What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down the author of one of history’s biggest virus outbreaks? And what on earth is a hacker doing breaching Roblox security?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by our man-in-Manila, technology journalist Geoff White.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Newsflash!
Newsflash!
Smashing Security has made it to the finals of the European Security Blogger Awards.
If you can be arsed, please go to smashingsecurity.com/vote and vote for your favorite security podcast.
Voting closes on the 11th of May, so don't delay or I'll electrocute your eardrums. That's smashingsecurity.com/vote.
If you can be arsed, please go to smashingsecurity.com/vote and vote for your favorite security podcast.
Voting closes on the 11th of May, so don't delay or I'll electrocute your eardrums. That's smashingsecurity.com/vote.
Now, on with the show.
Smashing Security, Episode 177: Elon Musk, Roblox, and Lovebug Author Found, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 177.
My name is Graham Cluley.
My name is Graham Cluley.
And I'm Carole Theriault.
And we're joined this week by returning guest, it's Geoff White. Hello, Geoff.
Hi, how you doing?
Hello, Geoff.
Hi, Geoff. Good to have you back now. Yes, exactly.
So something we need to raise, Geoff, is that as well as doing Cybercrime Investigations, that podcast of yours, you've also launched another podcast, haven't you? Earworm Island.
So something we need to raise, Geoff, is that as well as doing Cybercrime Investigations, that podcast of yours, you've also launched another podcast, haven't you? Earworm Island.
Yes.
Maybe you can tell our listeners who might not have heard Earworm Island, what's the premise of Earworm Island?
It's quite simple. So basically each week the guest gets to send their worst enemy to a desert island with the four most terrible records ever made and a completely useless object.
That's pretty much it. Similar to other desert-based radio programmes you may have heard.
That's pretty much it. Similar to other desert-based radio programmes you may have heard.
Now, so I was fortunate enough to be the first guest on Earworm Island.
You were a great guest too.
Thank you very much. You were a wonderful host. And I took along, of course, celebrity popera quadruplet, Il Divo is who I sent.
And then apparently you also spoke to Rik Ferguson, who we had on Smashing Security last week.
And then apparently you also spoke to Rik Ferguson, who we had on Smashing Security last week.
I know, that was so weird how we slalomed through that.
That was—
I didn't know that he was going on your show.
I think Rik has basically become a podcast tart. And then your next guest was—
It was Carole, yes.
Yeah. Yeah, Carole.
Well, I should say, I don't dictate, you know, what the guests do on the show. They just come on.
So that's what I wanted to raise, because—
What's your problem, Graham? Geoff, are you happy with the episode?
Oh yeah, yeah, yeah, yeah. They've all been fantastic.
I was happy too.
Yeah.
So, Carole, you're the person you wanted to confine on this desert island and inflict pain on with some of the worst records ever.
No, no, no.
That was who exactly?
The person I wanted to help improve was you.
Yes. And I didn't know you were going to do that, did I?
No.
That was something of a surprise for me.
You could have got there first, Graham, I have to say.
It's just—
Because you're not evil.
That's the difference, you see, Geoff.
That's the difference between me and you. Me and my co-host is nasty.
Look, I was doing it as a favor. You say no news is bad news, right? So you like to be in the press. So I just thought, hey, I'll give you another hit. You're welcome.
Thank you both for coming on. We're all friends now. Yes, totally.
I'm everybody's friend always.
Working on it. Carole, what's coming up on the show this week?
Well, first, thanks to this week's sponsors, Oracle Domain Tools and LastPass. Their support helps us give you this show for free.
Now, on today's show, Graham is going to give us a password update.
Geoff tracks down a notorious hacker and gets the lowdown, and I'm exploring the world of Roblox and find out how a hacker upset the apple cart.
All this and much more coming up on this episode of Smashing Security.
Now, on today's show, Graham is going to give us a password update.
Geoff tracks down a notorious hacker and gets the lowdown, and I'm exploring the world of Roblox and find out how a hacker upset the apple cart.
All this and much more coming up on this episode of Smashing Security.
Now, chums, amidst all the misery, all the gloom, the pandemic, the dystopian nightmare that we are all living through, we have some happy news.
Yes, a child has been born just a few days ago.
Yes, a child has been born just a few days ago.
I think there's children born quite regularly, Graham.
Not a child like this, because this is a child born of our saviour, the SpaceX and Tesla billionaire Elon Musk, who one day will be packing us off to Mars for the safety of humanity.
Just a few days ago, he was making headlines by calling for the end of lockdown. Did you see him on Twitter?
Just a few days ago, he was making headlines by calling for the end of lockdown. Did you see him on Twitter?
Oh no, I didn't see that. I saw that he was trying to sell his house. He was like, "I'm going to be homeless. I'm not going to be in a home. No home ownership for me."
He wants to sell all his possessions, his mansions. They've been listed online. He's got a $30 million, 7-bedroom, 11-bathroom house in Bel Air.
I'm always freaked out by houses that have got more bathrooms than bedrooms.
'Cause isn't that a bit— That's true.
I don't know if that just implies bowel problems to me.
No, no, but you have a powder room downstairs. And then of course in the gym, you've got a bathroom, and in the cinema room. Oh, that's true.
And also, you might want a his-and-hers bathroom, but you might not want a his-and-hers bedroom. You might want to say, "Oh, sorry, we haven't got a spare bed.
You're going to have to share with me." Right? Because all the 6 bedrooms are full.
You're going to have to share with me." Right? Because all the 6 bedrooms are full.
It's 2020, Graham. I don't think that's how it works anymore.
Jeez. Anyway, he said various things. He also said that Tesla's stock was massively overvalued in his opinion, which sent his share price tanking.
Which are not things for him to say, because I remember he's gone a little bit postal before on Twitter and has had an impact on his share price.
So much so that he's actually been told the lawyers have to— he has to run any controversial tweets past them.
So he can't have done this on this occasion because he went the full McAfee, right? He would never go the full McAfee.
Which are not things for him to say, because I remember he's gone a little bit postal before on Twitter and has had an impact on his share price.
So much so that he's actually been told the lawyers have to— he has to run any controversial tweets past them.
So he can't have done this on this occasion because he went the full McAfee, right? He would never go the full McAfee.
Did he ever go totally apeshit on Twitter? Oh, he always does. Yeah.
Guess it's context. Well, there was the whole thing around the submarine.
Yes, the submarine thing is the only one that comes to mind for me. I don't follow him, so—
I don't follow him either. I think he quite likes to troll people and act quite bizarrely. Now, I was wondering, why has he done all this?
And it's not a presidential bid, although I'm sure that will be coming. I'm sure it's only a matter of time.
And it's not a presidential bid, although I'm sure that will be coming. I'm sure it's only a matter of time.
I don't know if he'd want all those headaches, all the bureaucracy. I don't think that's his style.
The power, though. I mean, the power you get as president. I think that— I don't know. I can see it. I can see it. OK, interesting.
He could declare himself Lord Mayor of Mars or something, couldn't he? I mean, if he gets there first.
Well, the answer as to why he's acting so peculiarly may be that he's having a little bit of stress at home where he lives with his girlfriend Grimes. Are you familiar with Grimes?
Well, the answer as to why he's acting so peculiarly may be that he's having a little bit of stress at home where he lives with his girlfriend Grimes. Are you familiar with Grimes?
She's a singer or something. She is. Yeah, I know that. I know Grimes.
Now, she's not very happy with some of his tweets. Maybe she has some Tesla stock. She's dating Elon Musk? Oh, for a couple of years, I think.
I didn't know that. See, I don't follow this stuff.
I'm Googling the photos. Hang on.
So basically we've got Grimes and we've got Musk, which is quite a combination.
They should make a perfume, a scent together. Oh yes.
It sounds like a house full of cleaning products, doesn't it? Get Grimes. The toughest stains.
Get Musk. Well, that's not the only source of tension, is the share price, because they've just had a flipping baby together. They have had an offspring, a little Musk.
Was welcome to planet Earth. It was announced on Monday by Elon, and he posted a picture of his newly born with tiny face tattoos over it.
So, which I think had been added via Photoshop. I hope so.
Was welcome to planet Earth. It was announced on Monday by Elon, and he posted a picture of his newly born with tiny face tattoos over it.
So, which I think had been added via Photoshop. I hope so.
That's his picture? He put those things on his kid?
Well, that is the picture he posted. I can't imagine they've really—
And what does it say? I see savage.
Savage, and there's some sort of weird symbols of a snake and I don't know.
Also, the look— I mean, the picture, just looking at it, there's the tattoos, but it also looks like it's been sort of Photoshopped to make the look— The eyelashes are upside down.
Yeah, the eyelashes and lips are more sumptuous. It looks like the baby's wearing makeup as well as tattoos.
Yeah, the eyelashes and lips are more sumptuous. It looks like the baby's wearing makeup as well as tattoos.
This is weird. So it's not his kid, it's just a kind of—
Who does that? It might be an Instagram filter, maybe. You know how sometimes, you know, the likes of the Kardashians sort of touch themselves up. Yes.
Now, you might be wondering what Musk Minor is going to be named. That's an obvious question. You know, how much is the baby? You know, how does it measure?
Now, you might be wondering what Musk Minor is going to be named. That's an obvious question. You know, how much is the baby? You know, how does it measure?
Does it weigh? That's exactly what I'm thinking about. I'd love it if it's something really boring.
Going "Kenneth." Yeah. "Kenneth." "Daryl's." Well— This is Elon, this is Grimes, this is Kenneth.
The name is X capital diphthong A-12 Musk. No. So, now according to— So that's what Elon said.
And everyone thought, "Oh, he's having a joke." And then Grimes chipped in, and she explained the name.
And everyone thought, "Oh, he's having a joke." And then Grimes chipped in, and she explained the name.
Okay, okay, go.
So X, that represents the unknown variable. The capital diphthong, that is a— I think people call it ash or something, that particular character these days.
It's the Elven symbol of AI, which can mean love and/or artificial— The Elven? Yes. What does that mean? As in Lord of the Rings. Oh, AI.
It's the Elven symbol of AI, which can mean love and/or artificial— The Elven? Yes. What does that mean? As in Lord of the Rings. Oh, AI.
Okay, okay, good. So Lord of the Rings with artificial intelligence. Love, artificial intelligence.
Okay, this is deep. Carry on. A-12 is the precursor to the SR-17, of course. That's their favourite aircraft. It doesn't have any weapons, no defences, just speed.
Great in battle, but non-violent, she says.
Great in battle, but non-violent, she says.
So if they have a second child, they're going to have the second favourite aircraft.
And A equals Archangel, she says, which is her favourite song.
So that's the name of the new Musk, which is going to be a challenge, I think, when they fill in the birth certificate. As to whether the form's going to accept it.
And now, are you— X for short, so that's what's gonna happen. You might be wondering, why am I bringing this up on Smashing Security?
So that's the name of the new Musk, which is going to be a challenge, I think, when they fill in the birth certificate. As to whether the form's going to accept it.
And now, are you— X for short, so that's what's gonna happen. You might be wondering, why am I bringing this up on Smashing Security?
Yeah, didn't someone complain saying, look, could you just talk a bit more about some security stuff, please?
Well, I think the explanation of this might be that this is actually Elon Musk's tribute to World Password Day, which is today, Thursday the 7th of May.
As is every first Thursday in May, is officially World Password Day, when we're all reminded how important passwords are and about password security. Every year?
No, the first Thursday in May.
As is every first Thursday in May, is officially World Password Day, when we're all reminded how important passwords are and about password security. Every year?
No, the first Thursday in May.
The first Thursday in May. So every year we have a World Password Day. Okay, great.
That has been the case since 2013. This initiative was all started by Intel. They created a website called passwordday.org and launched it on Thursday, the 7th of May in 2013.
And they continued to promote the event, you know, every year for a few years, and then they got a bit bored of it.
And they continued to promote the event, you know, every year for a few years, and then they got a bit bored of it.
Well, I still firmly celebrate this every year. So every year I faithfully write my password on a billboard, and I go out down the street with a klaxon.
Is that how everybody's supposed to celebrate World Password Day? Make sure you do it with a mask if you're going to do this. Yes, of course. Of course, yes.
Is that how everybody's supposed to celebrate World Password Day? Make sure you do it with a mask if you're going to do this. Yes, of course. Of course, yes.
Well, I was thinking maybe Elon had actually chosen his child's name with a password manager, because he's got a funny character in there.
He's got a mixture of capitals and lowercase. And I thought it's probably fairly unique, I think. I can't imagine there's many more of them out there.
And then I thought, well, maybe, you know, people keep on saying that passwords are dead, right? And that passwords are gonna be replaced by something else.
He's got a mixture of capitals and lowercase. And I thought it's probably fairly unique, I think. I can't imagine there's many more of them out there.
And then I thought, well, maybe, you know, people keep on saying that passwords are dead, right? And that passwords are gonna be replaced by something else.
Sorry, can I interject? How is X gonna be able to open any accounts with his name?
I didn't know you're so familiar with them that you could just call them X, girl.
How do you write Æ on a phone? It's not easy. It's annoying. He's gonna hate his dad. He's gonna hate him.
Isn't there some rule as well about what you can call a child? Like, I don't think in the UK you can call a child Jesus. Obviously Jesus in Latin American countries you can.
So I think if you tried to register a child as X, I don't know whether you can register that birth with that name. I don't know.
So I think if you tried to register a child as X, I don't know whether you can register that birth with that name. I don't know.
I don't know what the rules are in the US. I'm sure there are rules in some— I'm surprised you can't call a Baby Jesus in this country? I don't think you can.
I don't know.
So I said Baby Jesus. I didn't say Baby Cheeses, like Babybel.
You probably could name your kid Baby Cheeses.
Now, a company called ID Agent, for World Password Day, they have been looking through their database of past breached passwords.
They went through over 2 billion breached passwords, and they came up with some of the most common ones, right? So lots of people are still using sports teams.
This is 2020, and people are still doing this. Apparently, the number 1 sports team or sports slogan is Roll Tide. I don't even know what that means.
Yankees, the Steelers, Eagles, and Red Sox. And then people are choosing sports like baseball, football, and soccer. Superheroes. The top superhero or cartoon character is Tigger.
They went through over 2 billion breached passwords, and they came up with some of the most common ones, right? So lots of people are still using sports teams.
This is 2020, and people are still doing this. Apparently, the number 1 sports team or sports slogan is Roll Tide. I don't even know what that means.
Yankees, the Steelers, Eagles, and Red Sox. And then people are choosing sports like baseball, football, and soccer. Superheroes. The top superhero or cartoon character is Tigger.
It's probably kids.
Well, maybe, yeah. I mean, I suppose better that they're— Is it better that they're using Tigger and Snoopy than Password? No, no. So how about this, Carole?
You're a bit of a muso, right? The top songs and bands. The number one apparently is Blink-182.
You're a bit of a muso, right? The top songs and bands. The number one apparently is Blink-182.
Oh yeah. Yeah. I was a big Blink-182 fan.
Rush, 2112, then The Beatles, Blondie. Blondie? In this day and age, would that really be the fourth most common band using puzzles?
And the other one which confused me, and I've Googled it, is 867-5309, which apparently is some pop song. I think it's meant to be a girl's number in a song.
It doesn't ring any bells with me. No idea.
And the other one which confused me, and I've Googled it, is 867-5309, which apparently is some pop song. I think it's meant to be a girl's number in a song.
It doesn't ring any bells with me. No idea.
You're over 50 though, Graham, so that's good.
That's true, that's true.
Number 5 most popular. So that's odd, isn't it?
So say ID agents. And I'm always like, I don't know really. I mean, yeah.
Oh, by the way, I just Googled the thing with Jesus. I think you can call a kid Jesus in the UK.
Apparently there aren't that many restrictions.
So I may have been misinformed. Put fake news out there.
Okay. So what I think this is actually saying is of all the passwords we looked at, some of them had sports teams. Here they are, right? So—
And they've tried to categorise them and come up with a list of them.
Yeah. So I think the list is, 'cause they didn't want to put out the same news that everyone else puts out, is the number one word is password, and then it's password123, you know?
And then it's 123456.
And then it's 123456.
So, I think Elon has maybe given other people a great idea.
So, if you haven't already started using some sort of random character generator or a password generator to generate stronger, more unique passwords, just like he's named his child.
So, if you haven't already started using some sort of random character generator or a password generator to generate stronger, more unique passwords, just like he's named his child.
Are you suggesting people start naming their kids following his lead?
Well, Carole, it's an approach, isn't it? You know, as we haven't had much success getting people to choose stronger passwords. Maybe if everyone had a crazy user ID.
Hey, maybe rather than creating unique passwords for every site, maybe we should all create unique usernames instead. So you have a different username for every single site.
Hey, maybe rather than creating unique passwords for every site, maybe we should all create unique usernames instead. So you have a different username for every single site.
Yeah, that'd be so easy to manage.
Also, can I just point out, if Graham's onto something here— I'm not. It would be a first. But if Graham's onto something here, hasn't Elon Musk just given everybody his password?
Oh, good point. By naming and tweeting. Yeah, well, I think—
Oh, good point. By naming and tweeting. Yeah, well, I think—
I mean, Elon Musk clearly is barking mad, but very rich. And therefore very powerful. And potentially very prone to legal action. So let's swiftly move on.
Geoff, what have you got for us?
Geoff, what have you got for us?
Well, I've been quite busy this week.
Yes, you have, haven't you?
I'm settling in with a cup of tea for this story because I can't wait to hear it.
Tell us why you're in the news, Geoff.
It's more the story that's in the news more than me, but this is the 20th anniversary this week of the Lovebug virus, the I Love You letter.
And it was 4th of May, 2000, it was launched. You guys must remember.
And it was 4th of May, 2000, it was launched. You guys must remember.
Oh yeah. We were working together. We were first responders because we were PR, 'cause we had to talk about what we'd done with the labs, how we'd helped defend against it.
It was a big deal.
It was a big deal.
I was in Stockholm that day, actually.
I was giving a talk and during a break, lots of people turned on their phones and their phones started bleeping and they came up to me and said, hey, have you heard of a virus which sends love messages?
And I said—
I was giving a talk and during a break, lots of people turned on their phones and their phones started bleeping and they came up to me and said, hey, have you heard of a virus which sends love messages?
And I said—
Hadn't you been talking about some love-related virus?
I had, yes.
The funny thing was that morning I'd been telling people about funny viruses and I said, oh, there was this virus called No Smoking and what it could sometimes do is send a message, a network broadcast message saying I love you or something, or I'm in love with you.
And I was joking about the problems that could cause in the office. So I'd made this joke and then we broke for coffee and things.
Everyone's pagers started going off and they said, is that thing, is that in the wild? And I said, oh no, no, no, no, you know, you're not likely to encounter it.
And they said, well, we've just been bombarded with love messages. And it was the Lovebug that day.
The funny thing was that morning I'd been telling people about funny viruses and I said, oh, there was this virus called No Smoking and what it could sometimes do is send a message, a network broadcast message saying I love you or something, or I'm in love with you.
And I was joking about the problems that could cause in the office. So I'd made this joke and then we broke for coffee and things.
Everyone's pagers started going off and they said, is that thing, is that in the wild? And I said, oh no, no, no, no, you know, you're not likely to encounter it.
And they said, well, we've just been bombarded with love messages. And it was the Lovebug that day.
I worked for an internet company at the time. I just remember being in the office and people just kept falling for it.
Every time you looked up from your desk, there was a new person sort of staring at their computer and phoning IT support. It just went around like wildfire.
It's 45 million machines, it's estimated. Yeah, it was huge, it was huge. What was interesting was a lot of the damage it caused was it flooded email servers.
So basically you just got inundated with messages because it was a self-replicating worm.
So for every person who got hit, it would attempt to send a copy of itself to everybody in their Microsoft Outlook contacts. We call them mass mailers.
So interestingly, it was the disconnection of stuff that caused a lot of the disruption, because it wasn't that you got hit by Lovebug necessarily, but you'd had to unplug all of your email server.
So I find that interesting in that if you look at coronavirus, the period we're in now, a lot of the economic damage is being caused not by the virus itself but by the measures we're having to take to prevent the virus propagating.
So I find it's an interesting sort of echo down the line because we've disconnected rather like the Lovebug virus made us disconnect.
So anyway, so they traced— so the part is a password-stealing virus as well.
It was stealing passwords and it was sending them to an email address investigators tracked the email address to Manila.
They had a couple of suspects at the time, but there was no law at the time in the Philippines against computer hacking. Yeah, so they tracked back to an apartment.
A couple of people connected with the apartment were computer science students at a local college, notably a guy called Onel de Guzman and a friend of his called Michael Buen.
So, you know, these guys, you know, they did a press conference, people asked them and stuff, but there was no law against hacking.
And Onel de Guzman when asked about this, said, "Oh, it's possible maybe I released it by accident, don't know." And then that was it.
You know, everybody packed up and there was nothing more could be done.
Every time you looked up from your desk, there was a new person sort of staring at their computer and phoning IT support. It just went around like wildfire.
It's 45 million machines, it's estimated. Yeah, it was huge, it was huge. What was interesting was a lot of the damage it caused was it flooded email servers.
So basically you just got inundated with messages because it was a self-replicating worm.
So for every person who got hit, it would attempt to send a copy of itself to everybody in their Microsoft Outlook contacts. We call them mass mailers.
So interestingly, it was the disconnection of stuff that caused a lot of the disruption, because it wasn't that you got hit by Lovebug necessarily, but you'd had to unplug all of your email server.
So I find that interesting in that if you look at coronavirus, the period we're in now, a lot of the economic damage is being caused not by the virus itself but by the measures we're having to take to prevent the virus propagating.
So I find it's an interesting sort of echo down the line because we've disconnected rather like the Lovebug virus made us disconnect.
So anyway, so they traced— so the part is a password-stealing virus as well.
It was stealing passwords and it was sending them to an email address investigators tracked the email address to Manila.
They had a couple of suspects at the time, but there was no law at the time in the Philippines against computer hacking. Yeah, so they tracked back to an apartment.
A couple of people connected with the apartment were computer science students at a local college, notably a guy called Onel de Guzman and a friend of his called Michael Buen.
So, you know, these guys, you know, they did a press conference, people asked them and stuff, but there was no law against hacking.
And Onel de Guzman when asked about this, said, "Oh, it's possible maybe I released it by accident, don't know." And then that was it.
You know, everybody packed up and there was nothing more could be done.
And the world was screaming blue murder and they were going, "We can't do anything."
And for anyone who's listening who wasn't working in IT at the time, because this was 20 years ago, this was the biggest virus outbreak we had ever seen.
There'd been nothing like it. And to be honest, there wasn't much quite like it in the years since either. It was one of the biggest outbreaks in history.
There'd been nothing like it. And to be honest, there wasn't much quite like it in the years since either. It was one of the biggest outbreaks in history.
It really set, you know, it set the benchmark.
And one of the things I've talked about in the book I'm publishing in August is, you know, that prior to Lovebug, it's not quite as binary, but prior to Lovebug, it was quite difficult to, A, you know, infect lots of people and get a good base of infections, but also it's quite difficult to make money out of that stuff.
And I really feel in 2000 that changed.
Suddenly it's like, yes, you can infect millions of people, And obviously one of the effects of that is, well, then millions of people can potentially be robbed, defrauded, and so on.
So yeah, you're right. I think it really was a sea change. I mean, I've talked about, you know, the world's first global computer virus. There was obviously Melissa before in '99.
And one of the things I've talked about in the book I'm publishing in August is, you know, that prior to Lovebug, it's not quite as binary, but prior to Lovebug, it was quite difficult to, A, you know, infect lots of people and get a good base of infections, but also it's quite difficult to make money out of that stuff.
And I really feel in 2000 that changed.
Suddenly it's like, yes, you can infect millions of people, And obviously one of the effects of that is, well, then millions of people can potentially be robbed, defrauded, and so on.
So yeah, you're right. I think it really was a sea change. I mean, I've talked about, you know, the world's first global computer virus. There was obviously Melissa before in '99.
That was pretty big at the time. I mean, that was the biggest to date at the time.
They reckon about a million machines with Melissa, and it certainly didn't generate the kind of headlines.
The Melissa guy, David L. Smith, wrote the Melissa word macro virus. He was in America. Ended up getting caught, given a prison sentence eventually.
But with de Guzman, nothing seemed to happen.
But with de Guzman, nothing seemed to happen.
Exactly. So for the book, I wanted to start the book somewhere. I was thinking, where do you start the history of cybercrime if you're going to write about it?
And the reason I chose the Love Bug was, A, as you say, it's a massive thing. B, it was my first sort of failed attempt at journalism.
I sent a badly written article to The Guardian newspaper and they wrote back and said, we're not going to print your article.
And by the way, sending us an email titled Love Bug during the middle of an outbreak called Lovebug isn't exactly the smartest move.
And the reason I chose the Love Bug was, A, as you say, it's a massive thing. B, it was my first sort of failed attempt at journalism.
I sent a badly written article to The Guardian newspaper and they wrote back and said, we're not going to print your article.
And by the way, sending us an email titled Love Bug during the middle of an outbreak called Lovebug isn't exactly the smartest move.
That's quite funny, Geoff.
Geoff, I sent out a newsletter this week to my subscribers, and I mentioned the 20th anniversary of the Lovebug, and I called the subject line of my newsletter, because I'm just childish, I said, 'Kindly read the attached newsletter coming from me,' which is a kind of spoof of the message that the Lovebug had sent.
And I did get some people coming back to me saying, "I'm not sure I trust this email." I'm not going to open this.
Geoff, I sent out a newsletter this week to my subscribers, and I mentioned the 20th anniversary of the Lovebug, and I called the subject line of my newsletter, because I'm just childish, I said, 'Kindly read the attached newsletter coming from me,' which is a kind of spoof of the message that the Lovebug had sent.
And I did get some people coming back to me saying, "I'm not sure I trust this email." I'm not going to open this.
But the other thing I find fascinating about Lovebug is time, and it's always people opening emails, clicking links. Very often that's the source of the infection.
It's still the hacker's number one way in.
And if you think of what you need to do to trick people to open the message, the lure that you're going to need, the Lovebug was the best lure ever created because it's got universal appeal.
The one thing everybody in the world wants is love. You could not come up with a better lure for an email. It was inspired, absolutely inspired. Yeah.
So I thought, I'm going to settle this dilemma. You know, who created Lovebug? There was two people. There was Onel de Guzman and Michael Buen.
Michael Buen, as far as I can work out, still in the Philippines, still a coder. He's a very smart guy. He's very witty. And there's some stuff in the Lovebug, some little in-jokes.
And I looked at it and I looked at Michael Buen and I thought, you know, he does look like the kind of guy who, you know, might have written it.
So I started getting in touch with him, sent him many messages, and he just didn't reply. Onel de Guzman just went underground, never heard of again.
It's still the hacker's number one way in.
And if you think of what you need to do to trick people to open the message, the lure that you're going to need, the Lovebug was the best lure ever created because it's got universal appeal.
The one thing everybody in the world wants is love. You could not come up with a better lure for an email. It was inspired, absolutely inspired. Yeah.
So I thought, I'm going to settle this dilemma. You know, who created Lovebug? There was two people. There was Onel de Guzman and Michael Buen.
Michael Buen, as far as I can work out, still in the Philippines, still a coder. He's a very smart guy. He's very witty. And there's some stuff in the Lovebug, some little in-jokes.
And I looked at it and I looked at Michael Buen and I thought, you know, he does look like the kind of guy who, you know, might have written it.
So I started getting in touch with him, sent him many messages, and he just didn't reply. Onel de Guzman just went underground, never heard of again.
And we don't know why he went underground? Like, we don't know what led to that? He just disappeared?
He just disappeared, yeah, yeah. There was also gossip that he'd been hired by Microsoft and that he worked in the US and all this stuff.
Then there was a little comment, like one comment on a forum, on an internet forum, from somebody who said 'Oh, I think I saw him in a market in Manila.
I think he was working in a mobile phone shop.' And they named where the market was. I thought, well, I'm going to the Philippines anyway to research another story.
I thought, I'll just go to the market. I'll pop by. So I looked—
Then there was a little comment, like one comment on a forum, on an internet forum, from somebody who said 'Oh, I think I saw him in a market in Manila.
I think he was working in a mobile phone shop.' And they named where the market was. I thought, well, I'm going to the Philippines anyway to research another story.
I thought, I'll just go to the market. I'll pop by. So I looked—
'Hi, I've got a broken phone. Could you fix it for me?' 'I love you.'
But this market is like chaos. You can imagine a market in back streets of Manila, and there's dozens of mobile phone shops.
And I thought, well, I'm here now, I've done some desperate things, I'm going to do a desperate thing.
So I wrote his name on a piece of paper and I literally went around the market showing it to people just in these phone shops.
And I was just— and of course, you know, I'm taller and lighter skinned than most of the people there. I just look like a tourist dad who'd lost his kids.
I was like, hello, have you seen this man?
And I thought, well, I'm here now, I've done some desperate things, I'm going to do a desperate thing.
So I wrote his name on a piece of paper and I literally went around the market showing it to people just in these phone shops.
And I was just— and of course, you know, I'm taller and lighter skinned than most of the people there. I just look like a tourist dad who'd lost his kids.
I was like, hello, have you seen this man?
Oh, so there wasn't a risk that other cybercrime investigators might be at the market, see you holding Onel de Guzman's, and think you were de Guzman.
But then somebody said, oh yes, I know him, I remember him. I said, really? He said, yeah, yeah, he works at this mall, the shopping mall across town.
So I went over there and I go around the mall with my little sign with his name on, and I get to the very back of the mall, like the real cheap bit of the mall, the cheap booths, and somebody says, oh yeah, he works at that booth down there.
So I went down there.
So I went over there and I go around the mall with my little sign with his name on, and I get to the very back of the mall, like the real cheap bit of the mall, the cheap booths, and somebody says, oh yeah, he works at that booth down there.
So I went down there.
Oh my goodness. And I thought, surely not.
And I go to this booth and there's a guy there and I look, he doesn't look much like Onel de Guzman. And it wasn't him, it was his colleague.
And he said, oh yeah, Onel works here, but he'll be back tomorrow, it's his day off. And I was flying out the next day at 7 PM. I said, what time do you turn up to work?
And he generally turns up about 3 or 4. I was like, oh no.
And I just thought, well, he's not going to talk, obviously he's not going to talk to me, I'm a journalist, why on earth would he do that? And B, he's going to turn up late.
He's got every opportunity to dodge this interview. But I'm here now. So I spent two days in the shopping mall. I didn't leave. I stayed there.
And sure enough, the next day he turns up. And I sat down with him, and I was expecting him to, you know, I was expecting to have to put my evidence to him and finally force him to.
But he just started, he just started talking about it and just admitted it pretty much straight off, to the point where I was so paranoid I thought, well, this must be a wind-up.
This can't be the real guy. So I was making notes in my notepad, and I just thought, well, how can I prove this is actually Onel de Guzman? And I noticed he had moles on his face.
So I started drawing in my notebook a map of where the moles were.
And he said, oh yeah, Onel works here, but he'll be back tomorrow, it's his day off. And I was flying out the next day at 7 PM. I said, what time do you turn up to work?
And he generally turns up about 3 or 4. I was like, oh no.
And I just thought, well, he's not going to talk, obviously he's not going to talk to me, I'm a journalist, why on earth would he do that? And B, he's going to turn up late.
He's got every opportunity to dodge this interview. But I'm here now. So I spent two days in the shopping mall. I didn't leave. I stayed there.
And sure enough, the next day he turns up. And I sat down with him, and I was expecting him to, you know, I was expecting to have to put my evidence to him and finally force him to.
But he just started, he just started talking about it and just admitted it pretty much straight off, to the point where I was so paranoid I thought, well, this must be a wind-up.
This can't be the real guy. So I was making notes in my notepad, and I just thought, well, how can I prove this is actually Onel de Guzman? And I noticed he had moles on his face.
So I started drawing in my notebook a map of where the moles were.
So smart!
Well, I thought it's got to be something. But to be honest, as soon as he started talking about it, there was so much stuff that he knew.
He also knew some other people I've been speaking to. So during the course of it, it was an hour's conversation. It became clear this was Onel de Guzman. He did create it.
He also knew some other people I've been speaking to. So during the course of it, it was an hour's conversation. It became clear this was Onel de Guzman. He did create it.
So why would you be surprised that he wouldn't talk, given that I'm presuming he's still safe from imprisonment or from any legal ramifications?
He feels, yes, he feels that there's no risk of being prosecuted.
He said there was a case that I think the ISP that he was using to gather the email addresses, I think they tried to bring a case against him, but that got dropped.
It would be stunning after 20 years, I think, if there was an attempt to prosecute him.
He said there was a case that I think the ISP that he was using to gather the email addresses, I think they tried to bring a case against him, but that got dropped.
It would be stunning after 20 years, I think, if there was an attempt to prosecute him.
Is he proud?
It's interesting, a lot of techies who've been caught, he's proud of the code, he's proud of, from a technical point of view, I think, of what he did.
Because it was, you know, it was a decent pull-together of the virus potential at the time. He's not proud though, he deeply regrets, you know, the damage that was caused.
And he had no idea it was going to go international. He just released it at about 1 in the morning and he sent it to somebody in Singapore.
There was a Filipino person in Singapore he says he was chatting to online, so he sent the virus to him.
And then Onel de Guzman went out drinking with a mate and just forgot about it.
Because it was, you know, it was a decent pull-together of the virus potential at the time. He's not proud though, he deeply regrets, you know, the damage that was caused.
And he had no idea it was going to go international. He just released it at about 1 in the morning and he sent it to somebody in Singapore.
There was a Filipino person in Singapore he says he was chatting to online, so he sent the virus to him.
And then Onel de Guzman went out drinking with a mate and just forgot about it.
It is kind of incredible how much disruption two guys caused.
So just quickly on that front though, I did ask about Michael Buen, the other chap who got— he said he did know Michael, they did write code together, but Michael Buen, according to Onel de Guzman, had nothing to do with the Lovebug virus.
So I can finally settle that.
Michael Buen though, he has always won my award for the dumbest virus writer in history because he wrote the WM97 Michael B virus, as we called it at Sophos at the time, which at the end of the month would print out his entire CV and say if you didn't give me a job, he was going to release another virus.
And so you had his name, address, and contact details. If only, if only de Guzman had done that, you'd have been able to reach him. Yeah.
So you're quite right that the Love Bug caused this huge problem of clogging up email systems. But what's occurred to me is that virus stole your dial-up internet passwords.
So people used to connect things to FreeServe and CompuServe and things that.
It would steal those passwords and it emailed them to an address that de Guzman was in control of, presumably.
As millions and millions of people got infected, didn't that mean that his own email system would have run out of quota?
Michael Buen though, he has always won my award for the dumbest virus writer in history because he wrote the WM97 Michael B virus, as we called it at Sophos at the time, which at the end of the month would print out his entire CV and say if you didn't give me a job, he was going to release another virus.
And so you had his name, address, and contact details. If only, if only de Guzman had done that, you'd have been able to reach him. Yeah.
So you're quite right that the Love Bug caused this huge problem of clogging up email systems. But what's occurred to me is that virus stole your dial-up internet passwords.
So people used to connect things to FreeServe and CompuServe and things that.
It would steal those passwords and it emailed them to an address that de Guzman was in control of, presumably.
As millions and millions of people got infected, didn't that mean that his own email system would have run out of quota?
Yes, it crashed. There was millions of passwords coming in. So he not only DDoSed the world, he DDoSed himself.
In the process of DDoSing the world. But this was the whole point.
He basically— his whole point was, look, access to the internet is a human right, which is an interesting and ahead of its time as a viewpoint.
I'm poor, I can't get access to the internet. Other people do and can pay for it. So if I can just take their passwords, I can get access to the internet for free.
I'm poor, I can't get access to the internet. Other people do and can pay for it. So if I can just take their passwords, I can get access to the internet for free.
Geoff, right now I believe toilet paper is a human right. It doesn't mean I'm going around stealing it from everyone.
You don't need to steal it, do you, Graham?
Well, I can't go into details.
That's disgusting.
That's all I'm gonna say. I didn't bring that up on Earworm Island. Fess up.
How many rolls have we all got? I'll start. We currently have 20.
I don't know. 4? Really? Living on the edge. That'll just last you till 7 o'clock tonight, won't it?
If I may, I don't think it's very becoming to walk around with huge bags of toilet paper.
I have a real issue with it. All right, look, we couldn't get any at the supermarket, and so we thought we'd order online.
The problem was that where we were ordering online, they weren't going to sell us an individual box. We had to get like a crate. And so— How many's in a crate?
So we've got— Look, I don't want to talk about this. Can we please move on? Please, let's move on. Wait, is it above 100?
The problem was that where we were ordering online, they weren't going to sell us an individual box. We had to get like a crate. And so— How many's in a crate?
So we've got— Look, I don't want to talk about this. Can we please move on? Please, let's move on. Wait, is it above 100?
Can we just settle it there?
No, I don't think it's above 100.
Okay, I think it is.
Carole, what's your story for us this week?
Well, boys, welcome to the world of Roblox. Now, do you— have you guys ever played with this? Your kids, cousins, anything like that?
My son is desperate to play Roblox, but I say that he's too young to do it. But I do know lots of kids who adore it.
One thing I will say about Roblox is I'm sort of dimly aware of this, but I've been trying to— I was trying to find Twitter accounts for police forces recently.
And for some reason in Roblox, it's a virtual environment and there are police forces.
And so they've set up Twitter accounts for Roblox police forces, but they're the same as the real police forces.
So they have to say, look, this isn't really Manchester Police, this is the Roblox virtual. That is weird.
And for some reason in Roblox, it's a virtual environment and there are police forces.
And so they've set up Twitter accounts for Roblox police forces, but they're the same as the real police forces.
So they have to say, look, this isn't really Manchester Police, this is the Roblox virtual. That is weird.
Oh, digital world and the real world are just mashing together in weird ways. So for those that don't know, Roblox is kind of like Minecraft or Fortnite.
In Roblox's case, it's like a massive online game development suite, and it tends to focus on a younger audience.
So kids, teens seem to love it, and it allows users to program games.
It's like they have their own language and they can create characters, design really complex, impressive environments from what I saw on YouTube.
And they're all programmed in this thing called Roblox Studio. And the main draw of Roblox is that it offers thousands of free user-created games for users to play.
And there's 100 million monthly active users. So no small potatoes. There is a lot of action and activity on here. So basically people can also make money on Roblox too, right?
They're called Robux and you can get Robux either by paying an online subscription or by creating objects that other people desire and then selling them on. Okay.
Much of the content seems to be developed with monetization in mind. So some developers have even become millionaires for flogging their creations. Wow.
There's this YouTuber called LinkMon99, and he's well known in the Roblox community for being the richest Roblox player for selling items for online games.
In Roblox's case, it's like a massive online game development suite, and it tends to focus on a younger audience.
So kids, teens seem to love it, and it allows users to program games.
It's like they have their own language and they can create characters, design really complex, impressive environments from what I saw on YouTube.
And they're all programmed in this thing called Roblox Studio. And the main draw of Roblox is that it offers thousands of free user-created games for users to play.
And there's 100 million monthly active users. So no small potatoes. There is a lot of action and activity on here. So basically people can also make money on Roblox too, right?
They're called Robux and you can get Robux either by paying an online subscription or by creating objects that other people desire and then selling them on. Okay.
Much of the content seems to be developed with monetization in mind. So some developers have even become millionaires for flogging their creations. Wow.
There's this YouTuber called LinkMon99, and he's well known in the Roblox community for being the richest Roblox player for selling items for online games.
So if you're playing a game on Roblox, you can go to him and buy something for the game, is that right?
Yeah, so you buy Robux and you go to his section on the Roblox website.
There's big catalogs and you go after certain people because they're better or they make certain cool stuff and you then spend your Robux.
There's big catalogs and you go after certain people because they're better or they make certain cool stuff and you then spend your Robux.
So your Robux purchases get converted into real money for LinkMon99 or whatever his name is.
That's right. So then Roblox, the company and the creator both share the cash and the idea is that everyone gets some of that. Yeah.
Now, and they seem to do, Roblox as a company, seem to do some good community stuff, like helping with online fundraisers.
For example, they've just launched a $2 million fundraiser to support COVID-19 charities. This is UNICEF USA, Code.org, and No Kid Hungry.
And the idea is they've created some items, people buy them, and then they'll donate money from those purchases to those three charities. So it all seems good.
It's teaching people how to be creative, how to generate money, how to program. And I think it sounded quite cool.
So I couldn't help but wonder what the head honchos at Roblox were feeling on May 4th after Motherboard's Joseph Cox published this article.
Apparently a hacker tried to bribe a Roblox employee to gain access to the backend customer support panel of Roblox. You think, why would he want that?
Why would he want access to that information? So the employee could have said, how dare you, sir? But didn't. Apparently the bribe was successful.
Oh, so the way it worked is the hacker is said to have first paid an insider to perform a user data lookup, and that info helped the hacker choose his target, a customer support representative.
And the hacker provided Motherboard with a series of screenshots showing the alleged communication between them and the insider.
And the insider, this employee on LinkedIn, the worker is listed as having worked as an in-game support contractor for Roblox.
So again, LinkedIn is used as a treasure trove of information to help hackers pinpoint their targets in a company.
Now, and they seem to do, Roblox as a company, seem to do some good community stuff, like helping with online fundraisers.
For example, they've just launched a $2 million fundraiser to support COVID-19 charities. This is UNICEF USA, Code.org, and No Kid Hungry.
And the idea is they've created some items, people buy them, and then they'll donate money from those purchases to those three charities. So it all seems good.
It's teaching people how to be creative, how to generate money, how to program. And I think it sounded quite cool.
So I couldn't help but wonder what the head honchos at Roblox were feeling on May 4th after Motherboard's Joseph Cox published this article.
Apparently a hacker tried to bribe a Roblox employee to gain access to the backend customer support panel of Roblox. You think, why would he want that?
Why would he want access to that information? So the employee could have said, how dare you, sir? But didn't. Apparently the bribe was successful.
Oh, so the way it worked is the hacker is said to have first paid an insider to perform a user data lookup, and that info helped the hacker choose his target, a customer support representative.
And the hacker provided Motherboard with a series of screenshots showing the alleged communication between them and the insider.
And the insider, this employee on LinkedIn, the worker is listed as having worked as an in-game support contractor for Roblox.
So again, LinkedIn is used as a treasure trove of information to help hackers pinpoint their targets in a company.
But hang on a minute. So this hacker bribed someone inside the Roblox conglomerate into sharing some information.
And that's obviously, you know, kind of an insider threat in a way, isn't it? Because you've got humans and they're bribable.
And that's obviously, you know, kind of an insider threat in a way, isn't it? Because you've got humans and they're bribable.
Who's working in customer support? Who would be interested? Who would do this? Yeah. You know, and here's a payoff.
"Thanks for that information." But then the hacker goes to Motherboard. He goes to a journalist and says, "Look what I've been able to do," rather than monetizing it.
Well, let's just wait.
Well, let's just wait.
All right. Wait, wait, wait. Be patient. Okay. The hacker gets access to Pandora's box.
So I'll share a few highlights, and I want you guys to help me sniff out if he's a good hacker or a bad hacker.
So I'll share a few highlights, and I want you guys to help me sniff out if he's a good hacker or a bad hacker.
Okay. Okay? Okay, right.
Okay, that's how we'll do this. So, okay, so by Pandora's box, I mean the hacker could look up personal information on any of its 100 million active monthly users.
The hacker could steal virtual in-game currency from people. Oh, nice. The hacker could change passwords. A hacker could effectively lock people out of their accounts.
They could turn off two-factor or multifactor authentication, ban users, and more. Wow. Okay, so he had access to the motherlode here.
And he told Motherboard, "I did this only to prove a point to them." And Motherboard has granted the hacker anonymity to speak more candidly about the crime. Okay?
So you're reading this and you're "Okay." Turns out the hacker first phished the Roblox worker to gain access to the backend customer support. So that was true.
But he backtracked when he was talking to Motherboard and said, "Actually, it was due to an issue in a piece of authentication software." And I was thinking, why would he first say it was— he phished and then say there was an issue?
The hacker could steal virtual in-game currency from people. Oh, nice. The hacker could change passwords. A hacker could effectively lock people out of their accounts.
They could turn off two-factor or multifactor authentication, ban users, and more. Wow. Okay, so he had access to the motherlode here.
And he told Motherboard, "I did this only to prove a point to them." And Motherboard has granted the hacker anonymity to speak more candidly about the crime. Okay?
So you're reading this and you're "Okay." Turns out the hacker first phished the Roblox worker to gain access to the backend customer support. So that was true.
But he backtracked when he was talking to Motherboard and said, "Actually, it was due to an issue in a piece of authentication software." And I was thinking, why would he first say it was— he phished and then say there was an issue?
And didn't it start out that he bribed? I'm confused. Yeah.
Well, I think it's because he tried to claim on the bug bounty from Roblox.
So I think when he first started his story, he realized that actually that didn't mean there was any vulnerability in their system. Because he had done a social engineering attack.
So I think when he first started his story, he realized that actually that didn't mean there was any vulnerability in their system. Because he had done a social engineering attack.
And they wouldn't pay out a bounty just because they bribed an employee.
Exactly. Yes.
So just for everyone to know, legitimate security researchers will identify vulnerabilities in sites or services like this.
And then the deal is you report those to the company to say, hey, you must fix this problem.
Once the problem is fixed, both companies can go out and tell the world about what happened. And then companies sometimes pay the researchers in response.
But this hacker's request was denied. And you remember that Linkmon99? The rich Roblox YouTuber guy? He was snagged because he's super high profile.
The hacker also stole passwords and stole items from Roblox users. And he said he did that only when he had a feeling the bounty shit was going to go south.
And then the deal is you report those to the company to say, hey, you must fix this problem.
Once the problem is fixed, both companies can go out and tell the world about what happened. And then companies sometimes pay the researchers in response.
But this hacker's request was denied. And you remember that Linkmon99? The rich Roblox YouTuber guy? He was snagged because he's super high profile.
The hacker also stole passwords and stole items from Roblox users. And he said he did that only when he had a feeling the bounty shit was going to go south.
It's all right to steal from other people because Roblox aren't prepared to pay you a bug bounty because you bribed—
For fooling, for duping their employees and bribing one.
A murky tale.
The other one that I, just because Geoff is here and he might know the answer. So Motherboard gave him anonymity, this hacker, right? In exchange for his story.
But surely Roblox may want to get the authorities onto this person and do some investigation.
And should an investigator knock on Motherboard's door, do you think as a journo, would the Motherboard journalist know the identity of this hacker or would he not know him at all?
Would it be safer for him not to know who the identity of this person?
But surely Roblox may want to get the authorities onto this person and do some investigation.
And should an investigator knock on Motherboard's door, do you think as a journo, would the Motherboard journalist know the identity of this hacker or would he not know him at all?
Would it be safer for him not to know who the identity of this person?
Yeah, this is where it gets really tricky. So there's anonymity and there's anonymity.
So there's anonymity where you know the source and you meet them and you verify, you know, the classics of whistleblower where you chat them in a pub, but then when you publish the piece, you don't reveal their identity.
But then now, particularly in the modern tech era, there's also the possibility that somebody gets in touch with you and you have no way of verifying their identity, which is what happened in the Paradise Papers story, where the identity was never known, or that they give you an identity that's just fake or that there's no way to verify, right?
So a lot of outlets have started doing — saying, 'Well, okay, if the data is good, if the source is giving me data that I know is verifiable, and I can check, then I'll go with the story even though I can't identify the actual source of it.'
So there's anonymity where you know the source and you meet them and you verify, you know, the classics of whistleblower where you chat them in a pub, but then when you publish the piece, you don't reveal their identity.
But then now, particularly in the modern tech era, there's also the possibility that somebody gets in touch with you and you have no way of verifying their identity, which is what happened in the Paradise Papers story, where the identity was never known, or that they give you an identity that's just fake or that there's no way to verify, right?
So a lot of outlets have started doing — saying, 'Well, okay, if the data is good, if the source is giving me data that I know is verifiable, and I can check, then I'll go with the story even though I can't identify the actual source of it.'
In a way, I guess it protects you as well from getting into, you know, if you just, you know, if the police come knocking, you're like, here, I'll give you everything, but I don't know who the person is.
Yeah, the issue with that is you can be played quite badly as a journalist.
So the classic was the Sony Pictures Entertainment break-in where a lot of the fingers are now pointing at North Korea.
So a lot of the journalists who were taking information from sort of anonymous hacking groups and saying, 'Well, we don't know who's behind it, but we're publishing it anyway.' Then later on, it turns out that actually it was somebody who was basically manipulating you as a journalist to work to their agenda.
So yeah, it gets you off the hook for prosecution, for the police coming to you and asking you for the identity of the source.
But because you don't know the identity of the source, you're then at risk from a whole other angle because you could have just been basically manipulated and had your strings pulled.
So the classic was the Sony Pictures Entertainment break-in where a lot of the fingers are now pointing at North Korea.
So a lot of the journalists who were taking information from sort of anonymous hacking groups and saying, 'Well, we don't know who's behind it, but we're publishing it anyway.' Then later on, it turns out that actually it was somebody who was basically manipulating you as a journalist to work to their agenda.
So yeah, it gets you off the hook for prosecution, for the police coming to you and asking you for the identity of the source.
But because you don't know the identity of the source, you're then at risk from a whole other angle because you could have just been basically manipulated and had your strings pulled.
I love that we get guests on like Geoff because they just raise our bar a little bit.
That's what we need, for goodness' sake. It's just a shame he does that podcast, which insulted me so much.
It didn't insult you. It celebrated you and your eccentricities. We celebrated your eccentricities.
It's a no-brainer that businesses have to safeguard their data as they move more workloads to the cloud.
Zoom is obviously experiencing massive growth right now, and they turned to Oracle Cloud Infrastructure to support them as they innovate and provide an essential service while so many folks are working remotely.
If you want to check it out for yourself, Oracle is providing some great cloud services for free for an unlimited time.
Sign up and you'll soon be building, testing, and deploying cloud applications securely with Oracle. Learn more at smashingsecurity.com/oracle.
Zoom is obviously experiencing massive growth right now, and they turned to Oracle Cloud Infrastructure to support them as they innovate and provide an essential service while so many folks are working remotely.
If you want to check it out for yourself, Oracle is providing some great cloud services for free for an unlimited time.
Sign up and you'll soon be building, testing, and deploying cloud applications securely with Oracle. Learn more at smashingsecurity.com/oracle.
Maybe you don't have a single sign-on password manager, or maybe you do and you're not really happy with it. Well, why don't you start a free 14-day trial of LastPass Enterprise?
You can manage every access point with integrated single sign-on and password management.
Let me tell you about some extra features: central admin dashboard, easy user management, group management, directory integrations, advanced reporting, multifactor authentication options, password sharing, and the list goes on.
Check it out at lastpass.com/enterprise.
You can manage every access point with integrated single sign-on and password management.
Let me tell you about some extra features: central admin dashboard, easy user management, group management, directory integrations, advanced reporting, multifactor authentication options, password sharing, and the list goes on.
Check it out at lastpass.com/enterprise.
Since the outbreak of COVID-19, cybercriminals have found many ways to take advantage of anxious users.
Join our friends at Domain Tools for a webinar as they walk you through the process of identifying a nefarious domain, mapping connected infrastructure, and reverse engineering a ransomware attack which used a coronavirus disguise.
Learn more about how Domain Tools helps security analysts turn threat data into threat intelligence and watch the webinar at domaintools.com/smashing. On with the show.
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Join our friends at Domain Tools for a webinar as they walk you through the process of identifying a nefarious domain, mapping connected infrastructure, and reverse engineering a ransomware attack which used a coronavirus disguise.
Learn more about how Domain Tools helps security analysts turn threat data into threat intelligence and watch the webinar at domaintools.com/smashing. On with the show.
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily. It better not be.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily. It better not be.
Mine is so good this week, I can't—
Well, I think I might have mentioned somewhere already that one of the games that my wife and I have been playing in the evenings— Animal Crossing? Under lockdown.
No, not Animal Crossing. This is a game that we play while sat on the sofa, is a game of looking at people's bookcases when they appear on TV programmes.
So everyone's dialling in to news reports or magazine shows, and they've carefully set up the bookcase behind them to appear erudite and smart.
No, not Animal Crossing. This is a game that we play while sat on the sofa, is a game of looking at people's bookcases when they appear on TV programmes.
So everyone's dialling in to news reports or magazine shows, and they've carefully set up the bookcase behind them to appear erudite and smart.
Oh, I love that you're talking about this.
Yes. And we check out what they're reading.
And, you know, we don't listen to a word that all these talking heads are saying, but we're saying, oh, look at that, that he's got in the background.
You know, why has he left that out?
When I regularly broadcast from my study before I came to the Podcast Pleasure Palace, my wife used to regularly panic about some of her books which were behind me, which she thought weren't entirely appropriate.
So there is a Twitter account called Bookcase Credibility. Twitter name is @BCredibility, and it is an account which is celebrating the backdrops behind the people appearing on TV.
Absolutely brilliant. And what they're doing is really rather creative.
They are describing the backdrops rather like they're— there used to be an art critic called Brian Sewell, who had the most wonderful voice.
And, you know, we don't listen to a word that all these talking heads are saying, but we're saying, oh, look at that, that he's got in the background.
You know, why has he left that out?
When I regularly broadcast from my study before I came to the Podcast Pleasure Palace, my wife used to regularly panic about some of her books which were behind me, which she thought weren't entirely appropriate.
So there is a Twitter account called Bookcase Credibility. Twitter name is @BCredibility, and it is an account which is celebrating the backdrops behind the people appearing on TV.
Absolutely brilliant. And what they're doing is really rather creative.
They are describing the backdrops rather like they're— there used to be an art critic called Brian Sewell, who had the most wonderful voice.
That's very good, Graham.
It's a very good impression.
Yeah, I do a rather wonderful Brian Sewell impression. And so they will describe in Brian Sewell-like terms what they think of the backdrop.
So we've got one here that they've done a bookcase behind David Baddiel, who is a writer and comedian. And he goes, "No chances taken here.
David surrounds himself with bookcases in the vaguely hexagonal shape suggests they move around us, closing us in with him in a honeycomb of credibility.
The sensation is of being welcomed into the hive of a particularly well-read bee." And these writers— What accent was that? Sorry, that was Brian Sewell still. Oh, right.
That wasn't David Baddiel. And I'll do him another time. But you get these wonderful write-ups, and they're done in this pretentious artistic way. And it's a joy.
So that is my pick of the week, and it's Bookcase Credibility on Twitter. Okay, I've just subscribed. Geoff, what's your pick of the week?
So we've got one here that they've done a bookcase behind David Baddiel, who is a writer and comedian. And he goes, "No chances taken here.
David surrounds himself with bookcases in the vaguely hexagonal shape suggests they move around us, closing us in with him in a honeycomb of credibility.
The sensation is of being welcomed into the hive of a particularly well-read bee." And these writers— What accent was that? Sorry, that was Brian Sewell still. Oh, right.
That wasn't David Baddiel. And I'll do him another time. But you get these wonderful write-ups, and they're done in this pretentious artistic way. And it's a joy.
So that is my pick of the week, and it's Bookcase Credibility on Twitter. Okay, I've just subscribed. Geoff, what's your pick of the week?
I'm going to go for my pick of the week— one of the things that I miss in this lockdown coronavirus period is going to see films in a cinema with my friends.
That is one of the joys of life that I achingly miss. So a friend of mine recommended some software to me recently.
Now, I should say at the beginning, I have not done a full security audit of this software, so don't come back to me if you get hacked. But it's called SyncPlay.
And what it does is it syncs up. We've been using it with VLC player, which— oh yeah, great player.
So what you do is you all download the same movie file, you use SyncPlay, and effectively SyncPlay sets up a server that then connects to you all.
And so you can all start, because you know you have this thing of, "We're going to start the movie at 8," and then somebody hits the play button a bit too late, and then they end up laughing at the joke before you've all laughed at the joke.
That is one of the joys of life that I achingly miss. So a friend of mine recommended some software to me recently.
Now, I should say at the beginning, I have not done a full security audit of this software, so don't come back to me if you get hacked. But it's called SyncPlay.
And what it does is it syncs up. We've been using it with VLC player, which— oh yeah, great player.
So what you do is you all download the same movie file, you use SyncPlay, and effectively SyncPlay sets up a server that then connects to you all.
And so you can all start, because you know you have this thing of, "We're going to start the movie at 8," and then somebody hits the play button a bit too late, and then they end up laughing at the joke before you've all laughed at the joke.
You know, that thing.
We've just had this experience actually, Geoff, because Carole, I, and Maria Virmarsis just recorded for our Patreon supporters a commentary of the movie Zardoz.
Have you ever seen Zardoz? With Sean Connery walking around in a red nappy?
We've just had this experience actually, Geoff, because Carole, I, and Maria Virmarsis just recorded for our Patreon supporters a commentary of the movie Zardoz.
Have you ever seen Zardoz? With Sean Connery walking around in a red nappy?
Oh, is that the thing where there's a sex scene, isn't there, in Zardoz? I remember when I was at school— Just one or two.
Anyway, it's quite an interesting commentary. I think we added to the movie.
But we were getting out of sync occasionally, weren't we? You had to catch up, Carole, and things like that. So there was some— Anyway, tell us more about Syncplay.
So you've downloaded this and you're all running VLC.
So you've downloaded this and you're all running VLC.
Download it, get VLC. You all have to have the same film, same movie file on your— Legally obtained, obviously. Legally obtained, exactly.
And then SyncPlay will allow you to play it and pause it. So anybody can play, anybody can pause it.
But the other thing I love is you can give yourself a username when you log in to SyncPlay, which obviously endless fun with movie names.
But also you can comment and your comment appears on VLC over the top of the movie. Oh!
So we watched Flash Gordon through this and I had the joy of logging on as Klytus from Flash Gordon and typing out, "Hawkman, dive!" onto the screen.
And then SyncPlay will allow you to play it and pause it. So anybody can play, anybody can pause it.
But the other thing I love is you can give yourself a username when you log in to SyncPlay, which obviously endless fun with movie names.
But also you can comment and your comment appears on VLC over the top of the movie. Oh!
So we watched Flash Gordon through this and I had the joy of logging on as Klytus from Flash Gordon and typing out, "Hawkman, dive!" onto the screen.
Great. Endless fun. This might be something to add if you enjoy this sort of thing, watching movies with friends, is Netflix Party.
So, I haven't done this yet, but I've had a few people recommend it to me. So, it's a way of watching Netflix together.
I've put the link in the show notes, but— Yeah, so same idea, and you can have a screen so your notes appear on the screen.
Same, similar idea to yours, but might be a little bit simpler if the movie is already available on Netflix and all your friends are already having a conversation.
So, I haven't done this yet, but I've had a few people recommend it to me. So, it's a way of watching Netflix together.
I've put the link in the show notes, but— Yeah, so same idea, and you can have a screen so your notes appear on the screen.
Same, similar idea to yours, but might be a little bit simpler if the movie is already available on Netflix and all your friends are already having a conversation.
Rather than trying to get a legal copy of it. So this is something which plugs into your Chrome browser as an extension rather than you having to install traditional software.
We could have done with that, Carole, couldn't we?
We could have done with that, Carole, couldn't we?
We could have done with that, but I don't think that Zardoz was on Netflix.
Oh yes, Zardoz was quite exclusive, wasn't it? It was hard to get hold of.
Anyways, exclusive is one word for it.
Yep. So Carole, excellent. And what's your pick of the week?
Mine is excellent. All right. I need to send you guys a link. Right. Food comes in many different packages, doesn't it?
You can get fresh produce to things like crisps and other ready-made meals.
You can get fresh produce to things like crisps and other ready-made meals.
Some of them. I like your definition of food, fresh produce to crisps. I like that. The full gamut.
I think I'm just trying to make it quick. I'm moving along the list to get to this one. Okay. Right.
And this is a YouTube channel from a producer called Ashens who likes to, amongst other different playlists that he seems to provide, likes to do some food reviews.
So let me allow you guys to click on this link. This is his video of chicken in a can. You can turn off the sound. I found it's almost more enjoyable.
And this is a YouTube channel from a producer called Ashens who likes to, amongst other different playlists that he seems to provide, likes to do some food reviews.
So let me allow you guys to click on this link. This is his video of chicken in a can. You can turn off the sound. I found it's almost more enjoyable.
Okay, I'll turn off the sound. He's opening some— Alright, let's have a look. Some chicken broth he's opening. Is this— Oh my goodness.
No, it's a whole chicken in a can.
What? No, you can't fit a whole chicken in a can.
How would you put a chicken in a can?
Wouldn't the chicken complain? Oh. Oh, that looks bad.
He's pouring it out. So this is a— Why are you making me watch this? This looks horrible. Oh, oh my goodness. Oh, this is disgusting.
Okay, I'm going to close this now. What I love about this is the brown sofa that I think has been bought. It's like the stage, so it shows up in every single video that they do.
I do recommend watching it without sound almost, just so you can be absolutely revolted and you have your own commentary.
I do recommend watching it without sound almost, just so you can be absolutely revolted and you have your own commentary.
The skeleton is in there as well. Yeah, that's the actual— oh my goodness.
They're not all disgusting. There was a burger in a can, which was just— Like, people were like— the whole time we were like, "Is there a bun in there? Is there a bun in there?"
I remember seeing a YouTube channel a few years ago about a guy who would get out old military rations from, like, the Korean War.
And he'd try and guess beforehand whether it was going to taste nice or not. So he would open these things up and then would try them out. And he had quite a lot of subscribers.
Yeah, this guy eats everything he opens.
And he'd try and guess beforehand whether it was going to taste nice or not. So he would open these things up and then would try them out. And he had quite a lot of subscribers.
Yeah, this guy eats everything he opens.
No, he doesn't. No. Oh yeah. Oh yeah, he eats this.
Oh. Does he also drink bleach? No! Well, he should try it. Might work.
But he does worldwide food specials. So people send in crazy food from, you know, all four corners of the earth. And he follows the instructions.
I remember all-day breakfast in a can. Have you come across this?
Why do you have it?
Yes, a Poundland food special all-day breakfast. They have little egg— Yes, yes, yeah, let me send you the link now.
It says a can of beans and you get a sausage and a bit of bacon and an egg, and I think you get a hash brown. I think there's a hash brown floating about somewhere.
I watched that one.
Oh, this is the same chap? Yes.
So his full channel.
So this is the channel, it's called Ashton's, it's on YouTube, and amongst his various playlists he does a number of revolting food reviews, which will put your potentially not wonderful dinner— if you don't have great cooking skills at home and you're stuck there and you can't wait to go to restaurants again, this will make you feel better about the food that you may be producing.
So this is the channel, it's called Ashton's, it's on YouTube, and amongst his various playlists he does a number of revolting food reviews, which will put your potentially not wonderful dinner— if you don't have great cooking skills at home and you're stuck there and you can't wait to go to restaurants again, this will make you feel better about the food that you may be producing.
Well, on that charming culinary note, I think we've just about wrapped it up for this week.
Geoff, I'm sure lots of our listeners would love to follow you online or check out one of your podcasts. What's the best way for folks to do that?
Geoff, I'm sure lots of our listeners would love to follow you online or check out one of your podcasts. What's the best way for folks to do that?
Probably find me on Twitter. I am Geoff White, G-E-O-F-F, white like the color, 247, the number's 247, at Twitter.
And you can follow us on Twitter at Smashing Security, no G, no diphthongs, which wouldn't allow us to have them.
And on Reddit in the Smashing Security subreddit, go and find us there.
And on Reddit in the Smashing Security subreddit, go and find us there.
And as always, wonderful listeners, thank you. You keep Smashing Security alive by listening to us each week, virtually, literally.
Also, a huge thank you to this week's Smashing Security sponsors: Oracle, Domain Tools, and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Also, a huge thank you to this week's Smashing Security sponsors: Oracle, Domain Tools, and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Until next time, cheerio, bye-bye, stay safe.
Geoff, cheerio. You matter, Geoff. Sorry, sorry.
I thought, you know, it's just a little bit antisocial, I'd say, Julia.
It's just, you know, we're all meant to be friendly in a kind of keeping distance kind of way right now. Hello, hello, hello, and welcome to Smashing Security After Dark.
It's not even dark out. Well, it will be in a minute. After dusk. Well, during dusk. Smashing Security during dusk.
Today we are going to be doing a commentary on a movie which Maria brought up on a recent episode of Smashing Security. And that movie is Zardoz.
I thought it might be useful if each of us described our relationship with Zardoz before we began. How are we coming to this movie?
Maria, as you're the person who first mentioned it, you start us off.
It's not even dark out. Well, it will be in a minute. After dusk. Well, during dusk. Smashing Security during dusk.
Today we are going to be doing a commentary on a movie which Maria brought up on a recent episode of Smashing Security. And that movie is Zardoz.
I thought it might be useful if each of us described our relationship with Zardoz before we began. How are we coming to this movie?
Maria, as you're the person who first mentioned it, you start us off.
Oh my goodness. So I first saw it maybe a decade ago at a local movie theater here in the Boston area called the Brattle.
They had a 24-hour bad sci-fi movie marathon called Schlock Around the Clock, and Zardoz was sort of like the prime feature. And a bunch of my friends and I went to see it.
Some of them had seen it, some of them hadn't. And I— you can't forget your first time.
And every year when they would do this festival, I would always make a point to bring someone with me who hadn't seen it before.
And at that point, I would just watch their face and not the movie. It's just a— in my group of friends, we all love how bad this movie is. And yeah, I love it in a bad way.
I've never seen it, Maria, and I wish you could see my face. I wish we had a video cam on so you could watch it. Me too.
I'll take selfies as appropriate when you say take a selfie now. Okay, you can line me up and I will do that for you and send them to you.
Basically the whole first half of the movie, just record your face because— The beginning is especially— The beginning is extraordinary. Yeah, it loses steam.
Just a fair warning. It just kind of— Yeah. Well, you know, we can always hurry through. If it gets boring, we just call it off, right? Yeah. Well, that—
They had a 24-hour bad sci-fi movie marathon called Schlock Around the Clock, and Zardoz was sort of like the prime feature. And a bunch of my friends and I went to see it.
Some of them had seen it, some of them hadn't. And I— you can't forget your first time.
And every year when they would do this festival, I would always make a point to bring someone with me who hadn't seen it before.
And at that point, I would just watch their face and not the movie. It's just a— in my group of friends, we all love how bad this movie is. And yeah, I love it in a bad way.
I've never seen it, Maria, and I wish you could see my face. I wish we had a video cam on so you could watch it. Me too.
I'll take selfies as appropriate when you say take a selfie now. Okay, you can line me up and I will do that for you and send them to you.
Basically the whole first half of the movie, just record your face because— The beginning is especially— The beginning is extraordinary. Yeah, it loses steam.
Just a fair warning. It just kind of— Yeah. Well, you know, we can always hurry through. If it gets boring, we just call it off, right? Yeah. Well, that—
So Carole, you haven't seen it. This is completely new to you, but you've got someone in the background there to help you out during the recording.
Well, I have our designated fact checker during this filming. So if there's any questions that any of you have during it, I'll have it checked by Mr. Hubbs.
I will make it very formal. I'll say, "Question!" or something like that, I'm raising my hand.
I will make it very formal. I'll say, "Question!" or something like that, I'm raising my hand.
Oh, hubs as in husband. I thought you meant hub as in Pornhub or USB hub.
Well, don't get specific. Don't get specific. It's fine. Jeez. All-purpose hub. Yeah, all of those things. The hub. Okay? That's all you need to know.
Now, Zardoz is a movie that I knew about. So I was bemused when Maria mentioned it, but I'd never actually seen it. But I did watch it last night.
You spoiled it yourself.
I couldn't resist, so I watched it last night with my wife, and she fell asleep during it, and I mostly stayed awake during it.
Yeah, I tried to show my husband this movie a few years ago, but he apparently had the flu at the time, so about half an hour into the movie, he started hallucinating and passing out.
So Mr. Maria is not a fan? He's never— no, he would love to see it. He was actually asking to watch this with me while we're doing this, but someone has to watch our kids.
So Mr. Maria is not a fan? He's never— no, he would love to see it. He was actually asking to watch this with me while we're doing this, but someone has to watch our kids.
So you definitely don't want the kid watching this?
Well, why not? No, this is not a movie. No. Okay, okay. You see, you can tell I've not seen it. You see, I'm not faking. I mean, it would just be very boring for her.
All right, for the most part. Okay, okay. Can we just kick this off? Yeah.
All right, for the most part. Okay, okay. Can we just kick this off? Yeah.
So we need everyone who wants to watch along with us, they need to get their DVDs, their legally purchased DVD, VHS tape, their Blu-ray, LaserDisc, their Amazon account or whatever, they need to go and grab Zardoz.
What year is this? 1974? Something like that. There's only one Zardoz.
What year is this? 1974? Something like that. There's only one Zardoz.
Year of many good movies and also this one. So all right.
So we are going to count down from— Well, count up 1 to 4 and say go.
Yeah. So do we go on 4 or do we go after 4? No. Can I just do this, Graham? Can you just not be weird? Okay. 3, 2, 1, go!
All right.
Okay, I'm seeing 20th Century Fox. 20th Century Fox. I'm seeing 20th Century Fox.
Yeah, okay, this is going well. This is going pretty well.
I have an X-ray on. This is fascinating. Me too. All right, do we want to say about the X-ray? Yeah, let's— yeah, why not? I mean, it's our— okay.
Oh, oh, I am Arthur Frayn.
And I am— he's bodiless.
This is Arthur Frayn.
300 years, and I long—
Is that a nun?
But death is no longer— he appears to have a pair of trousers on his head.
Just take a closer look at his— what's on his chin. Just as he gets closer, notice his chin. Rich in iron. That line could not be said by an American.
We don't know how to roll our Rs.
Have yet occurred. That, that 'tash though. No, no, no, his chin. That chin.
This actually is my favorite part of the movie.
Beard, I think you mean. His beard. What's, what's on his chin?
Oh, it's getting closer. And the magician— I need to make this bigger.
It is. Is it?
What, what is it? I am the puppet master.
What do you think it is, Graham?
You collect— is it some sort of cave?
One could say, yes. Wizard sleeve, maybe. A hairy back end. Yeah. So my understanding is they had to tack this introductory scene on because nobody understood the movie. Yes.
They hoped this would clarify things. I know. So he slowly goes down. I'm so into this already. Okay, I'm, I'm sitting back.
They hoped this would clarify things. I know. So he slowly goes down. I'm so into this already. Okay, I'm, I'm sitting back.
Okay, that was the highlight of the movie.
That honestly, it doesn't get much better than that.
So that guy we just saw, he's also in Alien 3. I read Arthur Frane, or the actor playing Arthur Frane. Yeah.
Oh, you see, did some research. I did some research. Oh yeah, I'm sure everyone really loves you did that. That's why they listen to this, to hear your really erudite commentary.
He was also in Mamma Mia. Oh well, I didn't realize they filmed this in Ireland. Are those real horses or CGI? Fake horses. Oh, I love the logo. I love the logo.
No, I love it, I love it. Oh, here it is. You're gonna be so disappointed when you learn what Zardoz means. Oh yes, yeah. Okay, spoiler, I'm gonna— I'm painting this tomorrow.
This is inspiring me. Oh yep, okay. I'm gonna— I'm seriously, I'm gonna do it. So more than one Sean Connery in this movie. That's important.
He was also in Mamma Mia. Oh well, I didn't realize they filmed this in Ireland. Are those real horses or CGI? Fake horses. Oh, I love the logo. I love the logo.
No, I love it, I love it. Oh, here it is. You're gonna be so disappointed when you learn what Zardoz means. Oh yes, yeah. Okay, spoiler, I'm gonna— I'm painting this tomorrow.
This is inspiring me. Oh yep, okay. I'm gonna— I'm seriously, I'm gonna do it. So more than one Sean Connery in this movie. That's important.
This was a Rik and Morty episode. Yes, yes.
I would love to go where they shot this in Ireland and recreate this with the giant heads in the sky. Show me what you got, let me see what you got. The head is descending. Outfits.
Yeah, do you? Yes, do you, Carole? I'm having a Zardoz party when this is all over, Graham.
Yeah, do you? Yes, do you, Carole? I'm having a Zardoz party when this is all over, Graham.
You're— I don't know how many people will be coming.
You haven't seen the whole movie yet. Guarantee you won't feel the same way by the end. Oh, it's just mud.
Oh, you have been raised up from brutality.
Everyone, are you his chosen one? No, none of us are. We're cursed. Blursed brutality.
Brutals. I love saying that shit. I just always think that the costume designer is, okay, I'll put it up to— I know, but what did they reject? What did they think?
This is the edited version.
This is the edited version.
You could never come up with this, Cluley. Never.
The gun is good. Okay.
Hubs is freaking out. I, I, that's the part I love to watch everybody's face.
I can hear it.
Oh man.
Want to hear more? Seriously? Well, you'll have to become a bonus content supporter of Smashing Security on Patreon. Sorry about that.
Just visit patreon.com/smashingsecurity for more details. Until next time, cheerio, bye-bye.
Just visit patreon.com/smashingsecurity for more details. Until next time, cheerio, bye-bye.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Geoff White – @geoffwhite247
Show notes:
- Vote for Smashing Security in the EU Security Blogger Awards!
- Graham Cluley on Earworm Island — Earworm Island podcast.
- Carole Theriault on Earworm Island — Earworm Island podcast.
- Elon Musk tweets a photo of his newborn child — Twitter.
- World Password Day — Days of the year.
- Grimes explains the baby's name — Twitter.
- Don’t Make These 5 Password FAILS! (But Do Notch These 2 Password Wins) — ID Agent.
- Love Bug Virus Creator Comes Clean — Geoff White.
- Memories of the Melissa virus — Naked Security.
- Roblox — Wikipedia.
- What is Roblox? — Digital Trends.
- Hacker Bribed 'Roblox' Insider to Access User Data — Motherboard.
- I'm Officially RICHER Than ROBLOX!! (WORLD RECORD BROKEN) — Linkmon99 on YouTube.
- WM97/Michael-B virus analysis — Sophos.
- Bookcase Credibility — @BCredibility on Twitter.
- Five Minutes With: Brian Sewell — YouTube. So you can see how good Graham’s impression is.
- Syncplay.
- Netflix Party.
- Whole Chicken in a Can — Ashens on YouTube.
- Poundland Food Special – All Day Breakfast — Ashens on YouTube.
- MRE & Ration Reviews — YouTube. A man experiencing and reviewing military rations from 1863-current day.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Oracle
Build, test, and deploy applications on Oracle Cloud – for free.
Sign up now at smashingsecurity.com/oracle and you’ll soon be building, testing and deploying cloud applications securely with Oracle.
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Sponsor: DomainTools
Join our friends at DomainTools for a webinar as they walk you through the process of identifying a nefarious domain, mapping connected infrastructure, and reverse-engineering a ransomware attack which used a Coronavirus disguise.
Learn more about how DomainTools helps security analysts turn threat data into threat intelligence and watch the webinar at domaintools.com/smashing now.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
