Smashing Security podcast #171: WhatsApp hoaxes, Zoombombs, and 8-bit love

A friend of mine described being stopped in Chelsea of all places by a guy driving a van who lent out the window and went, do you want to buy some loo roll? That is actually happening on the streets of the UK. Nudge, nudge, wink, wink. Smashing Security, episode 171. WhatsApp hoaxes, Zoom bombs, and 8-bit love. With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 171. My name's Graham Cluley.

And I'm Carole Theriault. Hello, Carole. I'm glad you're still with us, Cluley. Yeah, everything good in your world? Any problems? Anything? No, hey, I decided to go on a vacation today, so I actually went into the living room before the point of time. I've been moving knickknacks around just to kind of brighten it up, you know. Brighten it up. Give it a bit of zhuzh.

And we are joined this week. Thank you so much. We've got a special guest joining us. is returning to the show technology journalist Geoff White. Hi, how are you doing? Well, you know.

Geoff, thanks for making the time.

Well, you know, diary's a bit clear at the moment. For some reason, my invites for people to go to the pub, they're falling on deaf ears. So yeah, for some reason. Because you almost weren't able to join us, were you? Because you had some, I think you had a speaking gig lined up for this week, which for some reason has fallen through. Yes. So I just find myself with this sort of expanse of time in front of me. And then it doesn't help people tweeting that various historical figures, you know, inventors have invented amazing things with their time off, you know, people tweeting about this stuff and putting the pressure on, not only do I have time off in front of me, but I'm now supposed to revolutionise the fucking world as well. Yeah, chop chop, Geoff. Just sorting out the food cupboard took me the morning, you know. So I'm literally, I'm not kidding, my plan for this afternoon after this is to make mince pies because I found some mince meat that a friend gave us a while back, and I'm Sod it. Use everything up. We've got a panettone. We don't know what we're going to do. We're going to eat the panettone. Bread and

butter pudding. Bread and butter pudding. Delicious. Oh, lovely. I've heard. I've heard that.

OK, well, welcome to Carole and Geoff's cooking show. Geoff, I'm up for it. I'm up for it. Carole, what's coming up on the show this week?

First thanks to this week's sponsor, LastPass. Its support helps us give you this show for free. Now, on today's show, Graham tells the tale of an unusual sextortion scam. Geoff tells us how the disease is spreading garbage on social media. And I'm going to tell you what the bored trolls out there are up to. All this and much more coming up on this episode of Smashing Security.

Now, chums, no one's listening. Don't worry, because no one's commuting any longer, right? So we can have a completely open conversation about things. Huddle, huddle. Right? Huddle up, right? Maybe we should share our dirty little secrets. if we have one or two or three or thirty-eight. How long do you have? Exactly. Nobody prepared me for this, but this is a new segment of the show. So as we described last week, the people of Italy, Spain and France, they have been given free access to a niche website called Pornhub Premium in order to ease the tedium of being locked in their homes to prevent the spread of the coronavirus. I'm sure their kids love it. And in fact, just a few hours before we recorded this, I had someone who brought to my attention a tweet from Pornhub saying that they've actually decided to flatten the curve. So if you had a curve, they are going to help flatten it. They are saying they are making Pornhub premium free worldwide until April the 23rd. So you no longer have to install a VPN and pretend to be Italian. Everyone in the world can apparently now.

Let the ISP know exactly what kind of porn you like.

I got a text message from the government wanting me to stay in. I mean, I didn't get a text message about this. Exactly. I mean, come on. I really think if the government wants to cheer people up, this is an obvious way to do it. And people are a bit snobby about porn, aren't you, Carole? I

think... I don't know. I'm just not, you know.

Look, my argument is this. Is self-isolating really as bad as we're making out? We're all having to do it at the moment.

Oh, well, sorry, in your lofty heights up in North Oxford, maybe things are really pretty cosy. Surveying the ground. Imagine the people that have eight kids. Imagine

the people that are tiny flats. I remember my teenage years, and I pursued my solo pursuits in my bedroom for many, many minutes. I'm sorry, he's losing his mind. I think it's possible to do this, right? Obviously, it's inconvenient. Obviously, it's disturbing if you're away from loved ones and if there are people you need to care for. I totally get that. And, you know, I think that's a topic which is going to come up more and more. There is a shortage on tissues, isn't there? That was why there was the run on bog roll. A friend of mine described being stopped in Chelsea, of all places, by a guy driving a van who lent out the window and went, do you want to buy some loo roll? that is actually happening on the streets of the UK nudge nudge wink wink can

I interrupt Graham just for one second yes I know someone who has hoarded an enormous amount of loo roll well I know a few actually should I report them to anyone maybe

you should break in maybe you should raid it if you're after are you after loo paper yourself

no no I'm fine I'm dandy on that front

What? How dandy? How dandy? What kind of figure for dandy? I have an alternative solution. Oh, God. I have an alternative

solution. And I don't think...

I don't want to ask. Is it the neck of one of Her Majesty's swans?

Oh, God. I just think... This is not a topic for radio. No, I think we're going to have to edit out this entire... Let's save it for video. Oh, God. Anyway, Pornhub says that has been a big perking up of traffic. And, you know, I'm sure some people will, as a result of this, they'll be tempted by the offer and try it out online for the first time. I was just going to ask, good. Yeah, prove its point. The email quotes one of your passwords. Now, that's something we've seen many times before, isn't it?

Okay, so this is affecting people that are reusing passwords.

Well, even if they're not reusing passwords, you might recognise a password which you have used in the past. It adds credibility, doesn't it, to the fish, as it were. And it isn't hard for the criminals to find out your old passwords, but it can be really alarming, I think, for the typical user because they just think, well, how could they possibly know anything as secret as Mr Tiddles is my password? Okay, so they're just blanket emailing tons of people and they've matched it to the passwords that they've pulled off some list somewhere. That's right. And say, I know you because you use cat dog cat cat as your password. Right, yes. it is that you're doing online. Right. Because what they're saying is, if we know your passwords, then be aware that we probably know everything else about you. In fact, in the email, they say, we know all of your passwords. We know your whereabouts, what you eat. Not very much at the moment, quite frankly. I think I'd reply

and go, what? What do I eat?

Who you talk to. That'd be easy for me and you, Carole. There's public evidence of that. Every little thing it says you do in a day. Every little thing. Yeah. It's magic. Isn't it? Oh, gotcha. Sorry. I've stingwalled you, as it were.

You did. See, I just find this, I just, I find it endlessly fascinating the extent to which cyber criminals react in this kind of symbiotic way to movements in society. You know, so Pornhub offers free porn access to the premium site for people. And the cyber criminals are watching this and going, oh, okay, so what's our next move? There's this sort of dance that goes on.

You know, that's very clever because obviously uptick in porn usage potentially. So you do an uptick in sextortion type emails. And it's incredible entrepreneurial spirit, really, isn't it? They're seeing an opportunity. If you're concerned about where the economy is going to be going over the next year or so, you know, worry not. There's plenty of imaginative people out there who are seeing opportunities and jumping on them. Unfortunately, it seems to be mostly the criminals at the moment who are doing it. This is the second week in a row that you've kind of gone, wow, aren't these guys amazing, these entrepreneurs. Well, maybe it's time to change my career, Carole. Or maybe a new sponsor for the show. I'm just saying, you know, Magecart or whoever it is, have got a lot of money, you know, brought to you by, you know, Ukrainian mobsters or the Filipino hacker groups or whatever.

I love the meeting that these guys would have had to create this email, right? We've got to get coronavirus in there somewhere, Frank. It's got to be there. It's good for SEO, quick. Yes.

Exactly. But you know, if you think about it, it doesn't really make that much sense if these guys are saying, look, we're gonna come around and we're gonna infect you with coronavirus. How exactly are they going to do that? Are they going to sneeze on you? Are they going to cough on you? Are they gonna shake you by the hand and say we've got you? It doesn't seem like a business model which is gonna work properly because obviously if they've got coronavirus, there's gonna be a limited amount of time as they're coming up the hill towards me, they're gonna get out of breath I think I need to go to the hospital. I do love the idea one day of just getting a box through the post and it's addressed to you and you open the box up and there's just a sneeze inside it. Got you. There is that website, isn't there, where you can send people... Is it human shit or is it dog shit? What? There is... Why do you hang out online? What is your history like? I know we're all dealing with new levels of boredom. Postershit.com. Yeah, pretty soon it's

going to be like raydapoo.com. I can't

remember the URL, but there is a – I haven't ever bought anything from it, Carole. Oh, here it comes. I'm not a supplier to it or something although that would be another source of income, I suppose. So, obviously, pretty nasty threats which are going on here. But just like all the other ones where they typically say, we're going to send sexy photographs of you to your friends and family or workers or we've taken video of you, it's all nonsense. So, don't pay. Don't reply to the message, Carole. Don't panic, obviously. I

don't know if any, I don't think any listener of ours would have fallen for this.

No, but what we want, Carole, is we want people to spread the word, right? Just like they can spread germs and spread viruses. We need people to actually spread the message.

Post-apocalyptic way of talking. Everything has come back to

disease. This is what we need to do. Because we're stuck in our homes, we can now speak to our partners or our children and say, I've found an excellent podcast, you know, even though I don't get to go take the dog for a walk any longer to listen to it or go commuting, maybe we can all sit down, listen together, and we'll learn something about being safer online.

Better remember to bleep the swear words. I'm not sure this is the episode to start with.

That was all Geoff's fault, to be honest. Oh, fuck off. Fuck off. No, perfect. Geoff what's your story for us this week? Well obviously I've been getting quite interested in scammers the ones that you've talked about but also fake news being disseminated on social media because inevitably just as you've described the cyber criminals and the sextortionists have gone into action the fake news merchants have done the same and I find it absolutely fascinating how this has worked. I mean for a start social media companies they're going to have grown I mean the amount of WhatsApp traffic the amount of Facebook traffic I was looking around, I couldn't find very recent figures for Facebook, but Twitter have announced today some figures. They reckon quarter to date, so last three months, the monthly active users went up to 23%. No way. Golly. And they're saying, I mean, inevitably, most of that's going to be Donald Trump. Coronavirus, isn't it? Or partly, yeah. But it's interesting. So what they're also saying, they reckon their revenue is going to go down Twitter because advertisers are reigning their budgets. They don't know what to do. So on the one hand, these companies have got loads and loads of eyeballs. On the other hand, that would normally drive a huge amount of advertising. But the advertisers are pulling their necks in. So there is this interesting sort of push me, pull you thing. I also wonder, I mean, people may remember shortly before, you know, coronavirus took over the entire world's news. we were talking about this sort of tech lash about the criticisms of people WhatsApp and Facebook and Twitter and the attempts to kind of rein in these companies. And I just wonder after this, will those companies be able to turn around and as part of the lobbying campaign say, well, hang on, when you needed us, when there's an emergency, we were hugely important. There was all these WhatsApp groups for kind of local mutual aid groups and stuff being set up. So I wonder how that will play into the discussion longer term. Certainly, I'm not on Facebook and I don't use WhatsApp, but in my wife's circle of friends, they all seem to be on it at the moment and sharing information. And also other things as well. For instance, there's a chap who did some sort of exercise video, I think, every morning he's doing it. And all the mums at the school are doing it with their kids. You know what? We should put that in

the show notes for our international audience. A chap called Joe Wicks

is doing it, isn't he? It was a UK

-wide PE half hour that's going every day. So it's on YouTube, so everyone can watch it. It is. I mean, it's interesting. So in a way, because we're able to communicate online, because social media does exist, it is slightly easier to cope with all this stuff. But we'll all be suffering a bit with the false positives that happen. Exactly. Yeah. So normally you would try and throw as much as you could towards your human moderators.

Hi, guys. Just wanted to pass on this information. It was sent to me by a colleague who has a friend that works at Dr. Negrin, which is the main hospital on our island. It's obviously in Spanish, so I'm just going to read it and translate it for you. This is what it says. The Chinese now understand... And she goes on to give advice about, you know, what you can do. Now, some of the advice is quite sensible advice about drinking fluids and all that kind of thing. Some of it isn't actually that sensible advice.

But if you didn't know anything, it could sound vaguely common sense-y. Someone might go, yes, of course I have stomach acid. I have acid reflux all the time. Makes perfect sense. And that's the thing. It's not out and out crazy, like drink hydrogen peroxide or bleach or whatever. So it's not harmful advice. It's not going to harm you. It's just, it's not going to do anything for coronavirus. It could be just a deep fake voice.

Could be, could be, but somebody's made the recording. It sounds like a regular voice to me when I heard it.

Oh, I didn't know you were an expert in those things.

Well, no, it just doesn't sound like... It doesn't sound like Smashing Security episode 100 or something. Like the anonymous ones. We are anonymous. It's interesting. When I listened to it, you know, there were ums and ahs in this recording. And it did make me think of that Google experiment where they... Do you remember that one where Google's AI phoned up a hair salon, booked an appointment, and it had ums and ahs in the voice?

Hello, how's the house here? Hi, I'm calling to book a woman's haircut for a client. I'm looking for something on May 3rd. Sure, give me one second. Sure, what time are you looking for, around? Do you have anything between 10 a.m. and 12?

Because this is an audio file, I think it's harder for the platforms to spot. Because text you can analyze fairly easily algorithmically. Video, I know YouTube has a whole thing which spots video as it comes through to spot copyright infringement. But audio file, I guess there's technology out there that can listen to audio files, but it strikes me that you're more likely to succeed spreading audio spam in a way and audio recording spam than you are text or video, I think. Do you reckon? I mean, that's my sort of sense for it. There's probably been less requirement for the technology companies to block audio, let's call it audio spam, for want of a better word. There's probably been less requirement of it where normally it is text or it will be an image or something like that. So I think you're probably right. And what a curious thing that this whole advice was initially spread via audio as well, rather than as a JPEG or something like that. It's interesting. The advice she goes on to give is, I think, something like 10 points of advice. Those points of advice are available as text. So people have been posting saying, okay, here's what you do. Here's the 10 steps to avoid or treat or in advance or whatever. But the interesting thing is I can't find any mentions of those specific points before the audio file starts. So I don't think the audio file is a recording of something already been going around. I think this has come from the audio file. But the other thing is two weird things about this. Number one, the stuff you've described, Graham, has a clear result. Four thousand pounds of dollars in Bitcoin for this. You know, a lot of these sites that get set up, it's like click to subscribe to our newsletter so we can give you updates, important health updates. and then they get the email address. With this, I can't see any gain or benefit. I can't see any results. They're not asking you for money. There's no... It's disruption, though. It's causing disruption. Exactly so. But the only motivation I can see for doing that is just the causing of disruption itself, which in a way makes it even more evil. Like if you're making money, fine. But if you're just doing this just to spread, for no other purpose, just to spread this information. I'm not as much of a conspiracy theorist about this kind of thing. I think it's more likely that it's just someone speaking nonsense, thinking that they're helping people.

answers you right away because he claims to work 24-7. I never sleep. So anyway, no, I just find it, as I say, I find it fascinating. It feels very different. I'm just intrigued to see how far I can track this one back. Well, I wanted to ask Geoff before I started my story a question. Is there a public figure or a persona that you really loathe. It doesn't even have to be for a serious reason, but someone you just can't stand. It's more good. I know that, Greg. I

know it's a classic one, but I do... Michael Gove just winds me up. Oh, yes. Just for Michael Gove. Yes, he has a little, yeah, weasely little... Seriously, I did once comb Michael Gove's hair. That's my claim to fame.

Okay, I'm going to circle back on that in the story later on. Okay, so it turns out that not everyone is feeling the pinch, right? Actually, it's not really a pinch that most of us are feeling. It's more like a steel-toed boot kick in the proverbial ballsack. Is your ballsack proverbial, Carole? Very much so. However, some people are quids in. Zoom, the video conferencing app, is one of these guys. Oh, yeah. On Sunday, nearly 600,000 people downloaded the app. It's biggest day ever. Wow. And this is all because of the outbreak. Zoom has added 2.2 million new users this year. That's more in three months than they added in all of 2019. Wow. So Zoom, just for those that don't know, Zoom is any video conferencing chat app. But I think what makes it special is it lets you connect with a much bigger group, like 20, 30, 100, something like that. You guys must have used it.

Oh, really? You can conference with up to 100 people on Zoom? I think so, yeah. That sounds hellish. No, but that's why it's really good for big classrooms. So classrooms are using it and meetings are using it because lots of people can get on and use it at the same time. Right. Oh, for goodness sake. I can't believe this. She's Rickrolled us. Okay, no, I just had to get it in somewhere. It's been a while. Okay, here's the real link. Here's the real link. There you go. So juvenile. it. Oh, there's some, right. So yes, there's sort of, there's sparkles. Just

wait till he pulls back.

He appears to have some sort of mafiosa hat on now and dark glasses. That's quite good for an Italian priest. So we're all kind of trying to get around this, right? Figuring out how to do all this remote conferencing. Yes. Wide asses? What are you talking about? Online wise asses. Sorry, no, I'm with you. I'm with you. I wasn't familiar with your vernacular.

Right, it's only been 20 years.

I think it's arse in the UK. Wise arse. Yes.

So these online wise asses, perhaps bored, trapped with a very powerful computer, and they've already found a way to disrupt all this remote working. And it's called Zoom Bombing. What? It's a great name, right? Whoever comes up with this name, it has to be good because, you know, it's going to help people share it if they like the name. Zoom Bombing. So, okay, let's imagine you two are having a digital tea party, okay, complete with Bakewell tarts and with that pink and yellow checkerboard cake thingy. Battenberg. Battenberg. King of cake. Oh, lovely. Yeah, king of cake. Okay, so you guys are sitting there with your tea and your cakes, right? And you're complimenting each other's sense of style. And suddenly, Piers Morgan and Michael Gove drop in on the call uninvited.

Oh, my God, that would be horrific. No, you'd probably spill tea everywhere. Oh, I'd vomit. Oh, so they join Zoom chats that are kind of open to the public, so kind of anybody can sort of...

Yes, because look, this is a public Zoom chat, right? So the idea that public can come in and ask questions to the musician and ask Chipotle about their brand new sandwich and whatever.

Brand new sandwich. I'll show you a sandwich.

It's a foot long. Sorry.

Is that a baguette or are you pleased to see me? No male. Sorry. Stop it. Right, behave, behave. Carole's trying to tell a story here. Yes. Chipotle are not the only people who have suffered this. Cara Swisher of popular tech pod Recode and Jessica Lessons were hosting a Zoom event focused on the challenges of women tech founders. And they were forced to abruptly end the event after just 15 minutes of conversation because the participant began broadcasting two girls, one cup. I've never seen it. I haven't either. No. I've heard of it. I've read descriptions of it. It's not fun.

Let's just say it comes back to our poop theme, shall we?

You don't get that in Chipotle. That's all I'll say. No matter how few cups they have, you'll never. Oh, wow. But it's interesting. I mean, basically what you're doing is you're setting up a kind of community driven chat.

Yeah.

So inevitably, if you just make it available to everybody, you've got to have somebody monitoring each person's input. Yeah. Of course. You can't let the great unwashed public loose on the internet because they're going to cause this kind of mischief, aren't they? So all the 14-year-old boys are going to think, oh, that would be really fun.

You know, so they tried to kick the person out, right, in a lot of these cases. But attempts to block the attack were thwarted because they would just simply re-enter under a new name. Yeah, yeah, yeah. And then share, you know, more gross clips. And these hosts and all these instances that I read about had to end the call.

So you can't block by IP address on Zoom, presumably.

Yeah, so I wanted to, why is this happening, right? So I was, oh, it's a public call. Okay, so there's this default settings that allow any meeting participant to share their screen without permission from the event's host. That is a big problem, I think. You know, surely you should have the event host person say, yes, I approve. You know, Piers Morgan, you can show whatever you want to show us.

Well, maybe what they should have is some way of people registering a user account with Zoom, but you can only actually share your screen after you've had an account for an hour or something like that, or a couple of days.

Yes, that's a nice way around it. You just delay the joy.

Yeah, it's slightly inconvenient if it's the first time and you wanted to join a conversation, but it's not disastrous. The one we were doing the other day, we had a multiple Zoom thing and there was, my picture of myself was in the middle, in the large frame. And then there were tiny little frames across the top of the other people. In order to have somebody share their screen and have it be the main picture, as it were, I don't understand who controls that. Surely somebody can't just go, well, I want to be the main picture that everybody sees. Do you see what I mean?

They start playing heavy trash metal.

Right. They start being the main event. Yeah, but if you've got 100 people on the call Carole, there's going to be more than one person talking, surely. These calls must be chaos.

I'm going to tell people how they can keep gate crashers out of their party. You can set up your Zoom to not allow any audience member to join the meeting before you do the host, right? So in Zoom, there's an option called join before host. Just make sure that's not on. Enable play sound when participants join or leave. It does create more noise but it also could alert you to the arrival of trolls. And this is a good one is disable file transfer and disable desktop screen share for users. So that means your audience that come in can listen and see what you do but they can't take over the screen. So you were saying earlier.

Yes, that's a good idea, yes. That seems to be a key button to press, that one, doesn't it? So maybe only their webcam is visible, but they can't share whatever porn they've got on their website or something like that. I mean, that would be helpful, wouldn't it? You could just hold up your mobile phone to your webcam with stuff on your mobile phone, I suppose. That's gross on it. I mean, that is a feasible workaround. Not that I'm trying to advise trolls on how you can work around this or anything, but yes, you've thought about this, Graham.

And the last thing is to disable, allow removed participants to rejoin. So booted out attendees can't slip back in. But again, they just can get a new username. Anyways, using Zoom is good, but be wary. Everyone else is jumping on the Zoom bandwagon. So don't expect excellent tech support for a while. And make sure you set it up properly if you're going to use it so you don't get Zoom bombed.

It's not just Zoom, actually, because of course, there's lots of students at the moment working from home. My lad is beavering away, allegedly, at his classwork on Google Classroom and also Zoom. Apparently, students are actually giving bad reviews to a lot of these apps which are used for homeschooling in the hope of disrupting their own homework. So they're giving bad reviews on the app stores because they think if they give enough bad reviews to Zoom and Google Classroom and others, they'll get kicked out of the app stores by the algorithm. So if you look right now in the app stores at some of these apps, they've all suddenly got this slew of one-star reviews from all the kids who are fed up with them. That's just delicious. So many of us now are realizing that moving to a fully work-from-home environment isn't always easy, but LastPass is here to make that transition easier, all without decreasing security. And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily. Should not be. Well, my Pick of the Week this week is not security-related because I reckon that you need some entertainment while you are quarantined. And if the niche websites, which we've mentioned in today's episode, aren't quite good enough for you, then maybe you should go to the Internet Archive because they have a collection of around about 7,000 classic MS-DOS games from the era before Windows, and you can play them inside your browser.

Cool. I'm going to guess your games there. That's why we're bringing this up, isn't it?

Well, actually, Carole… Have you got a game, Graham? What's that? Oh, did I never mention it? I did used to write computer games back when I was a student. And so I did find SimCity. I didn't write that one. I found the likes of Xenon 2 Megablast, which I have to say, emulated is just as good as Xenon 2 Megablast is. Leisure Suit Larry is just as rubbish. But I also did search for some of my games. There's one or two of them up there. If you would look for the game Humbug, if you like a classic text adventure game.

Do you still mail out the maps if they give you $10?

No, no, no. You can't write to me any longer. It's all been released into the public domain now. But go and check out Humbug. Anyway, it's really fun. And if you want to show kids how rubbish games used to be, they'll think they're rubbish. They're actually not rubbish. These are brilliant games. But you might be surprised.

How could they think it's rubbish when they play, what's that thing they play? Minecraft. Minecraft, Fortnite, all those sort of things. Overwatch, yeah, they play all of those, don't they? No, I didn't know that.

No. This is adenosine triphosphate.

Oh yes, I knew that. Yes.

When your muscles contract, they have to attach to each other to contract. The muscle strands attach. And to attach, they have to bind using a phosphate molecule. So adenosine triphosphate is the thing they use for this. And obviously, they lose a phosphate molecule, so it becomes adenosine diphosphate, ADP. So to keep your muscles working, somehow you've got to take ADP and add a phosphate molecule to replenish your energy. How you do this is inside your cells, you have mitochondria, which is the bit of your cell that does the energy producing. Inside the mitochondria is a water wheel. I'm not using that as an analogy or a metaphor. According to this book, there is a literal biologically built mechanical water wheel in the cell. Protons, protons fall through a hole above the mechanical water wheel and they turn the wheel. At the other end of the wheel is another wheel that picks up a phosphate molecule, smooshes it together with ADP, diphosphate, two phosphates, to create ATP, triphosphates. And that is happening. OK, so here's the figures. You have, guess how many mitochondria you've got inside you, first of all. Have a guess.

A gazillion.

No, come on. That's not even a number. I don't know. Well, it is. 30,000.

Oh, God, what? No, higher than that. 100,000. A million. Higher. What are you, Bruce Forsyth? Play your cards right. So I was right the first time.

That is two football fields. And those little protons I talked about that go through the water wheel.

Hang on, what do you mean it's two football fields? What does that mean?

Well, it's a surface area of two football fields. So if you unfolded them all out and put them side by side, flat.

So that's why some of us are more robustly shaped than others, because we have more mitochondria?

It's true, You're bulging with mitochondria. That's my issue. Those protons that power the water wheel, you've got a billion quadrillion of those. I thought I was just big boned. In fact, it's all water wheels.

You see, this is what lockdown does to people, right? It lets you really dive into the things that entertain you most.

I think this is cool. So it's "A New Map of Wonders" by Caspar Henderson, and you've got this in the crazy format of a genuine paper book.

Yes, I literally thumbed through it with my actual physical fingers. I was just thinking, you know, fck you, Geoff, because we can't actually order stuff now that's non-essential. I don't think this counts.

I think Amazon will bring pretty much anything to you still.

Oh, really?

I think so, yeah.

Just because it can doesn't mean it should.

Please take us away from here. What's your pick of the week?

We've been playing this game. This is what we've been doing for fun of an evening, being trapped indoors for many, many days. So here you go, there is a link. I want you to guess that song. It's 8-bit.

It's 8-bit, yes. So you get to play the 8-bit guess that song game. It's "Revolution" by the Beatles.

Yes. And it's... Okay, so if you go to their playlist...

So this is a YouTube channel, 8-Bit Universe.

Yeah, 8-Bit Universe YouTube channel. If you go to their playlist, they have their first one. It's 8-Bit Without Vocals, which is the one that I think is the one you should play. And they have 2,000 songs, and you just can race through those. And there's stuff for everybody.

So how are these made? Is it that someone has programmed them, or do they have some program which takes a piece of music, or maybe the MIDI of the music, and then makes it 8-bit retro style?

I imagine considering how many they have here... I mean, they have a lot of subscribers as well. But they have 2,700 songs just in this one playlist.

Oh, they've got a huge playlist, haven't they? Oh, this is brilliant. This is the rest of the week for me.

Yeah, fantastic. You're welcome, Geoff. Listeners, you are welcome. The link is in the show notes. This is a YouTube channel by 8-Bit Universe. Check out "Play That Game" and "Guess That Song."

And on that note, it just about wraps it up. Geoff, I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that, or indeed to tell you about that WhatsApp bizarre message spreading around? Yes, the audio message, the Dr. Negrin hoax. I am Geoff White, 247. Geoff with a G, White like the colour, and then the numbers 247 on Twitter. That's the best way. Cool. And you can follow us on Twitter at Smash Security. No G. Twitter wouldn't allow us to have a G. And you can also join our Reddit subreddit. Just search for Smashing Security up there.

Mega mega thank you guys for listening to us and supporting us, especially during a viral pandemic. Huge huge thank you as well to this week's Smashing Security sponsor, LastPass. It is continued support like this that helps us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us. Until next time, cheerio bye! So how clean are your houses? No one's coming over. Are you leaving your gross old pants on the floor and no one cares, or are you kind of...

Who's wearing pants? We're working from home. Oh, God. The image. The image.