What’s the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Now, a lot of people, it turns out, think this sounds pretty darn good.
Really?
For example, you might be thinking, oh, I can set the mood when I finally bring a date home, right?
Dim the lights, heat the waterbed, ask Alexa to play some R&B all before we walk in.
Dim the lights, heat the waterbed, ask Alexa to play some R&B all before we walk in.
Do people heat waterbeds, Carole Theriault?
Do they even exist anymore?
Smashing Security, Episode 152: Cats, Hoodies, and Rent with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 152.
My name is Graham Cluley.
My name is Graham Cluley.
Boo!
I'm Carole Theriault.
What was the boo for?
Halloween. It's today.
Oh yes.
Well, not today we're recording, but day it goes out. You see, smart thinking ahead. Strategic.
Oh, very good thinking, Crow. And we are joined by the not terribly ghoulish but wonderful technology journalist and broadcaster, David McClelland.
My goodness gracious.
That's about as scary as it gets, guys.
Don't worry. I just thought I would give you a ghoulish laugh to kick things off. And that is about as scary as I'm going to get.
You can tell he does pantomime.
Oh no, I don't.
Yes, you do.
Oh God. It's not Christmas yet.
Crow, what's coming up on the show this week?
First, thanks to this week's sponsors, Code42, LastPass, and Immersive Labs. Their support helps us give you the show for free.
Now on today's Halloween non-special, Graham shows how tech is affecting our pets. David is taking us to a hackers with hoodies competition.
And I'm seeing how some oh-so-modern landlords might be getting an extra edge if they ever wanted to evict their tenants.
All this and loads more coming up on this very unspooky episode of Smashing Security.
Now on today's Halloween non-special, Graham shows how tech is affecting our pets. David is taking us to a hackers with hoodies competition.
And I'm seeing how some oh-so-modern landlords might be getting an extra edge if they ever wanted to evict their tenants.
All this and loads more coming up on this very unspooky episode of Smashing Security.
Now, chums, chums, it's been 152 episodes and I feel like we're all friends. I think the audience knows me. I think you know me. I think there's things I can reveal about myself.
And I don't think I've ever mentioned on the podcast before my little furry friend.
And I don't think I've ever mentioned on the podcast before my little furry friend.
What, that thing in your office? That whatever it's called? The hairless thing?
Yeah, he'll often be there. What? He'll often be there between my feet while I'm recording the show. Oh dear. When I'm feeling low, he helps me get up.
It is a scary episode, guys. I'm sorry.
You know, you give him a stroke and up he pops, always eager to please, wagging away, putting a smile on your face.
I mean, I look at him askance and I worry, you know, oh, you all right? You look a bit plumper than usual. Have you chubbed up or have you lost some of your girth?
I mean, I look at him askance and I worry, you know, oh, you all right? You look a bit plumper than usual. Have you chubbed up or have you lost some of your girth?
Are you talking about Archie?
Yes, Archibald, the dog. And my concern is that he might have eaten too much or maybe too little. David, do you have a pet?
Yes, I do. She is not in here right now, my little pussycat. She's currently in the kitchen asleep.
Oh, how lovely. Well, it's a real issue for some of us, isn't it, when we go away for business. If the pet gets left alone, what are you going to do?
You're going to get someone in to house sit? Are you going to put her in a cattery or in a kennel?
You're going to get someone in to house sit? Are you going to put her in a cattery or in a kennel?
They do get depressed if you leave them alone. You know, we talk about animals feeling emotions and dogs get, you know, so sad when their owners aren't there. So sad.
My dog's Labradoodle eyes, it's the saddest thing you've ever seen when he's looking up, looking like that, you know, it's horrendous. So I don't like to leave him alone.
So I like to leave him with the in-laws instead. But a lot of people might choose to get a feeder.
And as if the world couldn't get worse enough, there are now smart versions of pet feeders, which will deliver food at set intervals.
So I like to leave him with the in-laws instead. But a lot of people might choose to get a feeder.
And as if the world couldn't get worse enough, there are now smart versions of pet feeders, which will deliver food at set intervals.
I can see this. I can see people loving this.
Well, if you're living alone and you've got a pet and you're going off to work, you may well think, well, little diddums here, I have to, you know.
Yeah. My mom's dog recently passed away, but before he passed, he was quite ill and he needed to have pills at exact times every day.
Right.
And, you know, she couldn't be handcuffed to that schedule. So she had a kind of automated feeder that would open up.
It wasn't IoT, she set it up in the morning and it would just, you know, do its thing.
It wasn't IoT, she set it up in the morning and it would just, you know, do its thing.
And she'd hide a pill inside a piece of cheese or something.
Yeah, exactly. Inside some kind of dog thing. Yeah, yeah, something scrummy. And then it opens up the little trap door. He gets his pill.
He wants it because it's got yumminess and he'd take his pills.
He wants it because it's got yumminess and he'd take his pills.
But she might be concerned, well, has the dog or whatever, or has the cat eaten what they should have eaten or have they ignored it?
In which case you might want an internet-enabled pet feeder the Xiaomi Furrytail. Now, Xiaomi, David, I'm sure they do smartphones and things that. Xiaomi.
In which case you might want an internet-enabled pet feeder the Xiaomi Furrytail. Now, Xiaomi, David, I'm sure they do smartphones and things that. Xiaomi.
Yes.
Is that how you say it, by the way? Xiaomi?
Yes, yes, Xiaomi. They're a very big Chinese brand. They operate in the super mid-market with some really quirky phones.
Well, for the cost of just about $28, you can buy this gadget from Xiaomi, which delivers food at set intervals, helps to maintain and take care of your pet's healthy diet 3 times a day, feeding them while you go off on a business trip or gallivant with your friends.
And via the connected Furrytail smartphone app, you can monitor how much food your pet has eaten, and it'll even notify you if their food has run out.
And via the connected Furrytail smartphone app, you can monitor how much food your pet has eaten, and it'll even notify you if their food has run out.
So what do you do? You run home if they haven't eaten?
Well, well, first of all, what it will do is it lights up an LED light red, so it comes up a bit an Alexa if it's talking to you, you know, a ping up a light, a different colored light, and that tells you and blinks continuously telling you it's empty.
But it may tell you while you're out at work, you better when you get home, or get home quick with some food, or go stop off at the supermarket to go and get some, right?
But it may tell you while you're out at work, you better when you get home, or get home quick with some food, or go stop off at the supermarket to go and get some, right?
So have you ever forgotten to feed your pet?
Yes. Yeah.
Have you?
Yes.
Gees, are you serious? I've never done that.
Really?
No, I'm not kidding. I really am not kidding. Maybe I'm really into food though.
I love eating and all that, so maybe I mean, I've forgotten to feed myself several times, so it's not too surprising. Yeah, yeah.
I've often— yes, exactly. I've often forgotten to feed the kids, so, you know, if that can happen, it can certainly happen with the dog as well.
Wow.
It can happen.
So you guys are the target market for this.
The other thing is though, that if you are a couple, there may be confusion as to who has fed the pet or if either of you have.
So my dog, for instance, as soon as food is put down, right, it's gone, right? The plate will be licked clean.
And so you may come and you think there's no evidence whatsoever that he has been fed and he's looking at you with those puppy dog eyes and so you feed him again, right?
In those cases, a tool like this might be useful. But beware, take heed, take heed, because according to ZDNet, a Russian security researcher called Anna Prosvatova from St.
Petersburg, she says she has found a way to hijack control of the Xiaomi Furrytail pet feeders.
And she has discovered that she could commandeer 10,950 of these pet feeders exploiting vulnerabilities in the backend API and the firmware. And so what could she do?
Well, she could mess around.
So my dog, for instance, as soon as food is put down, right, it's gone, right? The plate will be licked clean.
And so you may come and you think there's no evidence whatsoever that he has been fed and he's looking at you with those puppy dog eyes and so you feed him again, right?
In those cases, a tool like this might be useful. But beware, take heed, take heed, because according to ZDNet, a Russian security researcher called Anna Prosvatova from St.
Petersburg, she says she has found a way to hijack control of the Xiaomi Furrytail pet feeders.
And she has discovered that she could commandeer 10,950 of these pet feeders exploiting vulnerabilities in the backend API and the firmware. And so what could she do?
Well, she could mess around.
Turn them into horror feeders.
Well, yes, because she could either starve your pets, right?
Or she could overfeed your pets. Okay. But would you not know through the app? Is the app misinforming you in those cases?
I suppose, I don't know. It depends on how you set it up, Carole. I don't know. That's a level of research which one hasn't done.
But the point is that you're away and maybe the schedule has been changed. So rather than 3 times a day, it's happening 6 times a day.
But the point is that you're away and maybe the schedule has been changed. So rather than 3 times a day, it's happening 6 times a day.
Yeah.
What is scarier? Is tiny, puny, hungry animals more dangerous or overfed Digby the dog, sheepdog, biggest dog in the world being given huge amounts of food? Is that more scary?
I think you're missing the point here completely.
Oh, please tell me.
Who the heck leaves their pets for days on end with only companion being an electronic feeder and they monitor their pet through an app?
Well, when I used to have a cat before I got a dog—
Oh, I didn't know this. You were a cat person.
Well, I was at one point a single man and I'd sometimes be sent overseas on missions. We can't talk about it. On Her Majesty's Secret Service, that kind of thing.
I'd be sent on some secret mission and it'd be, well, do I want to put my cat in a cattery or do I want to have someone pop in a couple of times a day and do I trust them?
And so I think I had some kind of device which would sort of, it was clockwork rather than IoT enabled, which would slowly reveal more food to them.
Or you'd leave them a mountain of biscuits to eat and you'd come back.
I'd be sent on some secret mission and it'd be, well, do I want to put my cat in a cattery or do I want to have someone pop in a couple of times a day and do I trust them?
And so I think I had some kind of device which would sort of, it was clockwork rather than IoT enabled, which would slowly reveal more food to them.
Or you'd leave them a mountain of biscuits to eat and you'd come back.
And leave them alone for 3 days.
Well, I would argue maybe that's less stressful actually for them than putting them in a cattery, depending on the cat.
Mm-hmm.
I mean, the fact is most cats have other houses.
They have no friends that would come and visit.
Yes, but they have other families to go and visit anyway, don't they? Most cats don't belong just to one family.
'Cause once they've had breakfast at your place, they think, well, now I'll go over to the Rogers' house and go and eat with them instead. And let's go and visit Mr. and Mrs.
Williams because I'm also their pet. You know, everyone is sort of sharing animals, I think, in this way, at least with cats.
It's different with dogs, but cats are solitary creatures.
The point is, Anna Prosvatova said that a vulnerability in the device's Wi-Fi chip meant that she could even have downloaded and installed new firmware and even hijack the pet feeders into, get this, an IoT DDoS botnet.
'Cause once they've had breakfast at your place, they think, well, now I'll go over to the Rogers' house and go and eat with them instead. And let's go and visit Mr. and Mrs.
Williams because I'm also their pet. You know, everyone is sort of sharing animals, I think, in this way, at least with cats.
It's different with dogs, but cats are solitary creatures.
The point is, Anna Prosvatova said that a vulnerability in the device's Wi-Fi chip meant that she could even have downloaded and installed new firmware and even hijack the pet feeders into, get this, an IoT DDoS botnet.
Well, this just underlines once again why we don't want willy-nilly companies playing around with internet-enabled stuff without baked-in security. Oh my gosh.
So next time you leave your dog Archibald for 4 weeks, well, I don't know. As you do.
So next time you leave your dog Archibald for 4 weeks, well, I don't know. As you do.
Can I stress I do not leave my dog for that length of time. I might leave my dog for a few hours. Cats are different.
Dogs I might leave for a few hours, but you know, I think dogs need much more human companionship than cats, who frankly look down upon us. At least look down upon me.
So, Anna, you're both cat lovers now. You see, I've sort of turned to the dark side of being a dog lover in recent years.
Dogs I might leave for a few hours, but you know, I think dogs need much more human companionship than cats, who frankly look down upon us. At least look down upon me.
So, Anna, you're both cat lovers now. You see, I've sort of turned to the dark side of being a dog lover in recent years.
I like dogs.
Well, I like them both too.
Anything that's not human, it's a high five from me.
We would love a dog, and our kids would absolutely adore them, but it just doesn't fit in with our lifestyle. You know, I am that person who travels away an awful lot.
My wife works a lot. You know, I kind of don't feel as though it'd be responsible for us to have a pooch left alone quite so much.
My wife works a lot. You know, I kind of don't feel as though it'd be responsible for us to have a pooch left alone quite so much.
It'd be unfair. Yes, absolutely. Well, it's unclear whether Xiaomi are actually going to patch their pooch.
Oh, they haven't said, they haven't said whether they're—
Well, they've said they are going to release a fix, but it's unclear whether they've done it yet. But suddenly this researcher from St.
Petersburg, she contacted them asking for a bug bounty and they said, get stuffed. We don't operate a bug bounty for this particular thing.
So they're not even gonna throw her a bone.
Petersburg, she contacted them asking for a bug bounty and they said, get stuffed. We don't operate a bug bounty for this particular thing.
So they're not even gonna throw her a bone.
That's really interesting though, because I bet that's gonna be happening a lot more.
Thank you, David.
I didn't hear. Sorry.
You didn't miss anything, Carole.
The thing that's interesting, though, is that you have all these companies that aren't used to responsible disclosure and maybe don't understand all the rules that we have kind of set up in the industry.
And so when someone contacts them and they say, hey, look, you know, I found something serious, can you throw a bit of wadge my way? They don't know how to react to that.
And so when someone contacts them and they say, hey, look, you know, I found something serious, can you throw a bit of wadge my way? They don't know how to react to that.
Xiaomi actually is a much bigger firm than I think we give them credit for, you know, not some itsy bitsy little supplier of IoT devices.
10% of smartphones in Europe last year that were sold were Xiaomi smartphones, which is quite, quite something. Yeah.
10% of smartphones in Europe last year that were sold were Xiaomi smartphones, which is quite, quite something. Yeah.
In Europe?
In Europe. 10% in Europe. Yeah.
Even though no one knows how to say their name when they go into the store. They're doing all kinds of electronics and gadgets.
I mean, I even saw the Xiaomi Furry Tail Boss Cat Bed, which basically gives your cat a chair a bit like the one in Austin Powers, one of those '60s egg chairs.
So they've got all sorts, and it's not just pet-related, it's all kinds of technology. I mean, well, you're tempted, aren't you?
I mean, I even saw the Xiaomi Furry Tail Boss Cat Bed, which basically gives your cat a chair a bit like the one in Austin Powers, one of those '60s egg chairs.
So they've got all sorts, and it's not just pet-related, it's all kinds of technology. I mean, well, you're tempted, aren't you?
I see the picture, yeah. But that's not a smart-enabled chair, correct?
Not yet.
But maybe you'll be thinking, oh, there I am, far away from my pet cat, and wouldn't I like to watch him over CCTV or spin him round or something, because he really likes that.
But maybe you'll be thinking, oh, there I am, far away from my pet cat, and wouldn't I like to watch him over CCTV or spin him round or something, because he really likes that.
It looks like a perfect solution for pet scales.
You know, maybe if your feeder is feeding them too much and you are in danger of ending up with a bit of a Digby, then yes, this would be a great way of keeping them in one place long enough to get an accurate—
You know, maybe if your feeder is feeding them too much and you are in danger of ending up with a bit of a Digby, then yes, this would be a great way of keeping them in one place long enough to get an accurate—
You could monitor their weight at every moment of every day.
Patent it, David. Fork roll stills it.
Too late, too late.
It's a good idea, good idea. Right, David, what's your story for us this week?
Right, so picture the scene, if you will.
You are a tech journalist exhausted after a long shift on the news desk, and now just as you're about to close your laptop and head home, your editor taps you on the shoulder.
Let's give this a go. One more before you go, he says. Breaking story.
You are a tech journalist exhausted after a long shift on the news desk, and now just as you're about to close your laptop and head home, your editor taps you on the shoulder.
Let's give this a go. One more before you go, he says. Breaking story.
Where is he from?
Sorry, I have no idea.
Is he French?
Breaking story, there's been a data breach. Millions of user accounts hacked and floating around the web. Credit card details doxed. Bunch of teenagers claim they did it.
Make some sense of that for us, will ya? So you sigh inwardly. As conscientious a reporter as you are, you have a date night with your sofa and Mr.
Robot Season 4 queued up on your TV for tonight. Your editor senses your dismay. Don't sweat it, normal stuff. Speak to an expert or two, give it some credibility.
Try that Cluley fella if you're desperate, he's always game for a cheap quote.
Make some sense of that for us, will ya? So you sigh inwardly. As conscientious a reporter as you are, you have a date night with your sofa and Mr.
Robot Season 4 queued up on your TV for tonight. Your editor senses your dismay. Don't sweat it, normal stuff. Speak to an expert or two, give it some credibility.
Try that Cluley fella if you're desperate, he's always game for a cheap quote.
You'd have to be desperate.
I think I've been on the phone to you once or twice, Mr. Cluley, looking for a cheap quote, so thank you for that.
Yes. No other kind.
Anyway, so what do you do as a journalist?
You make a few phone calls, you get in touch with the press office of the hacked company, do some digging about, try and find out previous hacks, find out who leaked the data, speak to some experts, put together some "here's what you should do if you think that you are at risk" advice.
45 minutes later, you've got your 500 words, you're about to file them, and then it hits you, this realisation that strikes fear into the heart of a journalist.
There's something missing, something vital to communicating the essence of the story to your readership, without which your work of art may go completely unread. You need a picture.
You make a few phone calls, you get in touch with the press office of the hacked company, do some digging about, try and find out previous hacks, find out who leaked the data, speak to some experts, put together some "here's what you should do if you think that you are at risk" advice.
45 minutes later, you've got your 500 words, you're about to file them, and then it hits you, this realisation that strikes fear into the heart of a journalist.
There's something missing, something vital to communicating the essence of the story to your readership, without which your work of art may go completely unread. You need a picture.
Oh no!
Are you in charge? Is the journalist in charge of choosing the picture?
Oh, it depends on the title. You know, more often than not these days.
Oh, right, right.
You know, not everywhere has a picture desk. So what do you do?
Well, speaking as a journalist who, well, apparently what we do is we go to a folder on our desktop called "Hackers," we look inside, and we select from one of roughly 6 images, all of which have hackers in hoodies wearing jeans sat in front of a laptop with this binary rain somewhere behind us.
So for all of our literary wordsmithery, our visual creativity extends no further, it seems, than this very narrow selection of stock imagery. Am I right? Am I right?
You've seen these images?
Well, speaking as a journalist who, well, apparently what we do is we go to a folder on our desktop called "Hackers," we look inside, and we select from one of roughly 6 images, all of which have hackers in hoodies wearing jeans sat in front of a laptop with this binary rain somewhere behind us.
So for all of our literary wordsmithery, our visual creativity extends no further, it seems, than this very narrow selection of stock imagery. Am I right? Am I right?
You've seen these images?
Yes, yes, you're right, you're right.
So it's been quite a long—
I think we've all seen them. There's some that are still there from 15 years ago.
I know, I know. And let's face it, Mr. Robot itself, you know, hasn't done much to move that story forward.
Anyway, there's been a lot of chat about how we need to move this forward a little bit.
So early this year, the team at long-standing Ideas and Design Factory, IDEO, or more accurately, they've got this kind of crowdsourcing practice called OpenIDEO.
They decided to hold a competition to try and move the visual language of cybersecurity forward a little. They opened the competition earlier in the summer and the results are in.
So I invite you—
Anyway, there's been a lot of chat about how we need to move this forward a little bit.
So early this year, the team at long-standing Ideas and Design Factory, IDEO, or more accurately, they've got this kind of crowdsourcing practice called OpenIDEO.
They decided to hold a competition to try and move the visual language of cybersecurity forward a little. They opened the competition earlier in the summer and the results are in.
So I invite you—
Visual language. Sorry, I'm just trying to— I'm still processing.
Just to find some new ways visually that we can do. Yeah, exactly. Some pictures.
Less hoodies.
So I invite you, Graham Cluley, and our dear listener to have a look at the show notes and to have a look at the finalists. Because the finalists have indeed been chosen.
I think there are five kind of top finalists, lots of highly commended, and I'm interested in your thoughts on what's happened here because one of the reasons why an image like the hacker in the hoodie with the binary rain and so on has been used so much is that it's, as with all of these images, it's kind of a bit of shorthand in a way.
It's how can we try and convey something that is a little bit eye-catching, but, you know, we're not having to do too much thought on it.
And that's one way of looking at these images. There is, of course, a far greater amount of detail that I'm sure picture editors would talk about.
And then trying to redefine that, trying to move it forward, is actually more than just choosing another picture. There's actually quite a lot of things that need to happen.
So I was really interested to see what some of the designers around the world came up with to try and, you know, communicate hacking or cybersecurity in an image that isn't the archetype.
I think there are five kind of top finalists, lots of highly commended, and I'm interested in your thoughts on what's happened here because one of the reasons why an image like the hacker in the hoodie with the binary rain and so on has been used so much is that it's, as with all of these images, it's kind of a bit of shorthand in a way.
It's how can we try and convey something that is a little bit eye-catching, but, you know, we're not having to do too much thought on it.
And that's one way of looking at these images. There is, of course, a far greater amount of detail that I'm sure picture editors would talk about.
And then trying to redefine that, trying to move it forward, is actually more than just choosing another picture. There's actually quite a lot of things that need to happen.
So I was really interested to see what some of the designers around the world came up with to try and, you know, communicate hacking or cybersecurity in an image that isn't the archetype.
Okay. So in the top ideas, three of them are monsters, viri, viruses.
Yes, wormy kind of things.
That happened in the '80s. Well, early '90s. We certainly saw that kind of illustration of the virus. So I find that not very—
There's a lot of circuit boards here as well, isn't there?
A lot of circuit boards.
Yes, which isn't really what it's all about.
There's one with feet, which is making me interested. I don't know what that's about.
I think that says more about you, Carole, than I imagine, frankly.
I like Tiffany Baker's one. I guess that's probably deepfakes.
Oh, where's she? Oh, there.
Very bottom.
Yeah, it's, I mean, they're all right as one-offs, but I can't imagine these being reused.
I'm not sure this really— the, the beauty of an image of someone crouched over a keyboard is it can be— It feels rather generic, doesn't it?
I'm not sure this really— the, the beauty of an image of someone crouched over a keyboard is it can be— It feels rather generic, doesn't it?
Yes.
And so it can be applied to lots of stories, whereas these, I think because they stand out a bit more and, you know, well done to the people for coming up with things which are slightly more imaginative, but I think these could get—
Trojan.
I think these could get tired fairly— oh yes, these could get tired fairly quickly as well, couldn't they?
So is the idea that any of us can just grab these and start repurposing them for our news articles now?
So is the idea that any of us can just grab these and start repurposing them for our news articles now?
Yes, so if you have a look at the OpenIdea website and have a look on there, then they have got the Creative Commons usage, right, for them, which, let me just double-check, is Creative Commons Attribution 4 International license.
These materials can be shared, repurposed, and used for free provided you include the correct contribution— I'm sorry, the correct attribution, right?
These materials can be shared, repurposed, and used for free provided you include the correct contribution— I'm sorry, the correct attribution, right?
I think 25 is actually really nice. 25, Linda Graf.
This is great. This makes for a great podcast.
But, but I, I mean, I think what would be nice from this is if you did take a shine to any of these, a news organization could contact the artist and say, love that.
Could you do 20 in the same style?
And then, you know, we would own those and then we would be able to repurpose those and, you know, have some sort of overarching theme over our site.
But, but I, I mean, I think what would be nice from this is if you did take a shine to any of these, a news organization could contact the artist and say, love that.
Could you do 20 in the same style?
And then, you know, we would own those and then we would be able to repurpose those and, you know, have some sort of overarching theme over our site.
I mean, hey, you know what? I can't think of an industry that needs art more, to be fair. Yeah, right. You've been to the trade shows more than I have, both of you.
They are not sexy environments.
They are not sexy environments.
Well, the thing is that computers aren't very—
No, but that doesn't mean that technology is. And I find it dismal how most conventions and exhibitions look. Feels really old school and a bit sad.
So maybe bridging the arts and technology a bit might add a bit more pep to the industry.
So maybe bridging the arts and technology a bit might add a bit more pep to the industry.
It is certainly one of the challenges, whether it's pictures to accompany a feature or a news story, or even when you're putting together a technology piece for the television, you'll know this, actually finding a way to bring it visually to life that doesn't involve me or an expert or somebody sat behind a laptop screen can actually be very, very difficult.
You need to apply an awful lot of creativity to bring these things to life and put them in terms, particularly for a non-techie audience, that people can understand, that people can relate to.
It's a constant challenge, but particularly for tech.
You need to apply an awful lot of creativity to bring these things to life and put them in terms, particularly for a non-techie audience, that people can understand, that people can relate to.
It's a constant challenge, but particularly for tech.
I've just seen one of the finalists is making the comparison between a condom and putting antivirus on your computer. So they're sort of making the reference to Trojan.
This is something I saw 30 years ago. I mean, this, that was lame even then.
This is something I saw 30 years ago. I mean, this, that was lame even then.
But this is probably from kids though that weren't around then. That's the irony of it, right?
They're probably feeling like they're cutting edge, but the idea, the fundamental idea is very much the same. Maybe we're just bored of it.
Maybe it's very cool and we've just seen it so much we can't stand it anymore.
They're probably feeling like they're cutting edge, but the idea, the fundamental idea is very much the same. Maybe we're just bored of it.
Maybe it's very cool and we've just seen it so much we can't stand it anymore.
Maybe. I see a lot of sniping actually online on Twitter between some people when people post a story about some sort of breach and people say, oh, it's another hacker in a hoodie.
And it's like, well, what, what else? Thank you very much for pointing that out to me as though I wasn't aware. But what else would you have used to illustrate this?
And it's like, well, what, what else? Thank you very much for pointing that out to me as though I wasn't aware. But what else would you have used to illustrate this?
Imagine someone showed, you know, it's a DDoS story and you want to show that process. We have a lot of little dots, a lot of little lights, a lot of little, you know.
The artwork's good though.
The artwork's good though.
Yeah, yeah, I think it may point people in the right direction, and maybe it'd be great to give some people who have artistic talent the ability to score a contract and do some work for people rather than everyone just ripping off this freely available imagery which is out there.
But I think that's what I take away from this.
There has been a lot of maligning of the archetypal hacker in a hoodie and a lot of, yeah, can't we just be more creative and do something else?
But, you know, what even an organization the size of IDEO running a competition that hundreds of people have entered, actually there still doesn't seem to be something which everyone goes, "Oh yeah, okay, yeah, let's go off in this direction." That's way better.
Yeah, exactly.
So I think the next time I feel like sniping, which I would try not to do, or anyone feels like sniping, actually have a think about, well, okay, how would I address this?
How would I come up with a creative image to tell this story?
There has been a lot of maligning of the archetypal hacker in a hoodie and a lot of, yeah, can't we just be more creative and do something else?
But, you know, what even an organization the size of IDEO running a competition that hundreds of people have entered, actually there still doesn't seem to be something which everyone goes, "Oh yeah, okay, yeah, let's go off in this direction." That's way better.
Yeah, exactly.
So I think the next time I feel like sniping, which I would try not to do, or anyone feels like sniping, actually have a think about, well, okay, how would I address this?
How would I come up with a creative image to tell this story?
Well, I'll tell you an innovative approach. Carole, she'll be too shy to mention this, but she is something of an artist. She's been working with watercolors recently.
She's been doing some painting, but I've also seen some magnificent work she's done in the past with Microsoft Paint.
And I think if she were to do the hacker in a hoodie over a keyboard in Microsoft Paint, that would be something the world has never seen the like of before.
She's been doing some painting, but I've also seen some magnificent work she's done in the past with Microsoft Paint.
And I think if she were to do the hacker in a hoodie over a keyboard in Microsoft Paint, that would be something the world has never seen the like of before.
TM Carole Theriault.
Yeah, it's true.
Maybe you can do us one, Carole, and we'll post it up on Twitter so people can see it. Link to it in the show notes. No pressure. Carole, what's your story for us this week?
Well, I want you to imagine that you're young, fancy-free, and just arriving in New York City.
Sounds perfect.
And you are a total noob to city life. I mean, back home, your best friend was the fat cow living next door.
I'm sorry, you know, an actual cow, like the four-legged dairy moo moo cow, right?
I'm sorry, you know, an actual cow, like the four-legged dairy moo moo cow, right?
Sheesh, literally a cow.
Okay, you're far from loaded, okay? I'm talking money-wise. You have no money, and most people's number one task in that case is secure a roof over your head.
And the dream, especially in New York City of course, is to land yourself a rent-controlled apartment, right?
This is the pinnacle of paradise if you're a normal human being on a fixed budget.
And the dream, especially in New York City of course, is to land yourself a rent-controlled apartment, right?
This is the pinnacle of paradise if you're a normal human being on a fixed budget.
Rent-controlled means they can't put your rent up too dramatically, is that right?
Well, I'm just going to tell you right now because I wasn't exactly sure what a rent-controlled apartment was, right?
So it's a very tricky affair to find one because rent control happens when a tenant has been living continuously in their apartment since July 1st, 1971.
So it's a very tricky affair to find one because rent control happens when a tenant has been living continuously in their apartment since July 1st, 1971.
Oh, crumbs!
In a building constructed before 1947.
That narrows it down.
Narrows it down.
Now, there's other rent subsidies and rent stabilized is the other word, but effectively, they're to help people live in a city that has huge, huge inflation in the market, right?
You wouldn't be able to live there otherwise. The neighborhoods have exploded in real estate value. So today, there's only 22,000 rent control apartments left in the city.
Down from 2 million in the '50s. So say I lived in New York City and I had one of these apartments.
Now, there's other rent subsidies and rent stabilized is the other word, but effectively, they're to help people live in a city that has huge, huge inflation in the market, right?
You wouldn't be able to live there otherwise. The neighborhoods have exploded in real estate value. So today, there's only 22,000 rent control apartments left in the city.
Down from 2 million in the '50s. So say I lived in New York City and I had one of these apartments.
Yeah.
If I died or moved, certain family members, including non-traditional family members like unmarried couples who have been living in the apartment, can take over the tenancy in some cases.
So in your case, if someone left you a flat, you'd be sitting pretty. You'd be sitting there going, this is excellent.
And the reason it's excellent is because you'd be paying $1,500 a month instead of $4,000 a month for the exact same apartment in the exact same building.
So in your case, if someone left you a flat, you'd be sitting pretty. You'd be sitting there going, this is excellent.
And the reason it's excellent is because you'd be paying $1,500 a month instead of $4,000 a month for the exact same apartment in the exact same building.
Carole, if I were you and you had this property, I'd be worried that your relatives might be trying to knock you off to get it.
I mean, if it was that valuable, they'd think, oh, you know, put something in her tea.
I mean, if it was that valuable, they'd think, oh, you know, put something in her tea.
Well, lucky for you, you have an Aunt Agatha that lives in New York City, and she's left you her cat saying, as long as this cat's alive, you can live here.
For the beautiful rent of $1,500 a month instead of $4,000.
For the beautiful rent of $1,500 a month instead of $4,000.
Easy, I'll set up a pet feeder.
No problem.
Exactly.
And you know, you of course don't hesitate, right?
Because this is, you know, you plan to treat that cat like the Messiah because, you know, he's basically your ticket to party town.
Because this is, you know, you plan to treat that cat like the Messiah because, you know, he's basically your ticket to party town.
Well, I wouldn't treat him exactly like the Messiah because, because yeah, yeah, we know what happens.
And you know, life is awesome. Cat stays alive. You sit on your balcony, Audrey Hepburn style, strumming your guitar.
Oh, lovely.
And one day you hear that your landlord is smartening up, quote unquote, all the apartments in the building. And by smart, I mean internet connections.
We're talking facial recognition systems at the entrance, smart thermostats, leak sensors, voice control, smart plugs, smart lights, home assistants, et cetera, et cetera, et cetera.
Now, a lot of people, it turns out, think this sounds pretty darn good.
We're talking facial recognition systems at the entrance, smart thermostats, leak sensors, voice control, smart plugs, smart lights, home assistants, et cetera, et cetera, et cetera.
Now, a lot of people, it turns out, think this sounds pretty darn good.
Really?
For example, you might be thinking if you were young, like my protagonist in this story, you might be thinking, ooh, I can set the mood when I finally bring a date home, right?
Dim the lights, heat the waterbed, ask Alexa to play some chill, you know, R&B, all before we walk in.
Dim the lights, heat the waterbed, ask Alexa to play some chill, you know, R&B, all before we walk in.
Do people heat waterbeds?
Do they even exist anymore?
It's like, you know, you might be thinking, what landlord's going to go through all that, getting all that stuff hooked up and connected, and how are they going to make it all work?
Well, there's a market vacuum happening because most landlords can't do that, and there's these companies, these tech firms, who are basically streamlining all these IoT services for multifamily properties or rentals.
That's what they call them in the States, multifamily properties, right?
So basically these companies would come and inspect the property, talk about what you need as a landlord, install all the tech.
And of course, as with most things, the installation process is a bit of a pig, but the promise is smooth sailing for the landlord and tenant thereafter.
So I'm going to give you an example here. Let's take this as a case study. So this company called Smart Rent.
Now, this is one about two dozen or so companies that offer similar services.
So they roll up all the smart apps and stuff from your thermometers and your door controls and your lights and all that stuff into a nice handy app.
And the sales pitch to the renters is effectively exactly that.
You can manage all your food deliveries and babysitters and dog walkers and cat feeders and, you know, your domestic cleaners and all that stuff can all get managed by the app.
You know, you may have approved and they are legitimately allowed to go into your flat, but you don't have to be there.
It's like, you know, you might be thinking, what landlord's going to go through all that, getting all that stuff hooked up and connected, and how are they going to make it all work?
Well, there's a market vacuum happening because most landlords can't do that, and there's these companies, these tech firms, who are basically streamlining all these IoT services for multifamily properties or rentals.
That's what they call them in the States, multifamily properties, right?
So basically these companies would come and inspect the property, talk about what you need as a landlord, install all the tech.
And of course, as with most things, the installation process is a bit of a pig, but the promise is smooth sailing for the landlord and tenant thereafter.
So I'm going to give you an example here. Let's take this as a case study. So this company called Smart Rent.
Now, this is one about two dozen or so companies that offer similar services.
So they roll up all the smart apps and stuff from your thermometers and your door controls and your lights and all that stuff into a nice handy app.
And the sales pitch to the renters is effectively exactly that.
You can manage all your food deliveries and babysitters and dog walkers and cat feeders and, you know, your domestic cleaners and all that stuff can all get managed by the app.
You know, you may have approved and they are legitimately allowed to go into your flat, but you don't have to be there.
Convenient, capital C, right?
Oh, I see.
Yeah.
And the pluses from the landlord are also many because, you know, they can see which flats are vacant and they can get immediate notifications of problems and manage work orders and manage leases and even coordinate moving in and out and turning off, you know, services and changing lock codes, Wi-Fi passwords, all that from a single app.
Convenient with a capital C. So both sides see the benefits, but I'm looking at this and I'm thinking, what does Smart Rent get out of this, right?
They could be able to collect quite a bit of information if they're just a wrapper around all this information.
Convenient with a capital C. So both sides see the benefits, but I'm looking at this and I'm thinking, what does Smart Rent get out of this, right?
They could be able to collect quite a bit of information if they're just a wrapper around all this information.
You're so cynical.
I know. Well, you know me, can't resist checking out the privacy policy, right?
Gosh, you're so much fun at parties, Carole.
You know what?
I am actually excellent at parties, and you've been to many. You've been to many, Mr. Cluley. And you'd be wrong.
It always gets a bit wild when you get the privacy policy out. Go through the terms and conditions of the party.
Now look, I have pasted in for your amusement.
Yes.
This is from their privacy policy and this is what they say the information they collect from the app.
All right.
Who they can share it with.
Okay. Yeah.
And this is including your personal information as well as information collected by some of the services you've chosen to use. Right.
This can be shared with affiliates, business partners, service providers, business transfers, landlords, roommates, in response to legal process.
So if someone demands something to protect us and others, they say.
This can be shared with affiliates, business partners, service providers, business transfers, landlords, roommates, in response to legal process.
So if someone demands something to protect us and others, they say.
What does 'to protect us and others' mean? What do they mean by that?
We may also disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, fraud, situations involving potential threats to the safety of any person.
So if they suspect I'm up to something a bit dodgy, they'll be able to use all this. Yeah. Okay.
All right. So if you're a trailblazer, all this information, of course, this is maybe information that you may not want to share with all these people.
And then this is printed really quite clearly in their privacy. It's not buried in the tiny T's and C's. It's pretty clear at the beginning of the front.
But residents have to pay around $20, $25 a month for these services.
And then this is printed really quite clearly in their privacy. It's not buried in the tiny T's and C's. It's pretty clear at the beginning of the front.
But residents have to pay around $20, $25 a month for these services.
Yes.
Wow.
And we'll have very little say in whether they're paying for that or not. They have to pay if it's there. Yes.
We're gonna see some serious growth in this space. Smart Rent, this case study here, received $32 million from Bain Capital Ventures.
Now the money is not huge, but Bain Capital Ventures are the owners of nearly 1 million US apartments, and they are very interested in all this.
And Gartner, the analyst firm, recently listed smart spaces, which is basically office but same idea, as a top tech trend for 2020.
So if we go back to our New York-based bald cat babysitter, and you know, this guy loves the convenience, loves the connectivity, but what if your landlord wanted you out?
Because of course, if you get kicked out, they can get 3 times as much for the apartment.
So doesn't that mean that you have to follow every single rule that's in your tenancy agreement?
I fear this tech gives landlords a huge unfair advantage because we all have to become model tenants.
Break any of the rules, right, that can be proven by a simple data log and you can get kicked out on the street.
Now the money is not huge, but Bain Capital Ventures are the owners of nearly 1 million US apartments, and they are very interested in all this.
And Gartner, the analyst firm, recently listed smart spaces, which is basically office but same idea, as a top tech trend for 2020.
So if we go back to our New York-based bald cat babysitter, and you know, this guy loves the convenience, loves the connectivity, but what if your landlord wanted you out?
Because of course, if you get kicked out, they can get 3 times as much for the apartment.
So doesn't that mean that you have to follow every single rule that's in your tenancy agreement?
I fear this tech gives landlords a huge unfair advantage because we all have to become model tenants.
Break any of the rules, right, that can be proven by a simple data log and you can get kicked out on the street.
Which has never happened at one of your parties, has it, Carole?
Remember there was a party once in your hotel room at a virus bulletin conference which, yeah, yes, one of those boring parties where I pulled out my T's and C's.
I remember I only had—
Remember there was a party once in your hotel room at a virus bulletin conference which, yeah, yes, one of those boring parties where I pulled out my T's and C's.
I remember I only had—
and we got kicked out. But yeah, do you remember how we got kicked out?
Go on, go on.
So there was a knock at the door and the guys had a big tray of champagne. They'd called up a lot of times telling us to shut up and we hadn't listened, basically.
We were in the penthouse, blah blah blah. So there's a knock at the door and we open it, we're like, oh great, empty glasses, no champagne. They storm the room and get us all out.
We were in the penthouse, blah blah blah. So there's a knock at the door and we open it, we're like, oh great, empty glasses, no champagne. They storm the room and get us all out.
No! And they made—
they made me at 3 in the morning, go sit in the lobby for an hour to cool down, chill my boots. Yeah. Wow.
This technology sounds like, and I know I'm going to use a sports term here, so I apologize for that, Graham. It sounds like VAR for landlords in a way.
Sorry, sorry, I'm lost. What are you talking about, David?
VAR, video assistant referee. It's a bit like in the rugby, the Rugby World Cup TMO.
I didn't know what TMO stood for, but I saw this on the rugby at the weekend. Yes, they go to a big screen.
Maybe you should explain it for everyone else.
Well, rugby is a game where you have a ball which is shaped to— oh, you're talking to David, not me. Okay.
Yeah, so as Graham said, but in many of these sports, whether it's cricket or football or rugby or tennis with Hawkeye and so on, because human eyes are fallible and because balls move very quickly sometimes, television technology and slow motion video technology is being employed, particularly for high profile matches, so that nobody can get away with anything.
And what may once upon a time have been waved on as, yeah, it's just a thing, it's fine, using the referee's better judgment.
Now every single little thing gets picked up and people get sent off on yellow cards and games get interrupted and it's a lot less fun as a result.
And, well, not that renting should or should not be fun here, but that seems to be similar to what we're talking about here, Carole.
And what may once upon a time have been waved on as, yeah, it's just a thing, it's fine, using the referee's better judgment.
Now every single little thing gets picked up and people get sent off on yellow cards and games get interrupted and it's a lot less fun as a result.
And, well, not that renting should or should not be fun here, but that seems to be similar to what we're talking about here, Carole.
Yeah, yeah. And, you know, but no, they're not hiding this.
There's this company called Team and GateGuard and they do internet-enabled telecoms and they've been pitching their surveillance tech to landlords in New York.
And CNET got a hold of the emails. So I guess this was promo emails that they were sending out to landlords.
And they're basically telling landlords that they can use this GateGuard AI doorman intercom to photograph every visitor in the building to see if tenants are illegally subletting units or if tenants are, you know, renting out their places as Airbnbs.
With that information, they'll be able to vacate the unit.
And they say, quote, combine a $950 a month studio and a $1,400 month, one-bed studio into a $4,200 deregulated two-bedroom.
So they're actively encouraging landlords to find ways to be able to kick out these rent-controlled tenants.
There's this company called Team and GateGuard and they do internet-enabled telecoms and they've been pitching their surveillance tech to landlords in New York.
And CNET got a hold of the emails. So I guess this was promo emails that they were sending out to landlords.
And they're basically telling landlords that they can use this GateGuard AI doorman intercom to photograph every visitor in the building to see if tenants are illegally subletting units or if tenants are, you know, renting out their places as Airbnbs.
With that information, they'll be able to vacate the unit.
And they say, quote, combine a $950 a month studio and a $1,400 month, one-bed studio into a $4,200 deregulated two-bedroom.
So they're actively encouraging landlords to find ways to be able to kick out these rent-controlled tenants.
Crikey. So, and of course, it's not just a problem of who this data might be shared with, but also potentially security breaches and leaks.
And, you know, all this has been, are these people looking to take over the cat feeders as well, Carole?
And, you know, all this has been, are these people looking to take over the cat feeders as well, Carole?
Exactly. It's really quite scary when you go to a site like the one I was visiting to see how many different third parties they work with. And there are a lot.
And I'm sure that's increasing all the time.
And I don't believe they're necessarily doing the right, you know, why would they be doing all the right vetting processes every single time for each one of their partners?
And I'm sure that's increasing all the time.
And I don't believe they're necessarily doing the right, you know, why would they be doing all the right vetting processes every single time for each one of their partners?
They would never clue, would they? They wouldn't have a clue.
And when I read the privacy, because you know, I love reading privacy agreements. So I read it. In full, that whole bit, they were very cagey about what security they were offering.
They were saying, look, we do our, you know, we do reasonably well at security, but you're responsible for making sure blah, blah, blah, blah, blah.
They were saying, look, we do our, you know, we do reasonably well at security, but you're responsible for making sure blah, blah, blah, blah, blah.
Usual story.
Just taking a look at the SmartRent website, I was interested to see what their promise to users are.
And on their data security privacy page of their site, they're just under a heading, keeping your information private is our top priority. Priority.
SmartRent is committed to protecting the security of personal information.
Rest assured, we do not sell your data, full stop, to anyone, full stop, no matter how nicely they ask, full stop.
And on their data security privacy page of their site, they're just under a heading, keeping your information private is our top priority. Priority.
SmartRent is committed to protecting the security of personal information.
Rest assured, we do not sell your data, full stop, to anyone, full stop, no matter how nicely they ask, full stop.
So, you know, all I can tell you is that whenever a company says it takes security seriously, I feel very, very reassured.
Normally they say after a data breach, of course, but in the press release. But when they say that, then I have no problems whatsoever.
Normally they say after a data breach, of course, but in the press release. But when they say that, then I have no problems whatsoever.
I feel much... Don't you love a win-win situation? Imagine if you could have both enterprise-wide password management with single sign-on.
What is single sign-on?
Well, Graham, let me dazzle you. Single sign-on is designed to connect employees to high-priority apps, all without needing the user to log in at every single hurdle.
Now, by combining these two services, our friends at LastPass may have just revolutionized security at the enterprise level. Learn more at lastpass.com/smashing.
Now, by combining these two services, our friends at LastPass may have just revolutionized security at the enterprise level. Learn more at lastpass.com/smashing.
You don't need to say the forward slash.
Ah! So you've got an IT security team, but you want to turn them into security superstars? How can you best provide each employee with the opportunity to upskill themselves?
Immersive Labs provides a cloud-based system. I mean, it's available 24 hours a day, whenever is convenient. Convenient for them to learn.
It provides hands-on experience with tools, technology, and even sandboxed malware. The platform provides story-based threat simulations.
It lets teams enhance their skills while stopping an online banking breach or the hack of industrial control systems. Lots of fun to be had there.
Check out Immersive Labs' skills development platform to drive down your organization's cyber risk while reducing training costs. Check them out at immersive labs.com/light.
immersive labs.com/l-i-t-e.
Immersive Labs provides a cloud-based system. I mean, it's available 24 hours a day, whenever is convenient. Convenient for them to learn.
It provides hands-on experience with tools, technology, and even sandboxed malware. The platform provides story-based threat simulations.
It lets teams enhance their skills while stopping an online banking breach or the hack of industrial control systems. Lots of fun to be had there.
Check out Immersive Labs' skills development platform to drive down your organization's cyber risk while reducing training costs. Check them out at immersive labs.com/light.
immersive labs.com/l-i-t-e.
Okay, so it turns out that we are all bad people. Well, not all of us. Most of us though, because 60% of employees who quit their jobs admit to taking data.
That's why Code42 provides data loss protection for when employees quit. It can help you detect insider threats, investigate file activity, and respond before damage is done.
A really cool aspect is that at any time Code42 can tell you what data lives where, when it leaves, where it goes, and who has access to it.
To learn more about how you can protect your company from insider threats, visit code42.com/smashingsecurity. Now on with the show.
That's why Code42 provides data loss protection for when employees quit. It can help you detect insider threats, investigate file activity, and respond before damage is done.
A really cool aspect is that at any time Code42 can tell you what data lives where, when it leaves, where it goes, and who has access to it.
To learn more about how you can protect your company from insider threats, visit code42.com/smashingsecurity. Now on with the show.
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
It shouldn't be normally.
What shouldn't be normally, Carole?
Nothing.
It shouldn't normally—
You say it shouldn't— it definitely shouldn't be security-related.
Oh, well, maybe I have a surprise for you.
Oh, some hypocrisy perhaps. Well, my Pick of the Week this week concerns this. In real life, user interfaces are pretty dull, aren't they? They're pretty boring, pedestrian.
What is dull?
User interfaces.
UIs?
Yeah, UIs on software or hardware.
Much more boring than privacy agreements, yes.
But if you— hey, you know, if someone wanted to get their user interface out at one of your parties, Carole, that would liven things up considerably.
But if you watched the movies— depends on the person— if you watch the movies you would believe that user interfaces are completely cool in a batshit crazy bonkers kind of way.
But if you watched the movies— depends on the person— if you watch the movies you would believe that user interfaces are completely cool in a batshit crazy bonkers kind of way.
That's true.
You watch one of those Thom Cruise science fiction movies where he's sort of, you know, scouring the database.
Yeah, I watch crime stuff all the time, right?
Yeah, well, Magnify, the website sci-fiinterfaces.com chronicles the user interfaces which are used in movies and television shows for your fun and education.
And it's really quite fun because normally these user interfaces are designed in movies so that the audience will go, you know, they'll spit out their popcorn and say, that was awesome, man!
I wish we're, you know, like in Swordfish, you remember when he's trying to hack into the database and John Travolta and Halle Berry are trying to put him off or trying to encourage him?
I can't remember. You didn't miss much, Carole. Well, you know, you kind of think, what is that? That's no way is hacking like that. No way is the interface like that.
But this website doesn't critique the believability of the user interfaces, but instead looks at how the characters interact with them. And it's quite fun.
So there's lots of sci-fi movies listed up there, and if you were ever interested in what the Terminator's user interface, or the user interfaces used in Star Wars movies, or one of my favorites is 2001: A Space Odyssey, the most amazing film ever.
If you remember, he even had iPads perhaps in 2001. I think Leonard Rossiter or some of the other characters hadn't quite had that.
And it's really quite fun because normally these user interfaces are designed in movies so that the audience will go, you know, they'll spit out their popcorn and say, that was awesome, man!
I wish we're, you know, like in Swordfish, you remember when he's trying to hack into the database and John Travolta and Halle Berry are trying to put him off or trying to encourage him?
I can't remember. You didn't miss much, Carole. Well, you know, you kind of think, what is that? That's no way is hacking like that. No way is the interface like that.
But this website doesn't critique the believability of the user interfaces, but instead looks at how the characters interact with them. And it's quite fun.
So there's lots of sci-fi movies listed up there, and if you were ever interested in what the Terminator's user interface, or the user interfaces used in Star Wars movies, or one of my favorites is 2001: A Space Odyssey, the most amazing film ever.
If you remember, he even had iPads perhaps in 2001. I think Leonard Rossiter or some of the other characters hadn't quite had that.
Do you really geek out at this stuff?
Yes, I do. I find it quite cool actually. I find it very, very good. It's quite cool.
So you can go and check out sci-fiinterfaces.com and who knows, maybe it might carry on influencing and encouraging future user interface design to be more like in the movies and that could be quite funky if not entirely practical.
Cool. So that is my recommendation.
So you can go and check out sci-fiinterfaces.com and who knows, maybe it might carry on influencing and encouraging future user interface design to be more like in the movies and that could be quite funky if not entirely practical.
Cool. So that is my recommendation.
I have to say, the guy Christopher Noessel who has been populating sci-fiinterfaces.com, wow, the amount of detail and care that he's gone into with this.
It is absolutely fascinating. He really knows his stuff around this. This is the gift that keeps on giving and it goes back.
He's posting every few days with different stuff from different films that I remember as I was growing up. I mean, wow, this is good bedtime reading for a number of nights.
It is absolutely fascinating. He really knows his stuff around this. This is the gift that keeps on giving and it goes back.
He's posting every few days with different stuff from different films that I remember as I was growing up. I mean, wow, this is good bedtime reading for a number of nights.
Oh yeah, I mean, I saw for instance a movie we talked about, we mentioned a few episodes ago, was Logan's Run from the 1970s. And sure enough, Logan's Run is in there.
And he doesn't just put up a couple of screenshots, you know, he talks about these things and writes about them at length. So it's—
And he doesn't just put up a couple of screenshots, you know, he talks about these things and writes about them at length. So it's—
He has 21 posts on Barbarella. There you go. There you go.
There you go, Carole.
Well, what, someone's obsessed with something? I'll take a look. I don't know, this is kind of— it's— these things kind of weird me out a bit.
Okay, all right. Well, we look forward to your pick of the week. But in the meantime, let's hear what David's pick of the week is.
I guess we've been talking a little bit about cynicism, so I'm going to promote an antidote to that.
So last time I was on the pod here, I recommended a book by Walter Isaacson called The Innovators, and that seemed to resonate with quite a few Smashing Security listeners.
So thanks to those of you got in touch for that. I've got another book recommendation this time.
This is by Hans Rosling, and it's called Factfulness: 10 Reasons We're Wrong About the World and Why Things Are Better Than You Think.
So last time I was on the pod here, I recommended a book by Walter Isaacson called The Innovators, and that seemed to resonate with quite a few Smashing Security listeners.
So thanks to those of you got in touch for that. I've got another book recommendation this time.
This is by Hans Rosling, and it's called Factfulness: 10 Reasons We're Wrong About the World and Why Things Are Better Than You Think.
Wonderful.
I've read this.
Oh, have you? Interesting. Right, so I was first introduced to Hans Rosling's work by one of his TED Talks. He's done a few of those.
And then later on by a BBC TV show called The Joy of Stats. It's fascinating.
200 years of life expectancy across 200 countries in just 4 minutes using his signature flair, energy, and visualization.
So my first recommendation to whet your appetite for book is to watch that Joy of Stats clip.
What Hans does, apart from sword swallowing, he brings data to life in a way that we can absolutely all relate to.
And Factfulness, this book, is a culmination in many ways of his life's work as a professor of international health and how data illuminates things about us and our world that we cannot see.
And I remember when I was talking at IT events years ago about big data, actually how Hans Rosling and his work was a real inspiration and a really good case study.
Now, the big thing in his book, as you'll know, Carole, is that as humans we are all hampered by this overly dramatic worldview, he calls it.
One in which, as humans, we are for various reasons predisposed to think that the world is this awful, awful place where things aren't what they used to be.
And then later on by a BBC TV show called The Joy of Stats. It's fascinating.
200 years of life expectancy across 200 countries in just 4 minutes using his signature flair, energy, and visualization.
So my first recommendation to whet your appetite for book is to watch that Joy of Stats clip.
What Hans does, apart from sword swallowing, he brings data to life in a way that we can absolutely all relate to.
And Factfulness, this book, is a culmination in many ways of his life's work as a professor of international health and how data illuminates things about us and our world that we cannot see.
And I remember when I was talking at IT events years ago about big data, actually how Hans Rosling and his work was a real inspiration and a really good case study.
Now, the big thing in his book, as you'll know, Carole, is that as humans we are all hampered by this overly dramatic worldview, he calls it.
One in which, as humans, we are for various reasons predisposed to think that the world is this awful, awful place where things aren't what they used to be.
Never on this podcast.
Right, exactly, which is why I thought it was a good antidote.
So what Hans Rosling proposes is that we have so much baggage, whether it's from years of reading the Daily Mail or The Sun or reading the Bible or—
So what Hans Rosling proposes is that we have so much baggage, whether it's from years of reading the Daily Mail or The Sun or reading the Bible or—
He's talking to me, Crow.
Because of all of this baggage, it's impossible for us to see the world for what it is and therefore crucially for us to make good decisions.
And he's right, you know, we are all guilty of this overly dramatic worldview because bad news sticks and we've all got this rosy nostalgic view of the past.
And there are lots of reasons for that that go back to human evolution and development and so on.
And he's right, you know, we are all guilty of this overly dramatic worldview because bad news sticks and we've all got this rosy nostalgic view of the past.
And there are lots of reasons for that that go back to human evolution and development and so on.
Right, right.
It's that baggage which he's addressing. So what can save us, Carole? Data. Data can save us.
Oh yes, feel-good book, isn't it? It's the feel-good book for those of us that feel horrifically guilty for killing the world, killing the planet.
Well, I would say so, inasmuch as, well, actually, we aren't half as bad as we thought we were.
So in one of the stories, he talks about he's on stage at Davos, the big World Economic Forum event.
It was about 3 or 4 years ago, and he asked the audience, which is supposed to be the world's most informed audience of leaders and politicians and journalists, he asked them 3 multiple choice questions with 3 answers, and they're about things like how many people live in extreme poverty, the number of children in the world receiving vaccinations, and children in the world by the end of the century, and so on.
These are questions about our world that could very easily be clouded by this misguided outdated worldview.
And the thing is that the humans, even at the World Economic Forum, did worse at getting these questions right than the chimpanzees he asked at the zoo. That's right, chimps.
Chimps guessing numbers at random did better than these supposedly worldly-wise humans.
So in one of the stories, he talks about he's on stage at Davos, the big World Economic Forum event.
It was about 3 or 4 years ago, and he asked the audience, which is supposed to be the world's most informed audience of leaders and politicians and journalists, he asked them 3 multiple choice questions with 3 answers, and they're about things like how many people live in extreme poverty, the number of children in the world receiving vaccinations, and children in the world by the end of the century, and so on.
These are questions about our world that could very easily be clouded by this misguided outdated worldview.
And the thing is that the humans, even at the World Economic Forum, did worse at getting these questions right than the chimpanzees he asked at the zoo. That's right, chimps.
Chimps guessing numbers at random did better than these supposedly worldly-wise humans.
It's a shocking fact, right? I remember it is like, whoa.
And also, he also asked this same questionnaire to a number of different demographics in different countries, and he found out that basically people in the United States answer very differently— I need to be diplomatic how I say this— answer very differently to people in Sweden, for example, where he's from, again because of these clouded judgments that we all have.
Anyway, so long story short, this book is important because it helps us to challenge our view of the world, our preconceptions, our influences, and gives us lots of tips on how to see past all this political bluster, this media dramatization and PR fluff.
I'm still working through it, but if you want another opinion, Bill Gates— you may have heard of him— along with Melinda Gates became very good friends with Hans Rosling.
Bill called it one of the most important books that he's ever read, so much so he's paid for a copy of this book for every single US college graduate.
Which is quite a statement about how important he thinks it is.
Now, very sadly, Hans Rosling died fairly recently, but his work feels very much active, and this book's been posthumously published, so weirdly I feel very comfortable talking about him and it in the present tense.
So, Hans Rosling, Factfulness: 10 Reasons We're Wrong About the World and Why Things Are Better Than You Think. If you're in the US, you might be able to blag a free copy from Bill.
Otherwise, it's in all good bookstores, and I can heartily recommend just to expand your view of the world.
Whether you agree with it all or not is up to you, but certainly it is mind-expanding.
Anyway, so long story short, this book is important because it helps us to challenge our view of the world, our preconceptions, our influences, and gives us lots of tips on how to see past all this political bluster, this media dramatization and PR fluff.
I'm still working through it, but if you want another opinion, Bill Gates— you may have heard of him— along with Melinda Gates became very good friends with Hans Rosling.
Bill called it one of the most important books that he's ever read, so much so he's paid for a copy of this book for every single US college graduate.
Which is quite a statement about how important he thinks it is.
Now, very sadly, Hans Rosling died fairly recently, but his work feels very much active, and this book's been posthumously published, so weirdly I feel very comfortable talking about him and it in the present tense.
So, Hans Rosling, Factfulness: 10 Reasons We're Wrong About the World and Why Things Are Better Than You Think. If you're in the US, you might be able to blag a free copy from Bill.
Otherwise, it's in all good bookstores, and I can heartily recommend just to expand your view of the world.
Whether you agree with it all or not is up to you, but certainly it is mind-expanding.
I think that's an excellent pick of the week. Sounds very intriguing. Thank you very much, David.
It's for you, Graham. It'll cheer you up.
Yes, well, I don't need cheering up, thank you very much. But, you know, well, I don't think so. Carole, I know what's going to cheer me up. It will be your pick of the week.
Well, I was lying. It's not Sir Carole. Security related per se, more privacy related.
Right, okay.
My pick of the week is a snippet from a recent Joe Rogan podcast with Edward Snowden.
Now I am not a regular Joe Rogan listener, but someone on Reddit was waxing lyrical about this 30 minutes, the last 30 minutes of a 3-hour podcast with Edward Snowden.
Right, no, I'm totally gonna watch it all, but I haven't watched it all before this, right?
And I can say that I do not disagree with anything within his explanation on the kind of insecurity around phones, why we're slaves to them, and why the data hoovering machines behind them aren't necessarily playing fair.
It's probably the best way to say it.
Now, it's 3 hours, and he doesn't really— I mean, I'm just thinking, if I'd been talking to Joe Rogan for 2 and a half hours, right, and then had to deliver this almost effectively a kind of soapbox speech about explaining how this works, I don't think I could have done it nearly as well.
It's succinct, it's intelligent, it's accurate. And I find it a formidable feat, actually. I watched it on YouTube rather than just listen to it, which I advise as well.
But somehow it felt more powerful, which I don't normally think with podcasts.
Near the end of this segment, just to give you a taste, he says, quote, "This data is about human lives. It's data about people. These records are about you.
It's not data that's being exploited, it's people that are being exploited. It's not data that's being manipulated, it's you that's being manipulated.
And this is something I think a lot of people are beginning to understand.
Now the problem is that companies and governments are still pretending they don't understand." And he goes on to share a quote from one of his friends from the Freedom of Press Foundation, quote, "You can't awaken someone who's pretending to be asleep," which I found pretty deep.
Oh, you didn't follow me at all, did you?
Now I am not a regular Joe Rogan listener, but someone on Reddit was waxing lyrical about this 30 minutes, the last 30 minutes of a 3-hour podcast with Edward Snowden.
Right, no, I'm totally gonna watch it all, but I haven't watched it all before this, right?
And I can say that I do not disagree with anything within his explanation on the kind of insecurity around phones, why we're slaves to them, and why the data hoovering machines behind them aren't necessarily playing fair.
It's probably the best way to say it.
Now, it's 3 hours, and he doesn't really— I mean, I'm just thinking, if I'd been talking to Joe Rogan for 2 and a half hours, right, and then had to deliver this almost effectively a kind of soapbox speech about explaining how this works, I don't think I could have done it nearly as well.
It's succinct, it's intelligent, it's accurate. And I find it a formidable feat, actually. I watched it on YouTube rather than just listen to it, which I advise as well.
But somehow it felt more powerful, which I don't normally think with podcasts.
Near the end of this segment, just to give you a taste, he says, quote, "This data is about human lives. It's data about people. These records are about you.
It's not data that's being exploited, it's people that are being exploited. It's not data that's being manipulated, it's you that's being manipulated.
And this is something I think a lot of people are beginning to understand.
Now the problem is that companies and governments are still pretending they don't understand." And he goes on to share a quote from one of his friends from the Freedom of Press Foundation, quote, "You can't awaken someone who's pretending to be asleep," which I found pretty deep.
Oh, you didn't follow me at all, did you?
No, no, no. Sleep?
Are you pretending to be asleep?
No, Carole, I was—
Wake up!
I was just thinking, from the optimism of David's pick of the week to the doom and gloom of yours, maybe we should reorder and put me first so that people can cheer up afterwards.
Anyway, it's apt, it's deep, it's interesting, and I learned stuff listening to it. So I recommend that people give it a listen or actually have a watch.
I'll put the links in the show notes. You can find it on YouTube or in your favorite podcast app.
I'll put the links in the show notes. You can find it on YouTube or in your favorite podcast app.
Sounds great. I think Edward Snowden's quite an interesting chap, and I think he expresses himself often quite well.
He talked at one point about how he laments the use of the old phones because the old phones you could always take the battery out, right? And new phones you can't.
You can in some cases. Well, not in your iPhones, but in some of your Androids you can, I think. Is that right, David? You're our mobile expert.
Yeah, not so much anymore. It used to be the case, but since they've become more water resistant, they need to be more sealed units.
So yeah, it's more and more difficult to find a phone that you can take the battery out of now.
So yeah, it's more and more difficult to find a phone that you can take the battery out of now.
I mean, who doesn't use a phone in the bath, right?
Well, on that cheery note and that delightful image, Carole Theriault on the phone in the bath, hopefully lots of bubbles, we've just about wrapped it up.
David, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
David, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
It is probably on Twitter @DavidMcClelland, all the C's, all the L's, with a couple of vowels stuck in there for good measure.
And you can follow us on Twitter @SmashInSecurity, no G, Twitter allows no G, and you can follow the discussions even more on Reddit.
Go to smashingsecurity.com/reddit and it'll take you straight to our subreddit.
Go to smashingsecurity.com/reddit and it'll take you straight to our subreddit.
And once again, thanks to this week's Smashing Security sponsors: Immersive Labs, LastPass, and Code42. Their fantabulous support helps us give you this show for free.
And thank you, lovely listeners and supporters, and welcome new Patreon supporters. You too help us make this show for free, available to all those who can't afford to pay.
Feel good because you're doing good. Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
And thank you, lovely listeners and supporters, and welcome new Patreon supporters. You too help us make this show for free, available to all those who can't afford to pay.
Feel good because you're doing good. Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
Until next time, cheerio, bye-bye. Bye bye bye bye bye.
Toodaloo. Did you like my little guilt trip there?
Yes. About the Patreon.
I was just saying, because they do, right? The Patreon supporters help us give the show for free to all those people that can't pay.
Yeah.
Making me feel guilty now.
Oh, oh, well, David, there's 10 Davids who are supporting.
Yeah, you could be any of those.
David, you should have just kept quiet there.
Wow, we've got more Davids than any other.
You know what, you don't have to give us money. You give us your time, your love, and your brain, which is worth it.
David, you were top quality tonight, can I say. You were very entertaining. Not only was your pick of the week excellent, but I really enjoyed your story.
Yeah, and you made me look bad.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
David McClelland – @DavidMcClelland
Show notes:
- Security researcher gets access to all Xiaomi pet feeders around the world — ZDNet.
- Xiaomi crowdfunds the Furrytail Pet Smart Feeder with app control for 199 yuan ($28) — Gizmochina.
- How to say Xiaomi — BBC News.
- Xiaomi Furrytail Boss Cat Bed — YouTube.
- Remember that competition for non-hoodie hacker pics? Here's their best entries — The Register.
- Cybersecurity visuals challenge finalist catalog (PDF)
- SmartRent – Smart Apartment Solutions.
- Smart home tech can help evict renters, surveillance company tells landlords — CNet.
- SmartRent funding heralds new wave in 'smart home' market — Reuters.
- SmartRent's Privacy Policy.
- Sci-fi interfaces.
- Did Stanley Kubrick invent the iPad? — BFI.
- Factfulness: Ten Reasons We're Wrong About The World – And Why Things Are Better Than You Think by Hans Rosling — Amazon.
- The Joy of Stats, Hans Rosling's 200 countries, 200 years, 4 minutes — BBC Four.
- Joe Rogan Experience #1368 – Edward Snowden — YouTube.
- Joe Rogan Edward Snowden Podcast Interview Transcript: Rogan Spends Almost 3 Hours Interviewing Snowden.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Code42
Code42 provides data loss protection for when employees quit.
60% of employees who quit their jobs admit to taking data. Your organization’s data is more portable than ever and you have employees leaving everyday.
Most organizations rely on prevention but there are simply too many ways for data to leave.
To learn more about how to protect your company’s data from insider threats visit www.code42.com/smashing
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Sponsor: Immersive Labs
Immersive Labs provides the world’s first fully interactive, on-demand, and gamified cyber skills platform.
Try it for free at immersivelabs.com/lite/, and drive down your organisation’s cyber risk while reducing training costs.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
