Smashing Security podcast #162: Robocalls, health hacks, and facial recognition fears

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 / grahamcluley

Smashing Security #162: Robocalls, health hacks, and facial recognition fears

A hospital gets hacked because of an ex-employee’s grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks.

0:00
0:00 0:00
0:00
Show full transcript
TranscriptThis transcript was generated automatically, probably contains mistakes, and has not been manually verified.
MICHAEL HUCKS
This is something I flippantly recorded. It is probably going to be the most famous video that I'll ever make in my life.
GRAHAM CLULEY
Sod all that. How much is the dog getting? What percentage is the dog getting? And did you ask the dog's permission before uploading it to the internet? What about facial recognition?

There's a lot of similar looking dogs out there.
MICHAEL HUCKS
Oh, I didn't even think to ask.
Unknown
Smashing Security, episode 162. Robocalls, health hacks, and facial recognition fears. With Carole Theriault and Graham Cluley.

Hello, hello, and welcome to Smashing Security episode 162. My name's Graham Cluley.
CAROLE THERIAULT
And I'm Carole Theriault.
GRAHAM CLULEY
And we're joined this week by an old guest. Well, he's not old in years, but he was last on the show a couple of years ago. It's Michael Hucks from PC Matic. Hello, Michael.
MICHAEL HUCKS
Hello, everyone. Good to be here.
CAROLE THERIAULT
Thanks for coming back on the show.
MICHAEL HUCKS
It's my pleasure. It's been way too long.
GRAHAM CLULEY
So, Carole, I've got a funny thing happened on the sofa last night. What do you—
CAROLE THERIAULT
Do I want to know? I don't know. I want to know.
GRAHAM CLULEY
I'm not sure I should tell you or not, right? Because—
CAROLE THERIAULT
Maybe you shouldn't.
GRAHAM CLULEY
Well, maybe I shouldn't share all the details with you.
CAROLE THERIAULT
I mean, is it about me? Is it about me?
GRAHAM CLULEY
Oh, see, this is the thing. It does touch upon you. So, my wife and I, we were watching a TV show on the old Netflix.
CAROLE THERIAULT
Right.
GRAHAM CLULEY
And so, the main female character in the show, right? I say to my wife, I shouldn't really be telling you this at all, Carole. Let's just move on.
CAROLE THERIAULT
You know what, was she really cool, smart, sassy, fun?
GRAHAM CLULEY
No, I said she was kind of irritating. And my wife laughed and she said, "That's funny because she really reminds me of Carole."
CAROLE THERIAULT
And then you both died laughing. And you went, "Oh my God, you're right." No, no, no, I didn't say that, obviously.
GRAHAM CLULEY
But I thought you'd be interested in hearing that. So, I guess—
CAROLE THERIAULT
You know, I'm actually hurt.
GRAHAM CLULEY
And if anyone else wants to try this out— Oh yeah, who is it?
CAROLE THERIAULT
Who is it?
GRAHAM CLULEY
Who is it?
MICHAEL HUCKS
Are we gonna know who this mystery person is?
CAROLE THERIAULT
I can't even believe that didn't occur to me.
GRAHAM CLULEY
It's not anyone famous. Her name is Victoria Pedretti, and she is in the second season of You, which is all about a guy who stalks women in order that they fall in love with him.
MICHAEL HUCKS
I am also watching that show right now. I'm on episode 10 of the first season. So no giveaways here, but I'm in.
GRAHAM CLULEY
So yeah, so this is the second series.
CAROLE THERIAULT
Okay, so you've watched it. So this is what the girlfriend in You—
MICHAEL HUCKS
I don't believe I've made it to this person being a part of the show yet. I'm still in season 1.
GRAHAM CLULEY
The main woman in the main woman in series 2, her character's name is Love Quinn, which is a fairly ridiculous name, especially when you find out that her brother is called Forty.

I imagine her parents were fans of tennis or something. So you have love and 40.

But anyway, so— But the actress, I'm sure she's a lovely actress, but I find her extremely irritating.
CAROLE THERIAULT
And like me.
GRAHAM CLULEY
No, no, I didn't say— Do you agree though? We don't have enough time to discuss this tittle-tattle in detail. Tell us what's coming up on the show this week.
CAROLE THERIAULT
Well, yeah, no, yeah, here. Here's a little insult and now go do your job.
GRAHAM CLULEY
Yeah, what a—
CAROLE THERIAULT
Go cut a cheese sandwich.
MICHAEL HUCKS
Just move right past that.
GRAHAM CLULEY
Play the music, play the music.
CAROLE THERIAULT
Well, first we should thank this week's sponsors, DomainTools and LastPass. Their support helps us give you this show for free.

Now Graham dives into the murky case of a hospital hacker. Mikey waxes lyrical about his absolute love for robocalls.

And I'm sharing a crazy scary story about a secret facial recognition tool. All this and oh so much more coming up on this episode of Smashing Security.
GRAHAM CLULEY
Now, chums, chums, I want to talk to you today about grudges. Have you ever had a grudge, Carole?
CAROLE THERIAULT
I do now.
GRAHAM CLULEY
Yeah.
MICHAEL HUCKS
Yeah.
GRAHAM CLULEY
Maybe.
CAROLE THERIAULT
Three years of my life.
GRAHAM CLULEY
Taken a dislike to someone. Well, I'll tell you about someone who has a grudge.

His name is Daniel Mooney, and he was an administrator at a hospital in Great Britain, and he lost his job three years ago because he'd been caught remotely accessing the internal network of the heart and lung department where he worked of the Royal Stoke Hospital from his home computer.

And he was accessing that network, of course, without authorization. Whoa. Yeah, so naughty.
CAROLE THERIAULT
Well, that's just not just naughty. How the heck could he get in and do that?
GRAHAM CLULEY
Well, you know, username and password, I guess.
CAROLE THERIAULT
Right.
GRAHAM CLULEY
And it's the NHS network, and I imagine there weren't sufficient defenses in place to prevent people from logging in from remote IP addresses.

Well, the hospital came down on him hard, and he lost his job, and he was also cautioned by the police.

And as part of his caution, he agreed that he would not access any of the hospital's IT systems in future, and he would not even enter the hospital unless he was unwell or visiting a patient.
CAROLE THERIAULT
Well, okay. Yeah, it seems like—
MICHAEL HUCKS
Yeah, no, you mean he can't come to the café and grab a sandwich?
GRAHAM CLULEY
Well, you know, he might get a job, you know, serving sandwiches, or maybe he's a painter and decorator is his new job, and he has a big commission at the hospital.

Anyway, he's not allowed to come to the hospital unless he's got a broken leg or a splinter or something like that, or has a friend who has, and not have any contact with hospital staff unless asked to by the HR department.

So I guess HR were thinking, well, if he has any knowledge or if he knows any passwords or if—
CAROLE THERIAULT
Yeah, but the HR department is not his HR department if he doesn't work there anymore.
GRAHAM CLULEY
Well, this was the deal. This was— he was given the caution and he agreed to these terms, right? And so the police didn't take any further action.
CAROLE THERIAULT
Okay. Okay, I have a lot of questions here, but fine.
GRAHAM CLULEY
Well, you may have even more questions when you find out this, because it turned out that when he had accessed the network, he hadn't actually accessed any sensitive data.
CAROLE THERIAULT
So what he got fired for, he hadn't actually done what he wanted to do.
GRAHAM CLULEY
He had connected, but he hadn't accessed any sensitive data, right? And he was really peeved about this, right? Imagine someone who's very annoyed.
CAROLE THERIAULT
So he's annoyed that he's being treated like a criminal even though he did nothing wrong in his mind.
GRAHAM CLULEY
Well, in his mind, he might have thought it was. I mean, it's very strange, this case, because a bit of me thinks, was he actually testing the systems? To see if it was possible.

And certainly if I was in his shoes, maybe I would've used that kind of defense.
MICHAEL HUCKS
Sure, or was he doing work? I mean, if he wasn't accessing sensitive data, do they know why he was accessing the system?
GRAHAM CLULEY
Right, because sometimes you might log in from home to a corporate network and think, well, I can do a little bit of work. It's easier this than me driving into the office.

And some organizations have got problems with that, quite understandably, and others are much more lax about it.
CAROLE THERIAULT
So he's feeling a bit righteous. He's like, okay, I did something a little bit maybe naughty, a tiny bit, but certainly not something that deserves me losing my job.
GRAHAM CLULEY
And not being allowed to go to the hospital unless he was on leave.
CAROLE THERIAULT
Yeah, 'cause I really want a sandwich. I love those egg sandwiches.
MICHAEL HUCKS
They have really good sandwiches.
GRAHAM CLULEY
They actually, they do. I've been to some fantastic little shops in hospitals.

And wouldn't it also support the Hospital Trust more if you were to go and frequent those stores rather than the high street?
MICHAEL HUCKS
I don't know.
GRAHAM CLULEY
But anyway, he, as a result of this, of being peeved, he launched an appeal against the police caution saying, you know, this is just, this is overkill.

And that appeal was unsuccessful.
CAROLE THERIAULT
Okay.
GRAHAM CLULEY
And you know what that meant?
CAROLE THERIAULT
He's even more peeved.
GRAHAM CLULEY
Yeah, now he's got the hump, right?
CAROLE THERIAULT
Of course he does. He looks like a camel.
GRAHAM CLULEY
He looks like Quasimodo. He thought, oh, and he believed he wasn't the only person who had been remotely accessing the hospital network.
CAROLE THERIAULT
Oh, so he thought, I mustn't be the only person, but I'm taking the fall. I'm the fall guy for everybody else.
GRAHAM CLULEY
He's the fall guy. He's like Lee Majors. He's taken the brunt of all of this, whereas maybe other people should have been as well.

And the mistake he then made was to allow that grievance to grow inside him and take over all of his feelings.

And in December 2017, months after Mooney had been dismissed, the hospital's head of cybersecurity noticed something a little bit strange.
CAROLE THERIAULT
Okay.
GRAHAM CLULEY
They discovered that there was an unauthorized user with admin rights to the server. They thought, this is a little bit suspicious. Why is this extra user with all of these rights?

Who could that be?
CAROLE THERIAULT
Was it Mooney?
GRAHAM CLULEY
Well, yeah. As the police searched Mooney's home, they found two disk drives containing documents related to the disciplinary process that had been through.

Remember, he got dismissed, right?

And he had all these internal documents, documents which hadn't been shared with him about what was going to happen with Mooney and what the process was and the communications between the managers.

He'd managed to get hold of that.

And furthermore, he'd also accessed 600 staff-related documents, 150 management documents, and almost 9,000 medical images of heart scans, sort of cardiac-related stuff from his department.
CAROLE THERIAULT
Okay, so was he just grabbing everything he could get his hands on?
GRAHAM CLULEY
Well, I don't know. I mean, it seems a strange thing to collect, doesn't it? I mean, some people have got foot fetishes, right? I was waiting for one of you to say yes.
MICHAEL HUCKS
Oh yeah, look at that X-ray.
CAROLE THERIAULT
What would you call those people?
GRAHAM CLULEY
People into X-ray. Well, you know.
MICHAEL HUCKS
That's X-ray-ted. I'll see myself out.
CAROLE THERIAULT
So was he potentially, was he trying to maybe build an app and he needed that information? Was he that kind of guy?
GRAHAM CLULEY
Or was it a porn site for X-ray fetishists? I mean, there are fetishes for everything, Graham.
CAROLE THERIAULT
We could speculate very— yes.
MICHAEL HUCKS
That's a thing.

Maybe he was thinking if he just comes in and grabs as much as he can possibly grab, and just to get off the system quickly, and then he can scan through it in his own private home rather than spending hours and hours and hours on the system.
GRAHAM CLULEY
I don't know why he grabbed all this data, including the medical data.

One theory I would have would be maybe he's grabbing all this data to go back to them and say, "Aha, look, you've got security issues. Aren't I a hero?

Maybe you should reinstate me in your IT department because I can fix these kind of problems." I mean, foolhardy as that was, particularly as he'd already had a police caution, maybe that was incentive to do it.
CAROLE THERIAULT
Oh yeah, yeah, he's obviously knitting with one needle, right?
GRAHAM CLULEY
Well, he admitted an offence this last week under the Computer Misuse Act. And I wonder if you agree with this or not, he avoided jail. He has not been jailed.

Do you think he should have been jailed? Bearing in mind he's been warned before.
CAROLE THERIAULT
So he's stolen this stuff.
GRAHAM CLULEY
Yep.
CAROLE THERIAULT
But he hasn't done anything with it. He hasn't demanded ransoms. He didn't post them on the web somewhere.
GRAHAM CLULEY
Right.
CAROLE THERIAULT
Or we don't know, I suppose.
GRAHAM CLULEY
Well, as far as we know, that didn't happen, but it was being stored on his computer at home instead.
CAROLE THERIAULT
Yeah, I don't think he should go to jail.
MICHAEL HUCKS
Maybe not jail. I feel he was warned. He did have an agreement that he wasn't going to do this. It's not it just kind of came out of nowhere.
CAROLE THERIAULT
He should have aggression management courses. You know, how not to hold a grudge, how to forgive and forget. You know, how to make friends.
GRAHAM CLULEY
I think there's a lot of people who need to know how not to hold a grudge.
CAROLE THERIAULT
Yeah.
MICHAEL HUCKS
True.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
But some of us have a reason to there, Sunshine. And I don't think 15 minutes is long enough.
GRAHAM CLULEY
Instead of being given a jail sentence, he got a 12-month community order, which includes 160 hours unpaid work.
CAROLE THERIAULT
Not at the hospital.
GRAHAM CLULEY
And don't take comfort there. And he must pay £2,000 in prosecution costs as well. So, I mean, it's—
CAROLE THERIAULT
You see, England is great. That would be unheard of in the States, right, Mikey?
MICHAEL HUCKS
I think so. Yeah, you'd go to jail.
GRAHAM CLULEY
Really?
CAROLE THERIAULT
Yeah, of course you would. People go to jail for crazy, tiny things. Yeah.
MICHAEL HUCKS
Yeah. I'm actually doing this podcast from jail right now.
CAROLE THERIAULT
Great Wi-Fi.
MICHAEL HUCKS
Yeah, it's really not bad.
GRAHAM CLULEY
So this does raise a few questions. First of all, should the patients be notified that their personal heart scans have been breached in this way?
CAROLE THERIAULT
If the information is identifiable in any way, I would say yes. Right. But if they have a heart scan, if someone had a picture of my, you know, I don't know.
GRAHAM CLULEY
If it could be identified.
CAROLE THERIAULT
Anything that identifies anybody. If someone is at risk that their information had been downloaded without authorization, it would be the right thing to do to tell those people.
GRAHAM CLULEY
Right. And the other thing which of course it raises is this whole issue of what should you do when someone leaves your employment, particularly if they leave on the cloud?

Kill them. Kill the other business. That's what they do in the States, isn't it?
MICHAEL HUCKS
There's no other option.
GRAHAM CLULEY
Isn't that what you do in America?
MICHAEL HUCKS
Yeah, that's true. This is true. That's the only reason I'm still working here, really. I'm very, very afraid. If anything happens to me, you know where to look.
GRAHAM CLULEY
Even if you don't leave under a cloud, passwords should be changed.

But it's not easy if you're an organization as sprawling as the National Health Service, which have got legacy systems and they hardly have staff lolling around, you know, drinking martinis.

You know, it's not like they haven't got enough work to do already. So make it part of your HR offboarding process.

Just like when people come into your company, you set them up with an account and give them a computer, there needs to be some sort of tick list of this person's leaving.

But it's not always easy, particularly when people are getting fired.

From the personnel point of view, you have to speak to an IT guy to remove someone else's passwords, and you don't want them blabbing if they haven't quite left the building yet.
CAROLE THERIAULT
Do you know what I find annoying though about this?

Is this is the NHS, and the NHS are known, certainly in my anecdotal experience and many others, but they have a reputation for having a pretty solid checklist so that they don't leave scissors inside you, or they don't cut off the wrong leg, right?

There's a lot of procedures and papers that need to be signed and agreed with the patient at every single stage to make sure those things don't happen.

Now sure, they might happen occasionally, but it's rare. So surely that kind of system, wouldn't that be good to do for their IT system?

I don't know why they can't port that over to make sure, how could they sit there and go, "Oh wow, we have an admin guy here that we have no idea has access to the systems.

How long's he been there?" How does that happen?
MICHAEL HUCKS
It's probably, I mean, I'd imagine it has something to do with an issue of priority. I mean, how many IT guys leave on a daily basis where they have to go through this thing?

It's probably not nearly as much as how many times they have to make sure they're not leaving scissors inside of someone, so.
GRAHAM CLULEY
Another thing you can do is use technology, of course, because obviously humans make mistakes.

But you should have layers of protection such as checking whether it's an external IP address which is accessing your internal system and maybe blocking those or going in and restricting.
CAROLE THERIAULT
Oh yeah, because no one has any remote workers these days.
GRAHAM CLULEY
Well, what I'm saying is that certain users may not be able to access certain systems from outside.
CAROLE THERIAULT
Oh, totally, agreed.
GRAHAM CLULEY
Certainly ones which have sensitive medical information on them as well. You may question whether that's really necessary.
CAROLE THERIAULT
What's crazy about this story is he gets caught once, and then, as you said, gets the hump and then goes for it again.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
He must have really thought he was untouchable or that no one was smart enough to spot him.
MICHAEL HUCKS
I want to hear the story from this guy's perspective. Daniel, if you're listening, come on the podcast.
GRAHAM CLULEY
Yeah. Yes.
MICHAEL HUCKS
I'm sure he's an avid listener. Who isn't?
CAROLE THERIAULT
Yeah, you should get him on the show, Graham. I wouldn't mind having someone who also has a grudge so I could talk about my grudge with him.

He's obviously an expert in grudges, and he could give me some pointers and how I can channel this negative energy I feel.
GRAHAM CLULEY
Michael, what's your story for us this week?
MICHAEL HUCKS
My story this week is about robocalls. I have a personal grudge against this. I was telling Carole the other day, I get more robocalls on a daily basis than I get real calls.

And I would say I get a fair amount.
GRAHAM CLULEY
What's that? Does that mean one a day? What do you mean? I think I get— put it in some context.
MICHAEL HUCKS
On a bad day, I get 6 or 7 robocalls in a day.
GRAHAM CLULEY
'Cause I get none of these calls at all, right? No, nor do I. I never get any. Maybe it's 'cause I'm British, I don't know. And they just have a common decency not to ring. Not to ring.

So is it a robot which is doing the calling and then you get to speak to a human?

Or is it a recorded voice saying, "Hello, Michael, I wonder if you—" Well, what is the actual, what happens?
MICHAEL HUCKS
There are actually— What is a robocall? It's all of those things. And I think it really depends on who it is.

I mean, I've had ones before that are just, a straight-up robot voice that asked me to either press 1 to be connected with someone or press 2 to be removed from the call list.

Of course, that is after a full minute of this thing going on and on about the new law that it wants to tell me about or whatever it is. And then, I tried for a while.

I would actually wait for the thing to finish its message and then I would press 2 to be removed from the thing.

And then, sometimes not even an hour later, I get a call from the exact same number with the exact same message, and it's just relentless.
GRAHAM CLULEY
Are you suggesting that opting out of spam sometimes doesn't work? Oh, yeah. Just unsubscribing, they actually ignore that. Well, what a shock.
CAROLE THERIAULT
And you know what annoys me about that is that in doing that, in trying to unsubscribe, you're also validating your phone number, the fact that it's active and that someone's answered the call.

So you're a live prize lion suddenly.
MICHAEL HUCKS
Yes.

Yes, and I've heard— I mean, I don't know how much of this is just speculation, but I've heard that even just answering the phone call at all puts you on some kind of list that says, oh, even if they're not responding the way we want them to, this person will answer the call.

And so you could even get called more. There was a thing in the past where if you wanted to opt out of real telemarketing calls, yeah, you could be added to the do not call list.

And there was a law here in the United States that you had to be added to this list. The thing is, with these robocalls, I mean, most of these are scams.

I don't think they really care about the law, clearly. No. And so that's the problem now, is that it's not only gotten worse, it's gotten worse a lot.

So according to the 2018 report by global communications platform First Orion, spam phone calls accounted for 29.2% of all mobile phone calls in the US in 2018. Wow.

And it was only 3.7% in 2017. That's astonishing.
GRAHAM CLULEY
So almost a third of all calls, mobile calls in 2018 were spam or robocalls of some nature. Yes.
CAROLE THERIAULT
That's like, yeah, it's 1 in 3, right?
GRAHAM CLULEY
And it's grown that fast. It must be, could be over half by now, couldn't it? Yeah.

I mean, that's really, I mean, does it not get to the point where you just think, well, I don't actually need a phone number because I can communicate with all of my pals via instant messaging services, whichever one you choose to use.

And you can even call them that way as well. I wonder if it's possible to live without a phone number.
MICHAEL HUCKS
Imagine you're a small business owner or even just you're a freelancer or a person who does contract work.

You're probably getting phone calls fairly regularly from numbers that you don't recognize.

And these are new people who've gotten your number somehow and you want to be able to answer the phone.

And this is the problem now, is that it's saying that people are just not answering phone calls anymore that they don't recognize, which I totally understand.

But, you know, what if it is the hospital calling to say that one of your family members is in— I guess they'll leave a message. I don't know. Okay.

Just to add to the kind of insanity of the statistics of this, we do have some statistics from 2019.

And according to YouMail, which is a tracking company, it said about 5 billion robocalls were placed in November of 2019 alone.

Which is more than 160 million phone calls a day, averaging 15.3 calls per American. Jeez.

So I suddenly— when I read this, I started feeling a little bit better about my 6 or 7 robocalls a day. I was like, okay, maybe that's not so bad.

I mean, somebody in America is getting more than 15 phone calls a day. I can't even imagine. It makes your phone unusable.
CAROLE THERIAULT
Well, look, I have to tell you, now that you've been on the show again reminding everybody that you exist, right, and that you pick up, you might go up.
MICHAEL HUCKS
Uh, 555. Yeah, actually, I don't want to read Carole Theriault's number back to you real quick.
CAROLE THERIAULT
I have a question. Have you ever received any robocall with political messages in it? Because you guys are up for an election this year. Does that ever happen to you?
MICHAEL HUCKS
I have not.

I feel like it'd just be a bad move because everyone is so annoyed with the robocalls that if somebody— even if there was some political candidate that I liked, if they started blowing my phone up every day being like, don't forget to vote for me, I'd be like, okay, this guy is definitely not getting my vote through this ad.
GRAHAM CLULEY
That's the problem if there was a candidate that any of us liked. We have the same problem over here in the UK.

But there is this thing, isn't there, where someone could do what's called a Joe job, where they start a campaign, a robocall campaign promoting the opponent.

I was just gonna say that.
MICHAEL HUCKS
Right. I love, yeah.
CAROLE THERIAULT
You knew I had the same idea in mind, yeah.
GRAHAM CLULEY
Not bad. You're devious, Carole. Don't trust you. Just like that character on the TV show. Don't trust them.
CAROLE THERIAULT
Wasn't there a law that was brought in that they would be charged for every robocall or something like this?
MICHAEL HUCKS
Yeah, this year President Trump signed this anti-robocall bill into law, which it's supposed to allow officials to fine companies $10,000 for each illegally placed call.
CAROLE THERIAULT
Hey, $5 billion a month, ka-ching!
MICHAEL HUCKS
Yeah, exactly. And who's getting that money, by the way?

I think I should get paid for every single one of the calls that I've had to put up with, but maybe there's more time for that later.

But the thing I'm wondering about with that is if they're spoofing numbers and they're using this voice over IP, we don't really know where these things are coming from or who's doing it.

Is this going to be that effective to try and charge the people? Are they charging the companies or are they charging the actual phone service providers?

I'm not sure which one it is.
CAROLE THERIAULT
And it makes sense that people just do not pick up their phone unless they recognize the number. I mean, honestly, I'm guilty of that.

If I don't recognize the number, I don't pick up. And I wait for the—
GRAHAM CLULEY
Sometimes, Carole, if I do recognize the number, I don't pick up.
CAROLE THERIAULT
You know what? You're not being very nice to me today.
GRAHAM CLULEY
No, I'm not. What am I waiting for?
CAROLE THERIAULT
You know, you don't like me. And now you say you get my calls.
GRAHAM CLULEY
You're just kind of sensitive. You know what?
CAROLE THERIAULT
I'm not gonna— Yeah, well, I'm not gonna be calling you anymore. Don't you even worry about it.
MICHAEL HUCKS
I'll get my robot to call.
CAROLE THERIAULT
You can call me anytime, Mikey.
GRAHAM CLULEY
Carole, what's your story for us this week?
CAROLE THERIAULT
So we're talking facial recognition.

Now, I don't know if you guys saw in the press, but the big boys, Google and Microsoft, can't seem to agree on how to approach this issue of facial recognition.

You've got Google CEO Sundar Pichai. He's expressed support for Europe's proposal to temporarily ban facial recognition.

But Microsoft's top lawyer, Brad Smith, has cautioned against using a meat cleaver for what should be a surgical operation. So he wants a more soft-touch approach. Okay.

So while these two big dudes are duking it out in their public forum here, a little seemingly insignificant mouse entered the space and created an ethical quagmire that takes total advantage of the lack of regulation in this space.

Okay, sounds interesting. All right, go on. It was the New York Times that did this big exposé on this. And it's kind of stuff that makes my teeth rattle a bit.

And I want to know if it makes yours rattle or if you think, Carole, calm down. I don't even like you. I'm so irritated by your story. Okay, so the story starts with a Mr.

Juan Thom Vat. That's his name. Juan Thom Vat. Juan Thom Vat. Yeah. And he's an Australian-born techie and one-time model. Right. So a little bit of a looker.
MICHAEL HUCKS
He got one modeling gig or?
GRAHAM CLULEY
One-time model means you turned up for a modeling gig and they said, "You're not that attractive. We're never gonna hire you again."
CAROLE THERIAULT
Yeah, I should have put quotes from that. That was the word they used in New York Times.
MICHAEL HUCKS
He looks great, but he just is terrible to work with.
CAROLE THERIAULT
Okay, but anyway, this guy, Juan Thom Vat, moved to San Francisco to make it big in the tech world.

Now, during his rise to power, he created an obscure game and he also created a really useful app that lets people put Donald Trump's piss yellow wig onto their pics.

That was one of his creations.
GRAHAM CLULEY
I don't think it is actually a wig. Oh. I mean, it is fascinating, but I think—
CAROLE THERIAULT
Wisp, then wisps. Yes.
GRAHAM CLULEY
Collection of wisps. I think it's all the more fascinating because it's not a wig. If it was a wig, you'd want your money back.

Especially if it was made out of piss, you're suggesting.
MICHAEL HUCKS
You've got to pay good money to have that kind of style.
CAROLE THERIAULT
But then, okay, so he's created these little games. But then Mr. Juan Thom Vat, got together with a Mr. Schwartz. Now, Mr. Schwartz, yep, he worked alongside Rudy Giuliani in the '90s.

Okay. And these two hatched a plan to create a facial recognition tool, which they called Clearview AI.
GRAHAM CLULEY
Okay. So Vat and Schwartz, not Giuliani. Thom Vat and Schwartz. Yeah. Right. Okay. They're producing a facial recognition thing.
CAROLE THERIAULT
Thom Voight was going to be the developer, make the thing work, and Mr. Swartz is going to sell it because he had a lot of contacts. So in 2016, they recruit a couple of engineers.

One helps them design a program that automatically collects images of people's faces from across the internet, such as employment sites like LinkedIn, news sites, education sites, social networks including Facebook, YouTube, Twitter, Instagram, and Venmo.

Effectively, these guys were scraping the web and building a massive ginormous database under Clearview AI's control.

Now they also hired another engineer and this guy was hired to perfect the facial recognition algorithm. They describe this system now as quote, state-of-the-art neural net.

And basically, it converts all the images into mathematical formulas and vectors based on the facial geometry. So how small a person's eyes are, Graham.
GRAHAM CLULEY
Or whatever. Or how big their feet are, Carole.
CAROLE THERIAULT
But not how nice their personalities are.
GRAHAM CLULEY
No, hard to tell. Hard to tell, isn't it?
CAROLE THERIAULT
And then Clearview created this vast directory that clustered photos of similar vectors.

So basically, everyone with tiny eyes, Graham, would be put into a little neighborhood, or everyone with big feet, Carole, would be put in their own neighborhood.
GRAHAM CLULEY
Right. Okay.
CAROLE THERIAULT
So when a user uploads a photo into the Clearview AI, right, of a face, right, the Clearview system then converts the face and then it shows all the scraped photos that it has stored in that neighborhood.

So all the pictures that have similar vectors and similar algorithms matching along with the links to the sites from where these images came.
GRAHAM CLULEY
Because it is surprising sometimes because there are people who can look very much like you.

I remember working at a place once where I had a lookalike and the slightly disturbing thing was that my lookalike— Is it the Polish guy? No, not the Polish guy.

That's another— No, the lookalike I'm thinking of was actually a woman. A woman who looked like me. And it was rather peculiar.
CAROLE THERIAULT
I bet she was extremely fetching. I'm sure. Yes. Did she have your very, very bushy, bushy, bushy eyebrows?
GRAHAM CLULEY
Very. If you're just going to make this a very personal podcast. Get off your soapbox, mister.
CAROLE THERIAULT
Okay, tell us more about facial recognition.

So by the end of 2017, okay, year on, the company had what the New York Times describes as a formidable facial recognition tool, which they called SmartChecker.

Now this database is, get this, 3 billion images strong. It's right about 75% of the time, it claims.

And the one cool thing about it apparently is that the algorithm doesn't require photos of people looking directly at the camera.

You could be looking down or covering part of your face and still it can all work.
GRAHAM CLULEY
Well, I'm not surprised at all that some enterprising technology company has gone and scooped gajillions of facial images from all the places that they can be grabbed, because why wouldn't they?

And people have given their data so willingly. So I'm not surprised about that at all, I'm afraid.
MICHAEL HUCKS
I'm not surprised either. I think I have more of a question than anything is what is the ultimate plan for using this?

I mean, obviously I can see a million ways that this could be useful, but it's not quite scary until I know why this is happening.

And I feel like it's going to be scary when I figure out the answer.
CAROLE THERIAULT
My next question to you guys was going to be, because they were wondering the same thing, right? They're like, who's our first customer going to be? Right?

Can you guess who it might have been?
GRAHAM CLULEY
An obvious choice would be intelligence agencies, perhaps, if they wanted to identify people. So nation states who want to keep track of their citizens.

They want access to that kind of algorithm and that kind of database so that they can identify from CCTV who people are.
CAROLE THERIAULT
Well, you're not far off. The first people, the first customer according to Clearview was the Indiana State Police. And this is a typical example of how the software is used, right?

So they solved a case within 20 minutes of using the app. So the case was two men had gotten into a fight in a park and one shot the other in the stomach.

A bystander recorded the crime on a phone, so the police had a still of the gunman's face, and they ran that still through the Clearview app. They immediately got a match.

The man appeared in a video that someone had posted on social media, and his name was included in a caption on the video.

He did not have a driver's license and hadn't been arrested as an adult, so he wasn't in any government databases.

Right, this is what the Indiana State Police Captain said at the time. And then the man was arrested and charged. So there's numerous stories, right?

And Clearview is actively marketing this to police departments. And they are also spreading the word amongst themselves saying, "Guys, you should get this.

It's incredible." 600 law enforcement agencies have apparently started using this app in the past year.

The FBI, the Department of Homeland Security, and the Canadian law enforcement authorities are all trying it out, according to New York Times.
GRAHAM CLULEY
So where do we opt out of this? Great question.
CAROLE THERIAULT
Well, you can opt out by saying things, I don't want to share my pictures with anybody on your social media apps and everywhere. But if they've scraped it, it's in the database.
GRAHAM CLULEY
But do they even have the rights to scrape that image?

You may have given your permission to the social network, but they, the social network hasn't got a deal with this facial recognition company, do they?
CAROLE THERIAULT
Correct. That is one of the big issues here.

They have scraped all these images onto their own databases and put them into a nice, I'm sure, easy-to-use UI that allows you to toggle all the things you want, within this area, da da da da da.

So the New York Times went and asked people, right? And Facebook was, well, we're going to look into this because we, you know, it's a big no-no to image scrape.

And also they may get their knickers in a twist about this because they're not getting any kickback on this. They're not getting any of the traffic or any of the money.

So they may not like this, particularly when they hear the word 3 billion images. So the other problem, Graham, you also alluded to earlier was the fact of doppelgangers.

The bigger the database, the more likely you are going to find people with very similar, if not virtually identical, facial symmetry and facial characteristics.
GRAHAM CLULEY
And I remember that episode of Columbo where Leonard Nimoy was playing twin surgeons, and one of them was evil and one of them wasn't.

And it was all a case of which Leonard Nimoy, which Mr. Spock had committed the murder. My wife, my wife on the other end of the sofa. She says this woman is Carole.

She loves marmalade. My wife loves marmalade.
CAROLE THERIAULT
Now the other one, the other cool thing about this is in the olden days, if you did something wrong and they were trying to search you and they had a witness to look at databases of people, all the pictures they'd be looking at were of felons or people that had been arrested for crimes.

Right, so now, and that was done for privacy. It's if you've done something naughty, your face goes into this database.

And now everyone's face is in that database, whether you've done it just because you've stepped outside or someone's taken a picture of you, posted your own picture online.

You know, when you come back to that argument between Google and Microsoft, I do think regulation is needed. It's Wild West out there, it's the Wild West.
GRAHAM CLULEY
We need regulation.

It is a worry because, I mean, if George Clooney, for instance, was to rob a bank, I don't want the police knocking on my door thinking that it's me who did it because of some error in face— and also not just the facial recognition, but also the name similarity.
CAROLE THERIAULT
So let me just tell you one more thing before I bow out here, right?

Our journo— so the journo of the New York Times, he started looking into this way back in November, right, to do some digging.

And listen to his words here, quote: "When I began looking into the company in November, its website was a bare page showing a non-existent Manhattan address as its place of business." And he goes on, "For a month, people affiliated with the company would not return my emails or phone calls.

While the company was dodging me, it was also monitoring me. At my request, a number of police officers had run my photo through the Clearview app.

They soon received phone calls from Clearview AI reps asking if they were talking to the media, a sign that Clearview has the ability, and in this case, the appetite to monitor whom law enforcement is searching for." Holy cow.

So that— okay, and then remember, to use this app, how you use this app, right, how the cops are using this, is by feeding the monster.

They are putting in new pictures of new suspects all the time. Regulation time, I say. Can anyone use this? Can I use it? Very good question.

At the moment, they see this becoming ubiquitous in no time.
GRAHAM CLULEY
So won't that be— I could always set up my own country and my own police force.
CAROLE THERIAULT
I had a really good quote on that somewhere.

Yeah, the final words of the New York Times article: "Police officers and Clearview's investors predict that the app will eventually be available to the public." What could go wrong, guys?
GRAHAM CLULEY
Oh, so many things. So I would see a cute girl in a bar, and I'd take her photo, upload it to the app, and it was telling me what her name was.

Well, nothing is going to go wrong with that.
CAROLE THERIAULT
Okay, this is how we get around this. I do have a solution.

It's time to hit the 3D printers and start making a number of realistic-looking rubber masks so that when you leave the house, you have a different face each time.

Think cosplay, but every day.
GRAHAM CLULEY
Could get a bit sweaty under that.
CAROLE THERIAULT
You might get a little sweaty, but don't you use that special deodorant, Graham?
GRAHAM CLULEY
Yes. You know the face deodorant? I haven't been using it on my face, but my armpits are still pretty good, I have to say. What is that called again?
NUUD
You should try it. Pick of the week. Former pick of the week. N-U-U-D.
CAROLE THERIAULT
I'm not a big sweaty person.
GRAHAM CLULEY
Let other people be the judge of that, Carole.
MICHAEL HUCKS
You never know.
CAROLE THERIAULT
I don't think you should. I'm mouthy, not sweaty.
GRAHAM CLULEY
This week's Smashing Security podcast is sponsored by DomainTools. DomainTools helps security analysts turn threat data into threat intelligence.

Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats, and prevent future attacks. Nice.

Find out more about their cool products at DomainTools.com.

Now, they've got something very cool that I think you're going to like, a capture the flag competition, especially for Smashing Security listeners.

You can win a $100 Amazon gift card. If you want to join in all the fun, visit domaintools.com/smashing to enter the competition. And may the best geeky listener win.
CAROLE THERIAULT
Hey, Graham. Yes. There are people out there with companies a little bit bigger than ours. And one of the issues that they face is visibility and oversight.

And when it comes to cybersecurity, that is super important. So listeners, listen up.

If you do not have a password manager in your organization, please check out LastPass Enterprise.

They offer centralized admin oversight and control, shared access and automated user management. All this stuff makes your life easier.

Plus, you can even use LastPass single sign-on to protect all your cloud apps and give seamless access to employees. Check it out at lastpass.com/smashing.

Let me try that again, folks. Check it out at lastpass.com/smashing.
GRAHAM CLULEY
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week.
MICHAEL HUCKS
Mikey? Oh, Pick of the Week. Pick of the Week.
GRAHAM CLULEY
Pick of the Week is the part of the show where everyone chooses something they like.

Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
CAROLE THERIAULT
Better not be.
GRAHAM CLULEY
Well, my Pick of the Week is not security related this week. Good. Instead, my Pick of the Week is a website, quite a fun website with an almost unpronounceable name.

The website is called eunoia.world, and eunoia is a Greek word. It's spelt E-U-N-O-I-A dot world. I'll put a link in the show notes.
CAROLE THERIAULT
And it's a Greek word. It means a well-mind or beautiful thinking in Greek. Oh, lovely.
GRAHAM CLULEY
And that website is a website of words that do not translate. 500+ untranslatable words in over 70 languages.

So if you've always thought, oh, you know, I love, you know, if you like a little bit of schadenfreude and you want to drop that into your conversation, or things where you thought, wouldn't it be wonderful if that word did exist, but it doesn't?

Well, maybe it does exist in Finnish or some other language. I'm going to have a little quiz, right? I am going to tell you 3 words and give you options as to what those words mean.

All right. We'll have a little bit of fun.
CAROLE THERIAULT
Woo! I love a quiz. I love a quiz.
GRAHAM CLULEY
Okay. The first word, the first word is "sphafolalia." Spha— Spha-la-lee-o-lee-ay-lee-ah. Okay. Based on that pronunciation— Spha— Spha-la-la-lee-ay-lee-ah.

Does that mean, is it a jungle of traffic signs? Is it flirtatious talk that leads nowhere? Or is it an ungrudging and overt expressed pride and happiness at other people's success?

Sphallolalia.
CAROLE THERIAULT
Number 3.
MICHAEL HUCKS
I'm going with B, number 2.
GRAHAM CLULEY
Ah, Mike, you are correct. It's flirtatious talk that leads nowhere, which I feel like it's a very French expression.
CAROLE THERIAULT
What country's that from?
GRAHAM CLULEY
Oh, I should have made a note of that. Oh, I know. I do know. I do know that one is actually English. That one is— Oh, well, there you go. Crazy language of English.

And I presume it doesn't exist in other languages. So, yeah, you can check that. Okay, so another one. Next one. Next one. Solkat. Solkat.

Is solkat the glimmer that reflects the sunshine off a wristwatch? Is it the mark left on the table by a cold glass? Or is solkat a person of integrity and honour?

I'll tell you it's a Swedish word, if that helps.
MICHAEL HUCKS
I feel like I should have to go first since I got it correct last time.

I'm going to say that that is the glimmer off of a wristwatch, because it seems like there'd be words for those other things. So that's my guess.
GRAHAM CLULEY
Okay. Okay. Carole?
CAROLE THERIAULT
Okay. Just, I was heading toward that way, but I'll go number 2 just to—
GRAHAM CLULEY
Oh, the mark you want, the mark left on the table by a cold glass. Yep, yep, yep. Bing, bing, bing for Mike, who's now 2-nil up. So Mike was correct. It is the glimmer of a swatch.

And the final one, the final one is kusuku— I can't do this. Kusukusu. Okay, kusukusu. Oh, that's beautiful. Kusukusu.
CAROLE THERIAULT
Is that K-U-S-U, K-U-S-U? Kusukusu. Oh, cute.
GRAHAM CLULEY
It's Japanese. Is it? The Japanese for not bad or meh.

Is it a reason for being, the thing that gets you up in the morning, or is it the suppressed giggling and tittering of a group of women?
CAROLE THERIAULT
So I certainly would. Yeah, I'm going to go with that. I'm going to go with get me up in the morning.
GRAHAM CLULEY
Get me up in the morning.
MICHAEL HUCKS
I'm going with choice 3. Which was what? Suppressed giggles.
GRAHAM CLULEY
Mike, you are incredible at this. It's 3-0 to Mike. Mike, it's just been an absolute—
MICHAEL HUCKS
I'm going to bring that one into— it's such a cute word. I think I'm going to have to try and bring that into conversation.

Although I don't remember the last time I was talking about the suppressed giggles of a group of women. But if I ever do, it's kusukusu from now on.
GRAHAM CLULEY
Well, my website, you know, your world, we'll link to it. In the show notes so you can find it for yourself and have as much fun as I did. And that is my pick of the week.
CAROLE THERIAULT
Cute. Although I got zero. That's because I'm holding a grudge, isn't it? It might be it.
MICHAEL HUCKS
Sorry. It's interfering with your translation skills.
CAROLE THERIAULT
Are you sorry? Are you? Are you?
GRAHAM CLULEY
Mike, what's your pick of the week? Move on quick.
MICHAEL HUCKS
My pick of the week is, this is actually a personal one here for me. So something interesting happened to me about a little over a week ago.

Where I uploaded a little video of my cute little doggy.

Her and I were taking a nap on the couch and I had this— actually, I had this video on my phone for about a month before I just decided to post it onto Reddit.

And I woke up the next morning and it had exploded with gajillions of upvotes. And all of a sudden— What's a gajillion? It was within 5 hours, it had 80,000 upvotes. And 80,000.

And actually a few hours later it was the number one highest upvoted post on Reddit within across every subreddit. It was the number one highest upvoted post.
GRAHAM CLULEY
And you just uploaded this to the cute dog subreddit or something.
CAROLE THERIAULT
It must be the most amazing video ever. Okay, we got to see this video. We have to watch it.
MICHAEL HUCKS
I will put the— yeah, the link is there. You should watch it.
CAROLE THERIAULT
Let's watch it now. Let's watch it now.
GRAHAM CLULEY
Yeah, let's watch it. Okay, so there's a dog. There's a dog and there's some kind of blanket. The dog's under the blanket lying on you. His tail's sticking outside.

And every time you show the dog's head, the dog's tail wags. That's very cute. Yeah. Every time it sees you, it wags its tail.
MICHAEL HUCKS
Yeah. And then it stops whenever the blanket goes. I mean, it's cute. I think I was a little surprised. 80,000 views.

Well, it ended up, I mean, right now I think it was at like 130-something thousand. But that had happened within like 5 hours.

And so the interesting thing that happened because of this is that I had a few agencies that started reaching out to me that wanted to buy the license, the rights to license the video.
CAROLE THERIAULT
What? How long? So you post this up, it goes viral, like what, a week later?
MICHAEL HUCKS
This was within like 6 or 7 hours of me posting.

So I guess there's people who are just looking at this all the time and, you know, these different subreddits and what's getting uploaded and what's getting upvoted, I guess, more importantly.

And so within a few things, I didn't really know how this worked. I had obviously never had any experience with this.

And I kind of jokingly to one person, they asked if they could use it and they said they would give me credit. And I was like, well, what's your offer? Kind of jokingly.

And then all of a sudden all these offers started rolling in. I was like, oh wait, there's actual— there could be money in this.

So over the next 3 or 4 days, I kind of went back and forth with a few companies and then I ended up selling the rights to this video. Dead serious.

So now over time I get— I don't know if I'm allowed to share the exact thing, but I will get a percentage of whatever revenue this video makes.

I don't even know how it makes revenue exactly, but I'm waiting all the time for my check to come in the mail.
CAROLE THERIAULT
It just must be so frustrating. I mean, you're a musician, right? You work hard at your craft. You go out and you schlep and you market everything.

And then you take a cute little video of 20 seconds of you and your dog hanging out and her being cute. And that is going to be your door entry into fame.
MICHAEL HUCKS
I am literally a video producer and have been for— and I've worked on— there's been videos that I've worked on for months and months and months at a time.

I've grueled over putting hours and hours into editing something. This is something I flippantly recorded.

It is probably gonna be the most famous video that I'll ever make in my life. And it's a little—
GRAHAM CLULEY
Sod all that. How much is the dog getting? What percentage is the dog getting? And did you ask the dog's permission before uploading it to the internet? What about facial recognition?

There's a lot of similar looking dogs out there.
MICHAEL HUCKS
Oh, I didn't even think to ask. How rude of me. I did decide though that a portion of whatever earnings would be spent. I'm going to take the dog to the store.

I'm going to let her pick out some toys, maybe get her nails done, you know, give her a day at the spa. So we'll see. It's got to make money first though.
GRAHAM CLULEY
Well, that's an amazing story. And thank you for sharing it as your pick of the week.
CAROLE THERIAULT
So yeah, and do share your affiliated link with us so that— I will do that. Any listener that wants to throw a penny or two your way—
MICHAEL HUCKS
Everyone, please. Go watch the video 1,000 times and that would be great.
GRAHAM CLULEY
Mike, Mike, we don't have to put this in the podcast, but the title of the YouTube video has got a spelling mistake. It says dog wagin' her tail.
MICHAEL HUCKS
I have informed the company of this and they decided to do nothing about it. So.
GRAHAM CLULEY
Carole, what's your pick of the week?
CAROLE THERIAULT
So my pick of the week is a book. It is called She Said, and it's written by New York Times journalists Jodi Kantor and Megan Twohey.

So this book basically explains all the steps they went through on exposing Harvey Weinstein after decades of being basically a misogynistic controlling pig.

And I followed that whole story, so they covered it in the paper, and they covered it on their podcast and I was listening to everything.

And so when the book came out, I snapped it up and hoovered it down.

And it's really interesting if you are the kind of person that likes to know more about how an investigative journalist team would chase such a story, especially when none of the victims want to talk about it or want to come forward.
GRAHAM CLULEY
That was the thing, because he was so powerful, and people were worried that their careers would be put in jeopardy if they said anything.
CAROLE THERIAULT
But not only that, yeah, that, you know, he actually set some goons on them to follow these two journalists at one point.

Right, you know, he's got a lot of money and a lot of clout.

And the thing was, when I was reading it, I'm reading this and I'm thinking, okay, if this had happened to me, if he had been, you know, one of those stains in my life and these two journalists had called me up and said, look, we want to share your story.

Would I, you know, because look what's going on, his criminal cases are basically teetering at best at the moment. Because he's got a pretty powerful team.

Did you see him walking in with his walker?
MICHAEL HUCKS
My goodness. It does look pretty rough there.
GRAHAM CLULEY
Are we sure he's not wearing one of those 3D-printed masks to try and stop—
MICHAEL HUCKS
He's got a lot of little hair too. Exactly!
GRAHAM CLULEY
Yeah. I don't think you'll be able to sell very many Harvey Weinstein rubber masks, Carole. I don't think people want to disguise themselves as him.
MICHAEL HUCKS
That's what it's all—
CAROLE THERIAULT
Comes full circle.

Based on reading this book and, you know, following the story, I have just become a New York Times subscriber because I've been basically gulping down loads of their content.

So I'm adding it to my official news subscription. So there you go, so my pick of the week this week is take a read of She Said.

It's really fascinating about how they were able to nail down all the facts and got the ball rolling on the MeToo front.
GRAHAM CLULEY
Very interesting. Well, on that literary note, we've just about wrapped up the show for this week.

Mike, I'm sure lots of our listeners would love to follow you online or find out more about what you're up to. What's the best way for chaps to do that?
MICHAEL HUCKS
I would point them to that YouTube link if they— all they need to know is that's just what my dog looks like, and here's my blanket that I sleep with sometimes.

But yeah, start there, and then maybe some kind of facial recognition with the dog. You can— you'll find me, you'll find me. It's 2020, you'll figure it out.
GRAHAM CLULEY
And you can follow us on Twitter @SmashingSecurity, no G. Twitter wouldn't allow us to have a G. And you can also continue the discussion with us on Reddit.

Go and find us on the Smashing Security subreddit. And don't forget to subscribe to Smashing Security in your favorite podcast app, such as Castbox.

Go and find us up there and you'll never miss another episode.
CAROLE THERIAULT
Yes, thank you to all of you for listening to us this week, supporting us on Patreon, and giving us wonderful reviews.

Also, a big shout out to this week's Smashing Security sponsors Domain Tools and LastPass. Their support helps us give you this show for free.

Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
GRAHAM CLULEY
Until next time, cheerio, bye-bye, see you later, adios.
CAROLE THERIAULT
Well, there you go, my gentle friends. Well, one friend and the other guy.
GRAHAM CLULEY
And the other guy. It wasn't me. I just said I didn't like her.
CAROLE THERIAULT
And I'll just go drink my sorrows away. Thanks, Graham.

Hosts:

Graham Cluley:

Carole Theriault:

Guest:

Michael Hucks

Show notes:

Sponsor: LastPass

LastPass Enterprise makes password security effortless for your organization.

LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.

But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.

Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.

Sponsor: DomainTools

DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.

Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card.

Follow the show:

Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.