Smashing Security podcast #143: Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians

The Apollo astronauts, right? They left an awful lot of mess around up there, didn't they? Left it later. They may have broken bylaws. So you're saying that crimes as serious as littering may have occurred in space? Or speeding. What about the moon rover?

There's no speed limit up there, dude.

Smashing Security. Episode 143. Hacking from outer space. Ukrainian crypto mining. and deep faked Canadians with Carole Theriault and Graham Cluley.

Hello, hello and welcome to Smashing Security episode 143. My name is Graham Cluley. And I'm Carole Theriault. Hello, Carole. Hello, Mr. Cluley. And we are joined by a special guest, a returning guest we have here with us today, Mr. Mark Stockley from Naked Security. Hello, Mark. Hi.

A very special guest, actually. Oh, thank you. Well, you know, in a way you're special. You're special because when I used to be editor at Naked Security, I got you in on the team from my hospital bed half an hour after coming out of an operation off my tits on drugs. And yeah.

Good days. Good days. Happy times. So basically you're saying to Mark, everything good that's ever happened to you, it's all down to you. Oh, no, no, no, no. Is that what you're claiming? No, no, no. That's the gist. I'm not disagreeing. I'm just, you know. So, Carole, what stories have we got this week?

First, hands up, unless you're driving, for this week's sponsors, LastPass and Medic Appliance. Their support helps us give you this show for free. Now, on today's show, Graham goes to space to check out a cyber attack. Don't hurry back, Graham. Mark dons his mining hat and tells us of a recent crypto jack. And this week, we will see how a controversial internet shrink deals with deepfakes. All this and loads more coming up on this episode of Smashing Security.

Now, chaps, chaps, the internet has brought some incredible advantages to criminals. One of those is that you can now commit a crime from the other side of the planet. In the old days, if you wanted to rob a building society, you would... That's a bank for a normal person. Right, or something... What? Anyway, but after you've robbed something, you'd jump in your Ford Cortina, you'd leg it off as fast as you can, zooming around the roundabouts, hoping the police weren't on your tail. Maybe you would even skip the country, flee to sunnier climes to enjoy your ill-gotten wealth.

Spain, isn't that where everyone went? Australia, Brazil,

Of course, the great train robber, Ronnie Biggs ended up there. But with the internet, you could, in theory, do that getaway before the crime is actually committed. Why not

Think in theory? I think it's been proven many times over the years.

Yeah, you could literally be on Copacabana Beach. Yeah, literally. Accessing a Wi-Fi hotspot while you break into someone's bank account, right? Which means that you're far, far away, out of reach of the long arm of the law. And the fact that the criminals who committed a crime can be thousands of miles away in a different country that's going to be a big headache to PC Plod isn't it because they have well think of all the coordination they have to do between international police forces different time zones paperwork language differences it's become more complicated and more expensive of course

Well I think actually that is part of the wonderfulness of being in a different country because of all the coordination. You can rob people in other countries. Well, no, but if you're a little, you know, even small-time robber, thief, whatever, if you are in a different jurisdiction, potentially with a different language, different country codes, all that, it's much easier, right? How many prosecutors are going to go, yeah, let's take on this international crime?

Sorry, I've lost you. Are you saying that this is a good thing, that this problem exists?

No, I'm saying that's why it's much more likely that someone's going to get away with crime if they're in a different jurisdiction or a different country than where the crime is committed.

And they have a much larger pool of victims to inflict themselves upon, don't they, compared to just being in their local area? Enormous. But what if you could get even further away than Brazil or the Arctic Circle when you initiated your hack? What if you could be in outer space?

It's lawless out there. Who's going to go after you up there?

The thing about space, though, I don't know if you've noticed that space itself is quite big. But the amount of space with Wi-Fi coverage is still quite small. And so I feel... My back garden has trouble. There aren't that many places you could hide in space, are there? Are they? Maybe not, but who's going to go up and catch them?

You don't need to go

Up and catch them. Yeah, you just leave them there. Okay, let me tell you why I'm talking about space. Because our story is going to begin in a fairly down-to-earth kind of way. A romance between someone called Summer Warden. Summer Warden. She was a former Air Force intelligence officer, and she met Lieutenant Colonel Anne McClain, who'd flown combat missions in Iraq and has an accomplished military career, and is an astronaut. Anyway, you can imagine it's all roses, it's petals, it's wonderful, gorgeous, gorgeous, gorgeous romance blossoms. And Summer and Anne got married in 2014. Ah! Yippee! But, sadly, disagreements and rot began to permeate the relationship. And one of the problems was that Anne McClain, the astronaut, wanted really to adopt Summer's young son. They were having disagreements about this.

They're married. That makes sense, right? I can see that. Exactly.

And she's had a relationship with the young boy since he's about eight months old and has been with him for years and years. So she wanted to legally adopt Summer's son. And the couple, sadly, weren't able to resolve their problems. And in 2018, they got divorced. And they've been disputing ever since how they carve up their little family.

Oh, awful. It is horrible. And two weeks ago, Anne McClain, the astronaut, was awarded rights to visit the six-year-old boy as he is now. And that's what spurred her ex-partner, Summer Worden, into making this out-of-this-world allegation. Or had the password. So okay no but this is a legitimate question I'm sorry I'm limited so Graham let's say you say to me my password is sausage dog right to your email I then go to your email address and put in sausage dog yes right with caps yes right get in does is that am I wrong I

Think the o in dog is a zero just in case anyone's listening. Are you wrong? No, you're not wrong. But that of course if I haven't authorized that access, then that does still constitute hacking. But you gave me the password. Well, but it's computer misuse. Yes, it's computer misuse. But you didn't have my authorization. And that's what the big argument is about here, right? They at some point did both have access to this account, and that was fine and dandy, and passwords were shared. And at some point later on, Summer Warden says that she no longer was given authorization to her ex-partner to connect to the bank account. Now, the astronaut's lawyer, who goes by the wonderful name of Rusty Harding, just one letter different, and that would have been even better, wouldn't it? It could have been a porn name. What, Roasty? Something like that, girl. Never mind, never mind. He said that she accessed the bank account to provide financial support for the young boy, without knowing that her ex-partner requested that she no longer do so. So there's this big furore going on. But one of the claims which is being made in the press is, is this the first ever space crime? And some people are touting it as that. I'm not sure whether it's true or not that an actual crime was committed here. I'm not sure whether it is necessarily the first. I think there have probably been other dodgy things which have gone on in space in the past. Do you have specifics? Well, that would demand research. Are you bound by confidentiality because of your previous secret work that you can't talk about for NASA? There are just things I can't say but just you know take it from me certainly the Apollo astronauts right they left an awful lot of mess lying around up there didn't they? They may have broken bylaws crimes as serious as littering may have occurred or speeding. What about the moon rover? There's no speed limit up there dude they were going at least 17 miles per hour I think up there which is pretty racy if you ask me and I'm pretty sure they weren't wearing seat belts either so there certainly have been crimes committed in the past. Do you know

I think this is a bit weak. I think that if an ex-partner if you are getting divorced and you do not want your ex-partner to access the ex-family bank account you change the freaking password. Everyone knows that maybe 10% of people but not someone as intelligent as this woman who is air force intelligence officer she doesn't know to change her passwords.

So if I plug my computer into the internet but I forget to password protect it and then you find it and you go and look at all my data and then steal it is that my fault?

I don't know that's comparable. I think it's more like you and me are married Mark okay we share a bank account we divorce right you don't change the bank account address. I don't steal from you. I just go in to make sure that you have the money you say you do to pay for our beautiful little cat. Victim blaming,

Carole. Victim blaming. That's what you're doing. It's like. You would

Change the password is my point. If we're married and we both use my car and then we get divorced and you still have a key to my car, even though it's parked at my house. And I don't change the locks on my car. It's fine for you to come and borrow it. I'm not thinking this is, you know, I think that the press went a bit crazy here saying this is the first cyber attack from space because it isn't. It's not a cyber attack in my view.

I think it's a slightly different story here. Okay so what this says to me is you know that you've made progress when you're exploring new worlds and people start doing really mundane stuff. I mean I feel sorry for everybody involved in this because divorces are just messy and everybody involved gets hurt everyone's a victim one way or another. But it's not Ebola behind but behind all of this no I see where you are today Carole just saying yeah no you're right anything less bad than Ebola yeah no Carole we'll get some mugs made up for the store I think we should it's a new catchphrase I'm slightly scared now so what I'm trying to say is so there's a divorce happening but they're just bad news, right? But somebody's doing online banking in space. How boring is that? Well, it's pretty boring being in space, I imagine. But that's amazing. It's amazing that we can do boring things in space. That's how cool NASA is.

People poo in space too, Mark, you know. That's pretty mundane.

Yes, I don't think it's in space, Carole. I think it's into little bags. Right, let's try and just raise the tone a little bit now. Mark, what's your story for us this week? Well, my story begins with a question. Shout out if you know the answer. What do nuclear power stations and Windows XP have in common? They're being phased out. Oh, good try. Neither are still receiving updates from, I don't know, what. Oh, that's not a bad shout. Is that close? Close-ish. So the answer to my question will become clear in a second. Okay, well, we're—

We're waiting. We're on tenterhooks.

We're on tenterhooks, but only for three minutes, Mark. Come on. It's not a bowler. So according to ZDNet, Ukrainian authorities are currently investigating a potential security breach at one of the country's nuclear power plants. It seems that the employees connected parts of the power plant's internal network to the internet. And in case it's not obvious, that's a big deal. Yeah. Well, parts would be all right. Like if they had a library or something, or if they had a kitchen where they were downloading recipes for making— I mean, parts would be all right to be connected to the internet. It would only matter, surely, if it was some important part. I think that's the thin end of a wedge. Okay. So the computer systems used to run things like power plants and other utilities come under the broad definition of ICS or SCADA. That's Industrial Control Systems and Supervisory Control and Data Acquisition Systems.

Sometimes acronyms are very useful. Yeah, I'm very sexy too now. Do you feel better informed now than you were 30 seconds ago?

If you weren't already married to Carole, I think I'd be quite tempted to propose to you after those acronyms. Well, we have to have a look at your car first and see. So anyway, if those acronyms sound familiar to you and you don't work in the field, then it's probably because they feature fairly regularly in the computer security press and not in a good way. So the thrust of those stories is normally that SCADA security is basically a dumpster fire and that some, perhaps many, of the systems that power critical utilities and all the other giant industrial things that you really don't want to break have all been programmed without any regard for security at all. Now, I'm using broad brushstrokes here, but that's the general thrust. So you might ask, if SCADA security is so bad, what is keeping us from Armageddon? Yeah, good. Yes, I am wondering that. Yeah. And what it is, is the great unwashed hordes of hackers and probes and script kiddies and everything else that's out there on the internet can't get to you because, like your Windows XP machine, they aren't supposed to be connected to the internet. They're air-gapped. They're air-gapped. Oh, that's the connection. Exactly. And neither of them are connected to the Internet. Well, neither of them are supposed to be connected to the Internet. Good. Yes, good. Don't put your Windows XP machine on the Internet because it hasn't received any updates for six years. And there's lots of stuff for the hackers to get into. Similarly, if you own a nuclear power plant, please don't connect it to the Internet because it also hasn't received any updates for obvious reasons. Thank you very much. So why have these Ukrainian chaps connected their nuclear power plant to the Internet? Well, there was only one reason. Gaming. There are only two possible reasons. Porn. Porn and gaming. There are three possible reasons. What have the Romans ever done for us, by the way? There is only one reason why a bunch of people who work in a nuclear power plant would willfully connect their engine of death to the Internet. Okay. And that is cryptocurrency. So the theory goes that they were mining cryptocurrency in order to take advantage of the recent spike in bitcoin prices. Well, that's what the article says. I've got a slightly different theory. So given bitcoin's ludicrously inefficient power consumption, I reckon they were probably just trying to buy a packet of bubble gum or something. So they're using all the computer power of a nuclear power station, this Ukrainian nuclear power station, to buy a packet of Hubba Bubba. But I think that's about the going rate. Company training needs to come into this, don't you think? Someone needs to train them not to plug. You think the woman who was married to someone and has her account hacked and it's her fault. But people who connect a Bitcoin mining rig to a nuclear power station need training? No, I just think in a nuclear power rig, you need some checks and balances. How were they to know? Right? It's definitely not their fault. They could play Pong. You don't need to be connected to the Internet to play Pong.

You know what? I was thinking Tetris, actually. Oh, yes. Solitaire. Both very fun.

Bitcoin is not the future. I'm here to tell you. I've come from the future and I'm here to tell you. I've seen it. Bitcoin is not the future. Just in case you were wondering. If you are from the future, can you also tell us if John McAfee is now president? I don't think you need to be from the future for that, do you? I think it's absolutely nailed on. McAfee 2024. It's gonna happen. Carole, what's your story for us this week?

Well, I would like you guys first, as Brits, to describe what you feel is a typical Canadian university professor?

I'm a Brit, so I don't have feel.

Graham, I know these academic institutions were a little bit mainstream for you. Oh, for goodness sake. But you're switched on, right?

There's suddenly going to be elbow patches. Yeah, right. I think there's going to be a lumberjack shirt and a sort of hat made out of some sort of muskrat or something. Beaver. There's going to be a beard. There's going to be a beard. And there's going to be half moon glasses. And there's going to be a voice a bit like this, talking a bit slowly in a kind of... You're saying it's Columbo. Just one more second. You're furthest from the truth. My guy, in my story, used to be a Canadian university professor. We need to know about the hat right.

But this guy what kind—

Of animal was the hat you have to pay— Attention Mark because I think you can identify this person. I'm not sure Graham can but I think you can. So this guy pooh-poohed academia to become a rather controversial internet sensation. How do I do? Very good. Who's Jordan Peterson? He doesn't have an animal hat at all.

Are you serious, Graham? Jordan Peterson—

Sounds like the kind of name of someone who'd be on Celebrity Love Island.

We have completely different echo chambers. It's amazing.

Well I don't have Love Island in my echo chamber but it just sounds like the sort of person. It's that kind of name first name Jordan I mean that's instantly a sort of negative mark totally Canadian though. It's a bit like being called Randy right it's just what seriously or having an I in your name rather than a Y at some point you know that people who did a Brandy with an I.

So just to give you a bit of context Graham because—

I don't know who this is. An irrelevant academic right because he broke through the nebulous influence barrier that is YouTube channel 2.2 million subscribers not bad right. And 2018 he had a Patreon okay we've just got a new Patreon don't we we do and but he was earning a cool million a year in 2018 last year comparable to us. Someone you should know about you know so he's someone he has opinions about things he uses social media to spread the word he's probably got a podcast so full disclosure he sold one of those three million copies to me I'm not saying I've read it but I've bought tell us who he is. I still don't understand who he is or why we should care about him so he's got a popular YouTube channel I don't know at the moment whether he's demoing video games or what what's going on what does he do. Anyway after his book came out he—

Must have got a stylist or something because he totally changed his look right. So he was this kind of caricature of a Canadian you know university prof and suddenly as soon as his book is out there he's channeling Jeremy Irons beneath an incredibly clipped beard. It's hard to say but it was one of those immaculate beards a bit like someone has their front gardens just I've just Googled image. And doesn't he wear a mentalist three-piece mid-blue suit most of the time. He's always looks like this he's got— Yes so I first heard about him in 2016 because in 2016 there was an anti-discrimination bill in Canada about gender identity becoming part of the human rights the Canadian Human Rights Code right. So the idea would be that it wouldn't matter if you were he she or anything in between you were not allowed to not get a job or be discriminated against based on your gender and he made a big stink about the fact that he would refuse to say any other pronoun other than he or she which caused a huge stink. He also says things like white privilege is a myth. He tends to fight for the marginalized man, right? And he does have a lot of concern over leftist politics. So a lot of maybe more right-leaning people tend to identify with him.

Yeah, I disagree with you slightly there. I think that the marginalized man finds him very interesting.

I bet he does. Yes, I agree.

I don't think he's specifically talking to the marginalized man I think he attracts enormous audiences of marginalized men and I don't know what kind of man I am but I've just found an image of him with Kermit the Frog.

He is fearless in terms of what he'll wade himself into so religion politics policies philosophy ideology psychology you name it nothing is too big for this guy he will have an opinion on it. So New Yorker said way back in 2018 he was and I say still remains both revered by some and reviled by others and the New York Times once referred to him as the custodian of patriarchy. So put that to you Mr Mark Stockley now pray tell why am I talking about the Jords. So according to Motherboard Jordan Peterson now has a voice simulator that was slapped up on the web by an unauthorized third party although I don't think you need to be authorized in these situations yet. The makers apparently created a neural network which they had trained on hours and hours of Peterson's real voice because he is very prolific in the YouTubes and the podcast world.

He's got a very distinct voice as well and very obvious vocal mannerisms and things like that.

It's very condescending. He's a mansplainer. Now on the website, if you went to this website right, there'd be a 21 second recording that would greet you as a visitor and it would be in Peterson's voice. And in Peterson's voice it would say, "This is not Jordan Peterson. In fact, I'm a neural network designed to sound like Dr. Peterson." Then the visitor is invited to type in some text in a box and you then press go and it will read out the text in the box in Peterson's voice. Now of course, you know that people only did this for good, right? They stuck closely to Jordan's beliefs and here is a Twitter user Beanie or Benny. Here is a link you guys can check. I don't think I'm going to include this in the pod but I think you guys might want to hear it together, okay?

So we've got a picture of Jordan Peterson appears to be a furry. He's wearing something.

So this is a rather rude furry birdie something, right? So basically some kid who could possibly have imagined that that was going to happen. Now you guys probably want to see this Jordan simulator right? Just try it out for yourself. Yeah, you can't because it was taken offline after only one week because Jordan Peterson made a huge stink about it on his blog. So he posted this long piece entitled "I Didn't Say That," okay? This is on his website and he says, quote, "It's hard to imagine a technology with more power to disrupt," unquote. And I was thinking weapons, right? Like there's quite a few. It's not.

Hyperbole, is it right?

So he also writes, "Wake up. The sanctity of your voice and your image is at serious risk. It's hard to imagine a more serious challenge the sense of shared reliable reality that keeps us linked together in relative peace. The deep fake artists need to be stopped using whatever legal means are necessary as soon as possible." Pretty strong words. So I want to hand over to you guys. Do you guys think deepfakes should be treated as an absolute priority in the cyber world? Do you think it's tearing apart our social fabric in some way?

I think it's very easy to see how it could be enormously disruptive. I don't think it's tearing apart our social fabric now, but I think if you just forget deepfakes for a second and just say it's possible, imagine if it's possible to perfectly replicate a politician or an important person saying the absolute opposite of what they believe or inciting people to violence or declaring war or saying something outrageous. The machinery is already in place. The outrage machinery is already there to take that information and just go crazy with it. I mean, it happens every day. It happens all the time already that people take things that people say out of context, that everything is 280 characters or less, and it's just a giant outrage machine primed and ready to go. So dropping deepfakes into that, yes, I think I agree that that's a potentially hugely disruptive thing. Whether or not we can actually do anything about it, I think is another story.

Okay, but on an individual level, say, right? Are deepfakes worse than a phishing scam that wipes out your livelihood or a ransomware attack that cripples emergency services?

Well, it rather depends on where your status is already. I imagine if you have your reputation destroyed by some deepfake material, people no longer trust you, or they believe that you did something bad which you never did, then that's just as bad as having your bank account emptied, isn't it?

Exactly. So I don't think it's a priority over other cyber attacks, right? I think it's as bad as all the others. The fact that Jordan Peterson makes his living, I do, on putting his voice out there, he's better at it, he's a lot more money than I do, and he wants to protect that world, doesn't mean it's the worst problem we're facing.

But do you only get to solve the absolute worst problems?

No, no. I'm just thinking it's not Ebola, is all I'm saying. Okay, another thing that's interesting, who should be punished? You touched on that earlier, Mark. That's an interesting one, right? So who do you punish in this situation? Do you punish the people that create the voice simulating software? Do you punish the site that's making it available to the public? Do you punish the user that decides to visit the site, play with it and post a creation in the social sphere? Or is it us for just talking about it? Should we punish us? Absolutely not. Definitely not us.

And that's me saying that. That's not a deepfake.

I have one more point to make. And I'm only bringing this up because, Mark, you're on the show. If it was just Graham, I wouldn't bring this up because he was long. Breathe. So insulted. But accurate. No, it's accurate. No, no. I just think you'd roll your eyes. You'd roll your eyes. I think it's interesting how both mass surveillance and deepfakes seem to be kind of developing at a similar rate. So one technology is promising to identify us, identify what we're doing, where we're doing it, what time, and then tie that to online posts to find out why we're doing such a thing. And then on the other side, you've got these deepfakes and cheap fakes that threaten to disrupt the whole digital ecosystem of identity surveillance. And it chips away at the trust that we might otherwise have had in surveillance because you're thinking, well, it could be a deepfake. Is that really Trump saying that? Oh, no, it is. It is. Yeah. Yeah. Yeah. Hey, Graham. Yes. There are people out there with companies a little bit bigger than ours. And one of the issues that they face is visibility and oversight. And when it comes to cybersecurity, that is super important. So listeners, listen up. If you do not have a password manager in your organization, please check out LastPass Enterprise. They offer centralized admin oversight and control shared access and automated user management. All this stuff makes your life easier. Plus, you can even use LastPass's single sign-on to protect all your cloud apps and give seamless access to employees. Check it out at Smashing Security. No, check it out at LastPass.com forward slash Smashing. We also are sponsored by Meta Compliance. Now, Meta Compliance reduce cybersecurity risk by providing a platform for training.

Yeah, they do online training. They've gamified it. It's animated e-learning. It teaches you and your staff all about the risks of phishing and other threats which may impact them inside business. And best thing, it's not boring. No, not boring at all. You learn everything. GDPR, malware, data security, password safety. You can grab it all and save yourself a ton of cash because you're a Smashing Security listener. Go to smashingsecurity.com slash metacompliance. On with the show. And welcome back. And you join us in our favourite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week. Oh, Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related, necessarily. Better not be. Well, my Pick of the Week this week is not security-related. It is something called the Portsmouth Sinfonia. Is that an instrument? And the Portsmouth Sinfonia. No, it is an orchestra. And it's an orchestra which was first formed in 1970. They're no longer in operation. They sort of quit. They sort of disappeared around about 1979. But they are rather unusual because it was an orchestra which had an ethos. Their feeling was that anyone could join their orchestra, regardless of talent, ability or experience. It sounds very modern, actually. It was quite modern. That's a very sort of YouTube generation orchestra. Well, you can go and check them out on YouTube. There is an album of theirs which is out there online. But we can hear them doing some of the popular classics. I would particularly point you towards their version of Also sprach Zarathustra, which you may remember was best known for its use in 2001 A Space Odyssey.

Oh! Whoa! Oh my God, it's so bad!

And... Anyone can join, Carole. Anyone, anyone can join. So this orchestra existed. We'll put links in the show notes. It's not accidentally terrible, but there's something rather wonderful about it. So they did exist for some time. There was a lot of drugs in the 70s. They tickled me quite a lot. And I've really enjoyed listening to them. Oh, my. But anyway, the Portsmouth Sinfonia, check them out on YouTube. No, don't check them out. No, go on. You'll love it. About two seconds. Yeah. No, it's much better than that. So that is my pick of the week. And we have a little chuckle. I know it's a little bit lowbrow compared to you guys talking about Jordan Peterson. I think you misunderstand me. I'm not saying it's not

Gorgeous in its own right. It's just it's very hard on the ears.

Don't misunderstand me. It's terrible. What's your pick of the week? So my pick of the week is a place, it's my favourite place in the world. I was in Cornwall last week, which gave me the opportunity to visit the Eden Project. Oh, yes. Which is, I don't even know how to describe it. It might be a theme park. It might be a greenhouse. It's a bit like a biosphere. It might be both of those things. So it is a place. And it was created by a man called Tim Smith in the millennium. It's an old clay pit in Cornwall. There was a sort of terrible, derelict, giant hole in the ground. And he's converted it into this oasis and put these two giant biomes, which are enormous greenhouses. And they're large enough, they're designed to be large enough to have full-size rainforest trees inside them. So it's incredible. It's a huge tropical biome and a Mediterranean biome and then the sort of external biome. And I went there with my kids and I wasn't, they've been to Disneyland this year, so I wasn't sure what they were going to make of this because it's basically walking around looking at plants. And their eyes were like saucers. It was absolutely, it was everything I remembered it and more. So go to the Eden Project and support them, please.

Fantastic. Gets pretty hot in there, though, doesn't it? As I remember.

It is a tropical biome. Yes, exactly. It is kind of written like... It's humid and a little bit warm. It's surprisingly warm and humid in this.

I've been there too. I quite enjoyed it, I have to say. It was good fun. Excellent. The Eden Project. Carole, what's your pick of the week?

Now, I have a number of hobbies. This is when I listen to podcasts, when I do my hobbies. And one of those hobbies is that I make bread. And my gran made bread. My mom made bread her whole life. And I make bread, right? And I love bread. And I make it almost every single day. And I make all kinds of breads, right? And Mark is new to the bread-making community.

I am. Specifically, I mean, I have a bread maker and I have had for years, but the painstaking, agonising, kind of flapping and rolling and kneading and leaving.

You've just joined the sourdough community.

I have just joined the sourdough community.

Lovely. But I think that if one loves bread, one should make a loaf at least once in their lives. I really believe that because there's nothing like eating a loaf that you've made yourself.

Well, there is something that's like eating a loaf of bread that I've made. I don't know if you've ever tried to eat building material. No, but you're trying to go for sourdough, right? You're taking on the biggest challenge there is, right? With wild yeast and all that stuff, right? So are you saying that your pick of the week is you?

No, my pick of the week is bread and making it. Go make bread.

Yes. No, I agree. I agree. It's a really beautiful thing, especially in that everyone's sitting and looking at their phones all the time. Just unplug, put a podcast on or something and go.

I've never made a proper. I mean, I've done it in a bread making machine, obviously, but I've never made a proper loaf of bread. But I think I'd quite like to do that.

Yeah. Honestly, I do feel bread making machines are cheating in my, but I also know that I come from a weird line of people that, you know, do it.

So both of you have basically joined the cult of bread making and you'll be making bread. Carole, would you say you'll be making bread until the rest of your life?

Yeah.

So you'll be. Well, if it's sourdough, yes, it's probably one or two loaves. My mum still makes bread. So you'll be making bread until you're brown bread.

Oh, I don't that bombshell ladies and gentlemen.

That just about wraps it up. Mark, I'm sure lots of our listeners would love to follow you online or find out what you're up to. What's the best way for folks to do that?

You can follow me on Twitter at Mark Stockley and at Internet of Hens and you can hear me every week on the Naked Security Podcast. And you can follow us on Twitter at Smashing Security, no G. Twitter only allows to have a G. You can also check out our online store if you want to buy a mug or a t-shirt or anything like that at smashingsecurity.com/store.

We'll have some new ones soon. Yes. Once again, thanks to this week's Smashing Security sponsors, Meta Compliance and LastPass. And thanks to you bestest listeners out there. Do you know, just by listening, you help make this show happen. And all of you who donate directly or share our shows with newbies or take time to review us or write to us, you all get a special gold star. Check out smashingsecurity.com for past episodes, sponsorship details and info on how to get in touch with us.

Until next time, cheerio.

Bye-bye. Bye. Bye. Very noisy mouse. I know. Well, I might have to go buy Jack a 20 button. It doesn't have to. You know he said it had 12 buttons. It doesn't. It has five. Yeah, he's... Yeah. Thank you.