't controlling nuclear weapons from your laptop, for old and, you know, if you're installing Angry Birds, yeah, maybe it's not that big a deal, is it?
Sorry, do you understand? One petaflop! One petaflop is what I'm talking about.
Left, by the way, Vanja, is rejecting, and right means, oh yes, this is woman who could throw potato over house and would be good match.
She would be able to pull plough through field. This is just a little stink pad. They had no computer power.
You weren't controlling nuclear weapons from your laptop, for old and, you know, if you're installing Angry Birds, yeah, maybe it's not that big a deal, is it?
Sorry, do you understand? One petaflop! One petaflop is what I'm talking about.
And yet Facebook still runs really slow.
It's because these days with domain names, you don't just have characters A to Z. You've got all those crazy, kooky other countries contributing. I'm sorry, what?
Excusez-moi, monsieur.
I have to get how you did that. How are you going to listen to Smashing Security podcast while you're in the secure room? Right. No, no, no. So I'm not going to say no speakers.
My idea, it's ultrasonics, right? Get a chihuahua. Every office needs a chihuahua. A little Maltese. Or a lovely Maltese. I love Maltese. I love those. A Pooberdor. What's that?
It's the opposite of a labradoodle. And it could pick up, it could pick up the high frequencies and go yep yep yep yep yep yep.
My idea, it's ultrasonics, right? Get a chihuahua. Every office needs a chihuahua. A little Maltese. Or a lovely Maltese. I love Maltese. I love those. A Pooberdor. What's that?
It's the opposite of a labradoodle. And it could pick up, it could pick up the high frequencies and go yep yep yep yep yep yep.
Poopador could be pug and Labrador actually.
That's a poor Labrador.
Poor pug. I then deleted my Facebook account and then re-upped it in 2005 and have not been able to get off the stupid thing since. So I am a super— So why can't you get off?
What are your— You guys!
What are your— You guys!
In fact, a US judge controversially ordered her to unlock an iPhone with her fingerprint.
Now, the rule is, if you ever get caught by the authorities, by the feds— cut your thumbs off. Yeah, cut your thumbs off quick. Yeah, preemptively, just in case.
You can never be too careful. Bite it off with your teeth. Bite it off and swallow those thumbs. Yep.
Now, the rule is, if you ever get caught by the authorities, by the feds— cut your thumbs off. Yeah, cut your thumbs off quick. Yeah, preemptively, just in case.
You can never be too careful. Bite it off with your teeth. Bite it off and swallow those thumbs. Yep.
And then hope the fingerprint disappears.
Before. Oh my goodness. Hope you have strong stomach acid.
That's right.
They went to his house and they found a USB thumb drive hidden inside a box of tissues.
Are you sure it's a thumb drive that he was smelling? No offense, but he is a teen boy, right?
I wonder what that thumb drive's got on it.
I understand spreadsheets a bit, but I'm no expert in all this stuff. Why are you guys giggling? He's thinking it now. He's trying not to laugh.
Is this because of the term backend guru?
Is this because of the term backend guru?
They also got hit in late July by a type of ransomware called BitPaymer, also sometimes called Frydex.
I don't know if it's called Frydex because, basically, you've— what's the bacon joke? You've lost your joke. I don't know. What's the phrase? What? Is there a bacon joke?
Fried eggs and bacon. I don't know. Let me say this again.
I don't know if it's called Frydex because, basically, you've— what's the bacon joke? You've lost your joke. I don't know. What's the phrase? What? Is there a bacon joke?
Fried eggs and bacon. I don't know. Let me say this again.
I just think if you're going to do jokes, Graham, you should just know the punchlines.
Yeah. I don't know. You're literally halfway there.
I know, but it kind of matters.
The last few steps, right? Let me introduce to you my pick of the week, which is— Oh, oh, shit.
I'm sorry. Graham, the book that you bought me called The Triceratops Who Loved Me has just been soaked.
I was always expecting that to be a book which might get slightly damp. I think you're fine. It does have wipe-down pages. No, come on, what are you talking about? No, no, I'm serious.
And so the phone does a very high-pitched squeak that you can't hear outside your hearing.
But if they're having a conversation with someone and asking them, when was the Battle of Hastings? When? What? What? What?
It's not like they can say it in a really high-pitched tone, is it? It's not like they're a dolphin.
And so the phone does a very high-pitched squeak that you can't hear outside your hearing.
But if they're having a conversation with someone and asking them, when was the Battle of Hastings? When? What? What? What?
It's not like they can say it in a really high-pitched tone, is it? It's not like they're a dolphin.
I mean, imagine, for example, Ice Road Truckers, right?
And you're trying to train them for their first journey out on the ice up north, and you would have a nice calm scene as they're kind of simulating the drive along the mountain, and suddenly hit them with a huge storm.
And you're trying to train them for their first journey out on the ice up north, and you would have a nice calm scene as they're kind of simulating the drive along the mountain, and suddenly hit them with a huge storm.
Piers Morgan's in the middle of the road. Will you avoid him or not? No, you're going to hit him. Oh, what a shame. Unfortunately, it turns out that the app has a vulnerability.
Unfortunately, my wife is also now printing a document behind me. She's somewhere else in the house.
Unfortunately, my wife is also now printing a document behind me. She's somewhere else in the house.
I was wondering what that sound was. Are you Xerox copying your butt right now? Are you paying attention to the podcast? Because this is business, not the app.
The app vulnerability was that printing is going to happen.
The app vulnerability was that printing is going to happen.
That's my guess. So I don't know how many pages there are going to be.
Maybe it's a book. Read a few lines. What is this?
Let me just find out how much she's actually printing, okay?
Now I'm done. I've said myself.
You're done. We're done. Close down the podcast. Turn off the internet. Take all the episodes off the internet. Yes. Yeah, we're gonna delete them off iTunes right now.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Show notes:
- The very first episode of Smashing Security: "One cup, two hotel guests" — Sorry about the poor audio quality. Turns out we got better…
- Yale UK announces some "unplanned network maintenance" — Twitter
- Yale UK's network maintenance isn't going well — Twitter
- Cllr Steve Wortley is not very happy with Yale UK — Twitter
- Beth is not impressed with Yale UK either — Twitter
- Kirstie Pendry doesn't fancy waking her entire street at 5am — Twitter
- Yale Smart Home Borkage: Server Issues Cause Alarm App Fail — Computer Business Review
- Yale Weds: Just some system maintenance, nothing to worry about. Yale Thurs: Nobody's smart alarm app works — The Register
- Hundreds of 'smart' locks bricked by flubbed remote update — Graham Cluley
- Hotel guests locked in their rooms by ransomware? It doesn't make sense — Graham Cluley
- 71% of Tinder users say political differences are a deal breaker — MSNBC
- New Dating App for Trump Supporters Seeks to ‘Make America Date Again’ — Newsweek
- The ‘Donald Daters’ Trump Dating App Exposed Its Users’ Data — Motherboard
- Donald Daters, a dating app for Trump supporters, leaked its users’ data — Techcrunch
- How I “found” the database of the Donald Daters App
- Robert Baptiste's video of Donald Daters vulnerability — Twitter
- Blue Peter — Wikipedia
- Tony Walsh's beautiful tribute to Blue Peter will give you goosebumps — CBBC on Twitter
- Janet Ellis — Wikipedia
- Sophie Ellis-Bextor — Wikipedia
- Tony Walsh's performance of 'This Is The Place' at the Manchester attack vigil — YouTube
- A Scary Time by Lynzy Lab — YouTube
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Boxcryptor
Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice. Visit www.boxcryptor.com now.
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
